-
Notifications
You must be signed in to change notification settings - Fork 5
/
main.tf
122 lines (97 loc) · 2.86 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
resource "random_password" "cluster_token" {
length = 64
special = false
}
resource "random_password" "bootstrap_token_id" {
length = 6
upper = false
special = false
}
resource "random_password" "bootstrap_token_secret" {
length = 16
upper = false
special = false
}
locals {
token = "${random_password.bootstrap_token_id.result}.${random_password.bootstrap_token_secret.result}"
common_k3s_args = [
"--kube-apiserver-arg", "enable-bootstrap-token-auth",
"--disable", "traefik",
"--node-label", "az=ex1",
]
}
data "k8sbootstrap_auth" "auth" {
server = module.server1.k3s_external_url
token = local.token
}
module "server1" {
source = "../../k3s-hcloud"
name = "k3s-server-1"
keypair_name = hcloud_ssh_key.k3s.name
network_id = hcloud_network_subnet.k3s.network_id
network_range = hcloud_network.k3s.ip_range
cluster_token = random_password.cluster_token.result
k3s_args = concat(["server", "--cluster-init"], local.common_k3s_args)
bootstrap_token_id = random_password.bootstrap_token_id.result
bootstrap_token_secret = random_password.bootstrap_token_secret.result
}
module "servers" {
source = "../../k3s-hcloud"
count = 2
name = "k3s-server-${count.index + 2}"
keypair_name = hcloud_ssh_key.k3s.name
network_id = hcloud_network_subnet.k3s.network_id
network_range = hcloud_network.k3s.ip_range
k3s_join_existing = true
k3s_url = module.server1.k3s_url
cluster_token = random_password.cluster_token.result
k3s_args = concat(["server"], local.common_k3s_args)
}
module "agent" {
source = "../../k3s-hcloud"
count = 1
name = "k3s-agent-${count.index + 1}"
keypair_name = hcloud_ssh_key.k3s.name
network_id = hcloud_network_subnet.k3s.network_id
network_range = hcloud_network.k3s.ip_range
k3s_join_existing = true
k3s_url = module.server1.k3s_url
cluster_token = random_password.cluster_token.result
k3s_args = ["agent", "--node-label", "az=ex1"]
}
output "cluster_token" {
value = random_password.cluster_token.result
sensitive = true
}
output "k3s_url" {
value = module.server1.k3s_url
}
output "k3s_external_url" {
value = module.server1.k3s_external_url
}
output "server_ip" {
value = module.server1.node_ip
}
output "server_external_ip" {
value = module.server1.node_external_ip
}
output "server_user_data" {
value = module.server1.user_data
sensitive = true
}
output "token" {
value = local.token
sensitive = true
}
output "ca_crt" {
value = data.k8sbootstrap_auth.auth.ca_crt
}
output "kubeconfig" {
value = data.k8sbootstrap_auth.auth.kubeconfig
sensitive = true
}
provider "kubernetes" {
host = module.server1.k3s_url
token = local.token
cluster_ca_certificate = data.k8sbootstrap_auth.auth.ca_crt
}