diff --git a/agents.tf b/agents.tf index 10912ec..0bdb214 100644 --- a/agents.tf +++ b/agents.tf @@ -1,9 +1,13 @@ +resource "random_pet" "agents" { + for_each = local.agent_nodepools +} + module "agents" { source = "./modules/host" for_each = local.agent_nodepools - name = each.key + name = "${each.key}-${random_pet.cluster.id}-${random_pet.agents[each.key].id}" ssh_keys = [hcloud_ssh_key.k3s.id] public_key = var.public_key private_key = var.private_key diff --git a/control_planes.tf b/control_planes.tf index 34cf4bf..082319a 100644 --- a/control_planes.tf +++ b/control_planes.tf @@ -1,8 +1,12 @@ +resource "random_pet" "control_planes" { + count = var.control_plane_count +} + module "control_planes" { source = "./modules/host" count = var.control_plane_count - name = "control-plane-${count.index}" + name = "control-plane-${random_pet.cluster.id}-${random_pet.control_planes[count.index].id}" ssh_keys = [hcloud_ssh_key.k3s.id] public_key = var.public_key diff --git a/init.tf b/init.tf index 36e85a3..39b2c47 100644 --- a/init.tf +++ b/init.tf @@ -94,6 +94,7 @@ resource "null_resource" "kustomization" { content = local.is_single_node_cluster ? "" : templatefile( "${path.module}/templates/traefik_config.yaml.tpl", { + cluster_pet_name = random_pet.cluster.id load_balancer_disable_ipv6 = var.load_balancer_disable_ipv6 load_balancer_type = var.load_balancer_type location = var.location diff --git a/main.tf b/main.tf index ce18aa8..1ca3bf6 100644 --- a/main.tf +++ b/main.tf @@ -1,15 +1,18 @@ +resource "random_pet" "cluster" { +} + resource "random_password" "k3s_token" { length = 48 special = false } resource "hcloud_ssh_key" "k3s" { - name = "k3s" + name = "k3s-${random_pet.cluster.id}" public_key = local.ssh_public_key } resource "hcloud_network" "k3s" { - name = "k3s" + name = "k3s-${random_pet.cluster.id}" ip_range = var.network_ipv4_range } @@ -22,7 +25,7 @@ resource "hcloud_network_subnet" "subnet" { } resource "hcloud_firewall" "k3s" { - name = "k3s" + name = "k3s-${random_pet.cluster.id}" dynamic "rule" { for_each = concat(local.base_firewall_rules, var.extra_firewall_rules) @@ -37,7 +40,7 @@ resource "hcloud_firewall" "k3s" { } resource "hcloud_placement_group" "k3s" { - name = "k3s" + name = "k3s-${random_pet.cluster.id}" type = "spread" labels = { "provisioner" = "terraform", @@ -47,7 +50,7 @@ resource "hcloud_placement_group" "k3s" { data "hcloud_load_balancer" "traefik" { count = local.is_single_node_cluster ? 0 : 1 - name = "traefik" + name = "traefik-${random_pet.cluster.id}" depends_on = [null_resource.kustomization] } diff --git a/output.tf b/output.tf index 4d2033e..aa0604c 100644 --- a/output.tf +++ b/output.tf @@ -1,3 +1,8 @@ +output "cluster_pet_name" { + value = random_pet.cluster + description = "Shared suffix for all resources belonging to this cluster." +} + output "control_planes_public_ipv4" { value = module.control_planes.*.ipv4_address description = "The public IPv4 addresses of the controlplane server." diff --git a/templates/traefik_config.yaml.tpl b/templates/traefik_config.yaml.tpl index 75ce20f..e78d957 100644 --- a/templates/traefik_config.yaml.tpl +++ b/templates/traefik_config.yaml.tpl @@ -9,7 +9,7 @@ spec: enabled: true type: LoadBalancer annotations: - "load-balancer.hetzner.cloud/name": "traefik" + "load-balancer.hetzner.cloud/name": "traefik-${cluster_pet_name}" # make hetzners load-balancer connect to our nodes via our private k3s "load-balancer.hetzner.cloud/use-private-ip": "true" # keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet @@ -28,4 +28,4 @@ spec: - "--certificatesresolvers.le.acme.tlschallenge=true" - "--certificatesresolvers.le.acme.email=${traefik_acme_email}" - "--certificatesresolvers.le.acme.storage=/data/acme.json" -%{ endif ~} \ No newline at end of file +%{ endif ~}