temp tf

terraform/platform/app/environments.tf

@@ -0,0 +1,13 @@
+module "app-env-prod" {
+  source = "github.com/roleypoly/devops.git//terraform/modules/cluster-environment"
+
+  environment_tag = "production"
+  app_name        = "roleypoly"
+}
+
+module "app-env-stage" {
+  source = "github.com/roleypoly/devops.git//terraform/modules/cluster-environment"
+
+  environment_tag = "staging"
+  app_name        = "roleypoly"
+}

terraform/platform/app/provision.tf

@@ -0,0 +1,47 @@
+terraform {
+  required_version = ">=0.12.6"
+
+  backend "remote" {
+    organization = "Roleypoly"
+
+    workspaces {
+      name = "roleypoly-platform-app"
+    }
+  }
+}
+
+/*
+    Terraform Cloud
+*/
+variable "tfc_email" { type = string }
+variable "tfc_oauth_token_id" { type = string }
+variable "tfc_webhook_url" { type = string }
+provider "tfe" {
+  version = ">=0.15.0"
+}
+
+/*
+    Cloudflare (for tfc vars)
+*/
+variable "cloudflare_token" { type = string }
+variable "cloudflare_email" { type = string }
+variable "cloudflare_zone_id" { type = string }
+provider "cloudflare" {
+  version              = ">=2.0"
+  email                = var.cloudflare_email
+  api_token            = var.cloudflare_token
+  api_user_service_key = var.cloudflare_origin_ca_token
+}
+
+/*
+    Kubernetes
+*/
+variable "k8s_endpoint" { type = string }
+variable "k8s_token" { type = string }
+variable "k8s_cert" { type = string }
+provider "kubernetes" {
+  load_config_file       = false
+  token                  = var.k8s_token
+  host                   = var.k8s_endpoint
+  cluster_ca_certificate = var.k8s_cert
+}

terraform/platform/app/workspaces.tf

@@ -0,0 +1,76 @@
+locals {
+  repo    = "roleypoly/devops"
+  branch  = "master"
+  tfc_org = "Roleypoly"
+
+  common_vars = {}
+  common_secret_vars = {
+    cloudflare_token   = var.cloudflare_token,
+    cloudflare_email   = var.cloudflare_email,
+    cloudflare_zone_id = var.cloudflare_zone_id,
+    k8s_endpoint       = var.k8s_endpoint,
+  }
+}
+
+module "tfcws-production" {
+  source             = "github.com/roleypoly/devops.git//terraform/modules/tfc-workspace"
+  workspace-name     = "roleypoly-app-production"
+  repo               = local.repo
+  branch             = local.branch
+  tfc_webhook_url    = var.tfc_webhook_url
+  directory          = "terraform/app"
+  auto_apply         = false
+  dependent_modules  = []
+  tfc_org            = local.tfc_org
+  tfc_oauth_token_id = var.tfc_oauth_token_id
+
+  vars = merge(local.common_vars, {
+    environment_tag  = "production",
+    ingress_hostname = "prd.roleypoly-nyc.kc"
+    k8s_namespace    = module.app-env-prod.namespace,
+  })
+
+  secret-vars = merge(local.common_secret_vars, {
+    k8s_cert = var.k8s_cert,
+  })
+}
+
+module "tfcws-staging" {
+  source             = "github.com/roleypoly/devops.git//terraform/modules/tfc-workspace"
+  workspace-name     = "roleypoly-app-staging"
+  repo               = local.repo
+  branch             = local.branch
+  tfc_webhook_url    = var.tfc_webhook_url
+  directory          = "terraform/app"
+  auto_apply         = true
+  dependent_modules  = []
+  tfc_org            = local.tfc_org
+  tfc_oauth_token_id = var.tfc_oauth_token_id
+
+  vars = merge(local.common_vars, {
+    environment_tag  = "staging",
+    ingress_hostname = "stg.roleypoly-nyc.kc"
+    k8s_namespace    = module.app-env-stage.namespace,
+  })
+
+  secret-vars = merge(local.common_secret_vars, {
+    k8s_cert = var.k8s_cert,
+  })
+}
+
+// Due to quirk, we must set secret vars manually.
+resource "tfe_variable" "k8s-token-prod" {
+  key          = "k8s_token"
+  value        = module.app-env-prod.service_account_token
+  category     = "terraform"
+  workspace_id = module.tfcws-production.workspace.0.id
+  sensitive    = true
+}
+
+resource "tfe_variable" "k8s-token-stage" {
+  key          = "k8s_token"
+  value        = module.app-env-stage.service_account_token
+  category     = "terraform"
+  workspace_id = module.tfcws-staging.workspace.0.id
+  sensitive    = true
+}