prskr/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

chore: switch to cax11 workers

Browse source
This commit is contained in:
Peter 2024-05-08 18:11:56 +02:00
parent c88a489a6d
commit 6002b06193
Signed by: prskr
GPG key ID: F56BED6903BC5E37
6 changed files with 50 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

48
infrastructure/buckets.tf
View file

@ -1,65 +1,17 @@
resource "cloudflare_r2_bucket" "backup" {
account_id = var.cloudflare_account_id
name = "backup"
location = "WEUR"
}
resource "cloudflare_r2_bucket" "csi" { resource "cloudflare_r2_bucket" "csi" {
account_id = var.cloudflare_account_id account_id = var.cloudflare_account_id
name = "csi" name = "csi"
location = "WEUR" location = "WEUR"
} }
resource "cloudflare_r2_bucket" "fider" {
account_id = var.cloudflare_account_id
name = "fider"
location = "WEUR"
}
resource "cloudflare_r2_bucket" "gitea" { resource "cloudflare_r2_bucket" "gitea" {
account_id = var.cloudflare_account_id account_id = var.cloudflare_account_id
name = "gitea" name = "gitea"
location = "WEUR" location = "WEUR"
} }
resource "cloudflare_r2_bucket" "hedgedoc" {
account_id = var.cloudflare_account_id
name = "hedgedoc"
location = "WEUR"
}
resource "cloudflare_r2_bucket" "k3s" {
account_id = var.cloudflare_account_id
name = "k3s"
location = "WEUR"
}
resource "cloudflare_r2_bucket" "linkwarden" {
account_id = var.cloudflare_account_id
name = "linkwarden"
location = "WEUR"
}
resource "cloudflare_r2_bucket" "noco" {
account_id = var.cloudflare_account_id
name = "noco"
location = "WEUR"
}
resource "cloudflare_r2_bucket" "obsidian" {
account_id = var.cloudflare_account_id
name = "obsidian"
location = "WEUR"
}
resource "cloudflare_r2_bucket" "tfstate" { resource "cloudflare_r2_bucket" "tfstate" {
account_id = var.cloudflare_account_id account_id = var.cloudflare_account_id
name = "tfstate" name = "tfstate"
location = "WEUR" location = "WEUR"
} }
resource "cloudflare_r2_bucket" "zipline" {
account_id = var.cloudflare_account_id
name = "zipline"
location = "WEUR"
}

6
infrastructure/k8s_control_plane.tf
View file

@ -123,9 +123,9 @@ data "ct_config" "machine-ignitions-cp" {
templatefile( templatefile(
"${path.module}/configs/cp/litestream.yml", "${path.module}/configs/cp/litestream.yml",
{ {
"accessKey" = var.litestream_access_key, "accessKey" = var.k3s_backup_access_key,
"secretKey" = var.litestream_secret_key, "secretKey" = var.k3s_backup_secret_key,
"endpoint" = var.litestream_endpoint "endpoint" = var.k3s_backup_endpoint
} }
) )
) )

17
infrastructure/k8s_flatcar_machines.tf
View file

@ -85,6 +85,7 @@ resource "hcloud_server" "machine" {
connection { connection {
host = self.ipv4_address host = self.ipv4_address
agent = false
private_key = tls_private_key.provisioning.private_key_pem private_key = tls_private_key.provisioning.private_key_pem
timeout = "5m" timeout = "5m"
} }
@ -118,11 +119,25 @@ resource "hcloud_server" "machine" {
timeout = "3m" timeout = "3m"
user = "core" user = "core"
} }
inline = [ inline = [
"sudo hostnamectl set-hostname ${self.name}", "sudo hostnamectl set-hostname ${self.name}",
] ]
} }
}
resource "null_resource" "machine-drainable" {
for_each = var.k3s_workers
lifecycle {
replace_triggered_by = [hcloud_server.machine[each.key]]
}
provisioner "local-exec" {
when = destroy
on_failure = continue
command = "kubectl drain --delete-emptydir-data=true --ignore-daemonsets=true ${each.key}"
}
} }
data "ct_config" "machine-ignitions" { data "ct_config" "machine-ignitions" {

