prskr/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat: configure placement group

Browse source
This commit is contained in:
Peter 2024-05-04 16:57:25 +02:00
parent 5124e35f05
commit 5e8635e5ce
Signed by: prskr
GPG key ID: F56BED6903BC5E37
8 changed files with 127 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
infrastructure/configs/workers/k3s-flatcar.yaml
View file

@ -20,7 +20,7 @@ systemd:
Environment="K3S_URL=https://172.23.2.10:6443" Environment="K3S_URL=https://172.23.2.10:6443"
Environment="K3S_TOKEN=${k3s_token}" Environment="K3S_TOKEN=${k3s_token}"
Environment="INSTALL_K3S_VERSION=${k3s_version}" Environment="INSTALL_K3S_VERSION=${k3s_version}"
Environment="INSTALL_K3S_EXEC=agent --node-ip=${node_ip} --kubelet-arg --cloud-provider=external" Environment="INSTALL_K3S_EXEC=agent --node-ip=${node_ip} --kubelet-arg --cloud-provider=external --node-label k8s.icb4dc0.de/storage-node=${tostring(storage_node)}"
ExecStart=/usr/bin/sh -c "/opt/k3s-install.sh" ExecStart=/usr/bin/sh -c "/opt/k3s-install.sh"
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

38
infrastructure/dns.tf
View file

@ -1,46 +1,46 @@
resource "cloudflare_zone" "icb4dc0de" { resource "cloudflare_zone" "icb4dc0de" {
account_id = var.cloudflare_account_id account_id = var.cloudflare_account_id
zone = "icb4dc0.de" zone = "icb4dc0.de"
lifecycle { lifecycle {
ignore_changes = [ account_id ] ignore_changes = [account_id]
} }
} }
resource "cloudflare_record" "mx_primary" { resource "cloudflare_record" "mx_primary" {
zone_id = cloudflare_zone.icb4dc0de.id zone_id = cloudflare_zone.icb4dc0de.id
name = "@" name = "@"
type = "MX" type = "MX"
value = "mx01.mail.icloud.com" value = "mx01.mail.icloud.com"
priority = 10 priority = 10
} }
resource "cloudflare_record" "mx_secondary" { resource "cloudflare_record" "mx_secondary" {
zone_id = cloudflare_zone.icb4dc0de.id zone_id = cloudflare_zone.icb4dc0de.id
name = "@" name = "@"
type = "MX" type = "MX"
value = "mx02.mail.icloud.com" value = "mx02.mail.icloud.com"
priority = 10 priority = 10
} }
resource "cloudflare_record" "apple_proof" { resource "cloudflare_record" "apple_proof" {
zone_id = cloudflare_zone.icb4dc0de.id zone_id = cloudflare_zone.icb4dc0de.id
name = "@" name = "@"
type = "TXT" type = "TXT"
value = "apple-domain=chwbVvzH8hWIgg1l" value = "apple-domain=chwbVvzH8hWIgg1l"
} }
resource "cloudflare_record" "apple_spf" { resource "cloudflare_record" "apple_spf" {
zone_id = cloudflare_zone.icb4dc0de.id zone_id = cloudflare_zone.icb4dc0de.id
name = "@" name = "@"
type = "TXT" type = "TXT"
value = "\"v=spf1 include:icloud.com ~all\"" value = "\"v=spf1 include:icloud.com ~all\""
} }
resource "cloudflare_record" "apple_sig_domainkey" { resource "cloudflare_record" "apple_sig_domainkey" {
zone_id = cloudflare_zone.icb4dc0de.id zone_id = cloudflare_zone.icb4dc0de.id
name = "sig1._domainkey" name = "sig1._domainkey"
type = "CNAME" type = "CNAME"
value = "sig1.dkim.icb4dc0.de.at.icloudmailadmin.com" value = "sig1.dkim.icb4dc0.de.at.icloudmailadmin.com"
} }

