Merge pull request #28 from bravecobra/feature/terraform

Added terraform implementation

.gitignore

@@ -84,3 +84,4 @@ certs.yaml
 *.log
 site/
 cacerts.yaml
+src/terraform/.terraform.lock.hcl

src/terraform/main.tf

@@ -0,0 +1,146 @@
+resource "kubernetes_namespace" "infrastructure" {
+  metadata {
+    name = var.namespace
+  }
+}
+
+module "consul" {
+  source = "./modules/consul"
+  count = var.install_consul == true ? 1 : 0
+  domain-name =  "consul.${var.namespace}.${var.domain-name}"
+  namespace = var.namespace
+  datacenter = var.consul-datacenter
+  depends_on = [
+    kubernetes_namespace.infrastructure
+  ]
+}
+
+output "consul-url" {
+  value = var.install_consul == true ? module.consul.0.consul-url : null
+}
+
+module "cert-manager" {
+  count = var.install_cert_manager == true ? 1 : 0
+  source = "./modules/cert-manager"
+}
+
+module "consul-coredns" {
+  source = "./modules/consul-coredns"
+  count = var.patch_coredns == true ? 1 : 0
+  namespace = var.namespace
+  depends_on = [
+    module.consul
+  ]
+}
+
+module "traefik" {
+  source = "./modules/traefik"
+  count = var.install_traefik == true ? 1 : 0
+  domain-name =  "${var.domain-name}"
+  traefik-domain-name = "traefik.${var.namespace}.${var.domain-name}"
+  service-ip = var.service-ip
+  namespace = var.namespace
+  depends_on = [
+    module.consul,
+    module.cert-manager
+  ]
+}
+
+output "traefik-url" {
+  value = var.install_traefik == true ? module.traefik.0.traefik-url : null
+}
+
+module "prometheus" {
+  source = "./modules/prometheus"
+  count = var.install_prometheus == true ? 1 : 0
+  prometheus-domain-name =  "prometheus.${var.namespace}.${var.domain-name}"
+  grafana-domain-name =  "grafana.${var.namespace}.${var.domain-name}"
+  namespace = var.namespace
+  depends_on = [
+    module.consul,
+    module.cert-manager
+  ]
+}
+
+output "prometheus-url" {
+  value = var.install_prometheus == true ? module.prometheus.0.prometheus-url : null
+}
+
+output "grafana-url" {
+  value = var.install_prometheus == true ? module.prometheus.0.grafana-url : null
+}
+
+module "loki" {
+  source = "./modules/loki"
+  count = var.install_loki == true ? 1 : 0
+  namespace = var.namespace
+  depends_on = [
+    module.consul,
+    module.cert-manager
+  ]
+}
+
+module "jaeger" {
+  source = "./modules/jaeger"
+  count = var.install_jaeger == true ? 1 : 0
+  namespace = var.namespace
+  jaeger-domain-name = "jaeger.${var.namespace}.${var.domain-name}"
+  depends_on = [
+    module.consul,
+    module.cert-manager
+  ]
+}
+
+output "jaeger-url" {
+  value = var.install_jaeger == true ? module.jaeger.0.jaeger-url : null
+}
+
+module "elasticsearch" {
+  source = "./modules/elasticsearch"
+  count = var.install_elasticsearch == true ? 1 : 0
+  namespace = var.namespace
+  elastic-domain-name = "es.${var.namespace}.${var.domain-name}"
+  kibana-domain-name = "kibana.${var.namespace}.${var.domain-name}"
+  depends_on = [
+    module.consul,
+    module.cert-manager
+  ]
+}
+
+output "elastic-url" {
+  value = var.install_elasticsearch == true ? module.elasticsearch.0.elastic-url : null
+}
+
+output "kibana-url" {
+  value = var.install_elasticsearch == true ? module.elasticsearch.0.kibana-url : null
+}
+
+output "elasticsearch-user" {
+  value = var.install_elasticsearch == true ? module.elasticsearch.0.elastic-user : null
+  sensitive = true
+}
+
+module "identityserver4" {
+  source = "./modules/identityserver4admin"
+  count = var.install_identityserver4admin == true ? 1 : 0
+  namespace = var.namespace
+  login-domain-name = "login.${var.domain-name}"
+  admin-domain-name = "admin.login.${var.domain-name}"
+  api-domain-name = "api.login.${var.domain-name}"
+  depends_on = [
+    module.consul,
+    module.cert-manager
+  ]
+}
+
+output "login-url" {
+  value = var.install_identityserver4admin == true ? module.identityserver4.0.login-url : null
+}
+
+output "login-admin-url" {
+  value = var.install_identityserver4admin == true ? module.identityserver4.0.admin-url : null
+}
+
+output "login-api-url" {
+  value = var.install_identityserver4admin == true ? module.identityserver4.0.api-url : null
+}

