diff --git a/agents.tf b/agents.tf index b7f45cc..003fc82 100644 --- a/agents.tf +++ b/agents.tf @@ -10,7 +10,7 @@ module "agents" { additional_public_keys = var.additional_public_keys firewall_ids = [hcloud_firewall.k3s.id] placement_group_id = hcloud_placement_group.k3s.id - location = var.location + location = each.value.location server_type = each.value.server_type ipv4_subnet_id = hcloud_network_subnet.subnet[[for i, v in var.agent_nodepools : i if v.name == each.value.nodepool_name][0] + 2].id @@ -51,7 +51,8 @@ resource "null_resource" "agents" { kubelet-arg = "cloud-provider=external" flannel-iface = "eth1" node-ip = module.agents[each.key].private_ipv4_address - node-label = var.automatically_upgrade_k3s ? ["k3s_upgrade=true"] : [] + node-label = each.value.labels + node-taint = each.value.taints }) destination = "/tmp/config.yaml" } diff --git a/locals.tf b/locals.tf index 95daf55..439b1b1 100644 --- a/locals.tf +++ b/locals.tf @@ -175,6 +175,9 @@ locals { format("%s-%s", nodepool_obj.name, index) => { nodepool_name : nodepool_obj.name, server_type : nodepool_obj.server_type, + location : nodepool_obj.location, + labels : concat(local.default_labels, nodepool_obj.labels), + taints : nodepool_obj.taints, index : index } } @@ -190,4 +193,7 @@ locals { # disable k3s extras disable_extras = concat(["local-storage"], local.is_single_node_cluster ? [] : ["servicelb"], var.traefik_enabled ? [] : ["traefik"], var.metrics_server_enabled ? [] : ["metrics-server"]) + + # Default k3s node labels + default_labels = concat([], var.automatically_upgrade_k3s ? ["k3s_upgrade=true"] : []) } diff --git a/terraform.tfvars.example b/terraform.tfvars.example index 4340743..8641bd3 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -14,7 +14,6 @@ private_key = "/home/username/.ssh/id_ed25519" # These can be customized, or left with the default values # For Hetzner locations see https://docs.hetzner.com/general/others/data-centers-and-connection/ -# For Hetzner server types see https://www.hetzner.com/cloud location = "fsn1" # change to `ash` for us-east Ashburn, Virginia location network_region = "eu-central" # change to `us-east` if location is ash @@ -31,15 +30,35 @@ control_plane_server_type = "cpx11" # For single node clusters set this equal to [] or just set the counts to 0. # IMPORTANT: Once the cluster is created, you can change the count, and even set it to 0, but do not remove a nodepool from the list. # You can add others at the end of the list if you want. +# For Hetzner locations see https://docs.hetzner.com/general/others/data-centers-and-connection/ +# For Hetzner server types see https://www.hetzner.com/cloud agent_nodepools = [ { name = "agent-small", server_type = "cpx11", + location = "fsn1", + labels = [], + taints = [], count = 2 }, { name = "agent-large", server_type = "cpx21", + location = "fsn1", + labels = [], + taints = [], + count = 1 + }, + { + name = "storage", + server_type = "cpx21", + location = "fsn1", + labels = [ + "node.kubernetes.io/server-usage=storage" + ], + taints = [ + "server-usage=storage:NoSchedule" + ], count = 1 } ] @@ -81,7 +100,7 @@ load_balancer_type = "lb11" # use_cluster_name_in_node_name = false # Adding extra firewall rules, like opening a port -# In this example with allow port TCP 5432 for a Postgres service we will open via a nodeport +# In this example with allow port TCP 5432 for a Postgres service we will open via a nodeport and allow outgoing SMTP traffic on port TCP 465 # More info on the format here https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/firewall # extra_firewall_rules = [ # { @@ -92,6 +111,14 @@ load_balancer_type = "lb11" # "0.0.0.0/0" # ] # }, +# { +# direction = "out" +# protocol = "tcp" +# port = "465" +# destination_ips = [ +# "0.0.0.0/0" +# ] +# }, # ] # If you want to configure additional Arguments for traefik, enter them here as a list and in the form of traefik CLI arguments; see https://doc.traefik.io/traefik/reference/static-configuration/cli/