kubernetes project update

terraform/templates/kubernetes-automation-example/certmanager-clusterissuer.tf

@@ -1,31 +0,0 @@
-resource "kubectl_manifest" "cloudflare_prod" {
-
-    depends_on = [time_sleep.wait_for_certmanager]
-
-    yaml_body = <<YAML
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: cloudflare-prod
-spec:
-  acme:
-    email: your-mail-address
-    server: https://acme-v02.api.letsencrypt.org/directory
-    privateKeySecretRef:
-      name: cloudflare-prod-account-key
-    solvers:
-    - dns01:
-        cloudflare:
-          email: your-mail-address
-          apiKeySecretRef:
-            name: cloudflare-api-key-secret
-            key: api-key
-    YAML
-}
-
-resource "time_sleep" "wait_for_clusterissuer" {
-
-    depends_on = [kubectl_manifest.cloudflare_prod]
-
-    create_duration = "30s"
-}

terraform/templates/kubernetes-automation-example/certmanager.tf

@@ -1,32 +1,79 @@
 resource "kubernetes_namespace" "certmanager" {
 
-    depends_on = [time_sleep.wait_for_kubernetes]
+    depends_on = [
+        time_sleep.wait_for_kubernetes
+    ]
 
     metadata {
         name = "certmanager"
     }
+  
 }
 
 resource "helm_release" "certmanager" {
-    
-    depends_on = [kubernetes_namespace.certmanager]
+
+    depends_on = [
+        kubernetes_namespace.certmanager
+    ]
 
     name = "certmanager"
     namespace = "certmanager"
 
     repository = "https://charts.jetstack.io"
-    chart      = "cert-manager"
+    chart = "cert-manager"
 
     # Install Kubernetes CRDs
     set {
         name  = "installCRDs"
         value = "true"
-    }
+    }    
 }
 
 resource "time_sleep" "wait_for_certmanager" {
 
-    depends_on = [helm_release.certmanager]
+    depends_on = [
+        helm_release.certmanager
+    ]
 
     create_duration = "10s"
 }
+
+# Create a ClusterIssuer
+
+resource "kubectl_manifest" "cloudflare_prod" {
+
+    depends_on = [
+        time_sleep.wait_for_certmanager
+    ]
+
+    # TODO: add your mail address according to your configuration and API authentication settings!
+    # ---
+    yaml_body = <<YAML
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: cloudflare-prod
+spec:
+  acme:
+    email: your-mail-address
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: cloudflare-prod-account-key
+    solvers:
+    - dns01:
+        cloudflare:
+          email: your-mail-address
+          apiKeySecretRef:
+            name: cloudflare-api-key-secret
+            key: api-key
+    YAML
+}
+
+resource "time_sleep" "wait_for_clusterissuer" {
+
+    depends_on = [
+        kubectl_manifest.cloudflare_prod
+    ]
+
+    create_duration = "30s"
+}

terraform/templates/kubernetes-automation-example/civo-cluster.tf

@@ -1,14 +0,0 @@
-resource "civo_kubernetes_cluster" "k8s_demo_1" {
-    name = "k8s_demo_1"
-    applications = ""
-    num_target_nodes = 2
-    target_nodes_size = element(data.civo_size.xsmall.sizes, 0).name
-    firewall_id = civo_firewall.fw_demo_1.id
-}
-
-resource "time_sleep" "wait_for_kubernetes" {
-
-    depends_on = [civo_kubernetes_cluster.k8s_demo_1]
-
-    create_duration = "20s"
-}

