From 49a7218cd467698954727255a7d0e1eae2fe8a5f Mon Sep 17 00:00:00 2001 From: Pal Kerecsenyi Date: Wed, 3 Apr 2024 15:56:09 +0100 Subject: [PATCH] Initial commit --- .gitignore | 1 + .terraform.lock.hcl | 25 ++++++++++++++++ main.tf | 71 +++++++++++++++++++++++++++++++++++++++++++++ outputs.tf | 3 ++ vars.tf | 33 +++++++++++++++++++++ 5 files changed, 133 insertions(+) create mode 100644 .gitignore create mode 100644 .terraform.lock.hcl create mode 100644 main.tf create mode 100644 outputs.tf create mode 100644 vars.tf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..6e0db03 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.terraform/* diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl new file mode 100644 index 0000000..6153c52 --- /dev/null +++ b/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/cloudflare/cloudflare" { + version = "4.28.0" + constraints = "4.28.0" + hashes = [ + "h1:RP176WYI5vc3I12b3sbMJnuKgHFsry0j2kP7za3ttzo=", + "zh:31d5ec400a9ce2168ecac577af8b9d81a684d7496a7b5b6e187923cc8cf17139", + "zh:3f14d1fe124b5476e1a61f142be113ee5521eec1f5fd66b43092d486c3f8465b", + "zh:4a320ba93bf29be99b25fbc55771cf6dd8eeb330dd05a45394da8b3cd7f54b75", + "zh:56cc2be82b22c9b9bbe682c2abcc7e28f439187afff4b2ff39825a9a6eb02b4e", + "zh:59d5008d1e1d694c3dc03fbcde7f34b18f106290fa848b1d4c5e09bf0c041150", + "zh:6048cabd9793e1e0b4529dfc57414f8eff852135014eccb26b0b8ae591f67c8e", + "zh:677a0242fc44bdb9fd63617801dfd7ced05b660f1f6234f16c396fb4a4c4c0e8", + "zh:711c7d7e86420a76e7dda39f1a9543210c4aec5bf08bbf2ce46df1f4d24530ed", + "zh:86a21510e9d6ce57580cb4dbb679cff060d8adcec9e98c97404d90fa9077fdd9", + "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f", + "zh:a5bcf40c58df98ec555144b6790bb908b9b6535889c4dada87b1f9da2cf89196", + "zh:c33eee1c6bf277718ff2cbdc8a93fd46dfb655eb7381ca2d88a6aaef8e24f619", + "zh:dc64498427b9f78f49a233cc6cb280aa950fde46ef022b64fddb0b74c8505178", + "zh:ead016fc81994ece080e17b2e8d9efed09ac995c164a7faf576475e2fb7abdc5", + "zh:ec8b9acef18196c13ab9244dc45cf3ed869eb921925194e56370f1567675bd53", + ] +} diff --git a/main.tf b/main.tf new file mode 100644 index 0000000..56ab82f --- /dev/null +++ b/main.tf @@ -0,0 +1,71 @@ +terraform { + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "2.27.0" + } + cloudflare = { + source = "cloudflare/cloudflare" + version = "4.28.0" + } + tls = { + source = "hashicorp/tls" + version = "4.0.5" + } + } +} + +provider "cloudflare" { + api_token = var.cloudflare_api_token +} + +provider "kubernetes" { + config_path = var.kube_config_path +} + +data "cloudflare_zone" "module" { + zone_id = var.cloudflare_zone_id +} + +resource "cloudflare_record" "module" { + zone_id = data.cloudflare_zone.module.id + name = var.cloudflare_subdomain + value = var.cloudflare_ingress_host + type = "CNAME" + proxied = true +} + +locals { + domain_name = "${cloudflare_record.module.name}.${data.cloudflare_zone.module.name}" +} + +resource "tls_private_key" "origin" { + algorithm = "RSA" +} + +resource "tls_cert_request" "origin" { + private_key_pem = tls_private_key.origin.private_key_pem + subject { + common_name = "" + organization = "paltiverse" + } +} + +resource "cloudflare_origin_ca_certificate" "origin" { + request_type = "origin-rsa" + requested_validity = 5475 + hostnames = [local.domain_name] + csr = tls_cert_request.origin.cert_request_pem +} + +resource "kubernetes_secret_v1" "tls" { + metadata { + namespace = kubernetes_namespace_v1.gitea.metadata[0].name + name = "tls" + } + data = { + "tls.crt" : cloudflare_origin_ca_certificate.origin.certificate + "tls.key" : tls_private_key.origin.private_key_pem + } + type = "kubernetes.io/tls" +} diff --git a/outputs.tf b/outputs.tf new file mode 100644 index 0000000..047fb00 --- /dev/null +++ b/outputs.tf @@ -0,0 +1,3 @@ +output "domain-name" { + value = local.domain_name +} diff --git a/vars.tf b/vars.tf new file mode 100644 index 0000000..7cb0db8 --- /dev/null +++ b/vars.tf @@ -0,0 +1,33 @@ +variable "kube_config_path" { + type = string +} + +variable "kube_namespace" { + type = string +} + +variable "kube_tls_secret_name" { + type = string + default = "origin-tls" +} + +variable "cloudflare_api_token" { + type = string + sensitive = true +} + +variable "cloudflare_account_id" { + type = string +} + +variable "cloudflare_zone_id" { + type = string +} + +variable "cloudflare_subdomain" { + type = string +} + +variable "cloudflare_ingress_host" { + type = string +}