├── .gitignore ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── CREDITS.md ├── LICENSE ├── README.md ├── bin ├── cleanup.sh ├── demo │ ├── README.md │ ├── demo-config.sh.sample │ ├── demo-magic.sh │ └── launch-demo.sh ├── kind │ └── multi-node │ │ ├── README.md │ │ ├── add-ingress.sh │ │ ├── add-metallb.sh │ │ ├── bootstrap.sh │ │ └── teardown.sh └── microk8s │ ├── multi-node │ ├── multipass │ │ ├── README.md │ │ ├── create-multipass-vms.sh │ │ ├── destroy-multipass-vms.sh │ │ ├── install-microk8s.sh │ │ ├── join-worker-nodes.sh │ │ ├── startup-microk8s.sh │ │ ├── startup-multipass-vms.sh │ │ ├── stop-microk8s.sh │ │ └── stop-multipass-vms.sh │ └── vagrant │ │ ├── README.md │ │ ├── Vagrantfile │ │ ├── bootstrap.sh │ │ ├── configure-master-node.sh │ │ └── join-worker-nodes.sh │ └── single-node │ ├── README.md │ ├── gcp │ ├── add-to-profile.sh │ ├── connect-gce-vm.sh │ ├── create-gce-vm.sh │ ├── delete-gce-vm.sh │ └── setup-linux.sh │ ├── install-microk8s.sh │ ├── startup-microk8s.sh │ └── stop-microk8s.sh ├── bom ├── Dockerfile ├── README.md ├── setup-linux.sh ├── setup-macos.sh └── setup-windows.ps1 ├── experiments ├── amazon │ ├── README.md │ ├── blobstore │ │ ├── README.md │ │ ├── blobstore.tf │ │ ├── create-blobstore.sh │ │ ├── destroy-blobstore.sh │ │ ├── terraform.tfvars.sample │ │ └── versions.tf │ ├── certmanager │ │ ├── README.md │ │ ├── certmanager.tf │ │ ├── create-certmanager.sh │ │ ├── destroy-certmanager.sh │ │ └── terraform.tfvars.sample │ ├── cluster │ │ ├── README.md │ │ ├── create-cluster.sh │ │ ├── destroy-cluster.sh │ │ ├── list-clusters.sh │ │ ├── set-kubectl-context.sh │ │ ├── simple-cluster.tf │ │ └── terraform.tfvars.sample │ ├── dns │ │ ├── README.md │ │ ├── create-dns.sh │ │ ├── destroy-dns.sh │ │ ├── managed-zone.tf │ │ └── terraform.tfvars.sample │ ├── external-dns │ │ ├── README.md │ │ ├── create-external-dns.sh │ │ ├── destroy-external-dns.sh │ │ ├── external-dns.tf │ │ └── terraform.tfvars.sample │ └── iam │ │ ├── README.md │ │ ├── create-iam.sh │ │ ├── destroy-iam.sh │ │ ├── iam.tf │ │ ├── terraform.tfvars.sample │ │ └── versions.tf ├── azure │ ├── README.md │ ├── blobstore │ │ ├── README.md │ │ ├── blobstore.tf │ │ ├── create-blobstore.sh │ │ ├── destroy-blobstore.sh │ │ └── terraform.tfvars.sample │ ├── certmanager │ │ ├── README.md │ │ ├── certmanager.tf │ │ ├── create-certmanager.sh │ │ ├── destroy-certmanager.sh │ │ └── terraform.tfvars.sample │ ├── cluster │ │ ├── README.md │ │ ├── create-cluster.sh │ │ ├── destroy-cluster.sh │ │ ├── list-clusters.sh │ │ ├── set-kubectl-context.sh │ │ ├── simple-cluster.tf │ │ └── terraform.tfvars.sample │ ├── dns │ │ ├── README.md │ │ ├── create-zone.sh │ │ ├── destroy-zone.sh │ │ ├── managed-zone.tf │ │ └── terraform.tfvars.sample │ ├── external-dns │ │ ├── README.md │ │ ├── create-external-dns.sh │ │ ├── destroy-external-dns.sh │ │ ├── external-dns.tf │ │ └── terraform.tfvars.sample │ ├── iam │ │ ├── README.md │ │ ├── create-iam.sh │ │ └── destroy-iam.sh │ └── registry │ │ ├── README.md │ │ ├── create-registry.sh │ │ ├── destroy-registry.sh │ │ ├── registry.tf │ │ └── terraform.tfvars.sample ├── gcp │ ├── README.md │ ├── blobstore │ │ ├── README.md │ │ ├── blobstore.tf │ │ ├── create-blobstore.sh │ │ ├── destroy-blobstore.sh │ │ ├── terraform.tfvars.sample │ │ └── versions.tf │ ├── certmanager │ │ ├── README.md │ │ ├── certmanager.tf │ │ ├── create-certmanager.sh │ │ ├── destroy-certmanager.sh │ │ └── terraform.tfvars.sample │ ├── cluster │ │ ├── README.md │ │ ├── create-cluster.sh │ │ ├── destroy-cluster.sh │ │ ├── list-clusters.sh │ │ ├── set-kubectl-context.sh │ │ ├── simple-cluster.tf │ │ └── terraform.tfvars.sample │ ├── database │ │ ├── connect │ │ │ ├── connect.tf │ │ │ ├── create-connection.sh │ │ │ ├── destroy-connection.sh │ │ │ └── terraform.tfvars.sample │ │ ├── mysql │ │ │ ├── README.md │ │ │ ├── create-database.sh │ │ │ ├── db.tf │ │ │ ├── destroy-database.sh │ │ │ └── terraform.tfvars.sample │ │ └── postgres │ │ │ ├── README.md │ │ │ ├── create-database.sh │ │ │ ├── db.tf │ │ │ ├── destroy-database.sh │ │ │ └── terraform.tfvars.sample │ ├── dns │ │ ├── README.md │ │ ├── create-zone.sh │ │ ├── destroy-zone.sh │ │ ├── managed-zone.tf │ │ └── terraform.tfvars.sample │ ├── external-dns │ │ ├── README.md │ │ ├── create-external-dns.sh │ │ ├── destroy-external-dns.sh │ │ ├── external-dns.tf │ │ └── terraform.tfvars.sample │ ├── iam │ │ ├── README.md │ │ ├── create-iam.sh │ │ └── destroy-iam.sh │ └── registry │ │ ├── README.md │ │ ├── create-registry.sh │ │ ├── destroy-registry.sh │ │ ├── registry.tf │ │ └── terraform.tfvars.sample ├── k8s │ ├── argo-cd │ │ ├── README.md │ │ ├── argo-cd.tf │ │ ├── create-argocd.sh │ │ ├── destroy-argocd.sh │ │ └── terraform.tfvars.sample │ ├── avi-lb │ │ ├── README.md │ │ ├── avi-lb.tf │ │ ├── create-avi-lb.sh │ │ ├── destroy-avi-lb.sh │ │ └── terraform.tfvars.sample │ ├── cf4k8s │ │ ├── README.md │ │ ├── cf4k8s.tf │ │ ├── create-cf4k8s.sh │ │ ├── destroy-cf4k8s.sh │ │ └── terraform.tfvars.sample │ ├── cloud-service-broker │ │ ├── README.md │ │ ├── aws │ │ │ └── csb.tf │ │ ├── azure │ │ │ └── csb.tf │ │ ├── build-container-image.sh │ │ ├── create-dockerfile.sh │ │ ├── create-pivotal-csb.sh │ │ ├── destroy-pivotal-csb.sh │ │ ├── download-release-artifacts.sh │ │ ├── gcp │ │ │ └── csb.tf │ │ ├── publish-container-image.sh │ │ └── terraform.tfvars.sample │ ├── cnr │ │ ├── README.md │ │ ├── auth-registry.sh │ │ ├── download-cnr.sh │ │ ├── relocate-images.sh │ │ └── uninstall-cnr.sh │ ├── concourse │ │ ├── README.md │ │ ├── concourse.tf │ │ ├── create-concourse.sh │ │ ├── destroy-concourse.sh │ │ └── terraform.tfvars.sample │ ├── contour │ │ ├── README.md │ │ ├── contour.tf │ │ ├── create-contour.sh │ │ ├── destroy-contour.sh │ │ └── terraform.tfvars.sample │ ├── eduk8s │ │ ├── README.md │ │ ├── cert.template │ │ ├── create-eduk8s.sh │ │ ├── destroy-eduk8s.sh │ │ ├── load-workshops.sh │ │ ├── obtain-training-portal-admin-creds.sh │ │ └── training-portal.template │ ├── efk-stack │ │ ├── README.md │ │ ├── create-efk-stack.sh │ │ ├── destroy-efk-stack.sh │ │ ├── efk-stack.tf │ │ └── terraform.tfvars.sample │ ├── flagger │ │ ├── README.md │ │ ├── create-flagger.sh │ │ ├── destroy-flagger.sh │ │ ├── flagger.tf │ │ └── terraform.tfvars.sample │ ├── gitea │ │ ├── README.md │ │ ├── create-gitea.sh │ │ ├── destroy-gitea.sh │ │ ├── gitea.tf │ │ └── terraform.tfvars.sample │ ├── harbor │ │ ├── README.md │ │ ├── create-harbor.sh │ │ ├── destroy-harbor.sh │ │ ├── harbor.tf │ │ └── terraform.tfvars.sample │ ├── infoblox │ │ ├── README.md │ │ ├── create-infoblox.sh │ │ ├── destroy-infoblox.sh │ │ ├── infoblox.tf │ │ └── terraform.tfvars.sample │ ├── jcr │ │ ├── README.md │ │ ├── create-jcr.sh │ │ ├── destroy-jcr.sh │ │ ├── jcr.tf │ │ └── terraform.tfvars.sample │ ├── jenkins │ │ ├── README.md │ │ ├── create-jenkins.sh │ │ ├── destroy-jenkins.sh │ │ ├── get-credentials.sh │ │ ├── jenkins.tf │ │ ├── port-forward.sh │ │ └── terraform.tfvars.sample │ ├── kubeapps │ │ ├── README.md │ │ ├── create-kubeapps.sh │ │ ├── destroy-kubeapps.sh │ │ ├── kubeapps.tf │ │ └── terraform.tfvars.sample │ ├── kubeturbo │ │ ├── README.md │ │ ├── create-kubeturbo.sh │ │ ├── destroy-kubeturbo.sh │ │ ├── kubeturbo.tf │ │ └── terraform.tfvars.sample │ ├── loki-stack │ │ ├── README.md │ │ ├── create-loki-stack.sh │ │ ├── destroy-loki-stack.sh │ │ ├── loki-stack.tf │ │ └── terraform.tfvars.sample │ ├── minio │ │ ├── README.md │ │ ├── blobstore.tf │ │ ├── create-blobstore.sh │ │ ├── destroy-blobstore.sh │ │ └── terraform.tfvars.sample │ ├── nginx-ingress │ │ ├── README.md │ │ ├── create-nginx-ingress.sh │ │ ├── destroy-nginx-ingress.sh │ │ ├── nginx-ingress.tf │ │ └── terraform.tfvars.sample │ ├── sealed-secrets │ │ ├── README.md │ │ ├── create-sealed-secrets.sh │ │ ├── destroy-sealed-secrets.sh │ │ ├── install-cli-linux.sh │ │ ├── install-cli-macos.sh │ │ ├── sealed-secrets.tf │ │ └── terraform.tfvars.sample │ ├── spring-cloud │ │ ├── config-service │ │ │ ├── README.md │ │ │ ├── auth-registry.sh │ │ │ ├── download-tcs.sh │ │ │ ├── install-tcs-integrated-with-harbor.sh │ │ │ └── uninstall-tcs.sh │ │ └── gateway │ │ │ ├── README.md │ │ │ ├── auth-registry.sh │ │ │ ├── download-scg.sh │ │ │ ├── install-scg-integrated-with-harbor.sh │ │ │ └── uninstall-scg.sh │ ├── stratos │ │ ├── README.md │ │ ├── create-stratos.sh │ │ ├── destroy-stratos.sh │ │ ├── stratos.tf │ │ └── terraform.tfvars.sample │ ├── tas4k8s │ │ ├── README.md │ │ ├── create-tas4k8s.sh │ │ ├── destroy-tas4k8s.sh │ │ ├── iaas.auto.tfvars.sample │ │ ├── tas4k8s.tf │ │ └── terraform.tfvars.sample │ ├── tbs │ │ ├── README.md │ │ ├── auth-registry.sh │ │ ├── download-tbs-descriptors.sh │ │ ├── install-tbs-integrated-with-harbor.sh │ │ ├── install-tools-linux.sh │ │ ├── relocate-images.sh │ │ └── uninstall-tbs.sh │ ├── tds │ │ ├── gemfire │ │ │ ├── README.md │ │ │ ├── auth-registry.sh │ │ │ ├── download-tanzu-gemfire.sh │ │ │ ├── install-tanzu-gemfire-integrated-with-harbor.sh │ │ │ └── uninstall-tanzu-gemfire.sh │ │ ├── mysql │ │ │ ├── README.md │ │ │ ├── auth-registry.sh │ │ │ ├── download-tanzu-mysql.sh │ │ │ ├── install-tanzu-mysql-integrated-with-harbor.sh │ │ │ └── uninstall-tanzu-mysql.sh │ │ ├── postgres │ │ │ ├── README.md │ │ │ ├── auth-registry.sh │ │ │ ├── download-tanzu-postgres.sh │ │ │ ├── install-tanzu-postgres-integrated-with-harbor.sh │ │ │ └── uninstall-tanzu-postgres.sh │ │ └── rabbitmq │ │ │ ├── README.md │ │ │ ├── auth-registry.sh │ │ │ ├── download-tanzu-rabbitmq.sh │ │ │ ├── install-tanzu-rabbitmq-integrated-with-harbor.sh │ │ │ └── uninstall-tanzu-rabbitmq.sh │ ├── tekton │ │ ├── README.md │ │ ├── create-tekton.sh │ │ ├── destroy-tekton.sh │ │ ├── tekton.tf │ │ └── terraform.tfvars.sample │ ├── traefik │ │ ├── README.md │ │ ├── create-traefik.sh │ │ ├── destroy-traefik.sh │ │ ├── port-forward.sh │ │ ├── terraform.tfvars.sample │ │ └── traefik.tf │ ├── tsmgr │ │ ├── README.md │ │ ├── configure-tsmgr-prerequisites.sh │ │ ├── fetch-tsmgr-helm-chart.sh │ │ ├── fetch-tsmgr-images.sh │ │ ├── install-cli-linux.sh │ │ ├── install-cli-macos.sh │ │ ├── install-tsmgr.sh │ │ ├── terraform.tfvars.sample │ │ ├── tsmgr.tf │ │ └── uninstall-tsmgr.sh │ └── wavefront │ │ ├── README.md │ │ ├── create-wavefront.sh │ │ ├── destroy-wavefront.sh │ │ ├── terraform.tfvars.sample │ │ └── wavefront.tf ├── tkg │ ├── aws │ │ ├── mgmt │ │ │ ├── README.md │ │ │ ├── create-mgmt-cluster.sh │ │ │ ├── destroy-mgmt-cluster.sh │ │ │ ├── main.tf │ │ │ └── terraform.tfvars.sample │ │ └── workload │ │ │ ├── README.md │ │ │ ├── create-workload-cluster.sh │ │ │ ├── destroy-workload-cluster.sh │ │ │ ├── main.tf │ │ │ └── terraform.tfvars.sample │ └── azure │ │ ├── mgmt │ │ ├── README.md │ │ ├── create-mgmt-cluster.sh │ │ ├── destroy-mgmt-cluster.sh │ │ ├── main.tf │ │ └── terraform.tfvars.sample │ │ └── workload │ │ ├── README.md │ │ ├── create-workload-cluster.sh │ │ ├── destroy-workload-cluster.sh │ │ ├── main.tf │ │ └── terraform.tfvars.sample └── tkgi │ ├── cluster │ └── README.md │ └── logsink │ ├── README.md │ ├── create-logsink.sh │ ├── destroy-logsink.sh │ ├── logsink.tf │ └── terraform.tfvars.sample ├── modules ├── acme │ ├── aws │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── vars.tf │ │ └── versions.tf │ ├── azure │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── vars.tf │ │ └── versions.tf │ └── gcp │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── vars.tf │ │ └── versions.tf ├── argo-cd │ ├── locals.tf │ ├── main.tf │ ├── outputs.tf │ ├── providers.tf │ ├── templates │ │ └── nginx │ │ │ ├── argo-rollouts-values.tpl │ │ │ └── argocd-values.tpl │ ├── vars.tf │ └── versions.tf ├── avi-lb │ ├── main.tf │ ├── outputs.tf │ ├── providers.tf │ ├── templates │ │ └── values.tpl │ ├── vars.tf │ └── versions.tf ├── blobstore │ └── azure │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── vars.tf │ │ └── versions.tf ├── certmanager │ ├── amazon │ │ ├── main.tf │ │ ├── providers.tf │ │ ├── templates │ │ │ └── cluster-issuer.tpl │ │ ├── vars.tf │ │ └── versions.tf │ ├── azure │ │ ├── main.tf │ │ ├── providers.tf │ │ ├── templates │ │ │ └── cluster-issuer.tpl │ │ ├── vars.tf │ │ └── versions.tf │ ├── gcp │ │ ├── main.tf │ │ ├── providers.tf │ │ ├── templates │ │ │ └── cluster-issuer.tpl │ │ ├── vars.tf │ │ └── versions.tf │ └── venafi │ │ ├── main.tf │ │ ├── providers.tf │ │ ├── templates │ │ └── cluster-issuer.tpl │ │ ├── vars.tf │ │ └── versions.tf ├── cf4k8s │ ├── acme │ │ ├── amazon │ │ │ └── certs.tf │ │ ├── azure │ │ │ └── certs.tf │ │ ├── gcp │ │ │ └── certs.tf │ │ └── templates │ │ │ └── certs-and-keys.tpl │ ├── locals.tf │ ├── main.tf │ ├── outputs.tf │ ├── providers.tf │ ├── templates │ │ ├── cert.tpl │ │ └── cf-values-additions.tpl │ ├── vars.tf │ └── versions.tf ├── cloud-service-broker │ ├── aws │ │ ├── main.tf │ │ ├── templates │ │ │ └── manifest.tpl │ │ ├── vars.tf │ │ └── versions.tf │ ├── azure │ │ ├── main.tf │ │ ├── templates │ │ │ └── manifest.tpl │ │ ├── vars.tf │ │ └── versions.tf │ └── gcp │ │ ├── main.tf │ │ ├── templates │ │ └── manifest.tpl │ │ ├── vars.tf │ │ └── versions.tf ├── cluster │ ├── aks │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── variables.tf │ │ └── versions.tf │ ├── eks │ │ ├── bastion.tf │ │ ├── controlplane.tf │ │ ├── keypair.tf │ │ ├── kubeconfig.tf │ │ ├── nodes.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── random.tf │ │ ├── vars.tf │ │ ├── versions.tf │ │ └── vpc.tf │ ├── gke │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── variables.tf │ │ └── versions.tf │ └── tkg │ │ ├── aws │ │ ├── mgmt │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── templates │ │ │ │ └── config-additions.tpl │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ └── workload │ │ │ ├── main.tf │ │ │ ├── outputs.tf │ │ │ ├── variables.tf │ │ │ └── versions.tf │ │ └── azure │ │ ├── mgmt │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── templates │ │ │ └── config-additions.tpl │ │ ├── variables.tf │ │ └── versions.tf │ │ └── workload │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── variables.tf │ │ └── versions.tf ├── concourse │ ├── locals.tf │ ├── main.tf │ ├── outputs.tf │ ├── providers.tf │ ├── templates │ │ ├── cert.tpl │ │ ├── contour │ │ │ └── values.tpl │ │ └── nginx │ │ │ └── values.tpl │ ├── vars.tf │ └── versions.tf ├── contour │ ├── main.tf │ ├── providers.tf │ ├── vars.tf │ └── versions.tf ├── database │ └── gcp │ │ ├── generate-certs │ │ ├── main.tf │ │ ├── output.tf │ │ ├── providers.tf │ │ ├── vars.tf │ │ └── versions.tf │ │ ├── mysql │ │ ├── main.tf │ │ ├── output.tf │ │ ├── providers.tf │ │ ├── vars.tf │ │ └── versions.tf │ │ └── postgres │ │ ├── main.tf │ │ ├── output.tf │ │ ├── providers.tf │ │ ├── vars.tf │ │ └── versions.tf ├── dns │ ├── amazon │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── vars.tf │ │ └── versions.tf │ ├── azure │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── vars.tf │ │ └── versions.tf │ ├── gcp │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── vars.tf │ │ └── versions.tf │ └── infoblox │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── vars.tf │ │ └── versions.tf ├── elasticsearch │ ├── main.tf │ ├── providers.tf │ ├── vars.tf │ └── versions.tf ├── external-dns │ ├── amazon │ │ ├── main.tf │ │ ├── providers.tf │ │ ├── vars.tf │ │ └── versions.tf │ ├── azure │ │ ├── main.tf │ │ ├── providers.tf │ │ ├── vars.tf │ │ └── versions.tf │ └── gcp │ │ ├── main.tf │ │ ├── providers.tf │ │ ├── vars.tf │ │ └── versions.tf ├── flagger │ ├── main.tf │ ├── providers.tf │ ├── vars.tf │ └── versions.tf ├── fluentbit │ ├── main.tf │ ├── providers.tf │ ├── vars.tf │ └── versions.tf ├── generate-kubeconfig │ ├── main.tf │ ├── outputs.tf │ ├── templates │ │ └── kubeconfig.tpl │ ├── vars.tf │ └── versions.tf ├── git │ ├── gitea │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── templates │ │ │ ├── cert.tpl │ │ │ └── nginx │ │ │ │ └── values.tpl │ │ ├── vars.tf │ │ └── versions.tf │ └── gitlab │ │ └── templates │ │ └── values.yml ├── jenkins │ ├── main.tf │ ├── providers.tf │ ├── templates │ │ └── jenkins.tpl │ ├── vars.tf │ └── versions.tf ├── kibana │ ├── locals.tf │ ├── main.tf │ ├── outputs.tf │ ├── providers.tf │ ├── templates │ │ ├── cert.tpl │ │ ├── contour │ │ │ └── values.tpl │ │ └── nginx │ │ │ └── values.tpl │ ├── vars.tf │ └── versions.tf ├── kubeapps │ ├── locals.tf │ ├── main.tf │ ├── outputs.tf │ ├── providers.tf │ ├── templates │ │ ├── contour │ │ │ └── values.tpl │ │ └── nginx │ │ │ └── values.tpl │ ├── vars.tf │ └── versions.tf ├── kubeturbo │ ├── main.tf │ ├── providers.tf │ ├── templates │ │ └── charts_v1alpha1_kubeturbo_cr.tpl │ ├── vars.tf │ └── versions.tf ├── logsink │ ├── main.tf │ ├── providers.tf │ ├── templates │ │ └── cluster-log-sink.tpl │ ├── vars.tf │ └── versions.tf ├── loki-stack │ ├── locals.tf │ ├── main.tf │ ├── outputs.tf │ ├── providers.tf │ ├── templates │ │ ├── cert.tpl │ │ ├── contour │ │ │ └── values.tpl │ │ └── nginx │ │ │ └── values.tpl │ ├── vars.tf │ └── versions.tf ├── metricbeat │ ├── main.tf │ ├── providers.tf │ ├── vars.tf │ └── versions.tf ├── minio │ ├── locals.tf │ ├── main.tf │ ├── outputs.tf │ ├── providers.tf │ ├── templates │ │ ├── contour │ │ │ └── values.tpl │ │ └── nginx │ │ │ └── values.tpl │ ├── vars.tf │ └── versions.tf ├── nginx-ingress │ ├── main.tf │ ├── providers.tf │ ├── templates │ │ └── values.tpl │ ├── vars.tf │ └── versions.tf ├── registry │ ├── acr │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── vars.tf │ │ └── versions.tf │ ├── ecr │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── vars.tf │ │ └── versions.tf │ ├── gcr │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── vars.tf │ │ └── versions.tf │ ├── harbor │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── templates │ │ │ ├── cert.tpl │ │ │ ├── contour │ │ │ │ └── values.tpl │ │ │ └── nginx │ │ │ │ └── values.tpl │ │ ├── vars.tf │ │ └── versions.tf │ └── jcr │ │ ├── locals.tf │ │ ├── main.tf │ │ ├── outputs.tf │ │ ├── providers.tf │ │ ├── templates │ │ ├── cert.tpl │ │ ├── contour │ │ │ └── values.tpl │ │ └── nginx │ │ │ └── values.tpl │ │ ├── vars.tf │ │ └── versions.tf ├── sealed-secrets │ ├── api-resources │ │ ├── controller.yaml │ │ └── get-release.sh │ ├── main.tf │ ├── providers.tf │ ├── vars.tf │ └── versions.tf ├── stratos │ ├── locals.tf │ ├── main.tf │ ├── outputs.tf │ ├── providers.tf │ ├── templates │ │ ├── cert.tpl │ │ ├── contour │ │ │ └── values.tpl │ │ └── nginx │ │ │ └── values.tpl │ ├── vars.tf │ └── versions.tf ├── tas4k8s │ ├── acme │ │ ├── amazon │ │ │ └── certs.tf │ │ ├── azure │ │ │ └── certs.tf │ │ ├── gcp │ │ │ └── certs.tf │ │ └── templates │ │ │ └── certs-and-keys.tpl │ ├── apps-manager │ │ └── values.yml │ ├── locals.tf │ ├── main.tf │ ├── outputs.tf │ ├── postgres │ │ ├── pvc.tpl │ │ └── values.tpl │ ├── providers.tf │ ├── templates │ │ ├── cert.tpl │ │ ├── cf-overrides.tpl │ │ └── values.tpl │ ├── vars.tf │ └── versions.tf ├── tekton │ ├── api-resources │ │ ├── get-releases.sh │ │ ├── release.yaml │ │ └── tekton-dashboard-release.yaml │ ├── main.tf │ ├── providers.tf │ ├── vars.tf │ └── versions.tf ├── traefik │ ├── main.tf │ ├── providers.tf │ ├── templates │ │ └── values.tpl │ ├── vars.tf │ └── versions.tf ├── tsmgr │ ├── main.tf │ ├── outputs.tf │ ├── providers.tf │ ├── templates │ │ ├── cert.tpl │ │ ├── contour │ │ │ └── values.tpl │ │ └── nginx │ │ │ └── values.tpl │ ├── vars.tf │ └── versions.tf └── wavefront │ ├── main.tf │ ├── providers.tf │ ├── vars.tf │ └── versions.tf └── ytt-libs ├── cf4k8s ├── scripts │ ├── configure-cf4k8s.sh │ ├── download-cf4k8s.sh │ └── generate-values.sh └── vendir.yml └── tas4k8s └── scripts ├── cleanup-tas4k8s.sh ├── configure-tas4k8s.sh ├── download-tas4k8s.sh └── generate-values.sh /.gitignore: -------------------------------------------------------------------------------- 1 | # IDE 2 | .vscode/ 3 | .history/ 4 | 5 | 6 | # Terraform 7 | .terraform.lock.hcl 8 | .terraform.tfstate.lock.info 9 | .terraformrc 10 | .terraform/ 11 | terraform.tfstate.* 12 | terraform.tfstate 13 | terraform.plan 14 | terraform.rc 15 | *.tfvars 16 | *.tfvars.backup 17 | override.tf 18 | override.tf.json 19 | *_override.tf 20 | *_override.tf.json 21 | *.log 22 | *.real 23 | 24 | 25 | # Miscellaneous 26 | dist/ 27 | *.tgz 28 | *.tar 29 | graph.svg 30 | vendor/ 31 | vendir.lock.yml 32 | modules/**/templates/config.yml 33 | modules/**/templates/kpack-webhook.yml 34 | .vagrant/ 35 | .ytt/ 36 | ytt-libs/tas4k8s/config-optional/ 37 | manifest.yml 38 | demo-config.sh 39 | certs-and-keys.yml 40 | experiments/gcp/certmanager/.terraform.lock.hcl 41 | .gitignore 42 | 43 | *.hcl 44 | -------------------------------------------------------------------------------- /bin/demo/demo-config.sh.sample: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | NAME="your name" 4 | EMAIL_ADDRESS="your email address" 5 | TITLE="your title" 6 | ORG="your org @ your company" 7 | TANZU_NETWORK_ACCOUNT_USERNAME=$EMAIL_ADDRESS 8 | TANZU_NETWORK_ACCOUNT_PASSWORD="replace_me" 9 | TANZU_NETWORK_API_TOKEN="replace_me" 10 | 11 | GCP_PROJECT="replace_me" 12 | GCP_SERVICE_ACCOUNT="tf4k8s-sa" 13 | GCP_REGION="us-west1" 14 | GKE_NODE_TYPE="e2-standard-4" 15 | GKE_NODES=8 16 | 17 | K8S_ENV="tf4k8s-demo" 18 | REGISTRAR="hover.com" 19 | BASE_NAME="base" 20 | BASE_DOMAIN="$BASE_NAME.com" 21 | SUB_NAME="west" 22 | SUB_DOMAIN="$SUB_NAME.$BASE_DOMAIN" -------------------------------------------------------------------------------- /bin/kind/multi-node/add-ingress.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/static/provider/kind/deploy.yaml 4 | 5 | kubectl wait --namespace ingress-nginx \ 6 | --for=condition=ready pod \ 7 | --selector=app.kubernetes.io/component=controller \ 8 | --timeout=90s 9 | -------------------------------------------------------------------------------- /bin/kind/multi-node/bootstrap.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # @see https://kind.sigs.k8s.io/docs/user/ingress/#create-cluster 4 | 5 | cat < /home/vagrant/.bash_aliases 11 | chown vagrant:vagrant /home/vagrant/.bash_aliases 12 | echo "alias kubectl='microk8s kubectl'" > /root/.bash_aliases 13 | chown root:root /root/.bash_aliases -------------------------------------------------------------------------------- /bin/microk8s/multi-node/vagrant/configure-master-node.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "Enabling microk8s addons on mk8s-master..." 4 | sudo microk8s.enable dns ingress rbac metrics-server prometheus storage -------------------------------------------------------------------------------- /bin/microk8s/multi-node/vagrant/join-worker-nodes.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | shopt -s extglob 4 | 5 | if [ -z "$1" ]; then 6 | echo "Usage: join-worker-nodes.sh {nodes}" 7 | exit 1 8 | fi 9 | 10 | NODES="$1" 11 | 12 | echo "Joining worker nodes to mk8s-master..." 13 | 14 | for ((i=1;i<=$NODES;i++)); 15 | do 16 | echo "-- worker $i" 17 | ADD_NODE=$(vagrant ssh mk8s-master -- /snap/bin/microk8s.add-node) && printf "$ADD_NODE" > add.tmp && CMD=$(sed -n '5p' add.tmp) && rm -f add.tmp 18 | echo $CMD 19 | vagrant ssh mk8s-worker-$i -- /snap/bin/${CMD##*( )} 20 | done 21 | 22 | -------------------------------------------------------------------------------- /bin/microk8s/single-node/gcp/connect-gce-vm.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ] && [ -z "$2" ] && [ -z "$3" ]; then 4 | echo "Usage: connect-gce-vm.sh {instance-name} {project-id} {availability-zone}" 5 | echo "-- for example: ./connect-gce-vm.sh microk8s-demo fe-cphillipson us-west1-a" 6 | exit 1 7 | fi 8 | 9 | INSTANCE_NAME="$1" 10 | GCP_PROJECT="$2" 11 | AVAILABILITY_ZONE="$3" 12 | 13 | gcloud beta compute ssh --zone "${AVAILABILITY_ZONE}" "${INSTANCE_NAME}" --project "${GCP_PROJECT}" 14 | -------------------------------------------------------------------------------- /bin/microk8s/single-node/gcp/delete-gce-vm.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ] && [ -z "$2" ] && [ -z "$3" ]; then 4 | echo "Usage: delete-gce-vm.sh {instance-name} {project-id} {availability-zone}" 5 | echo "-- for example: ./delete-gce-vm.sh microk8s-demo fe-cphillipson us-west1-a" 6 | exit 1 7 | fi 8 | 9 | INSTANCE_NAME="$1" 10 | GCP_PROJECT="$2" 11 | AVAILABILITY_ZONE="$3" 12 | 13 | gcloud compute instances delete ${INSTANCE_NAME} --project=${GCP_PROJECT} --zone=${AVAILABILITY_ZONE} 14 | -------------------------------------------------------------------------------- /bin/microk8s/single-node/install-microk8s.