forked from ii/infra
-
Notifications
You must be signed in to change notification settings - Fork 0
/
providers.tf
108 lines (108 loc) · 2.94 KB
/
providers.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
terraform {
required_providers {
talos = {
source = "siderolabs/talos"
version = "0.4.0"
}
helm = {
source = "hashicorp/helm"
version = "2.9.0"
}
equinix = {
source = "equinix/equinix"
version = "1.13.0"
}
dns = {
source = "hashicorp/dns"
version = "3.4.0"
}
flux = {
source = "fluxcd/flux"
version = "1.2.3"
}
github = {
source = "integrations/github"
version = "6.0.1"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = "2.27.0"
}
authentik = {
source = "goauthentik/authentik"
version = "2024.2.0"
}
random = {
source = "hashicorp/random"
version = "3.6.0"
}
powerdns = {
source = "pan-net/powerdns"
version = "1.5.0"
}
}
backend "kubernetes" {
secret_suffix = "cluster-state"
namespace = "hh"
}
}
provider "talos" {
alias = "talos"
# Configuration options
}
provider "helm" {
alias = "helm"
# Configuration options
}
provider "equinix" {
alias = "equinix"
# Configuration options
token = var.equinix_metal_auth_token
}
provider "github" {
owner = var.github_org
token = var.github_token
}
provider "dns" {
update {
server = var.rfc2136_nameserver
key_name = var.rfc2136_tsig_keyname
key_secret = var.rfc2136_tsig_key
key_algorithm = "hmac-sha256"
}
}
provider "kubernetes" {
alias = "cluster"
config_path = "./tmp/cluster-kubeconfig"
# host = "https://${module.cluster.kubeconfig.node}:6443"
# client_certificate = base64decode(module.cluster.kubeconfig.kubernetes_client_configuration.client_certificate)
# client_key = base64decode(module.cluster.kubeconfig.kubernetes_client_configuration.client_key)
# cluster_ca_certificate = base64decode(module.cluster.kubeconfig.kubernetes_client_configuration.ca_certificate)
}
provider "flux" {
alias = "cluster"
kubernetes = {
config_path = "./tmp/cluster-kubeconfig"
# host = "https://${module.cluster.kubeconfig.node}:6443"
# client_certificate = base64decode(module.cluster.kubeconfig.kubernetes_client_configuration.client_certificate)
# client_key = base64decode(module.cluster.kubeconfig.kubernetes_client_configuration.client_key)
# cluster_ca_certificate = base64decode(module.cluster.kubeconfig.kubernetes_client_configuration.ca_certificate)
}
git = {
url = "ssh://[email protected]/${var.github_org}/${var.github_repository}.git"
ssh = {
username = "git"
private_key = module.cluster-flux-bootstrap.github_repository_deploy_key
}
}
}
provider "authentik" {
url = "https://sso.cloudnative.coop"
token = module.cluster-manifests.authentik_bootstrap_token
# Optionally set insecure to ignore TLS Certificates
# insecure = true
}
provider "powerdns" {
api_key = var.pdns_api_key
server_url = var.pdns_host
}