Skip to content

Commit

Permalink
0.1.0-alpha.1
Browse files Browse the repository at this point in the history 
- Basic deployment of docker-openwisp on kubernetes cluster

Signed-off-by: Ajay Tripathi <[email protected]>
  • Loading branch information
@atb00ker
atb00ker committed Jan 31, 2020
1 parent 06c401b commit 4dbba53
Show file tree
Hide file tree
Showing 26 changed files with 2,099 additions and 2 deletions.
4 changes: 4 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,3 +27,7 @@ override.tf.json

# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
# example: *tfplan*

# Credentials
develop.config.tf
account.json
12 changes: 12 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
# Changelog

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]

## [0.1.0-alpha.1] - 2020-02-01

- Basic deployment of docker-openwisp on kubernetes cluster
66 changes: 64 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,2 +1,64 @@
# terraform-kubernetes-openwisp
Terraform files for deploying docker-openwisp in kubernetes.
# Terraform(kubernetes): OpenWISP

[![Terraform](https://img.shields.io/badge/terraform-openwisp-blue)](https://registry.terraform.io/modules/atb00ker/openwisp/kubernetes)
[![GitHub license](https://img.shields.io/github/license/atb00ker/terraform-kubernetes-openwisp.svg)](https://github.com/openwisp/terraform-kubernetes-openwisp/blob/master/LICENSE)

Terraform files for deploying docker-openwisp in kubernetes.
This module does not provision the infrastructure but expects
access to an existing kubernetes cluster.

## Requirements

If you using the following options, please follow the requirements as per the variable's documentation:

- `kubernetes_services.use_cert_manager`

## Usage

**Note: The following links work only when you are viewing on github.com**

### Variables
- Inputs documentation available [here](docs/input.md).
- Outputs documentation available [here](docs/output.md).

### Examples
- Standalone example available [here](examples/standalone).
- Google cloud example available [here](examples/google-cloud).

### Create

1. Configure the options in the module. (`examples/` may be helpful)
2. Apply the configurations: `terraform apply`

### Destroy

1. Destroy the resources using terraform `terraform destroy`
2. Uninstall cert-manager: `kubectl delete --filename <kubernetes_services.cert_manager_link>`

## Advanced Usage

### Removing cert-manager

Unfortunately, cert-manager uses CRDs and terraform doesn't work very well with it, so if you want to remove

1. Destroy resources:

```bash
terraform destroy \
--target=module.kubernetes.kubernetes_namespace.cert_manager \
--target=module.kubernetes.null_resource.install_cert_manager \
--target=module.kubernetes.null_resource.certificate_cert_manager \
--target=module.kubernetes.null_resource.clusterissuer_cert_manager \
--target=module.kubernetes.null_resource.ingress_cert_manager \
--target=module.kubernetes.kubernetes_ingress.http_ingress
```

2. Uninstall cert-manager: `kubectl delete --filename <kubernetes_services.cert_manager_link>`

3. Create Ingress: `terraform apply --target=module.kubernetes.kubernetes_ingress.http_ingress`

## Contribute to documentation

1. Install MarkdownPP: `pip install MarkdownPP`
2. Make changes in `docs/build/` directory.
3. To create documentation, in the root of repository: `markdown-pp docs/build/input.mdpp -o docs/input.md`
115 changes: 115 additions & 0 deletions certmanager.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,115 @@
# (Optional) Get TLS certificates using cert-manager.

resource "kubernetes_namespace" "cert_manager" {
count = var.kubernetes_services.use_cert_manger ? 1 : 0
depends_on = [var.ow_cluster_ready]
metadata { name = "cert-manager" }
}

resource "null_resource" "install_cert_manager" {
count = var.kubernetes_services.use_cert_manger && var.ow_kubectl_ready ? 1 : 0
depends_on = [kubernetes_namespace.cert_manager]

provisioner "local-exec" {
when = create
command = <<EOT
kubectl apply --validate=false \
--filename ${var.kubernetes_services.cert_manager_link}
EOT
}

provisioner "local-exec" {
when = destroy
command = <<EOT
kubectl delete Issuers,ClusterIssuers,Certificates,CertificateRequests,Orders,Challenges \
--grace-period=0 --all --all-namespaces;
EOT
}
}

resource "null_resource" "clusterissuer_cert_manager" {
count = var.kubernetes_services.use_cert_manger ? 1 : 0
depends_on = [null_resource.install_cert_manager]

