move FT to exemplos, add grafana/prometheus ingress

gitbarnabedikartola · Jan 23, 2024 · 87f7f75 · 87f7f75
1 parent 30ea2e5
commit 87f7f75
Show file tree

Hide file tree

Showing 20 changed files with 475 additions and 95 deletions.
diff --git a/manifests/cert-manager/cert-manager.yaml → exemplos/cert-manager/cert-manager.yaml b/manifests/cert-manager/cert-manager.yaml → exemplos/cert-manager/cert-manager.yaml
diff --git a/...cert-manager/letsencrypt-issuer-prod.yaml → ...cert-manager/letsencrypt-issuer-prod.yaml b/...cert-manager/letsencrypt-issuer-prod.yaml → ...cert-manager/letsencrypt-issuer-prod.yaml
diff --git a/...t-manager/letsencrypt-issuer-staging.yaml → ...t-manager/letsencrypt-issuer-staging.yaml b/...t-manager/letsencrypt-issuer-staging.yaml → ...t-manager/letsencrypt-issuer-staging.yaml
diff --git a/...-controller/nginx-ingress-controller.yaml → ...-controller/nginx-ingress-controller.yaml b/...-controller/nginx-ingress-controller.yaml → ...-controller/nginx-ingress-controller.yaml
diff --git a/exemplos/nginx/nginx-configmap.yaml b/exemplos/nginx/nginx-configmap.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+data:
+  nginx.conf: |
+    events {
+    }
+    http {
+      server {
+        listen 80;
+        location / {
+          root /usr/share/nginx/html;
+          index index.html;
+        }
+      }
+    }
+kind: ConfigMap
+metadata:
+  name: nginx-config
diff --git a/exemplos/nginx/nginx-deployment.yaml b/exemplos/nginx/nginx-deployment.yaml
@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: nginx
+  name: nginx-deployment
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: nginx
+  template:
+    metadata:
+      labels:
+        app: nginx
+    spec:
+      containers:
+      - image: nginx:1.14.2
+        name: nginx
+        resources:
+          limits:
+            cpu: '0.2'
+            memory: 512Mi
+          requests:
+            cpu: '0.1'
+            memory: 128Mi
+        ports:
+        - containerPort: 80
+        volumeMounts:
+          - name: nginx-config
+            mountPath: /etc/nginx/nginx.conf
+            subPath: nginx.conf
+      volumes:
+      - name: nginx-config
+        configMap:
+          name: nginx-config
diff --git a/manifests/nginx-ingress.yaml → exemplos/nginx/nginx-ingress.yaml b/manifests/nginx-ingress.yaml → exemplos/nginx/nginx-ingress.yaml
@@ -25,7 +25,7 @@ spec:
   - hosts:
     - nginx.oke-free.org
     secretName: nginx-tls
-  ingressClassName: nginx
+  ingressClassName: nginx  # Cuidado esse é a classe de ingress
   rules:
   - host: nginx.oke-free.org
     http:

diff --git a/exemplos/nginx/nginx-svc.yaml b/exemplos/nginx/nginx-svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nginx-service
+spec:
+  type: NodePort
+  selector:
+    app: nginx
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+      # nodePort: 30080
diff --git a/exemplos/prometeus-grafana/grafana-ingress.yaml b/exemplos/prometeus-grafana/grafana-ingress.yaml
@@ -0,0 +1,40 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: grafana-cert
+  namespace: prometheus
+spec:
+  secretName: grafana-tls
+  issuerRef:
+    name: letsencrypt-prod
+    # name: letsencrypt-staging
+    kind: ClusterIssuer
+  dnsNames:
+  - grafana.oke-free.org
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: grafana-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+  #   cert-manager.io/cluster-issuer: "letsencrypt-staging"
+  namespace: prometheus
+spec:
+  tls:
+  - hosts:
+    - grafana.oke-free.org
+    secretName: grafana-tls
+  ingressClassName: nginx
+  rules:
+  - host: grafana.oke-free.org
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: prometheus-stack-grafana
+            port:
+              number: 80
diff --git a/exemplos/prometeus-grafana/prometheus-ingress.yaml b/exemplos/prometeus-grafana/prometheus-ingress.yaml
