infrastructure/k8s.tjo.cloud/terraform.tf

terraform {
  required_providers {
    proxmox = {
      source  = "bpg/proxmox"
      version = "0.61.1"
    }
    talos = {
      source  = "siderolabs/talos"
      version = "0.5.0"
    }
    local = {
      source  = "hashicorp/local"
      version = "1.4.0"
    }
    digitalocean = {
      source  = "digitalocean/digitalocean"
      version = "~> 2.0"
    }
    random = {
      source  = "hashicorp/random"
      version = "3.6.2"
    }
    helm = {
      source  = "hashicorp/helm"
      version = "2.14.0"
    }
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "2.31.0"
    }
    tailscale = {
      source  = "tailscale/tailscale"
      version = "0.16.1"
    }
  }

  required_version = "~> 1.7.3"
}

provider "proxmox" {
  # FIXME: Traefik/NGINX breaks this! 500 ERROR
  endpoint  = "https://178.63.49.225:8006/api2/json"
  insecure  = true
  api_token = var.proxmox_token
  ssh {
    agent    = true
    username = "root"
  }
}

provider "digitalocean" {
  token = var.digitalocean_token
}

provider "tailscale" {
  api_key = var.tailscale_apikey
}

provider "helm" {
  alias = "template"
}

provider "helm" {
  kubernetes {
    host                   = module.cluster.api.internal.endpoint
    cluster_ca_certificate = base64decode(module.cluster.api.ca)
    exec {
      api_version = "client.authentication.k8s.io/v1beta1"
      command     = "kubectl"
      args = [
        "oidc-login",
        "get-token",
        "--oidc-issuer-url", var.oidc_issuer_url,
        "--oidc-client-id", var.oidc_client_id,
        "--oidc-extra-scope", "profile",
        "--grant-type", "password",
        "--username", var.oidc_username,
        "--password", var.oidc_password,
      ]
    }
  }
}

provider "kubernetes" {
  host                   = module.cluster.api.internal.endpoint
  cluster_ca_certificate = base64decode(module.cluster.api.ca)
  exec {
    api_version = "client.authentication.k8s.io/v1beta1"
    command     = "kubectl"
    args = [
      "oidc-login",
      "get-token",
      "--oidc-issuer-url", var.oidc_issuer_url,
      "--oidc-client-id", var.oidc_client_id,
      "--oidc-extra-scope", "profile",
      "--grant-type", "password",
      "--username", var.oidc_username,
      "--password", var.oidc_password,
    ]
  }
}
feat: initial terraform 2024-07-08 20:27:08 +00:00			`terraform {`
			`required_providers {`
			`proxmox = {`
refactor: use different proxmox provider, figure out nocloud bootstrap 2024-07-17 19:43:11 +00:00			`source = "bpg/proxmox"`
			`version = "0.61.1"`
feat: initial terraform 2024-07-08 20:27:08 +00:00			`}`
			`talos = {`
			`source = "siderolabs/talos"`
			`version = "0.5.0"`
			`}`
			`local = {`
			`source = "hashicorp/local"`
			`version = "1.4.0"`
			`}`
			`digitalocean = {`
			`source = "digitalocean/digitalocean"`
			`version = "~> 2.0"`
			`}`
			`random = {`
			`source = "hashicorp/random"`
			`version = "3.6.2"`
			`}`
			`helm = {`
			`source = "hashicorp/helm"`
			`version = "2.14.0"`
			`}`
feat: trying to make cilium work 2024-07-10 21:13:36 +00:00			`kubernetes = {`
			`source = "hashicorp/kubernetes"`
			`version = "2.31.0"`
			`}`
feat: prototyping new ingress setup 2024-08-02 20:10:21 +00:00			`tailscale = {`
			`source = "tailscale/tailscale"`
			`version = "0.16.1"`
			`}`
feat: initial terraform 2024-07-08 20:27:08 +00:00			`}`
feat: lint 2024-07-25 15:42:08 +00:00
			`required_version = "~> 1.7.3"`
feat: initial terraform 2024-07-08 20:27:08 +00:00			`}`

			`provider "proxmox" {`
			`# FIXME: Traefik/NGINX breaks this! 500 ERROR`
refactor: use different proxmox provider, figure out nocloud bootstrap 2024-07-17 19:43:11 +00:00			`endpoint = "https://178.63.49.225:8006/api2/json"`
			`insecure = true`
			`api_token = var.proxmox_token`
			`ssh {`
			`agent = true`
			`username = "root"`
			`}`
feat: initial terraform 2024-07-08 20:27:08 +00:00			`}`

			`provider "digitalocean" {`
feat: work done, but using wrong talos image, should use nocloud version not metal 2024-07-16 19:13:04 +00:00			`token = var.digitalocean_token`
feat: initial terraform 2024-07-08 20:27:08 +00:00			`}`

feat: prototyping new ingress setup 2024-08-02 20:10:21 +00:00			`provider "tailscale" {`
			`api_key = var.tailscale_apikey`
			`}`

feat: progress... 2024-07-13 22:17:47 +00:00			`provider "helm" {`
			`alias = "template"`
			`}`

feat: initial terraform 2024-07-08 20:27:08 +00:00			`provider "helm" {`
			`kubernetes {`
feat: wip 2024-08-04 17:50:50 +00:00			`host = module.cluster.api.internal.endpoint`
feat: folder structure change 2024-07-14 10:19:37 +00:00			`cluster_ca_certificate = base64decode(module.cluster.api.ca)`
feat: progress... 2024-07-13 22:17:47 +00:00			`exec {`
			`api_version = "client.authentication.k8s.io/v1beta1"`
			`command = "kubectl"`
			`args = [`
			`"oidc-login",`
			`"get-token",`
			`"--oidc-issuer-url", var.oidc_issuer_url,`
			`"--oidc-client-id", var.oidc_client_id,`
			`"--oidc-extra-scope", "profile",`
			`"--grant-type", "password",`
			`"--username", var.oidc_username,`
			`"--password", var.oidc_password,`
			`]`
			`}`
			`}`
			`}`

			`provider "kubernetes" {`
feat: wip 2024-08-04 17:50:50 +00:00			`host = module.cluster.api.internal.endpoint`
feat: folder structure change 2024-07-14 10:19:37 +00:00			`cluster_ca_certificate = base64decode(module.cluster.api.ca)`
feat: progress... 2024-07-13 22:17:47 +00:00			`exec {`
			`api_version = "client.authentication.k8s.io/v1beta1"`
			`command = "kubectl"`
			`args = [`
			`"oidc-login",`
			`"get-token",`
			`"--oidc-issuer-url", var.oidc_issuer_url,`
			`"--oidc-client-id", var.oidc_client_id,`
			`"--oidc-extra-scope", "profile",`
			`"--grant-type", "password",`
			`"--username", var.oidc_username,`
			`"--password", var.oidc_password,`
			`]`
feat: initial terraform 2024-07-08 20:27:08 +00:00			`}`
			`}`