add(tf): #42 - k8s module

deploy/terraform/modules/k8s/main.tf

@@ -0,0 +1,39 @@
+resource "scaleway_k8s_cluster" "k8s_cluster" {
+  project_id  = var.scw_project_id
+  name        = var.cluster.name
+  tags        = var.cluster.tags
+  version     = var.cluster.version
+  cni         = var.cluster.cni
+
+  auto_upgrade {
+    enable                        = true
+    maintenance_window_day        = var.cluster.maintenance_window_day
+    maintenance_window_start_hour = var.cluster.maintenance_window_start_hour
+  }
+
+  autoscaler_config {
+    disable_scale_down              = false
+    scale_down_delay_after_add      = "5m"
+    estimator                       = "binpacking"
+    expander                        = "random"
+    ignore_daemonsets_utilization   = true
+    balance_similar_node_groups     = true
+    expendable_pods_priority_cutoff = -5
+  }
+}
+
+resource "scaleway_k8s_pool" "k8s_pool" {
+  depends_on = [scaleway_k8s_cluster.k8s_cluster]
+
+  cluster_id          = scaleway_k8s_cluster.k8s_cluster.id
+  name                = var.pool.name
+  tags                = var.pool.tags
+  node_type           = var.pool.type
+  size                = var.pool.min_size
+  min_size            = var.pool.min_size
+  max_size            = var.pool.max_size
+  autoscaling         = true
+  autohealing         = true
+  wait_for_pool_ready = true
+  container_runtime   = "containerd"
+}

deploy/terraform/modules/k8s/outputs.tf

@@ -0,0 +1,19 @@
+output "cluster_cluster_id" {
+  value = scaleway_k8s_cluster.k8s_cluster.id
+}
+
+output "cluster_host" {
+  value = scaleway_k8s_cluster.k8s_cluster.kubeconfig[0].host
+}
+
+output "cluster_token" {
+  value = scaleway_k8s_cluster.k8s_cluster.kubeconfig[0].token
+}
+
+output "cluster_ca_certificate" {
+  value = scaleway_k8s_cluster.k8s_cluster.kubeconfig[0].cluster_ca_certificate
+}
+
+output "cluster_pool_id" {
+  value = scaleway_k8s_pool.k8s_pool.id
+}

deploy/terraform/modules/k8s/packages.tf

@@ -0,0 +1,67 @@
+resource "kubernetes_namespace" "ingress" {
+  count = var.install_ingress ? 1 : 0
+  metadata {
+    name = "ingress"
+  }
+}
+
+resource "helm_release" "ingress" {
+  depends_on = [kubernetes_namespace.ingress]
+  count      = var.install_ingress ? 1 : 0
+
+  name      = "ingress-nginx"
+  namespace = "ingress"
+
+  repository = "https://kubernetes.github.io/ingress-nginx"
+  chart      = "ingress-nginx"
+
+  // enable to avoid node forwarding
+  set {
+    name  = "controller.service.externalTrafficPolicy"
+    value = "Local"
+  }
+}
+
+resource "kubernetes_namespace" "cert_manager" {
+  count = var.install_cert_manager ? 1 : 0
+  metadata {
+    name = "cert-manager"
+  }
+}
+
+resource "helm_release" "cert_manager" {
+  depends_on = [kubernetes_namespace.cert_manager]
+  count      = var.install_cert_manager ? 1 : 0
+
+  name      = "cert-manager"
+  namespace = "cert-manager"
+
+  repository = "https://charts.jetstack.io"
+  chart      = "cert-manager"
+  set {
+    name  = "installCRDs"
+    value = "true"
+  }
+}
+
+resource "kubectl_manifest" "cluster_issuer" {
+  depends_on = [helm_release.cert_manager]
+  count      = var.install_cert_manager ? 1 : 0
+
+  yaml_body = <<YAML
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    email: [email protected]
+    server: "https://acme-v02.api.letsencrypt.org/directory"
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
+YAML
+}

deploy/terraform/modules/k8s/providers.tf

@@ -0,0 +1,22 @@
+terraform {
+  required_version = ">= 0.13"
+
+  required_providers {
+    scaleway = {
+      source  = "scaleway/scaleway"
+      version = "2.2.0"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.9.0"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "2.4.1"
+    }
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = "1.13.1"
+    }
+  }
+}

deploy/terraform/modules/k8s/variables.tf

@@ -0,0 +1,43 @@
+# Scaleway authentification -----------------------------------------
+
+variable "scw_project_id" {
+  type        = string
+  description = "Scaleway current project ID."
+}
+
+# Kubernetes --------------------------------------------------------
+
+variable "cluster" {
+  type = object({
+    name                          = string
+    tags                          = set(string)
+    version                       = string
+    cni                           = string
+    maintenance_window_day        = string
+    maintenance_window_start_hour = number
+  })
+  description = "The Kubernetes cluster where the different environments/namespaces will be created."
+}
+
+variable "pool" {
+  type = object({
+    name     = string
+    tags     = set(string)
+    type     = string
+    min_size = number
+    max_size = number
+  })
+  description = "The Kubernetes node pool  where the different environments/namespaces will be created."
+}
+
+variable "install_ingress" {
+  type        = bool
+  description = "Install Ingress"
+  default     = true
+}
+
+variable "install_cert_manager" {
+  type        = bool
+  description = "Install Cert Manager"
+  default     = true
+}