From 9876539bf99ce44ac2504a739776405c490d468a Mon Sep 17 00:00:00 2001
From: Alpha Chen <alpha@kejadlen.dev>
Date: Mon, 24 May 2021 18:34:00 -0700
Subject: [PATCH] [meta] experimenting w/terraform and k8s

---
 .gitmodules                         |  5 +-
 .vim/pack/alpha/start/vim-terraform |  1 +
 ramble-hard/.gitignore              |  2 +
 ramble-hard/issuer.yml              | 14 +++++
 ramble-hard/main.tf                 | 24 ++++++++
 ramble-hard/outputs.tf              |  5 ++
 ramble-hard/terraform/.gitignore    |  2 +
 ramble-hard/terraform/main.tf       | 86 +++++++++++++++++++++++++++++
 ramble-hard/terraform/monica.yml    |  8 +++
 ramble-hard/terraform/outputs.tf    |  6 ++
 ramble-hard/terraform/traefik.yml   | 15 +++++
 ramble-hard/traefik.yml             | 15 +++++
 12 files changed, 182 insertions(+), 1 deletion(-)
 create mode 160000 .vim/pack/alpha/start/vim-terraform
 create mode 100644 ramble-hard/.gitignore
 create mode 100644 ramble-hard/issuer.yml
 create mode 100644 ramble-hard/main.tf
 create mode 100644 ramble-hard/outputs.tf
 create mode 100644 ramble-hard/terraform/.gitignore
 create mode 100644 ramble-hard/terraform/main.tf
 create mode 100644 ramble-hard/terraform/monica.yml
 create mode 100644 ramble-hard/terraform/outputs.tf
 create mode 100644 ramble-hard/terraform/traefik.yml
 create mode 100644 ramble-hard/traefik.yml

diff --git a/.gitmodules b/.gitmodules
index 6276f25..247ab0d 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -127,5 +127,8 @@
 	url = https://github.com/kejadlen/fast-user-switching.alfredworkflow.git
 [submodule "src/soulver.alfredworkflow"]
 	path = src/soulver.alfredworkflow
-	url = git@github.com:kejadlen/soulver.alfredworkflow.git
+	url = https://github.com/kejadlen/soulver.alfredworkflow.git
 	branch = main
+[submodule ".vim/pack/alpha/start/vim-terraform"]
+	path = .vim/pack/alpha/start/vim-terraform
+	url = https://github.com/hashivim/vim-terraform.git
diff --git a/.vim/pack/alpha/start/vim-terraform b/.vim/pack/alpha/start/vim-terraform
new file mode 160000
index 0000000..9166d42
--- /dev/null
+++ b/.vim/pack/alpha/start/vim-terraform
@@ -0,0 +1 @@
+Subproject commit 9166d42e5dc9bc0ef7e1b9e93d52bb4c5b923560
diff --git a/ramble-hard/.gitignore b/ramble-hard/.gitignore
new file mode 100644
index 0000000..77f783f
--- /dev/null
+++ b/ramble-hard/.gitignore
@@ -0,0 +1,2 @@
+.terraform
+terraform.tfstate.d
diff --git a/ramble-hard/issuer.yml b/ramble-hard/issuer.yml
new file mode 100644
index 0000000..c87c53d
--- /dev/null
+++ b/ramble-hard/issuer.yml
@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1alpha2
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    email: alpha@kejadlen.dev
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: issuer-account-key
+    solvers:
+      - http01:
+          ingress:
+            class: traefik-cert-manager
diff --git a/ramble-hard/main.tf b/ramble-hard/main.tf
new file mode 100644
index 0000000..24047aa
--- /dev/null
+++ b/ramble-hard/main.tf
@@ -0,0 +1,24 @@
+terraform {
+  required_providers {
+    linode = {
+      source  = "linode/linode"
+      version = "1.16.0"
+    }
+  }
+}
+
+provider "linode" {
+  # token = "$LINODE_TOKEN"
+}
+
+resource "linode_lke_cluster" "lke_cluster" {
+  label       = "ramble-hard"
+  k8s_version = "1.20"
+  region      = "us-west"
+
+  pool {
+    type  = "g6-standard-1"
+    count = 1
+  }
+}
+
diff --git a/ramble-hard/outputs.tf b/ramble-hard/outputs.tf
new file mode 100644
index 0000000..b185c30
--- /dev/null
+++ b/ramble-hard/outputs.tf
@@ -0,0 +1,5 @@
+resource "local_file" "kubeconfig" {
+  depends_on   = [linode_lke_cluster.lke_cluster]
+  filename     = "kube.config.private"
+  content      = base64decode(linode_lke_cluster.lke_cluster.kubeconfig)
+}
