production

k8s/applications/values-production.yaml

@@ -1 +1 @@
-environment: "staging"
+environment: "production"

terraform/kubernetes.tf

@@ -1,84 +1,27 @@
-resource "kubernetes_namespace" "external-dns" {
-  depends_on = [local_file.kubeconfig]
 
-  metadata {
-    name = "external-dns"
-  }
-}
 
-resource "kubernetes_secret" "aws_user_external_dns" {
+module "kubernetes_stg" {
-  depends_on = [kubernetes_namespace.external-dns]
 
-  metadata {
+  source = "./modules/kubernetes"
-    name      = "aws-user-external-dns"
+  providers = {
-    namespace = "external-dns"
+    kubernetes = kubernetes.staging
   }
 
-  data = {
+  access_key = aws_iam_access_key.lke-external-dns.id
-    username = aws_iam_access_key.lke-external-dns.id
+  secret_key = aws_iam_access_key.lke-external-dns.secret
-    password = aws_iam_access_key.lke-external-dns.secret
-  }
-
-  type = "kubernetes.io/basic-auth"
-
-}
-
-resource "kubernetes_namespace" "argocd" {
-  depends_on = [local_file.kubeconfig]
-
-  metadata {
-    name = "argocd"
-  }
-}
-
-data "aws_secretsmanager_secret" "bitbucket_ssh_argocd_key" {
-  name = "bitbucket-ssh-argocd-key"
-}
-
-data "aws_secretsmanager_secret_version" "bitbucket_ssh_argocd_key" {
-  secret_id = data.aws_secretsmanager_secret.bitbucket_ssh_argocd_key.id
-}
-
-resource "kubernetes_secret" "bitbucket_ssh_argocd_key" {
-  depends_on = [kubernetes_namespace.argocd]
-
-  metadata {
-    name      = "bitbucket-ssh-argocd-key"
-    namespace = "argocd"
-    labels = {
-      "argocd.argoproj.io/secret-type" = "repository"
-    }
-  }
-
-  data = {
-    url           = "git@bitbucket.org:jamkazam/video-iac"
-    sshPrivateKey = base64decode(jsondecode(data.aws_secretsmanager_secret_version.bitbucket_ssh_argocd_key.secret_string)["private"])
-  }
 
 }
 
 
-resource "kubernetes_namespace" "coturn-dns" {
+module "kubernetes_prd" {
-  depends_on = [local_file.kubeconfig]
 
-  metadata {
+  source = "./modules/kubernetes"
-    name = "coturn-dns"
+  providers = {
+    kubernetes = kubernetes.production
   }
+
+  access_key = aws_iam_access_key.lke-external-dns.id
+  secret_key = aws_iam_access_key.lke-external-dns.secret
+
 }
 
-resource "kubernetes_secret" "aws_user_coturn_dns" {
-  depends_on = [kubernetes_namespace.coturn-dns]
-
-  metadata {
-    name      = "aws-user-coturn-dns"
-    namespace = "coturn-dns"
-  }
-
-  data = {
-    username = aws_iam_access_key.lke-external-dns.id
-    password = aws_iam_access_key.lke-external-dns.secret
-  }
-
-  type = "kubernetes.io/basic-auth"
-
-}

terraform/lke.tf

@@ -24,10 +24,9 @@ resource "local_file" "kubeconfig" {
 
 provider "kubernetes" {
   config_path = local_file.kubeconfig.filename
+  alias       = "staging"
 }
 
-
-
 resource "linode_lke_cluster" "prd-video-cluster" {
   label       = "prd-video-cluster"
   k8s_version = "1.21"
@@ -52,3 +51,12 @@ resource "linode_lke_cluster" "prd-video-cluster" {
 
 }
 
+resource "local_file" "kubeconfig_prd" {
+  filename = "prd-kubeconfig.yaml"
+  content  = base64decode(linode_lke_cluster.prd-video-cluster.kubeconfig)
+}
+
+provider "kubernetes" {
+  config_path = local_file.kubeconfig_prd.filename
+  alias       = "production"
+}

terraform/modules/kubernetes/argocd.tf

@@ -0,0 +1,33 @@
+
+resource "kubernetes_namespace" "argocd" {
+  metadata {
+    name = "argocd"
+  }
+}
+
+data "aws_secretsmanager_secret" "bitbucket_ssh_argocd_key" {
+  name = "bitbucket-ssh-argocd-key"
+}
+
+data "aws_secretsmanager_secret_version" "bitbucket_ssh_argocd_key" {
+  secret_id = data.aws_secretsmanager_secret.bitbucket_ssh_argocd_key.id
+}
+
+resource "kubernetes_secret" "bitbucket_ssh_argocd_key" {
+  depends_on = [kubernetes_namespace.argocd]
+
+  metadata {
+    name      = "bitbucket-ssh-argocd-key"
+    namespace = "argocd"
+    labels = {
+      "argocd.argoproj.io/secret-type" = "repository"
+    }
+  }
+
+  data = {
+    url           = "git@bitbucket.org:jamkazam/video-iac"
+    sshPrivateKey = base64decode(jsondecode(data.aws_secretsmanager_secret_version.bitbucket_ssh_argocd_key.secret_string)["private"])
+  }
+
+}
+

terraform/modules/kubernetes/coturn-dns.tf

@@ -0,0 +1,24 @@
+
+resource "kubernetes_namespace" "coturn-dns" {
+
+  metadata {
+    name = "coturn-dns"
+  }
+}
+
+resource "kubernetes_secret" "aws_user_coturn_dns" {
+  depends_on = [kubernetes_namespace.coturn-dns]
+
+  metadata {
+    name      = "aws-user-coturn-dns"
+    namespace = "coturn-dns"
+  }
+
+  data = {
+    username = var.access_key
+    password = var.secret_key
+  }
+
+  type = "kubernetes.io/basic-auth"
+
+}

terraform/modules/kubernetes/external-dns.tf

@@ -0,0 +1,23 @@
+
+resource "kubernetes_namespace" "external-dns" {
+  metadata {
+    name = "external-dns"
+  }
+}
+
+resource "kubernetes_secret" "aws_user_external_dns" {
+  depends_on = [kubernetes_namespace.external-dns]
+
+  metadata {
+    name      = "aws-user-external-dns"
+    namespace = "external-dns"
+  }
+
+  data = {
+    username = var.access_key
+    password = var.secret_key
+  }
+
+  type = "kubernetes.io/basic-auth"
+
+}

terraform/modules/kubernetes/terraform.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.0.0"
+    }
+  }
+}

terraform/modules/kubernetes/variables.tf

@@ -0,0 +1,6 @@
+variable "access_key" {
+  type = string
+}
+variable "secret_key" {
+  type = string
+}