shockrah/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Slowly building proper cluster

Browse Source
This commit is contained in:
shockrah 2024-02-21 22:57:08 -08:00
parent c395709c65
commit 5409586c18
8 changed files with 143 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
infra/vultr-kubernetes/.gitignore vendored
View File

@ -1 +1,3 @@
secrets.sh secrets.sh
# Kubernetes config
config.yaml

15
infra/vultr-kubernetes/build.sh Normal file
View File

@ -0,0 +1,15 @@
#!/bin/bash
set -e
plan=out.plan
refresh=$1
plan() {
set -x
terraform plan -var-file variables.tfvars -input=false -out $plan
}
[[ -z "$refresh " ]] && plan || source ./secrets.sh && plan

52
infra/vultr-kubernetes/cluster-setup.md Normal file
View File

@ -0,0 +1,52 @@
# First we setup the ingress controller with helm
```sh
helm repo add traefik https://helm.traefik.io/traefik
helm repo update
# Now we can install this to our cluster
helm install --kubeconfig config.yaml traefik traefik/traefik
```
# Prove the service is present with
```sh
kubectl --kubeconfig config.yaml get svc
```
# Create the pods
```sh
kubectl --kubeconfig config.yaml -f k8s/nginx-dep.yaml
```
# Expose on port 80
```sh
kubectl --kubeconfig config.yaml -f k8s/nginx-service.yaml
```
# Create ingress on k8s
```sh
kubectl --kubeconfig config.yaml -f k8s/traefik-ingress.yaml
```
# Take the external IP from the ingress
Put that into terraform's A record for the domain since this is a load balancer
in Vultr ( actual resource apparantly )
# Configure cert-manager for traefik ingress
Using the latest version from here:
https://github.com/cert-manager/cert-manager/releases/download/v1.14.2/cert-manager.crds.yaml
```sh
kubectl --kubeconfig config.yaml \
apply --validate=false \
-f https://github.com/cert-manager/cert-manager/releases/download/v1.14.2/cert-manager.yaml
```

8
infra/vultr-kubernetes/dns.tf
View File

@ -2,3 +2,11 @@ resource vultr_dns_domain temprah_lab {
domain = var.lab_domain domain = var.lab_domain
ip = vultr_kubernetes.athens.ip ip = vultr_kubernetes.athens.ip
} }
resource vultr_dns_record sample_dns {
domain = vultr_dns_domain.temprah_lab.id
name = "sample"
data = "45.32.68.232"
# data = vultr_kubernetes.athens.ip
type = "A"
}

15
infra/vultr-kubernetes/k8s/letsencrypt-issuer.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letencrypt-prod
namespace: default
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: dev@shockrah.xyz
privateKeySecretRef:
name: letencrypt-prod
solvers:
- http01:
ingress:
class: traefik

20
infra/vultr-kubernetes/k8s/nginx-dep.yaml Normal file
View File

@ -0,0 +1,20 @@
kind: Deployment
apiVersion: apps/v1
metadata:
name: nginx-web
namespace: default
labels:
app: nginx-web
spec:
replicas: 1
selector:
matchLabels:
app: nginx-web
template:
metadata:
labels:
app: nginx-web
spec:
containers:
- name: nginx
image: nginx

12
infra/vultr-kubernetes/k8s/nginx-service.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: v1
kind: Service
metadata:
name: nginx-web
namespace: default
spec:
selector:
app: nginx-web
ports:
- name: http
targetPort: 80
port: 80

19
infra/vultr-kubernetes/k8s/traefik-ingress.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: traefik-ingress
namespace: default
annotations:
kubernetes.io/ingress.class: traefik
spec:
rules:
- host: sample.temprah-lab.xyz
http:
paths:
- backend:
service:
name: nginx-web
port:
number: 80
path: /
pathType: Prefix