kubernetes project update

2022-04-01 09:25:19 +02:00
parent cf7fffab77
commit c0bb0dbbbe
12 changed files with 214 additions and 202 deletions
--- a/terraform/templates/kubernetes-automation-example/certmanager-clusterissuer.tf
+++ b/terraform/templates/kubernetes-automation-example/certmanager-clusterissuer.tf
@@ -1,31 +0,0 @@
 resource "kubectl_manifest" "cloudflare_prod" {
    depends_on = [time_sleep.wait_for_certmanager]
    yaml_body = <<YAML
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
  name: cloudflare-prod
 spec:
  acme:
    email: your-mail-address
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: cloudflare-prod-account-key
    solvers:
    - dns01:
        cloudflare:
          email: your-mail-address
          apiKeySecretRef:
            name: cloudflare-api-key-secret
            key: api-key
    YAML
 }
 resource "time_sleep" "wait_for_clusterissuer" {
    depends_on = [kubectl_manifest.cloudflare_prod]
    create_duration = "30s"
 }
--- a/terraform/templates/kubernetes-automation-example/certmanager.tf
+++ b/terraform/templates/kubernetes-automation-example/certmanager.tf
@@ -1,21 +1,26 @@
 resource "kubernetes_namespace" "certmanager" {
-    depends_on = [time_sleep.wait_for_kubernetes]
+    depends_on = [
        time_sleep.wait_for_kubernetes
    ]
    metadata {
        name = "certmanager"
    }
 }
 resource "helm_release" "certmanager" {
-    depends_on = [kubernetes_namespace.certmanager]
+    depends_on = [
        kubernetes_namespace.certmanager
    ]
    name = "certmanager"
    namespace = "certmanager"
    repository = "https://charts.jetstack.io"
-    chart      = "cert-manager"
+    chart = "cert-manager"
    # Install Kubernetes CRDs
    set {
@@ -26,7 +31,49 @@ resource "helm_release" "certmanager" {
 resource "time_sleep" "wait_for_certmanager" {
-    depends_on = [helm_release.certmanager]
+    depends_on = [
        helm_release.certmanager
    ]
    create_duration = "10s"
 }
 # Create a ClusterIssuer
 resource "kubectl_manifest" "cloudflare_prod" {
    depends_on = [
        time_sleep.wait_for_certmanager
    ]
    # TODO: add your mail address according to your configuration and API authentication settings!
    # ---
    yaml_body = <<YAML
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
  name: cloudflare-prod
 spec:
  acme:
    email: your-mail-address
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: cloudflare-prod-account-key
    solvers:
    - dns01:
        cloudflare:
          email: your-mail-address
          apiKeySecretRef:
            name: cloudflare-api-key-secret
            key: api-key
    YAML
 }
 resource "time_sleep" "wait_for_clusterissuer" {
    depends_on = [
        kubectl_manifest.cloudflare_prod
    ]
    create_duration = "30s"
 }
--- a/terraform/templates/kubernetes-automation-example/civo-cluster.tf
+++ b/terraform/templates/kubernetes-automation-example/civo-cluster.tf
@@ -1,14 +0,0 @@
 resource "civo_kubernetes_cluster" "k8s_demo_1" {
    name = "k8s_demo_1"
    applications = ""
    num_target_nodes = 2
    target_nodes_size = element(data.civo_size.xsmall.sizes, 0).name
    firewall_id = civo_firewall.fw_demo_1.id
 }
 resource "time_sleep" "wait_for_kubernetes" {
    depends_on = [civo_kubernetes_cluster.k8s_demo_1]
    create_duration = "20s"
 }
--- a/terraform/templates/kubernetes-automation-example/civo-firewall.tf
+++ b/terraform/templates/kubernetes-automation-example/civo-firewall.tf
@@ -1,42 +0,0 @@
 resource "civo_firewall" "fw_demo_1" {
    name = "fw_demo_1"
    # (optional) Don't create Default Firewall rules [default = true]
