From 5b83607fe0e84be351df87f98b465d440e9acea9 Mon Sep 17 00:00:00 2001 From: michael Date: Sat, 20 Apr 2024 02:10:01 +1200 Subject: [PATCH] attempted k8s resources as tf files, not worth the trouble --- terraform/vultr/{k8s.tf => cluster.tf} | 28 +++++++------- terraform/vultr/config_maps.tf | 10 +++++ terraform/vultr/deployments.tf | 53 ++++++++++++++++++++++++++ terraform/vultr/main.tf | 12 ++++++ terraform/vultr/pvcs.tf | 15 ++++++++ terraform/vultr/services.tf | 29 ++++++++++++++ todo/vultr.todo | 18 +++++++++ 7 files changed, 151 insertions(+), 14 deletions(-) rename terraform/vultr/{k8s.tf => cluster.tf} (57%) create mode 100644 terraform/vultr/config_maps.tf create mode 100644 terraform/vultr/deployments.tf create mode 100644 terraform/vultr/pvcs.tf create mode 100644 terraform/vultr/services.tf create mode 100644 todo/vultr.todo diff --git a/terraform/vultr/k8s.tf b/terraform/vultr/cluster.tf similarity index 57% rename from terraform/vultr/k8s.tf rename to terraform/vultr/cluster.tf index ebfbb7b..c05d73b 100644 --- a/terraform/vultr/k8s.tf +++ b/terraform/vultr/cluster.tf @@ -19,18 +19,18 @@ resource "local_sensitive_file" "kubeconfig" { file_permission = "0600" } -resource "vultr_block_storage" "ssd0" { - label = "cluster00-ssd0" - size_gb = 10 - region = "ewr" - block_type = "high_perf" - attached_to_instance = vultr_kubernetes.k8s.node_pools[0].nodes[0].id - live = true - depends_on = [ - vultr_kubernetes.k8s - ] -} +# resource "vultr_block_storage" "ssd0" { +# label = "cluster00-ssd0" +# size_gb = 10 +# region = "ewr" +# block_type = "high_perf" +# attached_to_instance = vultr_kubernetes.k8s.node_pools[0].nodes[0].id +# live = true +# depends_on = [ +# vultr_kubernetes.k8s +# ] +# } -output "ssd0_mount" { - value = vultr_block_storage.ssd0.mount_id -} +# output "ssd0_mount" { +# value = vultr_block_storage.ssd0.mount_id +# } diff --git a/terraform/vultr/config_maps.tf b/terraform/vultr/config_maps.tf new file mode 100644 index 0000000..24b861b --- /dev/null +++ b/terraform/vultr/config_maps.tf @@ -0,0 +1,10 @@ +resource "kubernetes_config_map" "keyoxide-env" { + metadata { + name = "keyoxide-env" + namespace = "default" + } + + data = { + DOMAIN = "key.balsillie.net" + } +} \ No newline at end of file diff --git a/terraform/vultr/deployments.tf b/terraform/vultr/deployments.tf new file mode 100644 index 0000000..51d7ccc --- /dev/null +++ b/terraform/vultr/deployments.tf @@ -0,0 +1,53 @@ +resource "kubernetes_deployment" "keyoxide" { + depends_on = [ + kubernetes_config_map.keyoxide-env + ] + metadata { + name = "keyoxide" + namespace = "default" + } + + spec { + replicas = 1 + + selector { + match_labels = { + app = "keyoxide" + } + } + + template { + metadata { + labels = { + app = "keyoxide" + } + } + + spec { + container { + name = "keyoxide" + image = "codeberg.org/keyoxide/keyoxide-web" + image_pull_policy = "Always" + + resources { + requests = { + cpu = "100m" + memory = "50Mi" + } + limits = { + cpu = "500m" + memory = "128Mi" + } + } + + env_from { + config_map_ref { + name = "keyoxide-env" + } + } + + } + } + } + } +} diff --git a/terraform/vultr/main.tf b/terraform/vultr/main.tf index 27913e0..37279c8 100644 --- a/terraform/vultr/main.tf +++ b/terraform/vultr/main.tf @@ -9,6 +9,10 @@ terraform { source = "vultr/vultr" version = ">= 2.19.0" } + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.29.0" + } } backend "local" { path = "/home/michael/Nextcloud/Backups/tfstate/vultr.tfstate" @@ -29,3 +33,11 @@ provider "vultr" { rate_limit = 100 retry_limit = 3 } + +provider "kubernetes" { +# # host = vultr_kubernetes.k8s.endpoint +# # client_certificate = vultr_kubernetes.k8s.client_certificate +# # client_key = vultr_kubernetes.k8s.client_key +# # cluster_ca_certificate = vultr_kubernetes.k8s.cluster_ca_certificate + config_path = pathexpand("~/.kube/vultr") +} diff --git a/terraform/vultr/pvcs.tf b/terraform/vultr/pvcs.tf new file mode 100644 index 0000000..d997b99 --- /dev/null +++ b/terraform/vultr/pvcs.tf @@ -0,0 +1,15 @@ +resource "kubernetes_persistent_volume_claim" "ssd" { + metadata { + name = "ssd" + namespace = "default" + } + spec { + access_modes = ["ReadWriteOnce"] + resources { + requests = { + storage = "10Gi" + } + } + storage_class_name = "vultr-block-storage" + } +} \ No newline at end of file diff --git a/terraform/vultr/services.tf b/terraform/vultr/services.tf new file mode 100644 index 0000000..14df0e7 --- /dev/null +++ b/terraform/vultr/services.tf @@ -0,0 +1,29 @@ +resource "kubernetes_service" "keyoxide" { + metadata { + name = "keyoxide" + namespace = "default" + labels = { + svc = "keyoxide" + } + } + + spec { + selector = { + app = "keyoxide" + } + + ip_family_policy = "SingleStack" + ip_families = ["IPv4"] + + type = "ClusterIP" + cluster_ip = "None" + # external_traffic_policy = "Local" + + port { + name = "http" + port = 3000 + target_port = 3000 + protocol = "TCP" + } + } +} diff --git a/todo/vultr.todo b/todo/vultr.todo new file mode 100644 index 0000000..53a2932 --- /dev/null +++ b/todo/vultr.todo @@ -0,0 +1,18 @@ +revert to using ansible for k8s manifest installs + - Employ Ansible as a provider in TF? +install nginx-ingress-controller +edit the nginx-ingress-controller service + - change the service type to ClusterIP + - Change external and internal traffic policy + - Add external IPs +Install the operator lifecycle manager + - Scrape current version from GH releases + - Download the OLM install script + - Run with current version + +Install operators: + - Cert manager + - CNPG + - Keycloak + +Create cluster cert issuers \ No newline at end of file