Browse Source

Initial implementation of DO k8s cluster deployment

Signed-off-by: Collin J. Doering <collin@rekahsoft.ca>
master
Collin J. Doering 2 years ago
parent
commit
e76b43b314
Signed by: rekahsoft GPG Key ID: 7B4DEB93212B3022
5 changed files with 169 additions and 0 deletions
  1. +19
    -0
      README.md
  2. +8
    -0
      default.tfvars
  3. +102
    -0
      main.tf
  4. +0
    -0
      outputs.tf
  5. +40
    -0
      variables.tf

+ 19
- 0
README.md View File

@ -1 +1,20 @@
# Terraform DigitalOcean POC
This is a proof of concept for deploying a kubernetes cluster on DigitalOcean that can be used
as my personal compute platform.
## Set DigitialOcean Token for use by terraform provider
```shell
export DIGITALOCEAN_TOKEN="$(yq -r '."access-token"' ~/.config/doctl/config.yaml)"
```
## Deploy
```shell
terraform init
terraform plan --var-file=default.tfvars --out out.plan
terraform apply out.plan
```
Note: Currently no remote state is used for this project

+ 8
- 0
default.tfvars View File

@ -0,0 +1,8 @@
name = "rekahsoft"
k8s_version = "1.15.3-do.1"
region = "tor1"
tags = []
node_count = 3
node_size = "s-2vcpu-4gb"
node_tags = []
admin_user_name = "admin"

+ 102
- 0
main.tf View File

@ -0,0 +1,102 @@
terraform {
required_version = "~> 0.12"
}
provider "digitalocean" {
version = "~> 1.7"
}
provider "kubernetes" {
version = "~> 1.9"
host = "${digitalocean_kubernetes_cluster.this.endpoint}"
client_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_certificate)
client_key = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_key)
cluster_ca_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.cluster_ca_certificate)
}
provider "helm" {
version = "~> 0.10"
kubernetes {
host = "${digitalocean_kubernetes_cluster.this.endpoint}"
client_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_certificate)
client_key = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_key)
cluster_ca_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.cluster_ca_certificate)
}
}
resource "digitalocean_ssh_key" "collin_doering" {
name = "yubikey"
public_key = "${file("/home/collin/.ssh/id_rsa.pub")}"
}
resource "digitalocean_kubernetes_cluster" "this" {
name = var.name
region = var.region
version = var.k8s_version
tags = var.tags
node_pool {
name = "default-pool"
size = var.node_size
node_count = var.node_count
tags = var.node_tags
}
}
resource "kubernetes_service_account" "admin_user" {
metadata {
name = var.admin_user_name
namespace = "kube-system"
}
}
resource "kubernetes_cluster_role_binding" "admin_user" {
metadata {
name = var.admin_user_name
}
role_ref {
kind = "ClusterRole"
name = "cluster-admin"
api_group = "rbac.authorization.k8s.io"
}
subject {
kind = "ServiceAccount"
name = var.admin_user_name
namespace = "kube-system"
}
}
resource "helm_release" "kubernetes_dashboard" {
name = "kubernetes-dashboard"
chart = "stable/kubernetes-dashboard"
namespace = "kube-system"
}
data "helm_repository" "istio" {
name = "istio.io"
url = "https://storage.googleapis.com/istio-release/releases/1.2.5/charts/"
}
resource "helm_release" "istio_init" {
name = "istio-init"
repository = data.helm_repository.istio.metadata.0.name
chart = "istio.io/istio-init"
namespace = "istio-system"
provisioner "local-exec" {
command = "sleep 3m"
}
}
resource "helm_release" "istio" {
name = "istio"
repository = data.helm_repository.istio.metadata.0.name
chart = "istio.io/istio"
namespace = "istio-system"
depends_on = [helm_release.istio_init]
}

+ 0
- 0
outputs.tf View File


+ 40
- 0
variables.tf View File

@ -0,0 +1,40 @@
variable "name" {
description = "A name for the Kubernetes cluster."
}
variable "k8s_version" {
description = "The slug identifier for the version of Kubernetes used for the cluster."
default = "1.14.4-do.0"
}
variable "region" {
description = "The slug identifier for the region where the Kubernetes cluster will be created."
default = "nyc1"
}
variable "tags" {
description = "A list of tag names to be applied to the Kubernetes cluster."
type = list(string)
default = []
}
variable "node_count" {
description = "The number of Droplet instances in the node pool."
default = 3
}
variable "node_size" {
description = "The slug identifier for the type of Droplet to be used as workers in the node pool."
default = "s-2vcpu-2gb"
}
variable "node_tags" {
description = "A list of tag names to be applied to the Kubernetes cluster nodes."
type = list(string)
default = []
}
variable "admin_user_name" {
description = "The service account name in kube-system used for administrative purposes."
default = "admin"
}

Loading…
Cancel
Save