1
0
Fork 0

feat: add terraform

This commit is contained in:
Vojtěch Mareš 2024-05-13 09:46:54 +02:00
parent 1614412d2a
commit 43708777b4
Signed by: vojtech.mares
GPG key ID: C6827B976F17240D
10 changed files with 379 additions and 1 deletions

1
.gitignore vendored
View file

@ -1,2 +1,3 @@
.terraform
terraform.tfstate*
k3s/kubeconfig.yaml

66
.terraform.lock.hcl generated Normal file
View file

@ -0,0 +1,66 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/cloudflare/cloudflare" {
version = "4.32.0"
constraints = ">= 4.19.0"
hashes = [
"h1:VkvPnLqX3nw7GdV9rgtTIrxgfmmTRTHPAXQmMqPWO3o=",
"zh:307dd2bc31c8fb2837fcc3f4aeddad71f22a187013a83447bfbc8854e9c04a0b",
"zh:3f602288229c2972cbbb724736f5894c3199fb9b2a34dc84116c1e4827d5cea9",
"zh:42416df3c78205560fb3dced6c0b488cacc965bdc6a976ecf12763b9e917c214",
"zh:46c7cd5a7cc6337b37c64c12814762c67af66d8ee0286183732c8cf15c428d87",
"zh:5581dd946165b11c2cffcf8f183269560b66f64bf64539a0c9825ed36473279c",
"zh:5bd23ab7381bdeb1498cd5b896d2f036307710f9744c708409e5f8bf45d6fa10",
"zh:7700bb5f76be11dd8ec7a1d21a4767cc2c9970473417f9b1ac2cde41faec52ff",
"zh:82027285efdb0f6843bfd36c76c660425ae5f6a816e12c8369cbc6a8240816d0",
"zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
"zh:91e199d6777d0aa796a169121e6ed673bd9368e742538fc4d9c29a4726eabf89",
"zh:a5c7472485e08019eae16cd73ed1e35bfab1617ffb93d5aedb7343d808db72f5",
"zh:bee90ade6dfccd2165406216c5150418869c2fb37543d85fd964341a54453e59",
"zh:bfee5bf91c7d27fdf19de0425710506518ebc6d39824124d2aa1e0610105d2ee",
"zh:ce4bd4b218ea2da725ff2f99c96d037402f7d977b03c3ff53efe2e23dcb775bc",
"zh:f2d6da62fd093f5612bbd76f8d4613617eb2cc0fc9042fd8e76ab43330a25c57",
]
}
provider "registry.terraform.io/hashicorp/random" {
version = "3.6.1"
hashes = [
"h1:a+Goawwh6Qtg4/bRWzfDtIdrEFfPlnVy0y4LdUQY3nI=",
"zh:2a0ec154e39911f19c8214acd6241e469157489fc56b6c739f45fbed5896a176",
"zh:57f4e553224a5e849c99131f5e5294be3a7adcabe2d867d8a4fef8d0976e0e52",
"zh:58f09948c608e601bd9d0a9e47dcb78e2b2c13b4bda4d8f097d09152ea9e91c5",
"zh:5c2a297146ed6fb3fe934c800e78380f700f49ff24dbb5fb5463134948e3a65f",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
"zh:7ce41e26f0603e31cdac849085fc99e5cd5b3b73414c6c6d955c0ceb249b593f",
"zh:8c9e8d30c4ef08ee8bcc4294dbf3c2115cd7d9049c6ba21422bd3471d92faf8a",
"zh:93e91be717a7ffbd6410120eb925ebb8658cc8f563de35a8b53804d33c51c8b0",
"zh:982542e921970d727ce10ed64795bf36c4dec77a5db0741d4665230d12250a0d",
"zh:b9d1873f14d6033e216510ef541c891f44d249464f13cc07d3f782d09c7d18de",
"zh:cfe27faa0bc9556391c8803ade135a5856c34a3fe85b9ae3bdd515013c0c87c1",
"zh:e4aabf3184bbb556b89e4b195eab1514c86a2914dd01c23ad9813ec17e863a8a",
]
}
provider "registry.terraform.io/hetznercloud/hcloud" {
version = "1.47.0"
constraints = ">= 1.47.0"
hashes = [
"h1:KQbtq1sXF4deoc0DKgjyyJMdIuHfhfhAPkVV0DlTMRI=",
"zh:0759f0c23d0e59baab3382320eef4eb314e0c5967b6ef67ff07135da07a97b34",
"zh:0e9ca84c4059d6d7e2c9f13d3c2b1cd91f7d9a47bedcb4b80c7c77d536eff887",
"zh:17a033ac4650a39ddacf3265a449edabaea528f81542c4e63e254272d5aac340",
"zh:2997c76a500e42b7519b24fa1f8646d9baab70c68277f80394560d3e1fd06e6d",
"zh:37f3fe7bb34cac63c69123e43e5426bab75816b3665dbe7125276a8d2ee6b2d8",
"zh:45d4b04dc470f24ad96c1c0b6636ea5422c659004f3e472c863bc50130fabf25",
"zh:46df99d972a78af6875565e53a73df66d870c474a20cd90e9e0a3092aa25197f",
"zh:4b5bb8d49366ad895c6c767efe16a1b8143802414abfe3fdb1184cbbecf424eb",
"zh:55c6199eb401c4b0a6c948ceac8b50f352e252e1c985903ed173bf26ad0f109e",
"zh:7b6efe897bffa37248064155a699e67953350b5b9a5476456c0160ce59254557",
"zh:7bc004bcb649ce1ec70e2cf848392e10a1edbcbf11b3292a4cc5c5d49bd769e4",
"zh:e1b17b7595f158fbb3021afa8869b541b5c10bdd2d8d2b2b3eaa82200b104ddd",
"zh:f741ca40e8e99a3e4114ad108ea2b5a5bccbedb008326c7f647f250580e69c0e",
"zh:fae9c7f8d08a447bb0972529f6db06999c35391046320206041a988aeca6b54c",
]
}

