diff --git a/deploy/.gitignore b/deploy/.gitignore new file mode 100644 index 0000000..d3e6177 --- /dev/null +++ b/deploy/.gitignore @@ -0,0 +1,37 @@ +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log +crash.*.log + +# Exclude all .tfvars files, which are likely to contain sensitive data, such as +# password, private keys, and other secrets. These should not be part of version +# control as they are data points which are potentially sensitive and subject +# to change depending on the environment. +*.tfvars +*.tfvars.json + +# Ignore override files as they are usually used to override resources locally and so +# are not checked in +override.tf +override.tf.json +*_override.tf +*_override.tf.json + +# Include override files you do wish to add to version control using negated pattern +# !example_override.tf + +# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan +# example: *tfplan* + +# Ignore CLI configuration files +.terraformrc +terraform.rc + +# Custom +.env diff --git a/deploy/.terraform.lock.hcl b/deploy/.terraform.lock.hcl new file mode 100644 index 0000000..f356a00 --- /dev/null +++ b/deploy/.terraform.lock.hcl @@ -0,0 +1,44 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/cyrilgdn/postgresql" { + version = "1.17.1" + constraints = "1.17.1" + hashes = [ + "h1:PbajI5dnH0WrLTbJDXExQJ850SZZpg/onCv1scFVyGI=", + "zh:0a800fd3d6745a75916f00d4fb8615a63a40fe296beba93c5cdb4fcca6fef0c3", + "zh:0ce6d6d1bc3a93305393e965b58449ee938bbfda09248a8e2d90ad94858ac046", + "zh:1d20431ce36aa371ca83ae1717282fc5fda3efd884eace5b4285daab1077f1e1", + "zh:41ca08013a8b207aabde9330c698915add6ca37329e78203b649e447e68efaa9", + "zh:4e94129e4cd9ab05c1d0ff94a99bd718e36f3f85babf1f7eb0e926eecc542367", + "zh:6017a29c840f9e0e9f9025d7acf4b2159f898a1f6dfde629b742916a50201be1", + "zh:85492e4b1ef1d5f42b7ce649680e0ea210b92a90ae376df88368346fdf3695ed", + "zh:b21d05833e0ec13f6df8e4f6bbbbfd181692197d09c3fd9e87c4c3f4276b2ae0", + "zh:b8dc0c03e9f754fbc5d3de0aaf29b161259c3c8fd5f182c6d03d96e27b8cd483", + "zh:bed38206052282408c9397adfb3c4d7b3270e9f713f55a0383a2103f125838f7", + "zh:c75f2802b57a339dce3caed4b79779b1408155349982197e59b67aaf12b67542", + "zh:d6551ca5dc15ea7f134d5f9f8523078cb32e9b702460fc99af94f341bb3d8c90", + "zh:ebaab1c5e69a6ff12536655629c2c3ae58d5e4bd9d722427a9aa77bf62c1e339", + "zh:f796ba225d7204a26fba85d958295e668bc8ca1f51b5bfeb2e5c410338b55c24", + ] +} + +provider "registry.terraform.io/hashicorp/kubernetes" { + version = "2.13.1" + constraints = "2.13.1" + hashes = [ + "h1:PUyzpcW1hcOPj0Hu2QR/RhASeAeLhMzrNA+95tQAdL4=", + "zh:061f6ecbbf9a3c6345b56c28ebc2966a05d8eb02f3ba56beedd66e4ea308e332", + "zh:2119beeccb35bc5d1392b169f9fc748865261b45fb75fc8f57200e91658837c6", + "zh:26c29083d0d84fbc2e356e3dd1db3e2dc4139e943acf7a318d3c98f954ac6bd6", + "zh:2fb5823345ab05b3df74bb5c51c61072637d01b3cddffe3ad36a73b7d5b749e6", + "zh:3475b4422fffaf58584c4d877f98bfeff075e4a746f13e985d2cb20adc873a6c", + "zh:366b4bef49932d1d71b12849c1878c254a887962ff915f37982299c1185dd48a", + "zh:589f9358e4a4bd74a83b97ccc64df455ddfa64c4c4e099aef30fa29080497a8a", + "zh:7a0d75e0e4fee6cc5599ac9d5e91de563ce9ea7bd8137480c7abd09642a9e72c", + "zh:a297a42aefe0650e3d9fbe55a3ee48b14bb8bb5edb7068c09512d72afc3d9ca5", + "zh:b7f83a89b646542d02b733d464e45d6d0739a9dbb921305e7b8347e9fc98a149", + "zh:d4c721174a598b66bd1b29c40fa7cffafe90bb58186cd7506d792a6b04161103", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + ] +} diff --git a/deploy/main.tf b/deploy/main.tf new file mode 100644 index 0000000..18f9609 --- /dev/null +++ b/deploy/main.tf @@ -0,0 +1,52 @@ +terraform { + backend "s3" { + bucket = "terraform-state" + key = "apps/landing-page/terraform.tfstate" + + endpoint = "https://s3.ravianand.me" + + region = "homelab01" + force_path_style = true + + skip_credentials_validation = true + skip_metadata_api_check = true + skip_region_validation = true + } + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.13.1" + } + postgresql = { + source = "cyrilgdn/postgresql" + version = "1.17.1" + } + } +} + +provider "kubernetes" { + cluster_ca_certificate = base64decode(var.kubernetes_cluster_ca_certificate) + host = var.kubernetes_host + token = var.kubernetes_token +} + +provider "postgresql" { + host = var.postgres_host + port = 5432 + database = "postgres" + username = var.postgres_admin_user + password = var.postgres_admin_password + sslmode = var.postgres_sslmode + connect_timeout = 15 +} + +resource "postgresql_role" "strapi" { + name = var.postgres_user + login = true + password = var.postgres_password +} + +resource "postgresql_database" "strapi" { + name = "strapi" + owner = postgresql_role.strapi.name +} diff --git a/deploy/variables.tf b/deploy/variables.tf new file mode 100644 index 0000000..3db9f36 --- /dev/null +++ b/deploy/variables.tf @@ -0,0 +1,50 @@ +variable "kubernetes_cluster_ca_certificate" { + description = "Cluster CA certificate for Kubernetes API server" + type = string + sensitive = true +} + +variable "kubernetes_host" { + description = "Host of the Kubernetes API server" + type = string +} + +variable "kubernetes_token" { + description = "Kubernetes Bearer token" + type = string + sensitive = true +} + +variable "postgres_host" { + description = "Postgres host" + type = string +} + +variable "postgres_sslmode" { + description = "SSL mode to use in Postgres" + type = string + default = "require" +} + +variable "postgres_admin_user" { + description = "Postgres management user with DB create and user create privileges" + type = string +} + +variable "postgres_admin_password" { + description = "Postgres management user password" + type = string + sensitive = true +} + +variable "postgres_user" { + description = "Postgres user to be created for Strapi" + default = "strapi" + type = string +} + +variable "postgres_password" { + description = "Password for Strapi Postgres user" + type = string + sensitive = true +}