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "Installing microk8s..." 4 | 5 | sudo snap install microk8s --classic 6 | sudo usermod -a -G microk8s $USER 7 | 8 | sudo microk8s enable dns ingress rbac metallb metrics-server prometheus storage 9 | mkdir -p /home/$USER/.kube 10 | sudo microk8s config > /home/$USER/.kube/config 11 | 12 | echo "Please logout and log back in" 13 | -------------------------------------------------------------------------------- /bin/microk8s/single-node/startup-microk8s.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "Starting microk8s..." 4 | 5 | microk8s start 6 | 7 | microk8s kubectl get nodes -o wide 8 | -------------------------------------------------------------------------------- /bin/microk8s/single-node/stop-microk8s.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "Stopping microk8s..." 4 | 5 | microk8s stop 6 | 7 | echo "Next step..." 8 | echo "-- at a time that's convenient, you may wish to restart microk8s with [ startup-microk8s.sh ]" 9 | -------------------------------------------------------------------------------- /experiments/amazon/blobstore/create-blobstore.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/amazon/blobstore/destroy-blobstore.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/amazon/blobstore/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | s3_bucket_name = "my-bucket" 2 | -------------------------------------------------------------------------------- /experiments/amazon/blobstore/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | } 6 | } 7 | required_version = ">= 0.14" 8 | } 9 | -------------------------------------------------------------------------------- /experiments/amazon/certmanager/create-certmanager.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/amazon/certmanager/destroy-certmanager.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/amazon/certmanager/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | access_key = "why-would-i-share-this-with-you" 2 | secret_key = "why-would-i-share-this-with-you" 3 | region = "us-west-2" 4 | domain = "your.domain.com" 5 | hosted_zone_id = "why-would-i-share-this-with-you" 6 | acme_email = "your@email.com" 7 | kubeconfig_path = "~/.kube/config" 8 | -------------------------------------------------------------------------------- /experiments/amazon/cluster/create-cluster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/amazon/cluster/destroy-cluster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/amazon/cluster/list-clusters.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | echo "$(aws eks list-clusters --max-items 5)" 4 | -------------------------------------------------------------------------------- /experiments/amazon/cluster/set-kubectl-context.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ] && [ -z "$2" ]; then 4 | echo "Usage: set-kubectl-context.sh " 5 | exit 1 6 | fi 7 | 8 | aws eks --region "$1" update-kubeconfig --name "$2" 9 | -------------------------------------------------------------------------------- /experiments/amazon/cluster/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | eks_name = "k8s-lab" 2 | desired_nodes = 5 3 | min_nodes = 5 4 | max_nodes = 10 5 | kubernetes_version = "1.19.6-1-amazon2" 6 | region = "us-west-2" 7 | availability_zones = ["us-west-2a", "us-west-2b", "us-west-2c"] 8 | ssh_key_name = "some-key" 9 | node_pool_instance_type = "t3a.medium" 10 | -------------------------------------------------------------------------------- /experiments/amazon/dns/create-dns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/amazon/dns/destroy-dns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/amazon/dns/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | base_hosted_zone_id = "why-would-i-share-this-with-you" 2 | domain_prefix = "tiger" 3 | -------------------------------------------------------------------------------- /experiments/amazon/external-dns/README.md: -------------------------------------------------------------------------------- 1 | # Terraform for configuring External DNS 2 | 3 | Uses [k14s](https://github.com/k14s/terraform-provider-k14s) Terraform provider to configure [external-dns](https://github.com/kubernetes-sigs/external-dns). 4 | 5 | Starts with the assumption that you have already provisioned an EKS cluster. 6 | 7 | ## Copy sample configuration 8 | 9 | ``` 10 | cp terraform.tfvars.sample terraform.tfvars 11 | ``` 12 | 13 | ## Edit `terraform.tfvars` 14 | 15 | Amend the values for 16 | 17 | * `aws_access_key` 18 | * `aws_secret_key` 19 | * `region` 20 | * `domain_filter` 21 | * `kubeconfig_path` 22 | 23 | 24 | ## Create 25 | 26 | ``` 27 | ./create-external-dns.sh 28 | ``` 29 | 30 | ## Teardown 31 | 32 | ``` 33 | ./destroy-external-dns.sh 34 | ``` 35 | -------------------------------------------------------------------------------- /experiments/amazon/external-dns/create-external-dns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/amazon/external-dns/destroy-external-dns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/amazon/external-dns/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | domain_filter = "some.domain.com" 2 | aws_access_key = "why-would-i-share-this-with-you" 3 | aws_secret_key = "why-would-i-share-this-with-you" 4 | region = "us-west-2" 5 | kubeconfig_path = "~/.kube/config" 6 | -------------------------------------------------------------------------------- /experiments/amazon/iam/create-iam.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/amazon/iam/destroy-iam.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/amazon/iam/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | name = "aws-terraformer" 2 | permissions_boundary = "arn:aws:iam::aws:policy/AdministratorAccess" 3 | pgp_key ="keybase:userfoo" 4 | region = "us-east-1" 5 | -------------------------------------------------------------------------------- /experiments/amazon/iam/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | } 6 | } 7 | required_version = ">= 0.14" 8 | } 9 | -------------------------------------------------------------------------------- /experiments/azure/blobstore/create-blobstore.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/azure/blobstore/destroy-blobstore.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/azure/blobstore/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | resource_group_name = "resource-group" 2 | storage_account_name = "storage_account" 3 | storage_container_name = "storage-container" 4 | az_subscription_id = "why-would-i-share-this-with-you" 5 | az_tenant_id = "why-would-i-share-this-with-you" 6 | az_client_id = "why-would-i-share-this-with-you" 7 | az_client_secret = "why-would-i-share-this-with-you" 8 | -------------------------------------------------------------------------------- /experiments/azure/certmanager/create-certmanager.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | 9 | # Necessarily evil re-attempt 10 | terraform plan -out terraform.plan 11 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/azure/certmanager/destroy-certmanager.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/azure/certmanager/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | cluster_issuer_resource_group = "resource-group" 2 | az_subscription_id = "why-would-i-share-this-with-you" 3 | az_tenant_id = "why-would-i-share-this-with-you" 4 | az_client_id = "why-would-i-share-this-with-you" 5 | az_client_secret = "why-would-i-share-this-with-you" 6 | domain = "some.domain.com" 7 | acme_email = "your@email.com" 8 | kubeconfig_path = "~/.kube/config" 9 | -------------------------------------------------------------------------------- /experiments/azure/cluster/create-cluster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/azure/cluster/destroy-cluster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/azure/cluster/list-clusters.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | az aks list -------------------------------------------------------------------------------- /experiments/azure/cluster/set-kubectl-context.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ] && [ -z "$2" ]; then 4 | echo "Usage: set-kubectl-context.sh " 5 | exit 1 6 | fi 7 | 8 | az aks get-credentials --admin --name "$1" --resource-group "$2" 9 | -------------------------------------------------------------------------------- /experiments/azure/cluster/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | aks_resource_group = "aks-lab" 2 | enable_logs = false 3 | ssh_public_key = "~/.tf4k8s/azure/az_rsa.pub" 4 | az_subscription_id = "why-would-i-share-this-with-you" 5 | az_tenant_id = "why-would-i-share-this-with-you" 6 | az_client_id = "why-would-i-share-this-with-you" 7 | az_client_secret = "why-would-i-share-this" 8 | aks_region = "West US 2" 9 | aks_name = "aks-lab" 10 | aks_nodes = 5 11 | aks_node_type = "Standard_D2_v3" 12 | aks_pool_name = "akslabpool" # must start with a lowercase letter, have max length of 12, and only have characters a-z0-9 13 | aks_node_disk_size = 30 14 | -------------------------------------------------------------------------------- /experiments/azure/dns/create-zone.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/azure/dns/destroy-zone.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/azure/dns/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | base_domain = "domain.com" 2 | domain_prefix = "prefix" 3 | resource_group_name = "resource-group" 4 | az_subscription_id = "why-would-i-share-this-with-you" 5 | az_tenant_id = "why-would-i-share-this-with-you" 6 | az_client_id = "why-would-i-share-this-with-you" 7 | az_client_secret = "why-would-i-share-this-with-you" 8 | -------------------------------------------------------------------------------- /experiments/azure/external-dns/create-external-dns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/azure/external-dns/destroy-external-dns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/azure/external-dns/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | domain_filter = "some.domain.com" 2 | resource_group_name = "resource-group" 3 | az_subscription_id = "why-would-i-share-this-with-you" 4 | az_tenant_id = "why-would-i-share-this-with-you" 5 | az_client_id = "why-would-i-share-this-with-you" 6 | az_client_secret = "why-would-i-share-this-with-you" 7 | kubeconfig_path = "~/.kube/config" 8 | -------------------------------------------------------------------------------- /experiments/azure/iam/README.md: -------------------------------------------------------------------------------- 1 | # Create a new service principal on Microsoft Azure 2 | 3 | ## Authenticate 4 | 5 | ``` 6 | az login 7 | ``` 8 | 9 | ## List subscriptions 10 | 11 | ``` 12 | az account list 13 | ``` 14 | > One or more subscriptions may appear. Take note of an id, e.g., `"id": "43b2e2c4-5eaf-46fd-b133-f44a21402d99"`. 15 | 16 | ## Set your subscription id 17 | 18 | ``` 19 | az account set --subscription= 20 | ``` 21 | > Replace `` with an active subscription id 22 | 23 | 24 | ## Create a new service principal 25 | 26 | ``` 27 | ./create-iam.sh 28 | ``` 29 | 30 | ## Destroy the service principal 31 | 32 | ``` 33 | ./destroy-iam.sh 34 | ``` 35 | -------------------------------------------------------------------------------- /experiments/azure/iam/destroy-iam.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | 5 | if [ -z "$1" ]; then 6 | echo "Usage: destroy-iam.sh {environment-name}" 7 | exit 1 8 | fi 9 | 10 | ENVIRONMENT_NAME="$1" 11 | az ad sp delete --id "http://aks-service-principal-for-${ENVIRONMENT_NAME}" 12 | -------------------------------------------------------------------------------- /experiments/azure/registry/create-registry.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/azure/registry/destroy-registry.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/azure/registry/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | registry_name = "registry" 2 | location = "West US 2" 3 | resource_group_name = "resource-group" 4 | az_subscription_id = "why-would-i-share-this-with-you" 5 | az_tenant_id = "why-would-i-share-this-with-you" 6 | az_client_id = "why-would-i-share-this-with-you" 7 | az_client_secret = "why-would-i-share-this-with-you" 8 | -------------------------------------------------------------------------------- /experiments/gcp/blobstore/create-blobstore.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/gcp/blobstore/destroy-blobstore.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/gcp/blobstore/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | gcp_project = "my-project" 2 | gcp_region = "us-west1" 3 | gcp_bucket_name = "my-bucket" 4 | environment = "dev" 5 | namespace = "a-namespace" 6 | -------------------------------------------------------------------------------- /experiments/gcp/blobstore/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | google = { 4 | source = "hashicorp/google" 5 | } 6 | } 7 | required_version = ">= 0.14" 8 | } 9 | -------------------------------------------------------------------------------- /experiments/gcp/certmanager/create-certmanager.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/gcp/certmanager/destroy-certmanager.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/gcp/certmanager/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | project = "my-project" 2 | domain = "some.domain.com" 3 | acme_email = "your@email.com" 4 | dns_zone_name = "a-zone" 5 | gcp_service_account_credentials = "~/.tf4k8s/gcp/terraform-my-project-service-account-credentials.json" 6 | kubeconfig_path = "~/.kube/config" 7 | -------------------------------------------------------------------------------- /experiments/gcp/cluster/create-cluster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/gcp/cluster/destroy-cluster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/gcp/cluster/list-clusters.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | gcloud container clusters list -------------------------------------------------------------------------------- /experiments/gcp/cluster/set-kubectl-context.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ] && [ -z "$2" ]; then 4 | echo "Usage: set-kubectl-context.sh " 5 | exit 1 6 | fi 7 | 8 | gcloud container clusters get-credentials "$1" --zone "$2" -------------------------------------------------------------------------------- /experiments/gcp/cluster/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | gcp_project = "my-project" 2 | gcp_service_account_credentials = "~/.tf4k8s/gcp/terraform-my-project-service-account-credentials.json" 3 | gcp_region = "us-west1" 4 | gke_name = "k8s" 5 | gke_nodes = 3 6 | gke_preemptible = false 7 | gke_node_type = "n1-standard-4" -------------------------------------------------------------------------------- /experiments/gcp/database/connect/create-connection.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/gcp/database/connect/destroy-connection.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/gcp/database/connect/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | project = "my-project" 2 | region = "us-west1" 3 | instance_name = "instance-name" 4 | database_name = "default" 5 | database_username = "default" 6 | instance_public_ip_address = "10.10.10.10" 7 | service_account_credentials = "~/.ssh/my-project-sac.json" -------------------------------------------------------------------------------- /experiments/gcp/database/mysql/create-database.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/gcp/database/mysql/destroy-database.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/gcp/database/mysql/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | project = "my-project" 2 | region = "us-west1" 3 | zone = "c" 4 | database_version = "MYSQL_5_7" 5 | database_tier = "db-f1-micro" 6 | database_username = "default" 7 | encryption_key_name = "" 8 | name = "test-db" 9 | additional_databases = [] 10 | additional_users = [] 11 | service_account_credentials = "~/.ssh/my-project-sac.json" 12 | -------------------------------------------------------------------------------- /experiments/gcp/database/postgres/create-database.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/gcp/database/postgres/destroy-database.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/gcp/database/postgres/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | project = "my-project" 2 | region = "us-west1" 3 | zone = "c" 4 | database_version = "POSTGRES_12" 5 | database_tier = "db-f1-micro" 6 | database_username = "default" 7 | encryption_key_name = "" 8 | name = "test-db" 9 | additional_databases = [] 10 | additional_users = [] 11 | service_account_credentials = "~/.ssh/my-project-sac.json" 12 | -------------------------------------------------------------------------------- /experiments/gcp/dns/create-zone.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/gcp/dns/destroy-zone.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/gcp/dns/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | project = "my-project" 2 | gcp_service_account_credentials = "~/.tf4k8s/gcp/terraform-my-project-service-account-credentials.json" 3 | root_zone_name = "some-zone" 4 | environment_name = "foo" 5 | dns_prefix = "prefix" -------------------------------------------------------------------------------- /experiments/gcp/external-dns/README.md: -------------------------------------------------------------------------------- 1 | # Terraform for configuring External DNS 2 | 3 | Uses [k14s](https://github.com/k14s/terraform-provider-k14s) Terraform provider to configure [external-dns](https://github.com/kubernetes-sigs/external-dns). 4 | 5 | Starts with the assumption that you have already provisioned a GKE cluster. 6 | 7 | ## Copy sample configuration 8 | 9 | ``` 10 | cp terraform.tfvars.sample terraform.tfvars 11 | ``` 12 | 13 | ## Edit `terraform.tfvars` 14 | 15 | Amend the values for 16 | 17 | * `domain_filter` 18 | * `zone_id_filter` 19 | * `kubeconfig_path` 20 | 21 | ## Create 22 | 23 | ``` 24 | ./create-external-dns.sh 25 | ``` 26 | 27 | ## Teardown 28 | 29 | ``` 30 | ./destroy-external-dns.sh 31 | ``` 32 | -------------------------------------------------------------------------------- /experiments/gcp/external-dns/create-external-dns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/gcp/external-dns/destroy-external-dns.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/gcp/external-dns/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | domain_filter = "some.domain.com" 2 | kubeconfig_path = "~/.kube/config" 3 | gcp_project = "my-project" 4 | gcp_service_account_credentials = "~/.tf4k8s/gcp/terraform-my-project-service-account-credentials.json" 5 | -------------------------------------------------------------------------------- /experiments/gcp/registry/create-registry.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/gcp/registry/destroy-registry.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/gcp/registry/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | project = "my-project" 2 | location = "us" 3 | gcp_service_account_credentials = "~/.tf4k8s/gcp/terraform-my-project-service-account-credentials.json" -------------------------------------------------------------------------------- /experiments/k8s/argo-cd/argo-cd.tf: -------------------------------------------------------------------------------- 1 | module "argocd" { 2 | source = "../../../modules/argo-cd" 3 | 4 | domain = var.domain 5 | kubeconfig_path = var.kubeconfig_path 6 | } 7 | 8 | variable "domain" { 9 | description = "The base domain wherein argocd. will be deployed" 10 | } 11 | 12 | variable "kubeconfig_path" { 13 | description = "The path to your .kube/config" 14 | default = "~/.kube/config" 15 | } 16 | 17 | output "argocd_endpoint" { 18 | description = "Argo CD endpoint" 19 | value = "https://${module.argocd.argocd_domain}" 20 | } 21 | 22 | output "argocd_admin_username" { 23 | description = "Argo CD admin username" 24 | value = module.argocd.argocd_admin_username 25 | } 26 | -------------------------------------------------------------------------------- /experiments/k8s/argo-cd/create-argocd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | 9 | # @ see https://argoproj.github.io/argo-cd/getting_started/#4-login-using-the-cli 10 | ARGOCD_PASSWD=$(kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2) 11 | echo "Initial password for your Argo CD server is [ ${ARGOCD_PASSWD} ]" -------------------------------------------------------------------------------- /experiments/k8s/argo-cd/destroy-argocd.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/k8s/argo-cd/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | domain = "some.domain.com" 2 | kubeconfig_path = "~/.kube/config" -------------------------------------------------------------------------------- /experiments/k8s/avi-lb/create-avi-lb.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/k8s/avi-lb/destroy-avi-lb.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/k8s/avi-lb/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | avi_hostname = "my.domain.me" 2 | avi_controller_username = "admin" 3 | avi_controller_password = "why-would-i-share-this-with-you" 4 | avi_cni_plugin = "calico" 5 | avi_cluster_name = "my-avi-cluster" 6 | kubeconfig_path = "~/.kube/config" 7 | -------------------------------------------------------------------------------- /experiments/k8s/cf4k8s/destroy-cf4k8s.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ]; then 4 | echo "Usage: destroy-cf4k8s.sh {iaas}" 5 | exit 1 6 | fi 7 | 8 | IAAS="$1" 9 | 10 | terraform destroy -auto-approve 11 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 12 | 13 | cd "../../../modules/cf4k8s/acme/${IAAS}" || exit 14 | terraform destroy -auto-approve 15 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 16 | rm -Rf iaas.auto.tfvars 17 | 18 | cd ../.. || exit 19 | rm -f certs.auto.tfvars 20 | rm -f templates/config.yml 21 | 22 | cd ../.. || exit 23 | rm -Rf ytt-libs/cf4k8s/vendor 24 | rm -f ytt-libs/cf4k8s/vendir.lock.yml 25 | -------------------------------------------------------------------------------- /experiments/k8s/cf4k8s/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | base_domain = "some.domain.com" 2 | registry_domain = "harbor.some.domain.com" 3 | repository_prefix = "harbor.some.domain.com/library" 4 | registry_username = "admin" 5 | registry_password = "why-would-i-share-this-with-you" 6 | kubeconfig_path = "~/.kube/config" 7 | -------------------------------------------------------------------------------- /experiments/k8s/cloud-service-broker/build-container-image.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ]; then 4 | echo "Usage: build-container-image.sh {iaas}" 5 | exit 1 6 | fi 7 | 8 | IAAS="$1" 9 | ARTIFACT_DIR="dist/${IAAS}" 10 | 11 | VERSION=$(cat ${ARTIFACT_DIR}/version) 12 | 13 | docker build -t pivotal/cloud-service-broker:${VERSION} . -------------------------------------------------------------------------------- /experiments/k8s/cloud-service-broker/create-dockerfile.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ]; then 4 | echo "Usage: create-dockerfile.sh {iaas}" 5 | exit 1 6 | fi 7 | 8 | IAAS="$1" 9 | ARTIFACT_DIR="dist/${IAAS}" 10 | 11 | cat << EOF > Dockerfile 12 | 13 | FROM alpine:3.18.3 14 | 15 | COPY ${ARTIFACT_DIR}/cloud-service-broker /bin/cloud-service-broker 16 | COPY ${ARTIFACT_DIR}/*.brokerpak /${IAAS}-brokerpak/ 17 | COPY ${ARTIFACT_DIR}/version /${IAAS}-brokerpak/version 18 | 19 | ENV PORT 8080 20 | EXPOSE 8080/tcp 21 | 22 | WORKDIR /bin 23 | ENTRYPOINT ["/bin/cloud-service-broker"] 24 | CMD ["help"] 25 | 26 | EOF 27 | -------------------------------------------------------------------------------- /experiments/k8s/cloud-service-broker/publish-container-image.