From 5c73779a4adc1a25b3c8c47ed4424a929c16ef29 Mon Sep 17 00:00:00 2001
From: Christian <christian@the-digital-life.com>
Date: Wed, 16 Mar 2022 17:54:10 +0100
Subject: [PATCH] terraform update

---
 terraform/helm/certmanager.tf                | 31 +++++++++++++
 terraform/helm/traefik.tf                    | 46 ++++++++++++++++++++
 terraform/kubectl/manifest.tf                |  7 +++
 terraform/kubectl/provider.tf                | 24 ++++++++++
 terraform/kubernetes/provider.tf             | 13 +++---
 terraform/kubernetes/templates/deployment.tf | 41 +++++++++++++++++
 terraform/kubernetes/templates/ingress.tf    | 39 +++++++++++++++++
 terraform/kubernetes/templates/secret.tf     | 15 +++++++
 terraform/kubernetes/templates/service.tf    | 19 ++++++++
 9 files changed, 228 insertions(+), 7 deletions(-)
 create mode 100644 terraform/helm/certmanager.tf
 create mode 100644 terraform/helm/traefik.tf
 create mode 100644 terraform/kubectl/manifest.tf
 create mode 100644 terraform/kubectl/provider.tf
 create mode 100644 terraform/kubernetes/templates/deployment.tf
 create mode 100644 terraform/kubernetes/templates/ingress.tf
 create mode 100644 terraform/kubernetes/templates/secret.tf
 create mode 100644 terraform/kubernetes/templates/service.tf

diff --git a/terraform/helm/certmanager.tf b/terraform/helm/certmanager.tf
new file mode 100644
index 0000000..03f3c18
--- /dev/null
+++ b/terraform/helm/certmanager.tf
@@ -0,0 +1,31 @@
+resource "kubernetes_namespace" "certmanager" {
+
+    metadata {
+        name = "certmanager"
+    }
+}
+
+resource "helm_release" "certmanager" {
+    
+    depends_on = [kubernetes_namespace.certmanager]
+
+    name = "certmanager"
+    namespace = "certmanager"
+
+    repository = "https://charts.jetstack.io"
+    chart      = "cert-manager"
+
+    # Install Kubernetes CRDs
+    set {
+        name  = "installCRDs"
+        value = "true"
+    }
+}
+
+# (Optional) Create a Time-Sleep for Certificates and Issuer Manifests to deploy later
+# resource "time_sleep" "wait_for_certmanager" {
+# 
+#     depends_on = [helm_release.certmanager]
+# 
+#     create_duration = "10s"
+# }
diff --git a/terraform/helm/traefik.tf b/terraform/helm/traefik.tf
new file mode 100644
index 0000000..7634ddc
--- /dev/null
+++ b/terraform/helm/traefik.tf
@@ -0,0 +1,46 @@
+resource "kubernetes_namespace" "traefik" {
+    
+    metadata {
+        name = "traefik"
+    }
+
+}
+
+resource "helm_release" "traefik" {
+    
+    depends_on = [kubernetes_namespace.traefik]
+
+    name = "traefik"
+    namespace = "traefik"
+
+    repository = "https://helm.traefik.io/traefik"
+    chart      = "traefik"
+
+    # Set Traefik as the Default Ingress Controller
+    set {
+        name  = "ingressClass.enabled"
+        value = "true"
+    }
+    set {
+        name  = "ingressClass.isDefaultClass"
+        value = "true"
+    }
+    
+    # Default Redirect
+    set {
+        name  = "ports.web.redirectTo"
+        value = "websecure"
+    }
+
+    # Enable TLS on Websecure
+    set {
+        name  = "ports.websecure.tls.enabled"
+        value = "true"
+    }
+
+    # TLS Options (that's not working for some reason...)
+    set {
+        name  = "tlsOptions.default.minVersion"
+        value = "VersionTLS12"
+    }   
+}
\ No newline at end of file
diff --git a/terraform/kubectl/manifest.tf b/terraform/kubectl/manifest.tf
new file mode 100644
index 0000000..17285c5
--- /dev/null
+++ b/terraform/kubectl/manifest.tf
@@ -0,0 +1,7 @@
+resource "kubectl_manifest" "your-manifest-file" {
+
+    yaml_body = <<YAML
+# Put your Manifest-file Content right here...
+# ...
+    YAML
+}
\ No newline at end of file
diff --git a/terraform/kubectl/provider.tf b/terraform/kubectl/provider.tf
new file mode 100644
index 0000000..4c68aac
--- /dev/null
+++ b/terraform/kubectl/provider.tf
@@ -0,0 +1,24 @@
+# Kubectl Provider
+# ---
+# Initial Provider Configuration for Kubectl
+
+terraform {
+
+    required_version = ">= 0.13.0"
+
+    required_providers {
+        kubectl = {
+            source = "gavinbunney/kubectl"
+            version = "1.13.1"
+        }
+    }
+}
+
+# Dynamic Configuration from CIVO Kubernetes deployment
+# provider "kubectl" {
+#     host = "${yamldecode(civo_kubernetes_cluster.your-kubernetes-cluster.kubeconfig).clusters.0.cluster.server}"
+#     client_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.your-kubernetes-cluster.kubeconfig).users.0.user.client-certificate-data)}"
+#     client_key = "${base64decode(yamldecode(civo_kubernetes_cluster.your-kubernetes-cluster.kubeconfig).users.0.user.client-key-data)}"
+#     cluster_ca_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.your-kubernetes-cluster.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
+#     load_config_file = false
+# }
diff --git a/terraform/kubernetes/provider.tf b/terraform/kubernetes/provider.tf
index 68bd904..36b1d23 100644
--- a/terraform/kubernetes/provider.tf
+++ b/terraform/kubernetes/provider.tf
@@ -1,24 +1,23 @@
-# Kubectl Provider
+# Kubernetes Provider
 # ---
-# Initial Provider Configuration for Kubectl
+# Initial Provider Configuration for Kubernetes
 
