resource "hcloud_load_balancer" "ingress" {
  name               = "ingress"
  load_balancer_type = "lb11"
  location           = "fsn1"
  labels = {
    "env"                     = "production"
    "k8s.cluster.name"        = "cthulhu"
    "k8s.loadbalancer.target" = "ingress"
  }
}

resource "hcloud_load_balancer_target" "ingress" {
  type           = "label_selector"
  label_selector = "k8s.node.role=worker"
  use_private_ip = true

  load_balancer_id = hcloud_load_balancer.ingress.id

  depends_on = [hcloud_load_balancer_network.ingress_to_network]
}

resource "hcloud_load_balancer_service" "ingress_workers_tcp_80" {
  load_balancer_id = hcloud_load_balancer.ingress.id
  protocol         = "tcp"
  listen_port      = 80
  destination_port = 32080
  proxyprotocol    = true
}

resource "hcloud_load_balancer_service" "ingress_workers_tcp_443" {
  load_balancer_id = hcloud_load_balancer.ingress.id
  protocol         = "tcp"
  listen_port      = 443
  destination_port = 32443
  proxyprotocol    = true
}

resource "cloudflare_record" "ingress_cthulhu_k8s_vxm_cz" {
  zone_id = local.vxm_cz_zone_id
  name    = "ingress.cthulhu.k8s"
  value   = hcloud_load_balancer.ingress.ipv4
  type    = "A"
  proxied = false
}

resource "cloudflare_record" "ingress_cthulhu_k8s_vxm_cz_ipv6" {
  zone_id = local.vxm_cz_zone_id
  name    = "ingress.cthulhu.k8s"
  value   = hcloud_load_balancer.ingress.ipv6
  type    = "AAAA"
  proxied = false
}

resource "hcloud_load_balancer_network" "ingress_to_network" {
  load_balancer_id = hcloud_load_balancer.ingress.id
  network_id       = hcloud_network.cthulhu.id
  ip               = cidrhost(hcloud_network_subnet.service.ip_range, 1)
}