From 6f5e8d4fd21cfd450707938e46e0fc33c7d0614a Mon Sep 17 00:00:00 2001 From: Mauritz Uphoff <39736813+h3adex@users.noreply.github.com> Date: Tue, 17 Sep 2024 16:14:28 +0200 Subject: [PATCH] Documentation: How to use Hashicorp Kubernetes with SKE (#522) * docs: fix typo vault guide * docs: add comprehensive guide for using Kubernetes provider with STACKIT SKE --- docs/guides/kubernetes_provider_ske.md | 83 +++++++++++++++++++ docs/guides/vault_secrets_manager.md | 4 +- .../guides/kubernetes_provider_ske.md.tmpl | 83 +++++++++++++++++++ .../guides/vault_secrets_manager.md.tmpl | 4 +- 4 files changed, 170 insertions(+), 4 deletions(-) create mode 100644 docs/guides/kubernetes_provider_ske.md create mode 100644 templates/guides/kubernetes_provider_ske.md.tmpl diff --git a/docs/guides/kubernetes_provider_ske.md b/docs/guides/kubernetes_provider_ske.md new file mode 100644 index 00000000..ac4296b5 --- /dev/null +++ b/docs/guides/kubernetes_provider_ske.md @@ -0,0 +1,83 @@ +--- +page_title: "Using Kubernetes Provider with STACKIT SKE" +--- +# Using Kubernetes Provider with STACKIT SKE + +## Overview + +This guide outlines the process of utilizing the [HashiCorp Kubernetes provider](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs) alongside the STACKIT provider to create and manage resources in a STACKIT SKE Cluster. + +## Steps + +1. **Configure STACKIT Provider** + + First, configure the STACKIT provider to connect to the STACKIT services. + + ```hcl + provider "stackit" { + region = "eu01" + } + ``` + +2. **Create STACKIT SKE Cluster** + + Define and create the STACKIT SKE cluster resource with the necessary specifications. + + ```hcl + resource "stackit_ske_cluster" "ske_cluster_01" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + name = "example-cluster" + kubernetes_version_min = "1.31" + + node_pools = [ + { + name = "example-node-pool" + machine_type = "g1.3" + minimum = 1 + maximum = 2 + availability_zones = ["eu01-1"] + os_version_min = "3815.2.5" + os_name = "flatcar" + volume_size = 32 + volume_type = "storage_premium_perf6" + } + ] + } + ``` + +3. **Define STACKIT SKE Kubeconfig** + + Create a resource to obtain the kubeconfig for the newly created STACKIT SKE cluster. + + ```hcl + resource "stackit_ske_kubeconfig" "ske_kubeconfig_01" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + cluster_name = stackit_ske_cluster.ske_cluster_01.name + refresh = true + } + ``` + +4. **Configure Kubernetes Provider** + + Use the kubeconfig from the STACKIT SKE cluster to configure the Kubernetes provider. + + ```hcl + provider "kubernetes" { + host = yamldecode(stackit_ske_kubeconfig.ske_kubeconfig_01.kube_config).clusters[0].cluster.server + client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.ske_kubeconfig_01.kube_config).users[0].user["client-certificate-data"]) + client_key = base64decode(yamldecode(stackit_ske_kubeconfig.ske_kubeconfig_01.kube_config).users[0].user["client-key-data"]) + cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.ske_kubeconfig_01.kube_config).clusters[0].cluster["certificate-authority-data"]) + } + ``` + +5. **Define Kubernetes Resources** + + Now you can start defining Kubernetes resources that you want to manage. Here is an example of creating a Kubernetes Namespace. + + ```hcl + resource "kubernetes_namespace" "dev" { + metadata { + name = "dev" + } + } + ``` \ No newline at end of file diff --git a/docs/guides/vault_secrets_manager.md b/docs/guides/vault_secrets_manager.md index c6e8bf39..0cdb807d 100644 --- a/docs/guides/vault_secrets_manager.md +++ b/docs/guides/vault_secrets_manager.md @@ -5,7 +5,7 @@ page_title: "Using Vault Provider with STACKIT Secrets Manager" ## Overview -This guide outlines the process of utilizing the HashiCorp Vault provider alongside the STACKIT provider to write secrets in the STACKIT Secrets Manager. The guide focuses on secrets from STACKIT Cloud resources but can be adapted for any secret. +This guide outlines the process of utilizing the [HashiCorp Vault provider](https://registry.terraform.io/providers/hashicorp/vault) alongside the STACKIT provider to write secrets in the STACKIT Secrets Manager. The guide focuses on secrets from STACKIT Cloud resources but can be adapted