89
dns.tf Normal file
View file

@ -0,0 +1,89 @@
# data "cloudflare_zone" "cthulhunetes" {
# name = "cthulhunetes.net"
# }
# resource "cloudflare_zone" "cthulhunetes" {
# account_id = "f24333bb3c47d6db753e57e2a0c90082"
# zone = "cthulhunetes.net"
# }
# resource "cloudflare_zone_dnssec" "cthulhunetes" {
# zone_id = cloudflare_zone.cthulhunetes.id
# }
# resource "cloudflare_zone_settings_override" "cthulhunetes" {
# zone_id = cloudflare_zone.cthulhunetes.id
# settings {
# always_use_https = "on"
# automatic_https_rewrites = "on"
# ssl = "full"
# }
# }
resource "cloudflare_record" "cthulhu_control_plane" {
count = length(hcloud_server.cthulhu_control_plane)
zone_id = data.cloudflare_zone.vxm_cz.id
name = "control-plane-${count.index}.cthulhu.k8s"
value = hcloud_server.cthulhu_control_plane[count.index].ipv4_address
type = "A"
proxied = false
}
resource "cloudflare_record" "cthulhu_control_plane_ipv6" {
count = length(hcloud_server.cthulhu_control_plane)
zone_id = data.cloudflare_zone.vxm_cz.id
name = "control-plane-${count.index}.cthulhu.k8s"
value = hcloud_server.cthulhu_control_plane[count.index].ipv6_address
type = "AAAA"
proxied = false
}
resource "cloudflare_record" "cthulhu_kubeapi_singlenode" {
count = length(hcloud_server.cthulhu_control_plane) == 1 ? 1 : 0
zone_id = data.cloudflare_zone.vxm_cz.id
name = "api.cthulhu.k8s"
value = hcloud_server.cthulhu_control_plane[0].ipv4_address
type = "A"
proxied = false
}
resource "cloudflare_record" "cthulhu_kubeapi_singlenode_ipv6" {
count = length(hcloud_server.cthulhu_control_plane) == 1 ? 1 : 0
zone_id = data.cloudflare_zone.vxm_cz.id
name = "api.cthulhu.k8s"
value = hcloud_server.cthulhu_control_plane[0].ipv6_address
type = "AAAA"
proxied = false
}
resource "cloudflare_record" "cthulhu_workers" {
count = length(hcloud_server.cthulhu_workers)
zone_id = data.cloudflare_zone.vxm_cz.id
name = "worker-${random_string.workers_suffix.result}-${count.index}.cthulhu.k8s"
value = hcloud_server.cthulhu_workers[count.index].ipv4_address
type = "A"
proxied = false
}
resource "cloudflare_record" "cthulhu_workers_ipv6" {
count = length(hcloud_server.cthulhu_workers)
zone_id = data.cloudflare_zone.vxm_cz.id
name = "worker-${random_string.workers_suffix.result}-${count.index}.cthulhu.k8s"
value = hcloud_server.cthulhu_workers[count.index].ipv6_address
type = "AAAA"
proxied = false
}
resource "cloudflare_record" "cthulhu_wildcard" {
zone_id = data.cloudflare_zone.vxm_cz.id
name = "*.cthulhu.k8s"
value = cloudflare_record.ingress_cthulhu_k8s_vxm_cz.hostname
type = "CNAME"
proxied = false
}

