terraform-hcloud-kube-hetzner/main.tf

resource "random_password" "k3s_token" {
  length  = 48
  special = false
}

resource "hcloud_ssh_key" "k3s" {
  name       = var.cluster_name
  public_key = local.ssh_public_key
}

resource "hcloud_network" "k3s" {
  name     = var.cluster_name
  ip_range = local.network_ipv4_cidr
}

# We start from the end of the subnets cird array, 
# as we would have fewer control plane nodepools, than angent ones.
resource "hcloud_network_subnet" "control_plane" {
  count        = length(var.control_plane_nodepools)
  network_id   = hcloud_network.k3s.id
  type         = "cloud"
  network_zone = var.network_region
  ip_range     = local.network_ipv4_subnets[255 - count.index]
}

# Here we start at the beginning of the subnets cird array
resource "hcloud_network_subnet" "agent" {
  count        = length(var.agent_nodepools)
  network_id   = hcloud_network.k3s.id
  type         = "cloud"
  network_zone = var.network_region
  ip_range     = local.network_ipv4_subnets[count.index]
}

resource "hcloud_firewall" "k3s" {
  name = var.cluster_name

  dynamic "rule" {
    for_each = concat(local.base_firewall_rules, var.extra_firewall_rules)
    content {
      direction       = rule.value.direction
      protocol        = rule.value.protocol
      port            = lookup(rule.value, "port", null)
      destination_ips = lookup(rule.value, "destination_ips", [])
      source_ips      = lookup(rule.value, "source_ips", [])
    }
  }
}

resource "hcloud_placement_group" "control_plane" {
  count = ceil(local.control_plane_count / 10)
  name  = "${var.cluster_name}-control-plane-${count.index + 1}"
  type  = "spread"
}

resource "hcloud_placement_group" "agent" {
  count = ceil(local.agent_count / 10)
  name  = "${var.cluster_name}-agent-${count.index + 1}"
  type  = "spread"
}

data "hcloud_load_balancer" "traefik" {
  count = local.is_single_node_cluster ? 0 : var.traefik_enabled == false ? 0 : 1
  name  = "${var.cluster_name}-traefik"

  depends_on = [null_resource.kustomization]
}

resource "null_resource" "destroy_traefik_loadbalancer" {
  # this only gets triggered before total destruction of the cluster, but when the necessary elements to run the commands are still available
  triggers = {
    kustomization_id = null_resource.kustomization.id
  }

  # Important when issuing terraform destroy, otherwise the LB will not let the network get deleted
  provisioner "local-exec" {
    when       = destroy
    command    = <<-EOT
      kubectl -n kube-system delete service traefik --kubeconfig ${path.module}/kubeconfig.yaml
    EOT
    on_failure = continue
  }

  depends_on = [
    local_sensitive_file.kubeconfig,
    null_resource.control_planes[0],
    hcloud_network_subnet.control_plane,
    hcloud_network_subnet.agent,
    hcloud_placement_group.control_plane,
    hcloud_placement_group.agent,
    hcloud_network.k3s,
    hcloud_firewall.k3s,
    hcloud_ssh_key.k3s
  ]
}
k3os master ok 2021-11-30 23:09:34 +01:00			`resource "random_password" "k3s_token" {`
initial commit 2021-07-30 10:12:37 +02:00			`length = 48`
			`special = false`
			`}`

microOS prep 2022-02-05 00:02:25 +01:00			`resource "hcloud_ssh_key" "k3s" {`
changed the cluster name to manual 2022-03-09 05:19:06 +01:00			`name = var.cluster_name`
k3os master ok 2021-11-30 23:09:34 +01:00			`public_key = local.ssh_public_key`
initial commit 2021-07-30 10:12:37 +02:00			`}`

			`resource "hcloud_network" "k3s" {`
changed the cluster name to manual 2022-03-09 05:19:06 +01:00			`name = var.cluster_name`
small fix post merging master 2022-03-09 09:47:57 +01:00			`ip_range = local.network_ipv4_cidr`
initial commit 2021-07-30 10:12:37 +02:00			`}`

subnet dissociated 2022-04-13 11:56:09 +02:00			`# We start from the end of the subnets cird array,`
			`# as we would have fewer control plane nodepools, than angent ones.`
			`resource "hcloud_network_subnet" "control_plane" {`
ready to merge calico addition 2022-04-13 15:59:03 +02:00			`count = length(var.control_plane_nodepools)`
subnet dissociated 2022-04-13 11:56:09 +02:00			`network_id = hcloud_network.k3s.id`
			`type = "cloud"`
			`network_zone = var.network_region`
			`ip_range = local.network_ipv4_subnets[255 - count.index]`
			`}`

			`# Here we start at the beginning of the subnets cird array`
			`resource "hcloud_network_subnet" "agent" {`
ready to merge calico addition 2022-04-13 15:59:03 +02:00			`count = length(var.agent_nodepools)`
initial commit 2021-07-30 10:12:37 +02:00			`network_id = hcloud_network.k3s.id`
			`type = "cloud"`
Use a variable for `network_region` ..instead of hardcoding it to `eu-central` 2022-01-29 20:21:30 +01:00			`network_zone = var.network_region`
automated the creation of the subnets 2022-03-09 02:07:24 +01:00			`ip_range = local.network_ipv4_subnets[count.index]`
initial commit 2021-07-30 10:12:37 +02:00			`}`

