terraform update2

terraform/templates/kubernetes-automation-example/certmanager-cloudflare.tf

@@ -0,0 +1,15 @@
+resource "kubernetes_secret" "cloudflare_api_key_secret" {
+  
+    depends_on = [kubernetes_namespace.certmanager]
+    
+    metadata {
+        name = "cloudflare-api-key-secret"
+        namespace = "certmanager"
+    }
+
+    data = {
+        api-key = var.cloudflare_api_key
+    }
+
+    type = "Opaque"
+}

terraform/templates/kubernetes-automation-example/certmanager-clusterissuer.tf

@@ -0,0 +1,31 @@
+resource "kubectl_manifest" "cloudflare_prod" {
+
+    depends_on = [time_sleep.wait_for_certmanager]
+
+    yaml_body = <<YAML
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: cloudflare-prod
+spec:
+  acme:
+    email: your-mail-address
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: cloudflare-prod-account-key
+    solvers:
+    - dns01:
+        cloudflare:
+          email: your-mail-address
+          apiKeySecretRef:
+            name: cloudflare-api-key-secret
+            key: api-key
+    YAML
+}
+
+resource "time_sleep" "wait_for_clusterissuer" {
+
+    depends_on = [kubectl_manifest.cloudflare_prod]
+
+    create_duration = "30s"
+}

terraform/templates/kubernetes-automation-example/certmanager.tf

@@ -0,0 +1,32 @@
+resource "kubernetes_namespace" "certmanager" {
+
+    depends_on = [time_sleep.wait_for_kubernetes]
+
+    metadata {
+        name = "certmanager"
+    }
+}
+
+resource "helm_release" "certmanager" {
+    
+    depends_on = [kubernetes_namespace.certmanager]
+
+    name = "certmanager"
+    namespace = "certmanager"
+
+    repository = "https://charts.jetstack.io"
+    chart      = "cert-manager"
+
+    # Install Kubernetes CRDs
+    set {
+        name  = "installCRDs"
+        value = "true"
+    }
+}
+
+resource "time_sleep" "wait_for_certmanager" {
+
+    depends_on = [helm_release.certmanager]
+
+    create_duration = "10s"
+}

terraform/templates/kubernetes-automation-example/civo-cluster.tf

@@ -0,0 +1,14 @@
+resource "civo_kubernetes_cluster" "k8s_demo_1" {
+    name = "k8s_demo_1"
+    applications = ""
+    num_target_nodes = 2
+    target_nodes_size = element(data.civo_size.xsmall.sizes, 0).name
+    firewall_id = civo_firewall.fw_demo_1.id
+}
+
+resource "time_sleep" "wait_for_kubernetes" {
+
+    depends_on = [civo_kubernetes_cluster.k8s_demo_1]
+
+    create_duration = "20s"
+}

terraform/templates/kubernetes-automation-example/civo-firewall.tf

@@ -0,0 +1,42 @@
+resource "civo_firewall" "fw_demo_1" {
+    name = "fw_demo_1"
+
+    # (optional) Don't create Default Firewall rules [default = true]
+    create_default_rules = false
+    
+    # (optnal) Specify network ID
+    # network_id = 
+}
+
+resource "civo_firewall_rule" "kubernetes_api_server" {
+    firewall_id = civo_firewall.fw_demo_1.id
+    protocol = "tcp"
+    start_port = "6443"
+    end_port = "6443"
+    cidr = ["0.0.0.0/0"]
+    direction = "ingress"
+    action = "allow"
+    label = "kubernetes_api_server"
+}
+
+resource "civo_firewall_rule" "kubernetes_http" {
+    firewall_id = civo_firewall.fw_demo_1.id
+    protocol = "tcp"
+    start_port = "80"
+    end_port = "80"
+    cidr = ["0.0.0.0/0"]
+    direction = "ingress"
+    action = "allow"
+    label = "kubernetes_http"
+}
+
+resource "civo_firewall_rule" "kubernetes_https" {
+    firewall_id = civo_firewall.fw_demo_1.id
+    protocol = "tcp"
+    start_port = "443"
+    end_port = "443"
+    cidr = ["0.0.0.0/0"]
+    direction = "ingress"
+    action = "allow"
+    label = "kubernetes_https"
+}

terraform/templates/kubernetes-automation-example/civo-loadbalancer.tf

@@ -0,0 +1,10 @@
+data civo_loadbalancer "traefik_lb" {
+
+    depends_on = [helm_release.traefik]
+  
+    name = "k8s_demo_1-traefik-traefik"
+}
+
+output "civo_loadbalancer_output" {
+    value = data.civo_loadbalancer.traefik_lb.public_ip
+}

terraform/templates/kubernetes-automation-example/civo-query.tf

@@ -0,0 +1,38 @@
+data "civo_size" "xsmall" {
+    filter {
+        key = "type"
+        values = ["kubernetes"]
+    }
+
+    filter {
+        key = "name"
+        values = ["g4s.kube.xsmall"]
+        match_by = "re"
+    }
+}
+
+data "civo_size" "small" {
+    filter {
+        key = "type"
+        values = ["kubernetes"]
+    }
+
+    filter {
+        key = "name"
+        values = ["g4s.kube.small"]
+        match_by = "re"
+    }
+}
+
+data "civo_size" "medium" {
+    filter {
+        key = "type"
+        values = ["kubernetes"]
+    }
+
+    filter {
+        key = "name"
+        values = ["g4s.kube.medium"]
+        match_by = "re"
+    }
+}

