diff --git a/infra/vultr-kubernetes/.gitignore b/infra/vultr-kubernetes/.gitignore index b654e1f..91304bf 100644 --- a/infra/vultr-kubernetes/.gitignore +++ b/infra/vultr-kubernetes/.gitignore @@ -1 +1,3 @@ secrets.sh +# Kubernetes config +config.yaml diff --git a/infra/vultr-kubernetes/build.sh b/infra/vultr-kubernetes/build.sh new file mode 100644 index 0000000..6de6435 --- /dev/null +++ b/infra/vultr-kubernetes/build.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +set -e + +plan=out.plan + +refresh=$1 + +plan() { + set -x + terraform plan -var-file variables.tfvars -input=false -out $plan +} + +[[ -z "$refresh " ]] && plan || source ./secrets.sh && plan + diff --git a/infra/vultr-kubernetes/cluster-setup.md b/infra/vultr-kubernetes/cluster-setup.md new file mode 100644 index 0000000..e0c35aa --- /dev/null +++ b/infra/vultr-kubernetes/cluster-setup.md @@ -0,0 +1,52 @@ +# First we setup the ingress controller with helm + + +```sh +helm repo add traefik https://helm.traefik.io/traefik +helm repo update +# Now we can install this to our cluster +helm install --kubeconfig config.yaml traefik traefik/traefik +``` + +# Prove the service is present with + +```sh +kubectl --kubeconfig config.yaml get svc +``` + +# Create the pods + +```sh +kubectl --kubeconfig config.yaml -f k8s/nginx-dep.yaml +``` + +# Expose on port 80 + +```sh +kubectl --kubeconfig config.yaml -f k8s/nginx-service.yaml +``` + +# Create ingress on k8s + +```sh +kubectl --kubeconfig config.yaml -f k8s/traefik-ingress.yaml +``` + +# Take the external IP from the ingress + +Put that into terraform's A record for the domain since this is a load balancer +in Vultr ( actual resource apparantly ) + +# Configure cert-manager for traefik ingress + +Using the latest version from here: +https://github.com/cert-manager/cert-manager/releases/download/v1.14.2/cert-manager.crds.yaml + +```sh +kubectl --kubeconfig config.yaml \ + apply --validate=false \ + -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.2/cert-manager.yaml +``` + + + diff --git a/infra/vultr-kubernetes/dns.tf b/infra/vultr-kubernetes/dns.tf index 63d9a96..cb2d3c7 100644 --- a/infra/vultr-kubernetes/dns.tf +++ b/infra/vultr-kubernetes/dns.tf @@ -2,3 +2,11 @@ resource vultr_dns_domain temprah_lab { domain = var.lab_domain ip = vultr_kubernetes.athens.ip } + +resource vultr_dns_record sample_dns { + domain = vultr_dns_domain.temprah_lab.id + name = "sample" + data = "45.32.68.232" + # data = vultr_kubernetes.athens.ip + type = "A" +} diff --git a/infra/vultr-kubernetes/k8s/letsencrypt-issuer.yaml b/infra/vultr-kubernetes/k8s/letsencrypt-issuer.yaml new file mode 100644 index 0000000..b6e16ca --- /dev/null +++ b/infra/vultr-kubernetes/k8s/letsencrypt-issuer.yaml @@ -0,0 +1,15 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letencrypt-prod + namespace: default +spec: + acme: + server: https://acme-v02.api.letsencrypt.org/directory + email: dev@shockrah.xyz + privateKeySecretRef: + name: letencrypt-prod + solvers: + - http01: + ingress: + class: traefik diff --git a/infra/vultr-kubernetes/k8s/nginx-dep.yaml b/infra/vultr-kubernetes/k8s/nginx-dep.yaml new file mode 100644 index 0000000..40f1bf1 --- /dev/null +++ b/infra/vultr-kubernetes/k8s/nginx-dep.yaml @@ -0,0 +1,20 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: nginx-web + namespace: default + labels: + app: nginx-web +spec: + replicas: 1 + selector: + matchLabels: + app: nginx-web + template: + metadata: + labels: + app: nginx-web + spec: + containers: + - name: nginx + image: nginx diff --git a/infra/vultr-kubernetes/k8s/nginx-service.yaml b/infra/vultr-kubernetes/k8s/nginx-service.yaml new file mode 100644 index 0000000..169cb53 --- /dev/null +++ b/infra/vultr-kubernetes/k8s/nginx-service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: nginx-web + namespace: default +spec: + selector: + app: nginx-web + ports: + - name: http + targetPort: 80 + port: 80 diff --git a/infra/vultr-kubernetes/k8s/traefik-ingress.yaml b/infra/vultr-kubernetes/k8s/traefik-ingress.yaml new file mode 100644 index 0000000..74596b8 --- /dev/null +++ b/infra/vultr-kubernetes/k8s/traefik-ingress.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: traefik-ingress + namespace: default + annotations: + kubernetes.io/ingress.class: traefik +spec: + rules: + - host: sample.temprah-lab.xyz + http: + paths: + - backend: + service: + name: nginx-web + port: + number: 80 + path: / + pathType: Prefix