terraform {
  required_version = "~> 0.12"
}

provider "digitalocean" {
  version = "~> 1.7"
}

provider "kubernetes" {
  version = "~> 1.9"

  host = "${digitalocean_kubernetes_cluster.this.endpoint}"

  client_certificate     = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_certificate)
  client_key             = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_key)
  cluster_ca_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.cluster_ca_certificate)
}

provider "helm" {
  version = "~> 0.10"

  kubernetes {
    host = "${digitalocean_kubernetes_cluster.this.endpoint}"

    client_certificate     = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_certificate)
    client_key             = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.client_key)
    cluster_ca_certificate = base64decode(digitalocean_kubernetes_cluster.this.kube_config.0.cluster_ca_certificate)
  }
}

resource "digitalocean_ssh_key" "collin_doering" {
  name       = "yubikey"
  public_key = "${file("/home/collin/.ssh/id_rsa.pub")}"
}

resource "digitalocean_kubernetes_cluster" "this" {
  name    = var.name
  region  = var.region
  version = var.k8s_version
  tags    = var.tags

  node_pool {
    name       = "default-pool"
    size       = var.node_size
    node_count = var.node_count
    tags       = var.node_tags
  }
}

resource "kubernetes_service_account" "admin_user" {
  metadata {
    name      = var.admin_user_name
    namespace = "kube-system"
  }
}

resource "kubernetes_cluster_role_binding" "admin_user" {
  metadata {
    name = var.admin_user_name
  }
  role_ref {
    kind      = "ClusterRole"
    name      = "cluster-admin"
    api_group = "rbac.authorization.k8s.io"
  }
  subject {
    kind      = "ServiceAccount"
    name      = var.admin_user_name
    namespace = "kube-system"
  }
}

resource "helm_release" "kubernetes_dashboard" {
  name      = "kubernetes-dashboard"
  chart     = "stable/kubernetes-dashboard"
  namespace = "kube-system"
}

data "helm_repository" "istio" {
  name = "istio.io"
  url  = "https://storage.googleapis.com/istio-release/releases/1.2.5/charts/"
}

resource "helm_release" "istio_init" {
  name       = "istio-init"
  repository = data.helm_repository.istio.metadata.0.name
  chart      = "istio.io/istio-init"
  namespace  = "istio-system"

  provisioner "local-exec" {
    command = "sleep 3m"
  }
}

resource "helm_release" "istio" {
  name       = "istio"
  repository = data.helm_repository.istio.metadata.0.name
  chart      = "istio.io/istio"
  namespace  = "istio-system"

  depends_on = [helm_release.istio_init]
}