Add terraform for provisioning power build cluster on ibmcloud

Signed-off-by: Prajyot-Parab <[email protected]>

Author: Prajyot-Parab

infra/ibmcloud/OWNERS

@@ -0,0 +1,13 @@
+# See the OWNERS docs at https://go.k8s.io/owners
+
+filters:
+  ".*":
+    approvers:
+    - sig-k8s-infra-leads
+    labels:
+    - sig/k8s-infra
+    - area/infra
+    - area/infra/ibmcloud
+  "\\.sh$":
+    labels:
+    - area/bash

infra/ibmcloud/terraform/k8s-infra-setup/README.md

@@ -0,0 +1,47 @@
+# _TF: IBM K8s Account Infrastructure_
+This Terraform configuration sets up an organized structure for deploying various IBM Cloud resources using modules. 
+
+---
+# To run the automation, follow these steps in order:
+
+**1. Navigate to the correct directory**
+<br> You need to be in the `k8s-infra-setup` directory to run the automation.
+
+**2. Check the `versions.tf` file**
+<br> Set `secret_key` and `access_key` in `versions.tf` to configure the remote S3 backend (IBM Cloud COS).
+
+**3. Initialize Terraform**
+<br> Execute the following command to initialize Terraform in your project directory. This command will download the necessary provider plugins and prepare the working environment.
+```
+terraform init -reconfigure
+```
+
+**4. Check the `variables.tf` file**
+<br> Open the `variables.tf` file to review all the available variables. This file lists all customizable inputs for your Terraform configuration.
+
+`ibmcloud_api_key` is the only required variable that you must set in order to proceed. You can set this key either by adding it to your `var.tfvars` file or by exporting it as an environment variable.
+
+**Option 1:** Set in `var.tfvars` file
+Add the following line to the `var.tfvars` file:
+```
+ibmcloud_api_key = "<YOUR_API_KEY>"
+```
+
+**Option 2:** Export as an environment variable
+Alternatively, you can export the ibmcloud_api_key as an environment variable before running Terraform:
+```
+export TF_VAR_ibmcloud_api_key="<YOUR_API_KEY>"
+```
+
+**5. Run Terraform Apply**
+<br> After setting the necessary variables (particularly the API_KEY), execute the following command to apply the Terraform configuration and provision the infrastructure:
+```
+terraform apply -var-file var.tfvars
+```
+Terraform will display a plan of the actions it will take, and you'll be prompted to confirm the execution. Type `yes` to proceed.
+
+**6 .Get Output Information**
+<br> Once the infrastructure has been provisioned, use the terraform output command to list details about the provisioned resources.
+```
+terraform output
+```

infra/ibmcloud/terraform/k8s-infra-setup/main.tf

@@ -0,0 +1,27 @@
+module "resource_group" {
+  source = "./modules/resource_group"
+}
+
+module "secrets_manager" {
+  source            = "./modules/secrets_manager"
+  resource_group_id = module.resource_group.k8s_rg_id
+}
+
+module "vpc" {
+  providers = {
+    ibm = ibm.vpc
+  }
+  source            = "./modules/vpc"
+  resource_group_id = module.resource_group.k8s_rg_id
+}
+
+module "transit_gateway" {
+  depends_on = [module.vpc]
+  providers = {
+    ibm = ibm.vpc
+  }
+  source            = "./modules/transit_gateway"
+  resource_group_id = module.resource_group.k8s_rg_id
+  vpc_crn           = module.vpc.crn
+  powervs_crn       = ibm_pi_workspace.build_cluster.crn
+}

infra/ibmcloud/terraform/k8s-infra-setup/modules/resource_group/outputs.tf

@@ -0,0 +1,3 @@
+output "k8s_rg_id" {
+  value = ibm_resource_group.k8s_rg.id
+}

infra/ibmcloud/terraform/k8s-infra-setup/modules/resource_group/resource_group.tf

@@ -0,0 +1,3 @@
+resource "ibm_resource_group" "k8s_rg" {
+  name = "k8s-project"
+}

infra/ibmcloud/terraform/k8s-infra-setup/modules/resource_group/versions.tf

@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    ibm = {
+      source = "IBM-Cloud/ibm"
+    }
+  }
+}

infra/ibmcloud/terraform/k8s-infra-setup/modules/secrets_manager/outputs.tf

@@ -0,0 +1,7 @@
+output "k8s_secrets_manager_id" {
+  value = ibm_resource_instance.secrets_manager.guid
+}
+
+output "k8s_powervs_ssh_public_key" {
+  value = tls_private_key.private_key.public_key_openssh
+}

infra/ibmcloud/terraform/k8s-infra-setup/modules/secrets_manager/secrets_manager.tf

@@ -0,0 +1,40 @@
+locals {
+  secrets_manager_region = "us-south"
+  secrets_manager_name   = "k8s-secrets-ppc64le"
+}
+
+resource "ibm_resource_instance" "secrets_manager" {
+  name              = local.secrets_manager_name
+  resource_group_id = var.resource_group_id
+  service           = "secrets-manager"
+  plan              = "standard"
+  location          = local.secrets_manager_region
+
+  timeouts {
+    create = "15m"
+    update = "15m"
+    delete = "15m"
+  }
+}
+
+# RSA key of size 4096 bits
+resource "tls_private_key" "private_key" {
+  algorithm = "RSA"
+  rsa_bits  = 4096
+}
+
+resource "ibm_sm_arbitrary_secret" "ssh_private_key" {
+  name        = "powervs-ssh-private-key"
+  instance_id = ibm_resource_instance.secrets_manager.guid
+  region      = local.secrets_manager_region
+  labels      = ["powervs-ssh-private-key"]
+  payload     = tls_private_key.private_key.private_key_openssh
+}
+
+resource "ibm_sm_arbitrary_secret" "ssh_public_key" {
+  name        = "powervs-ssh-public-key"
+  instance_id = ibm_resource_instance.secrets_manager.guid
+  region      = local.secrets_manager_region
+  labels      = ["powervs-ssh-public-key"]
+  payload     = tls_private_key.private_key.public_key_openssh
+}

infra/ibmcloud/terraform/k8s-infra-setup/modules/secrets_manager/variables.tf

@@ -0,0 +1 @@
+variable "resource_group_id" {}

infra/ibmcloud/terraform/k8s-infra-setup/modules/secrets_manager/versions.tf

@@ -0,0 +1,11 @@
+terraform {
+  required_providers {
+    ibm = {
+      source = "IBM-Cloud/ibm"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "4.0.6"
+    }
+  }
+}