feat: add loadbalancers, cthulhunetes domain, node hostnames, terraform backend, init terraform

terraform/.terraform.lock.hcl

@@ -0,0 +1,70 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/cloudflare/cloudflare" {
+  version     = "4.19.0"
+  constraints = "4.19.0"
+  hashes = [
+    "h1:3EZM8zAObdA81PcyXyiic4y2aZsTowYKG29RjZKXbJU=",
+    "zh:1d5315dcbd8187a3a978dc1fb08e80b6cdd353de10afe531b3d1ecb834d0dbae",
+    "zh:2a6e5b2e5072e442b35ce6142172e15afb835e16799d04a0054a79d3067f7560",
+    "zh:308c5690024a1f6797300018456a1ac781c8699fa4bc4892a8c36eb992604a26",
+    "zh:4286969a594396ef09ff6f6840428eef9c7dac037a3a3ef1ccae12a7a21b6655",
+    "zh:55cfe536e4fd76ca9a256b905ffa2823b21b5ab6288245c5295a16b03ac4d0b8",
+    "zh:58c74a26eef114d59d371f978131d78daa88260df2f75a2b6ec908f61dad2754",
+    "zh:5c8dd7ff7820fd96f64e37f5611ad8e265a9b54a04d25e03fe589470ad5d2a0f",
+    "zh:6501f10ee5e73ebe3cfe87d4141942c9c784c4ddcde15c6f500b8a41ca3cb174",
+    "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
+    "zh:97f83ab5ff249bd195cfae3b2521f037dea2ad600d70e2917b35895db67c034f",
+    "zh:b340b815cc53f197b42d9e64acb6729914706d93dcf60da02e3ac53aeadfde14",
+    "zh:c49c8f4908b5776f52211e41880a98a18ebf558363b69ed6af461f2c0d5c9e00",
+    "zh:d0ec9cec6a169b160825b0c585b56d42175871549bb291b9409b36086e9e6756",
+    "zh:f6912037890a4777a2f8b55858f38fb3428ac53610fb7297d99ced1e73531d5c",
+    "zh:f95ca4b80b66b02f1762d314172523ad57176369b7b1aaf4e5018a32f4525582",
+  ]
+}
+
+provider "registry.terraform.io/hashicorp/aws" {
+  version     = "5.26.0"
+  constraints = "5.26.0"
+  hashes = [
+    "h1:McIRw8larBNW5TeXxyiWd8fD55oj1szEbMOuSQOSDBs=",
+    "zh:11a4062491e574c8e96b6bc7ced67b5e9338ccfa068223fc9042f9e1e7eda47a",
+    "zh:4331f85aeb22223ab656d04b48337a033f44f02f685c8def604c4f8f4687d10f",
+    "zh:915d6c996390736709f7ac7582cd41418463cfc07696218af6fea4a282df744a",
+    "zh:9306c306dbb2e1597037c54d20b1bd5f22a9cdcdb2b2b7bad657c8230bea2298",
+    "zh:93371860b9df369243219606711bfd3cfbd263db67838c06d5d5848cf47b6ede",
+    "zh:98338c17764a7b9322ddb6efd3af84e6890a4a0687f846eefdfb0fa03cec892d",
+    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
+    "zh:a28c9d77a5be25bac42d99418365757e4eb65a2c7c6788828263772cf2774869",
+    "zh:bd9c4648a090622d6b8c3c91dad513eec81e54db3dfe940ab6d155e5f37735e5",
+    "zh:bde63db136cccdeb282489e2ec2b3f9a7566edc9df27911a296352ab00832261",
+    "zh:ccd33f9490ce3f2d89efab995abf3b30e75579585f6a8a5b1f756246903d3518",
+    "zh:d73d1c461eb9d22833251f6533fc214cf014bc1d3165c5bfaa8ca29cd295ffb2",
+    "zh:db4ffb7eec5d0e1d0dbd0d65e1a3eaa6173a3337058105aec41fd0b2af5a2b46",
+    "zh:eb36b933419e9f6563330f3b7d53d4f1b09e62d27f7786d5dc6c4a2d0f6de182",
+    "zh:ec85ce1976e43f7d7fa10fa191c0a85e97326a3cb22387c0ed8b74d426ec94fd",
+  ]
+}
+
+provider "registry.terraform.io/hetznercloud/hcloud" {
+  version     = "1.44.1"
+  constraints = "1.44.1"
+  hashes = [
+    "h1:q2JvvbG+seeZ4A2ijxPi5Tis+NJVoB59cAt3KeQe0uA=",
+    "zh:156df81d2c740608b9fb7f439defbb39b89585c55dc6e62e4af928808ff67f9e",
+    "zh:32407f1df8b59afe5e35710c4acf2c8a8cbf5ea9a32126f34cb0c49ff142a047",
+    "zh:456133e16e9ebfcd89534c968a8b2a3f931bf4acb76a8165acc2242b0b73ba78",
+    "zh:6855c90399abc11e32fcdc0bf54bdedb50009c46183b926b3493fdcf48d5e39c",
+    "zh:68fe1e7e9f692a29d75a3cc199b472e8bc00c9486b299bfaf816133797207804",
+    "zh:6c62a9fe0a6de3cd4ea0591193baef00b65c838610feb369d14e36d15f9ea93e",
+    "zh:6cb1db2287cc8baec8538d9df6a44f602f61580d8df4c484625295aa622f03d1",
+    "zh:7fd577a8079da2f6e96066a8bf6bce6e36fdd36c67ac03044fd29f15eb718a6c",
+    "zh:9f94d862b827c429bf6a3eea7a65b856475cdc6da7e0d8a8edfbc09de40bed3f",
+    "zh:a6499d633a63668629a32628624137d2ef8e1ca5ef77766669470def7f4d5732",
+    "zh:b46004de824350b1b9a44cc253608d25e7cdf77d628571ece2df2fe96aacb8d7",
+    "zh:b9d8c401f8ddb829ee67bf429aac781bf5022605f4d18b041c417622746a37a1",
+    "zh:cf182e8426d7bd555a46ea4c5d75ed431edb41aa162e57f07f13d235d0e74f0d",
+    "zh:e1b777a95498489aa04231b7825cca445119f2b1988bfdcd8f0a35e0ba59d883",
+  ]
+}

