diff --git a/terraform/hcloud-kubernetes-cluster.tf b/terraform/hcloud-kubernetes-cluster.tf index 7845199..8c12b96 100644 --- a/terraform/hcloud-kubernetes-cluster.tf +++ b/terraform/hcloud-kubernetes-cluster.tf @@ -1,6 +1,6 @@ resource "hcloud_network" "kube-network" { name = "kube-network" - ip_range = "10.0.0.0/8" + ip_range = "10.0.0.0/16" } resource "hcloud_network_subnet" "kube-subnet" { @@ -10,22 +10,53 @@ resource "hcloud_network_subnet" "kube-subnet" { ip_range = "10.0.1.0/24" } -# resource "hcloud_server" "server" { -# name = "control-plane" -# server_type = "cx21" -# image = "ubuntu-22.04" -# location = "nbg1" +resource "hcloud_ssh_key" "default" { + name = "YubiKey" + public_key = file("~/.ssh/id_ed25519_sk.pub") +} -# network { -# network_id = hcloud_network.kube-network.id -# ip = "10.0.1.1" -# } +resource "hcloud_server" "control-plane" { + count = 0 + name = "control-plane" + server_type = "cx21" + image = "ubuntu-22.04" + location = "nbg1" -# depends_on = [ -# hcloud_network_subnet.kube-subnet -# ] + network { + network_id = hcloud_network.kube-network.id + ip = "10.0.1.1" + } -# user_data = templatefile("${path.module}/templates/cloud-init-tailscale.tpl", { -# tailscale_key = var.tailscale_key -# }) -# } + depends_on = [ + hcloud_network_subnet.kube-subnet + ] + + user_data = templatefile("${path.module}/templates/tailscale-kube-control-plane.yaml.tpl", { + tailscale_key = var.tailscale_key + }) + + ssh_keys = [hcloud_ssh_key.default.id] +} + +resource "hcloud_server" "worker-node" { + count = 0 + name = "worker-node-${count.index+1}" + server_type = "cx21" + image = "ubuntu-22.04" + location = "nbg1" + + network { + network_id = hcloud_network.kube-network.id + ip = "10.0.1.${count.index+2}" + } + + depends_on = [ + hcloud_network_subnet.kube-subnet + ] + + user_data = templatefile("${path.module}/templates/tailscale-kube-worker.yaml.tpl", { + tailscale_key = var.tailscale_key + }) + + ssh_keys = [hcloud_ssh_key.default.id] +} diff --git a/terraform/templates/cloud-init-tailscale.tpl b/terraform/templates/cloud-init-tailscale.tpl deleted file mode 100644 index 15178dc..0000000 --- a/terraform/templates/cloud-init-tailscale.tpl +++ /dev/null @@ -1,11 +0,0 @@ -#cloud-config ---- -apt: - sources: - tailscale.list: - source: deb https://pkgs.tailscale.com/stable/ubuntu jammy main - keyid: 2596A99EAAB33821893C0A79458CA832957F5868 -packages: - - tailscale -runcmd: - - [ tailscale, up, -auth-key, ${tailscale_key}, -ssh ] \ No newline at end of file diff --git a/terraform/templates/tailscale-kube-control-plane.yaml.tpl b/terraform/templates/tailscale-kube-control-plane.yaml.tpl new file mode 100644 index 0000000..672b267 --- /dev/null +++ b/terraform/templates/tailscale-kube-control-plane.yaml.tpl @@ -0,0 +1,48 @@ +#cloud-config +--- +apt: + sources: + tailscale.list: + source: deb https://pkgs.tailscale.com/stable/ubuntu jammy main + keyid: 2596A99EAAB33821893C0A79458CA832957F5868 + kubernetes.list: + source: deb https://apt.kubernetes.io/ kubernetes-xenial main + keyid: A362B822F6DEDC652817EA46B53DC80D13EDEF05 + docker.list: + source: deb https://download.docker.com/linux/ubuntu jammy stable + keyid: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 +write_files: + - path: /etc/sysctl.d/k8s.conf + content: | + net.bridge.bridge-nf-call-iptables = 1 + net.bridge.bridge-nf-call-ip6tables = 1 + net.ipv4.ip_forward = 1 + - path: /etc/modules-load.d/k8s.conf + content: | + overlay + br_netfilter + - path: /etc/containerd/config.toml + content: | + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] + SystemdCgroup = true + disabled_plugins = [] + - path: /root/k8s.yaml + content: | + apiVersion: kubelet.config.k8s.io/v1beta1 + kind: KubeletConfiguration + cgroupDriver: systemd +packages: + - tailscale + - apt-transport-https + - ca-certificates + - curl + - kubelet + - kubeadm + - kubectl + - containerd.io +runcmd: + - [ modprobe, overlay ] + - [ modprobe, br_netfilter ] + - [ sysctl, --system ] + - [ tailscale, up, -auth-key, ${tailscale_key}, -ssh ] + - [ apt-mark, hold, kubelet, kubeadm, kubectl ] diff --git a/terraform/templates/tailscale-kube-worker.yaml.tpl b/terraform/templates/tailscale-kube-worker.yaml.tpl new file mode 100644 index 0000000..672b267 --- /dev/null +++ b/terraform/templates/tailscale-kube-worker.yaml.tpl @@ -0,0 +1,48 @@ +#cloud-config +--- +apt: + sources: + tailscale.list: + source: deb https://pkgs.tailscale.com/stable/ubuntu jammy main + keyid: 2596A99EAAB33821893C0A79458CA832957F5868 + kubernetes.list: + source: deb https://apt.kubernetes.io/ kubernetes-xenial main + keyid: A362B822F6DEDC652817EA46B53DC80D13EDEF05 + docker.list: + source: deb https://download.docker.com/linux/ubuntu jammy stable + keyid: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88 +write_files: + - path: /etc/sysctl.d/k8s.conf + content: | + net.bridge.bridge-nf-call-iptables = 1 + net.bridge.bridge-nf-call-ip6tables = 1 + net.ipv4.ip_forward = 1 + - path: /etc/modules-load.d/k8s.conf + content: | + overlay + br_netfilter + - path: /etc/containerd/config.toml + content: | + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] + SystemdCgroup = true + disabled_plugins = [] + - path: /root/k8s.yaml + content: | + apiVersion: kubelet.config.k8s.io/v1beta1 + kind: KubeletConfiguration + cgroupDriver: systemd +packages: + - tailscale + - apt-transport-https + - ca-certificates + - curl + - kubelet + - kubeadm + - kubectl + - containerd.io +runcmd: + - [ modprobe, overlay ] + - [ modprobe, br_netfilter ] + - [ sysctl, --system ] + - [ tailscale, up, -auth-key, ${tailscale_key}, -ssh ] + - [ apt-mark, hold, kubelet, kubeadm, kubectl ]