provisioner "local-exec" {
when = create
command = <<EOT
sleep 5m && \
kubectl apply -f - <<EOF
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
namespace: default
name: letsencrypt-issuer
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: ${var.kubes_common_configmap.CERT_ADMIN_EMAIL}
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
name: ${kubernetes_ingress.http_ingress.metadata[0].name}
selector: {}
EOF
EOT
}
}

resource "null_resource" "certificate_cert_manager" {
count = var.kubernetes_services.use_cert_manger ? 1 : 0
depends_on = [null_resource.clusterissuer_cert_manager, kubernetes_ingress.http_ingress]

provisioner "local-exec" {
when = create
command = <<EOT
sleep 10m && \
kubectl apply -f - <<EOF
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
namespace: default
name: openwisp-tls-crt
spec:
secretName: openwisp-tls-secret
renewBefore: 12h
dnsNames:
- ${var.kubes_common_configmap.DASHBOARD_DOMAIN}
- ${var.kubes_common_configmap.CONTROLLER_DOMAIN}
- ${var.kubes_common_configmap.RADIUS_DOMAIN}
- ${var.kubes_common_configmap.TOPOLOGY_DOMAIN}
issuerRef:
name: letsencrypt-issuer
kind: ClusterIssuer
EOF
EOT
}
}

resource "null_resource" "ingress_cert_manager" {
count = var.kubernetes_services.use_cert_manger ? 1 : 0
depends_on = [null_resource.certificate_cert_manager]

provisioner "local-exec" {
when = create
command = <<EOT
sleep 10m && \
kubectl patch ingress/${kubernetes_ingress.http_ingress.metadata[0].name} \
--patch '{
"spec": {
"tls": [
{
"hosts": [
"${var.kubes_common_configmap.DASHBOARD_DOMAIN}",
"${var.kubes_common_configmap.CONTROLLER_DOMAIN}",
"${var.kubes_common_configmap.RADIUS_DOMAIN}",
"${var.kubes_common_configmap.TOPOLOGY_DOMAIN}"
], "secretName": "openwisp-tls-secret"
}
]
}
}'
EOT
}
}
118 changes: 118 additions & 0 deletions configmap.tf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
# ConfigMap resources, find documentation in
# official docker-openwisp repository.

resource "kubernetes_config_map" "kubes_postgres_configmap" {
depends_on = [var.ow_cluster_ready]
metadata { name = var.kubes_postgres_configmap.configmap_name }
data = {
POSTGRES_DB = var.kubes_postgres_configmap.POSTGRES_DB
POSTGRES_USER = var.kubes_postgres_configmap.POSTGRES_USER
POSTGRES_PASSWORD = var.kubes_postgres_configmap.POSTGRES_PASSWORD
}
}

resource "kubernetes_config_map" "kubes_nfs_configmap" {
depends_on = [var.ow_cluster_ready]
metadata { name = var.kubes_nfs_configmap.configmap_name }
data = {
EXPORT_OPTS = var.kubes_nfs_configmap.EXPORT_OPTS
EXPORT_DIR = var.kubes_nfs_configmap.EXPORT_DIR
}
}