terraform/backend.tf

@@ -0,0 +1,10 @@
+terraform {
+  backend "s3" {
+    bucket = "cthulhunetes--terraform-state"
+    key    = "terraform.tfstate"
+    region = "eu-west-1"
+    encrypt        = true
+    kms_key_id     = "alias/cthulhunetes-key"
+    dynamodb_table = "cthulhunetes--terraform-state"
+  }
+}

terraform/dns.tf

@@ -0,0 +1,58 @@
+resource "cloudflare_zone" "cthulhunetes" {
+  account_id = "f24333bb3c47d6db753e57e2a0c90082"
+  zone = "cthulunetes.net"
+}
+
+resource "cloudflare_zone_dnssec" "cthulhunetes" {
+  zone_id = cloudflare_zone.cthulhunetes.id
+}
+
+resource "cloudflare_zone_settings_override" "cthulhunetes" {
+  zone_id = cloudflare_zone.cthulhunetes.id
+  settings {
+    always_use_https         = "on"
+    automatic_https_rewrites = "on"
+    ssl                      = "full"
+  }
+}
+
+resource "cloudflare_record" "cthulhu_k8s_vxm_cz" {
+  zone_id = local.vxm_cz_zone_id
+  name    = "cthulhu.k8s"
+  value   = hcloud_load_balancer.mallard.ipv4
+  type    = "A"
+  proxied = false
+}
+
+# Cthulhu nodes DNS records
+resource "cloudflare_record" "zebra_vxm_cz" {
+  zone_id = local.vxm_cz_zone_id
+  name    = "zebra"
+  value   = "23.88.73.182"
+  type    = "A"
+  proxied = false
+}
+
+resource "cloudflare_record" "camel_vxm_cz" {
+  zone_id = local.vxm_cz_zone_id
+  name    = "camel"
+  value   = "116.202.114.83"
+  type    = "A"
+  proxied = false
+}
+
+resource "cloudflare_record" "raven_vxm_cz" {
+  zone_id = local.vxm_cz_zone_id
+  name    = "raven"
+  value   = "168.119.35.142"
+  type    = "A"
+  proxied = false
+}
+
+resource "cloudflare_record" "cthulhunetes_wildcard" {
+  zone_id = cloudflare_zone.cthulhunetes.id
+  name    = "*"
+  value   = hcloud_load_balancer.chamois.ipv4
+  type    = "A"
+  proxied = false
+}