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ] && [ -z "$2" ] && [ -z "$3" ] && [ -z "$4" ] && [ -z "$5" ] && [ -z "$6" ]; then 4 | echo "Usage: publish-container-image.sh {registry_domain} {registry_repository} {registry_username} {registry_password} {image} {tag}" 5 | exit 1 6 | fi 7 | 8 | REGISTRY_HOSTNAME="${1}" 9 | REGISTRY_URL="https://${1}" 10 | REGISTRY_REPOSITORY="${1}/${2}" 11 | USERNAME="${3}" 12 | PASSWORD="${4}" 13 | IMAGE="${5}" 14 | TAG="${6}" 15 | 16 | docker login -u "${USERNAME}" -p "${PASSWORD}" "${REGISTRY_URL}" 17 | docker tag "${IMAGE}:${TAG}" "${REGISTRY_REPOSITORY}/${IMAGE}:${TAG}" 18 | docker push "${REGISTRY_REPOSITORY}/${IMAGE}:${TAG}" 19 | -------------------------------------------------------------------------------- /experiments/k8s/cloud-service-broker/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | db_host = "10.10.10.10" 2 | db_name = "servicebroker" 3 | db_user = "admin" 4 | db_password = "why-would-i-share-this-with-you" 5 | db_port = "3306" 6 | db_ca_cert_file = "~/.tf4k8s/gcp/pivotal-csb.ssl_ca.pem" 7 | db_client_cert_file = "~/.tf4k8s/gcp/pivotal-csb.ssl_cert.pem" 8 | db_client_key_file = "~/.tf4k8s/gcp/pivotal-csb.ssl_key.pem" 9 | registry_repository = "harbor.some.domain.com/library" 10 | registry_username = "admin" 11 | registry_password = "why-would-i-share-this-with-you" 12 | container_image = "pivotal/cloud-service-broker" 13 | container_tag = "sb-0.1.0-rc.31-gcp-0.0.1-rc.71" 14 | cf_api_endpoint = "api.tas.some.domain.com" 15 | cf_admin_username = "admin" 16 | cf_admin_password = "why-would-i-share-this-with-you" 17 | -------------------------------------------------------------------------------- /experiments/k8s/cnr/auth-registry.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script requires docker! 4 | 5 | if [ -z "$1" ] && [ -z "$2" ] && [ -z "$3" ]; then 6 | echo "Usage: auth-registry.sh {image-registry} {image-registry-username} {image-registry-password}" 7 | exit 1 8 | fi 9 | 10 | IMAGE_REGISTRY="$1" 11 | IMAGE_REGISTRY_USERNAME="$2" 12 | IMAGE_REGISTRY_PASSWORD="$3" 13 | 14 | docker login "${IMAGE_REGISTRY}" -u "${IMAGE_REGISTRY_USERNAME}" -p "${IMAGE_REGISTRY_PASSWORD}" 15 | -------------------------------------------------------------------------------- /experiments/k8s/cnr/uninstall-cnr.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | CNR_INSTALLATION_NAME="cloud-native-runtimes" 4 | kapp delete -n ${CNR_INSTALLATION_NAME} -a ${CNR_INSTALLATION_NAME} -y 5 | kubectl delete ns ${CNR_INSTALLATION_NAME} 6 | -------------------------------------------------------------------------------- /experiments/k8s/concourse/create-concourse.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/k8s/concourse/destroy-concourse.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/k8s/concourse/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | domain = "some.domain.com" 2 | ingress = "nginx" 3 | kubeconfig_path = "~/.kube/config" 4 | -------------------------------------------------------------------------------- /experiments/k8s/contour/README.md: -------------------------------------------------------------------------------- 1 | # Terraform for installing Project Contour 2 | 3 | Uses k14s [kapp](https://github.com/k14s/terraform-provider-k14s/blob/master/docs/k14s_kapp.md) Terraform provider to install [Contour](https://projectcontour.io/getting-started/). 4 | 5 | Starts with the assumption that you have already provisioned a cluster. 6 | 7 | ## Copy sample configuration 8 | 9 | ``` 10 | cp terraform.tfvars.sample terraform.tfvars 11 | ``` 12 | 13 | ## Edit `terraform.tfvars` 14 | 15 | Amend the values for 16 | 17 | * `kubeconfig_path` 18 | 19 | 20 | ## Install 21 | 22 | ``` 23 | ./create-contour.sh 24 | ``` 25 | 26 | ## Remove 27 | 28 | ``` 29 | ./destroy-contour.sh 30 | ``` 31 | -------------------------------------------------------------------------------- /experiments/k8s/contour/contour.tf: -------------------------------------------------------------------------------- 1 | module "contour" { 2 | source = "../../../modules/contour" 3 | 4 | kubeconfig_path = var.kubeconfig_path 5 | } 6 | 7 | variable "kubeconfig_path" { 8 | description = "The path to your .kube/config" 9 | default = "~/.kube/config" 10 | } 11 | -------------------------------------------------------------------------------- /experiments/k8s/contour/create-contour.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/k8s/contour/destroy-contour.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/k8s/contour/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | kubeconfig_path = "~/.kube/config" -------------------------------------------------------------------------------- /experiments/k8s/eduk8s/cert.template: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: eduk8s-cert 5 | namespace: eduk8s 6 | spec: 7 | dnsNames: 8 | - '*.EDUK8S_DOMAIN' 9 | issuerRef: 10 | kind: ClusterIssuer 11 | name: letsencrypt-prod 12 | secretName: EDUK8S_SECRET -------------------------------------------------------------------------------- /experiments/k8s/eduk8s/destroy-eduk8s.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ]; then 4 | echo "Usage: destroy-eduk8s.sh {release-version}" 5 | exit 1 6 | fi 7 | 8 | RELEASE_VERSION="$1" 9 | 10 | # Delete all current workshop environments 11 | kubectl delete workshops,trainingportals,workshoprequests,workshopsessions,workshopenvironments --all 12 | 13 | # Make sure everything got deleted 14 | kubectl get workshops,trainingportals,workshoprequests,workshopsessions,workshopenvironments --all-namespaces 15 | 16 | # Destroy the eduk8s operator 17 | kubectl delete -k "github.com/eduk8s/eduk8s?ref=${RELEASE_VERSION}" 18 | 19 | # Delete certificate and training-portal resources 20 | rm cert.yml training-portal.yml 21 | -------------------------------------------------------------------------------- /experiments/k8s/eduk8s/obtain-training-portal-admin-creds.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Training Portal information 4 | # Share the URL only, workshop participants can self-register 5 | # The admin credentials for the training portal are to be shared for instructor's use only 6 | kubectl get trainingportals -------------------------------------------------------------------------------- /experiments/k8s/eduk8s/training-portal.template: -------------------------------------------------------------------------------- 1 | apiVersion: training.eduk8s.io/v1alpha1 2 | kind: TrainingPortal 3 | metadata: 4 | name: eduk8s 5 | spec: 6 | portal: 7 | catalog: 8 | visibility: public 9 | ingress: 10 | domain: EDUK8S_DOMAIN 11 | secret: EDUK8S_SECRET 12 | sessions: 13 | maximum: 25 14 | expires: 60m 15 | orphaned: 5m 16 | workshops: 17 | - name: lab-container-basics 18 | - name: lab-k8s-fundamentals 19 | - name: lab-getting-started-with-octant 20 | - name: lab-getting-started-with-carvel 21 | - name: lab-spring-boot-k8s-gs 22 | - name: lab-spring-boot-k8s-probes 23 | - name: tanzu-end-to-end 24 | -------------------------------------------------------------------------------- /experiments/k8s/efk-stack/create-efk-stack.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/k8s/efk-stack/destroy-efk-stack.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/k8s/efk-stack/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | domain = "some.domain.com" 2 | ingress = "contour" 3 | kubeconfig_path = "~/.kube/config" 4 | -------------------------------------------------------------------------------- /experiments/k8s/flagger/create-flagger.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/k8s/flagger/destroy-flagger.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/k8s/flagger/flagger.tf: -------------------------------------------------------------------------------- 1 | module "flagger" { 2 | source = "../../../modules/flagger" 3 | 4 | kubeconfig_path = var.kubeconfig_path 5 | } 6 | 7 | variable "kubeconfig_path" { 8 | description = "The path to your .kube/config" 9 | default = "~/.kube/config" 10 | } 11 | -------------------------------------------------------------------------------- /experiments/k8s/flagger/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | kubeconfig_path = "~/.kube/config" -------------------------------------------------------------------------------- /experiments/k8s/gitea/create-gitea.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/k8s/gitea/destroy-gitea.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/k8s/gitea/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | domain = "some.domain.com" 2 | persistence_enabled = false 3 | persistence_storageclass = "" 4 | kubeconfig_path = "~/.kube/config" -------------------------------------------------------------------------------- /experiments/k8s/harbor/create-harbor.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/k8s/harbor/destroy-harbor.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/k8s/harbor/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | domain = "some.domain.com" 2 | ingress = "nginx" 3 | kubeconfig_path = "~/.kube/config" -------------------------------------------------------------------------------- /experiments/k8s/infoblox/create-infoblox.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/k8s/infoblox/destroy-infoblox.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/k8s/infoblox/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | infoblox_cidr = "10.215.209.0/24" 2 | infoblox_dns_zone = "tkgi.test" 3 | infoblox_password = "testing" 4 | infoblox_server = "10.215.209.27" 5 | infoblox_tenant_id = "test" 6 | infoblox_user = "admin" 7 | infoblox_vmname = "test-cluster" -------------------------------------------------------------------------------- /experiments/k8s/jcr/create-jcr.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/k8s/jcr/destroy-jcr.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/k8s/jcr/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | domain = "some.domain.com" 2 | ingress = "nginx" 3 | kubeconfig_path = "~/.kube/config" -------------------------------------------------------------------------------- /experiments/k8s/jenkins/create-jenkins.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/k8s/jenkins/destroy-jenkins.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/k8s/jenkins/get-credentials.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | JENKINS_INSTANCE_NAME="${1:-prod-jenkins}" 4 | JENKINS_NAMESPACE="${2:-jenkins}" 5 | 6 | JENKINS_USERNAME=$(kubectl get secret jenkins-operator-credentials-${JENKINS_INSTANCE_NAME} -n ${JENKINS_NAMESPACE} -o 'jsonpath={.data.user}' | base64 -d) 7 | JENKINS_PASSWORD=$(kubectl get secret jenkins-operator-credentials-${JENKINS_INSTANCE_NAME} -n ${JENKINS_NAMESPACE} -o 'jsonpath={.data.password}' | base64 -d) 8 | echo "jenkins_username: ${JENKINS_USERNAME}" 9 | echo "jenkins_password: ${JENKINS_PASSWORD}" 10 | -------------------------------------------------------------------------------- /experiments/k8s/jenkins/port-forward.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | JENKINS_INSTANCE_NAME="${1:-prod-jenkins}" 4 | JENKINS_NAMESPACE="${2:-jenkins}" 5 | 6 | kubectl port-forward -n ${JENKINS_NAMESPACE} service/jenkins-operator-http-${JENKINS_INSTANCE_NAME} :8080 7 | -------------------------------------------------------------------------------- /experiments/k8s/jenkins/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | jenkins_instance_name = "prod-jenkins" 2 | jenkins_namespace = "jenkins" 3 | jenkins_k8s_operator_commit_hash = "fe81e5ab3df0b79d532a4cd5d576df4c0586955a" 4 | kubeconfig_path = "~/.kube/config" 5 | -------------------------------------------------------------------------------- /experiments/k8s/kubeapps/create-kubeapps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/k8s/kubeapps/destroy-kubeapps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/k8s/kubeapps/kubeapps.tf: -------------------------------------------------------------------------------- 1 | module "kubeapps" { 2 | source = "../../../modules/kubeapps" 3 | 4 | domain = var.domain 5 | ingress = var.ingress 6 | kubeconfig_path = var.kubeconfig_path 7 | } 8 | 9 | variable "domain" { 10 | description = "The base domain wherein fluentbit, loki, prometheus, and grafana. as part of Loki Stack will be deployed" 11 | } 12 | 13 | variable "ingress" { 14 | description = "Used to specify which Ingress controller should serve a particular Ingress object. Choices are: [ contour, nginx ]." 15 | } 16 | 17 | variable "kubeconfig_path" { 18 | description = "The path to your .kube/config" 19 | default = "~/.kube/config" 20 | } 21 | 22 | output "kubeapps_domain" { 23 | value = module.kubeapps.kubeapps_domain 24 | } -------------------------------------------------------------------------------- /experiments/k8s/kubeapps/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | domain = "some.domain.com" 2 | ingress = "nginx" 3 | kubeconfig_path = "~/.kube/config" 4 | -------------------------------------------------------------------------------- /experiments/k8s/kubeturbo/create-kubeturbo.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/k8s/kubeturbo/destroy-kubeturbo.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/k8s/kubeturbo/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | kubeturbo_operator_commit_hash = "5cc0b03a4a0b3e91fe8b055fdea0c35fa2c772ff" 2 | turbo_username = "foo" 3 | turbo_password = "bar" 4 | turbo_server_url = "https://my.turbonomics.acme.me" 5 | turbo_server_version = "8.0.6" 6 | kubeconfig_path = "~/.kube/config" 7 | -------------------------------------------------------------------------------- /experiments/k8s/loki-stack/create-loki-stack.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/k8s/loki-stack/destroy-loki-stack.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/k8s/loki-stack/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | domain = "some.domain.com" 2 | ingress = "contour" 3 | kubeconfig_path = "~/.kube/config" 4 | -------------------------------------------------------------------------------- /experiments/k8s/minio/create-blobstore.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/k8s/minio/destroy-blobstore.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/k8s/minio/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | domain = "some.domain.com" 2 | ingress = "contour" 3 | kubeconfig_path = "~/.kube/config" 4 | -------------------------------------------------------------------------------- /experiments/k8s/nginx-ingress/create-nginx-ingress.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/k8s/nginx-ingress/destroy-nginx-ingress.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/k8s/nginx-ingress/nginx-ingress.tf: -------------------------------------------------------------------------------- 1 | module "nginx_ingress" { 2 | source = "../../../modules/nginx-ingress" 3 | 4 | kubeconfig_path = var.kubeconfig_path 5 | extra_args_key = var.extra_args_key 6 | extra_args_value = var.extra_args_value 7 | } 8 | 9 | variable "kubeconfig_path" { 10 | description = "The path to your .kube/config" 11 | default = "~/.kube/config" 12 | } 13 | 14 | variable "extra_args_key" { 15 | description = "extraArgs key; for when you would like to pass additional startup flags to the nginx-controller" 16 | default = "" 17 | } 18 | 19 | variable "extra_args_value" { 20 | description = "extraArgs value; for when you would like to pass additional startup flags to the nginx-controller" 21 | default = "" 22 | } -------------------------------------------------------------------------------- /experiments/k8s/nginx-ingress/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | kubeconfig_path = "~/.kube/config" 2 | #extra_args_key = "enable-ssl-passthrough" 3 | #extra_args_value = "true" -------------------------------------------------------------------------------- /experiments/k8s/sealed-secrets/create-sealed-secrets.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/k8s/sealed-secrets/destroy-sealed-secrets.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/k8s/sealed-secrets/install-cli-linux.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | CLI_VERSION="v0.12.5" 4 | 5 | curl -LO https://github.com/bitnami-labs/sealed-secrets/releases/download/${CLI_VERSION}/kubeseal-linux-amd64 6 | mv kubeseal-linux-amd64 kubeseal 7 | chmod +x kubeseal 8 | sudo mv kubeseal /usr/local/bin 9 | -------------------------------------------------------------------------------- /experiments/k8s/sealed-secrets/install-cli-macos.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | CLI_VERSION="v0.12.5" 4 | 5 | curl -LO https://github.com/bitnami-labs/sealed-secrets/releases/download/${CLI_VERSION}/kubeseal-darwin-amd64 6 | mv kubeseal-darwin-amd64 kubeseal 7 | chmod +x kubeseal 8 | sudo mv kubeseal /usr/local/bin 9 | 10 | -------------------------------------------------------------------------------- /experiments/k8s/sealed-secrets/sealed-secrets.tf: -------------------------------------------------------------------------------- 1 | module "sealed-secrets" { 2 | source = "../../../modules/sealed-secrets" 3 | 4 | kubeconfig_path = var.kubeconfig_path 5 | } 6 | 7 | variable "kubeconfig_path" { 8 | description = "The path to your .kube/config" 9 | default = "~/.kube/config" 10 | } 11 | -------------------------------------------------------------------------------- /experiments/k8s/sealed-secrets/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | kubeconfig_path = "~/.kube/config" -------------------------------------------------------------------------------- /experiments/k8s/spring-cloud/config-service/auth-registry.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # This script requires docker! 4 | 5 | if [ -z "$1" ] && [ -z "$2" ] && [ -z "$3" ]; then 6 | echo "Usage: auth-registry.sh {image-registry} {image-registry-username} {image-registry-password}" 7 | exit 1 8 | fi 9 | 10 | IMAGE_REGISTRY="$1" 11 | IMAGE_REGISTRY_USERNAME="$2" 12 | IMAGE_REGISTRY_PASSWORD="$3" 13 | 14 | docker login "${IMAGE_REGISTRY}" -u "${IMAGE_REGISTRY_USERNAME}" -p "${IMAGE_REGISTRY_PASSWORD}" 15 | -------------------------------------------------------------------------------- /experiments/k8s/spring-cloud/config-service/uninstall-tcs.sh: -------------------------------------------------------------------------------- 1 | 2 | #!/usr/bin/env bash 3 | 4 | FILE="/tmp/tanzu-configuration-service.tgz" 5 | VERSION="v1.0.0-alpha.1" 6 | CHART_NAME="tanzu-configuration-service" 7 | DEFAULT_NAMESPACE="${CHART_NAME}" 8 | CONFIGURATION_SERVICE_INSTALLATION_NAME="tanzu-configuration-service-${VERSION}" 9 | cd /tmp/tcs-install/${CONFIGURATION_SERVICE_INSTALLATION_NAME}/helm/${CHART_NAME} || exit 10 | helm uninstall "${CHART_NAME}" -n "${DEFAULT_NAMESPACE}" --timeout="1m" 11 | helm uninstall "${CHART_NAME}-crds" -n "${DEFAULT_NAMESPACE}" --timeout="1m" 12 | kubectl delete ns ${DEFAULT_NAMESPACE} 13 | rm -Rf /tmp/tcs-install 14 | rm -f ${FILE} 15 | -------------------------------------------------------------------------------- /experiments/k8s/spring-cloud/gateway/auth-registry.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # This script requires docker! 4 | 5 | if [ -z "$1" ] && [ -z "$2" ] && [ -z "$3" ]; then 6 | echo "Usage: auth-registry.sh {image-registry} {image-registry-username} {image-registry-password}" 7 | exit 1 8 | fi 9 | 10 | IMAGE_REGISTRY="$1" 11 | IMAGE_REGISTRY_USERNAME="$2" 12 | IMAGE_REGISTRY_PASSWORD="$3" 13 | 14 | docker login "${IMAGE_REGISTRY}" -u "${IMAGE_REGISTRY_USERNAME}" -p "${IMAGE_REGISTRY_PASSWORD}" 15 | -------------------------------------------------------------------------------- /experiments/k8s/spring-cloud/gateway/install-scg-integrated-with-harbor.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | if [ -z "$1" ] && [ -z "$2" ]; then 4 | echo "Usage: install-scg-integrated-with-harbor.sh {harbor-domain} {harbor-project}" 5 | exit 1 6 | fi 7 | 8 | VERSION="1.0.0" 9 | SPRING_CLOUD_GATEWAY_INSTALLATION_NAME="spring-cloud-gateway-k8s-${VERSION}" 10 | HARBOR_DOMAIN="$1" 11 | HARBOR_PROJECT="$2" 12 | IMAGE_REPO="${HARBOR_DOMAIN}/${HARBOR_PROJECT}/spring-cloud-gateway" 13 | 14 | cd /tmp/scg-install/${SPRING_CLOUD_GATEWAY_INSTALLATION_NAME} || exit 15 | 16 | ./scripts/relocate-images.sh ${IMAGE_REPO} 17 | ./scripts/install-spring-cloud-gateway.sh 18 | -------------------------------------------------------------------------------- /experiments/k8s/spring-cloud/gateway/uninstall-scg.sh: -------------------------------------------------------------------------------- 1 | 2 | #!/usr/bin/env bash 3 | 4 | FILE="/tmp/spring-cloud-gateway-k8s.tgz" 5 | VERSION="1.0.0" 6 | CHART_NAME="spring-cloud-gateway" 7 | DEFAULT_NAMESPACE="${CHART_NAME}" 8 | SPRING_CLOUD_GATEWAY_INSTALLATION_NAME="spring-cloud-gateway-k8s-${VERSION}" 9 | cd /tmp/scg-install/${SPRING_CLOUD_GATEWAY_INSTALLATION_NAME}/helm || exit 10 | helm uninstall "${CHART_NAME}" -n "${DEFAULT_NAMESPACE}" --timeout="1m" 11 | kubectl delete ns ${DEFAULT_NAMESPACE} 12 | rm -Rf /tmp/scg-install 13 | rm -f ${FILE} 14 | -------------------------------------------------------------------------------- /experiments/k8s/stratos/create-stratos.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform plan -out terraform.plan 6 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 7 | -------------------------------------------------------------------------------- /experiments/k8s/stratos/destroy-stratos.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/k8s/stratos/stratos.tf: -------------------------------------------------------------------------------- 1 | module "stratos" { 2 | source = "../../../modules/stratos" 3 | 4 | domain = var.domain 5 | ingress = var.ingress 6 | kubeconfig_path = var.kubeconfig_path 7 | } 8 | 9 | variable "domain" { 10 | description = "The base domain wherein stratos. will be deployed" 11 | } 12 | 13 | variable "ingress" { 14 | description = "Used to specify which Ingress controller should serve a particular Ingress object. Choices are: [ contour, nginx ]." 15 | } 16 | 17 | variable "kubeconfig_path" { 18 | description = "The path to your .kube/config" 19 | default = "~/.kube/config" 20 | } 21 | 22 | output "stratos_domain" { 23 | value = module.stratos.stratos_domain 24 | } 25 | -------------------------------------------------------------------------------- /experiments/k8s/stratos/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | domain = "some.domain.com" 2 | ingress = "nginx" 3 | kubeconfig_path = "~/.kube/config" -------------------------------------------------------------------------------- /experiments/k8s/tas4k8s/iaas.auto.tfvars.sample: -------------------------------------------------------------------------------- 1 | email = "cphillipson@vmware.com" 2 | domain = "grizzly.ironleg.me" 3 | project = "fe-cphillipson" 4 | -------------------------------------------------------------------------------- /experiments/k8s/tas4k8s/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | base_domain = "some.domain.com" 2 | registry_domain = "jcr.some.domain.com" 3 | repository_prefix = "jcr.some.domain.com/images" 4 | registry_username = "admin" 5 | registry_password = "why-would-i-share-this-with-you" 6 | pivnet_username = "your@email.com" 7 | pivnet_password = "why-would-i-share-this-with-you" 8 | kubeconfig_path = "~/.kube/config" 9 | -------------------------------------------------------------------------------- /experiments/k8s/tbs/auth-registry.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # This script requires docker! 4 | 5 | if [ -z "$1" ] && [ -z "$2" ] && [ -z "$3" ]; then 6 | echo "Usage: auth-registry.sh {image-registry} {image-registry-username} {image-registry-password}" 7 | exit 1 8 | fi 9 | 10 | IMAGE_REGISTRY="$1" 11 | IMAGE_REGISTRY_USERNAME="$2" 12 | IMAGE_REGISTRY_PASSWORD="$3" 13 | 14 | docker login "${IMAGE_REGISTRY}" -u "${IMAGE_REGISTRY_USERNAME}" -p "${IMAGE_REGISTRY_PASSWORD}" 15 | -------------------------------------------------------------------------------- /experiments/k8s/tbs/relocate-images.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ] && [ -z "$2" ] && [ -z "$3" ]; then 4 | echo "Usage: relocate-images.sh {tanzu-network-username} {tanzu-network-password} {image-repository}" 5 | exit 1 6 | fi 7 | 8 | TBS_VERSION="1.3.3" 9 | PIVNET_USERNAME="$1" 10 | PIVNET_PASSWORD="$2" 11 | IMAGE_REPOSITORY="$3" 12 | 13 | docker login registry.pivotal.io -u "${PIVNET_USERNAME}" -p "${PIVNET_PASSWORD}" 14 | imgpkg copy -b "registry.pivotal.io/build-service/bundle:${TBS_VERSION}" --to-repo ${IMAGE_REPOSITORY} 15 | -------------------------------------------------------------------------------- /experiments/k8s/tbs/uninstall-tbs.