    create_default_rules = false
    # (optnal) Specify network ID
    # network_id = 
 }
 resource "civo_firewall_rule" "kubernetes_api_server" {
    firewall_id = civo_firewall.fw_demo_1.id
    protocol = "tcp"
    start_port = "6443"
    end_port = "6443"
    cidr = ["0.0.0.0/0"]
    direction = "ingress"
    action = "allow"
    label = "kubernetes_api_server"
 }
 resource "civo_firewall_rule" "kubernetes_http" {
    firewall_id = civo_firewall.fw_demo_1.id
    protocol = "tcp"
    start_port = "80"
    end_port = "80"
    cidr = ["0.0.0.0/0"]
    direction = "ingress"
    action = "allow"
    label = "kubernetes_http"
 }
 resource "civo_firewall_rule" "kubernetes_https" {
    firewall_id = civo_firewall.fw_demo_1.id
    protocol = "tcp"
    start_port = "443"
    end_port = "443"
    cidr = ["0.0.0.0/0"]
    direction = "ingress"
    action = "allow"
    label = "kubernetes_https"
 }
--- a/terraform/templates/kubernetes-automation-example/civo-loadbalancer.tf
+++ b/terraform/templates/kubernetes-automation-example/civo-loadbalancer.tf
@@ -1,10 +0,0 @@
 data civo_loadbalancer "traefik_lb" {
    depends_on = [helm_release.traefik]
    name = "k8s_demo_1-traefik-traefik"
 }
 output "civo_loadbalancer_output" {
    value = data.civo_loadbalancer.traefik_lb.public_ip
 }
--- a/terraform/templates/kubernetes-automation-example/civo-query.tf
+++ b/terraform/templates/kubernetes-automation-example/civo-query.tf
@@ -1,38 +0,0 @@
 data "civo_size" "xsmall" {
    filter {
        key = "type"
        values = ["kubernetes"]
    }
    filter {
        key = "name"
        values = ["g4s.kube.xsmall"]
        match_by = "re"
    }
 }
 data "civo_size" "small" {
    filter {
        key = "type"
        values = ["kubernetes"]
    }
    filter {
        key = "name"
        values = ["g4s.kube.small"]
        match_by = "re"
    }
 }
 data "civo_size" "medium" {
    filter {
        key = "type"
        values = ["kubernetes"]
    }
    filter {
        key = "name"
        values = ["g4s.kube.medium"]
        match_by = "re"
    }
 }
--- a/terraform/templates/kubernetes-automation-example/civo.tf
+++ b/terraform/templates/kubernetes-automation-example/civo.tf
@@ -0,0 +1,77 @@
 # Kubernetes Cluster
 data "civo_size" "xsmall" {
    # TODO: (optional): change the values according to your desired instance image sizing
    # ---
    filter {
        key = "name"
        values = ["g4s.kube.xsmall"]
        match_by = "re"
    }
 }
 resource "civo_kubernetes_cluster" "k8s_demo_1" {
    name = "k8s_demo_1"
    applications = ""
    num_target_nodes = 2
    target_nodes_size = element(data.civo_size.xsmall.sizes, 0).name
    firewall_id = civo_firewall.fw_demo_1.id
 }
 resource "civo_firewall" "fw_demo_1" {
    name = "fw_demo_1"
    create_default_rules = false
 }
 resource "civo_firewall_rule" "kubernetes_http" {
    firewall_id = civo_firewall.fw_demo_1.id
    protocol = "tcp"
    start_port = "80"
    end_port = "80"
    cidr = ["0.0.0.0/0"]
    direction = "ingress"
    action = "allow"
    label = "kubernetes_http"
 }
 resource "civo_firewall_rule" "kubernetes_https" {
    firewall_id = civo_firewall.fw_demo_1.id
    protocol = "tcp"
    start_port = "443"
    end_port = "443"
    cidr = ["0.0.0.0/0"]
    direction = "ingress"
    action = "allow"
    label = "kubernetes_https"
 }
 resource "civo_firewall_rule" "kubernetes_api" {
    firewall_id = civo_firewall.fw_demo_1.id
    protocol = "tcp"
    start_port = "6443"
    end_port = "6443"
    cidr = ["0.0.0.0/0"]
    direction = "ingress"
    action = "allow"
    label = "kubernetes_api"
 }
