diff --git a/.tekton/external.yaml b/.tekton/external.yaml index 8140c91c..07a227ff 100644 --- a/.tekton/external.yaml +++ b/.tekton/external.yaml @@ -20,7 +20,7 @@ spec: volumes: - name: terraform-secrets secret: - secretName: terraform + secretName: terraform-secrets steps: - name: lint args: diff --git a/external/Makefile b/external/Makefile index 142a14fa..1799145f 100644 --- a/external/Makefile +++ b/external/Makefile @@ -3,20 +3,26 @@ KUBE_CONFIG_PATH = ../metal/kubeconfig.yaml -default: apply +default: apply terraform-secrets ~/.terraform.d/credentials.tfrc.json: terraform login terraform.tfvars: - ansible-playbook secrets.yml + ansible-playbook tfvars.yml .terraform.lock.hcl: ~/.terraform.d/credentials.tfrc.json versions.tf terraform.tfvars terraform init touch .terraform.lock.hcl +namespaces: + ansible-playbook namespaces.yml + plan: .terraform.lock.hcl terraform plan -apply: .terraform.lock.hcl - terraform apply -auto-approve +apply: .terraform.lock.hcl namespaces + terraform apply + +terraform-secrets: + ansible-playbook terraform-secrets.yml diff --git a/external/namespaces.yml b/external/namespaces.yml new file mode 100644 index 00000000..1a9fda91 --- /dev/null +++ b/external/namespaces.yml @@ -0,0 +1,13 @@ +- hosts: localhost + tasks: + - name: Ensure required namespaces exist + kubernetes.core.k8s: + api_version: v1 + kind: Namespace + name: "{{ item }}" + state: present + loop: + - tekton-pipelines + - cert-manager + - external-dns + - cloudflared diff --git a/external/secrets.yml b/external/secrets.yml deleted file mode 100644 index ecf01143..00000000 --- a/external/secrets.yml +++ /dev/null @@ -1,45 +0,0 @@ -# pip install kuberentes -- name: Bootstrap external secrets - hosts: localhost - vars_prompt: - - name: cloudflare_email - prompt: Enter Cloudflare email - private: no - - name: cloudflare_api_key - prompt: Enter Cloudflare API Key (sensitive) - - name: cloudflare_account_id - prompt: Enter Cloudflare account ID - private: no - - name: b2_application_key_id - prompt: Enter Backblaze application key ID - private: no - - name: b2_application_key - prompt: Enter Backblaze application key (sensitive) - tasks: - - name: Render environment file - template: - src: ./terraform.tfvars.j2 - dest: ./terraform.tfvars - - name: Ensure required namespaces exist - kubernetes.core.k8s: - api_version: v1 - kind: Namespace - name: "{{ item }}" - state: present - loop: - - tekton-pipelines - - cert-manager - - external-dns - - cloudflared - - name: Add Terraform secrets to Tekton namespace - kubernetes.core.k8s: - definition: - apiVersion: v1 - kind: Secret - type: Opaque - metadata: - name: terraform - namespace: tekton-pipelines - data: - credentials.tfrc.json: "{{ lookup('file', '~/.terraform.d/credentials.tfrc.json') | b64encode }}" - terraform.tfvars: "{{ lookup('file', './terraform.tfvars') | b64encode }}" diff --git a/external/terraform-secrets.yml b/external/terraform-secrets.yml new file mode 100644 index 00000000..04e2a349 --- /dev/null +++ b/external/terraform-secrets.yml @@ -0,0 +1,15 @@ +# pip install kuberentes +- hosts: localhost + tasks: + - name: Inject Terraform secrets to Tekton namespace + kubernetes.core.k8s: + definition: + apiVersion: v1 + kind: Secret + type: Opaque + metadata: + name: terraform-secrets + namespace: tekton-pipelines + data: + credentials.tfrc.json: "{{ lookup('file', '~/.terraform.d/credentials.tfrc.json') | b64encode }}" + terraform.tfvars: "{{ lookup('file', './terraform.tfvars') | b64encode }}" diff --git a/external/tfvars.yml b/external/tfvars.yml new file mode 100644 index 00000000..a2963ed0 --- /dev/null +++ b/external/tfvars.yml @@ -0,0 +1,21 @@ +- name: Bootstrap external secrets + hosts: localhost + vars_prompt: + - name: cloudflare_email + prompt: Enter Cloudflare email + private: no + - name: cloudflare_api_key + prompt: Enter Cloudflare API Key (sensitive) + - name: cloudflare_account_id + prompt: Enter Cloudflare account ID + private: no + - name: b2_application_key_id + prompt: Enter Backblaze application key ID + private: no + - name: b2_application_key + prompt: Enter Backblaze application key (sensitive) + tasks: + - name: Render environment file + template: + src: ./terraform.tfvars.j2 + dest: ./terraform.tfvars