infra/modules/kubernetes/istio/main.tf

variable "tls_secret_name" {}

resource "kubernetes_namespace" "istio" {
  metadata {
    name = "istio-system"
  }
}

module "tls_secret" {
  source          = "../setup_tls_secret"
  namespace       = kubernetes_namespace.istio.metadata[0].name
  tls_secret_name = var.tls_secret_name
}

# to delete all CRDS: kubectl get crd -oname | grep --color=never 'istio.io' | xargs kubectl delete
resource "helm_release" "istio-base" {
  namespace        = kubernetes_namespace.istio.metadata[0].name
  create_namespace = false
  name             = "istio-base"
  atomic           = true

  repository = "https://istio-release.storage.googleapis.com/charts"
  chart      = "base"
  depends_on = [kubernetes_namespace.istio]
}

resource "helm_release" "istiod" {
  namespace        = kubernetes_namespace.istio.metadata[0].name
  create_namespace = false
  name             = "istiod"
  atomic           = true

  repository = "https://istio-release.storage.googleapis.com/charts"
  chart      = "istiod"
  depends_on = [kubernetes_namespace.istio]
}

resource "helm_release" "istio-gateway" {
  namespace        = kubernetes_namespace.istio.metadata[0].name
  create_namespace = false
  name             = "istio-gateway"
  atomic           = true

  repository = "https://istio-release.storage.googleapis.com/charts"
  chart      = "gateway"
  depends_on = [kubernetes_namespace.istio]
}

# Kiali dashboard
resource "helm_release" "kiali" {
  namespace        = kubernetes_namespace.istio.metadata[0].name
  create_namespace = false
  name             = "kiali"
  atomic           = true

  repository = "https://kiali.org/helm-charts"
  chart      = "kiali-operator"
  set {
    name  = "cr.create"
    value = "true"
  }
  set {
    name  = "cr.namespace"
    value = "istio-system"
  }
  values = [templatefile("${path.module}/kiali.yaml", {})]

  depends_on = [kubernetes_namespace.istio]
}

resource "kubernetes_secret" "kiali-token" {
  metadata {
    name      = "kiali-secret"
    namespace = kubernetes_namespace.istio.metadata[0].name
    annotations = {
      "kubernetes.io/service-account.name" : "kiali-service-account"
    }
  }
  type = "kubernetes.io/service-account-token"
}

# Gets auto removed. revisit after finishing power consmption analysis
# resource "kubernetes_ingress_v1" "kiali" {
#   metadata {
#     name      = "kiali"
#    namespace = kubernetes_namespace.istio.metadata[0].name
#     annotations = {
#       "kubernetes.io/ingress.class" = "nginx"
#       "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
#       "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
#     }
#   }

#   spec {
#     tls {
#       hosts       = ["kiali.viktorbarzin.me"]
#       secret_name = var.tls_secret_name
#     }
#     rule {
#       host = "kiali.viktorbarzin.me"
#       http {
#         path {
#           path = "/"
#           backend {
#             service {
#               name = "kiali"
#               port {
#                 number = 20001
#               }
#             }
#           }
#         }
#       }
#     }
#   }
# }