Removing old kubernetes tf infrastructure
This commit is contained in:
parent
c602773657
commit
f15da0c88d
1
infra/vultr-kubernetes/k8s/.gitignore
vendored
1
infra/vultr-kubernetes/k8s/.gitignore
vendored
@ -1 +0,0 @@
|
||||
terraform.yaml
|
@ -1,33 +0,0 @@
|
||||
terraform {
|
||||
required_version = ">= 0.13"
|
||||
backend s3 {
|
||||
bucket = "project-athens"
|
||||
key = "infra/vke/k8s/state/build.tfstate"
|
||||
region = "us-west-1"
|
||||
encrypt = true
|
||||
}
|
||||
required_providers {
|
||||
# For interacting with S3
|
||||
aws = {
|
||||
source = "hashicorp/aws"
|
||||
version = "~> 5.0"
|
||||
}
|
||||
kubernetes = {
|
||||
source = "hashicorp/kubernetes"
|
||||
version = "2.30.0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
provider aws {
|
||||
access_key = var.aws_key
|
||||
secret_key = var.aws_secret
|
||||
region = var.aws_region
|
||||
max_retries = 1
|
||||
}
|
||||
|
||||
provider kubernetes {
|
||||
config_path = "terraform.yaml"
|
||||
}
|
||||
|
||||
|
@ -1,50 +0,0 @@
|
||||
resource kubernetes_ingress_v1 athens {
|
||||
metadata {
|
||||
name = var.shockrahxyz.name
|
||||
namespace = kubernetes_namespace.websites.metadata.0.name
|
||||
labels = {
|
||||
app = "websites"
|
||||
}
|
||||
}
|
||||
spec {
|
||||
rule {
|
||||
host = "test.shockrah.xyz"
|
||||
http {
|
||||
path {
|
||||
backend {
|
||||
service {
|
||||
name = var.shockrahxyz.name
|
||||
port {
|
||||
number = 80
|
||||
}
|
||||
}
|
||||
}
|
||||
path = "/"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
resource kubernetes_service athens_lb {
|
||||
metadata {
|
||||
name = "athens-websites"
|
||||
namespace = kubernetes_namespace.websites.metadata.0.name
|
||||
labels = {
|
||||
app = "websites"
|
||||
}
|
||||
}
|
||||
spec {
|
||||
selector = {
|
||||
app = kubernetes_ingress_v1.athens.metadata.0.labels.app
|
||||
}
|
||||
port {
|
||||
port = 80
|
||||
target_port = 80
|
||||
}
|
||||
type = "LoadBalancer"
|
||||
external_ips = [ var.cluster.ip ]
|
||||
}
|
||||
}
|
||||
|
@ -1,5 +0,0 @@
|
||||
resource kubernetes_namespace websites {
|
||||
metadata {
|
||||
name = "websites"
|
||||
}
|
||||
}
|
@ -1,62 +0,0 @@
|
||||
# First we setup the ingress controller with helm
|
||||
|
||||
|
||||
```sh
|
||||
helm repo add traefik https://helm.traefik.io/traefik
|
||||
helm repo update
|
||||
# Now we can install this to our cluster
|
||||
helm install --kubeconfig config.yaml traefik traefik/traefik
|
||||
```
|
||||
|
||||
# Prove the service is present with
|
||||
|
||||
```sh
|
||||
kubectl --kubeconfig config.yaml get svc
|
||||
```
|
||||
|
||||
# Create the pods
|
||||
|
||||
```sh
|
||||
kubectl --kubeconfig config.yaml -f k8s/nginx-dep.yaml
|
||||
```
|
||||
|
||||
# Expose on port 80
|
||||
|
||||
```sh
|
||||
kubectl --kubeconfig config.yaml -f k8s/nginx-service.yaml
|
||||
```
|
||||
|
||||
# Create ingress on k8s
|
||||
|
||||
```sh
|
||||
kubectl --kubeconfig config.yaml -f k8s/traefik-ingress.yaml
|
||||
```
|
||||
|
||||
# Take the external IP from the ingress
|
||||
|
||||
Put that into terraform's A record for the domain since this is a load balancer
|
||||
in Vultr ( actual resource apparantly )
|
||||
|
||||
# Configure cert-manager for traefik ingress
|
||||
|
||||
Using the latest version from here:
|
||||
https://github.com/cert-manager/cert-manager/releases/download/v1.14.2/cert-manager.crds.yaml
|
||||
|
||||
```sh
|
||||
kubectl --kubeconfig config.yaml \
|
||||
apply --validate=false \
|
||||
-f https://github.com/cert-manager/cert-manager/releases/download/v1.14.2/cert-manager.yaml
|
||||
```
|
||||
|
||||
# Create the cert issuer and certificate
|
||||
|
||||
|
||||
```sh
|
||||
kubectl --kubeconfig config.yaml apply -f k8s/letsencrypt-issuer.yaml
|
||||
kubectl --kubeconfig config.yaml apply -f k8s/letsencrypt-issuer.yaml
|
||||
```
|
||||
|
||||
Because we just have 1 cert for now we are looking for it's status to be `READY`
|
||||
|
||||
|
||||
|
@ -1,21 +0,0 @@
|
||||
Plain nginx for now so that we can test out reverse dns
|
||||
resource kubernetes_pod shockrah {
|
||||
metadata {
|
||||
name = var.shockrahxyz.name
|
||||
namespace = kubernetes_namespace.websites.metadata.0.name
|
||||
labels = {
|
||||
app = var.shockrahxyz.name
|
||||
}
|
||||
}
|
||||
spec {
|
||||
container {
|
||||
image = "nginx"
|
||||
name = "${var.shockrahxyz.name}"
|
||||
port {
|
||||
container_port = 80
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1,35 +0,0 @@
|
||||
# API Keys required to reach AWS/Vultr
|
||||
variable vultr_api_key {
|
||||
type = string
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
variable aws_key {
|
||||
type = string
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
variable aws_secret {
|
||||
type = string
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
variable aws_region {
|
||||
type = string
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
