some new setup

2025-09-02 07:25:44 +02:00
parent fdb5df5204
commit 9286c98073
14 changed files with 438 additions and 1 deletions
--- a/infrastructure-admin/main.tf
+++ b/infrastructure-admin/main.tf
@@ -0,0 +1,263 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "Telmate/proxmox"
+      version = "3.0.2-rc04"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "3.7.2"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.38.0"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "3.0.2"
+    }
+  }
+}
+
+provider "proxmox" {
+  pm_api_url      = var.proxmox_url
+  pm_user         = var.proxmox_user
+  pm_password     = var.proxmox_password
+  pm_tls_insecure = var.proxmox_tls_insecure
+}
+
+# ----------------------
+# Generate k3s token
+# ----------------------
+resource "random_password" "k3s_token" {
+  length  = 32
+  special = false
+}
+
+# ----------------------
+# Controller VM
+# ----------------------
+resource "proxmox_vm_qemu" "controller" {
+  name        = "k3s-controller"
+  target_node = var.target_nodes["controller"]
+  clone       = var.template_id
+  full_clone  = true
+  cores       = 2
+  sockets     = 1
+  memory      = 4096
+  scsihw      = "virtio-scsi-pci"
+  disk {
+    size    = "20G"
+    storage = var.storage
+    type    = "scsi"
+  }
+  network { bridge = var.bridge }
+  ipconfig0 = "ip=${var.controller_ip}/${var.netmask},gw=${var.gateway}"
+  ciuser = "ubuntu"
+  citype = "cloud-init"
+  sshkeys = var.ssh_public_key
+
+  cicustom = <<EOT
+#cloud-config
+package_update: true
+packages:
+  - curl
+runcmd:
+  - |
+    curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server --cluster-init --token=${random_password.k3s_token.result} --write-kubeconfig-mode=644" sh -
+EOT
+}
+
+# ----------------------
+# Worker 1 VM
+# ----------------------
+resource "proxmox_vm_qemu" "worker1" {
+  name        = "k3s-worker1"
+  target_node = var.target_nodes["worker1"]
+  clone       = var.template_id
+  full_clone  = true
+  cores       = 2
+  sockets     = 1
+  memory      = 4096
+  scsihw      = "virtio-scsi-pci"
+  disk { size = "20G", storage = var.storage, type = "scsi" }
+  network { bridge = var.bridge }
+  ipconfig0 = "ip=${var.worker1_ip}/${var.netmask},gw=${var.gateway}"
+  ciuser = "ubuntu"
+  citype = "cloud-init"
+  sshkeys = var.ssh_public_key
+
+  cicustom = <<EOT
+#cloud-config
+package_update: true
+packages:
+  - curl
+runcmd:
+  - |
+    curl -sfL https://${var.controller_ip}:6443 | K3S_URL=https://${var.controller_ip}:6443 K3S_TOKEN=${random_password.k3s_token.result} sh -
+EOT
+}
+
+# ----------------------
+# Worker 2 VM
+# ----------------------
+resource "proxmox_vm_qemu" "worker2" {
+  name        = "k3s-worker2"
+  target_node = var.target_nodes["worker2"]
+  clone       = var.template_id
+  full_clone  = true
+  cores       = 2
+  sockets     = 1
+  memory      = 4096
+  scsihw      = "virtio-scsi-pci"
+  disk { size = "20G", storage = var.storage, type = "scsi" }
+  network { bridge = var.bridge }
+  ipconfig0 = "ip=${var.worker2_ip}/${var.netmask},gw=${var.gateway}"
+  ciuser = "ubuntu"
+  citype = "cloud-init"
+  sshkeys = var.ssh_public_key
+
+  cicustom = <<EOT
+#cloud-config
+package_update: true
+packages:
+  - curl
+runcmd:
+  - |
+    curl -sfL https://${var.controller_ip}:6443 | K3S_URL=https://${var.controller_ip}:6443 K3S_TOKEN=${random_password.k3s_token.result} sh -
+EOT
+}
+
+# ----------------------
+# Kubernetes & Helm Providers (after cluster is ready)
+# ----------------------
+provider "kubernetes" {
+  config_path = "~/.kube/config"
+}
+
+provider "helm" {
+  kubernetes {
+    config_path = "~/.kube/config"
+  }
+}
+
+# ----------------------