@@ -0,0 +1,40 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: prometheus-cert
+  namespace: prometheus
+spec:
+  secretName: prometheus-tls
+  issuerRef:
+    name: letsencrypt-prod
+    # name: letsencrypt-staging
+    kind: ClusterIssuer
+  dnsNames:
+  - prometheus.oke-free.org
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: prometheus-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+  #   cert-manager.io/cluster-issuer: "letsencrypt-staging"
+  namespace: prometheus
+spec:
+  tls:
+  - hosts:
+    - prometheus.oke-free.org
+    secretName: prometheus-tls
+  ingressClassName: nginx
+  rules:
+  - host: prometheus.oke-free.org
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: prometheus-operated
+            port:
+              number: 9090
diff --git a/exemplos/terraform/loadbalancer/loadbalancer.tf b/exemplos/terraform/loadbalancer/loadbalancer.tf
@@ -0,0 +1,72 @@
+data "oci_core_instances" "instances" {
+  compartment_id = var.compartment_id
+}
+
+resource "oci_network_load_balancer_network_load_balancer" "nlb" {
+  compartment_id = var.compartment_id
+  display_name   = "k8s-nlb"
+  subnet_id      = var.public_subnet_id
+
+  is_private                     = false
+  is_preserve_source_destination = false
+}
+
+resource "oci_network_load_balancer_backend_set" "nlb_backend_set_http" {
+  health_checker {
+    protocol = "TCP"
+  }
+  name                     = "k8s-backend-set-http"
+  network_load_balancer_id = oci_network_load_balancer_network_load_balancer.nlb.id
+  policy                   = "FIVE_TUPLE"
+  depends_on               = [oci_network_load_balancer_network_load_balancer.nlb]
+
+  is_preserve_source = false
+}
+
+resource "oci_network_load_balancer_backend_set" "nlb_backend_set_https" {
+  health_checker {
+    protocol = "TCP"
+  }
+  name                     = "k8s-backend-set-https"
+  network_load_balancer_id = oci_network_load_balancer_network_load_balancer.nlb.id
+  policy                   = "FIVE_TUPLE"
+  depends_on               = [oci_network_load_balancer_network_load_balancer.nlb]
+
+  is_preserve_source = false
+}
+
+resource "oci_network_load_balancer_backend" "nlb_backend_http" {
+  backend_set_name         = oci_network_load_balancer_backend_set.nlb_backend_set_http.name
+  network_load_balancer_id = oci_network_load_balancer_network_load_balancer.nlb.id
+  port                     = var.node_port_http
+  depends_on               = [oci_network_load_balancer_backend_set.nlb_backend_set_http]
+  count                    = var.node_size
+  target_id                = data.oci_core_instances.instances.instances[count.index].id
+}
+
+resource "oci_network_load_balancer_backend" "nlb_backend_https" {
+  backend_set_name         = oci_network_load_balancer_backend_set.nlb_backend_set_https.name
+  network_load_balancer_id = oci_network_load_balancer_network_load_balancer.nlb.id
+  port                     = var.node_port_https
+  depends_on               = [oci_network_load_balancer_backend_set.nlb_backend_set_https]
+  count                    = var.node_size
+  target_id                = data.oci_core_instances.instances.instances[count.index].id
+}
+
+resource "oci_network_load_balancer_listener" "nlb_listener_http" {
+  default_backend_set_name = oci_network_load_balancer_backend_set.nlb_backend_set_http.name
+  name                     = "k8s-nlb-listener-http"
+  network_load_balancer_id = oci_network_load_balancer_network_load_balancer.nlb.id
+  port                     = var.listener_port_http
+  protocol                 = "TCP"
+  depends_on               = [oci_network_load_balancer_backend.nlb_backend_http]
+}
+
+resource "oci_network_load_balancer_listener" "nlb_listener_https" {
+  default_backend_set_name = oci_network_load_balancer_backend_set.nlb_backend_set_https.name
+  name                     = "k8s-nlb-listener-https"
