Slowly building proper cluster

infra/vultr-kubernetes/.gitignore

@@ -1 +1,3 @@
 secrets.sh
+# Kubernetes config
+config.yaml

infra/vultr-kubernetes/build.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -e
+
+plan=out.plan
+
+refresh=$1
+
+plan() {
+	set -x
+	terraform plan -var-file variables.tfvars -input=false -out $plan
+}
+
+[[ -z "$refresh " ]] && plan || source ./secrets.sh && plan
+

infra/vultr-kubernetes/cluster-setup.md

@@ -0,0 +1,52 @@
+# First we setup the ingress controller with helm
+
+
+```sh
+helm repo add traefik https://helm.traefik.io/traefik
+helm repo update
+# Now we can install this to our cluster
+helm install --kubeconfig config.yaml traefik traefik/traefik
+```
+
+# Prove the service is present with
+
+```sh
+kubectl --kubeconfig config.yaml get svc
+```
+
+# Create the pods
+
+```sh
+kubectl --kubeconfig config.yaml -f k8s/nginx-dep.yaml
+```
+
+# Expose on port 80
+
+```sh
+kubectl --kubeconfig config.yaml -f k8s/nginx-service.yaml
+```
+
+# Create ingress on k8s
+
+```sh
+kubectl --kubeconfig config.yaml -f k8s/traefik-ingress.yaml
+```
+
+# Take the external IP from the ingress 
+
+Put that into terraform's A record for the domain since this is a load balancer
+in Vultr ( actual resource apparantly )
+
+# Configure cert-manager for traefik ingress
+
+Using the latest version from here:
+https://github.com/cert-manager/cert-manager/releases/download/v1.14.2/cert-manager.crds.yaml
+
+```sh
+kubectl --kubeconfig config.yaml \
+	apply --validate=false \
+	-f https://github.com/cert-manager/cert-manager/releases/download/v1.14.2/cert-manager.yaml
+```
+
+
+

infra/vultr-kubernetes/dns.tf

@@ -2,3 +2,11 @@ resource vultr_dns_domain temprah_lab {
   domain = var.lab_domain
   ip = vultr_kubernetes.athens.ip
 }
+
+resource vultr_dns_record sample_dns {
+  domain = vultr_dns_domain.temprah_lab.id
+  name = "sample"
+  data = "45.32.68.232"
+  # data = vultr_kubernetes.athens.ip
+  type = "A"
+}

infra/vultr-kubernetes/k8s/letsencrypt-issuer.yaml

@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letencrypt-prod
+  namespace: default
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: dev@shockrah.xyz
+    privateKeySecretRef:
+      name: letencrypt-prod
+    solvers:
+      - http01:
+        ingress:
+          class: traefik

infra/vultr-kubernetes/k8s/nginx-dep.yaml

@@ -0,0 +1,20 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: nginx-web
+  namespace: default
+  labels:
+    app: nginx-web
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx-web
+  template:
+    metadata:
+      labels:
+        app: nginx-web
+    spec:
+      containers:
+        - name: nginx
+          image: nginx

infra/vultr-kubernetes/k8s/nginx-service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-web
+  namespace: default
+spec:
+  selector:
+    app: nginx-web
+  ports:
+    - name: http
+      targetPort: 80
+      port: 80

infra/vultr-kubernetes/k8s/traefik-ingress.yaml

@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: traefik-ingress
+  namespace: default
+  annotations:
+    kubernetes.io/ingress.class: traefik
+spec:
+  rules:
+    - host: sample.temprah-lab.xyz
+      http:
+        paths:
+          - backend:
+              service:
+                name: nginx-web
+                port:
+                  number: 80
+            path: /
+            pathType: Prefix