Browse Source
Initial implementation of DO k8s cluster deployment
Signed-off-by: Collin J. Doering <collin@rekahsoft.ca>master
5 changed files with 169 additions and 0 deletions
Split View
Diff Options
-
+19 -0README.md
-
+8 -0default.tfvars
-
+102 -0main.tf
-
+0 -0outputs.tf
-
+40 -0variables.tf
+ 19
- 0
README.md
View File
| @ -1 +1,20 @@ | |||
| # Terraform DigitalOcean POC | |||
| This is a proof of concept for deploying a kubernetes cluster on DigitalOcean that can be used | |||
| as my personal compute platform. | |||
| ## Set DigitialOcean Token for use by terraform provider | |||
| ```shell | |||
| export DIGITALOCEAN_TOKEN="$(yq -r '."access-token"' ~/.config/doctl/config.yaml)" | |||
| ``` | |||
| ## Deploy | |||
| ```shell | |||
| terraform init | |||
| terraform plan --var-file=default.tfvars --out out.plan | |||
| terraform apply out.plan | |||
| ``` | |||
| Note: Currently no remote state is used for this project | |||
+ 8
- 0
default.tfvars
View File
| @ -0,0 +1,8 @@ | |||
| name = "rekahsoft" | |||
| k8s_version = "1.15.3-do.1" | |||
| region = "tor1" | |||
| tags = [] | |||
| node_count = 3 | |||
| node_size = "s-2vcpu-4gb" | |||
| node_tags = [] | |||
| admin_user_name = "admin" | |||
+ 102
- 0
main.tf
View File
| @ -0,0 +1,102 @@ | |||
| terraform { | |||
| required_version = "~> 0.12" | |||
| } | |||
| provider "digitalocean" { | |||
| version = "~> 1.7" | |||
| } | |||
| provider "kubernetes" { | |||
| version = "~> 1.9" | |||
| host = "${digitalocean_kubernetes_cluster.this.endpoint}" | |||
| client_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_certificate) | |||
| client_key = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_key) | |||
| cluster_ca_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.cluster_ca_certificate) | |||
| } | |||
| provider "helm" { | |||
| version = "~> 0.10" | |||
| kubernetes { | |||
| host = "${digitalocean_kubernetes_cluster.this.endpoint}" | |||
| client_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_certificate) | |||
| client_key = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_key) | |||
| cluster_ca_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.cluster_ca_certificate) | |||
| } | |||
| } | |||
| resource "digitalocean_ssh_key" "collin_doering" { | |||
| name = "yubikey" | |||
| public_key = "${file("/home/collin/.ssh/id_rsa.pub")}" | |||
| } | |||
| resource "digitalocean_kubernetes_cluster" "this" { | |||
| name = var.name | |||
| region = var.region | |||
| version = var.k8s_version | |||
| tags = var.tags | |||
| node_pool { | |||
| name = "default-pool" | |||
| size = var.node_size | |||
| node_count = var.node_count | |||
| tags = var.node_tags | |||
| } | |||
| } | |||
| resource "kubernetes_service_account" "admin_user" { | |||
| metadata { | |||
| name = var.admin_user_name | |||
| namespace = "kube-system" | |||
| } | |||
| } | |||
| resource "kubernetes_cluster_role_binding" "admin_user" { | |||
| metadata { | |||
| name = var.admin_user_name | |||
| } | |||
| role_ref { | |||
| kind = "ClusterRole" | |||
| name = "cluster-admin" | |||
| api_group = "rbac.authorization.k8s.io" | |||
| } | |||
| subject { | |||
| kind = "ServiceAccount" | |||
| name = var.admin_user_name | |||
| namespace = "kube-system" | |||
| } | |||
| } | |||
| resource "helm_release" "kubernetes_dashboard" { | |||
| name = "kubernetes-dashboard" | |||
| chart = "stable/kubernetes-dashboard" | |||
| namespace = "kube-system" | |||
| } | |||
| data "helm_repository" "istio" { | |||
| name = "istio.io" | |||
| url = "https://storage.googleapis.com/istio-release/releases/1.2.5/charts/" | |||
| } | |||
| resource "helm_release" "istio_init" { | |||
| name = "istio-init" | |||
| repository = data.helm_repository.istio.metadata.0.name | |||
| chart = "istio.io/istio-init" | |||
| namespace = "istio-system" | |||
| provisioner "local-exec" { | |||
| command = "sleep 3m" | |||
| } | |||
| } | |||
| resource "helm_release" "istio" { | |||
| name = "istio" | |||
| repository = data.helm_repository.istio.metadata.0.name | |||
| chart = "istio.io/istio" | |||
| namespace = "istio-system" | |||
| depends_on = [helm_release.istio_init] | |||
| } | |||
+ 0
- 0
outputs.tf
View File
+ 40
- 0
variables.tf
View File
| @ -0,0 +1,40 @@ | |||
| variable "name" { | |||
| description = "A name for the Kubernetes cluster." | |||
| } | |||
| variable "k8s_version" { | |||
| description = "The slug identifier for the version of Kubernetes used for the cluster." | |||
| default = "1.14.4-do.0" | |||
| } | |||
| variable "region" { | |||
| description = "The slug identifier for the region where the Kubernetes cluster will be created." | |||
| default = "nyc1" | |||
| } | |||
| variable "tags" { | |||
| description = "A list of tag names to be applied to the Kubernetes cluster." | |||
| type = list(string) | |||
| default = [] | |||
| } | |||
| variable "node_count" { | |||
| description = "The number of Droplet instances in the node pool." | |||
| default = 3 | |||
| } | |||
| variable "node_size" { | |||
| description = "The slug identifier for the type of Droplet to be used as workers in the node pool." | |||
| default = "s-2vcpu-2gb" | |||
| } | |||
| variable "node_tags" { | |||
| description = "A list of tag names to be applied to the Kubernetes cluster nodes." | |||
| type = list(string) | |||
| default = [] | |||
| } | |||
| variable "admin_user_name" { | |||
| description = "The service account name in kube-system used for administrative purposes." | |||
| default = "admin" | |||
| } | |||