1st commit

opentofu/.gitignore

@@ -0,0 +1,15 @@
+# ignore common tempfiles
+*~
+
+# Folder view configuration files
+.DS_Store
+Desktop.ini
+
+# Thumbnail cache files
+._*
+Thumbs.db
+
+# Files that might appear on external disks
+.Spotlight-V100
+.Trashes
+

opentofu/modules/simple-nginx/deployment.tf

@@ -0,0 +1,50 @@
+resource "kubectl_manifest" "sn-my-app-service-deployment" {
+  depends_on = [
+    kubectl_manifest.sn-my-simple-app-persistence
+  ]
+
+  yaml_body = <<YAML
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nginx-deployment
+  namespace: ${var.sn_namespace_name}
+  labels:
+    app: nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - name: nginx
+        image: nginx:stable-alpine
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - mountPath: "/usr/share/nginx/html"
+          name: nginx-data
+      volumes:
+      - name: nginx-data
+        persistentVolumeClaim:
+          claimName: nginx-data
+YAML
+}
+
+#resource "null_resource" "update_index_html" {
+#  depends_on = [kubectl_manifest.sn-my-app-service-deployment] # if defined
+#
+#  provisioner "local-exec" {
+#    command = <<-EOT
+#      kubectl exec deployment/nginx-deployment \
+#        --namespace=ingress-nginx -- \
+#        /bin/sh -c 'echo "<!DOCTYPE html><html><body><h1>My simple App</h1><p>Made be possible by Opentofu</p></body></html>" > /usr/share/nginx/html/index.html'
+#    EOT
+#  }
+#
+#}

opentofu/modules/simple-nginx/main.tf

@@ -0,0 +1,21 @@
+resource "kubectl_manifest" "sn-my-app-service" {
+  depends_on = [
+#    kubectl_manifest.sn-my-simple-app-nsp,
+    kubectl_manifest.sn-my-app-service-deployment
+  ]
+
+  yaml_body = <<YAML
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-service
+  namespace: ${var.sn_namespace_name}
+spec:
+  selector:
+    app: nginx
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+YAML
+}

opentofu/modules/simple-nginx/persistence.tf

@@ -0,0 +1,15 @@
+resource "kubectl_manifest" "sn-my-simple-app-persistence" {
+  yaml_body = <<YAML
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nginx-data
+  namespace: ${var.sn_namespace_name}
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+YAML
+}

opentofu/modules/simple-nginx/variables.tf

@@ -0,0 +1,5 @@
+# variables.tf (root module)
+variable "sn_namespace_name" {
+  type    = string
+  description = "Specify into which namespace all resources will be deployed"
+}

opentofu/modules/simple-nginx/versions.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.7.0"
+    }
+  }
+}

opentofu/simple-test/.gitignore

@@ -0,0 +1,30 @@
+# Local .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# OpenTofu plan output
+*.tfplan
+
+# Sensitive variable files (if used)
+*.tfvars
+*.tfvars.json
+
+# Override files which are not meant to be committed
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# CLI configuration files
+.tofu/
+.tofu.lock.hcl
+.terraform/
+.terraform.lock.hcl
+
+# IDE/editor files (optional but recommended)
+.vscode/
+.idea/
+.DS_Store

opentofu/simple-test/helm-nginx-values.yml

@@ -0,0 +1,21 @@
+# Enable RBAC (usually enabled by default, but explicit here)
+rbac:
+  create: true
+
+controller:
+  config:
+    entries:
+      proxy-protocol: "True"
+      # Optional but commonly used together with proxy protocol:
+      real-ip-header: "proxy_protocol"
+      # Replace CIDR(s) below with your LB/node networks
+#      set-real-ip-from: "10.0.0.0/8,192.168.0.0/16"
+      set-real-ip-from: "0.0.0.0/0"
+
+  # Service configuration (for the LoadBalancer service in front of the controller)
+  service:
+    annotations:
+      loadbalancer.openstack.org/keep-floatingip: "true"
+      loadbalancer.openstack.org/proxy-protocol: "true"
+
+# end of file

