forked from fab-infra/fabinfra-tf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
k8s.tf
160 lines (140 loc) · 4.13 KB
/
k8s.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
// Local storage class
resource "kubernetes_storage_class" "k8s_local_storage" {
metadata {
name = "local-storage"
}
storage_provisioner = "kubernetes.io/no-provisioner"
volume_binding_mode = "WaitForFirstConsumer"
}
// Admin user service account
resource "kubernetes_service_account" "k8s_admin_user" {
metadata {
name = "admin-user"
namespace = "kube-system"
}
automount_service_account_token = false
}
// Admin user cluster role binding
resource "kubernetes_cluster_role_binding" "k8s_admin_user_cluster_role_binding" {
metadata {
name = "admin-user"
}
role_ref {
api_group = "rbac.authorization.k8s.io"
kind = "ClusterRole"
name = "cluster-admin"
}
subject {
kind = "ServiceAccount"
name = kubernetes_service_account.k8s_admin_user.metadata[0].name
namespace = kubernetes_service_account.k8s_admin_user.metadata[0].namespace
}
}
// Calico Tigera operator namespace
resource "kubernetes_namespace" "k8s_calico_ns" {
metadata {
name = "tigera-operator"
labels = {
"name" = "tigera-operator"
}
}
}
// Calico Tigera operator
resource "helm_release" "k8s_calico" {
name = "calico"
repository = "https://docs.projectcalico.org/charts"
chart = "tigera-operator"
version = var.k8s_calico_version
namespace = "tigera-operator"
values = [file("${path.module}/k8s/values/calico.yaml")]
}
// Cert-manager namespace
resource "kubernetes_namespace" "k8s_certmanager_ns" {
metadata {
name = "cert-manager"
labels = {
"name" = "cert-manager"
}
}
}
// Cert-manager
resource "helm_release" "k8s_certmanager" {
name = "cert-manager"
repository = "https://charts.jetstack.io"
chart = "cert-manager"
version = var.k8s_certmanager_version
namespace = kubernetes_namespace.k8s_certmanager_ns.metadata[0].name
values = [file("${path.module}/k8s/values/cert-manager.yaml")]
}
// Cert-manager configuratrion
resource "helm_release" "k8s_certmanager_config" {
name = "cert-manager-config"
chart = "${path.module}/k8s/charts/cert-manager-config"
namespace = kubernetes_namespace.k8s_certmanager_ns.metadata[0].name
values = [file("${path.module}/k8s/values/cert-manager-config.yaml")]
set_sensitive {
name = "clusterIssuer.ca.root.crt"
value = var.k8s_certmanager_root_ca_crt
}
set_sensitive {
name = "clusterIssuer.ca.root.key"
value = var.k8s_certmanager_root_ca_key
}
}
// Dashboard namespace
resource "kubernetes_namespace" "k8s_dashboard_ns" {
metadata {
name = "kubernetes-dashboard"
labels = {
"name" = "kubernetes-dashboard"
}
}
}
// Dashboard
resource "helm_release" "k8s_dashboard" {
name = "kubernetes-dashboard"
repository = "https://kubernetes.github.io/dashboard/"
chart = "kubernetes-dashboard"
version = var.k8s_dashboard_version
namespace = kubernetes_namespace.k8s_dashboard_ns.metadata[0].name
values = [file("${path.module}/k8s/values/dashboard.yaml")]
}
// Elastic ECK operator namespace
resource "kubernetes_namespace" "k8s_elastic_operator_ns" {
metadata {
name = "elastic-system"
labels = {
"name" = "elastic-system"
}
}
}
// Elastic ECK operator
resource "helm_release" "k8s_elastic_operator" {
name = "elastic-operator"
repository = "https://helm.elastic.co"
chart = "eck-operator"
version = var.k8s_elastic_operator_version
namespace = kubernetes_namespace.k8s_elastic_operator_ns.metadata[0].name
}
// Ingress Nginx namespace
resource "kubernetes_namespace" "k8s_ingress_nginx_ns" {
metadata {
name = "ingress-nginx"
labels = {
"name" = "ingress-nginx"
}
}
}
// Ingress Nginx
resource "helm_release" "k8s_ingress_nginx" {
name = "ingress-nginx"
repository = "https://kubernetes.github.io/ingress-nginx/"
chart = "ingress-nginx"
version = var.k8s_ingress_nginx_version
namespace = kubernetes_namespace.k8s_ingress_nginx_ns.metadata[0].name
values = [file("${path.module}/k8s/values/ingress-nginx.yaml")]
set {
name = "controller.service.externalIPs"
value = "{${join(",", var.k8s_ingress_nginx_external_ips)}}"
}
}