[meta] experimenting w/terraform and k8s

3 years ago · 9876539bf9
parent a208e3f39b
commit 9876539bf9
12 changed files with 182 additions and 1 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -127,5 +127,8 @@
 	url = https://github.com/kejadlen/fast-user-switching.alfredworkflow.git
 [submodule "src/soulver.alfredworkflow"]
 	path = src/soulver.alfredworkflow
-	url = git@github.com:kejadlen/soulver.alfredworkflow.git
+	url = https://github.com/kejadlen/soulver.alfredworkflow.git
 	branch = main
+[submodule ".vim/pack/alpha/start/vim-terraform"]
+	path = .vim/pack/alpha/start/vim-terraform
+	url = https://github.com/hashivim/vim-terraform.git
--- a/.vim/pack/alpha/start/vim-terraform
+++ b/.vim/pack/alpha/start/vim-terraform
@ -0,0 +1 @@
+Subproject commit 9166d42e5dc9bc0ef7e1b9e93d52bb4c5b923560
--- a/ramble-hard/.gitignore
+++ b/ramble-hard/.gitignore
@ -0,0 +1,2 @@
+.terraform
+terraform.tfstate.d
--- a/ramble-hard/issuer.yml
+++ b/ramble-hard/issuer.yml
@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1alpha2
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    email: alpha@kejadlen.dev
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: issuer-account-key
+    solvers:
+      - http01:
+          ingress:
+            class: traefik-cert-manager
--- a/ramble-hard/main.tf
+++ b/ramble-hard/main.tf
@ -0,0 +1,24 @@
+terraform {
+  required_providers {
+    linode = {
+      source  = "linode/linode"
+      version = "1.16.0"
+    }
+  }
+}
+
+provider "linode" {
+  # token = "$LINODE_TOKEN"
+}
+
+resource "linode_lke_cluster" "lke_cluster" {
+  label       = "ramble-hard"
+  k8s_version = "1.20"
+  region      = "us-west"
+
+  pool {
+    type  = "g6-standard-1"
+    count = 1
+  }
+}
+
--- a/ramble-hard/outputs.tf
+++ b/ramble-hard/outputs.tf
@ -0,0 +1,5 @@
+resource "local_file" "kubeconfig" {
+  depends_on   = [linode_lke_cluster.lke_cluster]
+  filename     = "kube.config.private"
+  content      = base64decode(linode_lke_cluster.lke_cluster.kubeconfig)
+}
--- a/ramble-hard/terraform/.gitignore
+++ b/ramble-hard/terraform/.gitignore
@ -0,0 +1,2 @@
+.terraform
+terraform.tfstate.d
--- a/ramble-hard/terraform/main.tf
+++ b/ramble-hard/terraform/main.tf
@ -0,0 +1,86 @@
+terraform {
+  required_providers {
+    linode = {
+      source  = "linode/linode"
+      version = "1.16.0"
+    }
+    helm = {
+      source = "hashicorp/helm"
+      version = "=2.1.0"
+    }
+  }
+}
+
+provider "helm" {
+  kubernetes {
+    config_path = "kube.config.private"
+  }
+}
+
+provider "kubernetes" {
+  config_path = "kube.config.private"
+}
+
+provider "linode" {
+  # token = "$LINODE_TOKEN"
+}
+
+resource "linode_lke_cluster" "ramble-hard" {
+  label       = "ramble-hard"
+  k8s_version = "1.20"
+  region      = "us-west"
+
+  pool {
+    type  = "g6-standard-1"
+    count = 1
+  }
+}
+
+resource "kubernetes_namespace" "ingress-traefik-namespace" {
+  depends_on = [local_file.kubeconfig]
+
+  metadata {
+    annotations = {
+      name = "traefik"
+    }
+    name = "traefik"
+  }
+}
+
+resource "helm_release" "ingress-traefik" {
+  depends_on = [local_file.kubeconfig]
+
+  name       = "traefik"
+  chart      = "traefik"
+  repository = "https://helm.traefik.io/traefik"
+  namespace  = "traefik"
+
+  values = [
+    file("traefik.yml")
+  ]
+}
+
+resource "kubernetes_namespace" "cert-manager-namespace" {
+  depends_on = [local_file.kubeconfig]
+
+  metadata {
+    annotations = {
+      name = "cert-manager"
+    }
+    name = "cert-manager"
+  }
+}
+
+resource "helm_release" "cert-manager" {
+  depends_on = [local_file.kubeconfig]
+
+  name       = "cert-manager"
+  chart      = "cert-manager"
+  repository = "https://charts.jetstack.io"
+  namespace  = "cert-manager"
+
+  set {
+    name  = "installCRDs"
+    value = "true"
+  }
+}
--- a/ramble-hard/terraform/monica.yml
+++ b/ramble-hard/terraform/monica.yml
@ -0,0 +1,8 @@
+env:
+  APP_ENV: production
+  # DB_HOST: monica-mariadb
+
+mariadb:
+  enabled: true
+  primary:
+    persistence: true
--- a/ramble-hard/terraform/outputs.tf
+++ b/ramble-hard/terraform/outputs.tf
@ -0,0 +1,6 @@
+resource "local_file" "kubeconfig" {
+  depends_on      = [linode_lke_cluster.ramble-hard]
+  filename        = "kube.config.private"
+  file_permission = "0600"
+  content         = base64decode(linode_lke_cluster.ramble-hard.kubeconfig)
+}
--- a/ramble-hard/terraform/traefik.yml
+++ b/ramble-hard/terraform/traefik.yml
@ -0,0 +1,15 @@
+ingressRoute:
+  dashboard:
+    enabled: true
+    annotations: { traefik.ingress.kubernetes.io/router.tls: "true" }
+
+ports:
+  web:
+    redirectTo: websecure
+
+additionalArguments:
+  - "--log.level=INFO"
+  - "--entrypoints.websecure.http.tls"
+  - "--providers.kubernetesIngress.ingressClass=traefik-cert-manager"
+  - "--ping"
+  - "--metrics.prometheus"
--- a/ramble-hard/traefik.yml
+++ b/ramble-hard/traefik.yml
@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1alpha2
+kind: Certificate
+metadata:
+  name: traefik-dashboard-cert
+  namespace: traefik
+  labels:
+    use-http01-solver: "true"
+spec:
+  commonName: ramble-hard.kejadlen.dev
+  secretName: traefik-dashboard-cert
+  dnsNames:
+    - ramble-hard.kejadlen.dev
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer
				`@ -0,0 +1 @@`
				`Subproject commit 9166d42e5dc9bc0ef7e1b9e93d52bb4c5b923560`