-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathversions.tf
101 lines (100 loc) · 2.84 KB
/
versions.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
terraform {
required_providers {
oci = {
source = "oracle/oci"
version = "6.7.0"
}
talos = {
source = "siderolabs/talos"
version = "~>0.6.0-beta.0"
}
random = {
source = "hashicorp/random"
version = "> 0.0.0"
}
flux = {
source = "fluxcd/flux"
version = "~>1.3.0"
}
github = {
source = "integrations/github"
version = "~>6.3.0"
}
powerdns = {
source = "pan-net/powerdns"
version = "1.5.0"
}
dns = {
source = "hashicorp/dns"
version = "3.4.0"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.32.0"
}
authentik = {
source = "goauthentik/authentik"
version = "2024.4.0"
}
}
required_version = ">= 1.8"
backend "kubernetes" {
secret_suffix = "cluster-state"
namespace = "tfstate"
config_path = "~/.kube/config-fop"
}
}
provider "oci" {
tenancy_ocid = var.tenancy_ocid
user_ocid = var.user_ocid
private_key_path = var.private_key_path
fingerprint = var.fingerprint
region = var.region
}
provider "github" {
token = var.github_token
owner = var.github_org
}
provider "flux" {
kubernetes = {
host = module.cluster-sharingio-oci.kubeconfig_host
client_certificate = base64decode(module.cluster-sharingio-oci.kubeconfig_client_certificate)
client_key = base64decode(module.cluster-sharingio-oci.kubeconfig_client_key)
cluster_ca_certificate = base64decode(module.cluster-sharingio-oci.kubeconfig_ca_certificate)
# config_path = local_file.kubeconfig.filename
}
git = {
url = "ssh://git@github.com/${var.github_org}/${var.github_repository}.git"
ssh = {
username = "git"
private_key = tls_private_key.flux.private_key_pem
}
}
}
provider "dns" {
update {
server = var.rfc2136_nameserver
key_name = var.rfc2136_tsig_keyname
key_secret = var.rfc2136_tsig_key
key_algorithm = "hmac-sha256"
}
}
provider "powerdns" {
api_key = var.pdns_api_key
server_url = var.pdns_host
}
provider "kubernetes" {
alias = "cluster-sharingio-oci"
# config_path = "./kubeconfig"
# We use an IP here to speed things up, the first nome name might work as well
host = module.cluster-sharingio-oci.kubeconfig_host
client_certificate = base64decode(module.cluster-sharingio-oci.kubeconfig_client_certificate)
client_key = base64decode(module.cluster-sharingio-oci.kubeconfig_client_key)
cluster_ca_certificate = base64decode(module.cluster-sharingio-oci.kubeconfig_ca_certificate)
}
provider "authentik" {
url = "https://sso.${var.domain}"
token = module.cluster-sharingio-oci-manifests.authentik_bootstrap_token
# Optionally set insecure to ignore TLS Certificates
# insecure = true
}