add civo portainer example

.gitignore

@@ -119,4 +119,6 @@ override.tf.json
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
 
-# End of https://www.gitignore.io/api/terraform,intellij+all
+# End of https://www.gitignore.io/api/terraform,intellij+all
+
+*/.kubeconf

civo-portainer-k3s/README.md

@@ -0,0 +1,41 @@
+# civo-portainer-k3s
+Example of running [portainer-k8s](https://github.com/portainer/portainer-k8s)
+on [civo-k3s](https://www.civo.com/) using pure terraform
+
+Prerequisites
+* [Terraform > 0.12](https://www.terraform.io/downloads.html)
+* [Civo Cloud account](https://www.civo.com/account)
+* [Civo Terraform Provider](https://github.com/civo/terraform-provider-civo)
+
+Steps:
+1. Clone repo: `git clone [email protected]:jhole89/terraform-k8s-example.git`
+2. Change to this directory: `cd civo-portainer-k3s`
+3. Initialise terraform: `terraform init`
+4. Copy tfvars template: `cp terraform.tfvars.template terraform.tfvars`
+5. Fill in `terraform.tfvars` with your Civo API key (found at `https://www.civo.com/account/security`)
+6. Apply terraform plan: `terraform apply --auto-approve` - you should see the following output
+    ```
+    module.cluster.civo_kubernetes_cluster.k3s: Creating...
+    ...
+    ...
+    ...
+    Apply complete! Resources: 6 added, 0 changed, 0 destroyed.
+    ```
+6. Log into your Civo account and grab the dns name:
+
+[Civo DNS](docs/civo_dns.png)
+*Cluster details and DNS name*
+
+Portainer will be published on port 9000:
+[Portainer start screen](docs/portainer_admin.png)
+
+Create the admin user and connect to the civo kubernetes cluster:
+[Connect portainer to k8s](docs/portainer_connect.png)
+
+You can now use portainer to deploy kubernetes applications into civo-k3s:
+[Deploy Nginx](docs/portainer_nginx_create.png)
+[](docs/portainer_nginx_create2.png)
+
+[Access Nginx](docs/nginx_welcome.png)
+
+7. Once no longer required you can remove all resources: `terraform destroy --auto-approve`

civo-portainer-k3s/apps/portainer.tf

@@ -0,0 +1,103 @@
+locals {
+  name = "portainer"
+}
+
+resource "kubernetes_namespace" "portainer" {
+  metadata {
+    name = local.name
+  }
+}
+
+resource "kubernetes_service_account" "portainer" {
+  metadata {
+    name = "${local.name}-sa-clusteradmin"
+    namespace = kubernetes_namespace.portainer.metadata[0].name
+  }
+  automount_service_account_token = true
+}
+
+resource "kubernetes_cluster_role_binding" "portainer" {
+  metadata {
+    name = "${local.name}-crb-clusteradmin"
+  }
+  role_ref {
+    api_group = "rbac.authorization.k8s.io"
+    kind = "ClusterRole"
+    name = "cluster-admin"
+  }
+  subject {
+    kind = "ServiceAccount"
+    name = kubernetes_service_account.portainer.metadata[0].name
+    namespace = kubernetes_namespace.portainer.metadata[0].name
+  }
+}
+
+resource "kubernetes_service" "portainer" {
+  metadata {
+    name = local.name
+    namespace = kubernetes_namespace.portainer.metadata[0].name
+  }
+  spec {
+    type = "LoadBalancer"
+    selector = {
+      app = "app-${local.name}"
+    }
+    port {
+      name = "http"
+      protocol = "TCP"
+      port = 9000
+      target_port = 9000
+    }
+    port {
+      name = "edge"
+      protocol = "TCP"
+      port = 8000
+      target_port = 8000
+    }
+  }
+}
+
+resource "kubernetes_deployment" "portainer" {
+  metadata {
+    name = local.name
+    namespace = kubernetes_namespace.portainer.metadata[0].name
+  }
+  spec {
+    selector {
+      match_labels = kubernetes_service.portainer.spec[0].selector
+    }
+    template {
+      metadata {
+        labels = kubernetes_service.portainer.spec[0].selector
+      }
+      spec {
+        service_account_name = kubernetes_service_account.portainer.metadata[0].name
+        container {
+          name = local.name
+          image = "portainer/portainer-k8s-beta:linux-amd64"
+          image_pull_policy = "Always"
+          port {
+            protocol = "TCP"
+            container_port = "8000"
+          }
+          port {
+            protocol = "TCP"
+            container_port = "9000"
+          }
+          volume_mount {
+            mount_path = "/var/run/secrets/kubernetes.io/serviceaccount"
+            name       = kubernetes_service_account.portainer.default_secret_name
+            read_only  = true
+          }
+        }
+        volume {
+          name = kubernetes_service_account.portainer.default_secret_name
+
+          secret {
+            secret_name = kubernetes_service_account.portainer.default_secret_name
+          }
+        }
+      }
+    }
+  }
+}

civo-portainer-k3s/apps/provider.tf

@@ -0,0 +1,8 @@
+provider "kubernetes" {
+  config_path = var.kubeconf_path
+
+  config_context_auth_info = var.config_user
+  config_context_cluster   = var.cluster_name
+
+  version = "~> 1.11"
+}

civo-portainer-k3s/apps/variables.tf

@@ -0,0 +1,5 @@
+variable "kubeconf_path" {}
+
+variable "config_user" {}
+
+variable "cluster_name" {}

civo-portainer-k3s/cluster/main.tf

@@ -0,0 +1,14 @@
+locals {
+  kubeconf_path = "${path.root}/.kubeconf"
+}
+
+resource "civo_kubernetes_cluster" "k3s" {
+  name = "dev_k3s"
+  num_target_nodes = 3
+  target_nodes_size = "g2.small"
+  tags = "terraform"
+
+  provisioner "local-exec" {
+    command = "echo '${civo_kubernetes_cluster.k3s.kubeconfig}' > ${local.kubeconf_path}"
+  }
+}

civo-portainer-k3s/cluster/outputs.tf

@@ -0,0 +1,11 @@
+output "cluster_name" {
+  value = civo_kubernetes_cluster.k3s.name
+}
+
+output "config_user" {
+  value = yamldecode(civo_kubernetes_cluster.k3s.kubeconfig)["users"][0]["name"]
+}
+
+output "kubeconf_path" {
+  value = local.kubeconf_path
+}

civo-portainer-k3s/cluster/provider.tf

@@ -0,0 +1,3 @@
+provider "civo" {
+  token = var.auth_token
+}

civo-portainer-k3s/cluster/variables.tf

@@ -0,0 +1 @@
+variable "auth_token" {}

civo-portainer-k3s/main.tf

@@ -0,0 +1,13 @@
+module "cluster" {
+  source = "./cluster"
+
+  auth_token = var.auth_token
+}
+
+module "apps" {
+  source = "./apps"
+
+  kubeconf_path = module.cluster.kubeconf_path
+  config_user = module.cluster.config_user
+  cluster_name = module.cluster.cluster_name
+}

civo-portainer-k3s/terraform.tfvars.template

@@ -0,0 +1 @@
+auth_token = ""

civo-portainer-k3s/variables.tf

@@ -0,0 +1 @@
+variable "auth_token" {}