feat:akamai physical (#854)

* fix: provider config * fix: argocd connection
konstructio · Jan 23, 2025 · 8c5fe6e · 8c5fe6e
1 parent 8660ba4
commit 8c5fe6e
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 64 deletions.
diff --git a/akamai-github/templates/workload-cluster/20-argocd-connection.yaml b/akamai-github/templates/workload-cluster/20-argocd-connection.yaml
@@ -23,10 +23,8 @@ spec:
             "bearerToken": "{{ .argocd_manager_sa_token }}",
             "tlsClientConfig": {
                 "caData": "{{ .cluster_ca_certificate | b64enc }}",
-                "certData": "{{ .client_certificate | b64enc }}",
-                "insecure": false,
-                "keyData": "{{ .client_key | b64enc }}"
-              }
+                "insecure": false
+            }
           }
   secretStoreRef:
     kind: ClusterSecretStore
@@ -50,14 +48,4 @@ spec:
         property: cluster_ca_certificate
         conversionStrategy: Default
       secretKey: cluster_ca_certificate
-    - remoteRef:
-        key: clusters/<WORKLOAD_CLUSTER_NAME>
-        property: client_certificate
-        conversionStrategy: Default
-      secretKey: client_certificate
-    - remoteRef:
-        key: clusters/<WORKLOAD_CLUSTER_NAME>
-        property: client_key
-        conversionStrategy: Default
-      secretKey: client_key
 
diff --git a/akamai-github/templates/workload-cluster/infrastructure/workspace.yaml b/akamai-github/templates/workload-cluster/infrastructure/workspace.yaml
@@ -1,19 +1,24 @@
 apiVersion: tf.upbound.io/v1beta1
 kind: Workspace
 metadata:
-  name: <WORKLOAD_CLUSTER_NAME>
+  name: "<WORKLOAD_CLUSTER_NAME>"
   annotations:
     argocd.argoproj.io/sync-wave: "10"
-    crossplane.io/external-name: <WORKLOAD_CLUSTER_NAME>
+    crossplane.io/external-name: "<WORKLOAD_CLUSTER_NAME>"
 spec:
   providerConfigRef:
-    name: <WORKLOAD_CLUSTER_NAME>
+    name: "<WORKLOAD_CLUSTER_NAME>"
   forProvider:
     source: Inline
     module: |
       variable "instance_size" {
         type    = string
-        default = "g4s.kube.medium"
+        default = "<WORKLOAD_NODE_TYPE>"
+      }
+
+      variable "region" {
+        type    = string
+        default = "<WORKLOAD_CLUSTER_REGION>"
       }
 
       variable "node_count" {
@@ -25,48 +30,39 @@ spec:
         cluster_name = "<WORKLOAD_CLUSTER_NAME>"
       }
 
-      resource "civo_network" "kubefirst" {
-        label = local.cluster_name
-      }
+      resource "linode_lke_cluster" "kubefirst" {
+        label       = local.cluster_name
+        k8s_version = "1.30"
+        region      =  var.region
+        pool {
+          type = var.instance_size
 
-      resource "civo_firewall" "kubefirst" {
-        name                 = local.cluster_name
-        network_id           = civo_network.kubefirst.id
-        create_default_rules = true
-      }
-
-      resource "civo_kubernetes_cluster" "kubefirst" {
-        name        = local.cluster_name
-        network_id  = civo_network.kubefirst.id
-        firewall_id = civo_firewall.kubefirst.id
-        pools {
-          label      = local.cluster_name
-          size       = var.instance_size
-          node_count = var.node_count
+          autoscaler {
+            min = var.node_count
+            max = var.node_count
+          }
         }
       }
 
