old-portfolio/terraform-hideyoshi.com
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #58 from HideyoshiSolutions/staging

Browse Source 
Staging - Implements KUBECONFIG Env Secret for Github
This commit is contained in:
Vitor Hideyoshi
2024-10-21 03:28:27 -03:00
committed by GitHub
parent 7ea606cabf 8953e7601f
commit 056ccc1150
9 changed files with 175 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
.terraform.lock.hcl generated
View File

@@ -2,30 +2,31 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/cloudflare/cloudflare" {
version = "4.41.0"
version = "4.44.0"
constraints = "~> 4.0"
hashes = [
"h1:YxQqmiES/Yanq/VfGqBEqg+VIO7FGhO88aKoWFHyGIg=",
"zh:339d26e06dc6fb299ea8aad9476a60fd65bb1d40631ae8eeb81cddf2dd2bebc8",
"zh:3dec2ad96ac2c283fd34ce65781b55c4edbb4d5c5cb53da8e31537176c0ed562",
"zh:5f63a5f8080319a2fff09d4d49944829fa708723436520787cfb60725ced80cf",
"zh:67162c28ccea71cb8141ed15c0637e35621354ebe14878e0b75a8f160fc5505d",
"zh:6ac1e07f5347b6395aca690ed22101bb25e957d25f986f760ff673a7adfd5ef6",
"zh:70282a723c7b52fcabde2baad41c864ed3a8d69f0c4d27a6b6933cac434cffc6",
"h1:MeMGdavako/OPTU/qAgKRIQKD49x9tn4PGrOTWi9tFE=",
"zh:0cae95e8c9d2d979669712745251dcf5720cee2a59bb81d8ad2c2dcf0e6e0c7a",
"zh:1220aee9549e7938648f6a36237929ead0de8244c6a00f8e8cded559f4b65a2f",
"zh:23ae1862e5fe5b583b8ec2c96f80a5ba0e3883be8e1169a0484a45106cc238ce",
"zh:3034654c6f34e419c53dcd6ea558b715e1150fbcc70c93209c5ee88a03025072",
"zh:3b64a66f3ddeb04345511262ad9376eb3c26e0683a78f47a3fd7f5e71f3f7e27",
"zh:4b29435e1e8f970b92bb38eca52820f7a8362c16235334aef9a83be32bd00094",
"zh:4f8fe69db7f54bce0e78a4c671aa5db20515114626035051f387d9833f4a5a91",
"zh:86776bfbdabd2095975be9b3ca999c2f47ca5194ece6c58c69130ccfa2e3c97d",
"zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
"zh:924cd23abc326c6b3914e2cd9c94c7832c2552e1e9ae258fb9fd9aedaa5f7ce7",
"zh:a4b75e4c239879296259e7d54f1befbc7fdc16da2d62d1294e9f73add4cae61e",
"zh:a6ceb08feb63b00c7141783b31e45a154c76fd8cdebbdf371074805f0053572d",
"zh:afae1843f9ba85f2f6d94108c65cf43a457e83531a632d44d863e935160cb2ba",
"zh:bd6628ce60c778960a5755f7010b7e2cc5c6ff0341a21c175341b28058ec843d",
"zh:cd30866a1ff99d72b5fa1699db582fa4f25562e6ab21dcc6870324f3056108e0",
"zh:df5924cca691a8220aaaebb5cb55c3d6c32ff0a881f198695eff28155eb12b54",
"zh:e78d0696c941aba58df1cb36b8a0d25cd5f3963f01d9338fdbda74db58afdd49",
"zh:9d50271a09ee01a7105c06e582c52743a3baaf46f298d52bfc9e64cd7bfaa712",
"zh:a1e12d1c3472d457140de0e8b77a4b09e5cdcd3e2f6c0be0fe0dae0526d368db",
"zh:ad638e2c91490367d55ec6fe46ee34a9f7c151ca6e3cc52e5bad9f358e77f1aa",
"zh:cc4c496f2c594994a9d966f7ebe00a797eca9b924ac1bbe5aef26ec83ec7f833",
"zh:e74d5a3695deb38c2858d1c99c424495900e9b298ca8961c0a2fc1b3714c4c77",
"zh:f4b6efa4c2b4c85c92171dc0824dbf42af9dde5250131494de803e0b9fe1ea3c",
]
}
provider "registry.terraform.io/hashicorp/aws" {
version = "5.17.0"
version = "5.17.0"
constraints = "5.17.0"
hashes = [
"h1:U+EDfeUqefebA1h7KyBMD1xH0h311LMi7wijPDPkC/0=",
"zh:0087b9dd2c9c638fd63e527e5b9b70988008e263d480a199f180efe5a4f070f0",
@@ -66,24 +67,47 @@ provider "registry.terraform.io/hashicorp/tls" {
}
provider "registry.terraform.io/hideyoshinakazone/yoshik3s" {
version = "1.0.2"
constraints = "1.0.2"
version = "1.1.2"
constraints = "1.1.2"
hashes = [
"h1:tYLW91AxEBT8s9pI3VHFY11gOsqPy0H9LVVurZuPM3g=",
