diff --git a/infrastructure/main.tf b/infrastructure/main.tf index 1d1315dc1a..7536dbcca0 100644 --- a/infrastructure/main.tf +++ b/infrastructure/main.tf @@ -20,12 +20,19 @@ module "network" { project_name = var.project_name } +module "dns" { + source = "./modules/dns" + resource_group = data.azurerm_resource_group.resource_group + domain = var.domain +} + module "bastion" { source = "./modules/bastion" resource_group = data.azurerm_resource_group.resource_group project_name = var.project_name bastion_ssh_public_keys = var.bastion_ssh_public_keys bastion_subnet_id = module.network.bastion_subnet_id + dns_zone = module.dns.dns_zone } module "container_registry" { diff --git a/infrastructure/modules/bastion/main.tf b/infrastructure/modules/bastion/main.tf index b66aab87ea..92575ebdc5 100644 --- a/infrastructure/modules/bastion/main.tf +++ b/infrastructure/modules/bastion/main.tf @@ -59,3 +59,11 @@ resource "azurerm_linux_virtual_machine" "bastion" { version = "latest" } } + +resource "azurerm_dns_a_record" "bastion_dns_record" { + name = "bastion" + zone_name = var.dns_zone.name + resource_group_name = var.resource_group.name + ttl = 300 + records = [azurerm_linux_virtual_machine.bastion.public_ip_address] +} diff --git a/infrastructure/modules/bastion/outputs.tf b/infrastructure/modules/bastion/outputs.tf index 4182731e3e..b06fcc6b3a 100644 --- a/infrastructure/modules/bastion/outputs.tf +++ b/infrastructure/modules/bastion/outputs.tf @@ -1,3 +1,7 @@ output "bastion_public_ip" { value = azurerm_linux_virtual_machine.bastion.public_ip_address } + +output "bastion_hostname" { + value = azurerm_dns_a_record.bastion_dns_record.fqdn +} diff --git a/infrastructure/modules/bastion/variables.tf b/infrastructure/modules/bastion/variables.tf index fc268b4bdb..13e23e0b6f 100644 --- a/infrastructure/modules/bastion/variables.tf +++ b/infrastructure/modules/bastion/variables.tf @@ -20,3 +20,7 @@ variable "bastion_host_size" { variable "bastion_subnet_id" { description = "The id of the subnet where the bastion host will be placed" } + +variable "dns_zone" { + description = "The Azure DNS zone where the bastion A record will be added" +} diff --git a/infrastructure/modules/dns/main.tf b/infrastructure/modules/dns/main.tf new file mode 100644 index 0000000000..c785b4b2d7 --- /dev/null +++ b/infrastructure/modules/dns/main.tf @@ -0,0 +1,4 @@ +resource "azurerm_dns_zone" "marxan" { + name = var.domain + resource_group_name = var.resource_group.name +} diff --git a/infrastructure/modules/dns/outputs.tf b/infrastructure/modules/dns/outputs.tf new file mode 100644 index 0000000000..e531e010c2 --- /dev/null +++ b/infrastructure/modules/dns/outputs.tf @@ -0,0 +1,3 @@ +output "dns_zone" { + value = azurerm_dns_zone.marxan +} diff --git a/infrastructure/modules/dns/variables.tf b/infrastructure/modules/dns/variables.tf new file mode 100644 index 0000000000..4e80b17aac --- /dev/null +++ b/infrastructure/modules/dns/variables.tf @@ -0,0 +1,7 @@ +variable "resource_group" { + description = "The Azure resource group where the module will create its resources" +} + +variable "domain" { + description = "The domain name" +} diff --git a/infrastructure/modules/node_pool/variables.tf b/infrastructure/modules/node_pool/variables.tf index 490149425a..1c2dd779ce 100644 --- a/infrastructure/modules/node_pool/variables.tf +++ b/infrastructure/modules/node_pool/variables.tf @@ -37,7 +37,7 @@ variable "min_node_count" { variable "max_node_count" { type = number - default = 2 + default = 4 description = "The maximum number of machines in this pool" } diff --git a/infrastructure/outputs.tf b/infrastructure/outputs.tf index bdbdcc938a..e38b4cba15 100644 --- a/infrastructure/outputs.tf +++ b/infrastructure/outputs.tf @@ -1,27 +1,28 @@ output "client_certificate" { value = module.kubernetes.client_certificate + sensitive = true } -output "aks_cluster_name" { +output "k8s_cluster_name" { value = module.kubernetes.cluster_name