resource "kubernetes_config_map" "kubes_common_configmap" {
depends_on = [var.ow_cluster_ready]
metadata { name = var.kubes_common_configmap.configmap_name }
data = {
DASHBOARD_DOMAIN = var.kubes_common_configmap.DASHBOARD_DOMAIN
CONTROLLER_DOMAIN = var.kubes_common_configmap.CONTROLLER_DOMAIN
RADIUS_DOMAIN = var.kubes_common_configmap.RADIUS_DOMAIN
TOPOLOGY_DOMAIN = var.kubes_common_configmap.TOPOLOGY_DOMAIN
EMAIL_DJANGO_DEFAULT = var.kubes_common_configmap.EMAIL_DJANGO_DEFAULT
DB_USER = var.kubes_common_configmap.DB_USER
DB_PASS = var.kubes_common_configmap.DB_PASS
DJANGO_SECRET_KEY = var.kubes_common_configmap.DJANGO_SECRET_KEY
DJANGO_ALLOWED_HOSTS = var.kubes_common_configmap.DJANGO_ALLOWED_HOSTS
TZ = var.kubes_common_configmap.TZ
CERT_ADMIN_EMAIL = var.kubes_common_configmap.CERT_ADMIN_EMAIL
SSL_CERT_MODE = var.kubes_common_configmap.SSL_CERT_MODE
SET_RADIUS_TASKS = var.kubes_common_configmap.SET_RADIUS_TASKS
SET_TOPOLOGY_TASKS = var.kubes_common_configmap.SET_TOPOLOGY_TASKS
DB_NAME = var.kubes_common_configmap.DB_NAME
DB_ENGINE = var.kubes_common_configmap.DB_ENGINE
DB_PORT = var.kubes_common_configmap.DB_PORT
DB_OPTIONS = var.kubes_common_configmap.DB_OPTIONS
DJANGO_X509_DEFAULT_CERT_VALIDITY = var.kubes_common_configmap.DJANGO_X509_DEFAULT_CERT_VALIDITY
DJANGO_X509_DEFAULT_CA_VALIDITY = var.kubes_common_configmap.DJANGO_X509_DEFAULT_CA_VALIDITY
DJANGO_CORS_ORIGIN_ALLOW_ALL = var.kubes_common_configmap.DJANGO_CORS_ORIGIN_ALLOW_ALL
DJANGO_LANGUAGE_CODE = var.kubes_common_configmap.DJANGO_LANGUAGE_CODE
DJANGO_SENTRY_DSN = var.kubes_common_configmap.DJANGO_SENTRY_DSN
DJANGO_LEAFET_CENTER_X_AXIS = var.kubes_common_configmap.DJANGO_LEAFET_CENTER_X_AXIS
DJANGO_LEAFET_CENTER_Y_AXIS = var.kubes_common_configmap.DJANGO_LEAFET_CENTER_Y_AXIS
DJANGO_LEAFET_ZOOM = var.kubes_common_configmap.DJANGO_LEAFET_ZOOM
EMAIL_BACKEND = var.kubes_common_configmap.EMAIL_BACKEND
EMAIL_HOST_PORT = var.kubes_common_configmap.EMAIL_HOST_PORT
EMAIL_HOST_USER = var.kubes_common_configmap.EMAIL_HOST_USER
EMAIL_HOST_PASSWORD = var.kubes_common_configmap.EMAIL_HOST_PASSWORD
EMAIL_HOST_TLS = var.kubes_common_configmap.EMAIL_HOST_TLS
POSTFIX_ALLOWED_SENDER_DOMAINS = var.kubes_common_configmap.POSTFIX_ALLOWED_SENDER_DOMAINS
POSTFIX_MYHOSTNAME = var.kubes_common_configmap.POSTFIX_MYHOSTNAME
POSTFIX_DESTINATION = var.kubes_common_configmap.POSTFIX_DESTINATION
POSTFIX_MESSAGE_SIZE_LIMIT = var.kubes_common_configmap.POSTFIX_MESSAGE_SIZE_LIMIT
POSTFIX_MYNETWORKS = var.kubes_common_configmap.POSTFIX_MYNETWORKS
POSTFIX_RELAYHOST_TLS_LEVEL = var.kubes_common_configmap.POSTFIX_RELAYHOST_TLS_LEVEL
POSTFIX_RELAYHOST = var.kubes_common_configmap.POSTFIX_RELAYHOST
POSTFIX_RELAYHOST_USERNAME = var.kubes_common_configmap.POSTFIX_RELAYHOST_USERNAME
POSTFIX_RELAYHOST_PASSWORD = var.kubes_common_configmap.POSTFIX_RELAYHOST_PASSWORD
FREERADIUS_ORGANIZATION = var.kubes_common_configmap.FREERADIUS_ORGANIZATION
FREERADIUS_KEY = var.kubes_common_configmap.FREERADIUS_KEY
FREERADIUS_CLIENTS = var.kubes_common_configmap.FREERADIUS_CLIENTS
CRON_DELETE_OLD_RADACCT = var.kubes_common_configmap.CRON_DELETE_OLD_RADACCT