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | BUILD_SERVICE_INSTALLATION_NAME="tanzu-build-service" 4 | kapp delete -a ${BUILD_SERVICE_INSTALLATION_NAME} -y 5 | -------------------------------------------------------------------------------- /experiments/k8s/tds/gemfire/auth-registry.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # This script requires docker! 4 | 5 | if [ -z "$1" ] && [ -z "$2" ] && [ -z "$3" ]; then 6 | echo "Usage: auth-registry.sh {image-registry} {image-registry-username} {image-registry-password}" 7 | exit 1 8 | fi 9 | 10 | IMAGE_REGISTRY="$1" 11 | IMAGE_REGISTRY_USERNAME="$2" 12 | IMAGE_REGISTRY_PASSWORD="$3" 13 | 14 | docker login "${IMAGE_REGISTRY}" -u "${IMAGE_REGISTRY_USERNAME}" -p "${IMAGE_REGISTRY_PASSWORD}" 15 | -------------------------------------------------------------------------------- /experiments/k8s/tds/gemfire/uninstall-tanzu-gemfire.sh: -------------------------------------------------------------------------------- 1 | 2 | #!/usr/bin/env bash 3 | 4 | GFSH_VERSION="9.10.6" 5 | CHART_NAME="gemfire-operator" 6 | NAMESPACE="gemfire-system" 7 | TANZU_GEMFIRE_INSTALLATION_NAME="${CHART_NAME}" 8 | cd /tmp/tanzu-gemfire-install/${TANZU_GEMFIRE_INSTALLATION_NAME} || exit 9 | helm uninstall "${CHART_NAME}" --timeout="1m" 10 | kapp delete -a ${CHART_NAME} -y 11 | kubectl delete namespace ${NAMESPACE} 12 | rm -Rf /tmp/gemfire-operator.tgz /tmp/tanzu-gemfire-install /tmp/pivotal-gemfire-${GFSH_VERSION} /tmp/pivotal-gemfire-${GFSH_VERSION}.tgz 13 | sudo rm -Rf /usr/local/bin/gfsh 14 | -------------------------------------------------------------------------------- /experiments/k8s/tds/mysql/auth-registry.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # This script requires docker! 4 | 5 | if [ -z "$1" ] && [ -z "$2" ] && [ -z "$3" ]; then 6 | echo "Usage: auth-registry.sh {image-registry} {image-registry-username} {image-registry-password}" 7 | exit 1 8 | fi 9 | 10 | IMAGE_REGISTRY="$1" 11 | IMAGE_REGISTRY_USERNAME="$2" 12 | IMAGE_REGISTRY_PASSWORD="$3" 13 | 14 | docker login "${IMAGE_REGISTRY}" -u "${IMAGE_REGISTRY_USERNAME}" -p "${IMAGE_REGISTRY_PASSWORD}" 15 | -------------------------------------------------------------------------------- /experiments/k8s/tds/mysql/uninstall-tanzu-mysql.sh: -------------------------------------------------------------------------------- 1 | 2 | #!/usr/bin/env bash 3 | 4 | VERSION="1.1.0" 5 | TANZU_MYSQL_INSTALLATION_NAME="tanzu-mysql-for-kubernetes" 6 | NAMESPACE="${TANZU_MYSQL_INSTALLATION_NAME}-system" 7 | CHART_NAME="mysql-operator" 8 | helm uninstall "${CHART_NAME}" --namespace ${NAMESPACE} --timeout="1m" 9 | kapp delete -a ${CHART_NAME} -y 10 | kubectl delete namespace ${NAMESPACE} 11 | rm -Rf /tmp/tanzu-mysql-install 12 | -------------------------------------------------------------------------------- /experiments/k8s/tds/postgres/auth-registry.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # This script requires docker! 4 | 5 | if [ -z "$1" ] && [ -z "$2" ] && [ -z "$3" ]; then 6 | echo "Usage: auth-registry.sh {image-registry} {image-registry-username} {image-registry-password}" 7 | exit 1 8 | fi 9 | 10 | IMAGE_REGISTRY="$1" 11 | IMAGE_REGISTRY_USERNAME="$2" 12 | IMAGE_REGISTRY_PASSWORD="$3" 13 | 14 | docker login "${IMAGE_REGISTRY}" -u "${IMAGE_REGISTRY_USERNAME}" -p "${IMAGE_REGISTRY_PASSWORD}" 15 | -------------------------------------------------------------------------------- /experiments/k8s/tds/postgres/uninstall-tanzu-postgres.sh: -------------------------------------------------------------------------------- 1 | 2 | #!/usr/bin/env bash 3 | 4 | FILE="/tmp/postgres-for-kubernetes.tar.gz" 5 | VERSION="1.1.0" 6 | CHART_NAME="postgres-operator" 7 | TANZU_POSTGRES_INSTALLATION_NAME="postgres-for-kubernetes-v${VERSION}" 8 | cd /tmp/tanzu-postgres-install/${TANZU_POSTGRES_INSTALLATION_NAME}/operator || exit 9 | helm uninstall "${CHART_NAME}" --timeout="1m" 10 | kapp delete -a ${CHART_NAME} -y 11 | rm -Rf /tmp/tanzu-postgres-install 12 | rm -f ${FILE} 13 | -------------------------------------------------------------------------------- /experiments/k8s/tds/rabbitmq/auth-registry.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # This script requires docker! 4 | 5 | if [ -z "$1" ] && [ -z "$2" ] && [ -z "$3" ]; then 6 | echo "Usage: auth-registry.sh {image-registry} {image-registry-username} {image-registry-password}" 7 | exit 1 8 | fi 9 | 10 | IMAGE_REGISTRY="$1" 11 | IMAGE_REGISTRY_USERNAME="$2" 12 | IMAGE_REGISTRY_PASSWORD="$3" 13 | 14 | docker login "${IMAGE_REGISTRY}" -u "${IMAGE_REGISTRY_USERNAME}" -p "${IMAGE_REGISTRY_PASSWORD}" 15 | -------------------------------------------------------------------------------- /experiments/k8s/tds/rabbitmq/uninstall-tanzu-rabbitmq.sh: -------------------------------------------------------------------------------- 1 | 2 | #!/usr/bin/env bash 3 | 4 | CHART_NAME="rabbitmq-operator" 5 | NAMESPACE="rabbitmq-system" 6 | kapp delete -a ${CHART_NAME} -y 7 | rm -Rf "/tmp/${CHART_NAME}.tar" "/tmp/tanzu-rabbitmq-install" 8 | -------------------------------------------------------------------------------- /experiments/k8s/tekton/create-tekton.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/k8s/tekton/destroy-tekton.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/k8s/tekton/tekton.tf: -------------------------------------------------------------------------------- 1 | module "tekton" { 2 | source = "../../../modules/tekton" 3 | 4 | kubeconfig_path = var.kubeconfig_path 5 | } 6 | 7 | variable "kubeconfig_path" { 8 | description = "The path to your .kube/config" 9 | default = "~/.kube/config" 10 | } 11 | -------------------------------------------------------------------------------- /experiments/k8s/tekton/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | kubeconfig_path = "~/.kube/config" -------------------------------------------------------------------------------- /experiments/k8s/traefik/create-traefik.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/k8s/traefik/destroy-traefik.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/k8s/traefik/port-forward.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | kubectl port-forward -n traefik $(kubectl get pods -n traefik --selector "app.kubernetes.io/name=traefik" --output=name) 9000:9000 4 | -------------------------------------------------------------------------------- /experiments/k8s/traefik/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | traefik_log_level = "INFO" 2 | kubeconfig_path = "~/.kube/config" 3 | -------------------------------------------------------------------------------- /experiments/k8s/traefik/traefik.tf: -------------------------------------------------------------------------------- 1 | module "traefik" { 2 | source = "../../../modules/traefik" 3 | 4 | kubeconfig_path = var.kubeconfig_path 5 | traefik_log_level = var.traefik_log_level 6 | } 7 | 8 | variable "kubeconfig_path" { 9 | description = "The path to your .kube/config" 10 | default = "~/.kube/config" 11 | } 12 | 13 | variable "traefik_log_level" { 14 | description = "Logging level for Traefik. See https://doc.traefik.io/traefik/observability/logs/#level." 15 | default = "DEBUG" 16 | } 17 | -------------------------------------------------------------------------------- /experiments/k8s/tsmgr/fetch-tsmgr-helm-chart.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ] && [ -z "$2" ]; then 4 | echo "Usage: fetch-tsmgr-helm-chart.sh {tanzu_network_api_token}" 5 | exit 1 6 | fi 7 | 8 | PIVNET_API_TOKEN="$1" 9 | pivnet login --api-token=$PIVNET_API_TOKEN 10 | 11 | cd /tmp || exit 12 | TSMGR_VERSION="1.0.11" 13 | TSMGR_CHART_PRODUCT_FILE_ID=804939 14 | 15 | pivnet download-product-files --product-slug='tanzu-service-manager' --release-version="${TSMGR_VERSION}" --product-file-id=${TSMGR_CHART_PRODUCT_FILE_ID} 16 | tar xvf tsmgr-${TSMGR_VERSION}.tgz 17 | -------------------------------------------------------------------------------- /experiments/k8s/tsmgr/fetch-tsmgr-images.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ] && [ -z "$2" ]; then 4 | echo "Usage: fetch-tsmgr-images.sh {tanzu_network_username} {tanzu_network_password}" 5 | exit 1 6 | fi 7 | 8 | USERNAME="$1" 9 | PASSWORD="$2" 10 | 11 | VERSION=1.0.11 12 | 13 | docker login -u "${USERNAME}" -p "${PASSWORD}" registry.pivotal.io 14 | docker pull registry.pivotal.io/tanzu-service-manager/broker:${VERSION} 15 | docker pull registry.pivotal.io/tanzu-service-manager/daemon:${VERSION} 16 | docker pull registry.pivotal.io/tanzu-service-manager/minio:${VERSION} 17 | docker pull registry.pivotal.io/tanzu-service-manager/chartmuseum:${VERSION} 18 | 19 | -------------------------------------------------------------------------------- /experiments/k8s/tsmgr/install-cli-linux.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ]; then 4 | echo "Usage: install-cli-linux.sh {tanzu-network-api-token}" 5 | exit 1 6 | fi 7 | 8 | PIVNET_API_TOKEN="$1" 9 | pivnet login --api-token=$PIVNET_API_TOKEN 10 | 11 | VERSION="1.0.11" 12 | 13 | TSMGR_PRODUCT_FILE_ID=804938 14 | pivnet download-product-files --product-slug='tanzu-service-manager' --release-version="${VERSION}" --product-file-id="${TSMGR_PRODUCT_FILE_ID}" 15 | mv tsmgr-${VERSION}.linux tsmgr 16 | chmod +x tsmgr 17 | sudo mv tsmgr /usr/local/bin 18 | -------------------------------------------------------------------------------- /experiments/k8s/tsmgr/install-cli-macos.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ]; then 4 | echo "Usage: install-cli-macos.sh {tanzu-network-api-token}" 5 | exit 1 6 | fi 7 | 8 | PIVNET_API_TOKEN="$1" 9 | pivnet login --api-token=$PIVNET_API_TOKEN 10 | 11 | VERSION="1.0.11" 12 | 13 | TSMGR_PRODUCT_FILE_ID=804937 14 | pivnet download-product-files --product-slug='tanzu-service-manager' --release-version="${VERSION}" --product-file-id="${TSMGR_PRODUCT_FILE_ID}" 15 | mv tsmgr-${VERSION}.darwin tsmgr 16 | chmod +x tsmgr 17 | sudo mv tsmgr /usr/local/bin 18 | 19 | pivnet download-product-files --product-slug='tanzu-service-manager' --release-version='1.0.11' --product-file-id=804937 -------------------------------------------------------------------------------- /experiments/k8s/tsmgr/install-tsmgr.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/k8s/tsmgr/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | domain = "some.domain.com" 2 | ingress = "nginx" 3 | kubeconfig_path = "~/.kube/config" 4 | 5 | registry_domain = "harbor.some.domain.com" 6 | registry_username = "admin" 7 | registry_password = "why-would-i-share-this-with-you" 8 | tsmgr_images_prefix = "tanzu-service-manager" 9 | si_images_prefix = "tanzu-service-manager-si" 10 | s3_endpoint = "minio.some.domain.com" 11 | s3_bucket_name = "tanzu-service-manager-offerings" 12 | s3_access_key = "why-would-i-share-this-with-you" 13 | s3_secret_key = "why-would-i-share-this-with-you" 14 | cf_api_endpoint = "api.tas.some.domain.com" 15 | cf_admin_username = "admin" 16 | cf_admin_password = "why-would-i-share-this-with-you" 17 | 18 | chart_path = "/tmp/tsmgr" 19 | -------------------------------------------------------------------------------- /experiments/k8s/tsmgr/uninstall-tsmgr.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/k8s/wavefront/create-wavefront.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/k8s/wavefront/destroy-wavefront.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/k8s/wavefront/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | cluster_name = "my-cluster" 2 | wavefront_url = "https://longboard.wavefront.com" 3 | wavefront_api_token = "why-would-i-share-this-with-you" 4 | kubeconfig_path = "~/.kube/config" -------------------------------------------------------------------------------- /experiments/tkg/aws/mgmt/create-mgmt-cluster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/tkg/aws/mgmt/destroy-mgmt-cluster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/tkg/aws/mgmt/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | environment = "emma" 2 | aws_secret_key_id = "why-would-i-share-this-with-you" 3 | aws_secret_access_key = "why-would-i-share-this-with-you" 4 | aws_ssh_key_name = "tkg-aws-us-east-1.pem" 5 | path_to_tkg_config_yaml = "~/.tf4k8s/tkg/emma/config.yaml" 6 | aws_region = "us-east-1" 7 | aws_node_az = "us-east-1a" 8 | aws_node_az_1 = "us-east-1b" 9 | aws_node_az_2 = "us-east-1c" -------------------------------------------------------------------------------- /experiments/tkg/aws/workload/create-workload-cluster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/tkg/aws/workload/destroy-workload-cluster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/tkg/aws/workload/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | environment = "emma" 2 | path_to_tkg_config_yaml = "~/.tf4k8s/tkg/emma/config.yaml" -------------------------------------------------------------------------------- /experiments/tkg/azure/mgmt/create-mgmt-cluster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/tkg/azure/mgmt/destroy-mgmt-cluster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/tkg/azure/mgmt/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | environment = "coffee" 2 | path_to_tkg_config_yaml = "~/.tf4k8s/tkg/coffee/config.yaml" 3 | az_subscription_id = "why-would-i-share-this-with-you" 4 | az_client_id = "why-would-i-share-this-with-you" 5 | az_tenant_id = "why-would-i-share-this-with-you" 6 | az_client_secret = "why-would-i-share-this-with-you" 7 | az_resource_group_name = "coffee" 8 | path_to_az_ssh_public_key = "~/.ssh/azure_rsa.pub" 9 | -------------------------------------------------------------------------------- /experiments/tkg/azure/workload/create-workload-cluster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan -------------------------------------------------------------------------------- /experiments/tkg/azure/workload/destroy-workload-cluster.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg 5 | -------------------------------------------------------------------------------- /experiments/tkg/azure/workload/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | environment = "coffee" 2 | path_to_tkg_config_yaml = "~/.tf4k8s/tkg/coffee/config.yaml" -------------------------------------------------------------------------------- /experiments/tkgi/cluster/README.md: -------------------------------------------------------------------------------- 1 | # Terraform for TKGi cluster lifecycle management 2 | 3 | Visit [warroyo/terraforming-tkgi](https://github.com/warroyo/terraforming-tkgi) and checkout the Terraform [module](https://github.com/warroyo/terraforming-tkgi/tree/main/modules/cluster/tkgi). -------------------------------------------------------------------------------- /experiments/tkgi/logsink/create-logsink.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform init 4 | terraform validate 5 | terraform graph | dot -Tsvg > graph.svg 6 | terraform plan -out terraform.plan 7 | terraform apply -auto-approve -state terraform.tfstate terraform.plan 8 | -------------------------------------------------------------------------------- /experiments/tkgi/logsink/destroy-logsink.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | terraform destroy -auto-approve 4 | rm -Rf .terraform .terraform.lock.hcl terraform.tfstate terraform.tfstate.backup terraform.log terraform.plan graph.svg -------------------------------------------------------------------------------- /experiments/tkgi/logsink/logsink.tf: -------------------------------------------------------------------------------- 1 | module "tkgi_logsink" { 2 | source = "../../../modules/logsink" 3 | 4 | tkgi_cluster_name = var.tkgi_cluster_nam 5 | sink_hostname = var.sink_hostname 6 | sink_port = var.sink_port 7 | sink_insecure_skip_verify = var.sink_insecure_skip_verify 8 | 9 | kubeconfig_path = var.kubeconfig_path 10 | } 11 | 12 | variable "tkgi_cluster_name" {} 13 | 14 | variable "sink_hostname" {} 15 | 16 | variable "sink_port" { 17 | default = 443 18 | } 19 | 20 | variable "sink_insecure_skip_verify" { 21 | default = true 22 | } 23 | 24 | variable "kubeconfig_path" { 25 | description = "The path to your .kube/config" 26 | default = "~/.kube/config" 27 | } 28 | -------------------------------------------------------------------------------- /experiments/tkgi/logsink/terraform.tfvars.sample: -------------------------------------------------------------------------------- 1 | tkgi_cluster_name = "foo-cluster" 2 | sink_hostname = "fabulous.cluster.me" 3 | sink_port = 443 4 | sink_tls_enabled = true 5 | sink_insecure_skip_verify = true 6 | kubeconfig_path = "~/.kube/config" 7 | -------------------------------------------------------------------------------- /modules/acme/aws/main.tf: -------------------------------------------------------------------------------- 1 | resource "tls_private_key" "private_key" { 2 | algorithm = "RSA" 3 | } 4 | 5 | resource "acme_registration" "reg" { 6 | account_key_pem = tls_private_key.private_key.private_key_pem 7 | email_address = var.email 8 | } 9 | 10 | resource "acme_certificate" "certificate" { 11 | account_key_pem = acme_registration.reg.account_key_pem 12 | common_name = var.common_name 13 | subject_alternative_names = var.additional_domains 14 | recursive_nameservers = ["8.8.8.8:53"] 15 | 16 | dns_challenge { 17 | provider = "route53" 18 | 19 | config = { 20 | AWS_HOSTED_ZONE_ID = var.dns_zone_id 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /modules/acme/aws/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cert_full_chain" { 2 | value = "${acme_certificate.certificate.certificate_pem}${acme_certificate.certificate.issuer_pem}" 3 | } 4 | 5 | output "cert" { 6 | value = acme_certificate.certificate.certificate_pem 7 | } 8 | 9 | output "cert_key" { 10 | value = acme_certificate.certificate.private_key_pem 11 | } 12 | 13 | output "cert_ca" { 14 | value = acme_certificate.certificate.issuer_pem 15 | } -------------------------------------------------------------------------------- /modules/acme/aws/providers.tf: -------------------------------------------------------------------------------- 1 | provider "acme" { 2 | server_url = "https://acme-v02.api.letsencrypt.org/directory" 3 | } 4 | -------------------------------------------------------------------------------- /modules/acme/aws/vars.tf: -------------------------------------------------------------------------------- 1 | variable "dns_zone_id" {} 2 | 3 | variable "email" {} 4 | 5 | variable "common_name" {} 6 | 7 | variable "additional_domains" { 8 | type = list(string) 9 | default = [] 10 | } -------------------------------------------------------------------------------- /modules/acme/aws/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | acme = { 4 | source = "vancluever/acme" 5 | version = ">= 2.4.0" 6 | } 7 | tls = { 8 | source = "hashicorp/tls" 9 | } 10 | } 11 | required_version = ">= 0.14" 12 | } 13 | -------------------------------------------------------------------------------- /modules/acme/azure/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cert_full_chain" { 2 | value = "${acme_certificate.certificate.certificate_pem}${acme_certificate.certificate.issuer_pem}" 3 | } 4 | 5 | output "cert" { 6 | value = acme_certificate.certificate.certificate_pem 7 | } 8 | 9 | output "cert_key" { 10 | value = acme_certificate.certificate.private_key_pem 11 | } 12 | 13 | output "cert_ca" { 14 | value = acme_certificate.certificate.issuer_pem 15 | } -------------------------------------------------------------------------------- /modules/acme/azure/providers.tf: -------------------------------------------------------------------------------- 1 | provider "acme" { 2 | server_url = "https://acme-v02.api.letsencrypt.org/directory" 3 | } -------------------------------------------------------------------------------- /modules/acme/azure/vars.tf: -------------------------------------------------------------------------------- 1 | variable "client_id" { 2 | sensitive = true 3 | } 4 | 5 | variable "client_secret" { 6 | sensitive = true 7 | } 8 | 9 | variable "tenant_id" { 10 | sensitive = true 11 | } 12 | 13 | variable "subscription_id" { 14 | sensitive = true 15 | } 16 | 17 | variable "resource_group_name" {} 18 | 19 | variable "email" {} 20 | 21 | variable "common_name" {} 22 | 23 | variable "additional_domains" { 24 | type = list(string) 25 | default = [] 26 | } 27 | -------------------------------------------------------------------------------- /modules/acme/azure/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | acme = { 4 | source = "vancluever/acme" 5 | version = ">= 2.4.0" 6 | } 7 | tls = { 8 | source = "hashicorp/tls" 9 | } 10 | } 11 | required_version = ">= 0.14" 12 | } 13 | -------------------------------------------------------------------------------- /modules/acme/gcp/main.tf: -------------------------------------------------------------------------------- 1 | resource "tls_private_key" "private_key" { 2 | algorithm = "RSA" 3 | } 4 | 5 | resource "acme_registration" "reg" { 6 | account_key_pem = tls_private_key.private_key.private_key_pem 7 | email_address = var.email 8 | } 9 | 10 | resource "acme_certificate" "certificate" { 11 | account_key_pem = acme_registration.reg.account_key_pem 12 | common_name = var.common_name 13 | subject_alternative_names = var.additional_domains 14 | recursive_nameservers = ["8.8.8.8:53"] 15 | 16 | dns_challenge { 17 | provider = "gcloud" 18 | 19 | config = { 20 | GCE_PROJECT = var.project 21 | GCE_PROPAGATION_TIMEOUT = "360" 22 | } 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /modules/acme/gcp/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cert_full_chain" { 2 | value = "${acme_certificate.certificate.certificate_pem}${acme_certificate.certificate.issuer_pem}" 3 | } 4 | 5 | output "cert" { 6 | value = acme_certificate.certificate.certificate_pem 7 | } 8 | 9 | output "cert_key" { 10 | value = acme_certificate.certificate.private_key_pem 11 | } 12 | 13 | output "cert_ca" { 14 | value = acme_certificate.certificate.issuer_pem 15 | } -------------------------------------------------------------------------------- /modules/acme/gcp/providers.tf: -------------------------------------------------------------------------------- 1 | provider "acme" { 2 | server_url = "https://acme-v02.api.letsencrypt.org/directory" 3 | } -------------------------------------------------------------------------------- /modules/acme/gcp/vars.tf: -------------------------------------------------------------------------------- 1 | variable "project" { 2 | sensitive = true 3 | } 4 | 5 | variable "email" {} 6 | 7 | variable "common_name" {} 8 | 9 | variable "additional_domains" { 10 | type = list(string) 11 | default = [] 12 | } 13 | -------------------------------------------------------------------------------- /modules/acme/gcp/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | acme = { 4 | source = "vancluever/acme" 5 | version = ">= 2.4.0" 6 | } 7 | tls = { 8 | source = "hashicorp/tls" 9 | } 10 | } 11 | required_version = ">= 0.14" 12 | } 13 | -------------------------------------------------------------------------------- /modules/argo-cd/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | argocd_domain = "argocd.${var.domain}" 3 | argocd_version = "v1.7.3" 4 | argo_rollouts_version = "v0.9.0" 5 | } -------------------------------------------------------------------------------- /modules/argo-cd/outputs.tf: -------------------------------------------------------------------------------- 1 | output "argocd_domain" { 2 | value = local.argocd_domain 3 | } 4 | 5 | output "argocd_admin_username" { 6 | value = "admin" 7 | } 8 | -------------------------------------------------------------------------------- /modules/argo-cd/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /modules/argo-cd/templates/nginx/argo-rollouts-values.tpl: -------------------------------------------------------------------------------- 1 | installCRDs: true 2 | 3 | clusterInstall: true 4 | 5 | controller: 6 | name: argo-rollouts 7 | component: rollouts-controller 8 | image: 9 | repository: argoproj/argo-rollouts 10 | tag: ${argo_rollouts_version} 11 | 12 | # Secrets with credentials to pull images from a private registry 13 | imagePullSecrets: [] 14 | # - name: argo-pull-secret 15 | -------------------------------------------------------------------------------- /modules/argo-cd/vars.tf: -------------------------------------------------------------------------------- 1 | variable "domain" {} 2 | 3 | variable "ingress" { 4 | description = "Used to specify which Ingress controller should serve a particular Ingress object. The only choice for now is [ nginx ]." 