"zh:0f3e923af5149b99c06601927a627155b3ae04842e134e120a20b8d52e400f84",
"zh:12fa90815f52a634dfcae3d524de7bf4036c1743e27e7849b1f40829348aa49b",
"zh:24b0115ede90da5f673836da5b0e07e0fd001d222d69d995f6540cc318ac41ea",
"zh:32b79d30d5db9729d93d8379f407129ec8ebe9ad1e6a3f829460596bf22e27c0",
"zh:42fd73d44621d920fdce7bef2723fe9c0cbeb7f41e10e0f6a31ff7c4aad13314",
"zh:545feed9fe952a94ee271fc3275852dd64fccfb547141974675a096b254cdce5",
"zh:5487273f5169923b495f6507c585d68cfca3ddec0d47cb000380a20eb45b94fb",
"zh:65e788a9c1aba218c3f67ea3da7198911735bc453944ef27197559c8148a3d27",
"zh:867dc1030b4c66194dea42d3dcfd0af9a20a6e6333b0fc9cfb07d288125b1f64",
"h1:uDVSqN9btXzL8OnRvF304HPe5YxvFXEZnmHNmcauU6g=",
"zh:3270ea02bbf0ea278fd591b27bfd00833c7e423b4d1caf66d39af6a30303d23b",
"zh:3c6f1e875ed85c88507eb563bb4f69588d5f6feb08954e5181af96cb5b5a2a1c",
"zh:3cfabe1d3aebdc1f068adf30a50a4431498941a4fd973790319b3d2397166e5e",
"zh:41086b7a39e5dab278bf81553bb60afc0a342fec522468d2fb80ad97a3697fe0",
"zh:61b717d38c874ce76e7381430b835206b5181e33fce20acfabce823f6368e012",
"zh:627f64523d97c58ad5d9f49eba9829a0942e7779b47350d38ffbba8c2dca0b74",
"zh:8651f7f9c3871f4bdb42791885f419b982de529d7dd6b2b972ce61cb513efec5",
"zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
"zh:962a8a157d318f76a2946d637a75adccbf1fd11e49a6c852af9f59548ca97246",
"zh:cc4a5aef6f685da2ccb998676dd4b3aadbc828546fc9cd5d1dc26bbadb42a5c3",
"zh:d163b0a206fcaecc51539ad0b38c5e4b362ec2778187c15fe2196e9201770a3b",
"zh:d8bf1b4a124dedf266a3b45477ea0091058c3609e0eaa4edcd0f2470868ef938",
"zh:ddc7157397b683b244b9dbc725308f2c3745d74ebac180e74cffd7ad5b521da8",
"zh:97ac4579087dffa9273b150a9e5530fc125995267761617562801ec6a5c71681",
"zh:b4e2fabbb7021bdfa426260d2a149fa9df6aa76fbdbd55ff116d6272c6c85d0d",
"zh:bde3df5b97ba7efb66d157abe3794bff04ac9d1991e371a1434ac95f4c5365cb",
"zh:d9d883b9bb6c739f3bf503d22ceecdeb3f02ce882a57b14d34b505e87b010ed1",
"zh:dcbee4b7333a3ff76c1c2456798698ab947a10aa836487ad3a58593b40a118f6",
"zh:df401b5f864b7cf5612f506ae64af097940e0c33ca8876f335a5755af6e66998",
"zh:fb1550ba2bf12fc700d81391b3ace9987601d8d80f1fc428524963aba4765a97",
]
}
provider "registry.terraform.io/integrations/github" {
version = "6.3.1"
constraints = "6.3.1"
hashes = [
"h1:kNCbU7jr9j09hqWwyXGFDN95Un28gWO2kY2yImv1MDY=",
"zh:25ae1cb97ec528e6b7e9330489f4a33acc0fa80b909c113a8445656bc524c5b9",
"zh:3e1f6300dc10e52a54f13352770ed79f25ff4ba9ac49b776c52a655a3488a20b",
"zh:4aaf2877ec22e63358d7c9cd48c7d7947d1a1dc4d03231f0af193d8975d5918a",
"zh:4b904a81fac12a2a7606c8d811cb9c4e13581adcaaa19e503a067ac95c515925",
"zh:54fe7e0dca04e698631a5b86bdd43ef09a31375e68f8f89970b4315cd5fc6312",
"zh:6b14f92cf62784eaf20f43ef58ce966735f30d43deeab077943bd410c0d8b8b2",
"zh:86c49a1c11c024b26b6750c446f104922a3fe8464d3706a5fb9a4a05c6ca0b0a",
"zh:8939fb6332c4a58c4e90245eb9f0110987ccafff06b45a7ed513f2759a2abe6a",
"zh:8b4068a78c1f357325d1151facdb1aff506b9cd79d2bab21a55651255a130e2f",
"zh:ae22f5e52f534f19811d7f9480b4eb442f12ff16367b3893abb4e449b029ff6b",
"zh:afae9cfd9d49002ddfea552aa4844074b9974bd56ff2c2458f2297fe0df56a5b",
"zh:bc7a434408eb16a4fbceec0bd86b108a491408b727071402ad572cdb1afa2eb7",
"zh:c8e4728ea2d2c6e3d2c1bc5e7d92ed1121c02bab687702ec2748e3a6a0844150",
"zh:f6314b2cff0c0a07a216501cda51b35e6a4c66a2418c7c9966ccfe701e01b6b0",
"zh:fbd1fee2c9df3aa19cf8851ce134dea6e45ea01cb85695c1726670c285797e25",
]
}

