@@ -1,3 +1,5 @@ | |||
.idea/ | |||
.vscode/ | |||
!.vscode/launch.json | |||
@@ -47,5 +47,10 @@ clean: | |||
get-root-ca: | |||
cfssl info -remote rasp1.localdomain:444 -config certs/client-config.json | cfssljson -bare -stdout /dev/stdout | tee certs/out/ca.pem | |||
docker: docker-build docker-push | |||
docker-build: | |||
docker build -t docker.registry:5000/weather . | |||
docker build -t docker.registry:5000/weather . | |||
docker-push: | |||
docker push docker.registry:5000/weather |
@@ -0,0 +1,34 @@ | |||
# Local .terraform directories | |||
**/.terraform/* | |||
# .tfstate files | |||
*.tfstate | |||
*.tfstate.* | |||
# Crash log files | |||
crash.log | |||
# Exclude all .tfvars files, which are likely to contain sentitive data, such as | |||
# password, private keys, and other secrets. These should not be part of version | |||
# control as they are data points which are potentially sensitive and subject | |||
# to change depending on the environment. | |||
# | |||
*.tfvars | |||
# Ignore override files as they are usually used to override resources locally and so | |||
# are not checked in | |||
override.tf | |||
override.tf.json | |||
*_override.tf | |||
*_override.tf.json | |||
# Include override files you do wish to add to version control using negated pattern | |||
# | |||
# !example_override.tf | |||
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan | |||
# example: *tfplan* | |||
# Ignore CLI configuration files | |||
.terraformrc | |||
terraform.rc |
@@ -0,0 +1,20 @@ | |||
# This file is maintained automatically by "terraform init". | |||
# Manual edits may be lost in future updates. | |||
provider "registry.terraform.io/hashicorp/kubernetes" { | |||
version = "2.0.2" | |||
constraints = ">= 2.0.0" | |||
hashes = [ | |||
"h1:vNrgTrqsLcL2Uw8kr89ZIq2NF858MZ15sLtNfd55hVA=", | |||
"zh:4e66d509c828b0a2e599a567ad470bf85ebada62788aead87a8fb621301dec55", | |||
"zh:55ca6466a82f60d2c9798d171edafacc9ea4991aa7aa32ed5d82d6831cf44542", | |||
"zh:65741e6910c8b1322d9aef5dda4d98d1e6409aebc5514b518f46019cd06e1b47", | |||
"zh:79456ca037c19983977285703f19f4b04f7eadcf8eb6af21f5ea615026271578", | |||
"zh:7c39ced4dc44181296721715005e390021770077012c206ab4c209fb704b34d0", | |||
"zh:86856c82a6444c19b3e3005e91408ac68eb010c9218c4c4119fc59300b107026", | |||
"zh:999865090c72fa9b85c45e76b20839da51714ae429d1ab14b7d8ce66c2655abf", | |||
"zh:a3ea0ae37c61b4bfe81f7a395fb7b5ba61564e7d716d7a191372c3c983271d13", | |||
"zh:d9061861822933ebb2765fa691aeed2930ee495bfb6f72a5bdd88f43ccd9e038", | |||
"zh:e04adbe0d5597d1fdd4f418be19c9df171f1d709009f63b8ce1239b71b4fa45a", | |||
] | |||
} |
@@ -0,0 +1,85 @@ | |||
resource "kubernetes_deployment" "application" { | |||
metadata { | |||
name = "poller-application" | |||
labels = { | |||
app = local.service_match_label | |||
env = local.environment | |||
} | |||
namespace = kubernetes_namespace.application_namespace.id | |||
} | |||
spec { | |||
replicas = 1 | |||
revision_history_limit = 0 | |||
selector { | |||
match_labels = { | |||
app = local.deployment_match_label | |||
} | |||
} | |||
template { | |||
metadata { | |||
labels = { | |||
app = local.deployment_match_label | |||
env = local.environment | |||
} | |||
} | |||
spec { | |||
volume { | |||
name = local.config_volume_name | |||
config_map { | |||
name = kubernetes_config_map.weather_config.metadata.0.name | |||
} | |||
} | |||
volume { | |||
name = local.log_volume_name | |||
persistent_volume_claim { | |||
claim_name = kubernetes_persistent_volume_claim.log_volume_claim.metadata.0.name | |||
} | |||
} | |||