opentofu/simple-test/kubernetes-auth.tf

@@ -0,0 +1,26 @@
+#off-01: variable "kubeconfig_path" {
+#off-01:   type        = string
+#off-01:   description = "Path to the kubeconfig file"
+#off-01: }
+provider "kubectl" {
+#off-01:   config_path = var.kubeconfig_path
+  host                   = var.cluster_endpoint
+  cluster_ca_certificate = base64decode(var.cluster_ca_cert)
+  token                  = var.cluster_token
+}
+
+provider "kubernetes" {
+#off-01:   config_path = var.kubeconfig_path
+  host                   = var.cluster_endpoint
+  cluster_ca_certificate = base64decode(var.cluster_ca_cert)
+  token                  = var.cluster_token
+}
+
+provider "helm" {
+  kubernetes {
+#off-01:     config_path = var.kubeconfig_path
+    host                   = var.cluster_endpoint
+    cluster_ca_certificate = base64decode(var.cluster_ca_cert)
+    token                  = var.cluster_token
+  }
+}

opentofu/simple-test/main.tf

@@ -0,0 +1,87 @@
+resource "kubernetes_namespace" "ingress_nginx" {
+  metadata {
+    name = "ns-ingress"
+  }
+}
+
+resource "kubernetes_namespace" "ns_nginx" {
+  metadata {
+    name = "ns-nginx"
+  }
+}
+
+
+resource "helm_release" "ingress_nginx" {
+  depends_on = [
+    kubernetes_namespace.ingress_nginx
+  ]
+
+  name       = "ingress-nginx"
+# Error: could not download chart: GET "https://ghcr.io/v2/nginx/charts/nginx-ingress/tags/list": GET "https://ghcr.io/token?scope=repository%3Anginx%2Fcharts%2Fnginx-ingress%3Apull&service=ghcr.io": unexpected status code 403: denied: denied
+#  repository = "oci://ghcr.io/nginx/charts"
+  repository = "oci://registry-1.docker.io/nginxcharts"
+  chart      = "nginx-ingress"
+#  version    = "2.3.1"
+#does not work  version    = "latest" # optional; pin a specific version if desired
+  namespace  = kubernetes_namespace.ingress_nginx.metadata[0].name
+#off-00 create_namespace = true
+
+  # Load values from external file
+  values = [
+    file("${path.root}/helm-nginx-values.yml")
+  ]
+
+}
+
+# MAIN
+###
+
+
+# install simple-nginx
+module "simple-nginx" {
+  depends_on = [
+    helm_release.ingress_nginx
+  ]
+
+  source = "../modules/simple-nginx"
+  providers = {
+    kubectl = kubectl
+  }
+
+  sn_namespace_name        = kubernetes_namespace.ns_nginx.metadata[0].name
+}
+
+resource "kubernetes_ingress_v1" "my_simple_nginx_ingress" {
+  metadata {
+    name = "my-simple-nginx-ingress"
+    namespace = kubernetes_namespace.ns_nginx.metadata[0].name
+
+    annotations = {
+      "nginx.ingress.kubernetes.io/rewrite-target" = "/"
+    }
+  }
+
+  spec {
+    ingress_class_name = "nginx"
+
+    rule {
+      host = "regula-test.webid-solutions.de"
+
+      http {
+        path {
+          path      = "/"
+          path_type = "Prefix"
+
+          backend {
+            service {
+              name = "nginx-service"
+              port {
+                number = 80
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}

opentofu/simple-test/variables.tf

@@ -0,0 +1,16 @@
+# variables.tf (root module)
+
+variable "cluster_endpoint" {
+  description = "URL of cluster endpoint. /api... will be added to it."
+  type        = string
+}
+variable "cluster_ca_cert" {
+  description = "base64 encoded cluster CA certificate."
+  type        = string
+}
+variable "cluster_token" {
+  description = "Cluster service account access token."
+  type        = string
+}
+
+# end of file

opentofu/simple-test/versions.tf

@@ -0,0 +1,26 @@
+terraform {
+  required_version = ">= 0.13"
+
+  required_providers {
+    kubectl = {
+      source  = "gavinbunney/kubectl"
+      version = ">= 1.7.0"
+    }
+
+    # for using helm charts
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = "~> 2.25.2"
+    }
+
+    helm = {
+      source  = "hashicorp/helm"
+      version = "~> 2.12.1" # Or latest
+    }
+
+    ansiblevault = {
+      source  = "MeilleursAgents/ansiblevault"
+      version = "~> 2.0"
+    }
+  }
+}