terraform/templates/kubernetes-automation-example/credentials.tf

@@ -0,0 +1,15 @@
+# Declare Variables for Credentials
+variable "cloudflare_email" {
+    description = "The email address for your Cloudflare account"
+    type = string
+}
+
+variable "cloudflare_api_key" {
+    description = "The API key for your Cloudflare account"
+    type = string
+}
+
+variable "civo_token" {
+    description = "Civo API Token"
+    type = string
+}

terraform/templates/kubernetes-automation-example/nginx1.tf

@@ -0,0 +1,138 @@
+resource "cloudflare_record" "clcreative-main-cluster" {
+    zone_id = "your-zone-id"
+    name = "nginx1.your-domain"
+    value =  data.civo_loadbalancer.traefik_lb.public_ip
+    type = "A"
+    proxied = false
+}
+
+resource "kubernetes_namespace" "nginx1" {
+
+    depends_on = [time_sleep.wait_for_kubernetes]
+
+    metadata {
+        name = "nginx1"
+    }
+
+}
+
+resource "kubernetes_deployment" "nginx1" {
+
+    depends_on = [kubernetes_namespace.nginx1]
+
+    metadata {
+        name = "nginx1"
+        namespace = "nginx1"
+        labels = {
+            app = "nginx1"
+        }
+    }
+
+    spec {
+        replicas = 1
+
+        selector {
+            match_labels = {
+                app = "nginx1"
+            }
+        }
+
+        template {
+            metadata {
+                labels = {
+                    app = "nginx1"
+                }
+            }
+
+            spec {
+                container {
+                    image = "nginx:latest"
+                    name  = "nginx"
+
+                    port {
+                        container_port = 80
+                    }
+                }
+            }
+        }
+    }
+}
+
+resource "kubernetes_service" "nginx1" {
+
+    depends_on = [kubernetes_namespace.nginx1]
+
+    metadata {
+        name = "nginx1"
+        namespace = "nginx1"
+    }
+    spec {
+        selector = {
+            app = "nginx1"
+        }
+        port {
+            port = 80
+        }
+
+        type = "ClusterIP"
+    }
+}
+
+resource "kubectl_manifest" "nginx1-certificate" {
+
+    depends_on = [kubernetes_namespace.nginx1, time_sleep.wait_for_clusterissuer]
+
+    yaml_body = <<YAML
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nginx1
+  namespace: nginx1
+spec:
+  secretName: nginx1
+  issuerRef:
+    name: cloudflare-prod
+    kind: ClusterIssuer
+  dnsNames:
+  - 'nginx1.your-domain'   
+    YAML
+}
+
+resource "kubernetes_ingress_v1" "nginx1" {
+
+    depends_on = [kubernetes_namespace.nginx1]
+
+    metadata {
+        name = "nginx1"
+        namespace = "nginx1"
+    }
+
+    spec {
+        rule {
+
+            host = "nginx1.your-domain"
+
+            http {
+
+                path {
+                    path = "/"
+
+                    backend {
+                        service {
+                            name = "nginx1"
+                            port {
+                                number = 80
+                            }
+                        }
+                    }
+
+                }
+            }
+        }
+
+        tls {
+          secret_name = "nginx1"
+          hosts = ["nginx1.your-domain"]
+        }
+    }
+}

terraform/templates/kubernetes-automation-example/provider.tf

@@ -0,0 +1,62 @@
+terraform {
+
+    required_version = ">= 0.13.0"
+
+    required_providers {
+        cloudflare = {
+            source = "cloudflare/cloudflare"
+            version = "~> 3.0"
+        }
+        civo = {
+            source = "civo/civo"
+            version = "~> 1.0.13"
+        }
+        kubernetes = {
+            source = "hashicorp/kubernetes"
+            version = "2.8.0"     
+        }
+        helm = {
+            source = "hashicorp/helm"
+            version = "2.4.1"
+        }
+        kubectl = {
+            source = "gavinbunney/kubectl"
+            version = "1.13.1"
+        }
+    }
+}
+
+provider "civo" {
+    token = var.civo_token
+    # (Optional) switch datacenter region
+    # region = "FRA1"
+}
+
+provider "cloudflare" {
+    email = var.cloudflare_email
+    api_key =  var.cloudflare_api_key
+}
+
+provider "kubernetes" {
+    host = "${yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.server}"
+    client_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-certificate-data)}"
+    client_key = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-key-data)}"
+    cluster_ca_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
+}
+
+provider "helm" {
+    kubernetes {
+        host = "${yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.server}"
+        client_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-certificate-data)}"
+        client_key = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-key-data)}"
+        cluster_ca_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
+    }
+}
+
+provider "kubectl" {
+    host = "${yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.server}"
+    client_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-certificate-data)}"
+    client_key = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-key-data)}"
+    cluster_ca_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
+    load_config_file = false
+}

terraform/templates/kubernetes-automation-example/traefik.tf

@@ -0,0 +1,43 @@
+resource "kubernetes_namespace" "traefik" {
+
+    depends_on = [time_sleep.wait_for_kubernetes]
+
+    metadata {
+        name = "traefik"
+    }
+
+}
+
+resource "helm_release" "traefik" {
+    
+    depends_on = [kubernetes_namespace.traefik]
+
+    name = "traefik"
+    namespace = "traefik"
+
+    repository = "https://helm.traefik.io/traefik"
+    chart      = "traefik"
+
+    # Set Traefik as the Default Ingress Controller
+    set {
+        name  = "ingressClass.enabled"
+        value = "true"
+    }
+    set {
+        name  = "ingressClass.isDefaultClass"
+        value = "true"
+    }
+    
+    # Default Redirect
+    set {
+        name  = "ports.web.redirectTo"
+        value = "websecure"
+    }
+
+    # Enable TLS on Websecure
+    set {
+        name  = "ports.websecure.tls.enabled"
+        value = "true"
+    }
+
+}