src/terraform/modules/cert-manager/cluster-issuer.yaml

@@ -0,0 +1,7 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-ca-issuer
+spec:
+  ca:
+    secretName: ca-key-pair

src/terraform/modules/cert-manager/main.tf

@@ -0,0 +1,53 @@
+resource "kubernetes_namespace" "cert-manager" {
+  metadata {
+    name = "cert-manager"
+  }
+}
+
+
+resource "helm_release" "cert-manager" {
+  name       = "cert-manager"
+
+  repository = "https://charts.jetstack.io"
+  chart      = "cert-manager"
+  namespace  = "cert-manager"
+  version    = "v1.3.1"
+  wait       = true
+  wait_for_jobs = true
+  set {
+    name  = "installCRDs"
+    value = "true"
+  }
+
+  depends_on = [
+    kubernetes_namespace.cert-manager
+  ]
+}
+
+resource "kubernetes_secret" "ca-key-pair" {
+  metadata {
+    name = "ca-key-pair"
+    namespace = "cert-manager"
+  }
+  data = {
+    "tls.crt" = file("./certs/cacerts.crt")
+    "tls.key" = file("./certs/cacerts.key")
+  }
+  type = "kubernetes.io/tls"
+}
+
+resource "time_sleep" "wait_10_seconds" {
+  depends_on = [
+    helm_release.cert-manager,
+    kubernetes_secret.ca-key-pair
+  ]
+
+  create_duration = "10s"
+}
+
+resource "kubectl_manifest" "cluster-issuer" {
+    depends_on = [
+      time_sleep.wait_10_seconds
+    ]
+    yaml_body = file("${path.module}/cluster-issuer.yaml")
+}

src/terraform/modules/cert-manager/providers.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.7.0"
+    }
+  }
+}

src/terraform/modules/consul-coredns/coredns-orig.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns
+  namespace: kube-system
+data:
+  Corefile: |
+    .:53 {
+        errors
+        health {
+          lameduck 5s
+        }
+        ready
+        kubernetes cluster.local in-addr.arpa ip6.arpa {
+          pods insecure
+          fallthrough in-addr.arpa ip6.arpa
+          ttl 30
+        }
+        prometheus :9153
+        forward . /etc/resolv.conf {
+          max_concurrent 1000
+        }
+        cache 30
+        loop
+        reload
+        loadbalance
+    }

src/terraform/modules/consul-coredns/coredns.yaml

@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns
+  namespace: kube-system
+data:
+  Corefile: |
+    consul:53 {
+      log
+      errors
+      cache 30
+      forward . ${consul_ip}
+    }
+    .:53 {
+        errors
+        health {
+          lameduck 5s
+        }
+        rewrite name login.k8s.local identityserver4-identity.infrastructure.svc.cluster.local
+        rewrite name admin.login.k8s.local identityserver4-admin.infrastructure.svc.cluster.local
+        ready
+        kubernetes cluster.local in-addr.arpa ip6.arpa {
+          pods insecure
+          fallthrough in-addr.arpa ip6.arpa
+          ttl 30
+        }
+        prometheus :9153
+        forward . /etc/resolv.conf {
+          max_concurrent 1000
+        }
+        cache 30
+        loop
+        reload
+        loadbalance
+    }

src/terraform/modules/consul-coredns/main.tf

@@ -0,0 +1,18 @@
+data "kubernetes_service" "consul-dns" {
+  metadata {
+    name = "consul-consul-dns"
+    namespace = var.namespace
+  }
+}
+
+resource "kubectl_manifest" "coredns" {
+    yaml_body = templatefile("${path.module}/coredns.yaml", {
+        consul_ip = data.kubernetes_service.consul-dns.spec.0.cluster_ip
+    })
+    // yaml_body = templatefile("${path.module}/coredns-orig.yaml", {
+    //     consul_ip = var.consul_ip
+    // })
+  lifecycle {
+    prevent_destroy = false
+  }
+}

src/terraform/modules/consul-coredns/providers.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.7.0"
+    }
+  }
+}

src/terraform/modules/consul-coredns/variables.tf

@@ -0,0 +1,3 @@
+variable "namespace" {
+    type = string
+}