131 lines
3.4 KiB
HCL
131 lines
3.4 KiB
HCL
module "kube-hetzner" {
|
|
source = "kube-hetzner/kube-hetzner/hcloud"
|
|
|
|
hcloud_token = var.hcloud_token
|
|
|
|
public_key = ".keys/id_ed25519.pub"
|
|
private_key = ".keys/id_ed25519"
|
|
|
|
network_region = "eu-central" # change to `us-east` if location is ash
|
|
control_plane_nodepools = [
|
|
{
|
|
name = "control-plane-fsn1",
|
|
server_type = "cpx11",
|
|
location = "fsn1",
|
|
labels = [],
|
|
taints = [],
|
|
count = 1
|
|
},
|
|
{
|
|
name = "control-plane-nbg1",
|
|
server_type = "cpx11",
|
|
location = "nbg1",
|
|
labels = [],
|
|
taints = [],
|
|
count = 1
|
|
},
|
|
{
|
|
name = "control-plane-hel1",
|
|
server_type = "cpx11",
|
|
location = "hel1",
|
|
labels = [],
|
|
taints = [],
|
|
count = 1
|
|
}
|
|
]
|
|
|
|
agent_nodepools = [
|
|
{
|
|
name = "agent-small1",
|
|
server_type = "cpx11",
|
|
location = "fsn1",
|
|
labels = [],
|
|
taints = [],
|
|
count = 1
|
|
},
|
|
{
|
|
name = "agent-small2",
|
|
server_type = "cpx11",
|
|
location = "nbg1",
|
|
labels = [],
|
|
taints = [],
|
|
count = 1
|
|
},
|
|
{
|
|
name = "storage1",
|
|
server_type = "cpx11",
|
|
location = "fsn1",
|
|
labels = [
|
|
"node.kubernetes.io/server-usage=storage"
|
|
],
|
|
taints = [
|
|
"server-usage=storage:NoSchedule"
|
|
],
|
|
count = 1
|
|
}
|
|
]
|
|
|
|
load_balancer_type = "lb11"
|
|
load_balancer_location = "fsn1"
|
|
traefik_enabled = true
|
|
metrics_server_enabled = true
|
|
automatically_upgrade_k3s = true
|
|
initial_k3s_channel = "stable"
|
|
cluster_name = "clank"
|
|
use_cluster_name_in_node_name = true
|
|
|
|
# Adding extra firewall rules, like opening a port
|
|
# More info on the format here https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/firewall
|
|
# extra_firewall_rules = [
|
|
# # For Postgres
|
|
# {
|
|
# direction = "in"
|
|
# protocol = "tcp"
|
|
# port = "5432"
|
|
# source_ips = ["0.0.0.0/0", "::/0"]
|
|
# destination_ips = [] # Won't be used for this rule
|
|
# },
|
|
# # To Allow ArgoCD access to resources via SSH
|
|
# {
|
|
# direction = "out"
|
|
# protocol = "tcp"
|
|
# port = "22"
|
|
# source_ips = [] # Won't be used for this rule
|
|
# destination_ips = ["0.0.0.0/0", "::/0"]
|
|
# }
|
|
# ]
|
|
|
|
# If you want to configure additional Arguments for traefik, enter them here as a list and in the form of traefik CLI arguments; see https://doc.traefik.io/traefik/reference/static-configuration/cli/
|
|
# Example: traefik_additional_options = ["--log.level=DEBUG", "--tracing=true"]
|
|
traefik_additional_options = ["--tracing=true"]
|
|
enable_cert_manager = true
|
|
}
|
|
|
|
module "dns" {
|
|
source = "./modules/cloudflare"
|
|
api_token = var.cloudflare_api_token
|
|
|
|
zone_id = "9454b35cb1010b9eab9aadf206fdf11f"
|
|
|
|
records = [
|
|
{
|
|
name = "kjuulh.app",
|
|
ip = module.kube-hetzner.load_balancer_public_ipv4
|
|
ip_type = "A"
|
|
},
|
|
{
|
|
name = "*.kjuulh.app",
|
|
ip = module.kube-hetzner.load_balancer_public_ipv4
|
|
ip_type = "A"
|
|
}
|
|
]
|
|
}
|
|
|
|
module "flux" {
|
|
source = "./modules/flux"
|
|
path = "clank"
|
|
namespace = "clank"
|
|
url = "ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git"
|
|
branch = "main"
|
|
}
|