|
|
@@ -0,0 +1,102 @@ |
|
|
|
terraform { |
|
|
|
required_version = "~> 0.12" |
|
|
|
} |
|
|
|
|
|
|
|
provider "digitalocean" { |
|
|
|
version = "~> 1.7" |
|
|
|
} |
|
|
|
|
|
|
|
provider "kubernetes" { |
|
|
|
version = "~> 1.9" |
|
|
|
|
|
|
|
host = "${digitalocean_kubernetes_cluster.this.endpoint}" |
|
|
|
|
|
|
|
client_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_certificate) |
|
|
|
client_key = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_key) |
|
|
|
cluster_ca_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.cluster_ca_certificate) |
|
|
|
} |
|
|
|
|
|
|
|
provider "helm" { |
|
|
|
version = "~> 0.10" |
|
|
|
|
|
|
|
kubernetes { |
|
|
|
host = "${digitalocean_kubernetes_cluster.this.endpoint}" |
|
|
|
|
|
|
|
client_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_certificate) |
|
|
|
client_key = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_key) |
|
|
|
cluster_ca_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.cluster_ca_certificate) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
resource "digitalocean_ssh_key" "collin_doering" { |
|
|
|
name = "yubikey" |
|
|
|
public_key = "${file("/home/collin/.ssh/id_rsa.pub")}" |
|
|
|
} |
|
|
|
|
|
|
|
resource "digitalocean_kubernetes_cluster" "this" { |
|
|
|
name = var.name |
|
|
|
region = var.region |
|
|
|
version = var.k8s_version |
|
|
|
tags = var.tags |
|
|
|
|
|
|
|
node_pool { |
|
|
|
name = "default-pool" |
|
|
|
size = var.node_size |
|
|
|
node_count = var.node_count |
|
|
|
tags = var.node_tags |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
resource "kubernetes_service_account" "admin_user" { |
|
|
|
metadata { |
|
|
|
name = var.admin_user_name |
|
|
|
namespace = "kube-system" |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
resource "kubernetes_cluster_role_binding" "admin_user" { |
|
|
|
metadata { |
|
|
|
name = var.admin_user_name |
|
|
|
} |
|
|
|
role_ref { |
|
|
|
kind = "ClusterRole" |
|
|
|
name = "cluster-admin" |
|
|
|
api_group = "rbac.authorization.k8s.io" |
|
|
|
} |
|
|
|
subject { |
|
|
|
kind = "ServiceAccount" |
|
|
|
name = var.admin_user_name |
|
|
|
namespace = "kube-system" |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
resource "helm_release" "kubernetes_dashboard" { |
|
|
|
name = "kubernetes-dashboard" |
|
|
|
chart = "stable/kubernetes-dashboard" |
|
|
|
namespace = "kube-system" |
|
|
|
} |
|
|
|
|
|
|
|
data "helm_repository" "istio" { |
|
|
|
name = "istio.io" |
|
|
|
url = "https://storage.googleapis.com/istio-release/releases/1.2.5/charts/" |
|
|
|
} |
|
|
|
|
|
|
|
resource "helm_release" "istio_init" { |
|
|
|
name = "istio-init" |
|
|
|
repository = data.helm_repository.istio.metadata.0.name |
|
|
|
chart = "istio.io/istio-init" |
|
|
|
namespace = "istio-system" |
|
|
|
|
|
|
|
provisioner "local-exec" { |
|
|
|
command = "sleep 3m" |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
resource "helm_release" "istio" { |
|
|
|
name = "istio" |
|
|
|
repository = data.helm_repository.istio.metadata.0.name |
|
|
|
chart = "istio.io/istio" |
|
|
|
namespace = "istio-system" |
|
|
|
|
|
|
|
depends_on = [helm_release.istio_init] |
|
|
|
} |