chore: move .tf files from terraform/ to root dir

2024-01-23 15:41:39 +01:00 · 2024-01-23 15:41:39 +01:00 · 99a24440c7
commit 99a24440c7
parent 3a2ac8bc50
8 changed files with 0 additions and 0 deletions
--- a/terraform/backend.tf
+++ b/terraform/backend.tf
@ -1,10 +0,0 @@
-terraform {
-  backend "s3" {
-    bucket         = "cthulhunetes--terraform-state"
-    key            = "terraform.tfstate"
-    region         = "eu-west-1"
-    encrypt        = true
-    kms_key_id     = "alias/cthulhunetes-key"
-    dynamodb_table = "cthulhunetes--terraform-state"
-  }
-}
--- a/terraform/dns.tf
+++ b/terraform/dns.tf
@ -1,77 +0,0 @@
-resource "cloudflare_zone" "cthulhunetes" {
-  account_id = "f24333bb3c47d6db753e57e2a0c90082"
-  zone       = "cthulhunetes.net"
-}
-
-resource "cloudflare_zone_dnssec" "cthulhunetes" {
-  zone_id = cloudflare_zone.cthulhunetes.id
-}
-
-resource "cloudflare_zone_settings_override" "cthulhunetes" {
-  zone_id = cloudflare_zone.cthulhunetes.id
-  settings {
-    always_use_https         = "on"
-    automatic_https_rewrites = "on"
-    ssl                      = "full"
-  }
-}
-
-resource "cloudflare_record" "cthulhu_masters" {
-  count = length(hcloud_server.cthulhu_masters)
-
-  zone_id = local.vxm_cz_zone_id
-  name    = "master-${count.index}.cthulhu.k8s"
-  value   = hcloud_server.cthulhu_masters[count.index].ipv4_address
-  type    = "A"
-  proxied = false
-}
-
-resource "cloudflare_record" "cthulhu_masters_ipv6" {
-  count = length(hcloud_server.cthulhu_masters)
-
-  zone_id = local.vxm_cz_zone_id
-  name    = "master-${count.index}.cthulhu.k8s"
-  value   = hcloud_server.cthulhu_masters[count.index].ipv6_address
-  type    = "AAAA"
-  proxied = false
-}
-
-resource "cloudflare_record" "cthulhu_kubeapi_singlenode" {
-  count = length(hcloud_server.cthulhu_masters) == 1 ? 1 : 0
-
-  zone_id = local.vxm_cz_zone_id
-  name    = "api.cthulhu.k8s"
-  value   = hcloud_server.cthulhu_masters[0].ipv4_address
-  type    = "A"
-  proxied = false
-}
-
-resource "cloudflare_record" "cthulhu_kubeapi_singlenode_ipv6" {
-  count = length(hcloud_server.cthulhu_masters) == 1 ? 1 : 0
-
-  zone_id = local.vxm_cz_zone_id
-  name    = "api.cthulhu.k8s"
-  value   = hcloud_server.cthulhu_masters[0].ipv6_address
-  type    = "AAAA"
-  proxied = false
-}
-
-resource "cloudflare_record" "cthulhu_workers" {
-  count = length(hcloud_server.cthulhu_workers)
-
-  zone_id = local.vxm_cz_zone_id
-  name    = "worker-${random_string.workers_suffix.result}-${count.index}.cthulhu.k8s"
-  value   = hcloud_server.cthulhu_workers[count.index].ipv4_address
-  type    = "A"
-  proxied = false
-}
-
-resource "cloudflare_record" "cthulhu_workers_ipv6" {
-  count = length(hcloud_server.cthulhu_workers)
-
-  zone_id = local.vxm_cz_zone_id
-  name    = "worker-${random_string.workers_suffix.result}-${count.index}.cthulhu.k8s"
-  value   = hcloud_server.cthulhu_workers[count.index].ipv6_address
-  type    = "AAAA"
-  proxied = false
-}
--- a/terraform/firewalls.tf
+++ b/terraform/firewalls.tf
@ -1,95 +0,0 @@
-resource "hcloud_firewall" "cthulhu_nodes_public" {
-  name = "cthulhu-nodes-public"
-
-  rule {
-    description = "Allow ICMP (ping)"
-    direction   = "in"
-    protocol    = "icmp"
-    source_ips = [
-      "0.0.0.0/0",
-      "::/0"
-    ]
-  }
-
-  rule {
-    description = "Allow SSH"
-    direction   = "in"
-    protocol    = "tcp"
-    port        = "22"
