-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.tf
94 lines (80 loc) · 2.4 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
terraform {
backend "remote" {
organization = "ljones"
workspaces {
name = "do-k8s-2021"
}
}
required_providers {
digitalocean = {
source = "digitalocean/digitalocean"
version = "~> 2.16.0"
}
helm = {
source = "hashicorp/helm"
version = "~> 2.4.0"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "~> 2.6.0"
}
}
}
provider "digitalocean" {}
resource "digitalocean_project" "do-k8s-2021" {
name = "do-k8s-2021"
description = "DigitalOcean Kubernetes Challenge 2021"
purpose = "Deploy a security and compliance system"
resources = [
"do:kubernetes:${digitalocean_kubernetes_cluster.doks.id}" # this is a bit tedious
]
}
resource "digitalocean_vpc" "do-k8s-2021" {
name = "do-k8s-2021"
region = "sgp1"
}
data "digitalocean_kubernetes_versions" "doks" {
version_prefix = "1.21."
}
resource "digitalocean_kubernetes_cluster" "doks" {
name = "do-k8s-2021"
region = "sgp1"
auto_upgrade = true
version = data.digitalocean_kubernetes_versions.doks.latest_version
vpc_uuid = digitalocean_vpc.do-k8s-2021.id
maintenance_policy {
start_time = "16:00"
day = "friday"
}
node_pool {
name = "autoscale-worker-pool"
size = "s-1vcpu-2gb" # 1 cpu, 2gb ram (1gb useable)
auto_scale = true
min_nodes = 1
max_nodes = 3 # this is the maximum allowed nodes on my new account without requesting an increase
}
}
provider "kubernetes" {
host = digitalocean_kubernetes_cluster.doks.kube_config[0].host
token = digitalocean_kubernetes_cluster.doks.kube_config[0].token
cluster_ca_certificate = base64decode(digitalocean_kubernetes_cluster.doks.kube_config[0].cluster_ca_certificate)
}
provider "helm" {
kubernetes {
host = digitalocean_kubernetes_cluster.doks.kube_config[0].host
token = digitalocean_kubernetes_cluster.doks.kube_config[0].token
cluster_ca_certificate = base64decode(digitalocean_kubernetes_cluster.doks.kube_config[0].cluster_ca_certificate)
}
}
resource "helm_release" "falco" {
name = "falco"
repository = "https://falcosecurity.github.io/charts"
chart = "falco"
version = "1.16.2"
namespace = "falco"
create_namespace = true
# set {
# name = "fakeEventGenerator.enabled"
# value = "true"
# }
}