viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Drone CI Update TLS Certificates Commit

Browse source
This commit is contained in:
viktorbarzin 2021-09-19 00:03:30 +00:00
parent 894a24f849
commit ace595abb7
5 changed files with 220 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

8
main.tf
View file

@ -31,8 +31,8 @@ variable "drone_github_client_id" {}
variable "drone_github_client_secret" {}
variable "drone_rpc_secret" {}
# variable "dockerhub_password" {}
variable "oauth_client_id" {}
variable "oauth_client_secret" {}
# variable "oauth_client_id" {}
# variable "oauth_client_secret" {}
variable "url_shortener_mysql_password" {}
variable "url_shortener_geolite_license_key" {}
variable "url_shortener_api_key" {}
@ -218,8 +218,8 @@ module "kubernetes_cluster" {
drone_rpc_secret = var.drone_rpc_secret
# Oauth proxy
oauth_client_id = var.oauth_client_id
oauth_client_secret = var.oauth_client_secret
# oauth_client_id = var.oauth_client_id
# oauth_client_secret = var.oauth_client_secret
# depends_on = [module.k8s_master, module.k8s_node1, module.k8s_node2] # wait until master and at least 2 nodes are up
idrac_username = var.monitoring_idrac_username

179
modules/kubernetes/city-guesser/main.tf Normal file
View file

@ -0,0 +1,179 @@
variable "tls_secret_name" {}
# variable "dockerhub_password" {}
resource "kubernetes_namespace" "city-guesser" {
metadata {
name = "city-guesser"
}
}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "city-guesser"
tls_secret_name = var.tls_secret_name
}
# module "dockerhub_creds" {
# source = "../dockerhub_secret"
# namespace = "website"
# password = var.dockerhub_password
# }
resource "kubernetes_deployment" "city-guesser" {
metadata {
name = "city-guesser"
namespace = "city-guesser"
labels = {
run = "city-guesser"
}
}
spec {
replicas = 1
selector {
match_labels = {
run = "city-guesser"
}
}
template {
metadata {
labels = {
run = "city-guesser"
}
}
spec {
container {
image = "viktorbarzin/city-guesser:latest"
name = "city-guesser"
resources {
limits = {
cpu = "0.5"
memory = "512Mi"
}
requests = {
cpu = "250m"
memory = "50Mi"
}
}
port {
container_port = 80
}
}
}
}
}
}
resource "kubernetes_service" "city-guesser" {
metadata {
name = "city-guesser"
namespace = "city-guesser"
labels = {
"run" = "city-guesser"
}
}
spec {
selector = {
run = "city-guesser"
}
port {
name = "http"
port = "80"
target_port = "80"
}
}
}
# resource "kubernetes_service" "city-guesser-oauth" {
# metadata {
# name = "city-guesser-oauth"
# namespace = "city-guesser"
# labels = {
# "run" = "city-guesser-oauth"
# }
# }
# spec {
# type = "ExternalName"
# external_name = "oauth-proxy.oauth.svc.cluster.local"
# # port {
# # name = "tcp"
# # port = "80"
# # target_port = "80"
# # }
# }
# }
resource "kubernetes_ingress" "city-guesser" {
metadata {
name = "city-guesser-ingress"
namespace = "city-guesser"
annotations = {
"kubernetes.io/ingress.class" = "nginx"
# "nginx.ingress.kubernetes.io/auth-url" = "https://$host/oauth2/auth"
# "nginx.ingress.kubernetes.io/auth-signin" = "https://$host/oauth2/start?rd=$escaped_request_uri"
# "nginx.ingress.kubernetes.io/auth-response-headers" = "X-Auth-Request-User,X-Auth-Request-Email"
}
}
spec {
tls {
hosts = ["city-guesser.viktorbarzin.me"]
secret_name = var.tls_secret_name
}
rule {
host = "city-guesser.viktorbarzin.me"
http {
path {
path = "/"
backend {
service_name = "city-guesser"
service_port = "80"
}
}
}
}
}
}
# resource "kubernetes_ingress" "city-guesser-oauth" {
# metadata {
# name = "city-guesser-ingress-oauth"
# namespace = "city-guesser"
# annotations = {
# "kubernetes.io/ingress.class" = "nginx"
# }
# }
# spec {
# tls {
# hosts = ["city-guesser.viktorbarzin.me"]
# secret_name = var.tls_secret_name
# }
# rule {
# host = "city-guesser.viktorbarzin.me"
# http {
# path {
# path = "/oauth2"
# backend {
# service_name = "city-guesser-oauth"
# service_port = "80"
# }
# }
# }
# }
# }
# }
module "oauth" {
source = "../oauth-proxy"
# oauth_client_id = "3d8ce4bf7b893899d967"
# oauth_client_secret = "08dca09b05e511cfa7f85cd7f85c332fd0768113"
client_id = "3d8ce4bf7b893899d967"
client_secret = "08dca09b05e511cfa7f85cd7f85c332fd0768113"
namespace = "city-guesser"
host = "city-guesser.viktorbarzin.me"
tls_secret_name = var.tls_secret_name
svc_name = "city-guesser-oauth"
}

