From e76b43b31462328138c0c14608d8391667488d56 Mon Sep 17 00:00:00 2001
From: "Collin J. Doering" <collin@rekahsoft.ca>
Date: Tue, 3 Sep 2019 14:22:36 -0400
Subject: [PATCH] Initial implementation of DO k8s cluster deployment

Signed-off-by: Collin J. Doering <collin@rekahsoft.ca>
---
 README.md      |  19 +++++++++
 default.tfvars |   8 ++++
 main.tf        | 102 +++++++++++++++++++++++++++++++++++++++++++++++++
 outputs.tf     |   0
 variables.tf   |  40 +++++++++++++++++++
 5 files changed, 169 insertions(+)
 create mode 100644 default.tfvars
 create mode 100644 main.tf
 create mode 100644 outputs.tf
 create mode 100644 variables.tf

diff --git a/README.md b/README.md
index d375442..7acfb06 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,20 @@
 # Terraform DigitalOcean POC
+
+This is a proof of concept for deploying a kubernetes cluster on DigitalOcean that can be used
+as my personal compute platform.
+
+## Set DigitialOcean Token for use by terraform provider
+
+```shell
+export DIGITALOCEAN_TOKEN="$(yq -r '."access-token"' ~/.config/doctl/config.yaml)"
+```
+
+## Deploy
+
+```shell
+terraform init
+terraform plan --var-file=default.tfvars --out out.plan
+terraform apply out.plan
+```
+
+Note: Currently no remote state is used for this project
diff --git a/default.tfvars b/default.tfvars
new file mode 100644
index 0000000..016cc43
--- /dev/null
+++ b/default.tfvars
@@ -0,0 +1,8 @@
+name            = "rekahsoft"
+k8s_version     = "1.15.3-do.1"
+region          = "tor1"
+tags            = []
+node_count      = 3
+node_size       = "s-2vcpu-4gb"
+node_tags       = []
+admin_user_name = "admin"
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..4b85ab2
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,102 @@
+terraform {
+  required_version = "~> 0.12"
+}
+
+provider "digitalocean" {
+  version = "~> 1.7"
+}
+
+provider "kubernetes" {
+  version = "~> 1.9"
+
+  host = "${digitalocean_kubernetes_cluster.this.endpoint}"
+
+  client_certificate     = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_certificate)
+  client_key             = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_key)
+  cluster_ca_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.cluster_ca_certificate)
+}
+
+provider "helm" {
+  version = "~> 0.10"
+
+  kubernetes {
+    host = "${digitalocean_kubernetes_cluster.this.endpoint}"
+
+    client_certificate     = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_certificate)
+    client_key             = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_key)
+    cluster_ca_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.cluster_ca_certificate)
+  }
+}
+
+resource "digitalocean_ssh_key" "collin_doering" {
+  name       = "yubikey"
+  public_key = "${file("/home/collin/.ssh/id_rsa.pub")}"
+}
+
+resource "digitalocean_kubernetes_cluster" "this" {
+  name    = var.name
+  region  = var.region
+  version = var.k8s_version
+  tags    = var.tags
+
+  node_pool {
+    name       = "default-pool"
+    size       = var.node_size
+    node_count = var.node_count
+    tags       = var.node_tags
+  }
+}
+
+resource "kubernetes_service_account" "admin_user" {
+  metadata {
+    name      = var.admin_user_name
+    namespace = "kube-system"
+  }
+}
+
+resource "kubernetes_cluster_role_binding" "admin_user" {
+  metadata {
+    name = var.admin_user_name
+  }
+  role_ref {
+    kind      = "ClusterRole"
+    name      = "cluster-admin"
+    api_group = "rbac.authorization.k8s.io"
+  }
+  subject {
+    kind      = "ServiceAccount"
+    name      = var.admin_user_name
+    namespace = "kube-system"
+  }
+}
+
+resource "helm_release" "kubernetes_dashboard" {
+  name      = "kubernetes-dashboard"
+  chart     = "stable/kubernetes-dashboard"
+  namespace = "kube-system"
+}
+
+data "helm_repository" "istio" {
+  name = "istio.io"
+  url  = "https://storage.googleapis.com/istio-release/releases/1.2.5/charts/"
+}
+
+resource "helm_release" "istio_init" {
+  name       = "istio-init"
+  repository = data.helm_repository.istio.metadata.0.name
+  chart      = "istio.io/istio-init"
+  namespace  = "istio-system"
+
+  provisioner "local-exec" {
+    command = "sleep 3m"
+  }
+}
+
+resource "helm_release" "istio" {
+  name       = "istio"
+  repository = data.helm_repository.istio.metadata.0.name
+  chart      = "istio.io/istio"
+  namespace  = "istio-system"
+
+  depends_on = [helm_release.istio_init]
+}
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000..e69de29
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..5dbe0c6
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,40 @@
+variable "name" {
+  description = "A name for the Kubernetes cluster."
+}
+
+variable "k8s_version" {
+  description = "The slug identifier for the version of Kubernetes used for the cluster."
+  default     = "1.14.4-do.0"
+}
+
+variable "region" {
+  description = "The slug identifier for the region where the Kubernetes cluster will be created."
+  default     = "nyc1"
+}
+
+variable "tags" {
+  description = "A list of tag names to be applied to the Kubernetes cluster."
+  type        = list(string)
+  default     = []
+}
+
+variable "node_count" {
+  description = "The number of Droplet instances in the node pool."
+  default     = 3
+}
+
+variable "node_size" {
+  description = "The slug identifier for the type of Droplet to be used as workers in the node pool."
+  default     = "s-2vcpu-2gb"
+}
+
+variable "node_tags" {
+  description = "A list of tag names to be applied to the Kubernetes cluster nodes."
+  type        = list(string)
+  default     = []
+}
+
+variable "admin_user_name" {
+  description = "The service account name in kube-system used for administrative purposes."
+  default     = "admin"
+}