container { | |||
image = format("%s:%s", var.application_image_tag, var.application_version) | |||
name = "poller-application" | |||
args = ["-filename", "/conf/config.hcl", "-logLevel", "info", "-logOutput", "/logs/weather.log"] | |||
volume_mount { | |||
mount_path = "/conf" | |||
name = local.config_volume_name | |||
} | |||
volume_mount { | |||
mount_path = "/logs" | |||
name = local.log_volume_name | |||
} | |||
resources { | |||
limits = { | |||
cpu = "0.5" | |||
memory = "512Mi" | |||
} | |||
requests = { | |||
cpu = "250m" | |||
memory = "50Mi" | |||
} | |||
} | |||
} | |||
} | |||
} | |||
} | |||
timeouts { | |||
create = "5m" | |||
delete = "5m" | |||
update = "5m" | |||
} | |||
} | |||
resource "kubernetes_persistent_volume_claim" "log_volume_claim" { | |||
metadata { | |||
namespace = kubernetes_namespace.application_namespace.id | |||
name = "log-weather-pvc" | |||
} | |||
spec { | |||
storage_class_name = "dx30-nfs" | |||
access_modes = ["ReadWriteMany"] | |||
resources { | |||
requests = { | |||
storage = "2Gi" | |||
} | |||
} | |||
} | |||
} |
@@ -0,0 +1,23 @@ | |||
resource "kubernetes_namespace" "application_namespace" { | |||
metadata { | |||
name = "application" | |||
} | |||
} | |||
resource "kubernetes_config_map" "weather_config" { | |||
metadata { | |||
name = "weather-hcl" | |||
namespace = kubernetes_namespace.application_namespace.id | |||
} | |||
data = { | |||
"config.hcl" = <<EOF | |||
openweather_secret = "${var.openweather_secret}" | |||
s3 { | |||
endpoint_url = "${var.S3_endpoint}" | |||
region = "${var.S3_region}" | |||
aws_access_key_id = "${var.S3_key_id}" | |||
aws_secret_access_key = "${var.S3_key_secret}" | |||
} | |||
EOF | |||
} | |||
} |
@@ -0,0 +1,28 @@ | |||
terraform { | |||
required_version = ">= 0.12" | |||
required_providers { | |||
kubernetes = { | |||
source = "hashicorp/kubernetes" | |||
version = ">= 2.0" | |||
} | |||
} | |||
backend "etcdv3" { | |||
endpoints = ["https://dx30.localdomain:2379"] | |||
lock = true | |||
prefix = "/terraform-state/weather/" | |||
cacert_path = "/Users/antoine/virtualization/kubernetes-the-hard-way/certs/ca.pem" | |||
cert_path = "/Users/antoine/virtualization/kubernetes-the-hard-way/certs/kubernetes.pem" | |||
key_path = "/Users/antoine/virtualization/kubernetes-the-hard-way/certs/kubernetes-key.pem" | |||
} | |||
} | |||
provider "kubernetes" { | |||
config_path = "~/.kube/config.kubeconfig" | |||
config_context = "my-context" | |||
config_context_cluster = "cluster-1" | |||
config_context_auth_info = "admin" | |||
} |
@@ -0,0 +1,33 @@ | |||
variable "openweather_secret" { | |||
description = "open weather api secret" | |||
} | |||
variable "S3_key_secret" { | |||
description = "S3 backend key secret" | |||
} | |||
variable "S3_endpoint" { | |||
default = "s3.localdomain" | |||
description = "S3 backend endpoint" | |||
} | |||
variable "S3_region" { | |||
default = "FR" | |||
description = "S3 backend region" | |||
} | |||
variable "S3_key_id" { | |||
default = "antoine" | |||
description = "S3 backend key id" | |||
} | |||
variable "application_image_tag" { | |||
default = "docker.registry/weather" | |||
description = "container tag deployed" | |||
} | |||
variable "application_version" { | |||
default = "latest" | |||
description = "container tag version deployed" | |||
} | |||
locals { | |||
service_match_label = "weather-service" | |||
deployment_match_label = "poller-deployment" | |||
environment = "prod" | |||
config_volume_name = "config-weather-volume" | |||
log_volume_name ="log-weather-volume" | |||
} |