infra/terraform: add k8s module file for my portfolio

- added k8s module file for my portfolio manifest

infra/terraform/.gitignore

@@ -1,5 +1,6 @@
 .env
-.terraform/
-.terraform.lock.hcl
-terraform.tfstate
-terraform.tfstate.backup
+**/.env
+**/.terraform/
+**/.terraform.lock.hcl
+**/terraform.tfstate
+**/terraform.tfstate.backup

infra/terraform/README.md

@@ -35,3 +35,5 @@ tofu init
 tofu plan
 tofu apply
 ```
+
+## Kubernetes and Helm

infra/terraform/kubernetes/backend.tf

@@ -0,0 +1,14 @@
+terraform {
+  backend "s3" {
+    bucket                      = "terraform-state" # Name of the MinIO bucket
+    key                         = "proxmox/terraform.tfstate" # Path to the state file in the bucket
+    endpoint                    = var.minio_endpoint # MinIO API endpoint
+    access_key                  = var.minio_access_key # MinIO access key
+    secret_key                  = var.minio_secret_key # MinIO secret key
+    region                      = "us-east-1" # Arbitrary region (MinIO ignores this)
+    skip_credentials_validation = true # Skip AWS-specific credential checks
+    skip_metadata_api_check     = true # Skip AWS metadata API checks
+    skip_region_validation      = true # Skip AWS region validation
+    use_path_style              = true # Use path-style URLs[](http://<host>/<bucket>)
+  }
+}

infra/terraform/kubernetes/main.tf

@@ -0,0 +1,22 @@
+terraform {
+    required_providers {
+        kubernetes = {
+        source  = "hashicorp/kubernetes"
+        version = "2.37.1"
+        }
+        helm = {
+            source  = "hashicorp/helm"
+            version = "3.0.2"
+        }
+    }
+}
+
+provider "kubernetes" {
+    config_path = "~/.kube/config"
+}
+
+provider "helm" {
+    kubernetes {
+        config_path = "~/.kube/config"
+    }
+}

infra/terraform/kubernetes/portfolio.tf

@@ -0,0 +1,50 @@
+resource "kubernetes_namespace" "portfolio" {
+  metadata {
+    name = "my-portfolio"
+  }
+}
+
+resource "kubernetes_secret" "docker_secret" {
+  metadata {
+    name      = "docker-registry-credentials"
+    namespace = "my-portfolio"
+  }
+
+  type = "kubernetes.io/dockerconfigjson"
+
+  data = {
+    ".dockerconfigjson" = jsonencode({
+      auths = {
+        "${var.docker_registry_host}" = {
+          username = var.docker_username
+          password = var.docker_password
+          auth     = base64encode("${var.docker_username}:${var.docker_password}")
+        }
+      }
+    })
+  }
+
+  depends_on = [kubernetes_namespace.portfolio]
+}
+
+locals {
+  # Read and process the YAML file with placeholders
+  manifest_content = templatefile("../../../kubernetes/my-portfolio/portfolioManifest.yaml", {
+    PORTFOLIO_HOST  = var.portfolio_host
+    DOCKER_REGISTRY_HOST = var.docker_registry_host
+  })
+  # Split into individual documents
+  manifest_documents = split("---", replace(local.manifest_content, "/\\n\\s*\\n/", "---"))
+}
+
+resource "kubernetes_manifest" "portfolio_manifest" {
+  for_each = { for i, doc in local.manifest_documents : i => doc if trimspace(doc) != "" }
+
+  manifest = yamldecode(each.value)
+
+  field_manager {
+    force_conflicts = true
+  }
+
+  depends_on = [kubernetes_namespace.portfolio]
+}

infra/terraform/kubernetes/variables.tf

@@ -0,0 +1,35 @@
+# variables for minio backend configuration
+variable "minio_access_key" {
+  description = "MinIO access key"
+  type        = string
+}
+
+variable "minio_secret_key" {
+  description = "MinIO secret key"
+  type        = string
+}
+
+variable "minio_endpoint" {
+  description = "MinIO API endpoint"
+  type        = string
+}
+
+variable "portfolio_host" {
+  description = "Host for the portfolio application"
+  type        = string
+}
+
+variable "docker_registry_host" {
+  description = "Host for the Docker registry"
+  type        = string
+}
+
+variable "docker_username" {
+  description = "Docker registry username"
+  type        = string
+}
+
+variable "docker_password" {
+  description = "Docker registry password"
+  type        = string
+}