EXO-6: [NEW] add kubernetes_deployment_v1, ingress, service - initial commit

Author: devops-wien-user

.gitignore

@@ -12,7 +12,7 @@ crash.log
 # .tfvars files are managed as part of configuration and so should be included in
 # version control.
 #
-# example.tfvars
+local.tfvars
 
 # Ignore override files as they are usually used to override resources locally and so
 # are not checked in

kubernetes/deployment_v1/main.tf

@@ -0,0 +1,42 @@
+resource "kubernetes_deployment_v1" "kubernetes_deployment_v1" {
+  metadata {
+    name   =  var.name
+    labels = {
+      app  =  var.name
+      name =  var.name
+    }
+  }
+
+  spec {
+    selector {
+      match_labels = {
+        app =  var.name
+      }
+    }
+
+    template {
+      metadata {
+        labels = {
+          app  =  var.name
+          name =  var.name
+        }
+      }
+
+      spec {
+
+        container {
+          image             = "${var.image}"
+          image_pull_policy = "Always"
+          name              =  var.name
+
+          resources {
+            requests = {
+              cpu    = var.requests_cpu
+              memory = var.requests_memory
+            }
+          }
+        }
+      }
+    }
+  }
+}

kubernetes/deployment_v1/variable.tf

@@ -0,0 +1,15 @@
+variable "name" {
+  type = string
+}
+
+variable "image" {
+  type = string
+}
+
+variable "requests_cpu" {
+  type = string
+}
+
+variable "requests_memory" {
+  type = string
+}

kubernetes/deployment_v1/versions.tf

@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+    }
+  }
+}

kubernetes/ingress/main.tf

@@ -0,0 +1,39 @@
+resource "kubernetes_ingress_v1" "generic-ingress" {
+  for_each = toset(var.dns_names)
+  metadata {
+    name   = "${var.name}-${each.value}"
+    labels = {
+      app = "${var.name}-${each.value}"
+    }
+    annotations = {
+      "cert-manager.io/cluster-issuer": "letsencrypt-prod"
+      "kubernetes.io/ingress.class" : "default"
+      "haproxy.org/check" : "false" // todo: use http-check
+      "haproxy.org/check-http" : "/health.txt"
+      "haproxy.org/check-interval" : "10s"
+    }
+  }
+  spec {
+    rule {
+      host = each.value
+      http {
+        path {
+          path = "/"
+          backend {
+            service {
+              name = var.name
+              port {
+                number = 80
+              }
+            }
+          }
+        }
+      }
+    }
+
+    tls {
+      hosts       = [each.value]
+      secret_name = each.value
+    }
+  }
+}

kubernetes/ingress/variable.tf

@@ -0,0 +1,7 @@
+variable "name" {
+  type = string
+}
+
+variable "dns_names" {
+  type = list(string)
+}

kubernetes/ingress/versions.tf

@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+    }
+  }
+}

kubernetes/service/main.tf

@@ -0,0 +1,19 @@
+resource "kubernetes_service" "ingress-service" {
+  metadata {
+    labels = {
+      app = var.name
+    }
+    name = var.name
+  }
+  spec {
+    port {
+      port = 80
+      protocol = "TCP"
+      target_port = var.target_port
+    }
+    selector = {
+      app = var.name
+    }
+    type = "NodePort"
+  }
+}

kubernetes/service/variable.tf

@@ -0,0 +1,7 @@
+variable "name" {
+  type = string
+}
+
+variable "target_port" {
+  type = number
+}

kubernetes/service/versions.tf

@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+    }
+  }
+}

main.tf

@@ -0,0 +1,19 @@
+module "kubernetes-deployment-v1" {
+  source = "./kubernetes/deployment_v1"
+  image  = var.image
+  name   = var.name
+  requests_cpu = var.requests_cpu
+  requests_memory = var.requests_memory
+}
+
+module "kubernetes-service" {
+  source = "./kubernetes/service"
+  name   = var.name
+  target_port = var.target_port
+}
+
+module "kubernetes-ingress" {
+  source    = "./kubernetes/ingress"
+  dns_names = var.dns_names
+  name      = var.name
+}

provider.tf

@@ -0,0 +1,6 @@
+provider "kubernetes" {
+  host                   = var.host
+  client_certificate     = base64decode(var.client_certificate)
+  client_key             = base64decode(var.client_key)
+  cluster_ca_certificate = base64decode(var.cluster_ca_certificate)
+}

variables.tf

@@ -0,0 +1,47 @@
+variable "name" {
+  type    = string
+  default = "deployment"
+}
+
+variable "dns_names" {
+  type    = list(string)
+  default = ["example.com"]
+}
+
+variable "target_port" {
+  type    = number
+  default = 80
+}
+
+variable "image" {
+  type    = string
+  default = "yeasy/simple-web"
+}
+
+variable "requests_cpu" {
+  default = "300m"
+}
+variable "requests_memory" {
+  default = "64Mi"
+}
+
+# kubectl
+variable "host" {
+  description = "(Required) The hostname (in form of URI) of the Kubernetes API. Can be sourced from KUBE_HOST."
+  type        = string
+}
+
+variable "client_certificate" {
+  description = "(Required) PEM-encoded client certificate for TLS authentication. Can be sourced from KUBE_CLIENT_CERT_DATA."
+  type        = string
+}
+
+variable "client_key" {
+  description = "(Required) PEM-encoded client certificate key for TLS authentication. Can be sourced from KUBE_CLIENT_KEY_DATA."
+  type        = string
+}
+
+variable "cluster_ca_certificate" {
+  description = "(Required) PEM-encoded root certificates bundle for TLS authentication. Can be sourced from KUBE_CLUSTER_CA_CERT_DATA."
+  type        = string
+}

versions.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_providers {
+    kubernetes = {
+      source = "hashicorp/kubernetes"
+      version = "2.12.1"
+    }
+  }
+  required_version = ">= 1.2.6"
+}