API tools faq
paste
k3NGuru

Untitled

k3NGuru
Aug 25th, 2022
194
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.59 KB | None | 0 0
raw download clone embed print report
  1. resource "kubernetes_namespace" "oc_namespace" {
  2. metadata {
  3. name = var.release_name
  4. }
  5. }
  6.  
  7. resource "kubernetes_service_account" "oc_sa" {
  8. metadata {
  9. name = var.release_name
  10. namespace = kubernetes_namespace.oc_namespace.id
  11. }
  12. }
  13.  
  14. resource "kubernetes_secret" "oc_secret" {
  15. metadata {
  16. name = var.release_name
  17. namespace = kubernetes_namespace.oc_namespace.id
  18. annotations = {
  19. "kubernetes.io/service-account.name" = kubernetes_service_account.oc_sa.metadata[0].name
  20. }
  21. }
  22.  
  23. type = "kubernetes.io/service-account-token"
  24.  
  25. lifecycle {
  26. ignore_changes = [data]
  27. }
  28. }
  29.  
  30.  
  31. resource "kubernetes_cluster_role_binding" "oc_role_binding" {
  32. metadata {
  33. name = var.release_name
  34. }
  35.  
  36. role_ref {
  37. api_group = "rbac.authorization.k8s.io"
  38. kind = "ClusterRole"
  39. name = "cluster-admin"
  40. }
  41.  
  42. subject {
  43. kind = "ServiceAccount"
  44. name = kubernetes_service_account.oc_sa.metadata[0].name
  45. namespace = kubernetes_namespace.oc_namespace.id
  46. }
  47.  
  48. }
  49.  
  50. resource "kubernetes_config_map" "oc_configmap" {
  51. metadata {
  52. name = var.release_name
  53. namespace = kubernetes_namespace.oc_namespace.id
  54. }
  55.  
  56. data = var.bridge_vars
  57. }
  58.  
  59. resource "kubernetes_deployment" "oc_deployment" {
  60. metadata {
  61. name = var.release_name
  62. namespace = kubernetes_namespace.oc_namespace.id
  63. labels = {
  64. k8s-app = var.release_name
  65. }
  66. }
  67.  
  68. spec {
  69. replicas = var.replicas
  70.  
  71. selector {
  72. match_labels = {
  73. k8s-app = var.release_name
  74. }
  75. }
  76.  
  77. template {
  78. metadata {
  79. labels = {
  80. k8s-app = var.release_name
  81. }
  82. }
  83.  
  84. spec {
  85. service_account_name = kubernetes_service_account.oc_sa.metadata[0].name
  86. automount_service_account_token = true
  87. node_selector = var.node_selector
  88.  
  89. container {
  90. name = var.release_name
  91. image = join(split(":", var.console_version)[0] == "sha256" ? "@" : ":", [
  92. "quay.io/openshift/origin-console",
  93. var.console_version
  94. ])
  95.  
  96. resources {
  97. requests = {
  98. cpu = "500m"
  99. memory = "512Mi"
  100. }
  101. limits = {
  102. cpu = "500m"
  103. memory = "512Mi"
  104. }
  105. }
  106.  
  107. env_from {
  108. config_map_ref {
  109. name = kubernetes_config_map.oc_configmap.metadata[0].name
  110. }
  111. }
  112.  
  113. env {
  114. name = "BRIDGE_K8S_AUTH_BEARER_TOKEN"
  115. value_from {
  116. secret_key_ref {
  117. key = "token"
  118. name = kubernetes_secret.oc_secret.metadata[0].name
  119. }
  120. }
  121. }
  122.  
  123. env {
  124. name = "BRIDGE_K8S_MODE_OFF_CLUSTER_ENDPOINT"
  125. value = "https://$(KUBERNETES_SERVICE_HOST):$(KUBERNETES_SERVICE_PORT)"
  126. }
  127.  
  128. command = ["/opt/bridge/bin/bridge"]
  129. }
  130. }
  131. }
  132. }
  133. }
  134.  
  135. resource "kubernetes_service" "oc_service" {
  136. metadata {
  137. name = var.release_name
  138. namespace = kubernetes_namespace.oc_namespace.id
  139. labels = {
  140. "k8s-app" = kubernetes_deployment.oc_deployment.metadata[0].labels.k8s-app
  141. }
  142. }
  143.  
  144. spec {
  145. selector = {
  146. "k8s-app" = var.release_name
  147. }
  148.  
  149. port {
  150. port = 9000
  151. target_port = 9000
  152. }
  153.  
  154. type = "ClusterIP"
  155. }
  156. }
  157.  
  158. locals {
  159. middlewares = flatten([
  160. length(var.users) > 0 ? [{
  161. name = "${kubernetes_namespace.oc_namespace.id}-${module.auth[0].name}@kubernetescrd"
  162. }] : [],
  163. length(var.whitelist) > 0 ? [{
  164. name = "${kubernetes_namespace.oc_namespace.id}-${kubectl_manifest.oc_middleware_whitelist[0].name}@kubernetescrd"
  165. }] : []
  166. ])
  167. }
  168.  