-    source_ips = [
-      "0.0.0.0/0",
-      "::/0"
-    ]
-  }
-
-  rule {
-    description = "Allow HTTP"
-    direction   = "in"
-    protocol    = "tcp"
-    port        = "80"
-    source_ips = [
-      "0.0.0.0/0",
-      "::/0"
-    ]
-  }
-
-  rule {
-    description = "Allow HTTPS"
-    direction   = "in"
-    protocol    = "tcp"
-    port        = "443"
-    source_ips = [
-      "0.0.0.0/0",
-      "::/0"
-    ]
-  }
-
-  rule {
-    description = "Allow HTTP/3"
-    direction   = "in"
-    protocol    = "udp"
-    port        = "443"
-    source_ips = [
-      "0.0.0.0/0",
-      "::/0"
-    ]
-  }
-
-  rule {
-    description = "Allow Kubernetes API Server"
-    direction   = "in"
-    protocol    = "tcp"
-    port        = "6443"
-    source_ips = [
-      "0.0.0.0/0",
-      "::/0"
-    ]
-  }
-}
-
-resource "hcloud_firewall" "cthulhu_nodes_private" {
-  name = "cthulhu-nodes-private"
-
-  rule {
-    description = "Allow ICMP (ping)"
-    direction   = "in"
-    protocol    = "icmp"
-    source_ips  = [hcloud_network.cthulhu.ip_range]
-  }
-
-  rule {
-    description = "Allow eveyrthing TCP on all ports"
-    direction   = "in"
-    protocol    = "tcp"
-    port        = "any"
-    source_ips  = [hcloud_network.cthulhu.ip_range]
-  }
-
-  rule {
-    description = "Allow eveyrthing UDP on all ports"
-    direction   = "in"
-    protocol    = "udp"
-    port        = "any"
-    source_ips  = [hcloud_network.cthulhu.ip_range]
-  }
-}
--- a/terraform/loadbalancers.tf
+++ b/terraform/loadbalancers.tf
@ -1,59 +0,0 @@
-resource "hcloud_load_balancer" "ingress" {
-  name               = "ingress"
-  load_balancer_type = "lb11"
-  location           = "fsn1"
-  labels = {
-    "env"                     = "production"
-    "k8s.cluster.name"        = "cthulhu"
-    "k8s.loadbalancer.target" = "ingress"
-  }
-}
-
-resource "hcloud_load_balancer_target" "ingress" {
-  type           = "label_selector"
-  label_selector = "k8s.node.role=worker"
-  use_private_ip = true
-
-  load_balancer_id = hcloud_load_balancer.ingress.id
-
-  depends_on = [ hcloud_load_balancer_network.ingress_to_network ]
-}
-
-resource "hcloud_load_balancer_service" "ingress_workers_tcp_80" {
-  load_balancer_id = hcloud_load_balancer.ingress.id
-  protocol         = "tcp"
-  listen_port      = 80
-  destination_port = 32080
-  proxyprotocol    = true
-}
-
-resource "hcloud_load_balancer_service" "ingress_workers_tcp_443" {
-  load_balancer_id = hcloud_load_balancer.ingress.id
-  protocol         = "tcp"
-  listen_port      = 443
-  destination_port = 32443
-  proxyprotocol    = true
-}
-
-resource "cloudflare_record" "ingress_cthulhu_k8s_vxm_cz" {
-  zone_id = local.vxm_cz_zone_id
-  name    = "ingress.cthulhu.k8s"
-  value   = hcloud_load_balancer.ingress.ipv4
-  type    = "A"
-  proxied = false
-}
-
-resource "cloudflare_record" "ingress_cthulhu_k8s_vxm_cz_ipv6" {
-  zone_id = local.vxm_cz_zone_id
-  name    = "ingress.cthulhu.k8s"
-  value   = hcloud_load_balancer.ingress.ipv6
-  type    = "AAAA"
-  proxied = false
-}
-
-resource "hcloud_load_balancer_network" "ingress_to_network" {
-  load_balancer_id = hcloud_load_balancer.ingress.id
-  network_id       = hcloud_network.cthulhu.id
-  ip               = cidrhost(hcloud_network_subnet.service.ip_range, 1)
-}
-
--- a/terraform/machines.tf
+++ b/terraform/machines.tf
@ -1,76 +0,0 @@
-resource "hcloud_server" "cthulhu_masters" {