diff --git a/ramble-hard/terraform/.gitignore b/ramble-hard/terraform/.gitignore
new file mode 100644
index 0000000..77f783f
--- /dev/null
+++ b/ramble-hard/terraform/.gitignore
@@ -0,0 +1,2 @@
+.terraform
+terraform.tfstate.d
diff --git a/ramble-hard/terraform/main.tf b/ramble-hard/terraform/main.tf
new file mode 100644
index 0000000..294ca1b
--- /dev/null
+++ b/ramble-hard/terraform/main.tf
@@ -0,0 +1,86 @@
+terraform {
+  required_providers {
+    linode = {
+      source  = "linode/linode"
+      version = "1.16.0"
+    }
+    helm = {
+      source = "hashicorp/helm"
+      version = "=2.1.0"
+    }
+  }
+}
+
+provider "helm" {
+  kubernetes {
+    config_path = "kube.config.private"
+  }
+}
+
+provider "kubernetes" {
+  config_path = "kube.config.private"
+}
+
+provider "linode" {
+  # token = "$LINODE_TOKEN"
+}
+
+resource "linode_lke_cluster" "ramble-hard" {
+  label       = "ramble-hard"
+  k8s_version = "1.20"
+  region      = "us-west"
+
+  pool {
+    type  = "g6-standard-1"
+    count = 1
+  }
+}
+
+resource "kubernetes_namespace" "ingress-traefik-namespace" {
+  depends_on = [local_file.kubeconfig]
+
+  metadata {
+    annotations = {
+      name = "traefik"
+    }
+    name = "traefik"
+  }
+}
+
+resource "helm_release" "ingress-traefik" {
+  depends_on = [local_file.kubeconfig]
+
+  name       = "traefik"
+  chart      = "traefik"
+  repository = "https://helm.traefik.io/traefik"
+  namespace  = "traefik"
+
+  values = [
+    file("traefik.yml")
+  ]
+}
+
+resource "kubernetes_namespace" "cert-manager-namespace" {
+  depends_on = [local_file.kubeconfig]
+
+  metadata {
+    annotations = {
+      name = "cert-manager"
+    }
+    name = "cert-manager"
+  }
+}
+
+resource "helm_release" "cert-manager" {
+  depends_on = [local_file.kubeconfig]
+
+  name       = "cert-manager"
+  chart      = "cert-manager"
+  repository = "https://charts.jetstack.io"
+  namespace  = "cert-manager"
+
+  set {
+    name  = "installCRDs"
+    value = "true"
+  }
+}
diff --git a/ramble-hard/terraform/monica.yml b/ramble-hard/terraform/monica.yml
new file mode 100644
index 0000000..75b30dd
--- /dev/null
+++ b/ramble-hard/terraform/monica.yml
@@ -0,0 +1,8 @@
+env:
+  APP_ENV: production
+  # DB_HOST: monica-mariadb
+
+mariadb:
+  enabled: true
+  primary:
+    persistence: true
diff --git a/ramble-hard/terraform/outputs.tf b/ramble-hard/terraform/outputs.tf
new file mode 100644
index 0000000..593067f
--- /dev/null
+++ b/ramble-hard/terraform/outputs.tf
@@ -0,0 +1,6 @@
+resource "local_file" "kubeconfig" {
+  depends_on      = [linode_lke_cluster.ramble-hard]
+  filename        = "kube.config.private"
+  file_permission = "0600"
+  content         = base64decode(linode_lke_cluster.ramble-hard.kubeconfig)
+}
diff --git a/ramble-hard/terraform/traefik.yml b/ramble-hard/terraform/traefik.yml
new file mode 100644
index 0000000..5307c6d
--- /dev/null
+++ b/ramble-hard/terraform/traefik.yml
@@ -0,0 +1,15 @@
+ingressRoute:
+  dashboard:
+    enabled: true
+    annotations: { traefik.ingress.kubernetes.io/router.tls: "true" }
+
+ports:
+  web:
+    redirectTo: websecure
+
+additionalArguments:
+  - "--log.level=INFO"
+  - "--entrypoints.websecure.http.tls"
+  - "--providers.kubernetesIngress.ingressClass=traefik-cert-manager"
+  - "--ping"
+  - "--metrics.prometheus"
diff --git a/ramble-hard/traefik.yml b/ramble-hard/traefik.yml
new file mode 100644
index 0000000..f8a2533
--- /dev/null
+++ b/ramble-hard/traefik.yml
@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1alpha2
+kind: Certificate
+metadata:
+  name: traefik-dashboard-cert
+  namespace: traefik
+  labels:
+    use-http01-solver: "true"
+spec:
+  commonName: ramble-hard.kejadlen.dev
+  secretName: traefik-dashboard-cert
+  dnsNames:
+    - ramble-hard.kejadlen.dev
+  issuerRef:
+    name: letsencrypt-prod
+    kind: ClusterIssuer