initial load

Author: brokedba

terraform-provider-civo/k8s/talos/.gitignore

@@ -0,0 +1,21 @@
+#  Local .terraform directories
+**/.terraform/*
+**/*.tfstate*
+**/*.out
+**/.terraform.*
+**/terraform.tfvars
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# .tfvars files
+*.tfvars
+*env-vars
+
+# Local Files
+**/.DS_Store
+**/crash.log
+**/.csv
+*.pem
+test/**

terraform-provider-civo/k8s/talos/civo_firewall-cluster.tf

@@ -0,0 +1,21 @@
+# Create a firewall
+resource "civo_firewall" "firewall" {
+  name                 = "${var.cluster_name_prefix}-firewall"
+  create_default_rules = false
+  network_id           = local.network_id
+
+  ingress_rule {
+    label      = "kubernetes-api-server"
+    protocol   = "tcp"
+    port_range = "6443"
+    cidr       = var.kubernetes_api_access
+    action     = "allow"
+  }
+    egress_rule {
+    label      = "all"
+    protocol   = "tcp"
+    port_range = "1-65535"
+    cidr       = ["0.0.0.0/0"]
+    action     = "allow"
+  }
+}

terraform-provider-civo/k8s/talos/civo_firewall-ingress.tf

@@ -0,0 +1,21 @@
+# Create a firewall
+resource "civo_firewall" "firewall-ingress" {
+  name                 = "${var.cluster_name_prefix}-firewall-ingress"
+  create_default_rules = false
+  network_id           = local.network_id
+  ingress_rule {
+    protocol    = "tcp"
+    port_range  = "80"
+    cidr        = var.cluster_web_access
+    label       = "web"
+    action      = "allow"
+  }
+
+  ingress_rule {
+    protocol    = "tcp"
+    port_range   = "443"
+    cidr        = var.cluster_websecure_access
+    label       = "websecure"
+    action      = "allow"
+  }
+}

terraform-provider-civo/k8s/talos/civo_object_store-template.tf

@@ -0,0 +1,11 @@
+resource "civo_object_store" "template" {
+  count       = var.object_store_enabled ? 1 : 0
+  name        = "${var.cluster_name_prefix}objectstore"
+  max_size_gb = var.object_store_size
+}
+
+
+data "civo_object_store_credential" "object_store" {
+  count = var.object_store_enabled ? 1 : 0
+  id    = civo_object_store.template[0].access_key_id
+}

terraform-provider-civo/k8s/talos/cluster-tools.tf

@@ -0,0 +1,42 @@
+# Description: This file contains the configuration for deploying Grafana on Kubernetes using Helm. 
+# Namespace
+resource "kubernetes_namespace" "landing_ns" {
+  depends_on = [local_file.cluster-config]
+  metadata {
+    name = var.kubernetes_namespace
+  }
+}
+
+
+
+# Create namespace cluster-tools for supporting services
+resource "kubernetes_namespace" "cluster_tools" {
+  metadata {
+    name = var.cluster_tools_namespace
+    # allow for privileged prometheus-node-exporter to scrape Hostnetwork & HostPID metrics
+    labels = {
+      "pod-security.kubernetes.io/enforce" = "privileged"
+    }
+  }
+
+  count = local.use_cluster_tools_namespace ? 1 : 0
+
+}
+
+locals {
+  # Helm repos
+  helm_repository = {
+    ingress_nginx          = "https://kubernetes.github.io/ingress-nginx"
+    ingress_nginx_version  = "4.11.2" #"4.6.1"
+    jetstack               = "https://charts.jetstack.io" # cert-manager
+    jetstack_version       = "1.15.3" #"1.12.0"           # cert-manager
+    grafana                = "https://grafana.github.io/helm-charts"
+    grafana_version        = "8.4.8" #"8.13.1"
+    prometheus             = "https://prometheus-community.github.io/helm-charts"
+    prometheus_version     =  "27.11.0" # "25.26.0"
+    metrics_server         = "https://kubernetes-sigs.github.io/metrics-server"
+    metrics_server_version = "3.12.1" #"3.12.2"
+  }
+  use_cluster_tools_namespace = anytrue([var.grafana_enabled, var.prometheus_enabled]) ? true : false
+}
+

terraform-provider-civo/k8s/talos/cluster.tf

@@ -0,0 +1,47 @@
+locals {
+  node_size = coalesce(
+    var.cluster_node_size,
+    var.compute_type == "ai" ? element(data.civo_size.ai.sizes, 0).name : element(data.civo_size.standard.sizes, 0).name
+  )
+  kubernetes_version = (
+    length(data.civo_kubernetes_version.latest_talos.versions) > 0 ?
+    coalesce(var.kubernetes_version, data.civo_kubernetes_version.latest_talos.versions[0].version) :
+    var.kubernetes_version
+  )
+}
+
+resource "civo_kubernetes_cluster" "cluster" {
+  name                = "${var.cluster_name_prefix}-cluster"
+  cluster_type        = var.cluster_type
+  kubernetes_version  = local.kubernetes_version
+  network_id          = local.network_id #  if not declare we use the default one
+  firewall_id         = civo_firewall.firewall.id
+  region              = var.region
+ 
+  cni                 = var.cni  # Talos cluster type only support "flannel"
+
+  write_kubeconfig    = true
+  applications        = var.cluster_type == "talos" ? "" : var.applications  # "civo-cluster-autoscaler"  applications = var.applications
+  
+  pools {
+    node_count = var.cluster_node_count
+    size       = local.node_size
+    label = var.label  # "my-pool-label" This label will be set as an annotation on the nodes in the pool
+    # labels              = var.node_pool_labels
+    # taints = var.taints 
+  }
+  timeouts {
+    create = "5m"
+  }
+# tags = var.tags
+#  lifecycle {
+#     ignore_changes = [ kubernetes_version]
+#  }
+}
+
+resource "local_file" "cluster-config" {
+  content              = civo_kubernetes_cluster.cluster.kubeconfig
+  filename             = "${path.module}/kubeconfig"
+  file_permission      = "0600"
+  directory_permission = "0755"
+}

terraform-provider-civo/k8s/talos/data_source.tf

@@ -0,0 +1,63 @@
+data "civo_kubernetes_cluster" "cluster" {
+  name =  civo_kubernetes_cluster.cluster.name
+}
+
+# Query instance sizes with 16 GB of RAM
+data "civo_size" "ai" {
+    filter {
+    key    = "cpu"
+    values = ["4"]
+    }
+  filter {
+    key    = "ram"
+    values = ["16384"]  # RAM in MB
+  }
+
+  filter {
+    key    = "type"
+    values = ["kubernetes"]
+  }
+}
+
+# Query instance sizes with 16 GB of RAM
+data "civo_size" "standard" {
+    filter {
+    key    = "cpu"
+    values = ["4"]
+    }
+  filter {
+    key    = "ram"
+    values = ["8192"]  # RAM in MB
+  }
+
+  filter {
+    key    = "type"
+    values = ["kubernetes"]
+  }
+}
+
+data "civo_kubernetes_version" "latest_talos" {
+  filter {
+    key    = "type"
+    values = ["talos"]
+  }
+
+  filter {
+    key    = "default"
+    values = ["true"]
+  }
+  sort {
+    key       = "version"
+    direction = "desc"
+  }
+}
+
+# Query the Traefik service to get its load balancer hostname
+data "kubernetes_service" "traefik" {
+  metadata {
+    name      = "traefik"
+    namespace = "traefik"
+  }
+  depends_on = [helm_release.traefik_ingress]
+
+}