+  network_load_balancer_id = oci_network_load_balancer_network_load_balancer.nlb.id
+  port                     = var.listener_port_https
+  protocol                 = "TCP"
+  depends_on               = [oci_network_load_balancer_backend.nlb_backend_https]
+}
diff --git a/exemplos/terraform/loadbalancer/variables.tf b/exemplos/terraform/loadbalancer/variables.tf
@@ -0,0 +1,26 @@
+variable "namespace"{
+}
+
+variable "node_pool_id"{
+}
+
+variable "compartment_id"{
+}
+
+variable "public_subnet_id"{
+}
+
+variable "node_size"{
+}
+
+variable "node_port_http" {
+}
+
+variable "node_port_https" {
+}
+
+variable "listener_port_http" {  
+}
+
+variable "listener_port_https" {  
+}
diff --git a/exemplos/terraform/terrafile.tf b/exemplos/terraform/terrafile.tf
@@ -0,0 +1,72 @@
+module "compartment" {
+  source                            = "./compartment"
+  compartment_name                  = var.compartment_name
+}
+
+module "vcn" {
+  source                            = "oracle-terraform-modules/vcn/oci"
+  version                           = "3.6.0"
+
+  compartment_id                    = module.compartment.compartment_id
+  region                            = var.region
+
+  internet_gateway_route_rules      = null
+  local_peering_gateways            = null
+  nat_gateway_route_rules           = null
+
+  vcn_name                          = var.vcn_name
+  vcn_dns_label                     = var.vcn_dns_label
+  vcn_cidrs                         = ["10.0.0.0/16"]
+
+  create_internet_gateway           = true
+  create_nat_gateway                = true
+  create_service_gateway            = true
+}
+
+module "network" {
+  source                            = "./network"
+  compartment_id                    = module.compartment.compartment_id
+  vcn_id                            = module.vcn.vcn_id
+  nat_route_id                      = module.vcn.nat_route_id
+  ig_route_id                       = module.vcn.ig_route_id
+}
+
+module "cluster" {
+  source                            = "./cluster"
+  compartment_id                    = module.compartment.compartment_id
+  cluster_name                      = var.cluster_name
+  k8s_version                       = var.k8s_version
+  node_size                         = var.node_size
+  shape                             = var.shape
+  memory_in_gbs_per_node            = var.memory_in_gbs_per_node
+  ocpus_per_node                    = var.ocpus_per_node
+  image_id                          = var.image_id
+  ssh_public_key                    = var.ssh_public_key
+  public_subnet_id                  = module.network.public_subnet_id
+  vcn_id                            = module.vcn.vcn_id
+  vcn_private_subnet_id             = module.network.vcn_private_subnet_id
+}
+
+module "loadbalancer" {
+  source                            = "./loadbalancer"
+  depends_on                        = [ module.cluster, module.network, module.compartment, module.vcn ]
+  namespace                         = var.load_balancer_name_space
+  node_pool_id                      = module.cluster.node_pool_id
+  compartment_id                    = module.compartment.compartment_id
+  public_subnet_id                  = module.network.public_subnet_id
+  node_size                         = var.node_size
+  node_port_http                         = var.node_port_http
+  node_port_https                         = var.node_port_https
+  listener_port_http                    = var.listener_port_http
+  listener_port_https                    = var.listener_port_https
+}
+
+module "kubeconfig" {
+  source                            = "./kubeconfig"
+  cluster_id                        = module.cluster.cluster_id
+  depends_on                        = [ module.loadbalancer ]
+}
+
+output "public_ip" {
+  value = module.loadbalancer.load_balancer_public_ip
+}