5 | default = "nginx" 6 | } 7 | 8 | variable "kubeconfig_path" {} 9 | -------------------------------------------------------------------------------- /modules/argo-cd/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | kubernetes = { 8 | source = "hashicorp/kubernetes" 9 | } 10 | template = { 11 | source = "hashicorp/template" 12 | } 13 | } 14 | required_version = ">= 0.14" 15 | } 16 | -------------------------------------------------------------------------------- /modules/avi-lb/outputs.tf: -------------------------------------------------------------------------------- 1 | output "avi_controller_username" { 2 | value = var.avi_controller_username 3 | sensitive = true 4 | } 5 | 6 | output "avi_controller_password" { 7 | value = var.avi_controller_password 8 | sensitive = true 9 | } 10 | -------------------------------------------------------------------------------- /modules/avi-lb/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | -------------------------------------------------------------------------------- /modules/avi-lb/vars.tf: -------------------------------------------------------------------------------- 1 | variable "kubeconfig_path" { 2 | description = "The path to your .kube/config" 3 | default = "~/.kube/config" 4 | } 5 | 6 | variable "avi_hostname" {} 7 | 8 | variable "avi_cluster_name" { 9 | default = "my-avi-cluster" 10 | } 11 | 12 | variable "avi_cni_plugin" { 13 | default = "calico" 14 | } 15 | 16 | variable "avi_controller_username" { 17 | default = "admin" 18 | sensitive = true 19 | } 20 | 21 | variable "avi_controller_password" { 22 | sensitive = true 23 | } -------------------------------------------------------------------------------- /modules/avi-lb/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | http = { 8 | source = "hashicorp/http" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | } 14 | required_version = ">= 0.14" 15 | } 16 | -------------------------------------------------------------------------------- /modules/blobstore/azure/main.tf: -------------------------------------------------------------------------------- 1 | data "azurerm_resource_goup" "rg" { 2 | name = var.resource_group_name 3 | } 4 | 5 | resource "azurerm_storage_account" "sac" { 6 | name = var.storage_account_name 7 | resource_group_name = var.resource_group_name 8 | location = data.azurerm_resource_group.rg.location 9 | account_tier = "Standard" 10 | account_replication_type = "LRS" 11 | } 12 | 13 | resource "azurerm_storage_container" "sc" { 14 | name = var.storage_container_name 15 | storage_account_name = azurerm_storage_account.sac.name 16 | container_access_type = "private" 17 | } 18 | -------------------------------------------------------------------------------- /modules/blobstore/azure/outputs.tf: -------------------------------------------------------------------------------- 1 | output "storage_account_location" { 2 | value = azurerm_storage_account.sac.location 3 | } 4 | 5 | output "storage_container_id" { 6 | value = azurerm_storage_container.sc.id 7 | } 8 | 9 | output "storage_container_resource_manager_id" { 10 | value = azurerm_storage_container.sc.resource_manager_id 11 | } 12 | -------------------------------------------------------------------------------- /modules/blobstore/azure/providers.tf: -------------------------------------------------------------------------------- 1 | provider "azurerm" { 2 | client_id = var.az_client_id 3 | subscription_id = var.az_subscription_id 4 | tenant_id = var.az_tenant_id 5 | client_secret = var.az_client_secret 6 | features {} 7 | } 8 | -------------------------------------------------------------------------------- /modules/blobstore/azure/vars.tf: -------------------------------------------------------------------------------- 1 | variable "resource_group_name" {} 2 | 3 | variable "storage_account_name" {} 4 | 5 | variable "storage_container_name" {} 6 | 7 | variable "az_subscription_id" { 8 | description = "Azure Subscription (id)" 9 | type = string 10 | sensitive = true 11 | } 12 | 13 | variable "az_client_id" { 14 | description = "Azure Service Principal (appId)" 15 | type = string 16 | sensitive = true 17 | } 18 | 19 | variable "az_client_secret" { 20 | description = "Azure Service Principal (password)" 21 | type = string 22 | sensitive = true 23 | } 24 | 25 | variable "az_tenant_id" { 26 | description = "Azure Service Principal (tenant)" 27 | type = string 28 | sensitive = true 29 | } 30 | -------------------------------------------------------------------------------- /modules/blobstore/azure/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | version = ">=2.30.0" 6 | } 7 | } 8 | required_version = ">= 0.14" 9 | } 10 | -------------------------------------------------------------------------------- /modules/certmanager/amazon/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | provider "k14s" { 12 | kapp { 13 | kubeconfig_yaml = file(var.kubeconfig_path) 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /modules/certmanager/amazon/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | template = { 14 | source = "hashicorp/template" 15 | } 16 | } 17 | required_version = ">= 0.14" 18 | } 19 | -------------------------------------------------------------------------------- /modules/certmanager/azure/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | provider "k14s" { 12 | kapp { 13 | kubeconfig_yaml = file(var.kubeconfig_path) 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /modules/certmanager/azure/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | template = { 14 | source = "hashicorp/template" 15 | } 16 | } 17 | required_version = ">= 0.14" 18 | } 19 | -------------------------------------------------------------------------------- /modules/certmanager/gcp/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | provider "k14s" { 12 | kapp { 13 | kubeconfig_yaml = file(var.kubeconfig_path) 14 | } 15 | } 16 | 17 | -------------------------------------------------------------------------------- /modules/certmanager/gcp/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | template = { 14 | source = "hashicorp/template" 15 | } 16 | } 17 | required_version = ">= 0.14" 18 | } 19 | -------------------------------------------------------------------------------- /modules/certmanager/venafi/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | provider "k14s" { 12 | kapp { 13 | kubeconfig_yaml = file(var.kubeconfig_path) 14 | } 15 | } 16 | 17 | -------------------------------------------------------------------------------- /modules/certmanager/venafi/templates/cluster-issuer.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: ClusterIssuer 3 | metadata: 4 | name: venafi-issuer 5 | namespace: ${namespace} 6 | spec: 7 | venafi: 8 | # Set this to the GUID of the Venafi policy zone you want to use 9 | zone: ${venafi_policy_zone_guid} 10 | cloud: 11 | apiTokenSecretRef: 12 | name: cloud-secret 13 | key: apikey -------------------------------------------------------------------------------- /modules/certmanager/venafi/vars.tf: -------------------------------------------------------------------------------- 1 | variable "venafi_policy_zone_guid" {} 2 | 3 | variable "venafi_tpp_access_token" { 4 | sensitive = true 5 | } 6 | 7 | variable "kubeconfig_path" { 8 | description = "The path to your .kube/config" 9 | type = string 10 | default = "~/.kube/config" 11 | } -------------------------------------------------------------------------------- /modules/certmanager/venafi/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | template = { 14 | source = "hashicorp/template" 15 | } 16 | } 17 | required_version = ">= 0.14" 18 | } 19 | -------------------------------------------------------------------------------- /modules/cf4k8s/acme/templates/certs-and-keys.tpl: -------------------------------------------------------------------------------- 1 | system_certificate: 2 | crt: | 3 | ${system_certificate_full_chain} 4 | key: | 5 | ${system_cert_key} 6 | ca: "" 7 | 8 | workloads_certificate: 9 | crt: | 10 | ${workloads_certificate_full_chain} 11 | key: | 12 | ${workloads_cert_key} 13 | ca: "" -------------------------------------------------------------------------------- /modules/cf4k8s/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | tmp_dir = "/tmp/cf4k8s" 3 | cf4k8s_config = "${local.tmp_dir}/cf-values.yml" 4 | system_domain = var.domain 5 | app_domain = "apps.${var.domain}" 6 | } -------------------------------------------------------------------------------- /modules/cf4k8s/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | provider "k14s" { 12 | kapp { 13 | kubeconfig_yaml = file(var.kubeconfig_path) 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /modules/cf4k8s/templates/cert.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: cf4k8s-cert 5 | namespace: ${namespace} 6 | spec: 7 | dnsNames: 8 | - '*.${system_domain}' 9 | - '*.${app_domain}' 10 | issuerRef: 11 | kind: ClusterIssuer 12 | name: letsencrypt-prod 13 | secretName: cf4k8s-tls-secret 14 | -------------------------------------------------------------------------------- /modules/cf4k8s/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | local = { 14 | source = "hashicorp/local" 15 | } 16 | random = { 17 | source = "hashicorp/random" 18 | } 19 | template = { 20 | source = "hashicorp/template" 21 | } 22 | } 23 | required_version = ">= 0.14" 24 | } 25 | -------------------------------------------------------------------------------- /modules/cloud-service-broker/aws/templates/manifest.tpl: -------------------------------------------------------------------------------- 1 | --- 2 | applications: 3 | - name: cloud-service-broker 4 | command: cloud-service-broker serve 5 | memory: 1G 6 | docker: 7 | image: ${docker_image} 8 | username: ${docker_username} 9 | random-route: true 10 | env: 11 | GSB_BROKERPAK_BUILTIN_PATH: /aws-brokerpak 12 | AWS_ACCESS_KEY_ID: ${aws_access_key_id} 13 | AWS_SECRET_ACCESS_KEY: ${aws_secret_access_key} 14 | DB_HOST: ${db_host} 15 | DB_NAME: ${db_name} 16 | DB_PORT: ${db_port} 17 | DB_USERNAME: ${db_user} 18 | DB_PASSWORD: ${db_password} 19 | CA_CERT: ${db_ca_cert} 20 | CLIENT_CERT: ${db_client_cert} 21 | CLIENT_KEY: ${db_client_key} 22 | SECURITY_USER_NAME: ${api_user} 23 | SECURITY_USER_PASSWORD: ${api_password} -------------------------------------------------------------------------------- /modules/cloud-service-broker/aws/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | local = { 4 | source = "hashicorp/local" 5 | } 6 | null = { 7 | source = "hashicorp/null" 8 | } 9 | random = { 10 | source = "hashicorp/random" 11 | } 12 | template = { 13 | source = "hashicorp/template" 14 | } 15 | } 16 | required_version = ">= 0.14" 17 | } 18 | -------------------------------------------------------------------------------- /modules/cloud-service-broker/azure/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | local = { 4 | source = "hashicorp/local" 5 | } 6 | null = { 7 | source = "hashicorp/null" 8 | } 9 | random = { 10 | source = "hashicorp/random" 11 | } 12 | template = { 13 | source = "hashicorp/template" 14 | } 15 | } 16 | required_version = ">= 0.14" 17 | } 18 | -------------------------------------------------------------------------------- /modules/cloud-service-broker/gcp/templates/manifest.tpl: -------------------------------------------------------------------------------- 1 | --- 2 | applications: 3 | - name: cloud-service-broker 4 | command: cloud-service-broker serve 5 | memory: 1G 6 | docker: 7 | image: ${docker_image} 8 | username: ${docker_username} 9 | random-route: true 10 | env: 11 | GSB_BROKERPAK_BUILTIN_PATH: /gcp-brokerpak 12 | GOOGLE_CREDENTIALS: ${gcp_credentials} 13 | GOOGLE_PROJECT: ${gcp_project} 14 | DB_HOST: ${db_host} 15 | DB_NAME: ${db_name} 16 | DB_PORT: ${db_port} 17 | DB_USERNAME: ${db_user} 18 | DB_PASSWORD: ${db_password} 19 | CA_CERT: ${db_ca_cert} 20 | CLIENT_CERT: ${db_client_cert} 21 | CLIENT_KEY: ${db_client_key} 22 | SECURITY_USER_NAME: ${api_user} 23 | SECURITY_USER_PASSWORD: ${api_password} -------------------------------------------------------------------------------- /modules/cloud-service-broker/gcp/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | local = { 4 | source = "hashicorp/local" 5 | } 6 | null = { 7 | source = "hashicorp/null" 8 | } 9 | random = { 10 | source = "hashicorp/random" 11 | } 12 | template = { 13 | source = "hashicorp/template" 14 | } 15 | } 16 | required_version = ">= 0.14" 17 | } 18 | -------------------------------------------------------------------------------- /modules/cluster/aks/outputs.tf: -------------------------------------------------------------------------------- 1 | output "kubeconfig_path_aks" { 2 | value = local_file.kubeconfigaks.filename 3 | } 4 | 5 | output "latest_k8s_version" { 6 | value = data.azurerm_kubernetes_service_versions.current.*.latest_version 7 | } 8 | 9 | output "public_ip_address" { 10 | value = azurerm_public_ip.public_ip.ip_address 11 | } 12 | 13 | output "public_ip_fqdn" { 14 | value = azurerm_public_ip.public_ip.fqdn 15 | } -------------------------------------------------------------------------------- /modules/cluster/aks/providers.tf: -------------------------------------------------------------------------------- 1 | provider "azurerm" { 2 | client_id = var.az_client_id 3 | subscription_id = var.az_subscription_id 4 | tenant_id = var.az_tenant_id 5 | client_secret = var.az_client_secret 6 | features {} 7 | } 8 | -------------------------------------------------------------------------------- /modules/cluster/aks/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | version = ">=2.0.0" 6 | } 7 | http = { 8 | source = "hashicorp/http" 9 | } 10 | local = { 11 | source = "hashicorp/local" 12 | } 13 | random = { 14 | source = "hashicorp/random" 15 | } 16 | } 17 | required_version = ">= 0.14" 18 | } 19 | -------------------------------------------------------------------------------- /modules/cluster/eks/keypair.tf: -------------------------------------------------------------------------------- 1 | module "ssh_key_pair" { 2 | source = "git::https://github.com/cloudposse/terraform-aws-key-pair.git?ref=master" 3 | namespace = "tanzu" 4 | stage = random_id.cluster_name.hex 5 | name = var.ssh_key_name 6 | ssh_public_key_path = pathexpand("~/.tf4k8s/aws/.ssh") 7 | generate_ssh_key = "true" 8 | private_key_extension = ".pem" 9 | public_key_extension = ".pub" 10 | } -------------------------------------------------------------------------------- /modules/cluster/eks/kubeconfig.tf: -------------------------------------------------------------------------------- 1 | data "aws_eks_cluster_auth" "this" { 2 | name = aws_eks_cluster.cluster.name 3 | } 4 | 5 | module "kubeconfig" { 6 | source = "../../generate-kubeconfig" 7 | 8 | username = aws_eks_cluster.cluster.arn 9 | cluster_name = aws_eks_cluster.cluster.arn 10 | context_name = aws_eks_cluster.cluster.arn 11 | directory = "~/.tf4k8s/aws" 12 | filename = "${var.eks_name}-${random_id.cluster_name.hex}-kubeconfig" 13 | endpoint = aws_eks_cluster.cluster.endpoint 14 | certificate_ca = aws_eks_cluster.cluster.certificate_authority.0.data 15 | token = data.aws_eks_cluster_auth.this.token 16 | } -------------------------------------------------------------------------------- /modules/cluster/eks/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | -------------------------------------------------------------------------------- /modules/cluster/eks/random.tf: -------------------------------------------------------------------------------- 1 | resource "random_id" "cluster_name" { 2 | byte_length = 6 3 | } 4 | -------------------------------------------------------------------------------- /modules/cluster/eks/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = "~>3.0" 6 | } 7 | random = { 8 | source = "hashicorp/random" 9 | } 10 | } 11 | required_version = ">= 0.14" 12 | } 13 | -------------------------------------------------------------------------------- /modules/cluster/gke/outputs.tf: -------------------------------------------------------------------------------- 1 | 2 | output "path_to_kubeconfig" { 3 | value = local_file.kubeconfig.filename 4 | } 5 | 6 | output "gke_cluster_name" { 7 | value = google_container_cluster.gke.name 8 | } 9 | 10 | output "gke_node_version_deployed" { 11 | value = google_container_cluster.gke.master_version 12 | } 13 | 14 | output "gcp_region" { 15 | value = var.gcp_region 16 | } -------------------------------------------------------------------------------- /modules/cluster/gke/providers.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = file(var.gcp_service_account_credentials) 3 | project = var.gcp_project 4 | region = var.gcp_region 5 | } 6 | 7 | provider "google-beta" { 8 | credentials = file(var.gcp_service_account_credentials) 9 | project = var.gcp_project 10 | region = var.gcp_region 11 | } 12 | 13 | -------------------------------------------------------------------------------- /modules/cluster/gke/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | google = { 4 | source = "hashicorp/google" 5 | version = ">=3.21.0" 6 | } 7 | google-beta = { 8 | source = "hashicorp/google-beta" 9 | version = ">=3.21.0" 10 | } 11 | http = { 12 | source = "hashicorp/http" 13 | } 14 | local = { 15 | source = "hashicorp/local" 16 | } 17 | random = { 18 | source = "hashicorp/random" 19 | } 20 | template = { 21 | source = "hashicorp/template" 22 | } 23 | } 24 | required_version = ">= 0.14" 25 | } 26 | -------------------------------------------------------------------------------- /modules/cluster/tkg/aws/mgmt/outputs.tf: -------------------------------------------------------------------------------- 1 | output "path_to_config_yaml" { 2 | value = local_file.merged_config.filename 3 | } -------------------------------------------------------------------------------- /modules/cluster/tkg/aws/mgmt/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | local = { 4 | source = "hashicorp/local" 5 | } 6 | null = { 7 | source = "hashicorp/null" 8 | } 9 | random = { 10 | source = "hashicorp/random" 11 | } 12 | template = { 13 | source = "hashicorp/template" 14 | } 15 | } 16 | required_version = ">= 0.14" 17 | } 18 | -------------------------------------------------------------------------------- /modules/cluster/tkg/aws/workload/outputs.tf: -------------------------------------------------------------------------------- 1 | output "kubeconfig_contents" { 2 | value = file(pathexpand("~/.kube/config")) 3 | } -------------------------------------------------------------------------------- /modules/cluster/tkg/aws/workload/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | local = { 4 | source = "hashicorp/local" 5 | } 6 | null = { 7 | source = "hashicorp/null" 8 | } 9 | random = { 10 | source = "hashicorp/random" 11 | } 12 | template = { 13 | source = "hashicorp/template" 14 | } 15 | } 16 | required_version = ">= 0.14" 17 | } 18 | -------------------------------------------------------------------------------- /modules/cluster/tkg/azure/mgmt/outputs.tf: -------------------------------------------------------------------------------- 1 | output "path_to_config_yaml" { 2 | value = local_file.merged_config.filename 3 | } -------------------------------------------------------------------------------- /modules/cluster/tkg/azure/mgmt/templates/config-additions.tpl: -------------------------------------------------------------------------------- 1 | AZURE_ENVIRONMENT: ${az_environment} 2 | AZURE_TENANT_ID: ${az_tenant_id} 3 | AZURE_SUBSCRIPTION_ID: ${az_subscription_id} 4 | AZURE_CLIENT_ID: ${az_client_id} 5 | AZURE_CLIENT_SECRET: ${az_client_secret} 6 | AZURE_LOCATION: ${az_location} 7 | AZURE_SSH_PUBLIC_KEY_B64: ${az_ssh_public_key_b64} 8 | AZURE_RESOURCE_GROUP: ${az_resource_group_name} 9 | AZURE_VNET_RESOURCE_GROUP: ${az_resource_group_name} 10 | SERVICE_CIDR: ${service_cidr} 11 | CLUSTER_CIDR: ${cluster_cidr} 12 | AZURE_CONTROL_PLANE_MACHINE_TYPE: ${control_plane_machine_type} 13 | AZURE_NODE_MACHINE_TYPE: ${node_machine_type} -------------------------------------------------------------------------------- /modules/cluster/tkg/azure/mgmt/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | local = { 4 | source = "hashicorp/local" 5 | } 6 | null = { 7 | source = "hashicorp/null" 8 | } 9 | random = { 10 | source = "hashicorp/random" 11 | } 12 | template = { 13 | source = "hashicorp/template" 14 | } 15 | } 16 | required_version = ">= 0.14" 17 | } 18 | -------------------------------------------------------------------------------- /modules/cluster/tkg/azure/workload/outputs.tf: -------------------------------------------------------------------------------- 1 | output "kubeconfig_contents" { 2 | value = file(pathexpand("~/.kube/config")) 3 | } -------------------------------------------------------------------------------- /modules/cluster/tkg/azure/workload/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | local = { 4 | source = "hashicorp/local" 5 | } 6 | null = { 7 | source = "hashicorp/null" 8 | } 9 | random = { 10 | source = "hashicorp/random" 11 | } 12 | template = { 13 | source = "hashicorp/template" 14 | } 15 | } 16 | required_version = ">= 0.14" 17 | } 18 | -------------------------------------------------------------------------------- /modules/concourse/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | concourse_domain = "concourse.${var.domain}" 3 | } -------------------------------------------------------------------------------- /modules/concourse/outputs.tf: -------------------------------------------------------------------------------- 1 | output "concourse_domain" { 2 | value = local.concourse_domain 3 | } 4 | 5 | output "concourse_username" { 6 | value = var.concourse_username 7 | sensitive = true 8 | } 9 | 10 | output "concourse_password" { 11 | value = random_password.concourse_password.result 12 | sensitive = true 13 | } 14 | -------------------------------------------------------------------------------- /modules/concourse/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | provider "k14s" { 12 | kapp { 13 | kubeconfig_yaml = file(var.kubeconfig_path) 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /modules/concourse/templates/cert.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: concourse-cert 5 | namespace: ${namespace} 6 | spec: 7 | dnsNames: 8 | - '${concourse_domain}' 9 | issuerRef: 10 | kind: ClusterIssuer 11 | name: letsencrypt-prod 12 | secretName: concourse-web-tls -------------------------------------------------------------------------------- /modules/concourse/vars.tf: -------------------------------------------------------------------------------- 1 | variable "domain" {} 2 | 3 | variable "ingress" { 4 | description = "Used to specify which Ingress controller should serve a particular Ingress object. Choices are: [ contour, nginx ]." 