diff --git a/argocd/main.tf b/argocd/main.tf new file mode 100644 index 0000000..a97dcd0 --- /dev/null +++ b/argocd/main.tf @@ -0,0 +1,57 @@ +locals { + argocd = { + global = { + domain = var.hostname + } + + redis-ha = { + enabled = true + } + + controller = { + replicas = 1 + } + + server = { + autoscaling = { + enabled = true + minReplicas = 2 + } + # Unsure how to use the grpc with trafik in using "Ingress" + ingressGrpc = {} + ingress = { + enabled = true + annotations = { + "cert-manager.io/cluster-issuer" = "letsencrypt" + } + ingressClassName = "traefik" + tls = true + } + } + + repoServer = { + autoscaling = { + enabled = true + minReplicas = 2 + } + } + + applicationSet = { + replicas = 2 + } + } +} + +resource "helm_release" "argocd" { + name = "argocd" + namespace = var.namespace + create_namespace = var.create_namespace + repository = "https://argoproj.github.io/argo-helm" + + chart = "argo-cd" + version = var.chart_version + + values = [ + yamlencode(local.argocd) + ] +} \ No newline at end of file diff --git a/argocd/variables.tf b/argocd/variables.tf new file mode 100644 index 0000000..1a56960 --- /dev/null +++ b/argocd/variables.tf @@ -0,0 +1,23 @@ +variable "hostname" { + description = "Ingress hostname" + type = string +} + +# Default Variables +variable "chart_version" { + description = "Helm Chart version" + type = string + default = "7.6.8" +} + +variable "namespace" { + description = "Namespace used in helm chart" + type = string + default = "argocd" +} + +variable "create_namespace" { + description = "Create namespace" + type = bool + default = true +} \ No newline at end of file diff --git a/ceph-csi/cephfs.tf b/ceph-csi/cephfs.tf new file mode 100644 index 0000000..57daeb3 --- /dev/null +++ b/ceph-csi/cephfs.tf @@ -0,0 +1,40 @@ +# locals { +# ceph_cephfs = { +# csiConfig = [{ +# clusterID = var.cluster_id +# monitors = var.monitors +# }] + +# storageClass = { +# create = true +# name = var.sc_name +# clusterID = var.cluster_id +# pool = var.pool +# } + +# provisioner = { +# replicaCount = 2 +# } + +# readAffinity = { +# enabled = true +# } + +# logLevel = 0 +# selinuxMount = false +# } +# } + +# resource "helm_release" "ceph_cephfs" { +# name = "cephfs" +# namespace = var.namespace +# repository = "https://ceph.github.io/csi-charts" + +# chart = "ceph-csi-cephfs" +# version = var.chart_version + +# values = [ +# yamlencode(local.ceph_cephfs) +# ] + +# } \ No newline at end of file diff --git a/ceph-csi/rbd.tf b/ceph-csi/rbd.tf new file mode 100644 index 0000000..e251aad --- /dev/null +++ b/ceph-csi/rbd.tf @@ -0,0 +1,40 @@ +locals { + ceph_rbd = { + csiConfig = [{ + clusterID = var.cluster_id + monitors = var.monitors + }] + + storageClass = { + create = true + name = var.sc_name + clusterID = var.cluster_id + pool = var.pool + } + + provisioner = { + replicaCount = 2 + } + + readAffinity = { + enabled = true + } + + logLevel = 0 + selinuxMount = false + } +} + +resource "helm_release" "ceph_rbd" { + name = "rbd" + namespace = var.namespace + repository = "https://ceph.github.io/csi-charts" + + chart = "ceph-csi-rbd" + version = var.chart_version + + values = [ + yamlencode(local.ceph_rbd) + ] + +} \ No newline at end of file diff --git a/ceph-csi/secret.tf b/ceph-csi/secret.tf new file mode 100644 index 0000000..52a03af --- /dev/null +++ b/ceph-csi/secret.tf @@ -0,0 +1,11 @@ +resource "kubernetes_secret" "this" { + metadata { + name = "csi-rbd-secret" + namespace = var.namespace + } + + data = { + userID = var.ceph_user_id + userKey = var.ceph_user_key + } +} \ No newline at end of file diff --git a/ceph-csi/variables.tf b/ceph-csi/variables.tf new file mode 100644 index 0000000..d799f0b --- /dev/null +++ b/ceph-csi/variables.tf @@ -0,0 +1,46 @@ +variable "cluster_id" { + description = "Ceph Cluster ID" + type = string +} + +variable "pool" { + description = "Ceph RBD Pool" + type = string +} + +variable "monitors" { + description = "Ceph Monitors" + type = list(string) +} + +variable "ceph_user_id" { + description = "Ceph User ID" + type = string + sensitive = true + +} + +variable "ceph_user_key" { + description = "Ceph User Key" + type = string + sensitive = true +} + +# Default Variables +variable "namespace" { + description = "Namespace used for Helm chart" + type = string + default = "kube-system" +} + +variable "sc_name" { + description = "Storageclass name" + type = string + default = "csi-rbd-sc" +} + +variable "chart_version" { + description = "Ceph CSI Chart Version" + type = string + default = "v3.12.2" +} \ No newline at end of file diff --git a/cert-manager-issuer/main.tf b/cert-manager-issuer/main.tf new file mode 100644 index 0000000..a946626 --- /dev/null +++ b/cert-manager-issuer/main.tf @@ -0,0 +1,73 @@ +resource "kubernetes_manifest" "letsencrypt_staging" { + manifest = { + apiVersion = "cert-manager.io/v1" + kind = "ClusterIssuer" + + metadata = { + name = "letsencrypt-staging" + } + + spec = { + acme = { + email = var.acme_email + server = "https://acme-staging-v02.api.letsencrypt.org/directory" + privateKeySecretRef = { + name = "letsencrypt-staging-account-key" + } + solvers = [ + { + dns01 = { + webhook = { + groupName = var.group_name + solverName = var.solver_name + config = { + host = var.pdns_server + apiKeySecretRef = { + name = kubernetes_secret.this.metadata[0].name + key = "key" + } + ttl = 120 + timeout = 10 + allowed_zones = var.allowed_zones + } } } }] + } + } + } +} + +resource "kubernetes_manifest" "letsencrypt_prod" { + manifest = { + apiVersion = "cert-manager.io/v1" + kind = "ClusterIssuer" + + metadata = { + name = "letsencrypt" + } + + spec = { + acme = { + email = var.acme_email + server = "https://acme-v02.api.letsencrypt.org/directory" + privateKeySecretRef = { + name = "letsencrypt-staging-account-key" + } + solvers = [ + { + dns01 = { + webhook = { + groupName = var.group_name + solverName = var.solver_name + config = { + host = var.pdns_server + apiKeySecretRef = { + name = kubernetes_secret.this.metadata[0].name + key = "key" + } + ttl = 120 + timeout = 10 + allowed_zones = var.allowed_zones + } } } }] + } + } + } +} \ No newline at end of file diff --git a/cert-manager-issuer/pdns.tf b/cert-manager-issuer/pdns.tf new file mode 100644 index 0000000..20447df --- /dev/null +++ b/cert-manager-issuer/pdns.tf @@ -0,0 +1,18 @@ +locals { + cert_manager_pdns = { + groupName = var.group_name + } +} + +resource "helm_release" "cert_manager_pdns" { + name = "cert-manager-pdns" + namespace = var.namespace + repository = "https://zachomedia.github.io/cert-manager-webhook-pdns" + + chart = "cert-manager-webhook-pdns" + version = var.cert_manager_pdns_version + + values = [ + yamlencode(local.cert_manager_pdns) + ] +} \ No newline at end of file diff --git a/cert-manager-issuer/secret.tf b/cert-manager-issuer/secret.tf new file mode 100644 index 0000000..eba2e0c --- /dev/null +++ b/cert-manager-issuer/secret.tf @@ -0,0 +1,10 @@ +resource "kubernetes_secret" "this" { + metadata { + name = "pdns-key" + namespace = var.namespace + } + + data = { + key = var.pdns_key + } +} \ No newline at end of file diff --git a/cert-manager-issuer/variables.tf b/cert-manager-issuer/variables.tf new file mode 100644 index 0000000..d5fbad8 --- /dev/null +++ b/cert-manager-issuer/variables.tf @@ -0,0 +1,46 @@ +variable "pdns_server" { + description = "value" + type = string +} + +variable "pdns_key" { + description = "value" + type = string + sensitive = true +} + +variable "acme_email" { + description = "value" + type = string +} + +variable "allowed_zones" { + description = "value" + # The type for some reason breaks kubernetes_manifest + #type = list(string) +} + +# Default Variables +variable "namespace" { + description = "value" + type = string + default = "cert-manager" +} + +variable "group_name" { + description = "value" + type = string + default = "acme.gathering.systems" +} + +variable "solver_name" { + description = "value" + type = string + default = "pdns" +} + +variable "cert_manager_pdns_version" { + description = "value" + type = string + default = "3.1.2" +} \ No newline at end of file diff --git a/cert-manager/cert-manager.tf b/cert-manager/cert-manager.tf new file mode 100644 index 0000000..b171d89 --- /dev/null +++ b/cert-manager/cert-manager.tf @@ -0,0 +1,31 @@ +locals { + cert_manager = { + installCRDs = true + prometheus = { + enabled = false + } + } + + cert_manager_pdns = { + groupName = var.group_name + } +} + +resource "kubernetes_namespace" "cert_manager" { + metadata { + name = var.namespace + } +} + +resource "helm_release" "cert_manager" { + name = "cert-manager" + namespace = kubernetes_namespace.cert_manager.metadata[0].name + repository = "https://charts.jetstack.io" + + chart = "cert-manager" + version = var.cert_manager_chart_version + + values = [ + yamlencode(local.cert_manager) + ] +} \ No newline at end of file diff --git a/cert-manager/variables.tf b/cert-manager/variables.tf new file mode 100644 index 0000000..da6d051 --- /dev/null +++ b/cert-manager/variables.tf @@ -0,0 +1,24 @@ +# Default Variables +variable "namespace" { + description = "value" + type = string + default = "cert-manager" +} + +variable "create_namespace" { + description = "value" + default = true + type = bool +} + +variable "group_name" { + description = "Group Name used in cert-manager PDNS" + default = "acme.gathering.systems" + type = string +} + +variable "cert_manager_chart_version" { + description = "cert-manager chart version" + type = string + default = "v1.16.0" +} \ No newline at end of file diff --git a/cni/cilium.tf b/cni/cilium.tf index 33cf5d5..febe614 100644 --- a/cni/cilium.tf +++ b/cni/cilium.tf @@ -85,7 +85,7 @@ resource "helm_release" "cilium" { repository = "https://helm.cilium.io" chart = "cilium" - version = "1.14.4" + version = "1.16.2" values = [ yamlencode(local.cilium) diff --git a/cni/terraform.tf b/cni/terraform.tf deleted file mode 100644 index e2884e1..0000000 --- a/cni/terraform.tf +++ /dev/null @@ -1,8 +0,0 @@ -terraform { - required_providers { - kubernetes = { - source = "hashicorp/kubernetes" - version = "2.24.0" - } - } -} \ No newline at end of file diff --git a/cni/variables.tf b/cni/variables.tf index 6745a04..c88e670 100644 --- a/cni/variables.tf +++ b/cni/variables.tf @@ -1,12 +1,16 @@ -variable "namespace" { - default = "kube-system" - type = string -} - variable "router_ip" { - type = string + description = "value" + type = string } variable "asn" { - type = number + description = "value" + type = number +} + +# Default Variables +variable "namespace" { + description = "value" + type = string + default = "kube-system" } \ No newline at end of file diff --git a/external-dns/external-dns.tf b/external-dns/external-dns.tf new file mode 100644 index 0000000..ff41d26 --- /dev/null +++ b/external-dns/external-dns.tf @@ -0,0 +1,33 @@ +locals { + external_dns = { + provider = "pdns" + + txtOwnerId = var.cluster_name + policy = "sync" + extraArgs = [ + "--pdns-server=${var.pdns_server}", + "--txt-prefix=cname-" + ] + domainFilters = var.domain_filters + env = [{ name = "EXTERNAL_DNS_PDNS_API_KEY" + valueFrom = { + secretKeyRef = { + name = kubernetes_secret.this.metadata[0].name + key = "key" + } + } }] + } +} + +resource "helm_release" "this" { + name = "external-dns" + namespace = var.namespace + repository = "https://kubernetes-sigs.github.io/external-dns" + + chart = "external-dns" + version = var.chart_version + + values = [ + yamlencode(local.external_dns) + ] +} \ No newline at end of file diff --git a/external-dns/namespace.tf b/external-dns/namespace.tf new file mode 100644 index 0000000..6eba621 --- /dev/null +++ b/external-dns/namespace.tf @@ -0,0 +1,6 @@ +resource "kubernetes_namespace" "this" { + count = var.create_namespace ? 1 : 0 + metadata { + name = var.namespace + } +} \ No newline at end of file diff --git a/external-dns/secret.tf b/external-dns/secret.tf new file mode 100644 index 0000000..53ab3a9 --- /dev/null +++ b/external-dns/secret.tf @@ -0,0 +1,12 @@ +resource "kubernetes_secret" "this" { + metadata { + name = "pdns-key" + namespace = var.namespace + } + + data = { + key = var.pdns_key + } + + depends_on = [kubernetes_namespace.this] +} \ No newline at end of file diff --git a/external-dns/variables.tf b/external-dns/variables.tf new file mode 100644 index 0000000..24e99ab --- /dev/null +++ b/external-dns/variables.tf @@ -0,0 +1,39 @@ +variable "pdns_server" { + description = "value" + type = string +} + +variable "pdns_key" { + description = "value" + type = string + sensitive = true +} + +variable "cluster_name" { + description = "value" + type = string +} + +variable "domain_filters" { + description = "value" + type = list(string) +} + +# Default variables +variable "namespace" { + description = "value" + type = string + default = "external-dns" +} + +variable "create_namespace" { + description = "value" + type = bool + default = true +} + +variable "chart_version" { + description = "value" + type = string + default = "1.15.0" +} \ No newline at end of file diff --git a/external-snapshotter/crd.tf b/external-snapshotter/crd.tf new file mode 100644 index 0000000..522895e --- /dev/null +++ b/external-snapshotter/crd.tf @@ -0,0 +1,47 @@ +# SNAPSHOTCLASS +data "http" "snapshotclass" { + url = "${local.SNAPSHOTTER_URL}/${local.SNAPSHOTCLASS}" +} + +resource "kubernetes_manifest" "snapshotclass" { + manifest = { + apiVersion = "apiextensions.k8s.io/v1" + kind = "CustomResourceDefinition" + metadata = yamldecode(data.http.snapshotclass.response_body).metadata + spec = yamldecode(data.http.snapshotclass.response_body).spec + } + + computed_fields = ["metadata"] +} + +# VOLUME_SNAPSHOT_CONTENT +data "http" "volume_snapshot_content" { + url = "${local.SNAPSHOTTER_URL}/${local.VOLUME_SNAPSHOT_CONTENT}" +} + +resource "kubernetes_manifest" "volume_snapshot_content" { + manifest = { + apiVersion = "apiextensions.k8s.io/v1" + kind = "CustomResourceDefinition" + metadata = yamldecode(data.http.volume_snapshot_content.response_body).metadata + spec = yamldecode(data.http.volume_snapshot_content.response_body).spec + } + + computed_fields = ["metadata"] +} + +# VOLUME_SNAPSHOT +data "http" "volume_snapshot" { + url = "${local.SNAPSHOTTER_URL}/${local.VOLUME_SNAPSHOT}" +} + +resource "kubernetes_manifest" "volume_snapshot" { + manifest = { + apiVersion = "apiextensions.k8s.io/v1" + kind = "CustomResourceDefinition" + metadata = yamldecode(data.http.volume_snapshot.response_body).metadata + spec = yamldecode(data.http.volume_snapshot.response_body).spec + } + + computed_fields = ["metadata"] +} \ No newline at end of file diff --git a/external-snapshotter/main.tf b/external-snapshotter/main.tf new file mode 100644 index 0000000..b87e6ca --- /dev/null +++ b/external-snapshotter/main.tf @@ -0,0 +1,29 @@ +# SNAPSHOT_RBAC +data "http" "snapshot_rbac" { + url = "${local.SNAPSHOTTER_URL}/${local.SNAPSHOT_RBAC}" +} + +data "kubectl_file_documents" "snapshot_rbac" { + content = data.http.snapshot_rbac.response_body +} + +resource "kubernetes_manifest" "snapshot_rbac" { + for_each = data.kubectl_file_documents.snapshot_rbac.manifests + manifest = yamldecode(each.value) + computed_fields = ["metadata"] +} + +# SNAPSHOT_CONTROLLER +data "http" "snapshot_controller" { + url = "${local.SNAPSHOTTER_URL}/${local.SNAPSHOT_CONTROLLER}" +} + +data "kubectl_file_documents" "snapshot_controller" { + content = data.http.snapshot_controller.response_body +} + +resource "kubernetes_manifest" "snapshot_controller" { + for_each = data.kubectl_file_documents.snapshot_controller.manifests + manifest = yamldecode(each.value) + computed_fields = ["metadata"] +} \ No newline at end of file diff --git a/external-snapshotter/terraform.tf b/external-snapshotter/terraform.tf new file mode 100644 index 0000000..49a1ac1 --- /dev/null +++ b/external-snapshotter/terraform.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + kubectl = { + source = "alekc/kubectl" + } + } +} \ No newline at end of file diff --git a/external-snapshotter/variables.tf b/external-snapshotter/variables.tf new file mode 100644 index 0000000..322752e --- /dev/null +++ b/external-snapshotter/variables.tf @@ -0,0 +1,16 @@ +locals { + SNAPSHOTTER_URL = "https://raw.githubusercontent.com/kubernetes-csi/external-snapshotter/${var.snapshot_version}" + + # controller + SNAPSHOT_RBAC = "/deploy/kubernetes/snapshot-controller/rbac-snapshot-controller.yaml" + SNAPSHOT_CONTROLLER = "/deploy/kubernetes/snapshot-controller/setup-snapshot-controller.yaml" + + # snapshot CRD + SNAPSHOTCLASS = "/client/config/crd/snapshot.storage.k8s.io_volumesnapshotclasses.yaml" + VOLUME_SNAPSHOT_CONTENT = "/client/config/crd/snapshot.storage.k8s.io_volumesnapshotcontents.yaml" + VOLUME_SNAPSHOT = "/client/config/crd/snapshot.storage.k8s.io_volumesnapshots.yaml" +} + +variable "snapshot_version" { + default = "v5.0.1" +} \ No newline at end of file diff --git a/fg-bgp-neighbors/terraform.tf b/fg-bgp-neighbors/terraform.tf index d16049e..aa4b37a 100644 --- a/fg-bgp-neighbors/terraform.tf +++ b/fg-bgp-neighbors/terraform.tf @@ -1,8 +1,10 @@ terraform { required_providers { + netbox = { + source = "e-breuninger/netbox" + } fortios = { - source = "fortinetdev/fortios" - version = "1.18.1" + source = "fortinetdev/fortios" } } } \ No newline at end of file diff --git a/fg-bgp-neighbors/variables.tf b/fg-bgp-neighbors/variables.tf index e0ff85f..7ba08e4 100644 --- a/fg-bgp-neighbors/variables.tf +++ b/fg-bgp-neighbors/variables.tf @@ -11,6 +11,7 @@ variable "neighbors" { })) } +# Default Variables variable "remote_as" { description = "Remote AS Number" type = number diff --git a/fg-k8slb/terraform.tf b/fg-k8slb/terraform.tf index d16049e..aa4b37a 100644 --- a/fg-k8slb/terraform.tf +++ b/fg-k8slb/terraform.tf @@ -1,8 +1,10 @@ terraform { required_providers { + netbox = { + source = "e-breuninger/netbox" + } fortios = { - source = "fortinetdev/fortios" - version = "1.18.1" + source = "fortinetdev/fortios" } } } \ No newline at end of file diff --git a/fg-k8slb/variables.tf b/fg-k8slb/variables.tf index 9e3521a..4347499 100644 --- a/fg-k8slb/variables.tf +++ b/fg-k8slb/variables.tf @@ -13,12 +13,15 @@ variable "realservers" { type = list(string) } +# Default Variables variable "dstintf" { description = "Dst interface for policy" + type = string default = "Infra" } variable "srcintf" { description = "Src interface for policy" + type = string default = "Infra" } \ No