kjuulh/terraform-hcloud-kube-hetzner
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity
4fe79625b1
terraform-hcloud-kube-hetzner/terraform.tfvars.example
Karim Naufal 4fe79625b1 added dynamic rule and var extra_firewall_rules
2022-02-27 23:15:46 +01:00

67 lines
2.8 KiB
Plaintext
Raw Blame History

# You need to replace these
hcloud_token = "xxxxxxxxxxxxxxxxxxYYYYYYYYYYYYYYYYYYYzzzzzzzzzzzzzzzzzzzzz"
public_key = "/home/username/.ssh/id_ed25519.pub"
# Must be "private_key = null" when you want to use ssh-agent, for a Yubikey like device auth or an SSH key-pair with passphrase
private_key = "/home/username/.ssh/id_ed25519"
# These can be customized, or left with the default values
# For Hetzner locations see https://docs.hetzner.com/general/others/data-centers-and-connection/
# For Hetzner server types see https://www.hetzner.com/cloud
location = "fsn1" # change to `ash` for us-east Ashburn, Virginia location
network_region = "eu-central" # change to `us-east` if location is ash
# It's best to leave the network range as is, unless you know what you are doing. The default is "10.0.0.0/8".
# network_ipv4_range = "10.0.0.0/8"
# You can have up to as many subnets as you want (preferably if the form of 10.X.0.0/16), their primary use is to logically separate the nodes.
network_ipv4_subnets = {
control_plane = "10.1.0.0/16"
subnet1 = "10.2.0.0/16"
subnet2 = "10.3.0.0/16"
}
# As for the agent nodepools, below is just an example, if you do not want nodepools, just use one, and change the name to what you want, it need not be "big" or "small", also give them the subnet you want, or keep the default.
agent_nodepools = {
big = {
server_type = "cpx21",
count = 1,
subnet = "subnet1",
}
small = {
server_type = "cpx11",
count = 2,
subnet = "subnet2",
}
}
# If you want to use a specific Hetzner CCM and CSI version, set them below, otherwise leave as is for the latest versions
# hetzner_ccm_version = ""
# hetzner_csi_version = ""
# If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
# traefik_acme_tls = true
# traefik_acme_email = "mail@example.com"
# If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false".
# allow_scheduling_on_control_plane = true
# If you want to disable automatic upgrade of k3s, you can set this to false, default is "true".
# automatically_upgrade_k3s = false
# Allows you to specify either stable, latest, or testing (defaults to stable), see https://rancher.com/docs/k3s/latest/en/upgrades/basic/
# initial_k3s_channel = "latest"
# Adding extra firewall rules, like opening a port
# In this example with allow port TCP 5432 for a Postgres service we will open via a nodeport
# More info on the format here https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/firewall
extra_firewall_rules = [
{
direction = "in"
protocol = "tcp"
port = "5432"
source_ips = [
"0.0.0.0/0"
]
},
]
Reference in New Issue View Git Blame Copy Permalink