feat(init): add new cluster (#56)

Author: nce

playground-cluster/.terraform.lock.hcl

@@ -0,0 +1,41 @@
+module "argocd" {
+  source = "../bootstrap/modules/argocd"
+
+  cluster_name = var.cluster_name
+}
+
+module "cert-manager" {
+  source = "../bootstrap/modules/cert-manager"
+}
+
+module "dex" {
+  source = "../bootstrap/modules/dex"
+
+  cluster_name = var.cluster_name
+
+  depends_on = [
+    module.argocd
+  ]
+}
+
+module "dns" {
+  source = "../bootstrap/modules/external-dns"
+
+  cluster_name     = var.cluster_name
+  dns_managed_zone = "adorsys.io."
+}
+
+module "external-secrets" {
+  source = "../bootstrap/modules/external-secrets"
+
+  cluster_name = var.cluster_name
+
+  # we need the default psp deployed
+  depends_on = [
+    module.argocd
+  ]
+}
+
+module "ingress" {
+  source = "../bootstrap/modules/ingress-nginx"
+}

playground-cluster/main.tf

@@ -0,0 +1,58 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: default
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default'
+    apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
+    seccomp.security.alpha.kubernetes.io/defaultProfileName:  'docker/default'
+    apparmor.security.beta.kubernetes.io/defaultProfileName:  'runtime/default'
+spec:
+  privileged: false
+  allowPrivilegeEscalation: false
+  allowedCapabilities: []  # default set of capabilities are implicitly allowed
+  volumes:
+    - 'configMap'
+    - 'emptyDir'
+    - 'projected'
+    - 'secret'
+    - 'downwardAPI'
+    - 'persistentVolumeClaim'
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    rule: 'RunAsAny'
+  seLinux:
+    rule: 'RunAsAny'
+  supplementalGroups:
+    rule: 'RunAsAny'
+  fsGroup:
+    rule: 'RunAsAny'
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: default-psp
+rules:
+  - apiGroups: ['policy']
+    resources: ['podsecuritypolicies']
+    verbs:     ['use']
+    resourceNames: ['default']
+  - apiGroups: ['extensions']
+    resources: ['podsecuritypolicies']
+    verbs:     ['use']
+    resourceNames: ['default']
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: default-psp
+roleRef:
+  kind: ClusterRole
+  name: default-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: Group
+    name: system:authenticated
+    apiGroup: rbac.authorization.k8s.io

playground-cluster/ops/podsecuritypolicy.yaml

@@ -0,0 +1,3 @@
+output "cluster_id" {
+  value = var.cluster_id
+}

playground-cluster/output.tf

@@ -0,0 +1,53 @@
+provider "helm" {
+  kubernetes {
+    config_path = ".kubeconfig"
+  }
+}
+
+provider "aws" {
+  region  = "eu-central-1"
+  profile = ""
+
+  default_tags {
+    tags = {
+      cluster = "playground"
+      service = "kaas"
+      Owner   = "ops"
+      Name    = "ops-k8s-bootstrap"
+    }
+  }
+}
+
+provider "kubectl" {
+  load_config_file = true
+  config_path      = ".kubeconfig"
+}
+
+provider "kubernetes" {
+  config_path = ".kubeconfig"
+}
+
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "4.47.0"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "2.8.0"
+    }
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = "1.14.0"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "2.16.1"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "3.4.3"
+    }
+  }
+}

playground-cluster/provider.tf

@@ -0,0 +1,10 @@
+terraform {
+
+  backend "s3" {
+    bucket = "ops-kaas-tfstate"
+    region = "eu-central-1"
+    key    = "playground-cluster.tfstate"
+
+    encrypt = true
+  }
+}

playground-cluster/terraform.tf

@@ -0,0 +1,13 @@
+variable "cluster_name" {
+  type        = string
+  description = "The commonly referred name of the cluster"
+
+  default = "playground"
+}
+
+variable "cluster_id" {
+  type        = string
+  description = "The commonly referred id of the cluster"
+
+  default = "z2zn272rbb"
+}