5 | } 6 | 7 | variable "concourse_username" { 8 | default = "admin" 9 | sensitive = true 10 | } 11 | 12 | variable "kubeconfig_path" {} 13 | -------------------------------------------------------------------------------- /modules/concourse/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | random = { 14 | source = "hashicorp/random" 15 | } 16 | template = { 17 | source = "hashicorp/template" 18 | } 19 | } 20 | required_version = ">= 0.14" 21 | } 22 | -------------------------------------------------------------------------------- /modules/contour/main.tf: -------------------------------------------------------------------------------- 1 | data "http" "contour_operator" { 2 | url = "https://raw.githubusercontent.com/projectcontour/contour-operator/release-1.19/examples/operator/operator.yaml" 3 | } 4 | 5 | data "http" "contour" { 6 | url = "https://raw.githubusercontent.com/projectcontour/contour-operator/release-1.19/examples/contour/contour.yaml" 7 | } 8 | 9 | resource "k14s_kapp" "contour_operator" { 10 | app = "contour-operator" 11 | 12 | namespace = "default" 13 | 14 | config_yaml = data.http.contour_operator.body 15 | } 16 | 17 | resource "k14s_kapp" "contour" { 18 | app = "contour" 19 | 20 | namespace = "default" 21 | 22 | config_yaml = data.http.contour.body 23 | 24 | depends_on = [ 25 | k14s_kapp.contour_operator 26 | ] 27 | } 28 | -------------------------------------------------------------------------------- /modules/contour/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "k14s" { 6 | kapp { 7 | kubeconfig_yaml = file(var.kubeconfig_path) 8 | } 9 | } 10 | 11 | -------------------------------------------------------------------------------- /modules/contour/vars.tf: -------------------------------------------------------------------------------- 1 | variable "kubeconfig_path" { 2 | description = "The path to your .kube/config" 3 | default = "~/.kube/config" 4 | } 5 | -------------------------------------------------------------------------------- /modules/contour/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | http = { 4 | source = "hashicorp/http" 5 | } 6 | kubernetes = { 7 | source = "hashicorp/kubernetes" 8 | } 9 | k14s = { 10 | source = "hashicorp/k14s" 11 | } 12 | } 13 | required_version = ">= 0.14" 14 | } 15 | -------------------------------------------------------------------------------- /modules/database/gcp/generate-certs/output.tf: -------------------------------------------------------------------------------- 1 | output "ssl_key" { 2 | value = local_file.key_file.filename 3 | } 4 | 5 | output "ssl_cert" { 6 | value = local_file.cert_file.filename 7 | } 8 | 9 | output "ssl_ca" { 10 | value = local_file.ca_cert_file.filename 11 | } 12 | -------------------------------------------------------------------------------- /modules/database/gcp/generate-certs/providers.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | version = ">=3.21.0" 3 | credentials = file(var.service_account_credentials) 4 | project = var.project 5 | region = var.region 6 | } 7 | -------------------------------------------------------------------------------- /modules/database/gcp/generate-certs/vars.tf: -------------------------------------------------------------------------------- 1 | variable "project" { 2 | description = "The project ID to manage the Cloud SQL resources" 3 | } 4 | 5 | variable "region" { 6 | description = "The region of the Cloud SQL resources" 7 | default = "us-west1" 8 | } 9 | 10 | variable "instance_name" { 11 | description = "The name of an existing Cloud SQL database instance" 12 | } 13 | 14 | variable "service_account_credentials" { 15 | description = "Path to service account credentials file in JSON format" 16 | } 17 | -------------------------------------------------------------------------------- /modules/database/gcp/generate-certs/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | google = { 4 | source = "hashicorp/google" 5 | } 6 | local = { 7 | source = "hashicorp/local" 8 | } 9 | } 10 | required_version = ">= 0.14" 11 | } 12 | -------------------------------------------------------------------------------- /modules/database/gcp/mysql/output.tf: -------------------------------------------------------------------------------- 1 | output "db_password" { 2 | value = module.cloudsql_mysql.generated_user_password 3 | } 4 | 5 | output "db_instance_name" { 6 | value = module.cloudsql_mysql.instance_name 7 | } 8 | 9 | output "db_instance_connection_name" { 10 | value = module.cloudsql_mysql.instance_connection_name 11 | } 12 | 13 | output "db_public_ip_address" { 14 | value = module.cloudsql_mysql.public_ip_address 15 | } 16 | 17 | output "db_instance_server_ca_cert" { 18 | value = module.cloudsql_mysql.instance_server_ca_cert 19 | } 20 | 21 | output "db_instance_service_account_email_address" { 22 | value = module.cloudsql_mysql.instance_service_account_email_address 23 | } 24 | -------------------------------------------------------------------------------- /modules/database/gcp/mysql/providers.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = file(var.service_account_credentials) 3 | project = var.project 4 | region = var.region 5 | } 6 | 7 | provider "google-beta" { 8 | credentials = file(var.service_account_credentials) 9 | project = var.project 10 | region = var.region 11 | } 12 | -------------------------------------------------------------------------------- /modules/database/gcp/mysql/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | google = { 4 | source = "hashicorp/google" 5 | version = ">=3.21.0" 6 | } 7 | google-beta = { 8 | source = "hashicorp/google-beta" 9 | version = ">=3.21.0" 10 | } 11 | random = { 12 | source = "hashicorp/random" 13 | } 14 | } 15 | required_version = ">= 0.14" 16 | } 17 | -------------------------------------------------------------------------------- /modules/database/gcp/postgres/output.tf: -------------------------------------------------------------------------------- 1 | output "db_password" { 2 | value = module.cloudsql_postgres.generated_user_password 3 | } 4 | 5 | output "db_instance_name" { 6 | value = module.cloudsql_postgres.instance_name 7 | } 8 | 9 | output "db_instance_connection_name" { 10 | value = module.cloudsql_postgres.instance_connection_name 11 | } 12 | 13 | output "db_public_ip_address" { 14 | value = module.cloudsql_postgres.public_ip_address 15 | } 16 | 17 | output "db_instance_server_ca_cert" { 18 | value = module.cloudsql_postgres.instance_server_ca_cert 19 | } 20 | 21 | output "db_instance_service_account_email_address" { 22 | value = module.cloudsql_postgres.instance_service_account_email_address 23 | } -------------------------------------------------------------------------------- /modules/database/gcp/postgres/providers.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = file(var.service_account_credentials) 3 | project = var.project 4 | region = var.region 5 | } 6 | 7 | provider "google-beta" { 8 | credentials = file(var.service_account_credentials) 9 | project = var.project 10 | region = var.region 11 | } 12 | -------------------------------------------------------------------------------- /modules/database/gcp/postgres/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | google = { 4 | source = "hashicorp/google" 5 | version = ">=3.21.0" 6 | } 7 | google-beta = { 8 | source = "hashicorp/google-beta" 9 | version = ">=3.21.0" 10 | } 11 | random = { 12 | source = "hashicorp/random" 13 | } 14 | } 15 | required_version = ">= 0.14" 16 | } 17 | -------------------------------------------------------------------------------- /modules/dns/amazon/main.tf: -------------------------------------------------------------------------------- 1 | data "aws_route53_zone" "selected" { 2 | zone_id = var.base_hosted_zone_id 3 | } 4 | 5 | resource "aws_route53_zone" "zone" { 6 | name = "${var.domain_prefix}.${data.aws_route53_zone.selected.name}" 7 | force_destroy = true 8 | } 9 | 10 | resource "aws_route53_record" "ns" { 11 | zone_id = data.aws_route53_zone.selected.zone_id 12 | name = aws_route53_zone.zone.name 13 | type = "NS" 14 | ttl = "30" 15 | 16 | records = aws_route53_zone.zone.name_servers 17 | } -------------------------------------------------------------------------------- /modules/dns/amazon/outputs.tf: -------------------------------------------------------------------------------- 1 | output "base_domain" { 2 | value = trim(aws_route53_zone.zone.name, ".") 3 | } 4 | 5 | output "hosted_zone_id" { 6 | value = aws_route53_zone.zone.id 7 | } -------------------------------------------------------------------------------- /modules/dns/amazon/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } 4 | -------------------------------------------------------------------------------- /modules/dns/amazon/vars.tf: -------------------------------------------------------------------------------- 1 | variable "base_hosted_zone_id" {} 2 | 3 | variable "domain_prefix" {} 4 | 5 | variable "region" {} 6 | -------------------------------------------------------------------------------- /modules/dns/amazon/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = ">= 3.9.0" 6 | } 7 | } 8 | required_version = ">= 0.14" 9 | } 10 | -------------------------------------------------------------------------------- /modules/dns/azure/main.tf: -------------------------------------------------------------------------------- 1 | resource "azurerm_dns_zone" "zone" { 2 | name = "${var.domain_prefix}.${var.base_domain}" 3 | tags = { 4 | description = "Azure DNS managed zone for ${var.domain_prefix}.${var.base_domain}" 5 | } 6 | resource_group_name = var.resource_group_name 7 | } 8 | 9 | resource "azurerm_dns_ns_record" "ns_record" { 10 | name = var.domain_prefix 11 | zone_name = var.base_domain 12 | records = azurerm_dns_zone.zone.name_servers 13 | resource_group_name = var.resource_group_name 14 | ttl = 30 15 | } 16 | -------------------------------------------------------------------------------- /modules/dns/azure/outputs.tf: -------------------------------------------------------------------------------- 1 | output "zone_subdomain" { 2 | value = azurerm_dns_zone.zone.name 3 | } 4 | -------------------------------------------------------------------------------- /modules/dns/azure/providers.tf: -------------------------------------------------------------------------------- 1 | provider "azurerm" { 2 | client_id = var.az_client_id 3 | client_secret = var.az_client_secret 4 | subscription_id = var.az_subscription_id 5 | tenant_id = var.az_tenant_id 6 | features {} 7 | } 8 | -------------------------------------------------------------------------------- /modules/dns/azure/vars.tf: -------------------------------------------------------------------------------- 1 | variable "base_domain" {} 2 | 3 | variable "domain_prefix" {} 4 | 5 | variable "resource_group_name" {} 6 | 7 | variable "az_client_id" { 8 | sensitive = true 9 | } 10 | 11 | variable "az_client_secret" { 12 | sensitive = true 13 | } 14 | 15 | variable "az_subscription_id" { 16 | sensitive = true 17 | } 18 | 19 | variable "az_tenant_id" { 20 | sensitive = true 21 | } 22 | -------------------------------------------------------------------------------- /modules/dns/azure/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | version = ">=2.0.0" 6 | } 7 | } 8 | required_version = ">= 0.14" 9 | } 10 | -------------------------------------------------------------------------------- /modules/dns/gcp/main.tf: -------------------------------------------------------------------------------- 1 | data "google_dns_managed_zone" "root_zone" { 2 | name = var.root_zone_name 3 | } 4 | 5 | resource "google_dns_managed_zone" "zone" { 6 | name = "${var.environment_name}-zone" 7 | dns_name = "${var.dns_prefix}.${data.google_dns_managed_zone.root_zone.dns_name}" 8 | description = "Google DNS managed zone for ${var.dns_prefix}.${data.google_dns_managed_zone.root_zone.dns_name}" 9 | force_destroy = true 10 | } 11 | 12 | resource "google_dns_record_set" "ns_record" { 13 | managed_zone = data.google_dns_managed_zone.root_zone.name 14 | name = "${var.dns_prefix}.${data.google_dns_managed_zone.root_zone.dns_name}" 15 | rrdatas = google_dns_managed_zone.zone.name_servers 16 | 17 | ttl = 30 18 | type = "NS" 19 | } 20 | -------------------------------------------------------------------------------- /modules/dns/gcp/outputs.tf: -------------------------------------------------------------------------------- 1 | output "zone_name" { 2 | value = google_dns_managed_zone.zone.name 3 | } 4 | 5 | output "zone_subdomain" { 6 | value = trim(google_dns_managed_zone.zone.dns_name, ".") 7 | } 8 | -------------------------------------------------------------------------------- /modules/dns/gcp/providers.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = file(var.gcp_service_account_credentials) 3 | project = var.project 4 | } 5 | -------------------------------------------------------------------------------- /modules/dns/gcp/vars.tf: -------------------------------------------------------------------------------- 1 | variable "project" { 2 | sensitive = true 3 | } 4 | 5 | variable "gcp_service_account_credentials" { 6 | description = "Path to service account credentials file in JSON format" 7 | type = string 8 | } 9 | 10 | variable "root_zone_name" {} 11 | 12 | variable "environment_name" {} 13 | 14 | variable "dns_prefix" {} -------------------------------------------------------------------------------- /modules/dns/gcp/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | google = { 4 | source = "hashicorp/google" 5 | version = ">=3.21.0" 6 | } 7 | } 8 | required_version = ">= 0.14" 9 | } 10 | -------------------------------------------------------------------------------- /modules/dns/infoblox/main.tf: -------------------------------------------------------------------------------- 1 | resource "infoblox_ip_allocation" "get_ip"{ 2 | vm_name = var.infoblox_vmname 3 | cidr = var.infoblox_cidr 4 | tenant_id = var.infoblox_tenant_id 5 | } 6 | 7 | resource "infoblox_a_record" "add_dns"{ 8 | ip_addr = infoblox_ip_allocation.get_ip.ip_addr 9 | vm_name = var.infoblox_vmname 10 | zone= var.infoblox_dns_zone 11 | tenant_id = var.infoblox_tenant_id 12 | cidr = var.infoblox_cidr 13 | } -------------------------------------------------------------------------------- /modules/dns/infoblox/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ip" { 2 | value = infoblox_a_record.add_dns.ip_addr 3 | } 4 | 5 | output "hostname" { 6 | value = "${infoblox_a_record.add_dns.vm_name}.${infoblox_a_record.add_dns.zone}" 7 | } 8 | -------------------------------------------------------------------------------- /modules/dns/infoblox/providers.tf: -------------------------------------------------------------------------------- 1 | provider "infoblox"{ 2 | username = var.infoblox_user 3 | password = var.infoblox_password 4 | server = var.infoblox_server 5 | } 6 | -------------------------------------------------------------------------------- /modules/dns/infoblox/vars.tf: -------------------------------------------------------------------------------- 1 | variable "infoblox_cidr" { 2 | description = "CIDR to use when allocating IP address space" 3 | } 4 | 5 | variable "infoblox_dns_zone" { 6 | description = "DNS zone" 7 | } 8 | 9 | variable "infoblox_password" { 10 | description = "Infoblox account password" 11 | sensitive = true 12 | } 13 | 14 | variable "infoblox_server" { 15 | description = "Hostname or IP address of Infoblox server" 16 | } 17 | 18 | variable "infoblox_tenant_id" { 19 | description = "Infoblox tenant id" 20 | sensitive = true 21 | } 22 | 23 | variable "infoblox_user" { 24 | description = "Infoblox account username" 25 | sensitive = true 26 | } 27 | 28 | variable "infoblox_vmname" { 29 | description = "The name to use for the DNS hostname and IP allocation" 30 | } -------------------------------------------------------------------------------- /modules/dns/infoblox/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | infoblox = { 4 | source = "terraform-providers/infoblox" 5 | version = ">=1.0" 6 | } 7 | } 8 | required_version = ">= 0.14" 9 | } 10 | -------------------------------------------------------------------------------- /modules/elasticsearch/main.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "elasticsearch" { 2 | create_namespace = true 3 | 4 | name = "elasticsearch" 5 | namespace = var.namespace 6 | repository = "https://Helm.elastic.co" 7 | chart = "elasticsearch" 8 | version = "7.10.1" 9 | 10 | # Warning this combination of settings could consume quite a bit of memory 11 | set { 12 | name = "master.persistence.enabled" 13 | value = false 14 | } 15 | 16 | set { 17 | name = "data.persistence.enabled" 18 | value = false 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /modules/elasticsearch/providers.tf: -------------------------------------------------------------------------------- 1 | provider "helm" { 2 | kubernetes { 3 | config_path = var.kubeconfig_path 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /modules/elasticsearch/vars.tf: -------------------------------------------------------------------------------- 1 | variable "namespace" {} 2 | 3 | variable "kubeconfig_path" {} 4 | -------------------------------------------------------------------------------- /modules/elasticsearch/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | } 8 | required_version = ">= 0.14" 9 | } 10 | -------------------------------------------------------------------------------- /modules/external-dns/amazon/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | 12 | -------------------------------------------------------------------------------- /modules/external-dns/amazon/vars.tf: -------------------------------------------------------------------------------- 1 | variable "aws_access_key" { 2 | sensitive = true 3 | } 4 | 5 | variable "aws_secret_key" { 6 | sensitive = true 7 | } 8 | 9 | variable "region" {} 10 | 11 | variable "domain_filter" {} 12 | 13 | variable "kubeconfig_path" {} 14 | -------------------------------------------------------------------------------- /modules/external-dns/amazon/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | kubernetes = { 8 | source = "hashicorp/kubernetes" 9 | } 10 | } 11 | required_version = ">= 0.14" 12 | } 13 | -------------------------------------------------------------------------------- /modules/external-dns/azure/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | -------------------------------------------------------------------------------- /modules/external-dns/azure/vars.tf: -------------------------------------------------------------------------------- 1 | variable "resource_group_name" {} 2 | 3 | variable "az_client_id" { 4 | sensitive = true 5 | } 6 | 7 | variable "az_client_secret" { 8 | sensitive = true 9 | } 10 | 11 | variable "az_subscription_id" { 12 | sensitive = true 13 | } 14 | 15 | variable "az_tenant_id" { 16 | sensitive = true 17 | } 18 | 19 | variable "domain_filter" {} 20 | 21 | variable "kubeconfig_path" {} 22 | -------------------------------------------------------------------------------- /modules/external-dns/azure/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | kubernetes = { 8 | source = "hashicorp/kubernetes" 9 | } 10 | } 11 | required_version = ">= 0.14" 12 | } 13 | -------------------------------------------------------------------------------- /modules/external-dns/gcp/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /modules/external-dns/gcp/vars.tf: -------------------------------------------------------------------------------- 1 | variable "gcp_project" { 2 | sensitive = true 3 | } 4 | 5 | variable "gcp_service_account_credentials" {} 6 | 7 | variable "domain_filter" {} 8 | 9 | variable "kubeconfig_path" {} 10 | -------------------------------------------------------------------------------- /modules/external-dns/gcp/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | kubernetes = { 8 | source = "hashicorp/kubernetes" 9 | } 10 | } 11 | required_version = ">= 0.14" 12 | } 13 | -------------------------------------------------------------------------------- /modules/flagger/main.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "flagger" { 2 | 3 | name = "flagger" 4 | namespace = "projectcontour" 5 | repository = "https://flagger.app" 6 | chart = "flagger" 7 | version = "1.14.0" 8 | 9 | set { 10 | name = "meshProvider" 11 | value = "contour" 12 | } 13 | 14 | set { 15 | name = "ingressClass" 16 | value = "contour" 17 | } 18 | 19 | set { 20 | name = "prometheus.install" 21 | value = "true" 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /modules/flagger/providers.tf: -------------------------------------------------------------------------------- 1 | provider "helm" { 2 | kubernetes { 3 | config_path = var.kubeconfig_path 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /modules/flagger/vars.tf: -------------------------------------------------------------------------------- 1 | variable "kubeconfig_path" {} -------------------------------------------------------------------------------- /modules/flagger/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | } 8 | required_version = ">= 0.14" 9 | } 10 | -------------------------------------------------------------------------------- /modules/fluentbit/main.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "fluentbit" { 2 | create_namespace = true 3 | 4 | name = "fluent-bit" 5 | namespace = var.namespace 6 | repository = "https://fluent.github.io/helm-charts" 7 | chart = "fluent-bit" 8 | version = "0.19.1" 9 | 10 | } 11 | -------------------------------------------------------------------------------- /modules/fluentbit/providers.tf: -------------------------------------------------------------------------------- 1 | provider "helm" { 2 | kubernetes { 3 | config_path = var.kubeconfig_path 4 | } 5 | } 6 | 7 | -------------------------------------------------------------------------------- /modules/fluentbit/vars.tf: -------------------------------------------------------------------------------- 1 | variable "namespace" {} 2 | 3 | variable "kubeconfig_path" {} 4 | -------------------------------------------------------------------------------- /modules/fluentbit/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | } 8 | required_version = ">= 0.14" 9 | } 10 | -------------------------------------------------------------------------------- /modules/generate-kubeconfig/main.tf: -------------------------------------------------------------------------------- 1 | data "template_file" "kubeconfig" { 2 | template = file("${path.module}/templates/kubeconfig.tpl") 3 | vars = { 4 | username = var.username 5 | cluster_name = var.cluster_name 6 | context_name = var.context_name 7 | server = var.endpoint 8 | ca_cert = var.certificate_ca 9 | token = var.token 10 | } 11 | } 12 | 13 | resource "local_file" "kubeconfig" { 14 | content = data.template_file.kubeconfig.rendered 15 | filename = pathexpand("${var.directory}/${var.filename}") 16 | } -------------------------------------------------------------------------------- /modules/generate-kubeconfig/outputs.tf: -------------------------------------------------------------------------------- 1 | output "content" { 2 | value = data.template_file.kubeconfig.rendered 3 | } 4 | 5 | output "path_to_kubeconfig" { 6 | value = local_file.kubeconfig.filename 7 | } -------------------------------------------------------------------------------- /modules/generate-kubeconfig/templates/kubeconfig.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Config 3 | users: 4 | - name: ${username} 5 | user: 6 | token: ${token} 7 | clusters: 8 | - cluster: 9 | certificate-authority-data: ${ca_cert} 10 | server: ${server} 11 | name: ${cluster_name} 12 | contexts: 13 | - context: 14 | cluster: ${cluster_name} 15 | user: ${username} 16 | name: ${context_name} 17 | current-context: ${cluster_name} -------------------------------------------------------------------------------- /modules/generate-kubeconfig/vars.tf: -------------------------------------------------------------------------------- 1 | variable "directory" {} 2 | 3 | variable "filename" {} 4 | 5 | variable "endpoint" {} 6 | 7 | variable "token" {} 8 | 9 | variable "certificate_ca" { 10 | sensitive = true 11 | } 12 | 13 | variable "username" { 14 | sensitive = true 15 | } 16 | 17 | variable "cluster_name" {} 18 | 19 | variable "context_name" {} 20 | -------------------------------------------------------------------------------- /modules/generate-kubeconfig/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | local = { 4 | source = "hashicorp/local" 5 | } 6 | template = { 7 | source = "hashicorp/template" 8 | } 9 | } 10 | required_version = ">= 0.14" 11 | } 12 | -------------------------------------------------------------------------------- /modules/git/gitea/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | gitea_domain = "git.${var.domain}" 3 | } -------------------------------------------------------------------------------- /modules/git/gitea/outputs.tf: -------------------------------------------------------------------------------- 1 | output "gitea_domain" { 2 | value = local.gitea_domain 3 | } 4 | 5 | output "gitea_inpod_postgres_secret" { 6 | value = random_password.inpod_postgres_secret.result 7 | } -------------------------------------------------------------------------------- /modules/git/gitea/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | provider "k14s" { 12 | kapp { 13 | kubeconfig_yaml = file(var.kubeconfig_path) 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /modules/git/gitea/templates/cert.