+# Namespaces
+# ----------------------
+resource "kubernetes_namespace" "infra" { metadata { name = "infra" } }
+resource "kubernetes_namespace" "devops" { metadata { name = "devops" } }
+resource "kubernetes_namespace" "monitoring" { metadata { name = "monitoring" } }
+
+# ----------------------
+# Ingress
+# ----------------------
+resource "helm_release" "nginx_ingress" {
+  name       = "nginx-ingress"
+  namespace  = kubernetes_namespace.infra.metadata[0].name
+  repository = "https://kubernetes.github.io/ingress-nginx"
+  chart      = "ingress-nginx"
+  version    = "4.10.0"
+}
+
+# ----------------------
+# cert-manager
+# ----------------------
+resource "helm_release" "cert_manager" {
+  name       = "cert-manager"
+  namespace  = kubernetes_namespace.infra.metadata[0].name
+  repository = "https://charts.jetstack.io"
+  chart      = "cert-manager"
+  version    = "v1.15.1"
+  values     = [<<EOT
+installCRDs: true
+EOT
+  ]
+  depends_on = [helm_release.nginx_ingress]
+}
+
+# ----------------------
+# CoreDNS authoritative for lab.local
+# ----------------------
+resource "helm_release" "coredns" {
+  name       = "coredns-ext"
+  namespace  = kubernetes_namespace.infra.metadata[0].name
+  repository = "https://coredns.github.io/helm"
+  chart      = "coredns"
+  version    = "1.30.0"
+  values     = [file("${path.module}/values/coredns-values.yaml")]
+}
+
+# ----------------------
+# NTP Deployment
+# ----------------------
+resource "kubernetes_deployment" "ntp" {
+  metadata { name = "ntp-server", namespace = kubernetes_namespace.infra.metadata[0].name }
+  spec {
+    replicas = 1
+    selector { match_labels = { app = "ntp-server" } }
+    template {
+      metadata { labels = { app = "ntp-server" } }
+      spec {
+        container {
+          name  = "ntp"
+          image = "cturra/ntp:latest"
+          port { container_port = 123, protocol = "UDP" }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "ntp" {
+  metadata { name = "ntp-service", namespace = kubernetes_namespace.infra.metadata[0].name }
+  spec {
+    type = "LoadBalancer"
+    port { port = 123, target_port = 123, protocol = "UDP" }
+    selector = { app = "ntp-server" }
+  }
+}
+
+# ----------------------
+# GitLab Helm Release
+# ----------------------
+resource "helm_release" "gitlab" {
+  name       = "gitlab"
+  namespace  = kubernetes_namespace.devops.metadata[0].name
+  repository = "https://charts.gitlab.io/"
+  chart      = "gitlab"
+  version    = "7.7.0"
+  values     = [file("${path.module}/values/gitlab-values.yaml")]
+  depends_on = [helm_release.nginx_ingress, helm_release.cert_manager]
+}
+
+# ----------------------
+# Logging Stack
+# ----------------------
+resource "helm_release" "loki" {
+  name       = "loki"
+  namespace  = kubernetes_namespace.monitoring.metadata[0].name
+  repository = "https://grafana.github.io/helm-charts"
+  chart      = "loki"
+  version    = "5.41.4"
+  values     = [file("${path.module}/values/loki-values.yaml")]
+}
+
+resource "helm_release" "promtail" {
+  name       = "promtail"
+  namespace  = kubernetes_namespace.monitoring.metadata[0].name
+  repository = "https://grafana.github.io/helm-charts"
+  chart      = "promtail"
+  version    = "6.15.5"
+  values     = [file("${path.module}/values/promtail-values.yaml")]
+  depends_on = [helm_release.loki]
+}
+
+resource "helm_release" "grafana" {
+  name       = "grafana"
+  namespace  = kubernetes_namespace.monitoring.metadata[0].name
+  repository = "https://grafana.github.io/helm-charts"
+  chart      = "grafana"
+  version    = "7.3.9"
+  values     = [file("${path.module}/values/grafana-values.yaml")]
+  depends_on = [helm_release.loki]
+}