feat: kubernetes deployment with terraform

.gitignore

@@ -1,3 +1,5 @@
+.idea/
+
 .vscode/
 !.vscode/launch.json
 

Makefile

@@ -47,5 +47,10 @@ clean:
 get-root-ca:
 	cfssl info -remote rasp1.localdomain:444 -config certs/client-config.json | cfssljson -bare -stdout /dev/stdout | tee certs/out/ca.pem
 
+docker: docker-build docker-push
+
 docker-build:
-	docker build -t docker.registry:5000/weather .
+	docker build -t docker.registry:5000/weather .
+
+docker-push:
+	docker push docker.registry:5000/weather

manifests/.gitignore

@@ -0,0 +1,34 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version 
+# control as they are data points which are potentially sensitive and subject 
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

manifests/.terraform.lock.hcl

@@ -0,0 +1,20 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/kubernetes" {
+  version     = "2.0.2"
+  constraints = ">= 2.0.0"
+  hashes = [
+    "h1:vNrgTrqsLcL2Uw8kr89ZIq2NF858MZ15sLtNfd55hVA=",
+    "zh:4e66d509c828b0a2e599a567ad470bf85ebada62788aead87a8fb621301dec55",
+    "zh:55ca6466a82f60d2c9798d171edafacc9ea4991aa7aa32ed5d82d6831cf44542",
+    "zh:65741e6910c8b1322d9aef5dda4d98d1e6409aebc5514b518f46019cd06e1b47",
+    "zh:79456ca037c19983977285703f19f4b04f7eadcf8eb6af21f5ea615026271578",
+    "zh:7c39ced4dc44181296721715005e390021770077012c206ab4c209fb704b34d0",
+    "zh:86856c82a6444c19b3e3005e91408ac68eb010c9218c4c4119fc59300b107026",
+    "zh:999865090c72fa9b85c45e76b20839da51714ae429d1ab14b7d8ce66c2655abf",
+    "zh:a3ea0ae37c61b4bfe81f7a395fb7b5ba61564e7d716d7a191372c3c983271d13",
+    "zh:d9061861822933ebb2765fa691aeed2930ee495bfb6f72a5bdd88f43ccd9e038",
+    "zh:e04adbe0d5597d1fdd4f418be19c9df171f1d709009f63b8ce1239b71b4fa45a",
+  ]
+}

manifests/application.tf

@@ -0,0 +1,85 @@
+resource "kubernetes_deployment" "application" {
+  metadata {
+    name = "poller-application"
+    labels = {
+      app = local.service_match_label
+      env = local.environment
+    }
+    namespace = kubernetes_namespace.application_namespace.id
+  }
+  spec {
+    replicas = 1
+    revision_history_limit = 0
+    selector {
+      match_labels = {
+        app = local.deployment_match_label
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app = local.deployment_match_label
+          env = local.environment
+        }
+      }
+      spec {
+        volume {
+          name = local.config_volume_name
+          config_map {
+            name = kubernetes_config_map.weather_config.metadata.0.name
+          }
+        }
+        volume {
+          name = local.log_volume_name
+          persistent_volume_claim {
+            claim_name = kubernetes_persistent_volume_claim.log_volume_claim.metadata.0.name
+          }
+        }
+        container {
+          image = format("%s:%s", var.application_image_tag, var.application_version)
+          name  = "poller-application"
+          args = ["-filename", "/conf/config.hcl", "-logLevel", "info", "-logOutput", "/logs/weather.log"]
+          volume_mount {
+            mount_path = "/conf"
+            name = local.config_volume_name
+          }
+          volume_mount {
+            mount_path = "/logs"
+            name = local.log_volume_name
+          }
+          resources {
+            limits = {
+              cpu    = "0.5"
+              memory = "512Mi"
+            }
+            requests = {
+              cpu    = "250m"
+              memory = "50Mi"
+            }
+          }
+        }
+      }
+    }
+  }
+  timeouts {
+    create = "5m"
+    delete = "5m"
+    update = "5m"
+  }
+}
+
+resource "kubernetes_persistent_volume_claim" "log_volume_claim" {
+  metadata {
+    namespace = kubernetes_namespace.application_namespace.id
+    name = "log-weather-pvc"
+  }
+  spec {
+    storage_class_name = "dx30-nfs"
+    access_modes = ["ReadWriteMany"]
+    resources {
+      requests = {
+        storage = "2Gi"
+      }
+    }
+  }
+}

manifests/common.tf

@@ -0,0 +1,23 @@
+resource "kubernetes_namespace" "application_namespace" {
+  metadata {
+    name = "application"
+  }
+}
+
+resource "kubernetes_config_map" "weather_config" {
+  metadata {
+    name = "weather-hcl"
+    namespace = kubernetes_namespace.application_namespace.id
+  }
+  data = {
+    "config.hcl" = <<EOF
+openweather_secret = "${var.openweather_secret}"
+s3 {
+	endpoint_url = "${var.S3_endpoint}"
+	region = "${var.S3_region}"
+	aws_access_key_id = "${var.S3_key_id}"
+	aws_secret_access_key = "${var.S3_key_secret}"
+}
+EOF
+  }
+}

manifests/configure.tf

@@ -0,0 +1,28 @@
+terraform {
+  required_version = ">= 0.12"
+
+  required_providers {
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.0"
+    }
+  }
+
+  backend "etcdv3" {
+    endpoints   = ["https://dx30.localdomain:2379"]
+    lock        = true
+    prefix      = "/terraform-state/weather/"
+    
+    cacert_path = "/Users/antoine/virtualization/kubernetes-the-hard-way/certs/ca.pem"
+    cert_path   = "/Users/antoine/virtualization/kubernetes-the-hard-way/certs/kubernetes.pem"
+    key_path    = "/Users/antoine/virtualization/kubernetes-the-hard-way/certs/kubernetes-key.pem"
+  }
+}
+
+provider "kubernetes" {
+  config_path = "~/.kube/config.kubeconfig"
+
+  config_context = "my-context"
+  config_context_cluster = "cluster-1"
+  config_context_auth_info = "admin"
+}

manifests/variables.tf

@@ -0,0 +1,33 @@
+variable "openweather_secret" {
+  description = "open weather api secret"
+}
+variable "S3_key_secret" {
+  description = "S3 backend key secret"
+}
+variable "S3_endpoint" {
+  default = "s3.localdomain"
+  description = "S3 backend endpoint"
+}
+variable "S3_region" {
+  default = "FR"
+  description = "S3 backend region"
+}
+variable "S3_key_id" {
+  default = "antoine"
+  description = "S3 backend key id"
+}
+variable "application_image_tag" {
+  default = "docker.registry/weather"
+  description = "container tag deployed"
+}
+variable "application_version" {
+  default = "latest"
+  description = "container tag version deployed"
+}
+locals {
+  service_match_label = "weather-service"
+  deployment_match_label = "poller-deployment"
+  environment = "prod"
+  config_volume_name = "config-weather-volume"
+  log_volume_name ="log-weather-volume"
+}