tjo-cloud/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: external dns

Browse source
This commit is contained in:
Tine 2024-07-14 13:37:57 +02:00
parent dfd7e36eec
commit be87c09560
Signed by: mentos1386
SSH key fingerprint: SHA256:MNtTsLbihYaWF8j1fkOHfkKNlnN1JQfxEU/rBU8nCGw
3 changed files with 127 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
clusters/pink/kubeconfig
View file

@ -4,7 +4,7 @@ clusters:
- name: pink
cluster:
server: https://api.pink.k8s.tjo.cloud:6443
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpakNDQVRDZ0F3SUJBZ0lSQVBPU2NEaVZVUGNmRkI1OXl3cE1rQmt3Q2dZSUtvWkl6ajBFQXdJd0ZURVQKTUJFR0ExVUVDaE1LYTNWaVpYSnVaWFJsY3pBZUZ3MHlOREEzTVRReE1ERXhORGxhRncwek5EQTNNVEl4TURFeApORGxhTUJVeEV6QVJCZ05WQkFvVENtdDFZbVZ5Ym1WMFpYTXdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CCkJ3TkNBQVFpa1Y0cVVyVFY5WW1VUzRQZGp5UWhnYkgxaHNNWTlVK0RVVFdWU1pqaGFsRkZuWjBLYTFkMUtGTkoKSFRSa3psdW9va3kxK3JZRkhLejM4SFpqczVIaG8yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPCkJCWUVGS1VSWnVWTUlHcHhqRFNKdC80OVBTSDZUSzBmTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDSUFKZXVSdEMKYkR3VGhLSDBYV0hid3YveDV6clJhU2ZhRi9sSnVqcGY3bTMwQWlFQWxyTkx3L056dXFRQmorcnozbXVBdW5ZSAp5NzNNVm9zakRQOTJ2RWo5clBZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpakNDQVRDZ0F3SUJBZ0lSQU9vTSthdnlEZkN1THc4TVptRnFnNll3Q2dZSUtvWkl6ajBFQXdJd0ZURVQKTUJFR0ExVUVDaE1LYTNWaVpYSnVaWFJsY3pBZUZ3MHlOREEzTVRReE1UQTFNRGRhRncwek5EQTNNVEl4TVRBMQpNRGRhTUJVeEV6QVJCZ05WQkFvVENtdDFZbVZ5Ym1WMFpYTXdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CCkJ3TkNBQVNEU3JVdUk1RFRxMHR4MkM4SmJHWmsvZXJlU0dlQU1tUzgzcE9RZklMbEFaMWE1NjJ4MnZobi9lMHYKWHQ0NmJFbzQ3QWttTlh3eEFNTExSRmkrYjF5V28yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPCkJCWUVGSGNLNFBEZHNSMmxnbHdRZmUwN2c3L0gralpGTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDSVFERm1qeTkKcm4yVXpUN1hTL1pUZW5nbHpIZC9OOFZHU1JIQlQzV0xCbkpZendJZ0hKMFdEd1NoOGJQTHpvSzNxSkNjVDlmQgp1ZmZ0U0ZMVHdhdkNvdmF6Y09BPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
contexts:
- name: oidc@pink
context:

131
clusters/pink/kubernetes.tf
View file

@ -78,18 +78,107 @@ resource "kubernetes_manifest" "hetzner-nodes-as-loadbalancers" {
}
}
# TODO: Certmanager, externaldns...
resource "kubernetes_namespace" "tjo-cloud" {
metadata {
name = "tjo-cloud"
}
}
resource "kubernetes_secret" "digitalocean-token" {
metadata {
name = "digitalocean-token"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
}
data = {
token = var.digitalocean_token
}
}
resource "helm_release" "external-dns" {
name = "external-dns"
chart = "external-dns"
repository = "https://kubernetes-sigs.github.io/external-dns/"
version = "v1.14.5"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
set {
name = "namespaced"
value = "true"
}
set {
name = "provider"
value = "digitalocean"
}
set {
name = "env[0].name"
value = "DO_TOKEN"
}
set {
name = "env[0].valueFrom.secretKeyRef.name"
value = kubernetes_secret.digitalocean-token.metadata[0].name
}
set {
name = "env[0].valueFrom.secretKeyRef.key"
value = "token"
}
set_list {
name = "sources"
value = ["gateway-httproute", "gateway-tlsroute", "gateway-tcproute", "gateway-udproute", "ingress", "service"]
}
}
resource "helm_release" "cert-manager" {
name = "cert-manager"
chart = "cert-manager"
repository = "https://charts.jetstack.io"
version = "v1.15.1"
namespace = "kube-system"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
set {
name = "crds.enabled"
value = true
}
set_list {
name = "extraArgs"
value = ["--enable-gateway-api"]
}
}
resource "kubernetes_manifest" "tjo-cloud-issuer" {
manifest = {
apiVersion = "cert-manager.io/v1"
kind = "Issuer"
metadata = {
name = "tjo-cloud"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
}
spec = {
acme = {
email = "tine@tjo.space"
server = "https://acme-staging-v02.api.letsencrypt.org/directory"
privateKeySecretRef = {
name = "tjo-cloud-acme-account"
}
solvers = [
{
dns01 = {
digitalocean = {
tokenSecretRef = {
name = kubernetes_secret.digitalocean-token.metadata[0].name
key = "token"
}
}
}
}
]
}
}
}
}
resource "kubernetes_manifest" "gateway" {
@ -98,13 +187,33 @@ resource "kubernetes_manifest" "gateway" {
kind = "Gateway"
metadata = {
name = "gateway"
namespace = "kube-system"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
annotations = {
"cert-manager.io/issuer" : "tjo-cloud"
}
}
spec = {
gatewayClassName = "cilium"
listeners = [
{ name : "http", protocol : "HTTP", port : 80 },
{ name : "https", protocol : "HTTPS", port : 443 },
{
name : "http"
hostname : "*.${module.cluster.name}.${module.cluster.domain}"
protocol : "HTTPS"
port : 443
allowedRoutes : {
namespaces : {
from : "Same"
}
}
tls : {
mode : "Terminate"
certificateRefs : [
{
name : "tjo-cloud-tls"
}
]
}
}
]
}
}
@ -115,7 +224,7 @@ resource "helm_release" "dashboard" {
repository = "https://kubernetes.github.io/dashboard"
chart = "kubernetes-dashboard"
version = "7.5.0"
namespace = "kube-system"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
}
resource "kubernetes_manifest" "dashoard-http-route" {
@ -128,11 +237,13 @@ resource "kubernetes_manifest" "dashoard-http-route" {
kind = "HTTPRoute"
metadata = {
name = "dashboard"
namespace = "kube-system"
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
}
spec = {
parentRefs = [
{ name : "gateway" }
{
name : "gateway"
}
]
hostnames = [
"dashboard.${module.cluster.name}.${module.cluster.domain}"
@ -149,8 +260,8 @@ resource "kubernetes_manifest" "dashoard-http-route" {
]
backendRefs = [
{
name : "kubernetes-dashboard-kong-proxy"
port : 443
name : "kubernetes-dashboard-web"
port : 8000
}
]
}

5
clusters/pink/variables.tf
View file

@ -19,3 +19,8 @@ variable "oidc_client_id" {
variable "oidc_issuer_url" {
type = string
}
variable "digitalocean_token" {
type = string
sensitive = true
}