newline at end of file diff --git a/tg-talos/pve-node.tf b/tg-talos/pve-node.tf index 1224c38..c288ed9 100644 --- a/tg-talos/pve-node.tf +++ b/tg-talos/pve-node.tf @@ -1,12 +1,13 @@ resource "proxmox_virtual_environment_vm" "this" { count = var.nodes - name = netbox_virtual_machine.this[count.index].name - description = "Managed by Undercloud (Terraform)" - tags = ["kubernetes", "terraform"] - node_name = data.proxmox_virtual_environment_nodes.available_nodes.names[count.index] # This is kinda stupid - started = true - on_boot = false + name = netbox_virtual_machine.this[count.index].name + description = "Managed by Undercloud (Terraform)" + tags = ["kubernetes", "terraform"] + node_name = data.proxmox_virtual_environment_nodes.available_nodes.names[count.index] # This is kinda stupid + started = true + on_boot = false + stop_on_destroy = true clone { vm_id = 9201 # todo find template id @@ -23,6 +24,11 @@ resource "proxmox_virtual_environment_vm" "this" { dedicated = var.memory } + agent { + enabled = true + timeout = "2m" + } + disk { datastore_id = var.datastore interface = "scsi0" @@ -55,6 +61,10 @@ resource "proxmox_virtual_environment_vm" "this" { vlan_id = data.netbox_vlan.this.vid } + smbios { + serial = "h=${netbox_virtual_machine.this[count.index].name}" + } + lifecycle { ignore_changes = [ node_name, diff --git a/tg-talos/terraform.tf b/tg-talos/terraform.tf index 7eb1e7e..b6029c6 100644 --- a/tg-talos/terraform.tf +++ b/tg-talos/terraform.tf @@ -1,16 +1,13 @@ terraform { required_providers { - proxmox = { - source = "bpg/proxmox" - version = "0.39.0" + talos = { + source = "siderolabs/talos" } netbox = { - source = "e-breuninger/netbox" - version = "3.7.5" + source = "e-breuninger/netbox" } - talos = { - source = "siderolabs/talos" - version = "0.4.0-alpha.0" + proxmox = { + source = "bpg/proxmox" } } } \ No newline at end of file diff --git a/tg-talos/variables.tf b/tg-talos/variables.tf index 8e237e2..c8c8024 100644 --- a/tg-talos/variables.tf +++ b/tg-talos/variables.tf @@ -132,7 +132,6 @@ variable "time_servers" { variable "talos_version" { description = "Talosctl Version" type = string - default = "v1.5.5" } variable "talos_inline_manifests" { diff --git a/traefik/traefik.tf b/traefik/traefik.tf new file mode 100644 index 0000000..d59036f --- /dev/null +++ b/traefik/traefik.tf @@ -0,0 +1,30 @@ +locals { + traefik = { + deployment = { + replicas = var.replicas + } + + service = { + type = "LoadBalancer" + } + + additionalArguments = [ + "--entryPoints.websecure.proxyProtocol.trustedIPs=${join(",", var.trusted_ips)}", + "--providers.kubernetesingress.ingressendpoint.hostname=${var.hostname}" + ] + } +} + +resource "helm_release" "traefik" { + name = "traefik" + namespace = var.namespace + create_namespace = var.create_namespace + repository = "https://traefik.github.io/charts" + + chart = "traefik" + version = var.chart_version + + values = [ + yamlencode(local.traefik) + ] +} \ No newline at end of file diff --git a/traefik/variables.tf b/traefik/variables.tf new file mode 100644 index 0000000..91a656b --- /dev/null +++ b/traefik/variables.tf @@ -0,0 +1,34 @@ +variable "trusted_ips" { + description = "value" + type = list(string) +} + +variable "hostname" { + description = "value" + type = string +} + +# Default Variables +variable "chart_version" { + description = "value" + type = string + default = "v32.1.0" +} + +variable "namespace" { + description = "value" + type = string + default = "traefik" +} + +variable "create_namespace" { + description = "value" + type = bool + default = true +} + +variable "replicas" { + description = "value" + type = number + default = 3 +} \ No newline at end of file