feat: k8s cluster deployment on digital ocean

PaddyMc · PaddyMc · commit f7e2b62e7bcd · 2019-09-29T13:52:00.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,4 @@
+.terraform
+terraform.tfstate
+terraform.tfstate.backup
+terraform.tfstate.d
diff --git a/Makefile b/Makefile
@@ -0,0 +1,59 @@
+deploy: 
+	$(eval workspace=$(shell terraform workspace new deploy-cluster))
+	terraform workspace select deploy-cluster
+
+	terraform init ./deployments/staging/cluster
+	terraform apply -auto-approve ./deployments/staging/cluster
+
+	terraform output kube_config > ~/.kube/config
+
+deploy_helm_and_state:
+	$(eval tf_host=$(shell terraform output host))
+	$(eval tf_port=$(shell terraform output port))
+	$(eval tf_database=$(shell terraform output database))
+	$(eval tf_user=$(shell terraform output user))
+	$(eval tf_password=$(shell terraform output password))
+
+	$(eval workspace=$(shell terraform workspace new helm_and_state))
+	terraform workspace select helm_and_state
+
+	terraform init ./deployments/staging/helm_and_state
+	terraform apply \
+		-auto-approve \
+		-var 'host=$(tf_host)' \
+		-var 'port=$(tf_port)' \
+		-var 'database=$(tf_database)' \
+		-var 'user=$(tf_user)' \
+		-var 'password=$(tf_password)' \
+	./deployments/staging/helm_and_state
+	
+destroy:
+	terraform workspace select deploy-cluster
+	terraform init ./deployments/staging/cluster
+	terraform destroy -force ./deployments/staging/cluster
+
+destroy_helm_and_state:
+	terraform workspace select helm
+	terraform init ./helm
+	terraform destroy -force ./helm
+
+get_kube_config:
+	terraform workspace select deploy-cluster
+	terraform output kube_config > ~/.kube/config
+
+helm_install_external_dns:
+	helm install --name external-dns \
+		--namespace kube-system \
+		--set provider=cloudflare \
+		--set source=ingress \
+		--set source=service \
+		--set cloudflare.apiKey= \
+		--set cloudflare.email= \
+		stable/external-dns
+
+.PHONY: \
+	deploy \
+	deploy_helm_and_state \
+	destroy \
+	destroy_helm_and_state \
+	get_kube_config \
diff --git a/README.md b/README.md
@@ -0,0 +1,33 @@
+# Terraform cluster deployment
+
+## Overview
+Terraform script for deploying a cluster to Digital Ocean
+
+Add your digital ocean token to `variables.tf`
+
+## Prerequisites
+Install [teraform](https://www.terraform.io/)
+
+### Step 1
+- Deploy k8s cluster
+```shell
+make deploy
+```
+This will deploy a k8s cluster on download the `kube_config`
+
+### Step 2
+- Deploy helm and state
+```shell
+make deploy_helm_and_state
+```
+Running this step must be ran directly after Step 1 as it has dependancies on `terraform output`
+
+### Step N
+- Destroy k8s cluster
+```shell
+make destroy
+```
+
+### Beware of Dragons
+- Please run the steps in order!