58
loadbalancer.tf Normal file
View file

@ -0,0 +1,58 @@
resource "hcloud_load_balancer" "ingress" {
name = "cthulhu-ingress"
load_balancer_type = "lb11"
location = "fsn1"
labels = {
"env" = "production"
"k8s.cluster.name" = "cthulhu"
}
}
resource "hcloud_load_balancer_target" "ingress" {
type = "label_selector"
label_selector = "k8s.node.role=worker"
use_private_ip = true
load_balancer_id = hcloud_load_balancer.ingress.id
depends_on = [hcloud_load_balancer_network.ingress_to_network]
}
resource "hcloud_load_balancer_service" "ingress_workers_tcp_80" {
load_balancer_id = hcloud_load_balancer.ingress.id
protocol = "tcp"
listen_port = 80
destination_port = 32080
proxyprotocol = true
}
resource "hcloud_load_balancer_service" "ingress_workers_tcp_443" {
load_balancer_id = hcloud_load_balancer.ingress.id
protocol = "tcp"
listen_port = 443
destination_port = 32443
proxyprotocol = true
}
resource "cloudflare_record" "ingress_cthulhu_k8s_vxm_cz" {
zone_id = data.cloudflare_zone.vxm_cz.id
name = "ingress.cthulhu.k8s"
value = hcloud_load_balancer.ingress.ipv4
type = "A"
proxied = false
}
resource "cloudflare_record" "ingress_cthulhu_k8s_vxm_cz_ipv6" {
zone_id = data.cloudflare_zone.vxm_cz.id
name = "ingress.cthulhu.k8s"
value = hcloud_load_balancer.ingress.ipv6
type = "AAAA"
proxied = false
}
resource "hcloud_load_balancer_network" "ingress_to_network" {
load_balancer_id = hcloud_load_balancer.ingress.id
network_id = hcloud_network.cthulhu.id
ip = cidrhost(hcloud_network_subnet.service.ip_range, 1)
}

80
machines.tf Normal file
View file

@ -0,0 +1,80 @@
resource "hcloud_server" "cthulhu_control_plane" {
count = 1
name = "control-plane-${count.index}"
image = "rocky-9"
server_type = "cax11"
location = "fsn1"
backups = true
shutdown_before_deletion = true
placement_group_id = hcloud_placement_group.cthulhu_control_plane.id
# firewall_ids = [
# hcloud_firewall.cthulhu_nodes_public.id,
# hcloud_firewall.cthulhu_nodes_private.id,
# ]
ssh_keys = [data.hcloud_ssh_key.vojtechmares.id]
labels = {
"k8s.node.role" = "master"
"k8s.node.name" = "master-${count.index}"
"k8s.cluster.name" = "cthulhu"
}
public_net {
ipv4_enabled = true
ipv6_enabled = true
}
network {
network_id = hcloud_network.cthulhu.id
ip = cidrhost(hcloud_network_subnet.control_plane.ip_range, count.index + 1)
}
}
resource "random_string" "workers_suffix" {
length = 4
special = false
upper = false
}
resource "hcloud_server" "cthulhu_workers" {
count = 3
name = "worker-${random_string.workers_suffix.result}-${count.index}"
image = "rocky-9"
server_type = "cax21"
location = "fsn1"
backups = false
shutdown_before_deletion = true
placement_group_id = hcloud_placement_group.cthulhu_workers.id
# firewall_ids = [
# hcloud_firewall.cthulhu_nodes_public.id,
# hcloud_firewall.cthulhu_nodes_private.id,
# ]
ssh_keys = [data.hcloud_ssh_key.vojtechmares.id]
labels = {
"k8s.node.role" = "worker"
"k8s.node.name" = "worker-${random_string.workers_suffix.result}-${count.index}"
"k8s.cluster.name" = "cthulhu"
"k8s.node.pool" = random_string.workers_suffix.result
}
public_net {
ipv4_enabled = true
ipv6_enabled = true
}
network {
network_id = hcloud_network.cthulhu.id
ip = cidrhost(hcloud_network_subnet.workers.ip_range, count.index + 1)
}
}

7
main.tf Normal file
View file

@ -0,0 +1,7 @@
data "hcloud_ssh_key" "vojtechmares" {
name = "iam@vojtechmares.com"
}
data "cloudflare_zone" "vxm_cz" {
name = "vxm.cz"
}

25
network.tf Normal file
View file

@ -0,0 +1,25 @@
resource "hcloud_network" "cthulhu" {
name = "cthulhu-net"
ip_range = "172.16.0.0/16"
}
resource "hcloud_network_subnet" "control_plane" {
network_id = hcloud_network.cthulhu.id
type = "cloud"
network_zone = "eu-central"
ip_range = "172.16.1.0/24"
}
resource "hcloud_network_subnet" "workers" {
network_id = hcloud_network.cthulhu.id
type = "cloud"
network_zone = "eu-central"
ip_range = "172.16.10.0/24"
}
resource "hcloud_network_subnet" "service" {
network_id = hcloud_network.cthulhu.id
type = "cloud"
network_zone = "eu-central"
ip_range = "172.16.250.0/24"
}

9
placement_groups.tf Normal file
View file

@ -0,0 +1,9 @@
resource "hcloud_placement_group" "cthulhu_control_plane" {
name = "cthulhu-control-plane"
type = "spread"
}
resource "hcloud_placement_group" "cthulhu_workers" {
name = "cthulhu-workers"
type = "spread"
}

4
variables.auto.tfvars Normal file
View file

@ -0,0 +1,4 @@
cloudflare_api_key = "9e19ed1d8baf979e7a4eda5c99ac38d59db38"
cloudflare_email = "iam@vojtechmares.com"
hcloud_token = "KDwuUtV0gGqdY19HJ718eOBThVJClFLbKyPh2oCQIcORMCnkSwFtgv2KzesEAtBY"

39
versions.tf Normal file
View file

@ -0,0 +1,39 @@
terraform {
required_providers {
cloudflare = {
source = "cloudflare/cloudflare"
version = ">=4.32.0"
}
hcloud = {
source = "hetznercloud/hcloud"
version = ">=1.47.0"
}
}
required_version = "~> 1.7.0"
}
provider "cloudflare" {
api_key = var.cloudflare_api_key
email = var.cloudflare_email
}
provider "hcloud" {
token = var.hcloud_token
}
variable "cloudflare_api_key" {
type = string
sensitive = true
}
variable "cloudflare_email" {
type = string
}
variable "hcloud_token" {
type = string
sensitive = true
}