2
bucket/bucket.tf
View File

@@ -13,6 +13,8 @@ terraform {
resource "aws_s3_bucket" "default" {
bucket = "${var.project_name}-bucket"
force_destroy = true
}
resource "aws_s3_bucket_public_access_block" "bucket_public_disabled" {

23
config.tf
View File

@@ -15,6 +15,7 @@ variable "project_domain" {
variable "k3s_token" {
type = string
sensitive = true
}
variable "number_of_workers" {
@@ -25,14 +26,17 @@ variable "number_of_workers" {
variable "aws_region" {
type = string
default = "sa-east-1"
sensitive = true
}
variable "aws_access" {
type = string
sensitive = true
}
variable "aws_secret" {
type = string
sensitive = true
}
variable "aws_instance_type" {
@@ -47,16 +51,35 @@ variable "aws_ami" {
variable "cloudflare_api_token" {
type = string
sensitive = true
}
variable "cloudflare_zone_id" {
type = string
sensitive = true
}
variable "ssh_public_key_main" {
type = string
sensitive = true
}
variable "ssh_public_key_ci_cd" {
type = string
sensitive = true
}
variable "github_owner" {
type = string
default = "HideyoshiSolutions"
}
variable "github_token" {
type = string
sensitive = true
}
variable "github_repository" {
type = string
default = "infra-hideyoshi.com"
}

19
github/config.tf Normal file
View File

@@ -0,0 +1,19 @@
variable "environment_name" {
type = string
}
variable "github_owner" {
type = string
default = "HideyoshiSolutions"
}
variable "github_repository" {
type = string
default = "infra-hideyoshi.com"
}
variable "cluster_kubeconfig" {
type = string
sensitive = true
}