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: gitea-cert 5 | namespace: ${namespace} 6 | spec: 7 | dnsNames: 8 | - '${gitea_domain}' 9 | issuerRef: 10 | kind: ClusterIssuer 11 | name: letsencrypt-prod 12 | secretName: gitea-tls-secret -------------------------------------------------------------------------------- /modules/git/gitea/vars.tf: -------------------------------------------------------------------------------- 1 | variable "domain" {} 2 | 3 | variable "ingress" { 4 | description = "Used to specify which Ingress controller should serve a particular Ingress object." 5 | default = "nginx" 6 | } 7 | 8 | variable "persistence_enabled" { 9 | description = "Create PVCs to store gitea and postgres data?" 10 | default = false 11 | } 12 | 13 | variable "persistence_storageclass" { 14 | description = "NStorageClass to use for dynamic provision if not 'default'" 15 | default = "" 16 | } 17 | 18 | variable "kubeconfig_path" {} -------------------------------------------------------------------------------- /modules/git/gitea/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | random = { 14 | source = "hashicorp/random" 15 | } 16 | template = { 17 | source = "hashicorp/template" 18 | } 19 | } 20 | required_version = ">= 0.14" 21 | } 22 | -------------------------------------------------------------------------------- /modules/jenkins/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | provider "k14s" { 12 | kapp { 13 | kubeconfig_yaml = file(var.kubeconfig_path) 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /modules/jenkins/vars.tf: -------------------------------------------------------------------------------- 1 | variable "kubeconfig_path" {} 2 | 3 | variable "jenkins_instance_name" {} 4 | 5 | variable "jenkins_namespace" {} 6 | 7 | variable "jenkins_k8s_operator_commit_hash" {} 8 | 9 | variable "path_to_jenkins_instance_config" {} -------------------------------------------------------------------------------- /modules/jenkins/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | template = { 14 | source = "hashicorp/template" 15 | } 16 | } 17 | required_version = ">= 0.14" 18 | } 19 | -------------------------------------------------------------------------------- /modules/kibana/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | kibana_domain = "kibana.${var.domain}" 3 | } -------------------------------------------------------------------------------- /modules/kibana/outputs.tf: -------------------------------------------------------------------------------- 1 | output "kibana_domain" { 2 | value = local.kibana_domain 3 | } -------------------------------------------------------------------------------- /modules/kibana/providers.tf: -------------------------------------------------------------------------------- 1 | provider "helm" { 2 | kubernetes { 3 | config_path = var.kubeconfig_path 4 | } 5 | } 6 | 7 | provider "k14s" { 8 | kapp { 9 | kubeconfig_yaml = file(var.kubeconfig_path) 10 | } 11 | } 12 | 13 | -------------------------------------------------------------------------------- /modules/kibana/templates/cert.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: kibana-cert 5 | namespace: ${namespace} 6 | spec: 7 | dnsNames: 8 | - '${kibana_domain}' 9 | issuerRef: 10 | kind: ClusterIssuer 11 | name: letsencrypt-prod 12 | secretName: kibana-tls-secret -------------------------------------------------------------------------------- /modules/kibana/templates/contour/values.tpl: -------------------------------------------------------------------------------- 1 | ingress: 2 | enabled: true 3 | annotations: 4 | kubernetes.io/ingress.class: "contour" 5 | ingress.kubernetes.io/force-ssl-redirect: "true" 6 | kubernetes.io/ingress.allow-http: "false" 7 | kubernetes.io/tls-acme: "true" 8 | path: / 9 | hosts: 10 | - ${kibana_domain} 11 | tls: 12 | - secretName: kibana-tls-secret 13 | hosts: 14 | - ${kibana_domain} 15 | -------------------------------------------------------------------------------- /modules/kibana/templates/nginx/values.tpl: -------------------------------------------------------------------------------- 1 | ingress: 2 | enabled: true 3 | annotations: 4 | kubernetes.io/ingress.class: nginx 5 | kubernetes.io/tls-acme: "true" 6 | path: / 7 | hosts: 8 | - ${kibana_domain} 9 | tls: 10 | - secretName: kibana-tls-secret 11 | hosts: 12 | - ${kibana_domain} 13 | -------------------------------------------------------------------------------- /modules/kibana/vars.tf: -------------------------------------------------------------------------------- 1 | variable "domain" {} 2 | 3 | variable "namespace" {} 4 | 5 | variable "ingress" { 6 | description = "Used to specify which Ingress controller should serve a particular Ingress object. Choices are: [ contour, nginx ]." 7 | } 8 | 9 | variable "kubeconfig_path" {} 10 | -------------------------------------------------------------------------------- /modules/kibana/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | template = { 11 | source = "hashicorp/template" 12 | } 13 | } 14 | required_version = ">= 0.14" 15 | } 16 | -------------------------------------------------------------------------------- /modules/kubeapps/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | kubeapps_domain = "catalog.${var.domain}" 3 | } -------------------------------------------------------------------------------- /modules/kubeapps/main.tf: -------------------------------------------------------------------------------- 1 | resource "kubernetes_namespace" "kubeapps" { 2 | metadata { 3 | name = "kubeapps" 4 | } 5 | } 6 | 7 | data "template_file" "kubeapps_config" { 8 | template = file("${path.module}/templates/${var.ingress}/values.tpl") 9 | 10 | vars = { 11 | kubeapps_domain = local.kubeapps_domain 12 | } 13 | } 14 | 15 | resource "helm_release" "kubeapps" { 16 | 17 | name = "kubeapps" 18 | namespace = kubernetes_namespace.kubeapps.metadata[0].name 19 | repository = "https://charts.bitnami.com/bitnami" 20 | chart = "kubeapps" 21 | version = "7.5.7" 22 | 23 | values = [data.template_file.kubeapps_config.rendered] 24 | } 25 | -------------------------------------------------------------------------------- /modules/kubeapps/outputs.tf: -------------------------------------------------------------------------------- 1 | output "kubeapps_domain" { 2 | value = local.kubeapps_domain 3 | } -------------------------------------------------------------------------------- /modules/kubeapps/providers.tf: -------------------------------------------------------------------------------- 1 | provider "helm" { 2 | kubernetes { 3 | config_path = var.kubeconfig_path 4 | } 5 | } 6 | 7 | provider "k14s" { 8 | kapp { 9 | kubeconfig_yaml = file(var.kubeconfig_path) 10 | } 11 | } 12 | 13 | -------------------------------------------------------------------------------- /modules/kubeapps/templates/contour/values.tpl: -------------------------------------------------------------------------------- 1 | useHelm3: true 2 | 3 | ingress: 4 | enabled: true 5 | certManager: true 6 | hostname: ${kubeapps_domain} 7 | tls: true 8 | annotations: 9 | kubernetes.io/ingress.class: "contour" 10 | ingress.kubernetes.io/force-ssl-redirect: "true" 11 | kubernetes.io/ingress.allow-http: "false" 12 | kubernetes.io/tls-acme: "true" 13 | 14 | secrets: 15 | - name: kubeapps-tls-secret 16 | -------------------------------------------------------------------------------- /modules/kubeapps/templates/nginx/values.tpl: -------------------------------------------------------------------------------- 1 | useHelm3: true 2 | 3 | ingress: 4 | enabled: true 5 | certManager: true 6 | hostname: ${kubeapps_domain} 7 | tls: true 8 | annotations: 9 | kubernetes.io/ingress.class: nginx 10 | kubernetes.io/tls-acme: "true" 11 | 12 | secrets: 13 | - name: kubeapps-tls-secret 14 | -------------------------------------------------------------------------------- /modules/kubeapps/vars.tf: -------------------------------------------------------------------------------- 1 | variable "domain" {} 2 | 3 | variable "ingress" { 4 | description = "Used to specify which Ingress controller should serve a particular Ingress object. Choices are: [ contour, nginx ]." 5 | } 6 | 7 | variable "kubeconfig_path" {} 8 | -------------------------------------------------------------------------------- /modules/kubeapps/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | template = { 14 | source = "hashicorp/template" 15 | } 16 | } 17 | required_version = ">= 0.14" 18 | } 19 | -------------------------------------------------------------------------------- /modules/kubeturbo/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | provider "k14s" { 12 | kapp { 13 | kubeconfig_yaml = file(var.kubeconfig_path) 14 | } 15 | } 16 | 17 | -------------------------------------------------------------------------------- /modules/kubeturbo/vars.tf: -------------------------------------------------------------------------------- 1 | 2 | variable "kubeturbo_operator_commit_hash" {} 3 | 4 | variable "turbo_username" { 5 | sensitive = true 6 | } 7 | variable "turbo_password" { 8 | sensitive = true 9 | } 10 | 11 | variable "turbo_server_url" {} 12 | 13 | variable "turbo_server_version" {} 14 | 15 | variable "k8s_cluster_name" {} 16 | 17 | variable "kubeconfig_path" { 18 | description = "The path to your .kube/config" 19 | type = string 20 | default = "~/.kube/config" 21 | } -------------------------------------------------------------------------------- /modules/kubeturbo/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | template = { 14 | source = "hashicorp/template" 15 | } 16 | } 17 | required_version = ">= 0.14" 18 | } 19 | -------------------------------------------------------------------------------- /modules/logsink/main.tf: -------------------------------------------------------------------------------- 1 | resource "kubernetes_namespace" "tkgi_logsink" { 2 | metadata { 3 | name = "tkgi-logsink" 4 | } 5 | } 6 | 7 | data "template_file" "tkgi_logsink_install" { 8 | template = file("${path.module}/templates/cluster-log-sink.tpl") 9 | 10 | vars = { 11 | name = var.tkgi_cluster_name 12 | hostname = var.sink_hostname 13 | portl = var.sink_port 14 | insecure_skip_verify = var.sink_insecure_skip_verify 15 | } 16 | } 17 | 18 | resource "k14s_kapp" "tkgi_logsink_install" { 19 | app = "tkgi-logsink" 20 | namespace = kubernetes_namespace.tkgi_logsink.metadata[0].name 21 | 22 | config_yaml = data.template_file.tkgi_logsink_install.rendered 23 | } -------------------------------------------------------------------------------- /modules/logsink/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | provider "k14s" { 12 | kapp { 13 | kubeconfig_yaml = file(var.kubeconfig_path) 14 | } 15 | } 16 | 17 | -------------------------------------------------------------------------------- /modules/logsink/templates/cluster-log-sink.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: pksapi.io/v1beta1 2 | kind: ClusterLogSink 3 | metadata: 4 | name: ${name} 5 | spec: 6 | type: syslog 7 | host: ${host} 8 | port: ${port} 9 | enable_tls: true 10 | insecure_skip_verify: ${insecure_skip_verify} -------------------------------------------------------------------------------- /modules/logsink/vars.tf: -------------------------------------------------------------------------------- 1 | 2 | variable "tkgi_cluster_name" {} 3 | 4 | variable "sink_hostname" {} 5 | 6 | variable "sink_port" { 7 | default = 443 8 | } 9 | 10 | variable "sink_insecure_skip_verify" { 11 | default = true 12 | } 13 | 14 | variable "kubeconfig_path" { 15 | description = "The path to your .kube/config" 16 | type = string 17 | default = "~/.kube/config" 18 | } -------------------------------------------------------------------------------- /modules/logsink/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | template = { 14 | source = "hashicorp/template" 15 | } 16 | } 17 | required_version = ">= 0.14" 18 | } 19 | -------------------------------------------------------------------------------- /modules/loki-stack/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | grafana_domain = "grafana.${var.domain}" 3 | } -------------------------------------------------------------------------------- /modules/loki-stack/outputs.tf: -------------------------------------------------------------------------------- 1 | output "grafana_username" { 2 | value = "admin" 3 | } 4 | 5 | output "grafana_password" { 6 | value = random_password.admin_password.result 7 | } 8 | 9 | output "grafana_domain" { 10 | value = local.grafana_domain 11 | } -------------------------------------------------------------------------------- /modules/loki-stack/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | provider "k14s" { 12 | kapp { 13 | kubeconfig_yaml = file(var.kubeconfig_path) 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /modules/loki-stack/templates/cert.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: grafana-cert 5 | namespace: ${namespace} 6 | spec: 7 | dnsNames: 8 | - '${grafana_domain}' 9 | issuerRef: 10 | kind: ClusterIssuer 11 | name: letsencrypt-prod 12 | secretName: grafana-tls-secret -------------------------------------------------------------------------------- /modules/loki-stack/templates/contour/values.tpl: -------------------------------------------------------------------------------- 1 | admin: 2 | password: ${admin_password} 3 | ingress: 4 | enabled: true 5 | annotations: 6 | kubernetes.io/ingress.class: "contour" 7 | ingress.kubernetes.io/force-ssl-redirect: "true" 8 | kubernetes.io/ingress.allow-http: "false" 9 | kubernetes.io/tls-acme: "true" 10 | hosts: 11 | - name: ${grafana_domain} 12 | tls: true 13 | tlsSecret: grafana-tls-secret 14 | -------------------------------------------------------------------------------- /modules/loki-stack/templates/nginx/values.tpl: -------------------------------------------------------------------------------- 1 | admin: 2 | password: ${admin_password} 3 | ingress: 4 | enabled: true 5 | annotations: 6 | kubernetes.io/ingress.class: nginx 7 | ingress.kubernetes.io/force-ssl-redirect: "true" 8 | kubernetes.io/ingress.allow-http: "false" 9 | kubernetes.io/tls-acme: "true" 10 | hosts: 11 | - name: ${grafana_domain} 12 | tls: true 13 | tlsSecret: grafana-tls-secret 14 | -------------------------------------------------------------------------------- /modules/loki-stack/vars.tf: -------------------------------------------------------------------------------- 1 | variable "domain" {} 2 | 3 | variable "ingress" { 4 | description = "Used to specify which Ingress controller should serve a particular Ingress object. Choices are: [ contour, nginx ]." 5 | } 6 | 7 | variable "kubeconfig_path" {} -------------------------------------------------------------------------------- /modules/loki-stack/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | random = { 14 | source = "hashicorp/random" 15 | } 16 | template = { 17 | source = "hashicorp/template" 18 | } 19 | } 20 | required_version = ">= 0.14" 21 | } 22 | -------------------------------------------------------------------------------- /modules/metricbeat/main.tf: -------------------------------------------------------------------------------- 1 | resource "helm_release" "metricbeat" { 2 | create_namespace = true 3 | 4 | name = "metricbeat" 5 | namespace = var.namespace 6 | repository = "https://Helm.elastic.co" 7 | chart = "metricbeat" 8 | version = "7.10.1" 9 | 10 | } 11 | -------------------------------------------------------------------------------- /modules/metricbeat/providers.tf: -------------------------------------------------------------------------------- 1 | provider "helm" { 2 | kubernetes { 3 | config_path = var.kubeconfig_path 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /modules/metricbeat/vars.tf: -------------------------------------------------------------------------------- 1 | variable "namespace" {} 2 | 3 | variable "kubeconfig_path" {} 4 | -------------------------------------------------------------------------------- /modules/metricbeat/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | } 8 | required_version = ">= 0.14" 9 | } 10 | -------------------------------------------------------------------------------- /modules/minio/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | minio_domain = "minio.${var.domain}" 3 | } -------------------------------------------------------------------------------- /modules/minio/outputs.tf: -------------------------------------------------------------------------------- 1 | output "minio_domain" { 2 | value = local.minio_domain 3 | } 4 | 5 | output "minio_accesskey_password" { 6 | value = random_password.accesskey_password.result 7 | } 8 | 9 | output "minio_secretkey_password" { 10 | value = random_password.secretkey_password.result 11 | } -------------------------------------------------------------------------------- /modules/minio/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | -------------------------------------------------------------------------------- /modules/minio/templates/contour/values.tpl: -------------------------------------------------------------------------------- 1 | accessKey: 2 | password: ${accesskey_password} 3 | secretKey: 4 | password: ${secretkey_password} 5 | 6 | ingress: 7 | enabled: true 8 | certManager: true 9 | annotations: 10 | kubernetes.io/ingress.class: contour 11 | ingress.kubernetes.io/force-ssl-redirect: "true" 12 | kubernetes.io/ingress.allow-http: "false" 13 | kubernetes.io/tls-acme: "true" 14 | hosts: 15 | - name: ${minio_domain} 16 | path: / 17 | tls: true 18 | tlsSecret: minio-tls-secret 19 | persistence: 20 | size: 100Gi 21 | -------------------------------------------------------------------------------- /modules/minio/templates/nginx/values.tpl: -------------------------------------------------------------------------------- 1 | accessKey: 2 | password: ${accesskey_password} 3 | secretKey: 4 | password: ${secretkey_password} 5 | 6 | ingress: 7 | enabled: true 8 | certManager: true 9 | annotations: 10 | kubernetes.io/ingress.class: nginx 11 | ingress.kubernetes.io/force-ssl-redirect: "true" 12 | kubernetes.io/ingress.allow-http: "false" 13 | nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0 14 | hosts: 15 | - name: ${minio_domain} 16 | path: / 17 | tls: true 18 | tlsSecret: minio-tls-secret 19 | persistence: 20 | size: 100Gi 21 | -------------------------------------------------------------------------------- /modules/minio/vars.tf: -------------------------------------------------------------------------------- 1 | variable "domain" {} 2 | 3 | variable "ingress" { 4 | description = "Used to specify which Ingress controller should serve a particular Ingress object. Choices are: [ contour, nginx ]." 5 | } 6 | 7 | variable "kubeconfig_path" {} 8 | -------------------------------------------------------------------------------- /modules/minio/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | kubernetes = { 8 | source = "hashicorp/kubernetes" 9 | } 10 | random = { 11 | source = "hashicorp/random" 12 | } 13 | template = { 14 | source = "hashicorp/template" 15 | } 16 | } 17 | required_version = ">= 0.14" 18 | } 19 | -------------------------------------------------------------------------------- /modules/nginx-ingress/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /modules/nginx-ingress/templates/values.tpl: -------------------------------------------------------------------------------- 1 | extraArgs: ${extraArgsExpression} 2 | -------------------------------------------------------------------------------- /modules/nginx-ingress/vars.tf: -------------------------------------------------------------------------------- 1 | variable "kubeconfig_path" { 2 | description = "The path to your .kube/config" 3 | default = "~/.kube/config" 4 | } 5 | 6 | variable "extra_args_key" { 7 | description = "extraArgs key; for when you would like to pass addition startup flags to the nginx-controller" 8 | default = "" 9 | } 10 | 11 | variable "extra_args_value" { 12 | description = "extraArgs value; for when you would like to pass addition startup flags to the nginx-controller" 13 | default = "" 14 | } 15 | -------------------------------------------------------------------------------- /modules/nginx-ingress/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | kubernetes = { 8 | source = "hashicorp/kubernetes" 9 | } 10 | template = { 11 | source = "hashicorp/template" 12 | } 13 | } 14 | required_version = ">= 0.14" 15 | } 16 | -------------------------------------------------------------------------------- /modules/registry/acr/main.tf: -------------------------------------------------------------------------------- 1 | resource "random_id" "suffix" { 2 | byte_length = 4 3 | } 4 | 5 | resource "azurerm_container_registry" "acr" { 6 | name = join("", [ var.registry_name, random_id.suffix.hex ]) 7 | resource_group_name = var.resource_group_name 8 | location = var.location 9 | sku = "Standard" 10 | admin_enabled = true 11 | } -------------------------------------------------------------------------------- /modules/registry/acr/providers.tf: -------------------------------------------------------------------------------- 1 | provider "azurerm" { 2 | client_id = var.az_client_id 3 | client_secret = var.az_client_secret 4 | subscription_id = var.az_subscription_id 5 | tenant_id = var.az_tenant_id 6 | features {} 7 | } 8 | -------------------------------------------------------------------------------- /modules/registry/acr/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | azurerm = { 4 | source = "hashicorp/azurerm" 5 | version = ">=2.0.0" 6 | } 7 | random = { 8 | source = "hashicorp/random" 9 | } 10 | } 11 | required_version = ">= 0.14" 12 | } 13 | -------------------------------------------------------------------------------- /modules/registry/ecr/main.tf: -------------------------------------------------------------------------------- 1 | resource "random_id" "suffix" { 2 | byte_length = 4 3 | } 4 | 5 | resource "aws_ecr_repository" "ecr" { 6 | name = join("", [ var.registry_name, random_id.suffix.hex ]) 7 | image_tag_mutability = "MUTABLE" 8 | 9 | image_scanning_configuration { 10 | scan_on_push = true 11 | } 12 | } -------------------------------------------------------------------------------- /modules/registry/ecr/providers.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.region 3 | } -------------------------------------------------------------------------------- /modules/registry/ecr/vars.tf: -------------------------------------------------------------------------------- 1 | variable "registry_name" { 2 | description = "Specifies the name of the Container Registry. This name will be updated to append a unique suffix so as not to collide with a pre-existing registry." 3 | } 4 | 5 | variable "region" { 6 | default = "us-west-2" 7 | description = "A valid AWS region (e.g., us-east-1). See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-regions." 8 | } -------------------------------------------------------------------------------- /modules/registry/ecr/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | version = "~>3.0" 6 | } 7 | random = { 8 | source = "hashicorp/random" 9 | } 10 | } 11 | required_version = ">= 0.14" 12 | } 13 | -------------------------------------------------------------------------------- /modules/registry/gcr/main.tf: -------------------------------------------------------------------------------- 1 | resource "google_container_registry" "reg" { 2 | project = var.project 3 | location = var.location 4 | } 5 | 6 | data "google_container_registry_repository" "repo" { 7 | project = var.project 8 | region = var.location 9 | 10 | depends_on = [ google_container_registry.reg ] 11 | } 12 | -------------------------------------------------------------------------------- /modules/registry/gcr/outputs.tf: -------------------------------------------------------------------------------- 1 | output "gcr_bucket_id" { 2 | description = "The name of the bucket that supports the Container Registry" 3 | value = google_container_registry.reg.id 4 | } 5 | 6 | output "gcr_repository_url" { 7 | description = "The URL at which the repository can be accessed" 8 | value = data.google_container_registry_repository.repo.repository_url 9 | } 10 | -------------------------------------------------------------------------------- /modules/registry/gcr/providers.tf: -------------------------------------------------------------------------------- 1 | provider "google" { 2 | credentials = file(var.credentials) 3 | project = var.project 4 | } 5 | -------------------------------------------------------------------------------- /modules/registry/gcr/vars.tf: -------------------------------------------------------------------------------- 1 | variable "project" { 2 | description = "The ID of the project in which the resource belongs. If it is not provided, the provider project is used." 3 | sensitive = true 4 | } 5 | 6 | variable "location" { 7 | description = "The location of the registry. One of [ asia, eu, us ] or not specified." 