rekahsoft
/
poc-tf-do
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
POC setup and deployment of a kubernetes cluster for use as a personal compute platform
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
44 KiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
poc-tf-do/main.tf

102 lines
2.6 KiB
Raw Permalink Normal View History

Initial implementation of DO k8s cluster deployment Signed-off-by: Collin J. Doering <collin@rekahsoft.ca>
2 years ago
 
  1. terraform {
  2.   required_version = "~> 0.12"
  3. }
  4. 

  5. provider "digitalocean" {
  6.   version = "~> 1.7"
  7. }
  8. 

  9. provider "kubernetes" {
  10.   version = "~> 1.9"
  11. 

  12.   host = "${digitalocean_kubernetes_cluster.this.endpoint}"
  13. 

  14.   client_certificate     = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_certificate)
  15.   client_key             = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_key)
  16.   cluster_ca_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.cluster_ca_certificate)
  17. }
  18. 

  19. provider "helm" {
  20.   version = "~> 0.10"
  21. 

  22.   kubernetes {
  23.     host = "${digitalocean_kubernetes_cluster.this.endpoint}"
  24. 

  25.     client_certificate     = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_certificate)
  26.     client_key             = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_key)
  27.     cluster_ca_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.cluster_ca_certificate)
  28.   }
  29. }
  30. 

  31. resource "digitalocean_ssh_key" "collin_doering" {
  32.   name       = "yubikey"
  33.   public_key = "${file("/home/collin/.ssh/id_rsa.pub")}"
  34. }
  35. 

  36. resource "digitalocean_kubernetes_cluster" "this" {
  37.   name    = var.name
  38.   region  = var.region
  39.   version = var.k8s_version
  40.   tags    = var.tags
  41. 

  42.   node_pool {
  43.     name       = "default-pool"
  44.     size       = var.node_size
  45.     node_count = var.node_count
  46.     tags       = var.node_tags
  47.   }
  48. }
  49. 

  50. resource "kubernetes_service_account" "admin_user" {
  51.   metadata {
  52.     name      = var.admin_user_name
  53.     namespace = "kube-system"
  54.   }
  55. }
  56. 

  57. resource "kubernetes_cluster_role_binding" "admin_user" {
  58.   metadata {
  59.     name = var.admin_user_name
  60.   }
  61.   role_ref {
  62.     kind      = "ClusterRole"
  63.     name      = "cluster-admin"
  64.     api_group = "rbac.authorization.k8s.io"
  65.   }
  66.   subject {
  67.     kind      = "ServiceAccount"
  68.     name      = var.admin_user_name
  69.     namespace = "kube-system"
  70.   }
  71. }
  72. 

  73. resource "helm_release" "kubernetes_dashboard" {
  74.   name      = "kubernetes-dashboard"
  75.   chart     = "stable/kubernetes-dashboard"
  76.   namespace = "kube-system"
  77. }
  78. 

  79. data "helm_repository" "istio" {
  80.   name = "istio.io"
  81.   url  = "https://storage.googleapis.com/istio-release/releases/1.2.5/charts/"
  82. }
  83. 

  84. resource "helm_release" "istio_init" {
  85.   name       = "istio-init"
  86.   repository = data.helm_repository.istio.metadata.0.name
  87.   chart      = "istio.io/istio-init"
  88.   namespace  = "istio-system"
  89. 

  90.   provisioner "local-exec" {
  91.     command = "sleep 3m"
  92.   }
  93. }
  94. 

  95. resource "helm_release" "istio" {
  96.   name       = "istio"
  97.   repository = data.helm_repository.istio.metadata.0.name
  98.   chart      = "istio.io/istio"
  99.   namespace  = "istio-system"
  100. 

  101.   depends_on = [helm_release.istio_init]
  102. }