117 lines
3.1 KiB
HCL
117 lines
3.1 KiB
HCL
# Install
|
|
|
|
data "flux_install" "main" {
|
|
target_path = var.path
|
|
network_policy = false
|
|
version = "latest"
|
|
}
|
|
|
|
resource "kubernetes_namespace" "flux_system" {
|
|
metadata {
|
|
name = var.namespace
|
|
}
|
|
|
|
lifecycle {
|
|
ignore_changes = [
|
|
metadata[0].labels,
|
|
]
|
|
}
|
|
}
|
|
|
|
resource "kubernetes_namespace" "prod" {
|
|
metadata {
|
|
name = "prod"
|
|
}
|
|
|
|
lifecycle {
|
|
ignore_changes = [
|
|
metadata[0].labels,
|
|
]
|
|
}
|
|
}
|
|
|
|
data "kubectl_file_documents" "apply" {
|
|
content = data.flux_install.main.content
|
|
}
|
|
|
|
# Convert documents list to include parsed yaml data
|
|
locals {
|
|
apply = [for v in data.kubectl_file_documents.apply.documents : {
|
|
data : yamldecode(v)
|
|
content : v
|
|
}
|
|
]
|
|
}
|
|
|
|
# Apply manifests on the cluster
|
|
resource "kubectl_manifest" "apply" {
|
|
for_each = { for v in local.apply : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content }
|
|
depends_on = [kubernetes_namespace.flux_system]
|
|
yaml_body = each.value
|
|
}
|
|
|
|
# Sync
|
|
|
|
data "flux_sync" "main" {
|
|
target_path = var.path
|
|
url = var.url
|
|
branch = var.branch
|
|
}
|
|
|
|
# Split multi-doc YAML with
|
|
# https://registry.terraform.io/providers/gavinbunney/kubectl/latest
|
|
data "kubectl_file_documents" "sync" {
|
|
content = data.flux_sync.main.content
|
|
}
|
|
|
|
# Convert documents list to include parsed yaml data
|
|
locals {
|
|
sync = [for v in data.kubectl_file_documents.sync.documents : {
|
|
data : yamldecode(v)
|
|
content : v
|
|
}
|
|
]
|
|
}
|
|
|
|
# Apply manifests on the cluster
|
|
resource "kubectl_manifest" "sync" {
|
|
for_each = { for v in local.sync : lower(join("/", compact([v.data.apiVersion, v.data.kind, lookup(v.data.metadata, "namespace", ""), v.data.metadata.name]))) => v.content }
|
|
depends_on = [kubernetes_namespace.flux_system]
|
|
yaml_body = each.value
|
|
}
|
|
|
|
locals {
|
|
known_hosts = <<EOT
|
|
git.front.kjuulh.io ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJdO0Tw0e/Fa78g1Xszc4oKaOPbTwl7RTAaGQb0TrV8
|
|
git.front.kjuulh.io ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO61xoa0ON2Y8rpIB6R9PFxg9HUxMym8Z5I4vYUC+/UnzaDx9YUEGo3Vig9wBo6Hc2lAp0BIwH/d5d6uBBEIj/Y=
|
|
EOT
|
|
}
|
|
|
|
# Generate a Kubernetes secret with the Git credentials
|
|
resource "kubernetes_secret" "main" {
|
|
depends_on = [kubectl_manifest.apply]
|
|
|
|
metadata {
|
|
name = data.flux_sync.main.secret
|
|
namespace = data.flux_sync.main.namespace
|
|
}
|
|
|
|
data = {
|
|
identity = var.ssh_private_key_pem
|
|
"identity.pub" = var.ssh_public_key_pem
|
|
# identity = <<EOT
|
|
#-----BEGIN OPENSSH PRIVATE KEY-----
|
|
#b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
|
#QyNTUxOQAAACBYZYPLAjLRZhUHfk4yTLmiQTDmdWPIgZTI+dGLgpY/GAAAAJgGvLdRBry3
|
|
#UQAAAAtzc2gtZWQyNTUxOQAAACBYZYPLAjLRZhUHfk4yTLmiQTDmdWPIgZTI+dGLgpY/GA
|
|
#AAAEBmqJkdSt8H6HIVzV6Na8ukBOj4Bywd970sQVPWAz8Ug1hlg8sCMtFmFQd+TjJMuaJB
|
|
#MOZ1Y8iBlMj50YuClj8YAAAAEWNvbnRhY3RAa2p1dWxoLmlvAQIDBA==
|
|
#-----END OPENSSH PRIVATE KEY-----
|
|
#EOT
|
|
# "identity.pub" = <<EOT
|
|
#ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFhlg8sCMtFmFQd+TjJMuaJBMOZ1Y8iBlMj50YuClj8Y contact@kjuulh.io
|
|
#EOT
|
|
known_hosts = local.known_hosts
|
|
}
|
|
}
|