24
modules/kubernetes/main.tf
View file

@ -19,8 +19,8 @@ variable "drone_github_client_id" {}
variable "drone_github_client_secret" {}
variable "drone_rpc_secret" {}
# variable "dockerhub_password" {}
variable "oauth_client_id" {}
variable "oauth_client_secret" {}
# variable "oauth_client_id" {}
# variable "oauth_client_secret" {}
variable "url_shortener_geolite_license_key" {}
variable "url_shortener_api_key" {}
variable "url_shortener_mysql_password" {}
@ -147,14 +147,14 @@ module "monitoring" {
depends_on = [null_resource.core_services]
}
module "oauth" {
source = "./oauth-proxy"
tls_secret_name = var.tls_secret_name
client_id = var.oauth_client_id
client_secret = var.oauth_client_secret
# module "oauth" {
# source = "./oauth-proxy"
# tls_secret_name = var.tls_secret_name
# client_id = var.oauth_client_id
# client_secret = var.oauth_client_secret
depends_on = [null_resource.core_services]
}
# depends_on = [null_resource.core_services]
# }
module "openid_help_page" {
source = "./openid_help_page"
@ -188,6 +188,12 @@ module "reloader" {
source = "./reloader"
}
module "city-guesser" {
source = "./city-guesser"
tls_secret_name = var.tls_secret_name
depends_on = [null_resource.core_services]
}
module "url" {
source = "./url-shortener"
tls_secret_name = var.tls_secret_name

44
modules/kubernetes/oauth-proxy/main.tf
View file

@ -1,19 +1,18 @@
variable "tls_secret_name" {}
variable "namespace" {
type = string
}
variable "host" {
type = string
}
variable "tls_secret_name" {
type = string
}
variable "svc_name" {
type = string
}
variable "client_id" {}
variable "client_secret" {}
resource "kubernetes_namespace" "oauth" {
metadata {
name = "oauth"
}
}
module "tls_secret" {
source = "../setup_tls_secret"
namespace = "oauth"
tls_secret_name = var.tls_secret_name
}
resource "random_password" "cookie" {
length = 16
special = true
@ -23,7 +22,7 @@ resource "random_password" "cookie" {
resource "kubernetes_deployment" "oauth_proxy" {
metadata {
name = "oauth-proxy"
namespace = "oauth"
namespace = var.namespace
labels = {
run = "oauth-proxy"
}
@ -80,8 +79,8 @@ resource "kubernetes_deployment" "oauth_proxy" {
resource "kubernetes_service" "oauth_proxy" {
metadata {
name = "oauth-proxy"
namespace = "oauth"
name = var.svc_name
namespace = var.namespace
labels = {
run = "oauth-proxy"
}
@ -102,24 +101,25 @@ resource "kubernetes_service" "oauth_proxy" {
resource "kubernetes_ingress" "oauth" {
metadata {
name = "oauth-ingress"
namespace = "oauth"
namespace = var.namespace
annotations = {
"kubernetes.io/ingress.class" = "nginx"
"kubernetes.io/ingress.class" = "nginx"
"nginx.ingress.kubernetes.io/use-regex" = "true"
}
}
spec {
tls {
hosts = ["oauth.viktorbarzin.me"]
hosts = [var.host]
secret_name = var.tls_secret_name
}
rule {
host = "oauth.viktorbarzin.me"
host = var.host
http {
path {
path = "/"
path = "/oauth2/.*"
backend {
service_name = "oauth-proxy"
service_name = var.svc_name
service_port = "80"
}
}

BIN
terraform.tfvars
View file

Binary file not shown.