       resource "vault_generic_secret" "clusters" {
         path = "secret/clusters/${local.cluster_name}"
-
+      
         data_json = jsonencode(
           {
-            kubeconfig             = civo_kubernetes_cluster.kubefirst.kubeconfig
-            client_certificate     = base64decode(yamldecode(civo_kubernetes_cluster.kubefirst.kubeconfig).users[0].user.client-certificate-data)
-            client_key             = base64decode(yamldecode(civo_kubernetes_cluster.kubefirst.kubeconfig).users[0].user.client-key-data)
-            cluster_ca_certificate = base64decode(yamldecode(civo_kubernetes_cluster.kubefirst.kubeconfig).clusters[0].cluster.certificate-authority-data)
-            host                   = civo_kubernetes_cluster.kubefirst.api_endpoint
-            cluster_name           = local.cluster_name
+            kubeconfig              = linode_lke_cluster.kubefirst.kubeconfig
+            token                   = yamldecode(base64decode(linode_lke_cluster.kubefirst.kubeconfig)).users[0].user.token
+            cluster_ca_certificate  = base64decode(yamldecode(base64decode(linode_lke_cluster.kubefirst.kubeconfig)).clusters[0].cluster["certificate-authority-data"])
+            host                    = linode_lke_cluster.kubefirst.api_endpoints[0]
+            cluster_name            = local.cluster_name
             argocd_manager_sa_token = kubernetes_secret_v1.argocd_manager.data.token
           }
         )
       }
 
       provider "kubernetes" {
-        host                   = civo_kubernetes_cluster.kubefirst.api_endpoint
-        client_certificate     = base64decode(yamldecode(civo_kubernetes_cluster.kubefirst.kubeconfig).users[0].user.client-certificate-data)
-        client_key             = base64decode(yamldecode(civo_kubernetes_cluster.kubefirst.kubeconfig).users[0].user.client-key-data)
-        cluster_ca_certificate = base64decode(yamldecode(civo_kubernetes_cluster.kubefirst.kubeconfig).clusters[0].cluster.certificate-authority-data)
+        host                   = linode_lke_cluster.kubefirst.api_endpoints[0]
+        token                  = yamldecode(base64decode(linode_lke_cluster.kubefirst.kubeconfig)).users[0].user.token
+        cluster_ca_certificate = base64decode(yamldecode(base64decode(linode_lke_cluster.kubefirst.kubeconfig)).clusters[0].cluster["certificate-authority-data"])
       }
 
       resource "kubernetes_cluster_role_v1" "argocd_manager" {
@@ -232,4 +228,4 @@ spec:
         data = {
           mgmt_cluster_id = "<CLUSTER_ID>"
         }
-      }
+      }
diff --git a/akamai-github/templates/workload-cluster/provider-config/providerconfig.yaml b/akamai-github/templates/workload-cluster/provider-config/providerconfig.yaml
@@ -7,42 +7,34 @@ metadata:
 spec:
   configuration: |
       terraform {
-        backend "s3" {
+          backend "s3" {
           bucket   = "<KUBEFIRST_STATE_STORE_BUCKET>"
           key      = "registry/clusters/<WORKLOAD_CLUSTER_NAME>/infrastructure/provider-config/terraform.tfstate"
-          endpoint = "https://us-east-1.linodeobjects.com"
+          endpoint = "https://<CLUSTER_NAME>.us-east-1.linodeobjects.com" #! edit
 
-          region = "<CLOUD_REGION>"
+          region = "us-east-1"
 
           skip_credentials_validation = true
           skip_metadata_api_check     = true
           skip_region_validation      = true
           force_path_style            = true
         }
         required_providers {
-          civo = {
-            source = "civo/civo"
+          linode = {
+            source  = "linode/linode"
+            version = "2.16.0"
           }
           kubernetes = {
-            source = "hashicorp/kubernetes"
+            source  = "hashicorp/kubernetes"
             version = "2.23.0"
           }
           vault = {
-            source = "hashicorp/vault"
+            source  = "hashicorp/vault"
             version = "3.19.0"
           }
         }
       }
-      provider "civo" {
-        region = "<WORKLOAD_CLUSTER_REGION>"
-      }
   credentials:
-  - filename: gen-nothing
-    source: None
-    secretRef:
-      namespace: crossplane-system
-      name: civo-creds
-      key: token
   - filename: .git-credentials
     source: Secret
     secretRef:

diff --git a/akamai-github/terraform/akamai/main.tf b/akamai-github/terraform/akamai/main.tf
@@ -4,7 +4,7 @@ terraform {
     key      = "terraform/civo/terraform.tfstate"
     endpoint = "https://<CLUSTER_NAME>.us-east-1.linodeobjects.com" #! edit
 
-    region = "us-east-1" #! edit
+    region = "us-east-1"
 
     skip_credentials_validation = true
     skip_metadata_api_check     = true