terraform/templates/kubernetes-automation-example/civo-firewall.tf

@@ -1,42 +0,0 @@
-resource "civo_firewall" "fw_demo_1" {
-    name = "fw_demo_1"
-
-    # (optional) Don't create Default Firewall rules [default = true]
-    create_default_rules = false
-    
-    # (optnal) Specify network ID
-    # network_id = 
-}
-
-resource "civo_firewall_rule" "kubernetes_api_server" {
-    firewall_id = civo_firewall.fw_demo_1.id
-    protocol = "tcp"
-    start_port = "6443"
-    end_port = "6443"
-    cidr = ["0.0.0.0/0"]
-    direction = "ingress"
-    action = "allow"
-    label = "kubernetes_api_server"
-}
-
-resource "civo_firewall_rule" "kubernetes_http" {
-    firewall_id = civo_firewall.fw_demo_1.id
-    protocol = "tcp"
-    start_port = "80"
-    end_port = "80"
-    cidr = ["0.0.0.0/0"]
-    direction = "ingress"
-    action = "allow"
-    label = "kubernetes_http"
-}
-
-resource "civo_firewall_rule" "kubernetes_https" {
-    firewall_id = civo_firewall.fw_demo_1.id
-    protocol = "tcp"
-    start_port = "443"
-    end_port = "443"
-    cidr = ["0.0.0.0/0"]
-    direction = "ingress"
-    action = "allow"
-    label = "kubernetes_https"
-}

terraform/templates/kubernetes-automation-example/civo-loadbalancer.tf

@@ -1,10 +0,0 @@
-data civo_loadbalancer "traefik_lb" {
-
-    depends_on = [helm_release.traefik]
-  
-    name = "k8s_demo_1-traefik-traefik"
-}
-
-output "civo_loadbalancer_output" {
-    value = data.civo_loadbalancer.traefik_lb.public_ip
-}

terraform/templates/kubernetes-automation-example/civo-query.tf

@@ -1,38 +0,0 @@
-data "civo_size" "xsmall" {
-    filter {
-        key = "type"
-        values = ["kubernetes"]
-    }
-
-    filter {
-        key = "name"
-        values = ["g4s.kube.xsmall"]
-        match_by = "re"
-    }
-}
-
-data "civo_size" "small" {
-    filter {
-        key = "type"
-        values = ["kubernetes"]
-    }
-
-    filter {
-        key = "name"
-        values = ["g4s.kube.small"]
-        match_by = "re"
-    }
-}
-
-data "civo_size" "medium" {
-    filter {
-        key = "type"
-        values = ["kubernetes"]
-    }
-
-    filter {
-        key = "name"
-        values = ["g4s.kube.medium"]
-        match_by = "re"
-    }
-}

terraform/templates/kubernetes-automation-example/civo.tf

@@ -0,0 +1,77 @@
+# Kubernetes Cluster
+
+data "civo_size" "xsmall" {
+
+    # TODO: (optional): change the values according to your desired instance image sizing
+    # ---
+    filter {
+        key = "name"
+        values = ["g4s.kube.xsmall"]
+        match_by = "re"
+    }
+}
+
+resource "civo_kubernetes_cluster" "k8s_demo_1" {
+    name = "k8s_demo_1"
+    applications = ""
+    num_target_nodes = 2
+    target_nodes_size = element(data.civo_size.xsmall.sizes, 0).name
+    firewall_id = civo_firewall.fw_demo_1.id
+}
+
+resource "civo_firewall" "fw_demo_1" {
+    name = "fw_demo_1"
+
+    create_default_rules = false
+}
+
+resource "civo_firewall_rule" "kubernetes_http" {
+    firewall_id = civo_firewall.fw_demo_1.id
+    protocol = "tcp"
+    start_port = "80"
+    end_port = "80"
+    cidr = ["0.0.0.0/0"]
+    direction = "ingress"
+    action = "allow"
+    label = "kubernetes_http"
+}
+
+resource "civo_firewall_rule" "kubernetes_https" {
+    firewall_id = civo_firewall.fw_demo_1.id
+    protocol = "tcp"
+    start_port = "443"
+    end_port = "443"
+    cidr = ["0.0.0.0/0"]
+    direction = "ingress"
+    action = "allow"
+    label = "kubernetes_https"
+}
+
+resource "civo_firewall_rule" "kubernetes_api" {
+    firewall_id = civo_firewall.fw_demo_1.id
+    protocol = "tcp"
+    start_port = "6443"
+    end_port = "6443"
+    cidr = ["0.0.0.0/0"]
+    direction = "ingress"
+    action = "allow"
+    label = "kubernetes_api"
+}
+
+resource "time_sleep" "wait_for_kubernetes" {
+
+    depends_on = [
+        civo_kubernetes_cluster.k8s_demo_1
+    ]
+
+    create_duration = "20s"
+}
+
+data "civo_loadbalancer" "traefik_lb" {
+
+    depends_on = [
+        helm_release.traefik
+    ]
+
+    name = "k8s_demo_1-traefik-traefik"
+}