+- Helm install doesn't seem to be working
diff --git a/deployments/staging/cluster/main.tf b/deployments/staging/cluster/main.tf
@@ -0,0 +1,31 @@
+provider "digitalocean" {
+  token = "${var.do_token}"
+}
+module "cluster" { 
+  source        = "../../../modules/do-cluster" 
+  cluster_name  = "staging"
+}
+output "kube_config" {
+  value = "${module.cluster.kube_config}"
+}
+output "cluster_id" {
+  value = "${module.cluster.cluster_id}"
+}
+output "host" {
+  value = "${module.cluster.host}"
+}
+output "port" {
+  value = "${module.cluster.port}"
+}
+output "database" {
+  value = "${module.cluster.database}"
+}
+output "user" {
+  value = "${module.cluster.user}"
+}
+output "password" {
+  value = "${module.cluster.password}"
+}
+output "uri" {
+  value = "${module.cluster.uri}"
+}
diff --git a/deployments/staging/cluster/variables.tf b/deployments/staging/cluster/variables.tf
@@ -0,0 +1 @@
+variable "do_token" { default = "" }
diff --git a/deployments/staging/helm_and_state/main.tf b/deployments/staging/helm_and_state/main.tf
@@ -0,0 +1,25 @@
+provider "postgresql" {
+  host            = "${var.host}"
+  port            = "${var.port}"
+  database        = "${var.database}"
+  username        = "${var.user}"
+  password        = "${var.password}"
+  sslmode         = "require"
+  connect_timeout = 15
+}
+
+module "database_tables" { 
+  source        = "../../../modules/database-tables" 
+}
+
+provider "helm" {
+  install_tiller = true
+  service_account = "helm"
+}
+
+provider "kubernetes" {
+}
+
+module "cluster_helm" { 
+  source        = "../../../modules/helm" 
+}
diff --git a/deployments/staging/helm_and_state/variables.tf b/deployments/staging/helm_and_state/variables.tf
@@ -0,0 +1,5 @@
+variable "host" {}
+variable "port" {}
+variable "database" {}
+variable "user" {}
+variable "password" {}
diff --git a/modules/database-tables/database-tables.tf b/modules/database-tables/database-tables.tf
@@ -0,0 +1,6 @@
+resource "postgresql_database" "terraform_backend" {
+  name              = "terraform_backend"
+  lc_collate        = "C"
+  connection_limit  = -1
+  allow_connections = true
+}
diff --git a/modules/do-cluster/cluster.tf b/modules/do-cluster/cluster.tf
@@ -0,0 +1,17 @@
+resource "digitalocean_kubernetes_cluster" "main" {
+  name    = "${var.cluster_name}"
+  region  = "fra1"
+  version = "1.15.3-do.2"
+
+
+  node_pool {
+    name       = "api-go"
+    size       = "s-1vcpu-2gb"
+    node_count = 3
+  }
+
+  # management {
+  #   auto_repair  = true
+  #   auto_upgrade = true
+  # }
+}
diff --git a/modules/do-cluster/database.tf b/modules/do-cluster/database.tf
@@ -0,0 +1,8 @@
+resource "digitalocean_database_cluster" "pg" {
+  name       = "postgres-db"
+  engine     = "pg"
+  version    = "11"
+  size       = "db-s-1vcpu-1gb"
+  region     = "fra1"
+  node_count = 1
+}
diff --git a/modules/do-cluster/outputs.tf b/modules/do-cluster/outputs.tf
@@ -0,0 +1,28 @@
+# Outputs kubeconfig to connect to k8s cluster
+output "kube_config" {
+  value = "${digitalocean_kubernetes_cluster.main.kube_config.0.raw_config}"
+}
+
+output "cluster_id" {
+  value = "${digitalocean_kubernetes_cluster.main.id}"
+}
+
+# Output the details to connect to the DB
+output "host" {
+  value = "${digitalocean_database_cluster.pg.host}"
+}
+output "port" {
+  value = "${digitalocean_database_cluster.pg.port}"
+}
+output "database" {
+  value = "${digitalocean_database_cluster.pg.database}"
+}
+output "user" {
+  value = "${digitalocean_database_cluster.pg.user}"
+}
+output "password" {
+  value = "${digitalocean_database_cluster.pg.password}"
+}
+output "uri" {
+  value = "${digitalocean_database_cluster.pg.uri}"
+}
diff --git a/modules/do-cluster/variables.tf b/modules/do-cluster/variables.tf
@@ -0,0 +1 @@
+variable "cluster_name" { default = "review" }
diff --git a/modules/helm/helm.tf b/modules/helm/helm.tf
@@ -0,0 +1,40 @@
+resource "kubernetes_service_account" "helm" {
+  metadata {
+    name = "helm"
+    namespace = "kube-system"
+  }
+}
+
+resource "kubernetes_cluster_role_binding" "helm" {
+  metadata {
+    name = "helm"
+  }
+  role_ref {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "ClusterRole"
+    name      = "cluster-admin"
+  }
+  subject {
+    kind      = "User"
+    name      = "admin"
+    api_group = "rbac.authorization.k8s.io"
+  }
+  subject {
+    kind      = "ServiceAccount"
+    name      = "helm"
+    namespace = "kube-system"
+  }
+  subject {
+    kind      = "Group"
+    name      = "system:masters"
+    api_group = "rbac.authorization.k8s.io"
+  }
+}
+
+# provider "helm" {
+#   kubernetes {
+#     config_path = "~/.kube/config"
+#   }
+#   install_tiller = true
+#   service_account = "helm"
+# }

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+variable "cluster_name" { default = "review" }`