variable shockrahxyz {
|
||||
type = object({
|
||||
name = string
|
||||
port = number
|
||||
dns = string
|
||||
})
|
||||
}
|
||||
|
||||
variable cluster {
|
||||
type = object({
|
||||
ip = string
|
||||
})
|
||||
}
|
||||
|
@ -1,37 +0,0 @@
|
||||
# Here we are going to define the deployment and service
|
||||
# Basically all things directly related to the actual service we want to provide
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
metadata:
|
||||
name: alternate-nginx-web
|
||||
namespace: default
|
||||
labels:
|
||||
app: alternate-nginx-web
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: alternate-nginx-web
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: alternate-nginx-web
|
||||
spec:
|
||||
# Container comes from an example thing i randomly found on docker hub
|
||||
containers:
|
||||
- name: alternate-nginx-web
|
||||
image: dockerbogo/docker-nginx-hello-world
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: alternate-nginx-web
|
||||
namespace: default
|
||||
spec:
|
||||
selector:
|
||||
app: alternate-nginx-web
|
||||
ports:
|
||||
- name: http
|
||||
targetPort: 80
|
||||
port: 80
|
@ -1,30 +0,0 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: hello.temprah-lab.xyz
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: hello.temprah-lab.xyz-tls
|
||||
issuerRef:
|
||||
name: letsencrypt-prod
|
||||
kind: ClusterIssuer
|
||||
commonName: hello.temprah-lab.xyz
|
||||
dnsNames:
|
||||
- hello.temprah-lab.xyz
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-prod-hello
|
||||
namespace: default
|
||||
spec:
|
||||
acme:
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
email: dev@shockrah.xyz
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-prod-hello
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: traefik
|
||||
|
@ -1,13 +0,0 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: sample.temprah-lab.xyz
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: sample.temprah-lab.xyz-tls
|
||||
issuerRef:
|
||||
name: letsencrypt-prod
|
||||
kind: ClusterIssuer
|
||||
commonName: sample.temprah-lab.xyz
|
||||
dnsNames:
|
||||
- sample.temprah-lab.xyz
|
@ -1,15 +0,0 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-prod
|
||||
namespace: default
|
||||
spec:
|
||||
acme:
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
email: dev@shockrah.xyz
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-prod
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: traefik
|
@ -1,20 +0,0 @@
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
metadata:
|
||||
name: nginx-web
|
||||
namespace: default
|
||||
labels:
|
||||
app: nginx-web
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: nginx-web
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: nginx-web
|
||||
spec:
|
||||
containers:
|
||||
- name: nginx
|
||||
image: nginx
|
@ -1,12 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: nginx-web
|
||||
namespace: default
|
||||
spec:
|
||||
selector:
|
||||
app: nginx-web
|
||||
ports:
|
||||
- name: http
|
||||
targetPort: 80
|
||||
port: 80
|
@ -1,44 +0,0 @@
|
||||
# This is the first thing we need to create, an issue to put certs into
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: ClusterIssuer
|
||||
metadata:
|
||||
name: letsencrypt-prod
|
||||
namespace: default
|
||||
spec:
|
||||
acme:
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
email: dev@shockrah.xyz
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-temprah-lab
|
||||
solvers:
|
||||
- http01:
|
||||
ingress:
|
||||
class: traefik
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: hello.temprah-lab.xyz
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: hello.temprah-lab.xyz-tls
|
||||
issuerRef:
|
||||
name: letsencrypt-temprah-lab
|
||||
kind: ClusterIssuer
|
||||
commonName: hello.temprah-lab.xyz
|
||||
dnsNames:
|
||||
- hello.temprah-lab.xyz
|
||||
---
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: sample.temprah-lab.xyz
|
||||
namespace: default
|
||||
spec:
|
||||
secretName: sample.temprah-lab.xyz-tls
|
||||
issuerRef:
|
||||
name: letsencrypt-temprah-lab
|
||||
kind: ClusterIssuer
|
||||
commonName: sample.temprah-lab.xyz
|
||||
dnsNames:
|
||||
- sample.temprah-lab.xyz
|
@ -1,31 +0,0 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: traefik-ingress
|
||||
namespace: default
|
||||
labels:
|
||||
name: project-athens-lb
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: traefik
|
||||
spec:
|
||||
rules:
|
||||
- host: sample.temprah-lab.xyz
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
service:
|
||||
name: nginx-web
|
||||
port:
|
||||
number: 80
|
||||
path: /
|
||||
pathType: Prefix
|
||||
- host: hello.temprah-lab.xyz
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
service:
|
||||
name: alternate-nginx-web
|
||||
port:
|
||||
number: 80
|
||||
path: /
|
||||
pathType: Prefix
|
Loading…
Reference in New Issue
Block a user