 resource "time_sleep" "wait_for_kubernetes" {
    depends_on = [
        civo_kubernetes_cluster.k8s_demo_1
    ]
    create_duration = "20s"
 }
 data "civo_loadbalancer" "traefik_lb" {
    depends_on = [
        helm_release.traefik
    ]
    name = "k8s_demo_1-traefik-traefik"
 }
--- a/terraform/templates/kubernetes-automation-example/certmanager-cloudflare.tf
+++ b/terraform/templates/kubernetes-automation-example/certmanager-cloudflare.tf
@@ -1,6 +1,10 @@
 # Cloudflare DNS records and API Secret
 resource "kubernetes_secret" "cloudflare_api_key_secret" {
-    depends_on = [kubernetes_namespace.certmanager]
+    depends_on = [
        kubernetes_namespace.certmanager
    ]
    metadata {
        name = "cloudflare-api-key-secret"
@@ -13,3 +17,4 @@ resource "kubernetes_secret" "cloudflare_api_key_secret" {
    type = "Opaque"
 }
--- a/terraform/templates/kubernetes-automation-example/credentials.tf
+++ b/terraform/templates/kubernetes-automation-example/credentials.tf
@@ -1,15 +0,0 @@
 # Declare Variables for Credentials
 variable "cloudflare_email" {
    description = "The email address for your Cloudflare account"
    type = string
 }
 variable "cloudflare_api_key" {
    description = "The API key for your Cloudflare account"
    type = string
 }
 variable "civo_token" {
    description = "Civo API Token"
    type = string
 }
--- a/terraform/templates/kubernetes-automation-example/nginx1.tf
+++ b/terraform/templates/kubernetes-automation-example/nginx1.tf
@@ -1,24 +1,26 @@
-resource "cloudflare_record" "clcreative-main-cluster" {
+# NGINX 1 Test Deployment
-    zone_id = "your-zone-id"
+#
-    name = "nginx1.your-domain"
+# TODO: Change your-domain according to your DNS record that you want to create
-    value =  data.civo_loadbalancer.traefik_lb.public_ip
+# TODO: Change your-zone-id according to your DNS zone ID in Cloudflare
-    type = "A"
+# ---
    proxied = false
 }
 resource "kubernetes_namespace" "nginx1" {
-    depends_on = [time_sleep.wait_for_kubernetes]
+    depends_on = [
        time_sleep.wait_for_kubernetes
    ]
    metadata {
        name = "nginx1"
    }
 }
 resource "kubernetes_deployment" "nginx1" {
-    depends_on = [kubernetes_namespace.nginx1]
+    depends_on = [
        kubernetes_namespace.nginx1
    ]
    metadata {
        name = "nginx1"
@@ -58,9 +60,12 @@ resource "kubernetes_deployment" "nginx1" {
    }
 }
 resource "kubernetes_service" "nginx1" {
-    depends_on = [kubernetes_namespace.nginx1]
+    depends_on = [
        kubernetes_namespace.nginx1
    ]
    metadata {
        name = "nginx1"
@@ -78,6 +83,7 @@ resource "kubernetes_service" "nginx1" {
    }
 }
 resource "kubectl_manifest" "nginx1-certificate" {
    depends_on = [kubernetes_namespace.nginx1, time_sleep.wait_for_clusterissuer]
@@ -94,10 +100,11 @@ spec:
    name: cloudflare-prod
    kind: ClusterIssuer
  dnsNames:
-  - 'nginx1.your-domain'   
+  - 'your-domain'   
    YAML
 }
 resource "kubernetes_ingress_v1" "nginx1" {
    depends_on = [kubernetes_namespace.nginx1]
@@ -110,7 +117,7 @@ resource "kubernetes_ingress_v1" "nginx1" {
    spec {
        rule {
-            host = "nginx1.your-domain"
+            host = "your-domain"
            http {
@@ -132,7 +139,15 @@ resource "kubernetes_ingress_v1" "nginx1" {
        tls {
          secret_name = "nginx1"
-          hosts = ["nginx1.your-domain"]
+          hosts = ["your-domain"]
        }
    }
 }
 resource "cloudflare_record" "clcreative-main-cluster" {
    zone_id = "your-zone-id"
    name = "your-domain"
    value =  data.civo_loadbalancer.traefik_lb.public_ip
    type = "A"
    proxied = false
 }
