From e929fa0d9dac9757bfb8eecb3615a4091ba4aa46 Mon Sep 17 00:00:00 2001 From: Mauritz Uphoff Date: Wed, 14 May 2025 16:13:32 +0200 Subject: [PATCH] Initial commit --- .forgejo/workflows/default.yaml | 28 +++++++ .gitignore | 7 ++ .terraform.lock.hcl | 83 ++++++++++++++++++ 00-backend.tf | 1 + 01-variables.tf | 15 ++++ 02-provider.tf | 33 ++++++++ 03-rancher.tf | 144 ++++++++++++++++++++++++++++++++ 7 files changed, 311 insertions(+) create mode 100644 .forgejo/workflows/default.yaml create mode 100644 .gitignore create mode 100644 .terraform.lock.hcl create mode 100644 00-backend.tf create mode 100644 01-variables.tf create mode 100644 02-provider.tf create mode 100644 03-rancher.tf diff --git a/.forgejo/workflows/default.yaml b/.forgejo/workflows/default.yaml new file mode 100644 index 0000000..6c85152 --- /dev/null +++ b/.forgejo/workflows/default.yaml @@ -0,0 +1,28 @@ +name: CI + +on: [push] + +jobs: + secrets-scan: + name: TruffleHog Secrets Scan + runs-on: docker + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: trufflehog-actions-scan + uses: https://github.com/edplato/trufflehog-actions-scan@master + + terraform: + name: Terraform Format & Validate + runs-on: docker + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - uses: https://github.com/hashicorp/setup-terraform@v3 + with: + terraform_version: "1.5.7" + + - name: Format Terraform Code + run: terraform fmt -recursive -check \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ada6d96 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +.idea +.terraform +*.tfstate +terraform.tfstate +terraform.tfstate.backup +.DS_Store +keys/stackit-sa.json \ No newline at end of file diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl new file mode 100644 index 0000000..7beb861 --- /dev/null +++ b/.terraform.lock.hcl @@ -0,0 +1,83 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/helm" { + version = "2.17.0" + hashes = [ + "h1:kQMkcPVvHOguOqnxoEU2sm1ND9vCHiT8TvZ2x6v/Rsw=", + "zh:06fb4e9932f0afc1904d2279e6e99353c2ddac0d765305ce90519af410706bd4", + "zh:104eccfc781fc868da3c7fec4385ad14ed183eb985c96331a1a937ac79c2d1a7", + "zh:129345c82359837bb3f0070ce4891ec232697052f7d5ccf61d43d818912cf5f3", + "zh:3956187ec239f4045975b35e8c30741f701aa494c386aaa04ebabffe7749f81c", + "zh:66a9686d92a6b3ec43de3ca3fde60ef3d89fb76259ed3313ca4eb9bb8c13b7dd", + "zh:88644260090aa621e7e8083585c468c8dd5e09a3c01a432fb05da5c4623af940", + "zh:a248f650d174a883b32c5b94f9e725f4057e623b00f171936dcdcc840fad0b3e", + "zh:aa498c1f1ab93be5c8fbf6d48af51dc6ef0f10b2ea88d67bcb9f02d1d80d3930", + "zh:bf01e0f2ec2468c53596e027d376532a2d30feb72b0b5b810334d043109ae32f", + "zh:c46fa84cc8388e5ca87eb575a534ebcf68819c5a5724142998b487cb11246654", + "zh:d0c0f15ffc115c0965cbfe5c81f18c2e114113e7a1e6829f6bfd879ce5744fbb", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.36.0" + constraints = ">= 2.14.0" + hashes = [ + "h1:94wlXkBzfXwyLVuJVhMdzK+VGjFnMjdmFkYhQ1RUFhI=", + "zh:07f38fcb7578984a3e2c8cf0397c880f6b3eb2a722a120a08a634a607ea495ca", + "zh:1adde61769c50dbb799d8bf8bfd5c8c504a37017dfd06c7820f82bcf44ca0d39", + "zh:39707f23ab58fd0e686967c0f973c0f5a39c14d6ccfc757f97c345fdd0cd4624", + "zh:4cc3dc2b5d06cc22d1c734f7162b0a8fdc61990ff9efb64e59412d65a7ccc92a", + "zh:8382dcb82ba7303715b5e67939e07dd1c8ecddbe01d12f39b82b2b7d7357e1d9", + "zh:88e8e4f90034186b8bfdea1b8d394621cbc46a064ff2418027e6dba6807d5227", + "zh:a6276a75ad170f76d88263fdb5f9558998bf3a3f7650d7bd3387b396410e59f3", + "zh:bc816c7e0606e5df98a0c7634b240bb0c8100c3107b8b17b554af702edc6a0c5", + "zh:cb2f31d58f37020e840af52755c18afd1f09a833c4903ac59270ab440fab57b7", + "zh:ee0d103b8d0089fb1918311683110b4492a9346f0471b136af46d3b019576b22", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:f688b9ec761721e401f6859c19c083e3be20a650426f4747cd359cdc079d212a", + ] +} + +provider "registry.terraform.io/hashicorp/random" { + version = "3.7.2" + hashes = [ + "h1:KG4NuIBl1mRWU0KD/BGfCi1YN/j3F7H4YgeeM7iSdNs=", + "zh:14829603a32e4bc4d05062f059e545a91e27ff033756b48afbae6b3c835f508f", + "zh:1527fb07d9fea400d70e9e6eb4a2b918d5060d604749b6f1c361518e7da546dc", + "zh:1e86bcd7ebec85ba336b423ba1db046aeaa3c0e5f921039b3f1a6fc2f978feab", + "zh:24536dec8bde66753f4b4030b8f3ef43c196d69cccbea1c382d01b222478c7a3", + "zh:29f1786486759fad9b0ce4fdfbbfece9343ad47cd50119045075e05afe49d212", + "zh:4d701e978c2dd8604ba1ce962b047607701e65c078cb22e97171513e9e57491f", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:7b8434212eef0f8c83f5a90c6d76feaf850f6502b61b53c329e85b3b281cba34", + "zh:ac8a23c212258b7976e1621275e3af7099e7e4a3d4478cf8d5d2a27f3bc3e967", + "zh:b516ca74431f3df4c6cf90ddcdb4042c626e026317a33c53f0b445a3d93b720d", + "zh:dc76e4326aec2490c1600d6871a95e78f9050f9ce427c71707ea412a2f2f1a62", + "zh:eac7b63e86c749c7d48f527671c7aee5b4e26c10be6ad7232d6860167f99dbb0", + ] +} + +provider "registry.terraform.io/stackitcloud/stackit" { + version = "0.51.0" + constraints = "0.51.0" + hashes = [ + "h1:xEq9g1RuX4WIA3KNHyYgnBfWwY7mNn3yQGlFn/WbX9o=", + "zh:0dde99e7b343fa01f8eefc378171fb8621bedb20f59157d6cc8e3d46c738105f", + "zh:2d920411cbf4976d0fdf0d0d3f0403929b0c1e21ca3c3aa09031651b8bd1f614", + "zh:4067b3b21b50d55485edda9da11fd0df4188a05e02c3bc9332ad24f6a5c977e8", + "zh:46e25c4058e5ff5b321e2f3c23521acba4722b626cb427ed17f970515e3efb8c", + "zh:4bbe1904333a5dc00584915b94271e8482ca06586de4f345d3b1f019057d5dff", + "zh:7480e6d7deb519fc15f28156fe09b201f73c0654944526ac3da3510c902feaa9", + "zh:7868dd37c44423a9bb5b5fbd883171d2c36fd4507f7545de355caffbf20c2b99", + "zh:a5b47602355cb1611673fcb26f972529f5d6fe0e11a47b1b916e610ecb10fc86", + "zh:aefa5b9a0eefecac09e10c8c4d0ff2109b9a9eabd163fa34b48116f7a205b66f", + "zh:c6a5b0737198add8bed3affc072b09ee87f928c4c25437fe1a5871b6d454c879", + "zh:d07dcbc92463ebe2f28f9125b74e362ccf32f4d5bc71ee339c6d28dce7229a8d", + "zh:d63dd003fbe2752694d70e1accce9bb8d118e6332ac7a08a844109b93c98e8f2", + "zh:f32ebcb26ae57d7c7480e07b5a42eec57ee410097072c216485ceca3254a98f2", + "zh:f3b78e090125cb02136677cc7faf5a3a317a620132c0211bfd6fe63e66de2807", + "zh:f5db68035985aba0b6a8b66da7b653dbb02b4dcc8f0f8efc6ff243b7bad16d99", + ] +} diff --git a/00-backend.tf b/00-backend.tf new file mode 100644 index 0000000..41e0572 --- /dev/null +++ b/00-backend.tf @@ -0,0 +1 @@ +terraform {} \ No newline at end of file diff --git a/01-variables.tf b/01-variables.tf new file mode 100644 index 0000000..eadf3c5 --- /dev/null +++ b/01-variables.tf @@ -0,0 +1,15 @@ +variable "stackit_project_id" { + type = string + default = "d75e6aab-b616-4b42-ae3b-aaf161ad626d" + /*default = "XXXXX-XXXX-XXXX-XXXX-XXXXXXX"*/ +} + +variable "stackit_region" { + type = string + default = "eu01" +} + +variable "stackit_service_account_key_path" { + type = string + default = "./keys/stackit-sa.json" +} \ No newline at end of file diff --git a/02-provider.tf b/02-provider.tf new file mode 100644 index 0000000..2753f6a --- /dev/null +++ b/02-provider.tf @@ -0,0 +1,33 @@ +terraform { + required_providers { + stackit = { + source = "stackitcloud/stackit" + version = "0.51.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = ">=2.14.0" + } + } +} + +provider "stackit" { + default_region = var.stackit_region + service_account_key_path = var.stackit_service_account_key_path +} + +provider "kubernetes" { + host = yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters.0.cluster.server + client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users.0.user.client-certificate-data) + client_key = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users.0.user.client-key-data) + cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters.0.cluster.certificate-authority-data) +} + +provider "helm" { + kubernetes { + host = yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters.0.cluster.server + client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users.0.user.client-certificate-data) + client_key = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).users.0.user.client-key-data) + cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.example.kube_config).clusters.0.cluster.certificate-authority-data) + } +} \ No newline at end of file diff --git a/03-rancher.tf b/03-rancher.tf new file mode 100644 index 0000000..126a86d --- /dev/null +++ b/03-rancher.tf @@ -0,0 +1,144 @@ +resource "random_string" "random" { + length = 4 + lower = true + upper = false + special = false +} + +resource "stackit_ske_cluster" "default" { + project_id = var.stackit_project_id + name = "ske-${random_string.random.result}" + kubernetes_version_min = "1.31" + node_pools = [ + { + name = "standard" + machine_type = "c1.4" + minimum = "1" + maximum = "3" + max_surge = "3" + availability_zones = ["eu01-1", "eu01-2", "eu01-3"] + os_version_min = "4152.2.1" + os_name = "flatcar" + volume_size = 32 + volume_type = "storage_premium_perf6" + } + ] + maintenance = { + enable_kubernetes_version_updates = true + enable_machine_image_version_updates = true + start = "01:00:00Z" + end = "02:00:00Z" + } +} + +resource "stackit_ske_kubeconfig" "example" { + project_id = var.stackit_project_id + cluster_name = stackit_ske_cluster.default.name + refresh = true +} + +resource "kubernetes_namespace" "rancher" { + metadata { + name = "rancher" + } +} + +resource "kubernetes_namespace" "cert_manager" { + metadata { + name = "cert-manager" + } +} + +resource "kubernetes_namespace" "nginx" { + metadata { + name = "nginx" + } +} + +resource "helm_release" "cert_manager" { + name = "cert-manager" + namespace = kubernetes_namespace.cert_manager.metadata[0].name + repository = "https://charts.jetstack.io" + chart = "cert-manager" + version = "1.17.2" + + values = [<