terraform/loadbalancers.tf

@@ -0,0 +1,104 @@
+locals {
+  cthulhu_node_ips = [
+    "168.119.35.142",
+    "116.202.114.83",
+    "23.88.73.182",
+  ]
+}
+
+# mallard
+
+resource "hcloud_load_balancer" "mallard" {
+  name               = "mallard"
+  load_balancer_type = "lb11"
+  location           = "fsn1"
+  labels = {
+    "env"    = "production"
+    "target" = "k8s.control-plane"
+    "k8s"    = "cthulhu"
+  }
+}
+
+resource "hcloud_load_balancer_target" "mallard_k8s_cthulhu_nodes" {
+  count = length(local.cthulhu_node_ips)
+
+  type             = "ip"
+  ip               = local.cthulhu_node_ips[count.index]
+  load_balancer_id = hcloud_load_balancer.mallard.id
+}
+
+resource "hcloud_load_balancer_service" "mallard_k8s_cthulhu_nodes_tcp_6443" {
+  load_balancer_id = hcloud_load_balancer.mallard.id
+  protocol         = "tcp"
+  listen_port      = 6443
+  destination_port = 6443
+}
+
+resource "cloudflare_record" "mallard_lb_vxm_cz" {
+  zone_id = local.vxm_cz_zone_id
+  name    = "mallard.lb"
+  value   = hcloud_load_balancer.mallard.ipv4
+  type    = "A"
+  proxied = false
+}
+
+resource "cloudflare_record" "mallard_lb_vxm_cz_v6" {
+  zone_id = local.vxm_cz_zone_id
+  name    = "mallard.lb"
+  value   = hcloud_load_balancer.mallard.ipv6
+  type    = "AAAA"
+  proxied = false
+}
+
+# chamios
+
+resource "hcloud_load_balancer" "chamois" {
+  name               = "chamois"
+  load_balancer_type = "lb11"
+  location           = "fsn1"
+  labels = {
+    "env"    = "production"
+    "target" = "k8s.ingress"
+    "k8s"    = "cthulhu"
+  }
+}
+
+resource "hcloud_load_balancer_target" "chamois_k8s_cthulhu_nodes" {
+  count = length(local.cthulhu_node_ips)
+
+  type             = "ip"
+  ip               = local.cthulhu_node_ips[count.index]
+  load_balancer_id = hcloud_load_balancer.chamois.id
+}
+
+resource "hcloud_load_balancer_service" "chamois_k8s_cthulhu_nodes_tcp_80" {
+  load_balancer_id = hcloud_load_balancer.chamois.id
+  protocol         = "tcp"
+  listen_port      = 80
+  destination_port = 32080
+  proxyprotocol    = true
+}
+
+resource "hcloud_load_balancer_service" "chamois_k8s_cthulhu_nodes_tcp_443" {
+  load_balancer_id = hcloud_load_balancer.chamois.id
+  protocol         = "tcp"
+  listen_port      = 443
+  destination_port = 32443
+  proxyprotocol    = true
+}
+
+resource "cloudflare_record" "chamois_lb_vxm_cz" {
+  zone_id = local.vxm_cz_zone_id
+  name    = "chamois.lb"
+  value   = hcloud_load_balancer.chamois.ipv4
+  type    = "A"
+  proxied = false
+}
+
+resource "cloudflare_record" "chamois_lb_vxm_cz_v6" {
+  zone_id = local.vxm_cz_zone_id
+  name    = "chamois.lb"
+  value   = hcloud_load_balancer.chamois.ipv6
+  type    = "AAAA"
+  proxied = false
+}

terraform/main.tf

@@ -0,0 +1,3 @@
+locals {
+  vxm_cz_zone_id = "bac024cb43947f40e02a7491fc8d8f51"
+}

terraform/versions.tf

@@ -0,0 +1,59 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "5.26.0"
+    }
+
+    cloudflare = {
+      source = "cloudflare/cloudflare"
+      version = "4.19.0"
+    }
+
+    hcloud = {
+      source = "hetznercloud/hcloud"
+      version = "1.44.1"
+    }
+  }
+}
+
+provider "aws" {
+  region     = "eu-west-1"
+  access_key = var.aws_access_key
+  secret_key = var.aws_secret_key
+}
+
+provider "cloudflare" {
+  api_key = var.cloudflare_api_key
+  email = var.cloudflare_email
+}
+
+provider "hcloud" {
+  token = var.hcloud_token
+}
+
+variable "aws_access_key" {
+  type = string
+  sensitive = true
+}
+
+variable "aws_secret_key" {
+  type = string
+  sensitive = true
+}
+
+variable "cloudflare_api_key" {
+  type = string
+  sensitive = true
+}
+
+variable "cloudflare_email" {
+  type = string
+}
+
+variable "hcloud_token" {
+  type = string
+  sensitive = true
+}
+
+