-  count = 1
-
-  name        = "master-${count.index}"
-  image       = "rocky-9"
-  server_type = "cax11"
-  location    = "fsn1"
-
-  backups                  = true
-  shutdown_before_deletion = true
-
-  firewall_ids = [
-    hcloud_firewall.cthulhu_nodes_public.id,
-    hcloud_firewall.cthulhu_nodes_private.id,
-  ]
-
-  ssh_keys = [data.hcloud_ssh_key.vojtechmares.id]
-
-  labels = {
-    "k8s.node.role"    = "master"
-    "k8s.node.name"    = "master-${count.index}"
-    "k8s.cluster.name" = "cthulhu"
-  }
-
-  public_net {
-    ipv4_enabled = true
-    ipv6_enabled = true
-  }
-
-  network {
-    network_id = hcloud_network.cthulhu.id
-    ip         = cidrhost(hcloud_network_subnet.masters.ip_range, count.index + 1)
-  }
-}
-
-resource "random_string" "workers_suffix" {
-  length  = 4
-  special = false
-  upper   = false
-}
-
-resource "hcloud_server" "cthulhu_workers" {
-  count = 1
-
-  name        = "worker-${random_string.workers_suffix.result}-${count.index}"
-  image       = "rocky-9"
-  server_type = "cpx31"
-  location    = "fsn1"
-
-  backups                  = true
-  shutdown_before_deletion = true
-
-  firewall_ids = [
-    hcloud_firewall.cthulhu_nodes_public.id,
-    hcloud_firewall.cthulhu_nodes_private.id,
-  ]
-
-  ssh_keys = [data.hcloud_ssh_key.vojtechmares.id]
-
-  labels = {
-    "k8s.node.role"    = "worker"
-    "k8s.node.name"    = "worker-${random_string.workers_suffix.result}-${count.index}"
-    "k8s.cluster.name" = "cthulhu"
-    "k8s.node.pool"    = random_string.workers_suffix.result
-  }
-
-  public_net {
-    ipv4_enabled = true
-    ipv6_enabled = true
-  }
-
-  network {
-    network_id = hcloud_network.cthulhu.id
-    ip         = cidrhost(hcloud_network_subnet.workers.ip_range, count.index + 1)
-  }
-}
--- a/terraform/main.tf
+++ b/terraform/main.tf
@ -1,7 +0,0 @@
-locals {
-  vxm_cz_zone_id = "bac024cb43947f40e02a7491fc8d8f51"
-}
-
-data "hcloud_ssh_key" "vojtechmares" {
-  name = "iam@vojtechmares.com"
-}
--- a/terraform/networks.tf
+++ b/terraform/networks.tf
@ -1,25 +0,0 @@
-resource "hcloud_network" "cthulhu" {
-  name     = "cthulhu-net"
-  ip_range = "172.16.0.0/16"
-}
-
-resource "hcloud_network_subnet" "masters" {
-  network_id   = hcloud_network.cthulhu.id
-  type         = "cloud"
-  network_zone = "eu-central"
-  ip_range     = "172.16.1.0/24"
-}
-
-resource "hcloud_network_subnet" "workers" {
-  network_id   = hcloud_network.cthulhu.id
-  type         = "cloud"
-  network_zone = "eu-central"
-  ip_range     = "172.16.10.0/24"
-}
-
-resource "hcloud_network_subnet" "service" {
-  network_id   = hcloud_network.cthulhu.id
-  type         = "cloud"
-  network_zone = "eu-central"
-  ip_range     = "172.16.250.0/24"
-}
--- a/terraform/versions.tf
+++ b/terraform/versions.tf
@ -1,38 +0,0 @@
-terraform {
-  required_providers {
-    cloudflare = {
-      source  = "cloudflare/cloudflare"
-      version = "4.19.0"
-    }
-
-    hcloud = {
-      source  = "hetznercloud/hcloud"
-      version = "1.44.1"
-    }
-  }
-}
-
-provider "cloudflare" {
-  api_key = var.cloudflare_api_key
-  email   = var.cloudflare_email
-}
-
-provider "hcloud" {
-  token = var.hcloud_token
-}
-
-variable "cloudflare_api_key" {
-  type      = string
-  sensitive = true
-}
-
-variable "cloudflare_email" {
-  type = string
-}
-
-variable "hcloud_token" {
-  type      = string
-  sensitive = true
-}
-
-