2022-05-08 17:02:47 +02:00
|
|
|
# Install
|
|
|
|
|
2022-06-04 14:07:06 +02:00
|
|
|
#data "flux_install" "main" {
|
|
|
|
# target_path = var.path
|
|
|
|
# network_policy = false
|
|
|
|
# version = "latest"
|
|
|
|
#}
|
|
|
|
#
|
|
|
|
#resource "kubernetes_namespace" "flux_system" {
|
|
|
|
# metadata {
|
|
|
|
# name = var.namespace
|
|
|
|
# }
|
|
|
|
#
|
|
|
|
# lifecycle {
|
|
|
|
# ignore_changes = [
|
|
|
|
# metadata[0].labels,
|
|
|
|
# ]
|
|
|
|
# }
|
|
|
|
#}
|
|
|
|
#
|
|
|
|
#resource "kubernetes_namespace" "prod" {
|
|
|
|
# metadata {
|
|
|
|
# name = "prod"
|
|
|
|
# }
|
|
|
|
#
|
|
|
|
# lifecycle {
|
|
|
|
# ignore_changes = [
|
|
|
|
# metadata[0].labels,
|
|
|
|
# ]
|
|
|
|
# }
|
|
|
|
#}
|
|
|
|
#
|
|
|
|
#resource "kubernetes_namespace" "platform" {
|
|
|
|
# metadata {
|
|
|
|
# name = "platform"
|
|
|
|
# }
|
|
|
|
#
|
|
|
|
# lifecycle {
|
|
|
|
# ignore_changes = [
|
|
|
|
# metadata[0].labels,
|
|
|
|
# ]
|
|
|
|
# }
|
|
|
|
#}
|
|
|
|
#
|
|
|
|
#data "kubectl_file_documents" "apply" {
|
|
|
|
# content = data.flux_install.main.content
|
|
|
|
#}
|
|
|
|
#
|
|
|
|
## Convert documents list to include parsed yaml data
|
|
|
|
#locals {
|
|
|
|
# apply = [for v in data.kubectl_file_documents.apply.documents : {
|
|
|
|
# data : yamldecode(v)
|
|
|
|
# content : v
|
|
|
|
# }
|
|
|
|
# ]
|
|
|
|
#}
|
|
|
|
#
|
|
|
|
## Apply manifests on the cluster
|
|
|
|
#resource "kubectl_manifest" "apply" {
|
|
|
|
# for_each = { for v in local.apply : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content }
|
|
|
|
# depends_on = [kubernetes_namespace.flux_system]
|
|
|
|
# yaml_body = each.value
|
|
|
|
#}
|
|
|
|
#
|
|
|
|
## Sync
|
|
|
|
#
|
|
|
|
#data "flux_sync" "main" {
|
|
|
|
# target_path = var.path
|
|
|
|
# url = var.url
|
|
|
|
# branch = var.branch
|
|
|
|
#}
|
|
|
|
#
|
|
|
|
## Split multi-doc YAML with
|
|
|
|
## https://registry.terraform.io/providers/gavinbunney/kubectl/latest
|
|
|
|
#data "kubectl_file_documents" "sync" {
|
|
|
|
# content = data.flux_sync.main.content
|
|
|
|
#}
|
|
|
|
#
|
|
|
|
## Convert documents list to include parsed yaml data
|
|
|
|
#locals {
|
|
|
|
# sync = [for v in data.kubectl_file_documents.sync.documents : {
|
|
|
|
# data : yamldecode(v)
|
|
|
|
# content : v
|
|
|
|
# }
|
|
|
|
# ]
|
|
|
|
#}
|
|
|
|
#
|
|
|
|
## Apply manifests on the cluster
|
|
|
|
#resource "kubectl_manifest" "sync" {
|
|
|
|
# for_each = { for v in local.sync : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content }
|
|
|
|
# depends_on = [kubernetes_namespace.flux_system]
|
|
|
|
# yaml_body = each.value
|
|
|
|
#}
|
|
|
|
#
|
|
|
|
#locals {
|
|
|
|
# known_hosts = <<EOT
|
|
|
|
#git.front.kjuulh.io ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJdO0Tw0e/Fa78g1Xszc4oKaOPbTwl7RTAaGQb0TrV8
|
|
|
|
#git.front.kjuulh.io ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO61xoa0ON2Y8rpIB6R9PFxg9HUxMym8Z5I4vYUC+/UnzaDx9YUEGo3Vig9wBo6Hc2lAp0BIwH/d5d6uBBEIj/Y=
|
|
|
|
#EOT
|
|
|
|
#}
|
|
|
|
#
|
|
|
|
## Generate a Kubernetes secret with the Git credentials
|
|
|
|
#resource "kubernetes_secret" "main" {
|
|
|
|
# depends_on = [kubectl_manifest.apply]
|
|
|
|
#
|
|
|
|
# metadata {
|
|
|
|
# name = data.flux_sync.main.secret
|
|
|
|
# namespace = data.flux_sync.main.namespace
|
|
|
|
# }
|
|
|
|
#
|
|
|
|
# data = {
|
|
|
|
# identity = var.ssh_private_key_pem
|
|
|
|
# "identity.pub" = var.ssh_public_key_pem
|
|
|
|
# # identity = <<EOT
|
|
|
|
# #-----BEGIN OPENSSH PRIVATE KEY-----
|
|
|
|
# #b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
|
|
|
# #QyNTUxOQAAACBYZYPLAjLRZhUHfk4yTLmiQTDmdWPIgZTI+dGLgpY/GAAAAJgGvLdRBry3
|
|
|
|
# #UQAAAAtzc2gtZWQyNTUxOQAAACBYZYPLAjLRZhUHfk4yTLmiQTDmdWPIgZTI+dGLgpY/GA
|
|
|
|
# #AAAEBmqJkdSt8H6HIVzV6Na8ukBOj4Bywd970sQVPWAz8Ug1hlg8sCMtFmFQd+TjJMuaJB
|
|
|
|
# #MOZ1Y8iBlMj50YuClj8YAAAAEWNvbnRhY3RAa2p1dWxoLmlvAQIDBA==
|
|
|
|
# #-----END OPENSSH PRIVATE KEY-----
|
|
|
|
# #EOT
|
|
|
|
# # "identity.pub" = <<EOT
|
|
|
|
# #ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFhlg8sCMtFmFQd+TjJMuaJBMOZ1Y8iBlMj50YuClj8Y contact@kjuulh.io
|
|
|
|
# #EOT
|
|
|
|
# known_hosts = local.known_hosts
|
|
|
|
# }
|
|
|
|
#}
|