terraform/templates/kubernetes-automation-example/certmanager-cloudflare.tf → terraform/templates/kubernetes-automation-example/cloudflare.tf

@@ -1,7 +1,11 @@
+# Cloudflare DNS records and API Secret
+
 resource "kubernetes_secret" "cloudflare_api_key_secret" {
-  
-    depends_on = [kubernetes_namespace.certmanager]
-    
+
+    depends_on = [
+        kubernetes_namespace.certmanager
+    ]
+
     metadata {
         name = "cloudflare-api-key-secret"
         namespace = "certmanager"
@@ -12,4 +16,5 @@ resource "kubernetes_secret" "cloudflare_api_key_secret" {
     }
 
     type = "Opaque"
-}
+}
+

terraform/templates/kubernetes-automation-example/credentials.tf

@@ -1,15 +0,0 @@
-# Declare Variables for Credentials
-variable "cloudflare_email" {
-    description = "The email address for your Cloudflare account"
-    type = string
-}
-
-variable "cloudflare_api_key" {
-    description = "The API key for your Cloudflare account"
-    type = string
-}
-
-variable "civo_token" {
-    description = "Civo API Token"
-    type = string
-}

terraform/templates/kubernetes-automation-example/nginx1.tf

@@ -1,24 +1,26 @@
-resource "cloudflare_record" "clcreative-main-cluster" {
-    zone_id = "your-zone-id"
-    name = "nginx1.your-domain"
-    value =  data.civo_loadbalancer.traefik_lb.public_ip
-    type = "A"
-    proxied = false
-}
+# NGINX 1 Test Deployment
+#
+# TODO: Change your-domain according to your DNS record that you want to create
+# TODO: Change your-zone-id according to your DNS zone ID in Cloudflare
+# ---
 
 resource "kubernetes_namespace" "nginx1" {
 
-    depends_on = [time_sleep.wait_for_kubernetes]
+    depends_on = [
+        time_sleep.wait_for_kubernetes
+    ]
 
     metadata {
         name = "nginx1"
     }
-
 }
 
+
 resource "kubernetes_deployment" "nginx1" {
 
-    depends_on = [kubernetes_namespace.nginx1]
+    depends_on = [
+        kubernetes_namespace.nginx1
+    ]
 
     metadata {
         name = "nginx1"
@@ -58,9 +60,12 @@ resource "kubernetes_deployment" "nginx1" {
     }
 }
 
+
 resource "kubernetes_service" "nginx1" {
 
-    depends_on = [kubernetes_namespace.nginx1]
+    depends_on = [
+        kubernetes_namespace.nginx1
+    ]
 
     metadata {
         name = "nginx1"
@@ -78,6 +83,7 @@ resource "kubernetes_service" "nginx1" {
     }
 }
 
+
 resource "kubectl_manifest" "nginx1-certificate" {
 
     depends_on = [kubernetes_namespace.nginx1, time_sleep.wait_for_clusterissuer]
@@ -94,10 +100,11 @@ spec:
     name: cloudflare-prod
     kind: ClusterIssuer
   dnsNames:
-  - 'nginx1.your-domain'   
+  - 'your-domain'   
     YAML
 }
 
+
 resource "kubernetes_ingress_v1" "nginx1" {
 
     depends_on = [kubernetes_namespace.nginx1]
@@ -110,7 +117,7 @@ resource "kubernetes_ingress_v1" "nginx1" {
     spec {
         rule {
 