for any secret. ## Steps @@ -21,7 +21,7 @@ This guide outlines the process of utilizing the HashiCorp Vault provider alongs ```hcl resource "stackit_secretsmanager_instance" "example" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"" + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" name = "example-instance" } ``` diff --git a/templates/guides/kubernetes_provider_ske.md.tmpl b/templates/guides/kubernetes_provider_ske.md.tmpl new file mode 100644 index 00000000..ac4296b5 --- /dev/null +++ b/templates/guides/kubernetes_provider_ske.md.tmpl @@ -0,0 +1,83 @@ +--- +page_title: "Using Kubernetes Provider with STACKIT SKE" +--- +# Using Kubernetes Provider with STACKIT SKE + +## Overview + +This guide outlines the process of utilizing the [HashiCorp Kubernetes provider](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs) alongside the STACKIT provider to create and manage resources in a STACKIT SKE Cluster. + +## Steps + +1. **Configure STACKIT Provider** + + First, configure the STACKIT provider to connect to the STACKIT services. + + ```hcl + provider "stackit" { + region = "eu01" + } + ``` + +2. **Create STACKIT SKE Cluster** + + Define and create the STACKIT SKE cluster resource with the necessary specifications. + + ```hcl + resource "stackit_ske_cluster" "ske_cluster_01" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + name = "example-cluster" + kubernetes_version_min = "1.31" + + node_pools = [ + { + name = "example-node-pool" + machine_type = "g1.3" + minimum = 1 + maximum = 2 + availability_zones = ["eu01-1"] + os_version_min = "3815.2.5" + os_name = "flatcar" + volume_size = 32 + volume_type = "storage_premium_perf6" + } + ] + } + ``` + +3. **Define STACKIT SKE Kubeconfig** + + Create a resource to obtain the kubeconfig for the newly created STACKIT SKE cluster. + + ```hcl + resource "stackit_ske_kubeconfig" "ske_kubeconfig_01" { + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + cluster_name = stackit_ske_cluster.ske_cluster_01.name + refresh = true + } + ``` + +4. **Configure Kubernetes Provider** + + Use the kubeconfig from the STACKIT SKE cluster to configure the Kubernetes provider. + + ```hcl + provider "kubernetes" { + host = yamldecode(stackit_ske_kubeconfig.ske_kubeconfig_01.kube_config).clusters[0].cluster.server + client_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.ske_kubeconfig_01.kube_config).users[0].user["client-certificate-data"]) + client_key = base64decode(yamldecode(stackit_ske_kubeconfig.ske_kubeconfig_01.kube_config).users[0].user["client-key-data"]) + cluster_ca_certificate = base64decode(yamldecode(stackit_ske_kubeconfig.ske_kubeconfig_01.kube_config).clusters[0].cluster["certificate-authority-data"]) + } + ``` + +5. **Define Kubernetes Resources** + + Now you can start defining Kubernetes resources that you want to manage. Here is an example of creating a Kubernetes Namespace. + + ```hcl + resource "kubernetes_namespace" "dev" { + metadata { + name = "dev" + } + } + ``` \ No newline at end of file diff --git a/templates/guides/vault_secrets_manager.md.tmpl b/templates/guides/vault_secrets_manager.md.tmpl index c6e8bf39..0cdb807d 100644 --- a/templates/guides/vault_secrets_manager.md.tmpl +++ b/templates/guides/vault_secrets_manager.md.tmpl @@ -5,7 +5,7 @@ page_title: "Using Vault Provider with STACKIT Secrets Manager" ## Overview -This guide outlines the process of utilizing the HashiCorp Vault provider alongside the STACKIT provider to write secrets in the STACKIT Secrets Manager. The guide focuses on secrets from STACKIT Cloud resources but can be adapted for any secret. +This guide outlines the process of utilizing the [HashiCorp Vault provider](https://registry.terraform.io/providers/hashicorp/vault) alongside the STACKIT provider to write secrets in the STACKIT Secrets Manager. The guide focuses on secrets from STACKIT Cloud resources but can be adapted for any secret. ## Steps @@ -21,7 +21,7 @@ This guide outlines the process of utilizing the HashiCorp Vault provider alongs ```hcl resource "stackit_secretsmanager_instance" "example" { - project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"" + project_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" name = "example-instance" } ```