diff --git a/main.tf b/main.tf index db747a2..a5d81ed 100644 --- a/main.tf +++ b/main.tf @@ -61,7 +61,7 @@ module "kube-hetzner" { taints = [ "server-usage=storage:NoSchedule" ], - count = 1 + count = 2 } ] @@ -76,24 +76,24 @@ module "kube-hetzner" { # Adding extra firewall rules, like opening a port # More info on the format here https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/firewall - # extra_firewall_rules = [ - # # For Postgres - # { - # direction = "in" - # protocol = "tcp" - # port = "5432" - # source_ips = ["0.0.0.0/0", "::/0"] - # destination_ips = [] # Won't be used for this rule - # }, - # # To Allow ArgoCD access to resources via SSH - # { - # direction = "out" - # protocol = "tcp" - # port = "22" - # source_ips = [] # Won't be used for this rule - # destination_ips = ["0.0.0.0/0", "::/0"] - # } - # ] + extra_firewall_rules = [ + # # For Postgres + # { + # direction = "in" + # protocol = "tcp" + # port = "5432" + # source_ips = ["0.0.0.0/0", "::/0"] + # destination_ips = [] # Won't be used for this rule + # }, + # # To Allow ArgoCD access to resources via SSH + { + direction = "out" + protocol = "tcp" + port = "22" + source_ips = [] # Won't be used for this rule + destination_ips = ["0.0.0.0/0", "::/0"] + } + ] # If you want to configure additional Arguments for traefik, enter them here as a list and in the form of traefik CLI arguments; see https://doc.traefik.io/traefik/reference/static-configuration/cli/ # Example: traefik_additional_options = ["--log.level=DEBUG", "--tracing=true"] @@ -124,7 +124,10 @@ module "dns" { module "flux" { source = "./modules/flux" path = "clank" - namespace = "clank" + namespace = "flux-system" url = "ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git" branch = "main" + + ssh_private_key_pem = file(".keys/id_clank") + ssh_public_key_pem = file(".keys/id_clank.pub") } diff --git a/modules/flux/main.tf b/modules/flux/main.tf index e656622..26f5d3f 100644 --- a/modules/flux/main.tf +++ b/modules/flux/main.tf @@ -68,6 +68,13 @@ resource "kubectl_manifest" "sync" { yaml_body = each.value } +locals { + known_hosts = <