CRON_DELETE_OLD_POSTAUTH = var.kubes_common_configmap.CRON_DELETE_OLD_POSTAUTH
CRON_CLEANUP_STALE_RADACCT = var.kubes_common_configmap.CRON_CLEANUP_STALE_RADACCT
CRON_DELETE_OLD_USERS = var.kubes_common_configmap.CRON_DELETE_OLD_USERS
NGINX_HTTP2 = var.kubes_common_configmap.NGINX_HTTP2
NGINX_CLIENT_BODY_SIZE = var.kubes_common_configmap.NGINX_CLIENT_BODY_SIZE
NGINX_IP6_STRING = var.kubes_common_configmap.NGINX_IP6_STRING
NGINX_IP6_80_STRING = var.kubes_common_configmap.NGINX_IP6_80_STRING
NGINX_ADMIN_ALLOW_NETWORK = var.kubes_common_configmap.NGINX_ADMIN_ALLOW_NETWORK
NGINX_SERVER_NAME_HASH_BUCKET = var.kubes_common_configmap.NGINX_SERVER_NAME_HASH_BUCKET
NGINX_SSL_CONFIG = var.kubes_common_configmap.NGINX_SSL_CONFIG
NGINX_80_CONFIG = var.kubes_common_configmap.NGINX_80_CONFIG
NGINX_GZIP_SWITCH = var.kubes_common_configmap.NGINX_GZIP_SWITCH
NGINX_GZIP_LEVEL = var.kubes_common_configmap.NGINX_GZIP_LEVEL
NGINX_GZIP_PROXIED = var.kubes_common_configmap.NGINX_GZIP_PROXIED
NGINX_GZIP_MIN_LENGTH = var.kubes_common_configmap.NGINX_GZIP_MIN_LENGTH
NGINX_GZIP_TYPES = var.kubes_common_configmap.NGINX_GZIP_TYPES
NGINX_HTTPS_ALLOWED_IPS = var.kubes_common_configmap.NGINX_HTTPS_ALLOWED_IPS
NGINX_HTTP_ALLOW = var.kubes_common_configmap.NGINX_HTTP_ALLOW
NGINX_CUSTOM_FILE = var.kubes_common_configmap.NGINX_CUSTOM_FILE
NINGX_REAL_REMOTE_ADDR = var.kubes_common_configmap.NINGX_REAL_REMOTE_ADDR
VPN_ORG = var.kubes_common_configmap.VPN_ORG
VPN_NAME = var.kubes_common_configmap.VPN_NAME
VPN_CLIENT_NAME = var.kubes_common_configmap.VPN_CLIENT_NAME
X509_NAME_CA = var.kubes_common_configmap.X509_NAME_CA
X509_NAME_CERT = var.kubes_common_configmap.X509_NAME_CERT
X509_COUNTRY_CODE = var.kubes_common_configmap.X509_COUNTRY_CODE
X509_STATE = var.kubes_common_configmap.X509_STATE
X509_CITY = var.kubes_common_configmap.X509_CITY
X509_ORGANIZATION_NAME = var.kubes_common_configmap.X509_ORGANIZATION_NAME
X509_ORGANIZATION_UNIT_NAME = var.kubes_common_configmap.X509_ORGANIZATION_UNIT_NAME
X509_EMAIL = var.kubes_common_configmap.X509_EMAIL
X509_COMMON_NAME = var.kubes_common_configmap.X509_COMMON_NAME
DB_HOST = var.kubes_common_configmap.DB_HOST
EMAIL_HOST = var.kubes_common_configmap.EMAIL_HOST
REDIS_HOST = var.kubes_common_configmap.REDIS_HOST
DASHBOARD_APP_SERVICE = var.kubes_common_configmap.DASHBOARD_APP_SERVICE
CONTROLLER_APP_SERVICE = var.kubes_common_configmap.CONTROLLER_APP_SERVICE
RADIUS_APP_SERVICE = var.kubes_common_configmap.RADIUS_APP_SERVICE
TOPOLOGY_APP_SERVICE = var.kubes_common_configmap.TOPOLOGY_APP_SERVICE
DEBUG_MODE = var.kubes_common_configmap.DEBUG_MODE
DASHBOARD_APP_PORT = var.kubes_common_configmap.DASHBOARD_APP_PORT
CONTROLLER_APP_PORT = var.kubes_common_configmap.CONTROLLER_APP_PORT
RADIUS_APP_PORT = var.kubes_common_configmap.RADIUS_APP_PORT
TOPOLOGY_APP_PORT = var.kubes_common_configmap.TOPOLOGY_APP_PORT
DASHBOARD_URI = var.kubes_common_configmap.DASHBOARD_URI
POSTFIX_DEBUG_MYNETWORKS = var.kubes_common_configmap.POSTFIX_DEBUG_MYNETWORKS
}
}
Loading

0 comments on commit 4dbba53

Please sign in to comment.