vranystepan · February 5, 2019 20:17
diff --git a/main-wo-lb.tf.hcl b/main-wo-lb.tf.hcl
 # set Digital Ocean token with:
 # export TF_VAR_do_token="..."
 variable "do_token" {}

 # set health check port
 variable "hc_port" {
  default = 8000
 }

 # Initialize provider
 provider "digitalocean" {
  token = "${var.do_token}"
 }

 # Create a tag for LB
 resource "digitalocean_tag" "expose-lb" {
  name = "expose-lb"
 }

 resource "digitalocean_kubernetes_cluster" "foo" {
  name    = "cl01"
  region  = "fra1"
  version = "1.12.1-do.2"

  node_pool {
    name       = "woker-pool"
    size       = "s-2vcpu-2gb"
    node_count = 3
    tags = ["${digitalocean_tag.expose-lb.id}"]
  }
 }

 resource "local_file" "kubeconfig" {
    content     = "${digitalocean_kubernetes_cluster.foo.kube_config.0.raw_config}"
    filename = "kubeconfig.yaml"
 }


 # initialize Kubernetes provider
 provider "kubernetes" {
  host = "${digitalocean_kubernetes_cluster.foo.endpoint}"
  client_certificate     = "${base64decode(digitalocean_kubernetes_cluster.foo.kube_config.0.client_certificate)}"
  client_key             = "${base64decode(digitalocean_kubernetes_cluster.foo.kube_config.0.client_key)}"
  cluster_ca_certificate = "${base64decode(digitalocean_kubernetes_cluster.foo.kube_config.0.cluster_ca_certificate)}"
 }

 # create service account for tiller - server side of Helm
 resource "kubernetes_service_account" "tiller" {
  automount_service_account_token = true

  metadata {
    name      = "tiller-service-account"
    namespace = "kube-system"
  }
 }

 # allow tiller do the stuff :)
 resource "kubernetes_cluster_role_binding" "tiller" {
  metadata {
    name = "tiller-cluster-rule"
  }

  role_ref {    
    api_group = "rbac.authorization.k8s.io"
    kind      = "ClusterRole"
    name      = "cluster-admin"
  }

  subject {
    kind      = "ServiceAccount"
    name      = "${kubernetes_service_account.tiller.metadata.0.name}"
    api_group = ""
    namespace = "${kubernetes_service_account.tiller.metadata.0.namespace}"
  }
 }

 # initialize Helm provider
 provider "helm" {
  install_tiller = true
  service_account = "${kubernetes_service_account.tiller.metadata.0.name}"
  tiller_image = "gcr.io/kubernetes-helm/tiller:v2.11.0"

  kubernetes {
    host = "${digitalocean_kubernetes_cluster.foo.endpoint}"
    client_certificate     = "${base64decode(digitalocean_kubernetes_cluster.foo.kube_config.0.client_certificate)}"
    client_key             = "${base64decode(digitalocean_kubernetes_cluster.foo.kube_config.0.client_key)}"
    cluster_ca_certificate = "${base64decode(digitalocean_kubernetes_cluster.foo.kube_config.0.cluster_ca_certificate)}"
  }
 }
	# set Digital Ocean token with:
	# export TF_VAR_do_token="..."
	variable "do_token" {}

	# set health check port
	variable "hc_port" {
	default = 8000
	}

	# Initialize provider
	provider "digitalocean" {
	token = "${var.do_token}"
	}

	# Create a tag for LB
	resource "digitalocean_tag" "expose-lb" {
	name = "expose-lb"
	}

	resource "digitalocean_kubernetes_cluster" "foo" {
	name = "cl01"
	region = "fra1"
	version = "1.12.1-do.2"

	node_pool {
	name = "woker-pool"
	size = "s-2vcpu-2gb"
	node_count = 3
	tags = ["${digitalocean_tag.expose-lb.id}"]
	}
	}

	resource "local_file" "kubeconfig" {
	content = "${digitalocean_kubernetes_cluster.foo.kube_config.0.raw_config}"
	filename = "kubeconfig.yaml"
	}


	# initialize Kubernetes provider
	provider "kubernetes" {
	host = "${digitalocean_kubernetes_cluster.foo.endpoint}"
	client_certificate = "${base64decode(digitalocean_kubernetes_cluster.foo.kube_config.0.client_certificate)}"
	client_key = "${base64decode(digitalocean_kubernetes_cluster.foo.kube_config.0.client_key)}"
	cluster_ca_certificate = "${base64decode(digitalocean_kubernetes_cluster.foo.kube_config.0.cluster_ca_certificate)}"
	}

	# create service account for tiller - server side of Helm
	resource "kubernetes_service_account" "tiller" {
	automount_service_account_token = true

	metadata {
	name = "tiller-service-account"
	namespace = "kube-system"
	}
	}

	# allow tiller do the stuff :)
	resource "kubernetes_cluster_role_binding" "tiller" {
	metadata {
	name = "tiller-cluster-rule"
	}

	role_ref {
	api_group = "rbac.authorization.k8s.io"
	kind = "ClusterRole"
	name = "cluster-admin"
	}

	subject {
	kind = "ServiceAccount"
	name = "${kubernetes_service_account.tiller.metadata.0.name}"
	api_group = ""
	namespace = "${kubernetes_service_account.tiller.metadata.0.namespace}"
	}
	}

	# initialize Helm provider
	provider "helm" {
	install_tiller = true
	service_account = "${kubernetes_service_account.tiller.metadata.0.name}"
	tiller_image = "gcr.io/kubernetes-helm/tiller:v2.11.0"

	kubernetes {
	host = "${digitalocean_kubernetes_cluster.foo.endpoint}"
	client_certificate = "${base64decode(digitalocean_kubernetes_cluster.foo.kube_config.0.client_certificate)}"
	client_key = "${base64decode(digitalocean_kubernetes_cluster.foo.kube_config.0.client_key)}"
	cluster_ca_certificate = "${base64decode(digitalocean_kubernetes_cluster.foo.kube_config.0.cluster_ca_certificate)}"
	}
	}