infrastructure/k8s.tjo.cloud/gateway.tf

149 lines
3.3 KiB
Terraform
Raw Normal View History

resource "kubernetes_secret" "digitalocean-token" {
metadata {
name = "digitalocean-token"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
}
data = {
token = var.digitalocean_token
}
}
resource "helm_release" "cert-manager" {
2024-07-19 20:48:07 +00:00
depends_on = [helm_release.envoy]
name = "cert-manager"
chart = "cert-manager"
repository = "https://charts.jetstack.io"
version = "v1.15.1"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
set {
name = "crds.enabled"
value = true
}
set_list {
name = "extraArgs"
value = ["--enable-gateway-api"]
}
}
resource "kubernetes_manifest" "tjo-cloud-issuer" {
2024-07-19 20:48:07 +00:00
depends_on = [helm_release.cert-manager]
manifest = {
apiVersion = "cert-manager.io/v1"
kind = "Issuer"
metadata = {
name = "tjo-cloud"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
}
spec = {
acme = {
email = "tine@tjo.space"
server = "https://acme-staging-v02.api.letsencrypt.org/directory"
privateKeySecretRef = {
name = "tjo-cloud-acme-account"
}
solvers = [
{
dns01 = {
digitalocean = {
tokenSecretRef = {
name = kubernetes_secret.digitalocean-token.metadata[0].name
key = "token"
}
}
}
}
]
}
}
}
}
resource "helm_release" "envoy" {
name = "envoy"
chart = "gateway-helm"
repository = "oci://docker.io/envoyproxy"
version = "v1.1.0-rc.1"
namespace = "kube-system"
values = [
yamlencode({
config = {
envoyGateway = {
provider = {
type = "Kubernetes"
kubernetes = {
envoyDaemonSet = {}
envoyDeployment = null
}
}
gateway = {
controllerName = "gateway.envoyproxy.io/gatewayclass-controller"
}
logging = {
level = {
default = "info"
}
}
}
}
})
]
}
2024-07-19 20:48:07 +00:00
resource "kubernetes_manifest" "gateway_class" {
depends_on = [helm_release.envoy]
manifest = {
apiVersion = "gateway.networking.k8s.io/v1"
kind = "GatewayClass"
metadata = {
name = "envoy"
}
spec = {
controllerName : "gateway.envoyproxy.io/gatewayclass-controller"
}
}
}
resource "kubernetes_manifest" "gateway" {
manifest = {
apiVersion = "gateway.networking.k8s.io/v1"
kind = "Gateway"
metadata = {
name = "gateway"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
annotations = {
"cert-manager.io/issuer" : "tjo-cloud"
}
}
spec = {
2024-07-19 20:48:07 +00:00
gatewayClassName = kubernetes_manifest.gateway_class.object.metadata.name
listeners = [
{
name : "http"
hostname : "*.${module.cluster.name}.${module.cluster.domain}"
protocol : "HTTPS"
port : 443
allowedRoutes : {
namespaces : {
from : "Same"
}
}
tls : {
mode : "Terminate"
certificateRefs : [
{
name : "tjo-cloud-tls"
}
]
}
}
]
}
}
}