diff --git a/.gitignore b/.gitignore index 91a1788..4201bbb 100644 --- a/.gitignore +++ b/.gitignore @@ -37,3 +37,6 @@ terraform.rc *.terraform.lock.hcl oci-managed/oke/kubeconfig oci-managed/traefik-values.yml +cert.pem +cert.key +oci-managed/nlb/traefik_values.yaml diff --git a/oci-managed/nlb/dns.tf b/oci-managed/nlb/dns.tf new file mode 100644 index 0000000..3500dd2 --- /dev/null +++ b/oci-managed/nlb/dns.tf @@ -0,0 +1,40 @@ +data "oci_network_load_balancer_network_load_balancers" "traefik" { + compartment_id = var.compartment_ocid + state = "Active" + depends_on = [helm_release.traefik] +} + +locals { + traefik_nlb_public_ip = data.oci_network_load_balancer_network_load_balancers.traefik.network_load_balancer_collection[0].items[0].ip_addresses[0].ip_address +} + +data "cloudflare_zone" "dns_zone" { + name = var.traefik_template_values.my_domain +} + +resource "cloudflare_record" "main_domain" { + type = "A" + name = var.traefik_template_values.my_domain + zone_id = data.cloudflare_zone.dns_zone.id + proxied = true + value = local.traefik_nlb_public_ip + depends_on = [helm_release.traefik, data.oci_network_load_balancer_network_load_balancers.traefik, data.cloudflare_zone.dns_zone] +} + +resource "cloudflare_record" "traefik" { + type = "A" + name = "traefik" + proxied = true + zone_id = data.cloudflare_zone.dns_zone.id + value = local.traefik_nlb_public_ip + depends_on = [helm_release.traefik, data.oci_network_load_balancer_network_load_balancers.traefik, data.cloudflare_zone.dns_zone] +} + +resource "cloudflare_record" "wildcard" { + type = "A" + name = "*" + proxied = true + value = local.traefik_nlb_public_ip + zone_id = data.cloudflare_zone.dns_zone.id + depends_on = [helm_release.traefik, data.oci_network_load_balancer_network_load_balancers.traefik, data.cloudflare_zone.dns_zone] +} diff --git a/oci-managed/nlb/provider.tf b/oci-managed/nlb/provider.tf index 94f1517..db952e1 100644 --- a/oci-managed/nlb/provider.tf +++ b/oci-managed/nlb/provider.tf @@ -4,5 +4,9 @@ terraform { source = "hashicorp/helm" version = ">= 2.12.1" } + cloudflare = { + source = "cloudflare/cloudflare" + version = "~> 4.0" + } } } \ No newline at end of file diff --git a/oci-managed/nlb/variables.tf b/oci-managed/nlb/variables.tf index 1159167..14eb782 100644 --- a/oci-managed/nlb/variables.tf +++ b/oci-managed/nlb/variables.tf @@ -22,7 +22,7 @@ variable "traefik_chart_version" { variable "timeout_seconds" { type = number description = "Helm chart deployment can sometimes take longer than the default 5 minutes. Set a custom timeout here." - default = 180 # 10 minutes + default = 800 # 10 minutes } variable "replica_count" { diff --git a/oci-managed/provider.tf b/oci-managed/provider.tf index c6fcf10..0ef1fa6 100644 --- a/oci-managed/provider.tf +++ b/oci-managed/provider.tf @@ -8,9 +8,9 @@ terraform { source = "hashicorp/helm" version = ">= 2.12.1" } - kubectl = { - source = "gavinbunney/kubectl" - version = ">= 1.14.0" + cloudflare = { + source = "cloudflare/cloudflare" + version = "~> 4.0" } } } @@ -30,6 +30,7 @@ provider "helm" { } } -provider "kubectl" { - config_path = "oke/kubeconfig" +provider "cloudflare" { + email = var.cloudflare_api_email + api_key = var.cloudflare_api_key } \ No newline at end of file diff --git a/oci-managed/variables.tf b/oci-managed/variables.tf index d290f3a..ef3086d 100644 --- a/oci-managed/variables.tf +++ b/oci-managed/variables.tf @@ -6,15 +6,20 @@ variable "private_key_path" {} variable "availability_domain" {} variable "cluster_name" {} -variable "certmanager_email_address" { - type = string -} -variable "cloudflare_email_address" { + +variable "cloudflare_api_email" { type = string } variable "cloudflare_api_key" { type = string } +variable "cloudflare_origin_certificate_pem" { + type = string +} +variable "cloudflare_origin_certificate_key" { + type = string +} + variable "my_domain" { type = string }