paltiverse-terraform-cloudf.../main.tf

terraform {
  required_providers {
    kubernetes = {
      source  = "hashicorp/kubernetes"
      version = "2.27.0"
    }
    cloudflare = {
      source  = "cloudflare/cloudflare"
      version = "4.28.0"
    }
    tls = {
      source  = "hashicorp/tls"
      version = "4.0.5"
    }
  }
}

provider "cloudflare" {
  api_token = var.cloudflare_api_token
}

provider "kubernetes" {
  config_path = var.kube_config_path
}

data "cloudflare_zone" "module" {
  zone_id = var.cloudflare_zone_id
}

resource "cloudflare_record" "module" {
  zone_id = data.cloudflare_zone.module.id
  name    = var.cloudflare_subdomain
  value   = var.cloudflare_ingress_host
  type    = "CNAME"
  proxied = true
}

locals {
  domain_name = "${cloudflare_record.module.name}.${data.cloudflare_zone.module.name}"
}

resource "tls_private_key" "origin" {
  algorithm = "RSA"
}

resource "tls_cert_request" "origin" {
  private_key_pem = tls_private_key.origin.private_key_pem
  subject {
    common_name  = ""
    organization = "paltiverse"
  }
}

resource "cloudflare_origin_ca_certificate" "origin" {
  request_type       = "origin-rsa"
  requested_validity = 5475
  hostnames          = [local.domain_name]
  csr                = tls_cert_request.origin.cert_request_pem
}

resource "kubernetes_secret_v1" "tls" {
  metadata {
    namespace = kubernetes_namespace_v1.gitea.metadata[0].name
    name      = "tls"
  }
  data = {
    "tls.crt" : cloudflare_origin_ca_certificate.origin.certificate
    "tls.key" : tls_private_key.origin.private_key_pem
  }
  type = "kubernetes.io/tls"
}
Initial commit 2024-04-03 15:56:09 +01:00			`terraform {`
			`required_providers {`
			`kubernetes = {`
			`source = "hashicorp/kubernetes"`
			`version = "2.27.0"`
			`}`
			`cloudflare = {`
			`source = "cloudflare/cloudflare"`
			`version = "4.28.0"`
			`}`
			`tls = {`
			`source = "hashicorp/tls"`
			`version = "4.0.5"`
			`}`
			`}`
			`}`

			`provider "cloudflare" {`
			`api_token = var.cloudflare_api_token`
			`}`

			`provider "kubernetes" {`
			`config_path = var.kube_config_path`
			`}`

			`data "cloudflare_zone" "module" {`
			`zone_id = var.cloudflare_zone_id`
			`}`

			`resource "cloudflare_record" "module" {`
			`zone_id = data.cloudflare_zone.module.id`
			`name = var.cloudflare_subdomain`
			`value = var.cloudflare_ingress_host`
			`type = "CNAME"`
			`proxied = true`
			`}`

			`locals {`
			`domain_name = "${cloudflare_record.module.name}.${data.cloudflare_zone.module.name}"`
			`}`

			`resource "tls_private_key" "origin" {`
			`algorithm = "RSA"`
			`}`

			`resource "tls_cert_request" "origin" {`
			`private_key_pem = tls_private_key.origin.private_key_pem`
			`subject {`
			`common_name = ""`
			`organization = "paltiverse"`
			`}`
			`}`

			`resource "cloudflare_origin_ca_certificate" "origin" {`
			`request_type = "origin-rsa"`
			`requested_validity = 5475`
			`hostnames = [local.domain_name]`
			`csr = tls_cert_request.origin.cert_request_pem`
			`}`

			`resource "kubernetes_secret_v1" "tls" {`
			`metadata {`
			`namespace = kubernetes_namespace_v1.gitea.metadata[0].name`
			`name = "tls"`
			`}`
			`data = {`
			`"tls.crt" : cloudflare_origin_ca_certificate.origin.certificate`
			`"tls.key" : tls_private_key.origin.private_key_pem`
			`}`
			`type = "kubernetes.io/tls"`
			`}`