Add cloudlfare dns management

.gitignore

@@ -37,3 +37,6 @@ terraform.rc
 *.terraform.lock.hcl
 oci-managed/oke/kubeconfig
 oci-managed/traefik-values.yml
+cert.pem
+cert.key
+oci-managed/nlb/traefik_values.yaml

oci-managed/nlb/dns.tf

@@ -0,0 +1,40 @@
+data "oci_network_load_balancer_network_load_balancers" "traefik" {
+  compartment_id = var.compartment_ocid
+  state          = "Active"
+  depends_on     = [helm_release.traefik]
+}
+
+locals {
+  traefik_nlb_public_ip = data.oci_network_load_balancer_network_load_balancers.traefik.network_load_balancer_collection[0].items[0].ip_addresses[0].ip_address
+}
+
+data "cloudflare_zone" "dns_zone" {
+  name = var.traefik_template_values.my_domain
+}
+
+resource "cloudflare_record" "main_domain" {
+  type       = "A"
+  name       = var.traefik_template_values.my_domain
+  zone_id    = data.cloudflare_zone.dns_zone.id
+  proxied    = true
+  value      = local.traefik_nlb_public_ip
+  depends_on = [helm_release.traefik, data.oci_network_load_balancer_network_load_balancers.traefik, data.cloudflare_zone.dns_zone]
+}
+
+resource "cloudflare_record" "traefik" {
+  type       = "A"
+  name       = "traefik"
+  proxied    = true
+  zone_id    = data.cloudflare_zone.dns_zone.id
+  value      = local.traefik_nlb_public_ip
+  depends_on = [helm_release.traefik, data.oci_network_load_balancer_network_load_balancers.traefik, data.cloudflare_zone.dns_zone]
+}
+
+resource "cloudflare_record" "wildcard" {
+  type       = "A"
+  name       = "*"
+  proxied    = true
+  value      = local.traefik_nlb_public_ip
+  zone_id    = data.cloudflare_zone.dns_zone.id
+  depends_on = [helm_release.traefik, data.oci_network_load_balancer_network_load_balancers.traefik, data.cloudflare_zone.dns_zone]
+}

oci-managed/nlb/provider.tf

@@ -4,5 +4,9 @@ terraform {
       source  = "hashicorp/helm"
       version = ">= 2.12.1"
     }
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 4.0"
+    }
   }
 }

oci-managed/nlb/variables.tf

@@ -22,7 +22,7 @@ variable "traefik_chart_version" {
 variable "timeout_seconds" {
   type        = number
   description = "Helm chart deployment can sometimes take longer than the default 5 minutes. Set a custom timeout here."
-  default     = 180 # 10 minutes
+  default     = 800 # 10 minutes
 }
 
 variable "replica_count" {

oci-managed/provider.tf

@@ -8,9 +8,9 @@ terraform {
       source  = "hashicorp/helm"
       version = ">= 2.12.1"
     }
-    kubectl = {
-      source  = "gavinbunney/kubectl"
-      version = ">= 1.14.0"
+    cloudflare = {
+      source  = "cloudflare/cloudflare"
+      version = "~> 4.0"
     }
   }
 }
@@ -30,6 +30,7 @@ provider "helm" {
   }
 }
 
-provider "kubectl" {
-  config_path = "oke/kubeconfig"
+provider "cloudflare" {
+  email   = var.cloudflare_api_email
+  api_key = var.cloudflare_api_key
 }

oci-managed/variables.tf

@@ -6,15 +6,20 @@ variable "private_key_path" {}
 variable "availability_domain" {}
 variable "cluster_name" {}
 
-variable "certmanager_email_address" {
+
+variable "cloudflare_api_email" {
   type = string
 }
-variable "cloudflare_email_address" {
+variable "cloudflare_api_key" {
   type = string
 }
-variable "cloudflare_api_key" {
+variable "cloudflare_origin_certificate_pem" {
   type = string
 }
+variable "cloudflare_origin_certificate_key" {
+  type = string
+}
+
 variable "my_domain" {
   type = string
 }