34
infrastructure/k8s_control_plane.tf
View file

@ -4,6 +4,13 @@ resource "null_resource" "cp-config" {
} }
} }
resource "null_resource" "control_plane_generation" {
for_each = var.k3s_control_plane
triggers = {
timestamp = "${each.value.generation}"
}
}
resource "hcloud_server" "control-plane" { resource "hcloud_server" "control-plane" {
for_each = var.k3s_control_plane for_each = var.k3s_control_plane
name = each.key name = each.key
@ -14,7 +21,10 @@ resource "hcloud_server" "control-plane" {
backups = false backups = false
lifecycle { lifecycle {
replace_triggered_by = [ null_resource.cp-config ] replace_triggered_by = [
null_resource.cp-config,
null_resource.control_plane_generation
]
} }
ssh_keys = [ ssh_keys = [
@ -30,7 +40,7 @@ resource "hcloud_server" "control-plane" {
network { network {
network_id = hcloud_network.k8s_net.id network_id = hcloud_network.k8s_net.id
ip = each.value.private_ip ip = each.value.private_ip
alias_ips = each.value.alias_ips alias_ips = each.value.alias_ips
} }
public_net { public_net {
@ -79,25 +89,25 @@ resource "hcloud_server" "control-plane" {
} }
resource "cloudflare_record" "cp-host-ipv4" { resource "cloudflare_record" "cp-host-ipv4" {
for_each = var.k3s_control_plane for_each = var.k3s_control_plane
depends_on = [ hcloud_server.control-plane ] depends_on = [hcloud_server.control-plane]
zone_id = cloudflare_zone.icb4dc0de.id zone_id = cloudflare_zone.icb4dc0de.id
name = "${each.key}.k8s" name = "${each.key}.k8s"
type = "A" type = "A"
value = hcloud_server.control-plane[each.key].ipv4_address value = hcloud_server.control-plane[each.key].ipv4_address
} }
resource "cloudflare_record" "cp-host-ipv6" { resource "cloudflare_record" "cp-host-ipv6" {
for_each = var.k3s_control_plane for_each = var.k3s_control_plane
depends_on = [ hcloud_server.control-plane ] depends_on = [hcloud_server.control-plane]
zone_id = cloudflare_zone.icb4dc0de.id zone_id = cloudflare_zone.icb4dc0de.id
name = "${each.key}.k8s" name = "${each.key}.k8s"
type = "AAAA" type = "AAAA"
value = hcloud_server.control-plane[each.key].ipv6_address value = hcloud_server.control-plane[each.key].ipv6_address
} }
data "ct_config" "machine-ignitions-cp" { data "ct_config" "machine-ignitions-cp" {

41
infrastructure/k8s_flatcar_machines.tf
View file

@ -28,17 +28,36 @@ resource "local_file" "provisioning_key_pub" {
file_permission = "0440" file_permission = "0440"
} }
resource "null_resource" "machine_generation" {
for_each = var.k3s_workers
triggers = {
timestamp = "${each.value.generation}"
}
}
resource "hcloud_placement_group" "k3s_machines" {
name = "k3s-machines"
type = "spread"
labels = {
"cluster" = "icb4dc0.de"
}
}
resource "hcloud_server" "machine" { resource "hcloud_server" "machine" {
for_each = var.k3s_workers for_each = var.k3s_workers
name = each.key name = each.key
server_type = each.value.server_type server_type = each.value.server_type
location = each.value.location location = each.value.location
image = "ubuntu-22.04" image = "ubuntu-22.04"
placement_group_id = hcloud_placement_group.k3s_machines.id
backups = false backups = false
lifecycle { lifecycle {
replace_triggered_by = [ null_resource.worker-config ] replace_triggered_by = [
null_resource.worker-config,
null_resource.machine_generation[each.key]
]
} }
ssh_keys = [ ssh_keys = [
@ -112,11 +131,11 @@ data "ct_config" "machine-ignitions" {
content = templatefile( content = templatefile(
"${path.module}/configs/workers/k3s-flatcar.yaml", "${path.module}/configs/workers/k3s-flatcar.yaml",
{ {
"host" = "${each.key}" "host" = "${each.key}"
"k3s_token" = "${var.k3s_token}" "k3s_token" = "${var.k3s_token}"
"datacenter" = "hel1-dc2" "node_ip" = "${each.value.private_ip}"
"node_ip" = "${each.value.private_ip}" "k3s_version" = "${var.worker_k3s_version}"
"k3s_version" = "${var.worker_k3s_version}" "storage_node" = each.value.storage_node
} }
) )
snippets = [ snippets = [

5
infrastructure/k8s_network.tf
View file

@ -14,3 +14,8 @@ resource "hcloud_ssh_key" "default" {
name = "Default Management" name = "Default Management"
public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKfHZaI0F5GjAcrM8hjWqwMfULDkAZ2TOIBTQtRocg1F id_ed25519" public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKfHZaI0F5GjAcrM8hjWqwMfULDkAZ2TOIBTQtRocg1F id_ed25519"
} }
resource "hcloud_ssh_key" "yubikey" {
name = "Yubikey"
public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQoNCLuHgcaDn4JTjCeQKJsIsYU0Jmub5PUMzIIZbUBb+TGMh6mCAY/UbYaq/n4jVnskXopzPGJbx4iPBG5HrNzqYZqMjkk8uIeeT0mdIcNv9bXxuCxCH1iHZF8LlzIZCmQ0w3X6VQ1izcJgvjrAYzbHN3gqCHOXtNkqIUkwaadIWCEjg33OVSlM4yrIDElr6+LHzv84VNh/PhemixCVVEMJ83GjhDtpApMg9WWW3es6rpJn4TlYEMV+aPNU4ZZEWFen/DFBKoX+ulkiJ8CwpY3eJxSzlBijs5ZKH89OOk/MXN1lnREElFqli+jE8EbZKQzi59Zmx8ZOb52qVNot8XZT0Un4EttAIEeE8cETqUC4jK+6RbUrsXtclVbU9i57LWRpl65LYSIJEFmkTxvYdkPXqGbvlW024IjgSo8kds121w95+Rpo6419cSYsQWowS8+aXfEv2Q8SE81QH7ObYfWFXsPBAmmNleQNN3E5HOoaxpWQjv3aTUGuxm4PCzKLdP0LsHmTfGJB7Priaj+9i8xLjDWe7zXDde2Gp9FmdedDr06uEkVSRFnS35Dwfd7M7xP6NsilfMOdWzJWWy/BAYxtnWcrEFxhaEr4vgs8Ub+KBtKhr740x3Mr8up+mythConAs4LOj37lWK4kJ8cI7TXjcSJi9nTIPd39us7tp3Aw=="
}

