Christian 4 лет назад
Родитель
Сommit
5c73779a4a

+ 31 - 0
terraform/helm/certmanager.tf

@@ -0,0 +1,31 @@
+resource "kubernetes_namespace" "certmanager" {
+
+    metadata {
+        name = "certmanager"
+    }
+}
+
+resource "helm_release" "certmanager" {
+    
+    depends_on = [kubernetes_namespace.certmanager]
+
+    name = "certmanager"
+    namespace = "certmanager"
+
+    repository = "https://charts.jetstack.io"
+    chart      = "cert-manager"
+
+    # Install Kubernetes CRDs
+    set {
+        name  = "installCRDs"
+        value = "true"
+    }
+}
+
+# (Optional) Create a Time-Sleep for Certificates and Issuer Manifests to deploy later
+# resource "time_sleep" "wait_for_certmanager" {
+# 
+#     depends_on = [helm_release.certmanager]
+# 
+#     create_duration = "10s"
+# }

+ 46 - 0
terraform/helm/traefik.tf

@@ -0,0 +1,46 @@
+resource "kubernetes_namespace" "traefik" {
+    
+    metadata {
+        name = "traefik"
+    }
+
+}
+
+resource "helm_release" "traefik" {
+    
+    depends_on = [kubernetes_namespace.traefik]
+
+    name = "traefik"
+    namespace = "traefik"
+
+    repository = "https://helm.traefik.io/traefik"
+    chart      = "traefik"
+
+    # Set Traefik as the Default Ingress Controller
+    set {
+        name  = "ingressClass.enabled"
+        value = "true"
+    }
+    set {
+        name  = "ingressClass.isDefaultClass"
+        value = "true"
+    }
+    
+    # Default Redirect
+    set {
+        name  = "ports.web.redirectTo"
+        value = "websecure"
+    }
+
+    # Enable TLS on Websecure
+    set {
+        name  = "ports.websecure.tls.enabled"
+        value = "true"
+    }
+
+    # TLS Options (that's not working for some reason...)
+    set {
+        name  = "tlsOptions.default.minVersion"
+        value = "VersionTLS12"
+    }   
+}

+ 7 - 0
terraform/kubectl/manifest.tf

@@ -0,0 +1,7 @@
+resource "kubectl_manifest" "your-manifest-file" {
+
+    yaml_body = <<YAML
+# Put your Manifest-file Content right here...
+# ...
+    YAML
+}

+ 24 - 0
terraform/kubectl/provider.tf

@@ -0,0 +1,24 @@
+# Kubectl Provider
+# ---
+# Initial Provider Configuration for Kubectl
+
+terraform {
+
+    required_version = ">= 0.13.0"
+
+    required_providers {
+        kubectl = {
+            source = "gavinbunney/kubectl"
+            version = "1.13.1"
+        }
+    }
+}
+
+# Dynamic Configuration from CIVO Kubernetes deployment
+# provider "kubectl" {
+#     host = "${yamldecode(civo_kubernetes_cluster.your-kubernetes-cluster.kubeconfig).clusters.0.cluster.server}"
+#     client_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.your-kubernetes-cluster.kubeconfig).users.0.user.client-certificate-data)}"
+#     client_key = "${base64decode(yamldecode(civo_kubernetes_cluster.your-kubernetes-cluster.kubeconfig).users.0.user.client-key-data)}"
+#     cluster_ca_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.your-kubernetes-cluster.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
+#     load_config_file = false
+# }

+ 6 - 7
terraform/kubernetes/provider.tf

@@ -1,24 +1,23 @@
-# Kubectl Provider
+# Kubernetes Provider
 # ---
-# Initial Provider Configuration for Kubectl
+# Initial Provider Configuration for Kubernetes
 
 terraform {
 
     required_version = ">= 0.13.0"
 
     required_providers {
-        kubectl = {
-          source = "gavinbunney/kubectl"
-          version = "1.13.1"
+        kubernetes = {
+            source = "hashicorp/kubernetes"
+            version = "2.8.0"     
         }
     }
 }
 
 # Dynamic Configuration from CIVO Kubernetes deployment
-# provider "kubectl" {
+# provider "kubernetes" {
 #     host = "${yamldecode(civo_kubernetes_cluster.your-kubernetes-cluster.kubeconfig).clusters.0.cluster.server}"
 #     client_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.your-kubernetes-cluster.kubeconfig).users.0.user.client-certificate-data)}"
 #     client_key = "${base64decode(yamldecode(civo_kubernetes_cluster.your-kubernetes-cluster.kubeconfig).users.0.user.client-key-data)}"
 #     cluster_ca_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.your-kubernetes-cluster.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
-#     load_config_file = false
 # }

+ 41 - 0
terraform/kubernetes/templates/deployment.tf

@@ -0,0 +1,41 @@
+resource "kubernetes_deployment" "your-deployment" {
+
+    depends_on = [kubernetes_namespace.your-namespace]
+
+    metadata {
+        name = "your-deployment"
+        namespace = "your-namespace"
+        labels = {
+            app = "your-app-selector"
+        }
+    }
+
+    spec {
+        replicas = 1
+
+        selector {
+            match_labels = {
+                app = "your-app-selector"
+            }
+        }
+
+        template {
+            metadata {
+                labels = {
+                    app = "your-app-selector"
+                }
+            }
+
+            spec {
+                container {
+                    image = "your-image:latest"
+                    name  = "your-container"
+
+                    port {
+                        container_port = 80
+                    }
+                }
+            }
+        }
+    }
+}

+ 39 - 0
terraform/kubernetes/templates/ingress.tf

@@ -0,0 +1,39 @@
+resource "kubernetes_ingress_v1" "your-ingress" {
+
+    depends_on = [kubernetes_namespace.your-namespace]
+
+    metadata {
+        name = "your-ingress"
+        namespace = "your-namespace"
+    }
+
+    spec {
+        rule {
+
+            host = "your-domain"
+
+            http {
+
+                path {
+                    path = "/"
+
+                    backend {
+                        service {
+                            name = "your-service"
+                            port {
+                                number = 80
+                            }
+                        }
+                    }
+
+                }
+            }
+        }
+
+        # (Optional) Add an SSL Certificate
+        # tls {
+        #     secret_name = "ssl-certificate-object"
+        #     hosts = ["your-domain"]
+        # }
+    }
+}

+ 15 - 0
terraform/kubernetes/templates/secret.tf

@@ -0,0 +1,15 @@
+resource "kubernetes_secret" "cloudflare_api_key_secret" {
+  
+    depends_on = [kubernetes_namespace.your-namespace-object]
+    
+    metadata {
+        name = "cloudflare-api-key-secret"
+        namespace = "your-namespace"
+    }
+
+    data = {
+        api-key = var.your-api-key-variable
+    }
+
+    type = "Opaque"
+}

+ 19 - 0
terraform/kubernetes/templates/service.tf

@@ -0,0 +1,19 @@
+resource "kubernetes_service" "your-service" {
+
+    depends_on = [kubernetes_namespace.your-namespace]
+
+    metadata {
+        name = "your-service"
+        namespace = "your-namespace"
+    }
+    spec {
+        selector = {
+            app = "your-app-selector"
+        }
+        port {
+            port = 80
+        }
+
+        type = "ClusterIP"
+    }
+}