diff --git a/.gitignore b/.gitignore index b746b62..74fdb4a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,7 +1,36 @@ *.json -.terraform/* +# Local .terraform directories +**/.terraform/* -**.hcl +# .tfstate files *.tfstate -*.tfstate.backup \ No newline at end of file +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc \ No newline at end of file diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl new file mode 100644 index 0000000..a1d24b2 --- /dev/null +++ b/.terraform.lock.hcl @@ -0,0 +1,47 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.17.0" + hashes = [ + "h1:U+EDfeUqefebA1h7KyBMD1xH0h311LMi7wijPDPkC/0=", + "zh:0087b9dd2c9c638fd63e527e5b9b70988008e263d480a199f180efe5a4f070f0", + "zh:0fd532a4fd03ddef11f0502ff9fe4343443e1ae805cb088825a71d6d48906ec7", + "zh:16411e731100cd15f7e165f53c23be784b2c86c2fcfd34781e0642d17090d342", + "zh:251d520927e77f091e2ec6302e921d839a2430ac541c6a461aed7c08fb5eae12", + "zh:4919e69682dc2a8c32d44f6ebc038a52c9f40af9c61cb574b64e322800d6a794", + "zh:5334c60759d5f76bdc51355d1a3ebcc451d4d20f632f5c73b6e55c52b5dc9e52", + "zh:7341a2b7247572eba0d0486094a870b872967702ec0ac7af728c2df2c30af4e5", + "zh:81d1b1cb2cac6b3922a05adab69543b678f344a01debd54500263700dad7a288", + "zh:882bc8e15ef6d4020a07321ec4c056977c5c1d96934118032922561d29504d43", + "zh:8cd4871ef2b03fd916de1a6dc7eb8a81a354c421177d4334a2e3308e50215e41", + "zh:97e12fe6529b21298adf1046c5e20ac35d0569c836a6f385ff041e257e00cfd2", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9f5baf5d59b9f3cf5504d1fa975f10f27da3791896a9e18ece47c258bac17634", + "zh:dffafba6731ac1db1c540bdbd6a8c878486b71de9d0ca1d23c5c00a6c3c14d80", + "zh:fa7440c3c15a42fc5731444d324ced75407d417bfe3184661ae47d40a9718dce", + ] +} + +provider "registry.terraform.io/zaneatwork/godaddy" { + version = "1.9.10" + constraints = "1.9.10" + hashes = [ + "h1:KZxLOy1oSAWDELKzlKog3Vkj7dkL5vnFM+upG05URZc=", + "zh:0f82e078d455e31432bb2dec1647afab95f1cf14ba4e4e466e84c83f7116f267", + "zh:29b0f2880ead720b735e10b1ea861556abfa77bcd9d2e19393bcbe9f01e9949f", + "zh:462a501f572be4340800963f0e32fff868edd822f70f7c0f89da078d85d7910f", + "zh:51f7023cc410b89e88e7f4d962dcf741165d98c5e77f34cdf92d69285efef521", + "zh:55103119896e8d9b58119c39a7f0df3ffc24f18e10274cd6e1c6fba02819840e", + "zh:55f95b8894874839402ed1ba21516a08c2de3ffe24a78e759c2a841f6fc174d3", + "zh:65fb702c9aabc2755722ab7c556a5e0d93c0fe23a12cd281a7c8274957b21027", + "zh:709de4a72eb680c543261e745a6b1049a06132cdc29856fa94d1a3ae04e66c8a", + "zh:80a6b47a5b7750aac95d6c8917a977269c8fd7194b65aa4a2848bdd0d6dc81c4", + "zh:a2cd5aca2f56e8cba11bdf72f2fb1a859a46b7f050131cd4348e103a1c1f0bef", + "zh:bb53536ebb52807811f3cb2337f679c427059024b2f1cb82909ab2dd9e412f61", + "zh:ca5c22df37d56e889946c6d5a2d9cdbde4443dffabc3c373d1483af6b0cc60e4", + "zh:d146fd079775588788f827af2cb248da9587c9a01f297f251ed4cf4a5f0b9b93", + "zh:d965709316a14d90f6e2fc9c35596b92f208347406e2588e87dec4793e92e5f6", + "zh:ef271d08825d3479a231fb03c9980b66ee5c7ecf4838e04fffcaabf7744a9d19", + ] +} diff --git a/bucket/.terraform.lock.hcl b/bucket/.terraform.lock.hcl new file mode 100644 index 0000000..5ba9129 --- /dev/null +++ b/bucket/.terraform.lock.hcl @@ -0,0 +1,24 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "5.17.0" + hashes = [ + "h1:U+EDfeUqefebA1h7KyBMD1xH0h311LMi7wijPDPkC/0=", + "zh:0087b9dd2c9c638fd63e527e5b9b70988008e263d480a199f180efe5a4f070f0", + "zh:0fd532a4fd03ddef11f0502ff9fe4343443e1ae805cb088825a71d6d48906ec7", + "zh:16411e731100cd15f7e165f53c23be784b2c86c2fcfd34781e0642d17090d342", + "zh:251d520927e77f091e2ec6302e921d839a2430ac541c6a461aed7c08fb5eae12", + "zh:4919e69682dc2a8c32d44f6ebc038a52c9f40af9c61cb574b64e322800d6a794", + "zh:5334c60759d5f76bdc51355d1a3ebcc451d4d20f632f5c73b6e55c52b5dc9e52", + "zh:7341a2b7247572eba0d0486094a870b872967702ec0ac7af728c2df2c30af4e5", + "zh:81d1b1cb2cac6b3922a05adab69543b678f344a01debd54500263700dad7a288", + "zh:882bc8e15ef6d4020a07321ec4c056977c5c1d96934118032922561d29504d43", + "zh:8cd4871ef2b03fd916de1a6dc7eb8a81a354c421177d4334a2e3308e50215e41", + "zh:97e12fe6529b21298adf1046c5e20ac35d0569c836a6f385ff041e257e00cfd2", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:9f5baf5d59b9f3cf5504d1fa975f10f27da3791896a9e18ece47c258bac17634", + "zh:dffafba6731ac1db1c540bdbd6a8c878486b71de9d0ca1d23c5c00a6c3c14d80", + "zh:fa7440c3c15a42fc5731444d324ced75407d417bfe3184661ae47d40a9718dce", + ] +} diff --git a/bucket/bucket.tf b/bucket/bucket.tf new file mode 100644 index 0000000..0f61229 --- /dev/null +++ b/bucket/bucket.tf @@ -0,0 +1,79 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "5.17.0" + configuration_aliases = [ aws.main ] + } + } +} + + +# S3 Bucket + +resource "aws_s3_bucket" "default" { + bucket = "${var.project_name}-bucket" +} + +resource "aws_s3_bucket_public_access_block" "bucket_public_disabled" { + bucket = aws_s3_bucket.default.id + + block_public_acls = true + block_public_policy = false + ignore_public_acls = true + restrict_public_buckets = true +} + +resource "aws_s3_bucket_ownership_controls" "s3_bucket_acl_ownership" { + bucket = aws_s3_bucket.default.id + rule { + object_ownership = "BucketOwnerPreferred" + } + depends_on = [aws_s3_bucket_public_access_block.bucket_public_disabled] +} + +resource "aws_s3_bucket_acl" "default" { + bucket = aws_s3_bucket.default.id + acl = "private" + depends_on = [aws_s3_bucket_ownership_controls.s3_bucket_acl_ownership] +} + +resource "aws_s3_bucket_policy" "default" { + bucket = aws_s3_bucket.default.id + depends_on = [aws_s3_bucket_public_access_block.bucket_public_disabled] + policy = <> /home/ubuntu/.ssh/authorized_keys; + +echo -e "export TERM='xterm-256color'" >> /home/ubuntu/.profile; + +su ubuntu -i << EOF +# curl -sfL https://get.k3s.io | \ +# K3S_TOKEN="${k3s_token}" sh -' +echo "HERE" >> /home/ubuntu/test.txt +EOF \ No newline at end of file diff --git a/instances/scripts/setup_worker.sh b/instances/scripts/setup_worker.sh new file mode 100644 index 0000000..7d5ce57 --- /dev/null +++ b/instances/scripts/setup_worker.sh @@ -0,0 +1,14 @@ +#!/bin/bash -xe + + +echo -e "\n${extra_key}" >> /home/ubuntu/.ssh/authorized_keys; + +echo "export TERM='xterm-256color'" > /home/ubuntu/.profile; + +su ubuntu -i << EOF +# curl -sfL https://get.k3s.io | \ +# INSTALL_K3S_EXEC="agent" \ +# K3S_TOKEN="${k3s_token}" \ +# sh -s - --server ${k3s_cluster_ip} +echo "HERE" >> /home/ubuntu/test.txt +EOF \ No newline at end of file diff --git a/k3s/k3s.tf b/k3s/k3s.tf new file mode 100644 index 0000000..411c761 --- /dev/null +++ b/k3s/k3s.tf @@ -0,0 +1,38 @@ +module "k3s" { + source = "xunleii/k3s/module" + version = "3.3.0" + k3s_version = "v1.21.4+k3s1" + + cluster_domain = "civo_k3s" + + drain_timeout = "60s" + managed_fields = ["label"] + generate_ca_certificates = true + + global_flags = [for instance in civo_instance.node_instances : "--tls-san ${instance.public_ip}"] + + servers = { + # The node name will be automatically provided by + # the module using the field name... any usage of + # --node-name in additional_flags will be ignored + + for instance in civo_instance.node_instances : + instance.hostname => { + ip = instance.private_ip + connection = { + timeout = "60s" + type = "ssh" + host = instance.public_ip + password = instance.initial_password + user = "root" + } + + labels = { "node.kubernetes.io/type" = "master" } + } + } +} + +output "kube_config" { + value = module.k3s.kube_config + sensitive = true +} \ No newline at end of file diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..cca818a --- /dev/null +++ b/main.tf @@ -0,0 +1,59 @@ +### PROVIDERS + +terraform { + required_providers { + godaddy = { + source = "zaneatwork/godaddy" + version = "1.9.10" + } + aws = { + source = "hashicorp/aws" + version = "5.17.0" + } + } +} + +provider "aws" { + region = var.aws_region + access_key = var.aws_access + secret_key = var.aws_secret +} + +provider "godaddy" { + key = var.godaddy_key + secret = var.godaddy_secret +} + + +### MODULES + +module "bucket" { + source = "./bucket" + providers = { + aws.main = aws + } + project_domain = var.project_domain + project_name = var.project_name +} + +module "instances" { + source = "./instances" + providers = { + aws.main = aws + } + project_domain = var.project_domain + project_name = var.project_name + k3s_token = var.k3s_token + number_of_workers = var.number_of_workers + aws_region = var.aws_region + ssh_public_key_main = var.ssh_public_key_main + ssh_public_key_ci_cd = var.ssh_public_key_ci_cd +} + +module "dns" { + source = "./dns" + providers = { + godaddy = godaddy + } + public_ip = module.instances.pool_master_public_ip +} \ No newline at end of file diff --git a/setup_main.sh b/setup_main.sh deleted file mode 100644 index 685d7a2..0000000 --- a/setup_main.sh +++ /dev/null @@ -1,8 +0,0 @@ -echo -e "\n${extra_key}" >> /home/ubuntu/.ssh/authorized_keys - -echo "export TERM='xterm-256color'" > .profile; - - -curl -sfL https://get.k3s.io | \ - K3S_TOKEN="${k3s_token}" \ - sh - \ No newline at end of file diff --git a/setup_worker.sh b/setup_worker.sh deleted file mode 100644 index 07e300a..0000000 --- a/setup_worker.sh +++ /dev/null @@ -1,9 +0,0 @@ -echo -e "\n${extra_key}" >> /home/ubuntu/.ssh/authorized_keys - -echo "export TERM='xterm-256color'" > .profile; - - -curl -sfL https://get.k3s.io | \ - INSTALL_K3S_EXEC="agent" \ - K3S_TOKEN="${k3s_token}" \ - sh -s - --server "${k3s_url}:6443" \ No newline at end of file diff --git a/terraform-cloud.tf b/terraform-cloud.tf new file mode 100644 index 0000000..7fb69fc --- /dev/null +++ b/terraform-cloud.tf @@ -0,0 +1,9 @@ +terraform { + cloud { + organization = "vitorhnbatista" + + workspaces { + name = "hideyoshi-portfolio" + } + } +} \ No newline at end of file diff --git a/terraform.tf b/terraform.tf deleted file mode 100644 index d142127..0000000 --- a/terraform.tf +++ /dev/null @@ -1,268 +0,0 @@ -### SET VARIABLES - -variable "project_name" { - type = string - default = "hideyoshi-portifolio" -} - -variable "project_domain" { - type = string -} - -variable "k3s_token" { - type = string -} - -variable "number_of_workers" { - type = number - default = 2 -} - -variable "aws_region" { - type = string - default = "sa-east-1" -} - -variable "aws_access" { - type = string -} - -variable "aws_secret" { - type = string -} - -variable "godaddy_key" { - type = string -} - -variable "godaddy_secret" { - type = string -} - -variable "ssh_public_key_main" { - type = string -} - -variable "ssh_public_key_ci_cd" { - type = string -} - - -### PROVIDERS - -terraform { - required_providers { - godaddy = { - source = "zaneatwork/godaddy" - version = "1.9.10" - } - aws = { - source = "hashicorp/aws" - version = "5.17.0" - } - } -} - -provider "aws" { - region = var.aws_region - access_key = var.aws_access - secret_key = var.aws_secret -} - -provider "godaddy" { - key = var.godaddy_key - secret = var.godaddy_secret -} - - -### RESOURCES - -# S3 Bucket - -resource "aws_s3_bucket" "default" { - bucket = "${var.project_name}-bucket" -} - -resource "aws_s3_bucket_public_access_block" "bucket_public_disabled" { - bucket = aws_s3_bucket.default.id - - block_public_acls = true - block_public_policy = false - ignore_public_acls = true - restrict_public_buckets = true -} - -resource "aws_s3_bucket_ownership_controls" "s3_bucket_acl_ownership" { - bucket = aws_s3_bucket.default.id - rule { - object_ownership = "BucketOwnerPreferred" - } - depends_on = [aws_s3_bucket_public_access_block.bucket_public_disabled] -} - -resource "aws_s3_bucket_acl" "default" { - bucket = aws_s3_bucket.default.id - acl = "private" - depends_on = [aws_s3_bucket_ownership_controls.s3_bucket_acl_ownership] -} - -resource "aws_s3_bucket_policy" "default" { - bucket = aws_s3_bucket.default.id - depends_on = [aws_s3_bucket_public_access_block.bucket_public_disabled] - policy = <