stelb/talos-hetzner
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
talos-hetzner/talos.tf
Stefan Le Breton 31b12da2c7 comments for TODOs
2024-11-20 14:47:11 +01:00

160 lines
4.4 KiB
HCL
Raw Blame History

locals {
hccm_secret = yamlencode({
apiVersion = "v1"
kind = "Secret"
metadata = {
name = "hcloud"
namespace = "kube-system"
}
data = {
network = base64encode(var.hcloud_private_network.name)
token = base64encode(var.hcloud_token)
}
})
endpoint_ip = hcloud_server.talos_cp[0].ipv4_address
talos_config_cp_patches = yamlencode({
cluster = {
# etcd = {
# advertisedSubnets = [
# "!${var.hcloud_private_network.cidr}"
# ]
# }
}
})
talos_config_patches = yamlencode({
cluster = {
allowSchedulingOnControlPlanes = true # TODO: optional
network = {
cni = {
name = "none"
}
}
proxy = {
disabled = true
}
externalCloudProvider = {
enabled = true
}
discovery = {
enabled = true
}
# etcd = {
# advertisedSubnets = [
# "${var.hcloud_private_network.cidr}"
# ]
# }
extraManifests = [
"https://raw.githubusercontent.com/hetznercloud/hcloud-cloud-controller-manager/main/deploy/ccm-networks.yaml",
"https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/experimental-install.yaml"
]
inlineManifests = [
{
name = "cilium"
contents = data.helm_template.cilium.manifest
},
{
name = "hccm secret"
contents = local.hccm_secret
}
]
}
machine = {
kubelet = { # TODO: optional kubelet version
nodeIP = {
validSubnets = [
"${var.hcloud_private_network.cidr}"
]
}
}
}
})
# for longhorn and small storage needs, hetzner volumes are at least 10G
talos_disk_patch = yamlencode({
machine = {
kubelet = {
extraMounts = [
{
destination = "/var/mnt/storage"
type = "bind"
source = "/var/mnt/storage"
options = ["bind", "rshared", "rw"]
}
]
}
disks = [{
device = "/dev/sdb"
partitions = [{ mountpoint = "/var/mnt/storage" }]
}]
}
})
}
# create secrets
resource "talos_machine_secrets" "this" {}
data "talos_client_configuration" "this" {
cluster_name = var.talos_cluster_name
client_configuration = talos_machine_secrets.this.client_configuration
endpoints = [local.endpoint_ip]
}
data "talos_machine_configuration" "controlplane" {
cluster_name = var.talos_cluster_name
cluster_endpoint = "https://${local.endpoint_ip}:6443"
machine_type = "controlplane"
machine_secrets = talos_machine_secrets.this.machine_secrets
config_patches = [
local.talos_config_patches,
local.talos_config_cp_patches,
local.talos_disk_patch
]
}
resource "talos_machine_configuration_apply" "controlplane" {
for_each = { for s in hcloud_server.talos_cp : s.name => s }
client_configuration = talos_machine_secrets.this.client_configuration
machine_configuration_input = data.talos_machine_configuration.controlplane.machine_configuration
node = each.value.ipv4_address
}
resource "talos_machine_bootstrap" "this" {
depends_on = [
talos_machine_configuration_apply.controlplane
]
node = local.endpoint_ip
client_configuration = talos_machine_secrets.this.client_configuration
}
data "talos_machine_configuration" "worker" {
cluster_name = var.talos_cluster_name
cluster_endpoint = "https://${local.endpoint_ip}:6443"
machine_type = "worker"
machine_secrets = talos_machine_secrets.this.machine_secrets
config_patches = [local.talos_config_patches, local.talos_disk_patch]
}
resource "talos_machine_configuration_apply" "worker" {
for_each = { for s in hcloud_server.talos_wk : s.name => s }
client_configuration = talos_machine_secrets.this.client_configuration
machine_configuration_input = data.talos_machine_configuration.worker.machine_configuration
node = each.value.ipv4_address
}
data "talos_cluster_kubeconfig" "this" {
client_configuration = talos_machine_secrets.this.client_configuration
node = local.endpoint_ip
# wait = true
}
# actually there should be a check with talos_cluster_health, but fails for me with internal network
Reference in a new issue View git blame Copy permalink