-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.tf
182 lines (160 loc) · 7.25 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
# ---------------------------------------------------------------------------------------------------------------------
# DEPLOY A CARDANO NODE IN AZURE
# These templates show an example of how to use the cardano-cluster module to deploy Cardano in Azure. We deploy relay
# and producer pods in the same cluster and secure communication using Calico plugin and network traffic policies.
# ---------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# REQUIRE A SPECIFIC TERRAFORM VERSION OR HIGHER
# ----------------------------------------------------------------------------------------------------------------------
terraform {
# This module is now only being tested with Terraform 1.0.x. However, to make upgrading easier, we are setting
# 0.14.0 as the minimum version, as that version added support for validation and the alltrue function
# Removing the validation completely will yield a version compatible with 0.12.26 as that added support for
# required_providers with source URLs
required_version = ">= 0.12.26"
required_providers {
azurerm = {
version = "=2.83.0"
}
helm = {}
kubernetes = {}
}
}
provider "azurerm" {
features {
key_vault {
purge_soft_delete_on_destroy = true
}
}
}
provider "kubernetes" {
host = module.cardano_cluster.kube_config.0.host
token = module.cardano_cluster.kube_config.0.password
client_certificate = base64decode(module.cardano_cluster.kube_config.0.client_certificate)
client_key = base64decode(module.cardano_cluster.kube_config.0.client_key)
cluster_ca_certificate = base64decode(module.cardano_cluster.kube_config.0.cluster_ca_certificate)
}
provider "helm" {
kubernetes {
host = module.cardano_cluster.kube_config.0.host
client_certificate = base64decode(module.cardano_cluster.kube_config.0.client_certificate)
client_key = base64decode(module.cardano_cluster.kube_config.0.client_key)
cluster_ca_certificate = base64decode(module.cardano_cluster.kube_config.0.cluster_ca_certificate)
}
}
# ---------------------------------------------------------------------------------------------------------------------
# AUTOMATICALLY LOOK UP THE ACTIVE AZURE SUBSCRIPTION
# ---------------------------------------------------------------------------------------------------------------------
data "azurerm_client_config" "current" {
}
# ---------------------------------------------------------------------------------------------------------------------
# DEPLOY THE KUBERNETES CLUSTER NODES
# ---------------------------------------------------------------------------------------------------------------------
resource "random_pet" "example" {
}
resource "random_string" "number" {
length = 7
special = false
lower = false
upper = false
number = true
}
resource "azurerm_resource_group" "rg" {
name = coalesce(var.resource_group_name, random_pet.example.id)
location = var.location
tags = merge(
{
Name = var.resource_group_name
},
var.tags,
)
}
resource "tls_private_key" "id_rsa" {
algorithm = "RSA"
rsa_bits = 4096
}
locals {
cluster_name = format("%s%s-cluster", var.env, random_string.number.id)
}
module "cardano_cluster" {
# When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
# to a specific version of the modules, such as the following example:
# source = "git::[email protected]:regel/terraform-azure-cardano.git//modules/cluster?ref=v0.0.1"
source = "./modules/cluster"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
tags = var.tags
availability_zones = var.availability_zones
allow_cidrs = []
cluster_name = local.cluster_name
domain_name_label = coalesce(var.domain_name_label, random_pet.example.id)
public_ssh_key = tls_private_key.id_rsa.public_key_openssh
admin_username = "azureuser"
kubernetes_version = "1.24.6"
system_node_pool_node_count = 1
system_node_pool_vm_size = "Standard_DS2_v2"
user_node_pool_node_count = 1
user_node_pool_vm_size = "Standard_DS2_v2"
}
# ---------------------------------------------------------------------------------------------------------------------
# DEPLOY CONTAINERS IN THE KUBERNETES CLUSTER
# ---------------------------------------------------------------------------------------------------------------------
module "containers" {
# When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
# to a specific version of the modules, such as the following example:
# source = "git::[email protected]:regel/terraform-azure-cardano.git//modules/helm-cardano?ref=v0.0.1"
source = "./modules/helm-cardano"
release_name = coalesce(var.release_name, random_pet.example.id)
namespace = var.env
tenant_id = data.azurerm_client_config.current.tenant_id
dns_label_name = coalesce(var.domain_name_label, random_pet.example.id)
environment = var.env
pvc_size = var.pvc_size
pvc_source_enabled = var.pvc_source_enabled
pvc_source_url = var.pvc_source_url
cardano_helm_version = var.cardano_helm_version
cardano_image_version = var.cardano_image_version
identity = module.cardano_cluster.kubelet_client_id
csi_secrets_store_provider_enabled = true
vault_name = var.vault_name
prometheus_enabled = false
prometheus_namespace = "prometheus"
kube_config_raw = module.cardano_cluster.kube_config_raw
extra_values = yamlencode({
relay = {
resources = {
limits = {
cpu = format("%s", var.max_cpu)
memory = format("%sGi", var.max_mem_gb)
}
}
}
producer = {
resources = {
limits = {
cpu = format("%s", var.max_cpu)
memory = format("%sGi", var.max_mem_gb)
}
}
}
})
}
module "vault" {
# When using these modules in your own templates, you will need to use a Git URL with a ref attribute that pins you
# to a specific version of the modules, such as the following example:
# source = "git::[email protected]:regel/terraform-azure-cardano.git//modules/vault?ref=v0.0.1"
source = "./modules/vault"
vault_name = var.vault_name
location = var.location
resource_group_name = var.vault_resource_group_name
tenant_id = data.azurerm_client_config.current.tenant_id
allow_subnet_ids = [module.cardano_cluster.user_subnet_id]
cluster_principal_id = module.cardano_cluster.cluster_principal_id
kubelet_principal_id = module.cardano_cluster.kubelet_principal_id
sku_name = "standard"
allow_cidrs = ["${chomp(data.http.myip.body)}/32"]
allow_azuread_group = false
}
data "http" "myip" {
url = "http://ipv4.icanhazip.com"
}