--- a/terraform/templates/kubernetes-automation-example/provider.tf
+++ b/terraform/templates/kubernetes-automation-example/provider.tf
@@ -3,38 +3,56 @@ terraform {
    required_version = ">= 0.13.0"
    required_providers {
        cloudflare = {
            source = "cloudflare/cloudflare"
            version = "~> 3.0"
        }
        civo = {
            source = "civo/civo"
            version = "~> 1.0.13"
        }
        kubernetes = {
            source = "hashicorp/kubernetes"
            version = "2.8.0"     
        }
        helm = {
            source = "hashicorp/helm"
            version = "2.4.1"
        }
        kubernetes = {
            source = "hashicorp/kubernetes"
            version = "2.8.0"     
        }
        kubectl = {
            source = "gavinbunney/kubectl"
            version = "1.13.1"
        }
        cloudflare = {
            source = "cloudflare/cloudflare"
            version = "~> 3.0"
        }
    }
 }
 variable "civo_token" {
    type = string
 }
 variable "cloudflare_email" {
    type = string
 }
 variable "cloudflare_api_key" {
    type = string
 }
 provider "civo" {
    token = var.civo_token
-    # (Optional) switch datacenter region
+    
    # TODO: (optional) change region to your desired datacenter location
    # ---
    # region = "FRA1"
 }
-provider "cloudflare" {
+provider "helm" {
-    email = var.cloudflare_email
+    kubernetes {
-    api_key =  var.cloudflare_api_key
+        host = "${yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.server}"
        client_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-certificate-data)}"
        client_key = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-key-data)}"
        cluster_ca_certificate ="${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
    }
 }
 provider "kubernetes" {
@@ -44,15 +62,6 @@ provider "kubernetes" {
    cluster_ca_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
 }
 provider "helm" {
    kubernetes {
        host = "${yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.server}"
        client_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-certificate-data)}"
        client_key = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-key-data)}"
        cluster_ca_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
    }
 }
 provider "kubectl" {
    host = "${yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.server}"
    client_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).users.0.user.client-certificate-data)}"
@@ -60,3 +69,8 @@ provider "kubectl" {
    cluster_ca_certificate = "${base64decode(yamldecode(civo_kubernetes_cluster.k8s_demo_1.kubeconfig).clusters.0.cluster.certificate-authority-data)}"
    load_config_file = false
 }
 provider "cloudflare" {
    email = var.cloudflare_email
    api_key = var.cloudflare_api_key
 }
--- a/terraform/templates/kubernetes-automation-example/traefik.tf
+++ b/terraform/templates/kubernetes-automation-example/traefik.tf
@@ -1,22 +1,26 @@
 # Traefik Deployment
 resource "kubernetes_namespace" "traefik" {
-    depends_on = [time_sleep.wait_for_kubernetes]
+    depends_on = [
        time_sleep.wait_for_kubernetes
    ]
    metadata {
        name = "traefik"
    }
 }
 resource "helm_release" "traefik" {
-    
+    depends_on = [
-    depends_on = [kubernetes_namespace.traefik]
+        kubernetes_namespace.traefik
    ]
    name = "traefik"
    namespace = "traefik"
    repository = "https://helm.traefik.io/traefik"
-    chart      = "traefik"
+    chart = "traefik"
    # Set Traefik as the Default Ingress Controller
    set {