mirrors/khuedoan-homelab
1
0
Fork 0
mirror of https://github.com/khuedoan/homelab.git synced 2024-12-23 01:24:36 +07:00
Code Issues Packages Projects Releases Wiki Activity

refactor(external): create terraform secrets after apply

Browse Source
This commit is contained in:
Khue Doan 2021-12-25 10:52:07 +07:00
parent 27468592ce
commit c1ff305343
6 changed files with 60 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.tekton/external.yaml
View File

@ -20,7 +20,7 @@ spec:
volumes:
- name: terraform-secrets
secret:
secretName: terraform
secretName: terraform-secrets
steps:
- name: lint
args:

14
external/Makefile
View File

@ -3,20 +3,26 @@
KUBE_CONFIG_PATH = ../metal/kubeconfig.yaml
default: apply
default: apply terraform-secrets
~/.terraform.d/credentials.tfrc.json:
terraform login
terraform.tfvars:
ansible-playbook secrets.yml
ansible-playbook tfvars.yml
.terraform.lock.hcl: ~/.terraform.d/credentials.tfrc.json versions.tf terraform.tfvars
terraform init
touch .terraform.lock.hcl
namespaces:
ansible-playbook namespaces.yml
plan: .terraform.lock.hcl
terraform plan
apply: .terraform.lock.hcl
terraform apply -auto-approve
apply: .terraform.lock.hcl namespaces
terraform apply
terraform-secrets:
ansible-playbook terraform-secrets.yml

13
external/namespaces.yml Normal file
View File

@ -0,0 +1,13 @@
- hosts: localhost
tasks:
- name: Ensure required namespaces exist
kubernetes.core.k8s:
api_version: v1
kind: Namespace
name: "{{ item }}"
state: present
loop:
- tekton-pipelines
- cert-manager
- external-dns
- cloudflared

45
external/secrets.yml
View File

@ -1,45 +0,0 @@
# pip install kuberentes
- name: Bootstrap external secrets
hosts: localhost
vars_prompt:
- name: cloudflare_email
prompt: Enter Cloudflare email
private: no
- name: cloudflare_api_key
prompt: Enter Cloudflare API Key (sensitive)
- name: cloudflare_account_id
prompt: Enter Cloudflare account ID
private: no
- name: b2_application_key_id
prompt: Enter Backblaze application key ID
private: no
- name: b2_application_key
prompt: Enter Backblaze application key (sensitive)
tasks:
- name: Render environment file
template:
src: ./terraform.tfvars.j2
dest: ./terraform.tfvars
- name: Ensure required namespaces exist
kubernetes.core.k8s:
api_version: v1
kind: Namespace
name: "{{ item }}"
state: present
loop:
- tekton-pipelines
- cert-manager
- external-dns
- cloudflared
- name: Add Terraform secrets to Tekton namespace
kubernetes.core.k8s:
definition:
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: terraform
namespace: tekton-pipelines
data:
credentials.tfrc.json: "{{ lookup('file', '~/.terraform.d/credentials.tfrc.json') | b64encode }}"
terraform.tfvars: "{{ lookup('file', './terraform.tfvars') | b64encode }}"

15
external/terraform-secrets.yml Normal file
View File

@ -0,0 +1,15 @@
# pip install kuberentes
- hosts: localhost
tasks:
- name: Inject Terraform secrets to Tekton namespace
kubernetes.core.k8s:
definition:
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: terraform-secrets
namespace: tekton-pipelines
data:
credentials.tfrc.json: "{{ lookup('file', '~/.terraform.d/credentials.tfrc.json') | b64encode }}"
terraform.tfvars: "{{ lookup('file', './terraform.tfvars') | b64encode }}"

21
external/tfvars.yml Normal file
View File

@ -0,0 +1,21 @@
- name: Bootstrap external secrets
hosts: localhost
vars_prompt:
- name: cloudflare_email
prompt: Enter Cloudflare email
private: no
- name: cloudflare_api_key
prompt: Enter Cloudflare API Key (sensitive)
- name: cloudflare_account_id
prompt: Enter Cloudflare account ID
private: no
- name: b2_application_key_id
prompt: Enter Backblaze application key ID
private: no
- name: b2_application_key
prompt: Enter Backblaze application key (sensitive)
tasks:
- name: Render environment file
template:
src: ./terraform.tfvars.j2
dest: ./terraform.tfvars