Merge branch 'kubernetes'

2019-02-16 13:52:48 +05:30 · 2019-02-16 13:52:48 +05:30 · e4b3620de5
parent 53f3c87600 83eb97c8db
commit e4b3620de5
15 changed files with 148 additions and 31 deletions
--- a/.gitignore
+++ b/.gitignore
@ -7,3 +7,4 @@
 *.backup
 secrets
 k8s/
+k8s2/
--- a/.terraform-version
+++ b/.terraform-version
@ -1 +1 @@
-0.11.8
+0.11.12-beta1
--- a/cloudflare/main.tf
+++ b/cloudflare/main.tf
@ -64,6 +64,32 @@ resource "cloudflare_record" "vpn_wildcard" {
  ttl    = 3600
 }

+/**
+ *   vpn.bb8.fun
+ * *.vpn.bb8.fun
+ */
+resource "cloudflare_record" "dovpn" {
+  domain = "${var.domain}"
+  name   = "dovpn"
+  value  = "${var.ips["dovpn"]}"
+  type   = "A"
+}
+
+resource "cloudflare_record" "dovpn_wildcard" {
+  domain = "${var.domain}"
+  name   = "*.dovpn.${var.domain}"
+  value  = "${cloudflare_record.dovpn.hostname}"
+  type   = "CNAME"
+  ttl    = 3600
+}
+
+resource "cloudflare_record" "etcd" {
+  domain = "${var.domain}"
+  name   = "etcd"
+  value  = "${var.ips["dovpn"]}"
+  type   = "A"
+}
+
 ########################
 ## Mailgun Mailing Lists
 ########################
@ -98,10 +124,10 @@ resource "cloudflare_record" "mailgun-mxb" {
  priority = 20
 }

-resource "cloudflare_record" "k8s-talk" {
+resource "cloudflare_record" "k8s" {
  domain = "${var.domain}"
  name   = "k8s"
-  value  = "lightsaber.captnemo.in"
-  type   = "CNAME"
+  value  = "10.8.0.1"
+  type   = "A"
  ttl    = 3600
 }
--- a/kayak.tf
+++ b/kayak.tf
@ -0,0 +1,47 @@
+// Points to the local working directory instead of
+// the published version
+module "kayak" {
+  source    = "../terraform-digitalocean-kayak"
+  cert_path = "${path.root}/secrets/kayak"
+  domain    = "kayak.${var.root-domain}"
+  ssh_key   = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD0Getey8585AqdgIl9mqQ3SH9w6z7NZUW4HXdOqZwC7sYEaDrLOBV014gtFS8h8ymm4dcw6xEGUkaavcHC8W9ChTLKBMK4N1/sUS/umLy+Wi/K//g13y0VHSdvcc+gMQ27b9n/DwDY4ZKkaf6t+4HWyFWNh6gp0cT1WCyLNlsER55KUdy+C1lCOpv1SMepOaYc7uyBlC9FfgewJho/OfxnoTztQV6QeSGfr2Xr94Ip1FUPoLoBLLilh4ZbCe6F6bqn0kNgVBTkrVwWJv5Z0jCJpUjER69cqjASRao9KCHkyPtybzKKhCLZIlB3QMggEv0xnlHMpeeuDWcGrBVPKI8V"
+
+  asset_dir = "${path.root}/k8s"
+
+  providers {
+    docker = "docker.kayak"
+  }
+}
+
+provider "docker" {
+  host          = "tcp://${cloudflare_record.kayak-docker.hostname}:2376"
+  version       = "~> 2.0.0"
+  alias         = "kayak"
+  ca_material   = "${module.kayak.docker_ca_cert}"
+  cert_material = "${module.kayak.docker_client_cert}"
+  key_material  = "${module.kayak.docker_client_key}"
+}
+
+resource "cloudflare_record" "kayak-docker" {
+  name   = "docker.kayak"
+  value  = "${module.kayak.droplet_ipv4}"
+  domain = "${var.root-domain}"
+  type   = "A"
+  ttl    = 120
+}
+
+resource "cloudflare_record" "kayak" {
+  name   = "kayak"
+  value  = "${module.kayak.droplet_ipv4}"
+  domain = "${var.root-domain}"
+  type   = "A"
+  ttl    = 120
+}
+
+resource "cloudflare_record" "kayak-etcd" {
+  name   = "etcd.kayak"
+  value  = "${module.kayak.droplet_ipv4_private}"
+  domain = "${var.root-domain}"
+  type   = "A"
+  ttl    = 120
+}
--- a/kube-test.tf
+++ b/kube-test.tf
@ -0,0 +1,22 @@
+// Bring up a simple test container
+// In the controller node
+
+resource "kubernetes_pod" "nginx" {
+  metadata {
+    name      = "terraform-example"
+    namespace = "default"
+  }
+
+  spec {
+    toleration {
+      key      = "node-role.kubernetes.io/master"
+      operator = "Exists"
+      effect   = "NoSchedule"
+    }
+
+    container {
+      image = "nginx:latest"
+      name  = "nginx"
+    }
+  }
+}
--- a/main.tf
+++ b/main.tf
@ -67,12 +67,11 @@ module "resilio" {
 }