 terraform {
 
     required_version = ">= 0.13.0"
 
     required_providers {
-        kubectl = {
-          source = "gavinbunney/kubectl"
-          version = "1.13.1"
+        kubernetes = {
+            source = "hashicorp/kubernetes"
+            version = "2.8.0"     
         }
     }
 }
 
 # Dynamic Configuration from CIVO Kubernetes deployment
-# provider "kubectl" {
+# provider "kubernetes" {
 #     host = "${yamldecode(civo_kubernetes_cluster.your-kubernetes-cluster.kubeconfig).clusters.0.cluster.server}"
 #     client_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.your-kubernetes-cluster.kubeconfig).users.0.user.client-certificate-data)}"
 #     client_key = "${base64decode(yamldecode(civo_kubernetes_cluster.your-kubernetes-cluster.kubeconfig).users.0.user.client-key-data)}"
 #     cluster_ca_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.your-kubernetes-cluster.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
-#     load_config_file = false
 # }
diff --git a/terraform/kubernetes/templates/deployment.tf b/terraform/kubernetes/templates/deployment.tf
new file mode 100644
index 0000000..3a5d388
--- /dev/null
+++ b/terraform/kubernetes/templates/deployment.tf
@@ -0,0 +1,41 @@
+resource "kubernetes_deployment" "your-deployment" {
+
+    depends_on = [kubernetes_namespace.your-namespace]
+
+    metadata {
+        name = "your-deployment"
+        namespace = "your-namespace"
+        labels = {
+            app = "your-app-selector"
+        }
+    }
+
+    spec {
+        replicas = 1
+
+        selector {
+            match_labels = {
+                app = "your-app-selector"
+            }
+        }
+
+        template {
+            metadata {
+                labels = {
+                    app = "your-app-selector"
+                }
+            }
+
+            spec {
+                container {
+                    image = "your-image:latest"
+                    name  = "your-container"
+
+                    port {
+                        container_port = 80
+                    }
+                }
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/terraform/kubernetes/templates/ingress.tf b/terraform/kubernetes/templates/ingress.tf
new file mode 100644
index 0000000..0e6263b
--- /dev/null
+++ b/terraform/kubernetes/templates/ingress.tf
@@ -0,0 +1,39 @@
+resource "kubernetes_ingress_v1" "your-ingress" {
+
+    depends_on = [kubernetes_namespace.your-namespace]
+
+    metadata {
+        name = "your-ingress"
+        namespace = "your-namespace"
+    }
+
+    spec {
+        rule {
+
+            host = "your-domain"
+
+            http {
+
+                path {
+                    path = "/"
+
+                    backend {
+                        service {
+                            name = "your-service"
+                            port {
+                                number = 80
+                            }
+                        }
+                    }
+
+                }
+            }
+        }
+
+        # (Optional) Add an SSL Certificate
+        # tls {
+        #     secret_name = "ssl-certificate-object"
+        #     hosts = ["your-domain"]
+        # }
+    }
+}
\ No newline at end of file
diff --git a/terraform/kubernetes/templates/secret.tf b/terraform/kubernetes/templates/secret.tf
new file mode 100644
index 0000000..f1b30cb
--- /dev/null
+++ b/terraform/kubernetes/templates/secret.tf
@@ -0,0 +1,15 @@
+resource "kubernetes_secret" "cloudflare_api_key_secret" {
+  
+    depends_on = [kubernetes_namespace.your-namespace-object]
+    
+    metadata {
+        name = "cloudflare-api-key-secret"
+        namespace = "your-namespace"
+    }
+
+    data = {
+        api-key = var.your-api-key-variable
+    }
+
+    type = "Opaque"
+}
\ No newline at end of file
diff --git a/terraform/kubernetes/templates/service.tf b/terraform/kubernetes/templates/service.tf
new file mode 100644
index 0000000..7651733
--- /dev/null
+++ b/terraform/kubernetes/templates/service.tf
@@ -0,0 +1,19 @@
+resource "kubernetes_service" "your-service" {
+
+    depends_on = [kubernetes_namespace.your-namespace]
+
+    metadata {
+        name = "your-service"
+        namespace = "your-namespace"
+    }
+    spec {
+        selector = {
+            app = "your-app-selector"
+        }
+        port {
+            port = 80
+        }
+
+        type = "ClusterIP"
+    }
+}
\ No newline at end of file