feat: external dns
This commit is contained in:
parent
dfd7e36eec
commit
be87c09560
SSH key fingerprint:
SHA256:MNtTsLbihYaWF8j1fkOHfkKNlnN1JQfxEU/rBU8nCGw
3 changed files with 127 additions and 11 deletions
|
|
@ -4,7 +4,7 @@ clusters:
|
||||||
- name: pink
|
- name: pink
|
||||||
cluster:
|
cluster:
|
||||||
server: https://api.pink.k8s.tjo.cloud:6443
|
server: https://api.pink.k8s.tjo.cloud:6443
|
||||||
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpakNDQVRDZ0F3SUJBZ0lSQVBPU2NEaVZVUGNmRkI1OXl3cE1rQmt3Q2dZSUtvWkl6ajBFQXdJd0ZURVQKTUJFR0ExVUVDaE1LYTNWaVpYSnVaWFJsY3pBZUZ3MHlOREEzTVRReE1ERXhORGxhRncwek5EQTNNVEl4TURFeApORGxhTUJVeEV6QVJCZ05WQkFvVENtdDFZbVZ5Ym1WMFpYTXdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CCkJ3TkNBQVFpa1Y0cVVyVFY5WW1VUzRQZGp5UWhnYkgxaHNNWTlVK0RVVFdWU1pqaGFsRkZuWjBLYTFkMUtGTkoKSFRSa3psdW9va3kxK3JZRkhLejM4SFpqczVIaG8yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPCkJCWUVGS1VSWnVWTUlHcHhqRFNKdC80OVBTSDZUSzBmTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDSUFKZXVSdEMKYkR3VGhLSDBYV0hid3YveDV6clJhU2ZhRi9sSnVqcGY3bTMwQWlFQWxyTkx3L056dXFRQmorcnozbXVBdW5ZSAp5NzNNVm9zakRQOTJ2RWo5clBZPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
|
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpakNDQVRDZ0F3SUJBZ0lSQU9vTSthdnlEZkN1THc4TVptRnFnNll3Q2dZSUtvWkl6ajBFQXdJd0ZURVQKTUJFR0ExVUVDaE1LYTNWaVpYSnVaWFJsY3pBZUZ3MHlOREEzTVRReE1UQTFNRGRhRncwek5EQTNNVEl4TVRBMQpNRGRhTUJVeEV6QVJCZ05WQkFvVENtdDFZbVZ5Ym1WMFpYTXdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CCkJ3TkNBQVNEU3JVdUk1RFRxMHR4MkM4SmJHWmsvZXJlU0dlQU1tUzgzcE9RZklMbEFaMWE1NjJ4MnZobi9lMHYKWHQ0NmJFbzQ3QWttTlh3eEFNTExSRmkrYjF5V28yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPCkJCWUVGSGNLNFBEZHNSMmxnbHdRZmUwN2c3L0gralpGTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDSVFERm1qeTkKcm4yVXpUN1hTL1pUZW5nbHpIZC9OOFZHU1JIQlQzV0xCbkpZendJZ0hKMFdEd1NoOGJQTHpvSzNxSkNjVDlmQgp1ZmZ0U0ZMVHdhdkNvdmF6Y09BPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
|
||||||
contexts:
|
contexts:
|
||||||
- name: oidc@pink
|
- name: oidc@pink
|
||||||
context:
|
context:
|
||||||
|
|
|
||||||
|
|
@ -78,18 +78,107 @@ resource "kubernetes_manifest" "hetzner-nodes-as-loadbalancers" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# TODO: Certmanager, externaldns...
|
resource "kubernetes_namespace" "tjo-cloud" {
|
||||||
|
metadata {
|
||||||
|
name = "tjo-cloud"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "kubernetes_secret" "digitalocean-token" {
|
||||||
|
metadata {
|
||||||
|
name = "digitalocean-token"
|
||||||
|
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
|
||||||
|
}
|
||||||
|
data = {
|
||||||
|
token = var.digitalocean_token
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "helm_release" "external-dns" {
|
||||||
|
name = "external-dns"
|
||||||
|
chart = "external-dns"
|
||||||
|
repository = "https://kubernetes-sigs.github.io/external-dns/"
|
||||||
|
version = "v1.14.5"
|
||||||
|
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
|
||||||
|
|
||||||
|
set {
|
||||||
|
name = "namespaced"
|
||||||
|
value = "true"
|
||||||
|
}
|
||||||
|
|
||||||
|
set {
|
||||||
|
name = "provider"
|
||||||
|
value = "digitalocean"
|
||||||
|
}
|
||||||
|
|
||||||
|
set {
|
||||||
|
name = "env[0].name"
|
||||||
|
value = "DO_TOKEN"
|
||||||
|
}
|
||||||
|
set {
|
||||||
|
name = "env[0].valueFrom.secretKeyRef.name"
|
||||||
|
value = kubernetes_secret.digitalocean-token.metadata[0].name
|
||||||
|
}
|
||||||
|
set {
|
||||||
|
name = "env[0].valueFrom.secretKeyRef.key"
|
||||||
|
value = "token"
|
||||||
|
}
|
||||||
|
|
||||||
|
set_list {
|
||||||
|
name = "sources"
|
||||||
|
value = ["gateway-httproute", "gateway-tlsroute", "gateway-tcproute", "gateway-udproute", "ingress", "service"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
resource "helm_release" "cert-manager" {
|
resource "helm_release" "cert-manager" {
|
||||||
name = "cert-manager"
|
name = "cert-manager"
|
||||||
chart = "cert-manager"
|
chart = "cert-manager"
|
||||||
repository = "https://charts.jetstack.io"
|
repository = "https://charts.jetstack.io"
|
||||||
version = "v1.15.1"
|
version = "v1.15.1"
|
||||||
