khuedoan-homelab/infra/modules/kubernetes-cluster-bootstrap/main.tf

resource "helm_release" "metallb" {
  name       = "metallb"
  repository = "https://charts.bitnami.com/bitnami"
  chart      = "metallb"
  version    = "2.3.5"

  namespace        = "metallb-system"
  create_namespace = true

  set {
    name  = "configInline"
    # TODO use ./values/metallb.yaml for this
    value = <<EOT
      address-pools:
      - name: default
        protocol: layer2
        addresses:
        - 192.168.1.150-192.168.1.180
    EOT
  }
}

resource "helm_release" "nginx" {
  name       = "ingress-nginx"
  repository = "https://kubernetes.github.io/ingress-nginx"
  chart      = "ingress-nginx"
  version    = "3.29.0"

  namespace        = "ingress-nginx"
  create_namespace = true
}

# TODO (optimize) should cert manager be part of bootstrap?
resource "helm_release" "cert_manager" {
  name       = "cert-manager"
  repository = "https://charts.jetstack.io"
  chart      = "cert-manager"
  version    = "1.3.1"

  namespace        = "cert-manager"
  create_namespace = true

  # TODO use ./values/cert-manager.yaml for this
  set {
    name  = "installCRDs"
    value = "true"
  }
}

resource "helm_release" "prometheus" {
  name       = "kube-prometheus-stack"
  repository = "https://prometheus-community.github.io/helm-charts"
  chart      = "kube-prometheus-stack"
  version    = "15.1.1"

  namespace        = "monitoring-system"
  create_namespace = true
}

resource "helm_release" "longhorn" {
  name       = "longhorn"
  repository = "https://charts.longhorn.io"
  chart      = "longhorn"
  version    = "1.1.0"

  namespace        = "longhorn-system"
  create_namespace = true
}

# TODO move Vault out of bootstrap
resource "helm_release" "vault" {
  name       = "vault"
  repository = "https://helm.releases.hashicorp.com"
  chart      = "vault"
  # TODO upgrade vault helm version
  version    = "0.8.0"

  namespace        = "vault"
  create_namespace = true

  # TODO HA Vault
  # TODO Auto unseal Vault
}

# TODO automatic ingress and tunnel for all services
Move core services to new module 2021-04-20 19:24:23 +07:00			`resource "helm_release" "metallb" {`
			`name = "metallb"`
			`repository = "https://charts.bitnami.com/bitnami"`
			`chart = "metallb"`
Upgrade metallb, nginx and prometheus version 2021-04-22 00:16:23 +07:00			`version = "2.3.5"`
Move core services to new module 2021-04-20 19:24:23 +07:00
			`namespace = "metallb-system"`
			`create_namespace = true`

			`set {`
			`name = "configInline"`
			`# TODO use ./values/metallb.yaml for this`
			`value = <<EOT`
			`address-pools:`
			`- name: default`
			`protocol: layer2`
			`addresses:`
			`- 192.168.1.150-192.168.1.180`
			`EOT`
			`}`
			`}`

			`resource "helm_release" "nginx" {`
			`name = "ingress-nginx"`
			`repository = "https://kubernetes.github.io/ingress-nginx"`
			`chart = "ingress-nginx"`
Upgrade metallb, nginx and prometheus version 2021-04-22 00:16:23 +07:00			`version = "3.29.0"`
Move core services to new module 2021-04-20 19:24:23 +07:00
			`namespace = "ingress-nginx"`
			`create_namespace = true`
			`}`

Upgrade cert manager and longhorn version 2021-04-22 01:05:10 +07:00			`# TODO (optimize) should cert manager be part of bootstrap?`
Move core services to new module 2021-04-20 19:24:23 +07:00			`resource "helm_release" "cert_manager" {`
			`name = "cert-manager"`
			`repository = "https://charts.jetstack.io"`
			`chart = "cert-manager"`
Upgrade cert manager and longhorn version 2021-04-22 01:05:10 +07:00			`version = "1.3.1"`
Move core services to new module 2021-04-20 19:24:23 +07:00
			`namespace = "cert-manager"`
			`create_namespace = true`

			`# TODO use ./values/cert-manager.yaml for this`
			`set {`
			`name = "installCRDs"`
			`value = "true"`
			`}`
			`}`

			`resource "helm_release" "prometheus" {`
			`name = "kube-prometheus-stack"`
			`repository = "https://prometheus-community.github.io/helm-charts"`
			`chart = "kube-prometheus-stack"`
Upgrade metallb, nginx and prometheus version 2021-04-22 00:16:23 +07:00			`version = "15.1.1"`
Move core services to new module 2021-04-20 19:24:23 +07:00
			`namespace = "monitoring-system"`
			`create_namespace = true`
			`}`

			`resource "helm_release" "longhorn" {`
			`name = "longhorn"`
			`repository = "https://charts.longhorn.io"`
			`chart = "longhorn"`
Upgrade cert manager and longhorn version 2021-04-22 01:05:10 +07:00			`version = "1.1.0"`
Move core services to new module 2021-04-20 19:24:23 +07:00
			`namespace = "longhorn-system"`
			`create_namespace = true`
			`}`

Upgrade cert manager and longhorn version 2021-04-22 01:05:10 +07:00			`# TODO move Vault out of bootstrap`
Move core services to new module 2021-04-20 19:24:23 +07:00			`resource "helm_release" "vault" {`
			`name = "vault"`
			`repository = "https://helm.releases.hashicorp.com"`
			`chart = "vault"`
			`# TODO upgrade vault helm version`
			`version = "0.8.0"`

			`namespace = "vault"`
			`create_namespace = true`

			`# TODO HA Vault`
			`# TODO Auto unseal Vault`
			`}`

			`# TODO automatic ingress and tunnel for all services`