gathering · olemathias · Dec 17, 2023 · Dec 17, 2023 · Dec 17, 2023 · Dec 17, 2023
diff --git a/argocd/main.tf b/argocd/main.tf
@@ -0,0 +1,57 @@
+locals {
+  argocd = {
+    global = {
+      domain = var.hostname
+    }
+
+    redis-ha = {
+      enabled = true
+    }
+
+    controller = {
+      replicas = 1
+    }
+
+    server = {
+      autoscaling = {
+        enabled     = true
+        minReplicas = 2
+      }
+      # Unsure how to use the grpc with trafik in using "Ingress"
+      ingressGrpc = {}
+      ingress = {
+        enabled = true
+        annotations = {
+          "cert-manager.io/cluster-issuer" = "letsencrypt"
+        }
+        ingressClassName = "traefik"
+        tls              = true
+      }
+    }
+
+    repoServer = {
+      autoscaling = {
+        enabled     = true
+        minReplicas = 2
+      }
+    }
+
+    applicationSet = {
+      replicas = 2
+    }
+  }
+}
+
+resource "helm_release" "argocd" {
+  name             = "argocd"
+  namespace        = var.namespace
+  create_namespace = var.create_namespace
+  repository       = "https://argoproj.github.io/argo-helm"
+
+  chart   = "argo-cd"
+  version = var.chart_version
+
+  values = [
+    yamlencode(local.argocd)
+  ]
+}
diff --git a/argocd/variables.tf b/argocd/variables.tf
@@ -0,0 +1,23 @@
+variable "hostname" {
+  description = "Ingress hostname"
+  type        = string
+}
+
+# Default Variables
+variable "chart_version" {
+  description = "Helm Chart version"
+  type        = string
+  default     = "7.6.8"
+}
+
+variable "namespace" {
+  description = "Namespace used in helm chart"
+  type        = string
+  default     = "argocd"
+}
+
+variable "create_namespace" {
+  description = "Create namespace"
+  type        = bool
+  default     = true
+}
diff --git a/ceph-csi/cephfs.tf b/ceph-csi/cephfs.tf
@@ -0,0 +1,40 @@
+# locals {
+#   ceph_cephfs = {
+#     csiConfig = [{
+#       clusterID = var.cluster_id
+#       monitors  = var.monitors
+#     }]
+
+#     storageClass = {
+#       create    = true
+#       name      = var.sc_name
+#       clusterID = var.cluster_id
+#       pool      = var.pool
+#     }
+
+#     provisioner = {
+#       replicaCount = 2
+#     }
+
+#     readAffinity = {
+#       enabled = true
+#     }
+
+#     logLevel     = 0
+#     selinuxMount = false
+#   }
+# }
+
+# resource "helm_release" "ceph_cephfs" {
+#   name       = "cephfs"
+#   namespace  = var.namespace
+#   repository = "https://ceph.github.io/csi-charts"
+
+#   chart   = "ceph-csi-cephfs"
+#   version = var.chart_version
+
+#   values = [
+#     yamlencode(local.ceph_cephfs)
+#   ]
+
+# }
diff --git a/ceph-csi/rbd.tf b/ceph-csi/rbd.tf
@@ -0,0 +1,40 @@
+locals {
+  ceph_rbd = {
+    csiConfig = [{
+      clusterID = var.cluster_id
+      monitors  = var.monitors
+    }]
+
+    storageClass = {
+      create    = true
+      name      = var.sc_name
+      clusterID = var.cluster_id
+      pool      = var.pool
+    }
+
+    provisioner = {
+      replicaCount = 2
+    }
+
+    readAffinity = {
+      enabled = true
+    }
+
+    logLevel     = 0
+    selinuxMount = false
+  }
+}
+
+resource "helm_release" "ceph_rbd" {
+  name       = "rbd"
+  namespace  = var.namespace
+  repository = "https://ceph.github.io/csi-charts"
+
+  chart   = "ceph-csi-rbd"
+  version = var.chart_version
+
+  values = [
+    yamlencode(local.ceph_rbd)
+  ]
+
+}
diff --git a/ceph-csi/secret.tf b/ceph-csi/secret.tf
@@ -0,0 +1,11 @@
+resource "kubernetes_secret" "this" {
+  metadata {
+    name      = "csi-rbd-secret"
+    namespace = var.namespace
+  }
+
+  data = {
+    userID  = var.ceph_user_id
+    userKey = var.ceph_user_key
+  }
+}
diff --git a/ceph-csi/variables.tf b/ceph-csi/variables.tf
@@ -0,0 +1,46 @@
+variable "cluster_id" {
+  description = "Ceph Cluster ID"
+  type        = string
+}
+
+variable "pool" {
+  description = "Ceph RBD Pool"
+  type        = string
+}
+
+variable "monitors" {
+  description = "Ceph Monitors"
+  type        = list(string)
+}
+
+variable "ceph_user_id" {
+  description = "Ceph User ID"
+  type        = string
+  sensitive   = true
+
+}
+
+variable "ceph_user_key" {
+  description = "Ceph User Key"
+  type        = string
+  sensitive   = true
+}
+
+# Default Variables
