150 lines
3.5 KiB
HCL
150 lines
3.5 KiB
HCL
terraform {
|
|
required_version = ">= 1.2.0"
|
|
required_providers {
|
|
hcloud = {
|
|
source = "hetznercloud/hcloud"
|
|
version = ">= 1.0.0"
|
|
}
|
|
}
|
|
}
|
|
|
|
provider "hcloud" {
|
|
token = var.hcloud_token
|
|
}
|
|
|
|
module "kube-hetzner" {
|
|
providers = {
|
|
hcloud = hcloud
|
|
}
|
|
|
|
source = "kube-hetzner/kube-hetzner/hcloud"
|
|
|
|
hcloud_token = var.hcloud_token
|
|
|
|
ssh_public_key = file(".keys/id_ed25519.pub")
|
|
ssh_private_key = file(".keys/id_ed25519")
|
|
|
|
network_region = "eu-central" # change to `us-east` if location is ash
|
|
control_plane_nodepools = [
|
|
{
|
|
name = "control-plane-fsn1",
|
|
server_type = "cpx11",
|
|
location = "fsn1",
|
|
labels = [],
|
|
taints = [],
|
|
count = 1
|
|
},
|
|
{
|
|
name = "control-plane-nbg1",
|
|
server_type = "cpx11",
|
|
location = "nbg1",
|
|
labels = [],
|
|
taints = [],
|
|
count = 1
|
|
},
|
|
{
|
|
name = "control-plane-hel1",
|
|
server_type = "cpx11",
|
|
location = "hel1",
|
|
labels = [],
|
|
taints = [],
|
|
count = 1
|
|
}
|
|
]
|
|
|
|
agent_nodepools = [
|
|
{
|
|
name = "agent-small1",
|
|
server_type = "cpx11",
|
|
location = "fsn1",
|
|
labels = [],
|
|
taints = [],
|
|
count = 1
|
|
},
|
|
{
|
|
name = "agent-small2",
|
|
server_type = "cpx11",
|
|
location = "nbg1",
|
|
labels = [],
|
|
taints = [],
|
|
count = 0
|
|
},
|
|
{
|
|
name = "storage1",
|
|
server_type = "cpx11",
|
|
location = "fsn1",
|
|
labels = [
|
|
"node.kubernetes.io/server-usage=storage"
|
|
],
|
|
taints = [
|
|
"server-usage=storage:NoSchedule"
|
|
],
|
|
count = 1
|
|
}
|
|
]
|
|
|
|
load_balancer_type = "lb11"
|
|
load_balancer_location = "fsn1"
|
|
traefik_enabled = true
|
|
traefik_additional_options = ["--log.level=DEBUG", "--tracing=true"]
|
|
metrics_server_enabled = true
|
|
automatically_upgrade_k3s = true
|
|
initial_k3s_channel = "stable"
|
|
cluster_name = "clank"
|
|
use_cluster_name_in_node_name = true
|
|
|
|
# Adding extra firewall rules, like opening a port
|
|
# More info on the format here https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/firewall
|
|
extra_firewall_rules = [
|
|
# # For Postgres
|
|
# {
|
|
# direction = "in"
|
|
# protocol = "tcp"
|
|
# port = "5432"
|
|
# source_ips = ["0.0.0.0/0", "::/0"]
|
|
# destination_ips = [] # Won't be used for this rule
|
|
# },
|
|
# # To Allow ArgoCD access to resources via SSH
|
|
{
|
|
direction = "out"
|
|
protocol = "tcp"
|
|
port = "22"
|
|
source_ips = [] # Won't be used for this rule
|
|
destination_ips = ["0.0.0.0/0", "::/0"]
|
|
}
|
|
]
|
|
|
|
enable_cert_manager = false
|
|
}
|
|
|
|
module "dns" {
|
|
source = "./modules/cloudflare"
|
|
api_token = var.cloudflare_api_token
|
|
|
|
zone_id = "9454b35cb1010b9eab9aadf206fdf11f"
|
|
|
|
records = [
|
|
{
|
|
name = "kjuulh.app",
|
|
ip = module.kube-hetzner.load_balancer_public_ipv4
|
|
ip_type = "A"
|
|
},
|
|
{
|
|
name = "*.kjuulh.app",
|
|
ip = module.kube-hetzner.load_balancer_public_ipv4
|
|
ip_type = "A"
|
|
}
|
|
]
|
|
}
|
|
|
|
#module "flux" {
|
|
# source = "./modules/flux"
|
|
# path = "clank"
|
|
# namespace = "flux-system"
|
|
# url = "ssh://git@git.front.kjuulh.io/clank/kubernetes-state.git"
|
|
# branch = "main"
|
|
#
|
|
# ssh_private_key_pem = file(".keys/id_clank")
|
|
# ssh_public_key_pem = file(".keys/id_clank.pub")
|
|
#}
|