-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.tf
87 lines (67 loc) · 2.71 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
locals {
sa_name = "gitlab-admin"
sa_namespace = "kube-system"
environment_scope = var.stage
project_cluster_enabled = var.enabled && length(var.root_gitlab_project) > 0 ? 1 : 0
group_cluster_enabled = var.enabled && length(var.root_gitlab_group) > 0 ? 1 : 0
group_gitlab_runner_enabled = (var.group_gitlab_runner_enabled && length(var.root_gitlab_group) > 0) ? 1 : 0
cluster_name = var.cluster_name
domain = var.dns_zone
}
# In the next steps we will add a few env variables to Gitlab CI variables
# to make possible run CI jobs that depends on these variables
data "gitlab_project" "root" {
count = local.project_cluster_enabled
id = var.root_gitlab_project
}
data "gitlab_group" "root" {
count = length(var.root_gitlab_group) > 0 ? 1 : 0
group_id = length(var.root_gitlab_group) > 0 ? var.root_gitlab_group : 0
}
module "gitlab_admin_sa" {
source = "./modules/gitlab-admin-service-account"
enabled = var.enabled
kubernetes_endpoint = var.kubernetes_endpoint
kubernetes_token = var.kubernetes_token
kubernetes_ca_cert = var.kubernetes_ca_cert
}
# https://www.terraform.io/docs/providers/gitlab/r/project_cluster.html
data "kubernetes_secret" "gitlab_admin_token" {
count = var.enabled ? 1 : 0
metadata {
name = module.gitlab_admin_sa.sa_name
namespace = local.sa_namespace
}
}
resource "gitlab_project_cluster" "root" {
count = local.project_cluster_enabled
project = join("", data.gitlab_project.root.*.id)
name = local.cluster_name
domain = local.domain
kubernetes_api_url = var.kubernetes_endpoint
kubernetes_token = join(",", data.kubernetes_secret.gitlab_admin_token.*.data.token)
kubernetes_ca_cert = base64decode(var.kubernetes_ca_cert)
environment_scope = local.environment_scope
lifecycle {
ignore_changes = [kubernetes_ca_cert]
}
}
resource "gitlab_group_cluster" "root" {
count = local.group_cluster_enabled
group = join("", data.gitlab_group.root.*.id)
name = local.cluster_name
domain = local.domain
kubernetes_api_url = var.kubernetes_endpoint
kubernetes_token = join(",", data.kubernetes_secret.gitlab_admin_token.*.data.token)
kubernetes_ca_cert = base64decode(var.kubernetes_ca_cert)
## You can use only one Kubernetes cluster per a group/project when your team uses a free plan on Gitlab.com
## If you will set explicitly env scope you can't use Auto DevOps feature
##
## References:
## - https://docs.gitlab.com/12.5/ee/topics/autodevops/index.html#overview
## - https://gitlab.com/gitlab-org/gitlab-foss/blob/master/lib/gitlab/ci/templates/Auto-DevOps.gitlab-ci.yml
environment_scope = local.environment_scope
lifecycle {
ignore_changes = [kubernetes_ca_cert]
}
}