terraform { required_version = ">= 1.2.0" required_providers { hcloud = { source = "hetznercloud/hcloud" version = ">= 1.0.0" } } } provider "hcloud" { token = var.hcloud_token } module "kube-hetzner" { providers = { hcloud = hcloud } source = "kube-hetzner/kube-hetzner/hcloud" hcloud_token = var.hcloud_token ssh_public_key = file(".keys/id_ed25519.pub") ssh_private_key = file(".keys/id_ed25519") network_region = "eu-central" # change to `us-east` if location is ash control_plane_nodepools = [ { name = "control-plane-fsn1", server_type = "cpx11", location = "fsn1", labels = [], taints = [], count = 1 }, { name = "control-plane-nbg1", server_type = "cpx11", location = "nbg1", labels = [], taints = [], count = 1 }, { name = "control-plane-hel1", server_type = "cpx11", location = "hel1", labels = [], taints = [], count = 1 } ] agent_nodepools = [ { name = "agent-small1", server_type = "cpx11", location = "fsn1", labels = [], taints = [], count = 1 }, { name = "agent-small2", server_type = "cpx11", location = "nbg1", labels = [], taints = [], count = 0 }, { name = "storage1", server_type = "cpx11", location = "fsn1", labels = [ "node.kubernetes.io/server-usage=storage" ], taints = [ "server-usage=storage:NoSchedule" ], count = 1 } ] load_balancer_type = "lb11" load_balancer_location = "fsn1" traefik_enabled = true traefik_additional_options = ["--log.level=DEBUG", "--tracing=true"] metrics_server_enabled = true automatically_upgrade_k3s = true initial_k3s_channel = "stable" cluster_name = "clank" use_cluster_name_in_node_name = true # Adding extra firewall rules, like opening a port # More info on the format here https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/firewall extra_firewall_rules = [ # # For Postgres # { # direction = "in" # protocol = "tcp" # port = "5432" # source_ips = ["0.0.0.0/0", "::/0"] # destination_ips = [] # Won't be used for this rule # }, # # To Allow ArgoCD access to resources via SSH { direction = "out" protocol = "tcp" port = "22" source_ips = [] # Won't be used for this rule destination_ips = ["0.0.0.0/0", "::/0"] } ] enable_cert_manager = false } module "dns" { source = "./modules/cloudflare" api_token = var.cloudflare_api_token zone_id = "9454b35cb1010b9eab9aadf206fdf11f" records = [ { name = "kjuulh.app", ip = module.kube-hetzner.load_balancer_public_ipv4 ip_type = "A" }, { name = "*.kjuulh.app", ip = module.kube-hetzner.load_balancer_public_ipv4 ip_type = "A" } ] } #module "flux" { # source = "./modules/flux" # path = "clank" # namespace = "flux-system" # url = "ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git" # branch = "main" # # ssh_private_key_pem = file(".keys/id_clank") # ssh_public_key_pem = file(".keys/id_clank.pub") #}