+variable "namespace" {
+  description = "Namespace used for Helm chart"
+  type        = string
+  default     = "kube-system"
+}
+
+variable "sc_name" {
+  description = "Storageclass name"
+  type        = string
+  default     = "csi-rbd-sc"
+}
+
+variable "chart_version" {
+  description = "Ceph CSI Chart Version"
+  type        = string
+  default     = "v3.12.2"
+}
diff --git a/cert-manager-issuer/main.tf b/cert-manager-issuer/main.tf
@@ -0,0 +1,73 @@
+resource "kubernetes_manifest" "letsencrypt_staging" {
+  manifest = {
+    apiVersion = "cert-manager.io/v1"
+    kind       = "ClusterIssuer"
+
+    metadata = {
+      name = "letsencrypt-staging"
+    }
+
+    spec = {
+      acme = {
+        email  = var.acme_email
+        server = "https://acme-staging-v02.api.letsencrypt.org/directory"
+        privateKeySecretRef = {
+          name = "letsencrypt-staging-account-key"
+        }
+        solvers = [
+          {
+            dns01 = {
+              webhook = {
+                groupName  = var.group_name
+                solverName = var.solver_name
+                config = {
+                  host = var.pdns_server
+                  apiKeySecretRef = {
+                    name = kubernetes_secret.this.metadata[0].name
+                    key  = "key"
+                  }
+                  ttl           = 120
+                  timeout       = 10
+                  allowed_zones = var.allowed_zones
+        } } } }]
+      }
+    }
+  }
+}
+
+resource "kubernetes_manifest" "letsencrypt_prod" {
+  manifest = {
+    apiVersion = "cert-manager.io/v1"
+    kind       = "ClusterIssuer"
+
+    metadata = {
+      name = "letsencrypt"
+    }
+
+    spec = {
+      acme = {
+        email  = var.acme_email
+        server = "https://acme-v02.api.letsencrypt.org/directory"
+        privateKeySecretRef = {
+          name = "letsencrypt-staging-account-key"
+        }
+        solvers = [
+          {
+            dns01 = {
+              webhook = {
+                groupName  = var.group_name
+                solverName = var.solver_name
+                config = {
+                  host = var.pdns_server
+                  apiKeySecretRef = {
+                    name = kubernetes_secret.this.metadata[0].name
+                    key  = "key"
+                  }
+                  ttl           = 120
+                  timeout       = 10
+                  allowed_zones = var.allowed_zones
+        } } } }]
+      }
+    }
+  }
+}
diff --git a/cert-manager-issuer/pdns.tf b/cert-manager-issuer/pdns.tf
@@ -0,0 +1,18 @@
+locals {
+  cert_manager_pdns = {
+    groupName = var.group_name
+  }
+}
+
+resource "helm_release" "cert_manager_pdns" {
+  name       = "cert-manager-pdns"
+  namespace  = var.namespace
+  repository = "https://zachomedia.github.io/cert-manager-webhook-pdns"
+
+  chart   = "cert-manager-webhook-pdns"
+  version = var.cert_manager_pdns_version
+
+  values = [
+    yamlencode(local.cert_manager_pdns)
+  ]
+}
diff --git a/cert-manager-issuer/secret.tf b/cert-manager-issuer/secret.tf
@@ -0,0 +1,10 @@
+resource "kubernetes_secret" "this" {
+  metadata {
+    name      = "pdns-key"
+    namespace = var.namespace
+  }
+
+  data = {
+    key = var.pdns_key
+  }
+}
diff --git a/cert-manager-issuer/variables.tf b/cert-manager-issuer/variables.tf
@@ -0,0 +1,46 @@
+variable "pdns_server" {
+  description = "value"
+  type        = string
+}
+
+variable "pdns_key" {
+  description = "value"
+  type        = string
+  sensitive   = true
+}
+
+variable "acme_email" {
+  description = "value"
+  type        = string
+}
+
+variable "allowed_zones" {
+  description = "value"
+  # The type for some reason breaks kubernetes_manifest
+  #type        = list(string)
+}
+
+# Default Variables
+variable "namespace" {
+  description = "value"
+  type        = string
+  default     = "cert-manager"
+}
+
+variable "group_name" {
+  description = "value"
+  type        = string
+  default     = "acme.gathering.systems"
+}
+
+variable "solver_name" {
+  description = "value"
+  type        = string
+  default     = "pdns"
+}
+
+variable "cert_manager_pdns_version" {
+  description = "value"
+  type        = string
+  default     = "3.1.2"
+}