35
infrastructure/vars.tf
View file

@ -1,20 +1,20 @@
variable "hcloud_token" { variable "hcloud_token" {
type = string type = string
sensitive = true sensitive = true
} }
variable "cloudflare_api_token" { variable "cloudflare_api_token" {
type = string type = string
sensitive = true sensitive = true
} }
variable "cloudflare_account_id" { variable "cloudflare_account_id" {
type = string type = string
sensitive = true sensitive = true
} }
variable "k3s_token" { variable "k3s_token" {
type = string type = string
sensitive = true sensitive = true
} }
@ -51,18 +51,23 @@ variable "k3s_sans" {
type = list(string) type = list(string)
} }
variable "vms" { variable "garage_storage" {
type = map(object({ description = "Config of Garage storage"
node_type = string type = object({
server_type = string size = number
backups = bool location = string
private_ip = string })
}))
default = {
size = 20
location = "hel1"
}
} }
variable "k3s_control_plane" { variable "k3s_control_plane" {
type = map(object({ type = map(object({
server_type = string server_type = string
generation = number
private_ip = string private_ip = string
location = string location = string
alias_ips = set(string) alias_ips = set(string)
@ -71,9 +76,11 @@ variable "k3s_control_plane" {
variable "k3s_workers" { variable "k3s_workers" {
type = map(object({ type = map(object({
server_type = string server_type = string
private_ip = string generation = number
location = string private_ip = string
location = string
storage_node = bool
})) }))
} }

8
infrastructure/versions.tf
View file

@ -17,12 +17,12 @@ terraform {
required_providers { required_providers {
hcloud = { hcloud = {
source = "hetznercloud/hcloud" source = "hetznercloud/hcloud"
version = "1.45.0" version = "1.47.0"
} }
cloudflare = { cloudflare = {
source = "cloudflare/cloudflare" source = "cloudflare/cloudflare"
version = "4.26.0" version = "4.31.0"
} }
ct = { ct = {
@ -32,7 +32,7 @@ terraform {
null = { null = {
source = "hashicorp/null" source = "hashicorp/null"
version = "~> 3.2.1" version = "~> 3.2.2"
} }
} }
} }

42
infrastructure/vms.auto.tfvars
View file

@ -1,9 +1,10 @@
k3s_control_plane = { k3s_control_plane = {
"cp1-cax11-hel1-gen4" = { "cp1-cax11-hel1" = {
server_type = "cax11", server_type = "cax11",
generation = 5
private_ip = "172.23.2.10" private_ip = "172.23.2.10"
location = "hel1" location = "hel1"
alias_ips = [] alias_ips = []
} }
} }
@ -15,30 +16,35 @@ k3s_sans = [
k3s_workers = { k3s_workers = {
"w1-cx21-hel1-gen2" = { "w1-cx21-hel1-gen2" = {
server_type = "cx21" server_type = "cx21"
private_ip = "172.23.2.20" generation = 2
location = "hel1" private_ip = "172.23.2.20"
location = "hel1"
storage_node = false
} }
"w2-cax21-hel1-gen7" = { "w2-cax21-hel1-gen7" = {
server_type = "cax21" server_type = "cax21"
private_ip = "172.23.2.21" generation = 7
location = "hel1" private_ip = "172.23.2.21"
location = "hel1"
storage_node = true
} }
"w3-cax21-hel1-gen7" = { "w3-cax21-hel1-gen7" = {
server_type = "cax21" server_type = "cax21"
private_ip = "172.23.2.22" generation = 7
location = "hel1" private_ip = "172.23.2.22"
location = "hel1"
storage_node = true
} }
}
vms = { "w4-cax21-hel1" = {
"cp1" = { server_type = "cax21"
node_type = "control-plane" generation = 8
server_type = "cpx11", private_ip = "172.23.2.23"
backups = true, location = "hel1"
private_ip = "172.23.2.15" storage_node = true
} }
} }