From c9101824fca04d4a898c6bfa2d742f3351f1295c Mon Sep 17 00:00:00 2001 From: jodhi Date: Sat, 26 Feb 2022 01:16:38 +0700 Subject: [PATCH] add specific subnet for nodepool --- agents.tf | 10 +++++++--- data.tf | 2 +- init.tf | 2 +- locals.tf | 6 ++++-- main.tf | 13 +++++++------ modules/host/main.tf | 5 +++-- modules/host/variables.tf | 11 ++++++++--- servers.tf | 9 +++++++-- terraform.tfvars.example | 20 ++++++++++++++------ variables.tf | 15 ++++++++++----- 10 files changed, 62 insertions(+), 31 deletions(-) diff --git a/agents.tf b/agents.tf index 7647cc0..8c3f6c9 100644 --- a/agents.tf +++ b/agents.tf @@ -11,15 +11,19 @@ module "agents" { firewall_ids = [hcloud_firewall.k3s.id] placement_group_id = hcloud_placement_group.k3s.id location = var.location - network_id = hcloud_network.k3s.id server_type = each.value.server_type - + subnet_id = hcloud_network_subnet.subnet[each.value.subnet].id + private_ip = cidrhost(var.network_subnets[each.value.subnet], each.value.index + 1) labels = { "provisioner" = "terraform", "engine" = "k3s" } hcloud_token = var.hcloud_token + + depends_on = [ + hcloud_network_subnet.subnet + ] } resource "null_resource" "agents" { @@ -73,6 +77,6 @@ resource "null_resource" "agents" { depends_on = [ null_resource.first_control_plane, - hcloud_network_subnet.k3s + hcloud_network_subnet.subnet ] } diff --git a/data.tf b/data.tf index 41d1cff..6b2c552 100644 --- a/data.tf +++ b/data.tf @@ -15,4 +15,4 @@ data "github_release" "kured" { repository = "kured" owner = "weaveworks" retrieve_by = "latest" -} \ No newline at end of file +} diff --git a/init.tf b/init.tf index cb3eec9..4f1d350 100644 --- a/init.tf +++ b/init.tf @@ -58,7 +58,7 @@ resource "null_resource" "first_control_plane" { } depends_on = [ - hcloud_network_subnet.k3s + hcloud_network_subnet.subnet["control_plane"] ] } diff --git a/locals.tf b/locals.tf index 3c78ad0..785c1c3 100644 --- a/locals.tf +++ b/locals.tf @@ -33,9 +33,11 @@ locals { agent_nodepools = merge([ for nodepool_name, nodepool_obj in var.agent_nodepools : { - for index in range(lookup(nodepool_obj, "count", var.agents_num)) : + for index in range(nodepool_obj.count) : format("%s-%s", nodepool_name, index) => { - server_type : nodepool_obj.server_type + server_type : nodepool_obj.server_type, + subnet : lookup(nodepool_obj, "subnet", "default"), + index : index } } ]...) diff --git a/main.tf b/main.tf index 3e71a22..34ba1bd 100644 --- a/main.tf +++ b/main.tf @@ -10,14 +10,15 @@ resource "hcloud_ssh_key" "k3s" { resource "hcloud_network" "k3s" { name = "k3s" - ip_range = "10.0.0.0/8" + ip_range = var.network_ip_range } -resource "hcloud_network_subnet" "k3s" { +resource "hcloud_network_subnet" "subnet" { + for_each = var.network_subnets network_id = hcloud_network.k3s.id type = "cloud" network_zone = var.network_region - ip_range = "10.0.0.0/16" + ip_range = each.value } resource "hcloud_firewall" "k3s" { @@ -29,8 +30,8 @@ resource "hcloud_firewall" "k3s" { protocol = "tcp" port = "any" source_ips = [ + var.network_ip_range, "127.0.0.1/32", - "10.0.0.0/8", "169.254.169.254/32", "213.239.246.1/32" ] @@ -40,8 +41,8 @@ resource "hcloud_firewall" "k3s" { protocol = "udp" port = "any" source_ips = [ + var.network_ip_range, "127.0.0.1/32", - "10.0.0.0/8", "169.254.169.254/32", "213.239.246.1/32" ] @@ -50,8 +51,8 @@ resource "hcloud_firewall" "k3s" { direction = "in" protocol = "icmp" source_ips = [ + var.network_ip_range, "127.0.0.1/32", - "10.0.0.0/8", "169.254.169.254/32", "213.239.246.1/32" ] diff --git a/modules/host/main.tf b/modules/host/main.tf index b8b8dd9..9ce3e30 100644 --- a/modules/host/main.tf +++ b/modules/host/main.tf @@ -65,6 +65,7 @@ resource "hcloud_server" "server" { } resource "hcloud_server_network" "server" { - server_id = hcloud_server.server.id - network_id = var.network_id + ip = var.private_ip + server_id = hcloud_server.server.id + subnet_id = var.subnet_id } diff --git a/modules/host/variables.tf b/modules/host/variables.tf index 77a8176..614317f 100644 --- a/modules/host/variables.tf +++ b/modules/host/variables.tf @@ -54,9 +54,14 @@ variable "location" { type = string } -variable "network_id" { - description = "The network or subnet id" - type = number +variable "subnet_id" { + description = "The subnet id" + type = string +} + +variable "private_ip" { + description = "Private IP for the server" + type = string } variable "server_type" { diff --git a/servers.tf b/servers.tf index acfc3f2..0263f15 100644 --- a/servers.tf +++ b/servers.tf @@ -11,8 +11,9 @@ module "control_planes" { firewall_ids = [hcloud_firewall.k3s.id] placement_group_id = hcloud_placement_group.k3s.id location = var.location - network_id = hcloud_network.k3s.id server_type = var.control_plane_server_type + subnet_id = hcloud_network_subnet.subnet["control_plane"].id + private_ip = cidrhost(var.network_subnets["control_plane"], count.index + 1) labels = { "provisioner" = "terraform", @@ -20,6 +21,10 @@ module "control_planes" { } hcloud_token = var.hcloud_token + + depends_on = [ + hcloud_network_subnet.subnet + ] } resource "null_resource" "control_planes" { @@ -78,6 +83,6 @@ resource "null_resource" "control_planes" { depends_on = [ null_resource.first_control_plane, - hcloud_network_subnet.k3s + hcloud_network_subnet.subnet ] } diff --git a/terraform.tfvars.example b/terraform.tfvars.example index 481de9f..f97712b 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -7,24 +7,32 @@ private_key = "/home/username/.ssh/id_ed25519" # These can be customized, or left with the default values # For Hetzner locations see https://docs.hetzner.com/general/others/data-centers-and-connection/ # For Hetzner server types see https://www.hetzner.com/cloud -location = "fsn1" # change to `ash` for us-east Ashburn, Virginia location -network_region = "eu-central" # change to `us-east` if location is ash +location = "fsn1" # change to `ash` for us-east Ashburn, Virginia location +network_region = "eu-central" # change to `us-east` if location is ash +network_ip_range = "10.0.0.0/8" +network_subnets = { + control_plane = "10.1.0.0/16" + subnet1 = "10.2.0.0/16" + subnet2 = "10.3.0.0/16" +} + control_plane_server_type = "cpx11" lb_server_type = "lb11" # At least 3 server nodes is recommended for HA, otherwise you need to turn off automatic upgrade (see ReadMe). -servers_num = 3 +servers_num = 3 -# For agent nodes, at least 2 is recommended for HA, but you can keep automatic upgrades. -agents_num = 2 agent_nodepools = { big = { server_type = "cpx31", - count = 1 + count = 1, + subnet = "subnet1", } small = { server_type = "cpx21", + count = 2, + subnet = "subnet2", } } diff --git a/variables.tf b/variables.tf index 0b1d8f5..c83a294 100644 --- a/variables.tf +++ b/variables.tf @@ -30,6 +30,16 @@ variable "network_region" { type = string } +variable "network_ip_range" { + description = "Default IP range for network" + type = string +} + +variable "network_subnets" { + description = "Subnets definition for default network" + type = map(string) +} + variable "control_plane_server_type" { description = "Default control plane server type" type = string @@ -52,11 +62,6 @@ variable "servers_num" { type = number } -variable "agents_num" { - description = "Number of agent nodes." - type = number -} - variable "agent_nodepools" { description = "Number of agent nodes." type = map(any)