description = "AKS cluster name" } output "kube_config" { value = module.kubernetes.kube_config - sensitive = true } -output "azurerm_container_registry_login_server" { +output "container_registry_hostname" { value = module.container_registry.azurerm_container_registry_login_server } -output "azuread_application_password" { +output "container_registry_password" { value = module.container_registry.azuread_application_password + sensitive = true } -output "azure_client_id" { +output "container_registry_client_id" { value = module.container_registry.azure_client_id } @@ -37,15 +38,23 @@ output "bastion_public_ip" { value = module.bastion.bastion_public_ip } -output "redis_url" { +output "bastion_hostname" { + value = module.bastion.bastion_hostname +} + +output "redis_hostname" { value = module.redis.redis_url } +output "redis_port" { + value = module.redis.redis_port +} + output "redis_password" { value = module.redis.redis_password sensitive = true } -output "redis_port" { - value = module.redis.redis_port +output "dns_zone_name" { + value = module.dns.dns_zone.name } diff --git a/infrastructure/variables.tf b/infrastructure/variables.tf index 914a8097c2..bc3974ec0e 100644 --- a/infrastructure/variables.tf +++ b/infrastructure/variables.tf @@ -35,3 +35,8 @@ variable "solution_plan_map" { } type = map(any) } + +variable "domain" { + type = string + description = "The domain name" +} diff --git a/infrastructure/vars/terraform.tfvars b/infrastructure/vars/terraform.tfvars index a1bf9401b8..cdee3d9dd3 100644 --- a/infrastructure/vars/terraform.tfvars +++ b/infrastructure/vars/terraform.tfvars @@ -4,3 +4,4 @@ bastion_ssh_public_keys = [{ user = "ubuntu" key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsQgoIZQAVAMFnESCsYotosbp3N2n8onp8Xmn0DZJmCnBzkfvn2SJdTQRKcyzjcHBqrseq+8Id0JYdb1aJJT2497b7NVOWvVLgqD5pYoxwLO4m3VjppUjpOfgGk3aBpzQTGwPHMqk4X4yvHNAuQcCTxo6gNIsyJZFxdzdc2P+oDLdTwekzsQvsPscFDXDYvtLTkCnSfeZAKsbb45XiAsH0HRnwzJYPvPr69V6c1R3igc2aDZ+eI2sZPvsCXWnvJYfL0QLJp+NwqJuRzHygcxsByg9p/wTPko2vEQLGvefBqjMFHbDYRyVh1omfwt3w/l5R6Abb1Mc2sNDqhBKFEe7/" }] +domain = "marxan.vizzuality.com" diff --git a/kubernetes/.terraform.lock.hcl b/kubernetes/.terraform.lock.hcl index 84e77469d5..1aa9d4c053 100644 --- a/kubernetes/.terraform.lock.hcl +++ b/kubernetes/.terraform.lock.hcl @@ -1,6 +1,23 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/gavinbunney/kubectl" { + version = "1.13.1" + constraints = ">= 1.7.0" + hashes = [ + "h1:Kqo0t1R22DYLNsw8kFCBLPeV9zwns+86ijDnBUhJ+iw=", + "zh:212c030cb975e46e3a85a6850c16773974f4498042a45c73b883b25f6e05962d", + "zh:213d1be8a231b04fdc55fd027479dbf0ae5b7ab891804b64f464db771d091ecd", + "zh:45f37b5c43f85d79973d0b890f774531a65def7f8436e435a4e259198f1c62de", + "zh:5a362871827f8582d6129b9c8b7d73c5e4e181155cef4cba1fe0408880db52db", + "zh:78986fdb4c41ac35815e4d41832d24b41b0aac046c046f21db92205115d16bae", + "zh:a6d07a9f066c386f44d61e7e2e83133663e3049f5c6b153fa5601b85cbb788b1", + "zh:bb307e902d2401df42205d57e36a2e094765b87b12f99a24ec2af411bef3c0fa", + "zh:dc3281f9fab38b8daf76d5f0073d2e323574f03d4cef338d6a363380f7f7bb59", + "zh:eb30e7fef17e7630858070d23a59375ba3a87fceaffde1c722338b1ad88df568", + ] +} + provider "registry.terraform.io/hashicorp/azurerm" { version = "2.92.0" constraints = "2.92.0" diff --git a/kubernetes/main.tf b/kubernetes/main.tf index 90621db82f..3d153fa3ce 100644 --- a/kubernetes/main.tf +++ b/kubernetes/main.tf @@ -25,7 +25,12 @@ data "terraform_remote_state" "core" { } data "azurerm_kubernetes_cluster" "k8s_cluster" { - name = data.terraform_remote_state.core.outputs.aks_cluster_name + name = data.terraform_remote_state.core.outputs.k8s_cluster_name + resource_group_name = data.azurerm_resource_group.resource_group.name +} + +data "azurerm_dns_zone" "dns_zone" { + name = data.terraform_remote_state.core.outputs.dns_zone_name resource_group_name = data.azurerm_resource_group.resource_group.name } @@ -45,6 +50,15 @@ module "k8s_namespaces" { k8s_cluster_ca_certificate = local.k8s_cluster_ca_certificate } +module "cert_manager" { + source = "./modules/cert_manager" + k8s_host = local.k8s_host + k8s_client_certificate = local.k8s_client_certificate + k8s_client_key = local.k8s_client_key + k8s_cluster_ca_certificate = local.k8s_cluster_ca_certificate + email = var.cert_email +} + #### # Production #### @@ -103,6 +117,18 @@ module "geoprocessing_production" { deployment_name = "geoprocessing" } +module "client_production" { + source = "./modules/client" + k8s_host = local.k8s_host + k8s_client_certificate = local.k8s_client_certificate + k8s_client_key = local.k8s_client_key + k8s_cluster_ca_certificate = local.k8s_cluster_ca_certificate + namespace = "production" + image = "marxan.azurecr.io/marxan-client:production" + deployment_name = "client" + site_url = "http://${module.ingress_production.client_ip}" +} + module "production_secrets" { source = "./modules/secrets" k8s_host = local.k8s_host @@ -113,7 +139,7 @@ module "production_secrets" { namespace = "production" name = "api" key_vault_id = module.key_vault_production.key_vault_id - redis_host = data.terraform_remote_state.core.outputs.redis_url + redis_host = data.terraform_remote_state.core.outputs.redis_hostname redis_password = data.terraform_remote_state.core.outputs.redis_password redis_port = data.terraform_remote_state.core.outputs.redis_port } @@ -127,6 +153,8 @@ module "ingress_production" { k8s_cluster_ca_certificate = local.k8s_cluster_ca_certificate resource_group = data.azurerm_resource_group.resource_group project_name = var.project_name + dns_zone = data.azurerm_dns_zone.dns_zone + domain = var.domain } @@ -188,6 +216,18 @@ module "geoprocessing_staging" { deployment_name = "geoprocessing" } +module "client_staging" { + source = "./modules/client" + k8s_host = local.k8s_host + k8s_client_certificate = local.k8s_client_certificate + k8s_client_key = local.k8s_client_key + k8s_cluster_ca_certificate = local.k8s_cluster_ca_certificate + namespace = "staging" + image = "marxan.azurecr.io/marxan-client:staging" + deployment_name = "client" + site_url = "http://${module.ingress_production.client_ip}" +} + module "staging_secrets" { source = "./modules/secrets" k8s_host = local.k8s_host @@ -198,7 +238,21 @@ module "staging_secrets" { namespace = "staging" name = "api" key_vault_id = module.key_vault_staging.key_vault_id - redis_host = data.terraform_remote_state.core.outputs.redis_url + redis_host = data.terraform_remote_state.core.outputs.redis_hostname redis_password = data.terraform_remote_state.core.outputs.redis_password redis_port = data.terraform_remote_state.core.outputs.redis_port } + +module "ingress_staging" { + source = "./modules/ingress" + namespace = "staging" + k8s_host = local.k8s_host + k8s_client_certificate = local.k8s_client_certificate + k8s_client_key = local.k8s_client_key + k8s_cluster_ca_certificate = local.k8s_cluster_ca_certificate + resource_group = data.azurerm_resource_group.resource_group + project_name = var.project_name + dns_zone = data.azurerm_dns_zone.dns_zone + domain = var.domain + domain_prefix = "staging" +} diff --git a/kubernetes/modules/api/main.tf b/kubernetes/modules/api/main.tf index 4efde7d813..e1d4c3a37a 100644 --- a/kubernetes/modules/api/main.tf +++ b/kubernetes/modules/api/main.tf @@ -177,7 +177,7 @@ resource "kubernetes_deployment" "api_deployment" { } env { - name = "REDIS_USE_TLS" + name = "REDIS_USE_TLS" value = "true" } diff --git a/kubernetes/modules/cert_manager/k8s_files/01_cluster-issuer.yaml.tmpl b/kubernetes/modules/cert_manager/k8s_files/01_cluster-issuer.yaml.tmpl new file mode 100644 index 0000000000..afa0db436e --- /dev/null +++ b/kubernetes/modules/cert_manager/k8s_files/01_cluster-issuer.yaml.tmpl @@ -0,0 +1,25 @@ +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt +spec: + acme: + # You must replace this email address with your own. + # Let's Encrypt will use this to contact you about