Initial implementation of DO k8s cluster deployment
Signed-off-by: Collin J. Doering <collin@rekahsoft.ca>
Cette révision appartient à :
Parent
508cf9e088
révision
e76b43b314
19
README.md
19
README.md
|
@ -1 +1,20 @@
|
|||
# Terraform DigitalOcean POC
|
||||
|
||||
This is a proof of concept for deploying a kubernetes cluster on DigitalOcean that can be used
|
||||
as my personal compute platform.
|
||||
|
||||
## Set DigitialOcean Token for use by terraform provider
|
||||
|
||||
```shell
|
||||
export DIGITALOCEAN_TOKEN="$(yq -r '."access-token"' ~/.config/doctl/config.yaml)"
|
||||
```
|
||||
|
||||
## Deploy
|
||||
|
||||
```shell
|
||||
terraform init
|
||||
terraform plan --var-file=default.tfvars --out out.plan
|
||||
terraform apply out.plan
|
||||
```
|
||||
|
||||
Note: Currently no remote state is used for this project
|
||||
|
|
|
@ -0,0 +1,8 @@
|
|||
name = "rekahsoft"
|
||||
k8s_version = "1.15.3-do.1"
|
||||
region = "tor1"
|
||||
tags = []
|
||||
node_count = 3
|
||||
node_size = "s-2vcpu-4gb"
|
||||
node_tags = []
|
||||
admin_user_name = "admin"
|
|
@ -0,0 +1,102 @@
|
|||
terraform {
|
||||
required_version = "~> 0.12"
|
||||
}
|
||||
|
||||
provider "digitalocean" {
|
||||
version = "~> 1.7"
|
||||
}
|
||||
|
||||
provider "kubernetes" {
|
||||
version = "~> 1.9"
|
||||
|
||||
host = "${digitalocean_kubernetes_cluster.this.endpoint}"
|
||||
|
||||
client_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_certificate)
|
||||
client_key = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_key)
|
||||
cluster_ca_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.cluster_ca_certificate)
|
||||
}
|
||||
|
||||
provider "helm" {
|
||||
version = "~> 0.10"
|
||||
|
||||
kubernetes {
|
||||
host = "${digitalocean_kubernetes_cluster.this.endpoint}"
|
||||
|
||||
client_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_certificate)
|
||||
client_key = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_key)
|
||||
cluster_ca_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.cluster_ca_certificate)
|
||||
}
|
||||
}
|
||||
|
||||
resource "digitalocean_ssh_key" "collin_doering" {
|
||||
name = "yubikey"
|
||||
public_key = "${file("/home/collin/.ssh/id_rsa.pub")}"
|
||||
}
|
||||
|
||||
resource "digitalocean_kubernetes_cluster" "this" {
|
||||
name = var.name
|
||||
region = var.region
|
||||
version = var.k8s_version
|
||||
tags = var.tags
|
||||
|
||||
node_pool {
|
||||
name = "default-pool"
|
||||
size = var.node_size
|
||||
node_count = var.node_count
|
||||
tags = var.node_tags
|
||||
}
|
||||
}
|
||||
|
||||
resource "kubernetes_service_account" "admin_user" {
|
||||
metadata {
|
||||
name = var.admin_user_name
|
||||
namespace = "kube-system"
|
||||
}
|
||||
}
|
||||
|
||||
resource "kubernetes_cluster_role_binding" "admin_user" {
|
||||
metadata {
|
||||
name = var.admin_user_name
|
||||
}
|
||||
role_ref {
|
||||
kind = "ClusterRole"
|
||||
name = "cluster-admin"
|
||||
api_group = "rbac.authorization.k8s.io"
|
||||
}
|
||||
subject {
|
||||
kind = "ServiceAccount"
|
||||
name = var.admin_user_name
|
||||
namespace = "kube-system"
|
||||
}
|
||||
}
|
||||
|
||||
resource "helm_release" "kubernetes_dashboard" {
|
||||
name = "kubernetes-dashboard"
|
||||
chart = "stable/kubernetes-dashboard"
|
||||
namespace = "kube-system"
|
||||
}
|
||||
|
||||
data "helm_repository" "istio" {
|
||||
name = "istio.io"
|
||||
url = "https://storage.googleapis.com/istio-release/releases/1.2.5/charts/"
|
||||
}
|
||||
|
||||
resource "helm_release" "istio_init" {
|
||||
name = "istio-init"
|
||||
repository = data.helm_repository.istio.metadata.0.name
|
||||
chart = "istio.io/istio-init"
|
||||
namespace = "istio-system"
|
||||
|
||||
provisioner "local-exec" {
|
||||
command = "sleep 3m"
|
||||
}
|
||||
}
|
||||
|
||||
resource "helm_release" "istio" {
|
||||
name = "istio"
|
||||
repository = data.helm_repository.istio.metadata.0.name
|
||||
chart = "istio.io/istio"
|
||||
namespace = "istio-system"
|
||||
|
||||
depends_on = [helm_release.istio_init]
|
||||
}
|
|
@ -0,0 +1,40 @@
|
|||
variable "name" {
|
||||
description = "A name for the Kubernetes cluster."
|
||||
}
|
||||
|
||||
variable "k8s_version" {
|
||||
description = "The slug identifier for the version of Kubernetes used for the cluster."
|
||||
default = "1.14.4-do.0"
|
||||
}
|
||||
|
||||
variable "region" {
|
||||
description = "The slug identifier for the region where the Kubernetes cluster will be created."
|
||||
default = "nyc1"
|
||||
}
|
||||
|
||||
variable "tags" {
|
||||
description = "A list of tag names to be applied to the Kubernetes cluster."
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "node_count" {
|
||||
description = "The number of Droplet instances in the node pool."
|
||||
default = 3
|
||||
}
|
||||
|
||||
variable "node_size" {
|
||||
description = "The slug identifier for the type of Droplet to be used as workers in the node pool."
|
||||
default = "s-2vcpu-2gb"
|
||||
}
|
||||
|
||||
variable "node_tags" {
|
||||
description = "A list of tag names to be applied to the Kubernetes cluster nodes."
|
||||
type = list(string)
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "admin_user_name" {
|
||||
description = "The service account name in kube-system used for administrative purposes."
|
||||
default = "admin"
|
||||
}
|
Chargement…
Référencer dans un nouveau ticket