terraform {
  required_providers {
    kubernetes = {
      source = "hashicorp/kubernetes"
    }
    helm = {
      source = "hashicorp/helm"
    }
  }
}

provider "helm" {
  kubernetes {
    config_path = ".kube/config"
  }
}

provider "kubernetes" {
  config_path = ".kube/config"
}

resource "kubernetes_namespace" "cert_manager" {
  metadata {
    name = "cert-manager"
  }
}

resource "helm_release" "cert_manager" {
  name             = "cert-manager"
  repository       = "https://charts.jetstack.io"
  chart            = "cert-manager"
  version          = "1.6.1"
  namespace        = kubernetes_namespace.cert_manager.metadata[0].name

  set {
    name  = "installCRDs"
    value = "true"
  }
}

resource "kubernetes_manifest" "letsencrypt_staging" {
  manifest = {
    apiVersion = "cert-manager.io/v1"
    kind       = "Issuer"
    metadata = {
      name      = "letsencrypt-staging"
      namespace = "default"
    }
    spec = {
      acme = {
        server = "https://acme-staging-v02.api.letsencrypt.org/directory"
        email = var.letsencrypt_email
        privateKeySecretRef = {
          name = "letsencrypt-staging"
        }
        solvers = [
          {
            selector = {}
            http01 = {
              ingress = {
                class = "nginx"
              }
            }
          }
        ]
      }
    }
  }
}

resource "kubernetes_manifest" "letsencrypt_prod" {
  manifest = {
    apiVersion = "cert-manager.io/v1"
    kind       = "Issuer"
    metadata = {
      name      = "letsencrypt-prod"
      namespace = "default"
    }
    spec = {
      acme = {
        server = "https://acme-v02.api.letsencrypt.org/directory"
        email = var.letsencrypt_email
        privateKeySecretRef = {
          name = "letsencrypt-prod"
        }
        solvers = [
          {
            selector = {}
            http01 = {
              ingress = {
                class = "nginx"
              }
            }
          }
        ]
      }
    }
  }
}

resource "helm_release" "ingress_nginx" {
  name             = "ingress-nginx"
  repository       = "https://kubernetes.github.io/ingress-nginx"
  chart            = "ingress-nginx"
  version          = "4.0.13"
}

resource "kubernetes_deployment" "kuard" {
  metadata {
    name = "kuard"
  }

  spec {
    selector {
      match_labels = {
        app = "kuard"
      }
    }
    replicas = 1
    template {
      metadata {
        labels = {
          app = "kuard"
        }
      }
      spec {
        container {
          image = "gcr.io/kuar-demo/kuard-amd64:1"
          image_pull_policy = "Always"
          name = "kuard"
          port {
            container_port = 8080
          }
        }
      }
    }
  }
}

resource "kubernetes_service" "kuard" {
  metadata {
    name = "kuard"
  }

  spec {
    port {
      port = 80
      target_port = 8080
      protocol = "TCP"
    }
    selector = {
      app = "kuard"
    }
  }
}

resource "kubernetes_ingress_v1" "kuard" {
  metadata {
    name = "kuard"
    annotations = {
      "kubernetes.io/ingress.class" = "nginx"
      "cert-manager.io/issuer" = "letsencrypt-prod"
    }
  }

  spec {
    tls {
      hosts = [
        "kuard.${var.domain}"
      ]
      secret_name = "kuard-tls"
    }
    rule {
      host = "kuard.${var.domain}"
      http {
        path {
          path = "/"
          path_type = "Prefix"
          backend {
            service {
              name = "kuard"
              port {
                number = 80
              }
            }
          }
        }
      }
    }
  }
}