Added Hetzner firewall and fixed addresses 2021-09-01 00:37:11 +02:00			`resource "hcloud_firewall" "k3s" {`
changed the cluster name to manual 2022-03-09 05:19:06 +01:00			`name = var.cluster_name`
Added Hetzner firewall and fixed addresses 2021-09-01 00:37:11 +02:00
added dynamic rule and var extra_firewall_rules 2022-02-27 23:15:46 +01:00			`dynamic "rule" {`
			`for_each = concat(local.base_firewall_rules, var.extra_firewall_rules)`
			`content {`
			`direction = rule.value.direction`
			`protocol = rule.value.protocol`
			`port = lookup(rule.value, "port", null)`
small tweak 2022-02-28 00:07:31 +01:00			`destination_ips = lookup(rule.value, "destination_ips", [])`
			`source_ips = lookup(rule.value, "source_ips", [])`
added dynamic rule and var extra_firewall_rules 2022-02-27 23:15:46 +01:00			`}`
Added Hetzner firewall and fixed addresses 2021-09-01 00:37:11 +02:00			`}`
initial commit 2021-07-30 10:12:37 +02:00			`}`

placement group fix attempt 2022-04-13 07:17:01 +02:00			`resource "hcloud_placement_group" "control_plane" {`
			`count = ceil(local.control_plane_count / 10)`
placement group fix 2022-04-13 09:29:29 +02:00			`name = "${var.cluster_name}-control-plane-${count.index + 1}"`
placement group fix attempt 2022-04-13 07:17:01 +02:00			`type = "spread"`
			`}`

			`resource "hcloud_placement_group" "agent" {`
			`count = ceil(local.agent_count / 10)`
placement group fix 2022-04-13 09:29:29 +02:00			`name = "${var.cluster_name}-agent-${count.index + 1}"`
placement group fix attempt 2022-04-13 07:17:01 +02:00			`type = "spread"`
Add Hetzner placement group and link servers to it 2022-01-29 21:15:23 +01:00			`}`
Expose load balancer ip in outputs 2022-02-14 00:24:08 +01:00
			`data "hcloud_load_balancer" "traefik" {`
add toggle to disable traefik & metric server 2022-03-11 12:17:48 +01:00			`count = local.is_single_node_cluster ? 0 : var.traefik_enabled == false ? 0 : 1`
changed the cluster name to manual 2022-03-09 05:19:06 +01:00			`name = "${var.cluster_name}-traefik"`
load balancer ip depends on deployed CCM... ...so a finished first control plane, more or less 2022-02-14 11:14:14 +01:00
First control plane node is not special anymore The first control plane node is now identical to any other server node. The cluster initialization happens once in two steps: first, make sure that the k3s cluster is initialized and then apply our configurations while the other nodes join. This change makes the initialization more resilient and even faster than before. 2022-02-22 08:50:54 +01:00			`depends_on = [null_resource.kustomization]`
Expose load balancer ip in outputs 2022-02-14 00:24:08 +01:00			`}`
added null ressouce to destroy lb 2022-02-24 01:44:56 +01:00
traefik deletes successfully 2022-02-25 00:21:28 +01:00			`resource "null_resource" "destroy_traefik_loadbalancer" {`
			`# this only gets triggered before total destruction of the cluster, but when the necessary elements to run the commands are still available`
added null ressouce to destroy lb 2022-02-24 01:44:56 +01:00			`triggers = {`
traefik deletes successfully 2022-02-25 00:21:28 +01:00			`kustomization_id = null_resource.kustomization.id`
added null ressouce to destroy lb 2022-02-24 01:44:56 +01:00			`}`

			`# Important when issuing terraform destroy, otherwise the LB will not let the network get deleted`
			`provisioner "local-exec" {`
traefik deletes successfully 2022-02-25 00:21:28 +01:00			`when = destroy`
			`command = <<-EOT`
			`kubectl -n kube-system delete service traefik --kubeconfig ${path.module}/kubeconfig.yaml`
added null ressouce to destroy lb 2022-02-24 01:44:56 +01:00			`EOT`
			`on_failure = continue`
			`}`
traefik deletes successfully 2022-02-25 00:21:28 +01:00
			`depends_on = [`
fix deprecated waring, switched to local_Sensitive_file for kubeconfig 2022-03-11 12:19:57 +01:00			`local_sensitive_file.kubeconfig,`
traefik deletes successfully 2022-02-25 00:21:28 +01:00			`null_resource.control_planes[0],`
subnet dissociated fix 2022-04-13 14:14:22 +02:00			`hcloud_network_subnet.control_plane,`
			`hcloud_network_subnet.agent,`
placement group fix 2022-04-13 09:29:29 +02:00			`hcloud_placement_group.control_plane,`
			`hcloud_placement_group.agent,`
traefik deletes successfully 2022-02-25 00:21:28 +01:00			`hcloud_network.k3s,`
			`hcloud_firewall.k3s,`
			`hcloud_ssh_key.k3s`
			`]`
added null ressouce to destroy lb 2022-02-24 01:44:56 +01:00			`}`