taqi/homeserver
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

infra/terraform: add k8s module file for my portfolio

Browse Source 
- added k8s module file for my portfolio manifest
This commit is contained in:
Taqi Tahmid
2025-06-30 22:42:32 +03:00
parent 79e532d856
commit ead2340294
9 changed files with 141 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
infra/terraform/.gitignore vendored
View File

@ -1,5 +1,6 @@
.env
.terraform/
.terraform.lock.hcl
terraform.tfstate
terraform.tfstate.backup
**/.env
**/.terraform/
**/.terraform.lock.hcl
**/terraform.tfstate
**/terraform.tfstate.backup

2
infra/terraform/README.md
View File

@ -35,3 +35,5 @@ tofu init
tofu plan
tofu apply
```
## Kubernetes and Helm

14
infra/terraform/kubernetes/backend.tf Normal file
View File

@ -0,0 +1,14 @@
terraform {
backend "s3" {
bucket = "terraform-state" # Name of the MinIO bucket
key = "proxmox/terraform.tfstate" # Path to the state file in the bucket
endpoint = var.minio_endpoint # MinIO API endpoint
access_key = var.minio_access_key # MinIO access key
secret_key = var.minio_secret_key # MinIO secret key
region = "us-east-1" # Arbitrary region (MinIO ignores this)
skip_credentials_validation = true # Skip AWS-specific credential checks
skip_metadata_api_check = true # Skip AWS metadata API checks
skip_region_validation = true # Skip AWS region validation
use_path_style = true # Use path-style URLs[](http://<host>/<bucket>)
}
}

22
infra/terraform/kubernetes/main.tf Normal file
View File

@ -0,0 +1,22 @@
terraform {
required_providers {
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.37.1"
}
helm = {
source = "hashicorp/helm"
version = "3.0.2"
}
}
}
provider "kubernetes" {
config_path = "~/.kube/config"
}
provider "helm" {
kubernetes {
config_path = "~/.kube/config"
}
}

50
infra/terraform/kubernetes/portfolio.tf Normal file
View File

@ -0,0 +1,50 @@
resource "kubernetes_namespace" "portfolio" {
metadata {
name = "my-portfolio"
}
}
resource "kubernetes_secret" "docker_secret" {
metadata {
name = "docker-registry-credentials"
namespace = "my-portfolio"
}
type = "kubernetes.io/dockerconfigjson"
data = {
".dockerconfigjson" = jsonencode({
auths = {
"${var.docker_registry_host}" = {
username = var.docker_username
password = var.docker_password
auth = base64encode("${var.docker_username}:${var.docker_password}")
}
}
})
}
depends_on = [kubernetes_namespace.portfolio]
}
locals {
# Read and process the YAML file with placeholders
manifest_content = templatefile("../../../kubernetes/my-portfolio/portfolioManifest.yaml", {
PORTFOLIO_HOST = var.portfolio_host
DOCKER_REGISTRY_HOST = var.docker_registry_host
})
# Split into individual documents
manifest_documents = split("---", replace(local.manifest_content, "/\\n\\s*\\n/", "---"))
}
resource "kubernetes_manifest" "portfolio_manifest" {
for_each = { for i, doc in local.manifest_documents : i => doc if trimspace(doc) != "" }
manifest = yamldecode(each.value)
field_manager {
force_conflicts = true
}
depends_on = [kubernetes_namespace.portfolio]
}

35
infra/terraform/kubernetes/variables.tf Normal file
View File

@ -0,0 +1,35 @@
# variables for minio backend configuration
variable "minio_access_key" {
description = "MinIO access key"
type = string
}
variable "minio_secret_key" {
description = "MinIO secret key"
type = string
}
variable "minio_endpoint" {
description = "MinIO API endpoint"
type = string
}
variable "portfolio_host" {
description = "Host for the portfolio application"
type = string
}
variable "docker_registry_host" {
description = "Host for the Docker registry"
type = string
}
variable "docker_username" {
description = "Docker registry username"
type = string
}
variable "docker_password" {
description = "Docker registry password"
type = string
}

5
kubernetes/README.md
View File

@ -213,7 +213,7 @@ registry.
kubectl create namespace my-portfolio
source .env
kubectl create secret docker-registry my-registry-secret \
kubectl create secret docker-registry docker-registry-credentials \
--docker-server="$DOCKER_REGISTRY_HOST" \
--docker-username="$DOCKER_USER" \
--docker-password="$DOCKER_PASSWORD" \
@ -611,9 +611,10 @@ envsubst < gitea/configMap.yaml | kubectl apply -n gitea -f -
helm upgrade --install gitea gitea-charts/gitea -f gitea/values.yaml \
--namespace gitea \
--version 10.0.0 \
--atomic \
--set ingress.hosts[0].host=$GITEA_HOST \
--set ingress.tls[0].hosts[0]=$DNSNAME \
--set ingress.tls[0].hosts[0]=$GITEA_HOST \
--set gitea.admin.username=$GITEA_USER \
--set gitea.admin.password=$GITEA_PASSWORD \
--set gitea.admin.email=$GITEA_EMAIL \

7
kubernetes/gitea/values.yaml
View File

@ -15,6 +15,7 @@ gitea:
email: email
image:
registry: ghcr.io
repository: gitea
tag: 1.23.7
@ -45,13 +46,17 @@ resources:
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.entrypoints: websecure
cert-manager.io/cluster-issuer: "acme-issuer"
hosts:
- host: git.example.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: wildcard-cert-secret
- secretName: gitea-tls-cert
hosts:
- "*.example.com"

5
kubernetes/my-portfolio/portfolioManifest.yaml
View File

@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: portfolio-app
namespace: my-portfolio
labels:
app: portfolio-app
spec:
@ -15,7 +16,7 @@ spec:
app: portfolio-app
spec:
imagePullSecrets:
- name: my-registry-secret
- name: docker-registry-credentials
containers:
- name: portfolio-app
image: "${DOCKER_REGISTRY_HOST}/taqi/portfolio/my-portfolio-app:latest"
@ -29,6 +30,7 @@ apiVersion: v1
kind: Service
metadata:
name: portfolio-app-svc
namespace: my-portfolio
spec:
type: ClusterIP
ports:
@ -42,6 +44,7 @@ apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: portfolio
namespace: my-portfolio
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
cert-manager.io/cluster-issuer: "acme-issuer"