expiring + # certificates, and issues related to your account. + email: ${email} + # ACME server URL for Let’s Encrypt’s staging environment. + # The staging environment will not issue trusted certificates but is + # used to ensure that the verification process is working properly + # before moving to production + server: ${cert_server} + privateKeySecretRef: + # Secret resource used to store the account's private key. + name: cluster-cert-issuer-account-key + # Enable the HTTP-01 challenge provider + # you prove ownership of a domain by ensuring that a particular + # file is present at the domain + solvers: + - http01: + ingress: + class: azure/application-gateway diff --git a/kubernetes/modules/cert_manager/main.tf b/kubernetes/modules/cert_manager/main.tf new file mode 100644 index 0000000000..bdca5e29e4 --- /dev/null +++ b/kubernetes/modules/cert_manager/main.tf @@ -0,0 +1,29 @@ +resource "helm_release" "cert-manager" { + name = "cert-manager" + repository = "https://charts.jetstack.io" + chart = "cert-manager" + version = "1.7.1" + + namespace = "cert-manager" + + wait = false + create_namespace = true + + set { + name = "installCRDs" + value = "true" + } + + set { + name = "startupapicheck.timeout" + value = "5m" + } +} + + +resource "kubectl_manifest" "alb_ingress_controller_main" { + yaml_body = templatefile("${path.module}/k8s_files/01_cluster-issuer.yaml.tmpl", { + email : var.email, + cert_server : var.cert_server, + }) +} diff --git a/kubernetes/modules/cert_manager/variables.tf b/kubernetes/modules/cert_manager/variables.tf new file mode 100644 index 0000000000..fcd96c2cf6 --- /dev/null +++ b/kubernetes/modules/cert_manager/variables.tf @@ -0,0 +1,30 @@ +variable "k8s_host" { + description = "Hostname of the k8s cluster" + type = string +} + +variable "k8s_client_certificate" { + description = "Client certificate for the k8s cluster" + type = string +} + +variable "k8s_client_key" { + description = "Client key for the k8s cluster" + type = string +} + +variable "k8s_cluster_ca_certificate" { + description = "Cluster CA certificate for the k8s cluster" + type = string +} + +variable "email" { + description = "Email address to use for cert renovation warnings" + type = string +} + +variable "cert_server" { + description = "Lets encrypt server URL" + type = string + default = "https://acme-v02.api.letsencrypt.org/directory" +} diff --git a/kubernetes/modules/cert_manager/versions.tf b/kubernetes/modules/cert_manager/versions.tf new file mode 100644 index 0000000000..321318ff86 --- /dev/null +++ b/kubernetes/modules/cert_manager/versions.tf @@ -0,0 +1,32 @@ +terraform { + required_providers { + helm = { + source = "hashicorp/helm" + version = "~> 2.4.1" + } + + kubectl = { + source = "gavinbunney/kubectl" + version = ">= 1.7.0" + } + } + required_version = "1.1.3" +} + +provider "helm" { + kubernetes { + host = var.k8s_host + client_certificate = var.k8s_client_certificate + client_key = var.k8s_client_key + cluster_ca_certificate = var.k8s_cluster_ca_certificate + } +} + + +provider "kubectl" { + host = var.k8s_host + client_certificate = var.k8s_client_certificate + client_key = var.k8s_client_key + cluster_ca_certificate = var.k8s_cluster_ca_certificate + load_config_file = false +} diff --git a/kubernetes/modules/client/main.tf b/kubernetes/modules/client/main.tf new file mode 100644 index 0000000000..45d76fe068 --- /dev/null +++ b/kubernetes/modules/client/main.tf @@ -0,0 +1,108 @@ +resource "kubernetes_service" "client_service" { + metadata { + name = kubernetes_deployment.client_deployment.metadata[0].name + namespace = var.namespace + } + spec { + selector = { + name = kubernetes_deployment.client_deployment.metadata[0].name + } + port { + port = 3000 + } + + type = "NodePort" + } +} + +resource "kubernetes_deployment" "client_deployment" { + metadata { + name = var.deployment_name + namespace = var.namespace + } + + spec { + replicas = 1 + + selector { + match_labels = { + name = var.deployment_name + } + } + + template { + metadata { + labels = { + name = var.deployment_name + } + } + + spec { + affinity { + node_affinity { + required_during_scheduling_ignored_during_execution { + node_selector_term { + match_expressions { + key = "type" + values = ["app"] + operator = "In" + } + } + } + } + } + container { + image = var.image + image_pull_policy = "Always" + name = var.deployment_name + + args = ["start:prod"] + + resources { + limits = { + cpu = "1" + memory = "1Gi" + } + requests = { + cpu = "500m" + memory = "512Mi" + } + } + + env { + name = "NEXTAUTH_URL" + value = var.site_url + } + + liveness_probe { + http_get { + path = "/" + port = 3000 + scheme = "HTTP" + } + + success_threshold = 1 + timeout_seconds = 5 + initial_delay_seconds = 15 + period_seconds = 15 + } + + readiness_probe { + http_get { + path = "/" + port = 3000 + scheme = "HTTP" + } + + success_threshold = 1 + timeout_seconds = 5 + initial_delay_seconds = 30 + period_seconds = 15 + } + } + } + } + } +} + + diff --git a/kubernetes/modules/client/variable.tf b/kubernetes/modules/client/variable.tf new file mode 100644 index 0000000000..95500d4c06 --- /dev/null +++ b/kubernetes/modules/client/variable.tf @@ -0,0 +1,39 @@ +variable "k8s_host" { + description = "Hostname of the k8s cluster" + type = string +} + +variable "k8s_client_certificate" { + description = "Client certificate for the k8s cluster" + type = string +} + +variable "k8s_client_key" { + description = "Client key for the k8s cluster" + type = string +} + +variable "k8s_cluster_ca_certificate" { + description = "Cluster CA certificate for the k8s cluster" + type = string +} + + +variable "image" { + type = string + description = "The dockerhub image reference to deploy" +} + +variable "deployment_name" { + type = string + description = "The k8s deployment name" +} + +variable "namespace" { + type = string + description = "The k8s namespace to use" +} + +variable "site_url" { + type = string +} diff --git a/kubernetes/modules/client/versions.tf b/kubernetes/modules/client/versions.tf new file mode 100644 index 0000000000..30c8553474 --- /dev/null +++ b/kubernetes/modules/client/versions.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.8.0" + } + } + required_version = "1.1.3" +} + +provider "kubernetes" { + host = var.k8s_host + client_certificate = var.k8s_client_certificate + client_key = var.k8s_client_key + cluster_ca_certificate = var.k8s_cluster_ca_certificate +} diff --git a/kubernetes/modules/geoprocessing/main.tf b/kubernetes/modules/geoprocessing/main.tf index 5b2d3595ff..1873ee32f0 100644 --- a/kubernetes/modules/geoprocessing/main.tf +++ b/kubernetes/modules/geoprocessing/main.tf @@ -177,7 +177,7 @@ resource "kubernetes_deployment" "geoprocessing_deployment" { } env { - name = "REDIS_USE_TLS" + name = "REDIS_USE_TLS" value = "true" } diff --git a/kubernetes/modules/ingress/main.tf b/kubernetes/modules/ingress/main.tf index 7e85823911..ca6260ba56 100644 --- a/kubernetes/modules/ingress/main.tf +++ b/kubernetes/modules/ingress/main.tf @@ -1,19 +1,50 @@ +locals { + fqdn = (var.domain_prefix == null ? var.domain : "${var.domain_prefix}.${var.domain}") +} + + resource "kubernetes_ingress_v1" "ingress" { metadata { - name = var.project_name - namespace = var.namespace + name = "${var.project_name}-${var.namespace}" + namespace = var.namespace annotations = { - "kubernetes.io/ingress.class" = "azure/application-gateway" - "appgw.ingress.kubernetes.io/health-probe-port" = "3000" - "appgw.ingress.kubernetes.io/health-probe-path" = "/ping" + "kubernetes.io/ingress.class" = "azure/application-gateway" + "appgw.ingress.kubernetes.io/health-probe-port" = "3000" + "appgw.ingress.kubernetes.io/health-probe-path" = "/" + "appgw.ingress.kubernetes.io/ssl-redirect" = "true" + "cert-manager.io/cluster-issuer" = "letsencrypt" + "cert-manager.io/acme-challenge-type" = "http01" } } spec { + tls { + hosts = [local.fqdn] + secret_name = "${var.project_name}-${var.namespace}-ingress-tls-secret" + } + rule { + host = local.fqdn + http { + path { + path = "/" + path_type = "Prefix" + backend { + service { + name = "client" + port { + number = 3000 + } + } + } + } + } + } + rule { + host = local.fqdn http { path { - path = "/" + path = "/api" path_type = "Prefix" backend { service { @@ -28,3 +59,12 @@ resource "kubernetes_ingress_v1" "ingress" { } } } + + +resource "azurerm_dns_a_record" "app_dns_record" { + name = coalesce(var.domain_prefix, "@") + zone_name = var.dns_zone.name + resource_group_name = var.resource_group.name + ttl = 300 + records = [kubernetes_ingress_v1.ingress.status[0].load_balancer[0].ingress[0].ip] +} diff --git a/kubernetes/modules/ingress/outputs.tf b/kubernetes/modules/ingress/outputs.tf index e69de29bb2..474ca79c84 100644 --- a/kubernetes/modules/ingress/outputs.tf +++ b/kubernetes/modules/ingress/outputs.tf @@ -0,0 +1,3 @@ +output "client_ip" { + value = kubernetes_ingress_v1.ingress.status[0].load_balancer[0].ingress[0].ip +} diff --git a/kubernetes/modules/ingress/variable.tf b/kubernetes/modules/ingress/variable.tf index 2ac2f80d3d..0007e016e2 100644 --- a/kubernetes/modules/ingress/variable.tf +++ b/kubernetes/modules/ingress/variable.tf @@ -30,3 +30,18 @@ variable "resource_group" { variable "namespace" { description = "The k8s namespace in which to deploy resources" } + +variable "dns_zone" { + description = "The Azure DNS zone where the bastion A record will be added" +} + +variable "domain" { + type = string + description = "The base domain" +} + +variable "domain_prefix" { + type = string + default = null + description = "The prefix added to the base domain" +} diff --git a/kubernetes/outputs.tf b/kubernetes/outputs.tf new file mode 100644 index 0000000000..885492afc7 --- /dev/null +++ b/kubernetes/outputs.tf @@ -0,0 +1,3 @@ +output "gateway_ip" { + value = module.ingress_production.client_ip +} diff --git a/kubernetes/variables.tf b/kubernetes/variables.tf index 5d0b345398..bb1c21f0e8 100644 --- a/kubernetes/variables.tf +++ b/kubernetes/variables.tf @@ -8,9 +8,19 @@ variable "location" { description = "Azure Location in which the resources will be created" } - variable "port" { type = number default = 443 description = "The TCP port to use when reaching the AKS cluster. Useful when using an SSH tunnel" } + +variable "cert_email" { + type = string + description = "Email address to use for cert renovation warnings" + default = "cert@marxan.com" +} + +variable "domain" { + type = string + description = "The domain name" +} diff --git a/kubernetes/vars/terraform.tfvars b/kubernetes/vars/terraform.tfvars index 5c2d5b3836..dd0b674b7d 100644 --- a/kubernetes/vars/terraform.tfvars +++ b/kubernetes/vars/terraform.tfvars @@ -1,3 +1,4 @@ project_name = "marxan" location = "West Europe" port = 4433 +domain = "marxan.vizzuality.com" diff --git a/kubernetes/versions.tf b/kubernetes/versions.tf index 63898030d6..1cef1b71cf 100644 --- a/kubernetes/versions.tf +++ b/kubernetes/versions.tf @@ -18,6 +18,11 @@ terraform { template = { source = "hashicorp/template" } + + kubectl = { + source = "gavinbunney/kubectl" + version = ">= 1.7.0" + } } required_version = "1.1.3" } @@ -46,3 +51,11 @@ provider "kubernetes" { client_key = base64decode(data.azurerm_kubernetes_cluster.k8s_cluster.kube_config.0.client_key) cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.k8s_cluster.kube_config.0.cluster_ca_certificate) } + +provider "kubectl" { + host = data.azurerm_kubernetes_cluster.k8s_cluster.kube_config.0.host + client_certificate = base64decode(data.azurerm_kubernetes_cluster.k8s_cluster.kube_config.0.client_certificate) + client_key = base64decode(data.azurerm_kubernetes_cluster.k8s_cluster.kube_config.0.client_key) + cluster_ca_certificate = base64decode(data.azurerm_kubernetes_cluster.k8s_cluster.kube_config.0.cluster_ca_certificate) + load_config_file = false +}