  169. resource "kubectl_manifest" "dashboard_certificate" {
  170. yaml_body = yamlencode({
  171. apiVersion = "cert-manager.io/v1"
  172. kind = "Certificate"
  173. metadata = {
  174. name = var.dashboard_host
  175. namespace = kubernetes_namespace.oc_namespace.id
  176. }
  177. spec = {
  178. secretName = join(".", [
  179. var.dashboard_host,
  180. "pem"
  181. ])
  182. issuerRef = {
  183. kind = "ClusterIssuer"
  184. name = var.letsencrypt_issuer_name
  185. }
  186. dnsNames = [
  187. var.dashboard_host
  188. ]
  189. }
  190. })
  191. }
  192.  
  193. resource "kubectl_manifest" "oc_ingress_route" {
  194. yaml_body = yamlencode({
  195. apiVersion = "traefik.containo.us/v1alpha1"
  196. kind = "IngressRoute"
  197. metadata = {
  198. name = var.release_name
  199. namespace = kubernetes_namespace.oc_namespace.id
  200. }
  201.  
  202. spec = {
  203. entryPoints = [
  204. "websecure"
  205. ]
  206.  
  207. routes = [
  208. {
  209. match = "Host(`${var.dashboard_host}`) && PathPrefix(`/`)"
  210. kind = "Rule"
  211. priority = 12
  212. services = [
  213. {
  214. name = kubernetes_service.oc_service.metadata[0].name
  215. kind = "Service"
  216. namespace = kubernetes_namespace.oc_namespace.id
  217. port = 9000
  218. weight = 1
  219. }
  220. ]
  221.  
  222. middlewares = local.middlewares
  223. },
  224. {
  225. match = "Host(`${var.dashboard_host}`) && Path(`/favicon.ico`)"
  226. kind = "Rule"
  227. priority = 20
  228. services = [
  229. {
  230. name = kubernetes_service.oc_service.metadata[0].name
  231. kind = "Service"
  232. namespace = kubernetes_namespace.oc_namespace.id
  233. port = 9000
  234. weight = 1
  235. }
  236. ]
  237. middlewares = [
  238. {
  239. name = "${kubernetes_namespace.oc_namespace.id}-${kubectl_manifest.oc_middleware_favicon.name}@kubernetescrd"
  240. }
  241. ]
  242. }
  243. ]
  244. tls = {
  245. secretName = "${var.dashboard_host}.pem"
  246. }
  247. }
  248. })
  249. }
  250.  
  251. module "auth" {
  252. count = length(var.users) > 0 ? 1 : 0
  253.  
  254. source = "../traefik-basic-auth-middleware"
  255.  
  256. name = join("-", [
  257. var.release_name,
  258. "auth"
  259. ])
  260.  
  261. namespace = kubernetes_namespace.oc_namespace.id
  262. users = var.users
  263. }
  264.  
  265. resource "kubectl_manifest" "oc_middleware_whitelist" {
  266. count = length(var.whitelist) > 0 ? 1 : 0
  267.  
  268. yaml_body = yamlencode({
  269. apiVersion = "traefik.containo.us/v1alpha1"
  270. kind = "Middleware"
  271. metadata = {
  272. name = join("-", [
  273. var.release_name,
  274. "white-list"
  275. ])
  276. namespace = kubernetes_namespace.oc_namespace.id
  277. }
  278.  
  279. spec = {
  280. ipWhiteList = {
  281. sourceRange = var.whitelist
  282. }
  283. }
  284. })
  285. }
  286.  
  287. resource "kubectl_manifest" "oc_middleware_favicon" {
  288. yaml_body = yamlencode({
  289. apiVersion = "traefik.containo.us/v1alpha1"
  290. kind = "Middleware"
  291. metadata = {
  292. name = join("-", [
  293. var.release_name,
  294. "favicon"
  295. ])
  296. namespace = kubernetes_namespace.oc_namespace.id
  297. }
  298.  
  299. spec = {
  300. replacePath = {
  301. path = "/static/assets/okd-favicon.png"
  302. }
  303. }
  304. })
  305. }
  306.  
  307. resource "kubectl_manifest" "oc_vm_rules" {
  308. count = var.vm_rules ? 1 : 0
  309.  
  310. yaml_body = yamlencode({
  311. apiVersion = "operator.victoriametrics.com/v1beta1"
  312. kind = "VMRule"
  313. metadata = {
  314. name = join("-", [
  315. var.release_name,
  316. "rules"
  317. ])
  318. namespace = kubernetes_namespace.oc_namespace.id
  319. }
  320.  
  321. spec = {
  322. groups = [{
  323. name = "oc-vm-rules"
  324. rules = yamldecode(file("${path.module}/rules.yaml"))
  325. }]
  326. }
  327. })
  328. }
  329.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!