8 | } 9 | 10 | variable "credentials" { 11 | description = "Path to service account credentials file in JSON format" 12 | } -------------------------------------------------------------------------------- /modules/registry/gcr/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | google = { 4 | source = "hashicorp/google" 5 | version = ">=3.21.0" 6 | } 7 | } 8 | required_version = ">= 0.14" 9 | } 10 | -------------------------------------------------------------------------------- /modules/registry/harbor/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | harbor_domain = "harbor.${var.domain}" 3 | notary_domain = "notary.${var.domain}" 4 | } -------------------------------------------------------------------------------- /modules/registry/harbor/outputs.tf: -------------------------------------------------------------------------------- 1 | output "harbor_domain" { 2 | value = local.harbor_domain 3 | } 4 | 5 | output "harbor_admin_username" { 6 | value = "admin" 7 | } 8 | 9 | output "harbor_admin_password" { 10 | value = random_password.admin_password.result 11 | } -------------------------------------------------------------------------------- /modules/registry/harbor/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | provider "k14s" { 12 | kapp { 13 | kubeconfig_yaml = file(var.kubeconfig_path) 14 | } 15 | } 16 | 17 | -------------------------------------------------------------------------------- /modules/registry/harbor/templates/cert.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: harbor-cert 5 | namespace: ${namespace} 6 | spec: 7 | dnsNames: 8 | - '${harbor_domain}' 9 | - '${notary_domain}' 10 | issuerRef: 11 | kind: ClusterIssuer 12 | name: letsencrypt-prod 13 | secretName: harbor-tls-secret -------------------------------------------------------------------------------- /modules/registry/harbor/vars.tf: -------------------------------------------------------------------------------- 1 | variable "domain" {} 2 | 3 | variable "ingress" { 4 | description = "Used to specify which Ingress controller should serve a particular Ingress object. Choices are: [ contour, nginx ]." 5 | } 6 | 7 | variable "kubeconfig_path" {} 8 | -------------------------------------------------------------------------------- /modules/registry/harbor/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | random = { 14 | source = "hashicorp/random" 15 | } 16 | template = { 17 | source = "hashicorp/template" 18 | } 19 | } 20 | required_version = ">= 0.14" 21 | } 22 | -------------------------------------------------------------------------------- /modules/registry/jcr/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | jcr_domain = "jcr.${var.domain}" 3 | } -------------------------------------------------------------------------------- /modules/registry/jcr/outputs.tf: -------------------------------------------------------------------------------- 1 | output "jcr_domain" { 2 | value = local.jcr_domain 3 | } 4 | 5 | output "jcr_admin_username" { 6 | value = "admin" 7 | } 8 | 9 | output "jcr_admin_password" { 10 | value = "password" 11 | } 12 | 13 | output "jcr_postgresql_password" { 14 | value = random_password.postgres_password.result 15 | } -------------------------------------------------------------------------------- /modules/registry/jcr/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | provider "k14s" { 12 | kapp { 13 | kubeconfig_yaml = file(var.kubeconfig_path) 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /modules/registry/jcr/templates/cert.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: jcr-cert 5 | namespace: ${namespace} 6 | spec: 7 | dnsNames: 8 | - '${jcr_domain}' 9 | issuerRef: 10 | kind: ClusterIssuer 11 | name: letsencrypt-prod 12 | secretName: jcr-tls-secret -------------------------------------------------------------------------------- /modules/registry/jcr/templates/contour/values.tpl: -------------------------------------------------------------------------------- 1 | artifactory: 2 | ingress: 3 | enabled: true 4 | hosts: 5 | - ${jcr_domain} 6 | annotations: 7 | kubernetes.io/ingress.class: "contour" 8 | ingress.kubernetes.io/force-ssl-redirect: "true" 9 | ingress.kubernetes.io/proxy-body-size: "0" 10 | ingress.kubernetes.io/proxy-read-timeout: "600" 11 | ingress.kubernetes.io/proxy-send-timeout: "600" 12 | kubernetes.io/ingress.allow-http: "false" 13 | tls: 14 | - secretName: jcr-tls-secret 15 | hosts: 16 | - ${jcr_domain} 17 | nginx: 18 | enabled: false 19 | service: 20 | type: "NodePort" 21 | 22 | postgresql: 23 | postgresqlPassword: ${jcr_postgresql_password} 24 | -------------------------------------------------------------------------------- /modules/registry/jcr/vars.tf: -------------------------------------------------------------------------------- 1 | variable "domain" {} 2 | 3 | variable "ingress" { 4 | description = "Used to specify which Ingress controller should serve a particular Ingress object. Choices are: [ contour, nginx ]." 5 | } 6 | 7 | variable "kubeconfig_path" {} 8 | -------------------------------------------------------------------------------- /modules/registry/jcr/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | random = { 14 | source = "hashicorp/random" 15 | } 16 | template = { 17 | source = "hashicorp/template" 18 | } 19 | } 20 | required_version = ">= 0.14" 21 | } 22 | -------------------------------------------------------------------------------- /modules/sealed-secrets/api-resources/get-release.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | SEALED_SECRETS_VERSION="v0.16.0" 4 | 5 | curl -LO https://github.com/bitnami-labs/sealed-secrets/releases/download/${SEALED_SECRETS_VERSION}/controller.yaml 6 | -------------------------------------------------------------------------------- /modules/sealed-secrets/main.tf: -------------------------------------------------------------------------------- 1 | data "local_file" "sealed_secrets" { 2 | filename = "${path.module}/api-resources/controller.yaml" 3 | } 4 | 5 | data "k14s_kbld" "sealed_secrets_config" { 6 | config_yaml = data.local_file.sealed_secrets.content 7 | 8 | debug_logs = true 9 | } 10 | 11 | resource "local_file" "sealed_secrets_config" { 12 | content = data.k14s_kbld.sealed_secrets_config.result 13 | filename = "${path.module}/.ytt/controller.yaml" 14 | } 15 | 16 | resource "k14s_kapp" "sealed_secrets" { 17 | app = "kubeseal" 18 | 19 | namespace = "default" 20 | 21 | config_yaml = local_file.sealed_secrets_config.content 22 | } -------------------------------------------------------------------------------- /modules/sealed-secrets/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "k14s" { 6 | kapp { 7 | kubeconfig_yaml = file(var.kubeconfig_path) 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /modules/sealed-secrets/vars.tf: -------------------------------------------------------------------------------- 1 | variable "kubeconfig_path" {} 2 | -------------------------------------------------------------------------------- /modules/sealed-secrets/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | k14s = { 4 | source = "hashicorp/k14s" 5 | } 6 | kubernetes = { 7 | source = "hashicorp/kubernetes" 8 | } 9 | local = { 10 | source = "hashicorp/local" 11 | } 12 | } 13 | required_version = ">= 0.14" 14 | } 15 | -------------------------------------------------------------------------------- /modules/stratos/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | stratos_domain = "stratos.${var.domain}" 3 | } -------------------------------------------------------------------------------- /modules/stratos/outputs.tf: -------------------------------------------------------------------------------- 1 | output "stratos_domain" { 2 | value = local.stratos_domain 3 | } 4 | -------------------------------------------------------------------------------- /modules/stratos/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | provider "k14s" { 12 | kapp { 13 | kubeconfig_yaml = file(var.kubeconfig_path) 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /modules/stratos/templates/cert.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: stratos-cert 5 | namespace: ${namespace} 6 | spec: 7 | dnsNames: 8 | - '${stratos_domain}' 9 | issuerRef: 10 | kind: ClusterIssuer 11 | name: letsencrypt-prod 12 | secretName: stratos-tls-secret -------------------------------------------------------------------------------- /modules/stratos/templates/contour/values.tpl: -------------------------------------------------------------------------------- 1 | console: 2 | sessionStoreSecret: ${session_store_secret} 3 | service: 4 | type: LoadBalancer 5 | ingress: 6 | ## If true, Ingress will be created 7 | enabled: true 8 | 9 | ## Additional annotations 10 | annotations: 11 | kubernetes.io/ingress.class: "contour" 12 | ingress.kubernetes.io/force-ssl-redirect: "true" 13 | kubernetes.io/ingress.allow-http: "false" 14 | 15 | ## Host for the ingress 16 | # Defaults to console.[env.Domain] if env.Domain is set and host is not 17 | host: ${stratos_domain} 18 | 19 | # Name of secret containing TLS certificate 20 | secretName: stratos-tls-secret 21 | -------------------------------------------------------------------------------- /modules/stratos/templates/nginx/values.tpl: -------------------------------------------------------------------------------- 1 | console: 2 | sessionStoreSecret: ${session_store_secret} 3 | service: 4 | type: LoadBalancer 5 | ingress: 6 | ## If true, Ingress will be created 7 | enabled: true 8 | 9 | ## Additional annotations 10 | annotations: 11 | kubernetes.io/ingress.class: "nginx" 12 | nginx.ingress.kubernetes.io/enable-cors: "true" 13 | ingress.kubernetes.io/force-ssl-redirect: "true" 14 | kubernetes.io/ingress.allow-http: "false" 15 | 16 | ## Host for the ingress 17 | # Defaults to console.[env.Domain] if env.Domain is set and host is not 18 | host: ${stratos_domain} 19 | 20 | # Name of secret containing TLS certificate 21 | secretName: stratos-tls-secret 22 | -------------------------------------------------------------------------------- /modules/stratos/vars.tf: -------------------------------------------------------------------------------- 1 | variable "domain" {} 2 | 3 | variable "ingress" { 4 | description = "Used to specify which Ingress controller should serve a particular Ingress object. Choices are: [ contour, nginx ]." 5 | } 6 | 7 | variable "kubeconfig_path" {} 8 | -------------------------------------------------------------------------------- /modules/stratos/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | random = { 14 | source = "hashicorp/random" 15 | } 16 | template = { 17 | source = "hashicorp/template" 18 | } 19 | } 20 | required_version = ">= 0.14" 21 | } 22 | -------------------------------------------------------------------------------- /modules/tas4k8s/acme/templates/certs-and-keys.tpl: -------------------------------------------------------------------------------- 1 | system_certificate: 2 | crt: | 3 | ${system_certificate_full_chain} 4 | key: | 5 | ${system_cert_key} 6 | ca: "" 7 | 8 | workloads_certificate: 9 | crt: | 10 | ${workloads_certificate_full_chain} 11 | key: | 12 | ${workloads_cert_key} 13 | ca: "" -------------------------------------------------------------------------------- /modules/tas4k8s/locals.tf: -------------------------------------------------------------------------------- 1 | locals { 2 | system_domain = var.domain 3 | app_domain = "apps.${var.domain}" 4 | postgres_instance_name = "pgsqlcfdb" 5 | ytt_lib_dir = var.ytt_lib_dir != "../../ytt-libs" ? var.ytt_lib_dir : "${path.module}/${var.ytt_lib_dir}" 6 | } -------------------------------------------------------------------------------- /modules/tas4k8s/postgres/pvc.tpl: -------------------------------------------------------------------------------- 1 | kind: PersistentVolumeClaim 2 | apiVersion: v1 3 | metadata: 4 | name: postgres-pvc 5 | namespace: ${postgres_instance_namespace} 6 | spec: 7 | accessModes: 8 | - ReadWriteOnce 9 | resources: 10 | requests: 11 | storage: 25Gi -------------------------------------------------------------------------------- /modules/tas4k8s/postgres/values.tpl: -------------------------------------------------------------------------------- 1 | postgresqlPassword: ${postgres_password} 2 | persistence: 3 | enabled: true 4 | existingClaim: postgres-pvc 5 | volumePermissions: 6 | enabled: true 7 | replication: 8 | enabled: false 9 | initdbScripts: 10 | psql.sql: | 11 | CREATE DATABASE uaa; 12 | \c uaa; 13 | CREATE EXTENSION citext; 14 | CREATE DATABASE cloud_controller; 15 | \c cloud_controller; 16 | CREATE EXTENSION citext; 17 | CREATE DATABASE usage_service; 18 | \c usage_service; 19 | CREATE EXTENSION citext; 20 | -------------------------------------------------------------------------------- /modules/tas4k8s/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | provider "k14s" { 12 | kapp { 13 | kubeconfig_yaml = file(var.kubeconfig_path) 14 | } 15 | } 16 | 17 | -------------------------------------------------------------------------------- /modules/tas4k8s/templates/cert.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: tas4k8s-cert 5 | namespace: ${namespace} 6 | spec: 7 | dnsNames: 8 | - '*.${system_domain}' 9 | - '*.${app_domain}' 10 | issuerRef: 11 | kind: ClusterIssuer 12 | name: letsencrypt-prod 13 | secretName: tas4k8s-tls-secret -------------------------------------------------------------------------------- /modules/tas4k8s/templates/cf-overrides.tpl: -------------------------------------------------------------------------------- 1 | #@library/ref "@github.com/cloudfoundry/cf-for-k8s/config" 2 | #@data/values 3 | --- 4 | 5 | remove_resource_requirements: ${remove_resource_requirements} 6 | add_metrics_server_components: ${add_metrics_server_components} 7 | use_external_dns_for_wildcard: ${use_external_dns_for_wildcard} 8 | enable_automount_service_account_token: ${enable_automount_service_account_token} 9 | metrics_server_prefer_internal_kubelet_address: ${metrics_server_prefer_internal_kubelet_address} -------------------------------------------------------------------------------- /modules/tas4k8s/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | local = { 14 | source = "hashicorp/local" 15 | } 16 | null = { 17 | source = "hashicorp/null" 18 | } 19 | random = { 20 | source = "hashicorp/random" 21 | } 22 | template = { 23 | source = "hashicorp/template" 24 | } 25 | } 26 | required_version = ">= 0.14" 27 | } 28 | -------------------------------------------------------------------------------- /modules/tekton/api-resources/get-releases.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | TEKTON_PIPELINES_VERSION="v0.28.1" 4 | TEKTON_DASHBOARD_VERSION="v0.21.0" 5 | 6 | curl -LO https://github.com/tektoncd/pipeline/releases/download/${TEKTON_PIPELINES_VERSION}/release.yaml 7 | curl -LO https://github.com/tektoncd/dashboard/releases/download/${TEKTON_DASHBOARD_VERSION}/tekton-dashboard-release.yaml 8 | 9 | # Remove the last N lines of the file 10 | 11 | N=2 12 | head -n $(( $(wc -l release.yaml | awk '{print $1}') - $N )) release.yaml > release.yaml.new 13 | 14 | rm release.yaml 15 | 16 | mv release.yaml.new release.yaml 17 | -------------------------------------------------------------------------------- /modules/tekton/providers.tf: -------------------------------------------------------------------------------- 1 | provider "k14s" { 2 | kapp { 3 | kubeconfig_yaml = file(var.kubeconfig_path) 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /modules/tekton/vars.tf: -------------------------------------------------------------------------------- 1 | variable "kubeconfig_path" { 2 | description = "The path to your .kube/config" 3 | default = "~/.kube/config" 4 | } 5 | -------------------------------------------------------------------------------- /modules/tekton/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | k14s = { 4 | source = "hashicorp/k14s" 5 | } 6 | local = { 7 | source = "hashicorp/local" 8 | } 9 | } 10 | required_version = ">= 0.14" 11 | } 12 | -------------------------------------------------------------------------------- /modules/traefik/main.tf: -------------------------------------------------------------------------------- 1 | resource "kubernetes_namespace" "traefik" { 2 | metadata { 3 | name = "traefik" 4 | } 5 | } 6 | 7 | data "template_file" "traefik_config" { 8 | template = file("${path.module}/templates/values.tpl") 9 | 10 | vars = { 11 | traefik_log_level = var.traefik_log_level 12 | } 13 | } 14 | 15 | resource "helm_release" "traefik" { 16 | 17 | name = "traefik" 18 | namespace = kubernetes_namespace.traefik.metadata[0].name 19 | repository = "https://helm.traefik.io/traefik" 20 | chart = "traefik" 21 | version = "10.5.0" 22 | 23 | values = [data.template_file.traefik_config.rendered] 24 | 25 | } 26 | -------------------------------------------------------------------------------- /modules/traefik/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /modules/traefik/templates/values.tpl: -------------------------------------------------------------------------------- 1 | additionalArguments: 2 | - "--log.level=${traefik_log_level}" 3 | - "--entrypoints.websecure.http.tls" 4 | - "--providers.kubernetesIngress.ingressClass=traefik-cert-manager" 5 | - "--ping" 6 | - "--metrics.prometheus" -------------------------------------------------------------------------------- /modules/traefik/vars.tf: -------------------------------------------------------------------------------- 1 | variable "kubeconfig_path" { 2 | description = "The path to your .kube/config" 3 | default = "~/.kube/config" 4 | } 5 | 6 | variable "traefik_log_level" { 7 | description = "Logging level for Traefik. See https://doc.traefik.io/traefik/observability/logs/#level." 8 | default = "DEBUG" 9 | } 10 | -------------------------------------------------------------------------------- /modules/traefik/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | kubernetes = { 8 | source = "hashicorp/kubernetes" 9 | } 10 | template = { 11 | source = "hashicorp/template" 12 | } 13 | } 14 | required_version = ">= 0.14" 15 | } 16 | -------------------------------------------------------------------------------- /modules/tsmgr/outputs.tf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/pacphi/tf4k8s/38ea62f3768042db4665becb1b969e85332809d3/modules/tsmgr/outputs.tf -------------------------------------------------------------------------------- /modules/tsmgr/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | provider "k14s" { 12 | kapp { 13 | kubeconfig_yaml = file(var.kubeconfig_path) 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /modules/tsmgr/templates/cert.tpl: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: tsmgr-cert 5 | namespace: ${namespace} 6 | spec: 7 | dnsNames: 8 | - '${tsmgr_domain}' 9 | - '${broker_domain}' 10 | - '${daemon_domain}' 11 | issuerRef: 12 | kind: ClusterIssuer 13 | name: letsencrypt-prod 14 | secretName: tsmgr-tls-secret -------------------------------------------------------------------------------- /modules/tsmgr/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | random = { 14 | source = "hashicorp/random" 15 | } 16 | template = { 17 | source = "hashicorp/template" 18 | } 19 | } 20 | required_version = ">= 0.14" 21 | } 22 | -------------------------------------------------------------------------------- /modules/wavefront/main.tf: -------------------------------------------------------------------------------- 1 | resource "kubernetes_namespace" "wavefront" { 2 | metadata { 3 | name = "wavefront" 4 | } 5 | } 6 | 7 | resource "helm_release" "wavefront" { 8 | 9 | name = "wavefront" 10 | namespace = kubernetes_namespace.wavefront.metadata[0].name 11 | repository = "https://raw.githubusercontent.com/wavefrontHQ/wavefront-operator/master/install/" 12 | chart = "wavefront-operator" 13 | version = "0.9.5" 14 | 15 | set { 16 | name = "wavefront.url" 17 | value = var.wavefront_url 18 | } 19 | 20 | set { 21 | name = "wavefront.token" 22 | value = var.wavefront_api_token 23 | } 24 | 25 | set { 26 | name = "clusterName" 27 | value = var.cluster_name 28 | } 29 | 30 | } 31 | -------------------------------------------------------------------------------- /modules/wavefront/providers.tf: -------------------------------------------------------------------------------- 1 | provider "kubernetes" { 2 | config_path = var.kubeconfig_path 3 | } 4 | 5 | provider "helm" { 6 | kubernetes { 7 | config_path = var.kubeconfig_path 8 | } 9 | } 10 | 11 | provider "k14s" { 12 | kapp { 13 | kubeconfig_yaml = file(var.kubeconfig_path) 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /modules/wavefront/vars.tf: -------------------------------------------------------------------------------- 1 | variable "cluster_name" {} 2 | 3 | variable "wavefront_url" {} 4 | 5 | variable "wavefront_api_token" { 6 | sensitive = true 7 | } 8 | 9 | variable "kubeconfig_path" {} 10 | -------------------------------------------------------------------------------- /modules/wavefront/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | version = ">= 1.3.1" 6 | } 7 | k14s = { 8 | source = "hashicorp/k14s" 9 | } 10 | kubernetes = { 11 | source = "hashicorp/kubernetes" 12 | } 13 | } 14 | required_version = ">= 0.14" 15 | } 16 | -------------------------------------------------------------------------------- /ytt-libs/cf4k8s/scripts/download-cf4k8s.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Use https://github.com/k14s/vendir to synchronize resources 4 | # Remove all prior synchronized resources first 5 | rm -Rf vendor vendir.lock.yml 6 | vendir sync 7 | -------------------------------------------------------------------------------- /ytt-libs/cf4k8s/vendir.yml: -------------------------------------------------------------------------------- 1 | apiVersion: vendir.k14s.io/v1alpha1 2 | kind: Config 3 | directories: 4 | - path: vendor 5 | contents: 6 | - path: github.com/cloudfoundry/cf-for-k8s 7 | git: 8 | url: https://github.com/cloudfoundry/cf-for-k8s 9 | ref: f72bbbf060d62ca47498db97fb5aab665906f8b5 10 | includePaths: 11 | - config/**/* 12 | - hack/**/* 13 | -------------------------------------------------------------------------------- /ytt-libs/tas4k8s/scripts/cleanup-tas4k8s.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Cleanup 4 | FILENAME=$(find . -type f -name "tanzu-application-service.*" -print | head -n 1) 5 | rm -f "$FILENAME" 6 | rm -Rf /tmp/tanzu-application-service -------------------------------------------------------------------------------- /ytt-libs/tas4k8s/scripts/download-tas4k8s.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ]; then 4 | echo "Usage: download-tas4k8s.sh {pivnet-api-token}" 5 | exit 1 6 | fi 7 | 8 | PIVNET_API_TOKEN="$1" 9 | pivnet login --api-token="${PIVNET_API_TOKEN}" 10 | 11 | # Download and extract 12 | TAS4K8S_VERSION="0.7.0" 13 | TAS4K8S_PRODUCT_FILE_ID=872737 14 | pivnet download-product-files --product-slug='tas-for-kubernetes' --release-version="${TAS4K8S_VERSION}" --product-file-id="${TAS4K8S_PRODUCT_FILE_ID}" --accept-eula 15 | FILENAME=$(find . -type f -name "tanzu-application-service.*" -print | head -n 1) 16 | tar -xvf "$FILENAME" -C /tmp 17 | --------------------------------------------------------------------------------