-            host = "nginx1.your-domain"
+            host = "your-domain"
 
             http {
 
@@ -132,7 +139,15 @@ resource "kubernetes_ingress_v1" "nginx1" {
 
         tls {
           secret_name = "nginx1"
-          hosts = ["nginx1.your-domain"]
+          hosts = ["your-domain"]
         }
     }
-}
+}
+
+resource "cloudflare_record" "clcreative-main-cluster" {
+    zone_id = "your-zone-id"
+    name = "your-domain"
+    value =  data.civo_loadbalancer.traefik_lb.public_ip
+    type = "A"
+    proxied = false
+}

terraform/templates/kubernetes-automation-example/provider.tf

@@ -3,45 +3,47 @@ terraform {
     required_version = ">= 0.13.0"
 
     required_providers {
-        cloudflare = {
-            source = "cloudflare/cloudflare"
-            version = "~> 3.0"
-        }
         civo = {
             source = "civo/civo"
             version = "~> 1.0.13"
         }
-        kubernetes = {
-            source = "hashicorp/kubernetes"
-            version = "2.8.0"     
-        }
         helm = {
             source = "hashicorp/helm"
             version = "2.4.1"
         }
+        kubernetes = {
+            source = "hashicorp/kubernetes"
+            version = "2.8.0"     
+        }
         kubectl = {
             source = "gavinbunney/kubectl"
             version = "1.13.1"
         }
+        cloudflare = {
+            source = "cloudflare/cloudflare"
+            version = "~> 3.0"
+        }
     }
 }
 
-provider "civo" {
-    token = var.civo_token
-    # (Optional) switch datacenter region
-    # region = "FRA1"
+variable "civo_token" {
+    type = string
 }
 
-provider "cloudflare" {
-    email = var.cloudflare_email
-    api_key =  var.cloudflare_api_key
+variable "cloudflare_email" {
+    type = string
 }
 
-provider "kubernetes" {
-    host = "${yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.server}"
-    client_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-certificate-data)}"
-    client_key = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-key-data)}"
-    cluster_ca_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
+variable "cloudflare_api_key" {
+    type = string
+}
+
+provider "civo" {
+    token = var.civo_token
+    
+    # TODO: (optional) change region to your desired datacenter location
+    # ---
+    # region = "FRA1"
 }
 
 provider "helm" {
@@ -49,14 +51,26 @@ provider "helm" {
         host = "${yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.server}"
         client_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-certificate-data)}"
         client_key = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-key-data)}"
-        cluster_ca_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
+        cluster_ca_certificate ="${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
     }
 }
 
+provider "kubernetes" {
+    host = "${yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.server}"
+    client_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-certificate-data)}"
+    client_key = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-key-data)}"
+    cluster_ca_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
+}
+
 provider "kubectl" {
     host = "${yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.server}"
     client_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-certificate-data)}"
     client_key = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-key-data)}"
     cluster_ca_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
     load_config_file = false
+}
+
+provider "cloudflare" {
+    email = var.cloudflare_email
+    api_key = var.cloudflare_api_key
 }

terraform/templates/kubernetes-automation-example/traefik.tf

@@ -1,22 +1,26 @@
-resource "kubernetes_namespace" "traefik" {
+# Traefik Deployment
 
-    depends_on = [time_sleep.wait_for_kubernetes]
+resource "kubernetes_namespace" "traefik" {
+    
+    depends_on = [
+        time_sleep.wait_for_kubernetes
+    ]
 
     metadata {
         name = "traefik"
     }
-
 }
 
 resource "helm_release" "traefik" {
-    
-    depends_on = [kubernetes_namespace.traefik]
+    depends_on = [
+        kubernetes_namespace.traefik
+    ]
 
     name = "traefik"
     namespace = "traefik"
 
     repository = "https://helm.traefik.io/traefik"
-    chart      = "traefik"
+    chart = "traefik"
 
     # Set Traefik as the Default Ingress Controller
     set {