From 8b3f4599718e13a6a67c9ae43fb4af3b5faf2b30 Mon Sep 17 00:00:00 2001 From: Victor Barba Martin Date: Thu, 18 Nov 2021 16:57:31 +0100 Subject: [PATCH] production --- k8s/.prd-video-cluster-kubeconfig.yaml.icloud | Bin 0 -> 183 bytes k8s/applications/values-production.yaml | 2 +- terraform/kubernetes.tf | 85 +++--------------- terraform/lke.tf | 12 ++- terraform/modules/kubernetes/argocd.tf | 33 +++++++ terraform/modules/kubernetes/coturn-dns.tf | 24 +++++ terraform/modules/kubernetes/external-dns.tf | 23 +++++ terraform/modules/kubernetes/terraform.tf | 8 ++ terraform/modules/kubernetes/variables.tf | 6 ++ .../prd-kubeconfig.yaml | 0 10 files changed, 119 insertions(+), 74 deletions(-) create mode 100644 k8s/.prd-video-cluster-kubeconfig.yaml.icloud create mode 100644 terraform/modules/kubernetes/argocd.tf create mode 100644 terraform/modules/kubernetes/coturn-dns.tf create mode 100644 terraform/modules/kubernetes/external-dns.tf create mode 100644 terraform/modules/kubernetes/terraform.tf create mode 100644 terraform/modules/kubernetes/variables.tf rename k8s/prd-video-cluster-kubeconfig.yaml => terraform/prd-kubeconfig.yaml (100%) diff --git a/k8s/.prd-video-cluster-kubeconfig.yaml.icloud b/k8s/.prd-video-cluster-kubeconfig.yaml.icloud new file mode 100644 index 0000000000000000000000000000000000000000..97cc9bec6cb239061d2a411fb6d44c92b2934c10 GIT binary patch literal 183 zcmYc)$jK}&F)+By$i&RT$`<1n92(@~mzbOComv?$AOPmNW#*&?XI4RkB;Z0psm1xF zMaiill?4zf#e$*~-LlM-)O_9KoYLZw)FR#N(xlYn{JgZxbiK;N+#Er!^YH>QSWO5@ dO)t$!EaKpo(f7(LWB>z3MhMNo4y9q#1OR1uG*bWo literal 0 HcmV?d00001 diff --git a/k8s/applications/values-production.yaml b/k8s/applications/values-production.yaml index 9cfb2b9..6f49ece 100644 --- a/k8s/applications/values-production.yaml +++ b/k8s/applications/values-production.yaml @@ -1 +1 @@ -environment: "staging" \ No newline at end of file +environment: "production" \ No newline at end of file diff --git a/terraform/kubernetes.tf b/terraform/kubernetes.tf index 05fda80..a479358 100644 --- a/terraform/kubernetes.tf +++ b/terraform/kubernetes.tf @@ -1,84 +1,27 @@ -resource "kubernetes_namespace" "external-dns" { - depends_on = [local_file.kubeconfig] - metadata { - name = "external-dns" - } -} -resource "kubernetes_secret" "aws_user_external_dns" { - depends_on = [kubernetes_namespace.external-dns] +module "kubernetes_stg" { - metadata { - name = "aws-user-external-dns" - namespace = "external-dns" + source = "./modules/kubernetes" + providers = { + kubernetes = kubernetes.staging } - data = { - username = aws_iam_access_key.lke-external-dns.id - password = aws_iam_access_key.lke-external-dns.secret - } - - type = "kubernetes.io/basic-auth" - -} - -resource "kubernetes_namespace" "argocd" { - depends_on = [local_file.kubeconfig] - - metadata { - name = "argocd" - } -} - -data "aws_secretsmanager_secret" "bitbucket_ssh_argocd_key" { - name = "bitbucket-ssh-argocd-key" -} - -data "aws_secretsmanager_secret_version" "bitbucket_ssh_argocd_key" { - secret_id = data.aws_secretsmanager_secret.bitbucket_ssh_argocd_key.id -} - -resource "kubernetes_secret" "bitbucket_ssh_argocd_key" { - depends_on = [kubernetes_namespace.argocd] - - metadata { - name = "bitbucket-ssh-argocd-key" - namespace = "argocd" - labels = { - "argocd.argoproj.io/secret-type" = "repository" - } - } - - data = { - url = "git@bitbucket.org:jamkazam/video-iac" - sshPrivateKey = base64decode(jsondecode(data.aws_secretsmanager_secret_version.bitbucket_ssh_argocd_key.secret_string)["private"]) - } + access_key = aws_iam_access_key.lke-external-dns.id + secret_key = aws_iam_access_key.lke-external-dns.secret } -resource "kubernetes_namespace" "coturn-dns" { - depends_on = [local_file.kubeconfig] +module "kubernetes_prd" { - metadata { - name = "coturn-dns" + source = "./modules/kubernetes" + providers = { + kubernetes = kubernetes.production } + + access_key = aws_iam_access_key.lke-external-dns.id + secret_key = aws_iam_access_key.lke-external-dns.secret + } -resource "kubernetes_secret" "aws_user_coturn_dns" { - depends_on = [kubernetes_namespace.coturn-dns] - - metadata { - name = "aws-user-coturn-dns" - namespace = "coturn-dns" - } - - data = { - username = aws_iam_access_key.lke-external-dns.id - password = aws_iam_access_key.lke-external-dns.secret - } - - type = "kubernetes.io/basic-auth" - -} diff --git a/terraform/lke.tf b/terraform/lke.tf index 1a5a010..b764b32 100644 --- a/terraform/lke.tf +++ b/terraform/lke.tf @@ -24,10 +24,9 @@ resource "local_file" "kubeconfig" { provider "kubernetes" { config_path = local_file.kubeconfig.filename + alias = "staging" } - - resource "linode_lke_cluster" "prd-video-cluster" { label = "prd-video-cluster" k8s_version = "1.21" @@ -52,3 +51,12 @@ resource "linode_lke_cluster" "prd-video-cluster" { } +resource "local_file" "kubeconfig_prd" { + filename = "prd-kubeconfig.yaml" + content = base64decode(linode_lke_cluster.prd-video-cluster.kubeconfig) +} + +provider "kubernetes" { + config_path = local_file.kubeconfig_prd.filename + alias = "production" +} diff --git a/terraform/modules/kubernetes/argocd.tf b/terraform/modules/kubernetes/argocd.tf new file mode 100644 index 0000000..2914421 --- /dev/null +++ b/terraform/modules/kubernetes/argocd.tf @@ -0,0 +1,33 @@ + +resource "kubernetes_namespace" "argocd" { + metadata { + name = "argocd" + } +} + +data "aws_secretsmanager_secret" "bitbucket_ssh_argocd_key" { + name = "bitbucket-ssh-argocd-key" +} + +data "aws_secretsmanager_secret_version" "bitbucket_ssh_argocd_key" { + secret_id = data.aws_secretsmanager_secret.bitbucket_ssh_argocd_key.id +} + +resource "kubernetes_secret" "bitbucket_ssh_argocd_key" { + depends_on = [kubernetes_namespace.argocd] + + metadata { + name = "bitbucket-ssh-argocd-key" + namespace = "argocd" + labels = { + "argocd.argoproj.io/secret-type" = "repository" + } + } + + data = { + url = "git@bitbucket.org:jamkazam/video-iac" + sshPrivateKey = base64decode(jsondecode(data.aws_secretsmanager_secret_version.bitbucket_ssh_argocd_key.secret_string)["private"]) + } + +} + diff --git a/terraform/modules/kubernetes/coturn-dns.tf b/terraform/modules/kubernetes/coturn-dns.tf new file mode 100644 index 0000000..4538aa5 --- /dev/null +++ b/terraform/modules/kubernetes/coturn-dns.tf @@ -0,0 +1,24 @@ + +resource "kubernetes_namespace" "coturn-dns" { + + metadata { + name = "coturn-dns" + } +} + +resource "kubernetes_secret" "aws_user_coturn_dns" { + depends_on = [kubernetes_namespace.coturn-dns] + + metadata { + name = "aws-user-coturn-dns" + namespace = "coturn-dns" + } + + data = { + username = var.access_key + password = var.secret_key + } + + type = "kubernetes.io/basic-auth" + +} diff --git a/terraform/modules/kubernetes/external-dns.tf b/terraform/modules/kubernetes/external-dns.tf new file mode 100644 index 0000000..574ee4f --- /dev/null +++ b/terraform/modules/kubernetes/external-dns.tf @@ -0,0 +1,23 @@ + +resource "kubernetes_namespace" "external-dns" { + metadata { + name = "external-dns" + } +} + +resource "kubernetes_secret" "aws_user_external_dns" { + depends_on = [kubernetes_namespace.external-dns] + + metadata { + name = "aws-user-external-dns" + namespace = "external-dns" + } + + data = { + username = var.access_key + password = var.secret_key + } + + type = "kubernetes.io/basic-auth" + +} diff --git a/terraform/modules/kubernetes/terraform.tf b/terraform/modules/kubernetes/terraform.tf new file mode 100644 index 0000000..1a2ce19 --- /dev/null +++ b/terraform/modules/kubernetes/terraform.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = ">= 2.0.0" + } + } +} diff --git a/terraform/modules/kubernetes/variables.tf b/terraform/modules/kubernetes/variables.tf new file mode 100644 index 0000000..df43f8a --- /dev/null +++ b/terraform/modules/kubernetes/variables.tf @@ -0,0 +1,6 @@ +variable "access_key" { + type = string +} +variable "secret_key" { + type = string +} diff --git a/k8s/prd-video-cluster-kubeconfig.yaml b/terraform/prd-kubeconfig.yaml similarity index 100% rename from k8s/prd-video-cluster-kubeconfig.yaml rename to terraform/prd-kubeconfig.yaml