23
github/github.tf Normal file
View File

@@ -0,0 +1,23 @@
terraform {
required_providers {
github = {
source = "integrations/github"
version = "6.3.1"
}
}
}
data "github_user" "current" {
username = ""
}
data "github_repository" "infra_hideyoshi_com" {
full_name = "${var.github_owner}/${var.github_repository}"
}
resource "github_actions_environment_secret" "cluster_kubeconfig" {
repository = data.github_repository.infra_hideyoshi_com.name
environment = var.environment_name
secret_name = "KUBECONFIG"
plaintext_value = chomp(var.cluster_kubeconfig)
}

16
instances/instance.tf
View File

@@ -118,7 +118,7 @@ resource "aws_instance" "worker" {
instance_market_options {
market_type = "spot"
spot_options {
max_price = 0.0014
max_price = 0.0020
instance_interruption_behavior = "stop"
spot_instance_type = "persistent"
}
@@ -166,14 +166,12 @@ output "pool_master_public_ip" {
}
output "pool_master_instance" {
value = [
{
host: aws_instance.main.public_ip
port: 22
user: "ubuntu"
private_key: tls_private_key.terraform_ssh_key.private_key_pem
}
]
value = {
host: aws_instance.main.public_ip
port: 22
user: "ubuntu"
private_key: tls_private_key.terraform_ssh_key.private_key_pem
}
}
output "pool_worker_instances" {

4
kubernetes/config.tf
View File

@@ -15,12 +15,12 @@ variable "master_server_address" {
}
variable "cluster_main_node" {
type = list(object({
type = object({
host = string
port = string
user = string
private_key = string
}))
})
description = "map of objects - main cluster nodes - [host, port]"
}

25
kubernetes/kubernetes.tf
View File

@@ -2,7 +2,7 @@ terraform {
required_providers {
yoshik3s = {
source = "HideyoshiNakazone/yoshik3s"
version = "1.0.2"
version = "1.1.2"
}
}
}
@@ -13,6 +13,7 @@ terraform {
resource "yoshik3s_cluster" "main_cluster" {
name = "main-cluster"
token = var.cluster_token
address = var.cluster_domain
k3s_version = "v1.30.2+k3s2"
}
@@ -20,27 +21,21 @@ resource "yoshik3s_cluster" "main_cluster" {
resource "yoshik3s_master_node" "master_node" {
cluster = yoshik3s_cluster.main_cluster
count = length(var.cluster_main_node)
node_connection = {
host = var.cluster_main_node[count.index].host
port = var.cluster_main_node[count.index].port
user = var.cluster_main_node[count.index].user
private_key = var.cluster_main_node[count.index].private_key
host = var.cluster_main_node.host
port = var.cluster_main_node.port
user = var.cluster_main_node.user
private_key = var.cluster_main_node.private_key
}
node_options = [
"--write-kubeconfig-mode 644",
"--disable traefik",
"--node-label node_type=master",
"--tls-san ${var.cluster_domain}"
]
}
resource "yoshik3s_worker_node" "worker_node" {
master_server_address = var.master_server_address
cluster = yoshik3s_cluster.main_cluster
count = length(var.cluster_worker_node)
@@ -55,4 +50,12 @@ resource "yoshik3s_worker_node" "worker_node" {
node_options = [
"--node-label node_type=worker",
]
depends_on = [yoshik3s_master_node.master_node]
}
output "cluster_kubeconfig" {
value = yoshik3s_master_node.master_node.kubeconfig
sensitive = true
}

28
main.tf
View File

@@ -12,7 +12,11 @@ terraform {
}
yoshik3s = {
source = "HideyoshiNakazone/yoshik3s"
version = "1.0.2"
version = "1.1.2"
}
github = {
source = "integrations/github"
version = "6.3.1"
}
}
}
@@ -31,6 +35,11 @@ provider "yoshik3s" {
# No configuration needed
}
provider "github" {
owner = var.github_owner
token = var.github_token
}
### MODULES
@@ -80,3 +89,20 @@ module "kubernetes" {
cluster_main_node = module.instances.pool_master_instance
cluster_worker_node = module.instances.pool_worker_instances
}
module "github" {
source = "./github"
providers = {
github = github
}
environment_name = var.environment_name
github_owner = var.github_owner
github_repository = var.github_repository
cluster_kubeconfig = module.kubernetes.cluster_kubeconfig
}
output "cluster_kubeconfig" {
value = module.kubernetes.cluster_kubeconfig
sensitive = true
}