-
Notifications
You must be signed in to change notification settings - Fork 8
/
main.tf
169 lines (152 loc) · 6.41 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
# Terraform language documentation: https://www.terraform.io/docs/language/index.html
# HCL language specification: https://github.com/hashicorp/hcl/blob/main/hclsyntax/spec.md
# Copyright 2024, identinet GmbH. All rights reserved.
# SPDX-License-Identifier: MIT
###########################
# Backend and Providers #
###########################
terraform {
# See Version Constraints: https://developer.hashicorp.com/terraform/language/expressions/version-constraints
backend "local" {
path = "terraform.tfstate"
}
# Example s3 configuration:
# backend "s3" {
# bucket = "xxxxx-terraform"
# key = "prod/terraform.tfstate"
# # access_key = {}
# # secret_key = {}
# # skip_get_ec2_platforms = true
# region = "eu-central-2"
# skip_credentials_validation = true
# skip_metadata_api_check = true
# skip_region_validation = true
# skip_requesting_account_id = true
# skip_s3_checksum = true
# use_path_style = true
# endpoints = {
# iam = "https://iam.eu-central-2.wasabisys.com" # special endpoint URL required, see https://wasabi-support.zendesk.com/hc/en-us/articles/360003362071-How-do-I-use-Terraform-with-Wasabi-
# sts = "https://sts.eu-central-2.wasabisys.com" # special endpoint URL required, see https://wasabi-support.zendesk.com/hc/en-us/articles/360003362071-How-do-I-use-Terraform-with-Wasabi-
# s3 = "https://s3.eu-central-2.wasabisys.com" # special endpoint URL required, see https://wasabi-support.zendesk.com/hc/en-us/articles/360003362071-How-do-I-use-Terraform-with-Wasabi-
# }
# }
required_version = "~> 1.0"
}
###########################
# Cluster configuration #
###########################
module "cluster" {
# source = "github.com/identiops/terraform-hcloud-k3s?ref=3.0.6"
source = "identiops/k3s/hcloud"
version = "3.0.6"
hcloud_token = var.hcloud_token # INFO: Set via `export TF_VAR_hcloud_token=xyz`
hcloud_token_read_only = var.hcloud_token_read_only # INFO: Set via `export TF_VAR_hcloud_token_read_only=abc`
# Cluster Settings
# ----------------
delete_protection = true # Must be set to false + `terraform apply` before destroying the cluster via `terraform destory`!
cluster_name = "prod"
default_location = "nbg1" # See available locations https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/server#location
default_image = "ubuntu-22.04" # See `HCLOUD_TOKEN=XXXX; curl -H \"Authorization: Bearer $HCLOUD_TOKEN\" https://api.hetzner.cloud/v1/images | jq -r .images[].name | sort`
k3s_version = "v1.28.5+k3s1" # See available versions, https://update.k3s.io/v1-release/channels regular images: https://hub.docker.com/r/rancher/k3s/tags upgrade images: https://hub.docker.com/r/rancher/k3s-upgrade/tags
# General Settings
# ----------------
ssh_keys = {
"john" = file("~/.ssh/id_ed25519.pub")
"jane" = "ssh-xxxx xxxxx jane@example"
}
# Control Plane Settings
# ----------------------
# Example s3 configuration:
# S3 documentation https://docs.k3s.io/cli/server
# control_plane_k3s_init_additional_options = "--etcd-s3 --etcd-s3-region=${var.etcd_s3_region} --etcd-s3-endpoint=s3.${var.etcd_s3_region}.wasabisys.com --etcd-s3-access-key=${var.etcd_s3_access_key} --etcd-s3-secret-key=${var.etcd_s3_secret_key} --etcd-s3-bucket=${var.etcd_s3_bucket} --etcd-s3-folder=etcd/$(hostname)"
# etcd tuning documentation for multi-region deployment: https://etcd.io/docs/v3.4/tuning/#time-parameters
# control_plane_k3s_additional_options = "--etcd-arg=heartbeat-interval=120 --etcd-arg=election-timeout=1200" # See https://etcd.io/docs/v3.4/tuning/#time-parameters
additional_cloud_init = {
timezone = "Europe/Berlin" # See available time zones https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
}
# Node Group Settings
# -------------------
# Map of worker node groups, key is server_type, value is count of nodes in group
node_pools = {
system = {
cluster_can_init = true # Required for one node pool to perform initializing actions.
cluster_init_action = {
# `init` must be `true` for the first run of `terraform apply.
# For later runs it should be set to `false` to prevent any accidential
# reinitialization of the cluster, e.g. when the first node of this pool
# is manually deleted via the management console.
init = true,
}
is_control_plane = true
schedule_workloads = true
type = "cx31" # See available types https://docs.hetzner.com/cloud/servers/overview#shared-vcpu
count = 3
labels = {
# "control-plane" = "yes"
}
taints = {
# "MyTaint=true" = "NoSchedule"
}
}
workers = {
is_control_plane = false
schedule_workloads = true
type = "cx31" # See available types https://docs.hetzner.com/cloud/servers/overview#shared-vcpu
count = 3
count_width = 2
labels = {}
taints = {}
}
}
}
###############
# Variables #
###############
variable "hcloud_token" {
description = "Hetzner cloud auth token."
type = string
sensitive = true
}
variable "hcloud_token_read_only" {
description = "Hetzner cloud auth token, read only - used by the gateway and all cluster servers to proxy kubernetes traffic to control plane nodes."
type = string
sensitive = true
}
# Example s3 configuraiton:
# variable "etcd_s3_region" {
# type = string
# sensitive = true
# }
#
# variable "etcd_s3_access_key" {
# type = string
# sensitive = true
# }
#
# variable "etcd_s3_secret_key" {
# type = string
# sensitive = true
# }
#
# variable "etcd_s3_bucket" {
# type = string
# sensitive = true
# }
############
# Output #
############
output "gateway" {
depends_on = [module.cluster]
description = "IP Addresses of the gateway."
value = module.cluster.gateway
}
output "node_pools" {
depends_on = [module.cluster]
description = "IP Addresses of the worker node pools."
value = module.cluster.node_pools
}
output "total_monthly_costs" {
depends_on = [module.cluster]
description = "Total monthly costs for running the cluster."
value = module.cluster.total_monthly_costs
}