 module "media" {
-  source                 = "media"
-  domain                 = "bb8.fun"
-  traefik-labels         = "${var.traefik-common-labels}"
-  airsonic-smtp-password = "${var.airsonic-smtp-password}"
-  ips                    = "${var.ips}"
-  traefik-network-id     = "${module.docker.traefik-network-id}"
+  source             = "media"
+  domain             = "bb8.fun"
+  traefik-labels     = "${var.traefik-common-labels}"
+  ips                = "${var.ips}"
+  traefik-network-id = "${module.docker.traefik-network-id}"
 }

 module "monitoring" {
--- a/media/airsonic.tf
+++ b/media/airsonic.tf
@ -4,7 +4,7 @@ module "airsonic" {
  name   = "airsonic"

  resource {
-    memory = "256"
+    memory = "1024"
  }

  web {
@ -13,8 +13,6 @@ module "airsonic" {
    expose = true
  }

-  user = "lounge:audio"
-
  env = [
    "PUID=1004",
    "PGID=1003",
@ -22,6 +20,11 @@ module "airsonic" {
    "JAVA_OPTS=-Xmx512m -Dserver.use-forward-headers=true -Dserver.context-path=/",
  ]

+  devices = [{
+    host_path      = "/dev/snd"
+    container_path = "/dev/snd"
+  }]
+
  # files = [
  #   "/usr/lib/jvm/java-1.8-openjdk/jre/lib/airsonic.properties",
  #   "/usr/lib/jvm/java-1.8-openjdk/jre/lib/sound.properties",
@ -50,15 +53,22 @@ module "airsonic" {
      host_path      = "/mnt/xwing/config/airsonic/podcasts"
      container_path = "/podcasts"
    },
+    {
+      host_path      = "/mnt/xwing/config/airsonic/jre"
+      container_path = "/usr/lib/jvm/java-1.8-openjdk/jre/lib/"
+    },
  ]
 }

-data "template_file" "airsonic-properties-file" {
-  template = "${file("${path.module}/conf/airsonic.properties.tpl")}"
+# data "template_file" "airsonic-properties-file" {
+#   template = "${file("${path.module}/conf/airsonic.properties.tpl")}"

-  vars {
-    smtp-password = "${var.airsonic-smtp-password}"

-    # db-password   = "${var.airsonic-db-password}"
-  }
-}
+#   vars {
+#     smtp-password = "${var.airsonic-smtp-password}"
+
+
+#     # db-password   = "${var.airsonic-db-password}"
+#   }
+# }
+
--- a/media/jackett.tf
+++ b/media/jackett.tf
@ -11,8 +11,6 @@ module "jackett" {
    host   = "jackett.${var.domain}"
  }

-  networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
-
  volumes = [{
    host_path      = "/mnt/xwing/config/jackett"
    container_path = "/config"
--- a/media/radarr.tf
+++ b/media/radarr.tf
@ -16,8 +16,6 @@ module "radarr" {
    memory_swap = 1024
  }

-  networks = ["${docker_network.media.id}", "${var.traefik-network-id}"]
-
  volumes = [
    {
      host_path      = "/mnt/xwing/config/radarr"
--- a/media/variables.tf
+++ b/media/variables.tf
@ -2,7 +2,7 @@ variable "domain" {
  type = "string"
 }

-variable "airsonic-smtp-password" {}
+# variable "airsonic-smtp-password" {}

 variable "traefik-labels" {
  type = "map"
--- a/modules/container/main.tf
+++ b/modules/container/main.tf
@ -3,7 +3,7 @@ data "docker_registry_image" "image" {
 }

 resource "docker_image" "image" {
-  name          = "${data.docker_registry_image.image.name}"
+  name          = "${var.image}"
  pull_triggers = ["${data.docker_registry_image.image.sha256_digest}"]
 }

@ -31,6 +31,7 @@ resource "docker_container" "container" {
  memory_swap = "${local.resource["memory_swap"]}"

  volumes = ["${var.volumes}"]
+  devices = ["${var.devices}"]

  # Look at this monstrosity
  # And then https://github.com/hashicorp/terraform/issues/12453#issuecomment-365569618
--- a/modules/container/vars.tf
+++ b/modules/container/vars.tf
@ -88,3 +88,9 @@ variable "volumes" {
  type        = "list"
  default     = []
 }
+
+variable "devices" {
+  description = "volumes"
+  type        = "list"
+  default     = []
+}
--- a/providers.tf
+++ b/providers.tf
@ -4,11 +4,11 @@ provider "docker" {
  version   = "~> 2.0.0"
 }

-provider "docker" {
-  host      = "tcp://dovpn.vpn.bb8.fun:2376"
-  cert_path = "./secrets/sydney"
-  alias     = "sydney"
-  version   = "~> 2.0.0"
+provider "kubernetes" {
+  version = "1.3.0-custom"
+  host    = "https://k8s.bb8.fun:6443"
+
+  config_path = "${path.root}/k8s/auth/kubeconfig"
 }

 provider "cloudflare" {
--- a/state.tf
+++ b/state.tf
@ -0,0 +1,8 @@
+terraform {
+  backend "s3" {
+    bucket  = "rmx-nemo"
+    key     = "terraform/nebula.tfstate"
+    region  = "ap-south-1"
+    profile = "nebula"
+  }
+}
--- a/variables.tf
+++ b/variables.tf
@ -27,6 +27,7 @@ variable "ips" {
  default = {
    eth0   = "192.168.1.111"
    tun0   = "10.8.0.14"
+    dovpn  = "10.8.0.1"
    static = "139.59.48.222"
  }
 }