namespace = "kube-system"
|
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
|
||||||
|
|
||||||
set {
|
set {
|
||||||
name = "crds.enabled"
|
name = "crds.enabled"
|
||||||
value = true
|
value = true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
set_list {
|
||||||
|
name = "extraArgs"
|
||||||
|
value = ["--enable-gateway-api"]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
resource "kubernetes_manifest" "tjo-cloud-issuer" {
|
||||||
|
manifest = {
|
||||||
|
apiVersion = "cert-manager.io/v1"
|
||||||
|
kind = "Issuer"
|
||||||
|
metadata = {
|
||||||
|
name = "tjo-cloud"
|
||||||
|
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
|
||||||
|
}
|
||||||
|
spec = {
|
||||||
|
acme = {
|
||||||
|
email = "tine@tjo.space"
|
||||||
|
server = "https://acme-staging-v02.api.letsencrypt.org/directory"
|
||||||
|
privateKeySecretRef = {
|
||||||
|
name = "tjo-cloud-acme-account"
|
||||||
|
}
|
||||||
|
solvers = [
|
||||||
|
{
|
||||||
|
dns01 = {
|
||||||
|
digitalocean = {
|
||||||
|
tokenSecretRef = {
|
||||||
|
name = kubernetes_secret.digitalocean-token.metadata[0].name
|
||||||
|
key = "token"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "kubernetes_manifest" "gateway" {
|
resource "kubernetes_manifest" "gateway" {
|
||||||
|
|
@ -98,13 +187,33 @@ resource "kubernetes_manifest" "gateway" {
|
||||||
kind = "Gateway"
|
kind = "Gateway"
|
||||||
metadata = {
|
metadata = {
|
||||||
name = "gateway"
|
name = "gateway"
|
||||||
namespace = "kube-system"
|
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
|
||||||
|
annotations = {
|
||||||
|
"cert-manager.io/issuer" : "tjo-cloud"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
spec = {
|
spec = {
|
||||||
gatewayClassName = "cilium"
|
gatewayClassName = "cilium"
|
||||||
listeners = [
|
listeners = [
|
||||||
{ name : "http", protocol : "HTTP", port : 80 },
|
{
|
||||||
{ name : "https", protocol : "HTTPS", port : 443 },
|
name : "http"
|
||||||
|
hostname : "*.${module.cluster.name}.${module.cluster.domain}"
|
||||||
|
protocol : "HTTPS"
|
||||||
|
port : 443
|
||||||
|
allowedRoutes : {
|
||||||
|
namespaces : {
|
||||||
|
from : "Same"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
tls : {
|
||||||
|
mode : "Terminate"
|
||||||
|
certificateRefs : [
|
||||||
|
{
|
||||||
|
name : "tjo-cloud-tls"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -115,7 +224,7 @@ resource "helm_release" "dashboard" {
|
||||||
repository = "https://kubernetes.github.io/dashboard"
|
repository = "https://kubernetes.github.io/dashboard"
|
||||||
chart = "kubernetes-dashboard"
|
chart = "kubernetes-dashboard"
|
||||||
version = "7.5.0"
|
version = "7.5.0"
|
||||||
namespace = "kube-system"
|
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "kubernetes_manifest" "dashoard-http-route" {
|
resource "kubernetes_manifest" "dashoard-http-route" {
|
||||||
|
|
@ -128,11 +237,13 @@ resource "kubernetes_manifest" "dashoard-http-route" {
|
||||||
kind = "HTTPRoute"
|
kind = "HTTPRoute"
|
||||||
metadata = {
|
metadata = {
|
||||||
name = "dashboard"
|
name = "dashboard"
|
||||||
namespace = "kube-system"
|
namespace = kubernetes_namespace.tjo-cloud.metadata[0].name
|
||||||
}
|
}
|
||||||
spec = {
|
spec = {
|
||||||
parentRefs = [
|
parentRefs = [
|
||||||
{ name : "gateway" }
|
{
|
||||||
|
name : "gateway"
|
||||||
|
}
|
||||||
]
|
]
|
||||||
hostnames = [
|
hostnames = [
|
||||||
"dashboard.${module.cluster.name}.${module.cluster.domain}"
|
"dashboard.${module.cluster.name}.${module.cluster.domain}"
|
||||||
|
|
@ -149,8 +260,8 @@ resource "kubernetes_manifest" "dashoard-http-route" {
|
||||||
]
|
]
|
||||||
backendRefs = [
|
backendRefs = [
|
||||||
{
|
{
|
||||||
name : "kubernetes-dashboard-kong-proxy"
|
name : "kubernetes-dashboard-web"
|
||||||
port : 443
|
port : 8000
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -19,3 +19,8 @@ variable "oidc_client_id" {
|
||||||
variable "oidc_issuer_url" {
|
variable "oidc_issuer_url" {
|
||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "digitalocean_token" {
|
||||||
|
type = string
|
||||||
|
sensitive = true
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue