kubernetes-init/main.tf
2022-05-08 17:02:47 +02:00

131 lines
3.4 KiB
HCL

module "kube-hetzner" {
source = "kube-hetzner/kube-hetzner/hcloud"
hcloud_token = var.hcloud_token
public_key = ".keys/id_ed25519.pub"
private_key = ".keys/id_ed25519"
network_region = "eu-central" # change to `us-east` if location is ash
control_plane_nodepools = [
{
name = "control-plane-fsn1",
server_type = "cpx11",
location = "fsn1",
labels = [],
taints = [],
count = 1
},
{
name = "control-plane-nbg1",
server_type = "cpx11",
location = "nbg1",
labels = [],
taints = [],
count = 1
},
{
name = "control-plane-hel1",
server_type = "cpx11",
location = "hel1",
labels = [],
taints = [],
count = 1
}
]
agent_nodepools = [
{
name = "agent-small1",
server_type = "cpx11",
location = "fsn1",
labels = [],
taints = [],
count = 1
},
{
name = "agent-small2",
server_type = "cpx11",
location = "nbg1",
labels = [],
taints = [],
count = 1
},
{
name = "storage1",
server_type = "cpx11",
location = "fsn1",
labels = [
"node.kubernetes.io/server-usage=storage"
],
taints = [
"server-usage=storage:NoSchedule"
],
count = 1
}
]
load_balancer_type = "lb11"
load_balancer_location = "fsn1"
traefik_enabled = true
metrics_server_enabled = true
automatically_upgrade_k3s = true
initial_k3s_channel = "stable"
cluster_name = "clank"
use_cluster_name_in_node_name = true
# Adding extra firewall rules, like opening a port
# More info on the format here https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/firewall
# extra_firewall_rules = [
# # For Postgres
# {
# direction = "in"
# protocol = "tcp"
# port = "5432"
# source_ips = ["0.0.0.0/0", "::/0"]
# destination_ips = [] # Won't be used for this rule
# },
# # To Allow ArgoCD access to resources via SSH
# {
# direction = "out"
# protocol = "tcp"
# port = "22"
# source_ips = [] # Won't be used for this rule
# destination_ips = ["0.0.0.0/0", "::/0"]
# }
# ]
# If you want to configure additional Arguments for traefik, enter them here as a list and in the form of traefik CLI arguments; see https://doc.traefik.io/traefik/reference/static-configuration/cli/
# Example: traefik_additional_options = ["--log.level=DEBUG", "--tracing=true"]
traefik_additional_options = ["--tracing=true"]
enable_cert_manager = true
}
module "dns" {
source = "./modules/cloudflare"
api_token = var.cloudflare_api_token
zone_id = "9454b35cb1010b9eab9aadf206fdf11f"
records = [
{
name = "kjuulh.app",
ip = module.kube-hetzner.load_balancer_public_ipv4
ip_type = "A"
},
{
name = "*.kjuulh.app",
ip = module.kube-hetzner.load_balancer_public_ipv4
ip_type = "A"
}
]
}
module "flux" {
source = "./modules/flux"
path = "clank"
namespace = "clank"
url = "ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git"
branch = "main"
}