6
infrastructure/tf.sh
View file

@ -5,9 +5,9 @@ export AWS_SECRET_KEY=$(rbw get "CloudFlare TFState")
export HETZNER_DNS_API_TOKEN=$(rbw get -f "API Token" "Hetzner DNS") export HETZNER_DNS_API_TOKEN=$(rbw get -f "API Token" "Hetzner DNS")
export TF_VAR_hcloud_token="$(rbw get "HCloud API")" export TF_VAR_hcloud_token="$(rbw get "HCloud API")"
export TF_VAR_k3s_token="$(rbw get "K3s Token")" export TF_VAR_k3s_token="$(rbw get "K3s Token")"
export TF_VAR_litestream_access_key="$(rbw get -f username "Litestream")" export TF_VAR_k3s_backup_access_key="$(rbw get -f username "K3s Backup")"
export TF_VAR_litestream_secret_key="$(rbw get "Litestream")" export TF_VAR_k3s_backup_secret_key="$(rbw get "K3s Backup")"
export TF_VAR_litestream_endpoint="$(rbw get -f Endpoint "Litestream")" export TF_VAR_k3s_backup_endpoint="$(rbw get -f Endpoint "K3s Backup")"
export TF_VAR_cloudflare_api_token="$(rbw get -f "DNS API Token" "CloudFlare")" export TF_VAR_cloudflare_api_token="$(rbw get -f "DNS API Token" "CloudFlare")"
export TF_VAR_cloudflare_account_id="$(rbw get -f "Account ID" "CloudFlare")" export TF_VAR_cloudflare_account_id="$(rbw get -f "Account ID" "CloudFlare")"

6
infrastructure/vars.tf
View file

@ -18,17 +18,17 @@ variable "k3s_token" {
sensitive = true sensitive = true
} }
variable "litestream_access_key" { variable "k3s_backup_access_key" {
sensitive = true sensitive = true
type = string type = string
} }
variable "litestream_secret_key" { variable "k3s_backup_secret_key" {
sensitive = true sensitive = true
type = string type = string
} }
variable "litestream_endpoint" { variable "k3s_backup_endpoint" {
type = string type = string
} }

34
infrastructure/vms.auto.tfvars
View file

@ -23,29 +23,45 @@ k3s_workers = {
storage_node = false storage_node = false
} }
"w2-cax21-hel1" = { "w2-cax11-hel1" = {
server_type = "cax21" server_type = "cax11"
generation = 7 generation = 1
private_ip = "172.23.2.21" private_ip = "172.23.2.21"
location = "hel1" location = "hel1"
storage_node = true storage_node = true
} }
"w3-cax21-hel1" = { "w3-cax11-hel1" = {
server_type = "cax21" server_type = "cax11"
generation = 7 generation = 1
private_ip = "172.23.2.22" private_ip = "172.23.2.22"
location = "hel1" location = "hel1"
storage_node = true storage_node = true
} }
"w4-cax21-hel1" = { "w4-cax11-hel1" = {
server_type = "cax21" server_type = "cax11"
generation = 8 generation = 1
private_ip = "172.23.2.23" private_ip = "172.23.2.23"
location = "hel1" location = "hel1"
storage_node = true storage_node = true
} }
"w5-cax11-hel1" = {
server_type = "cax11"
generation = 1
private_ip = "172.23.2.24"
location = "hel1"
storage_node = true
}
"w6-cax11-hel1" = {
server_type = "cax11"
generation = 1
private_ip = "172.23.2.25"
location = "hel1"
storage_node = true
}
} }
ssh_keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQoNCLuHgcaDn4JTjCeQKJsIsYU0Jmub5PUMzIIZbUBb+TGMh6mCAY/UbYaq/n4jVnskXopzPGJbx4iPBG5HrNzqYZqMjkk8uIeeT0mdIcNv9bXxuCxCH1iHZF8LlzIZCmQ0w3X6VQ1izcJgvjrAYzbHN3gqCHOXtNkqIUkwaadIWCEjg33OVSlM4yrIDElr6+LHzv84VNh/PhemixCVVEMJ83GjhDtpApMg9WWW3es6rpJn4TlYEMV+aPNU4ZZEWFen/DFBKoX+ulkiJ8CwpY3eJxSzlBijs5ZKH89OOk/MXN1lnREElFqli+jE8EbZKQzi59Zmx8ZOb52qVNot8XZT0Un4EttAIEeE8cETqUC4jK+6RbUrsXtclVbU9i57LWRpl65LYSIJEFmkTxvYdkPXqGbvlW024IjgSo8kds121w95+Rpo6419cSYsQWowS8+aXfEv2Q8SE81QH7ObYfWFXsPBAmmNleQNN3E5HOoaxpWQjv3aTUGuxm4PCzKLdP0LsHmTfGJB7Priaj+9i8xLjDWe7zXDde2Gp9FmdedDr06uEkVSRFnS35Dwfd7M7xP6NsilfMOdWzJWWy/BAYxtnWcrEFxhaEr4vgs8Ub+KBtKhr740x3Mr8up+mythConAs4LOj37lWK4kJ8cI7TXjcSJi9nTIPd39us7tp3Aw== cardno:24_781_961"] ssh_keys = ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQoNCLuHgcaDn4JTjCeQKJsIsYU0Jmub5PUMzIIZbUBb+TGMh6mCAY/UbYaq/n4jVnskXopzPGJbx4iPBG5HrNzqYZqMjkk8uIeeT0mdIcNv9bXxuCxCH1iHZF8LlzIZCmQ0w3X6VQ1izcJgvjrAYzbHN3gqCHOXtNkqIUkwaadIWCEjg33OVSlM4yrIDElr6+LHzv84VNh/PhemixCVVEMJ83GjhDtpApMg9WWW3es6rpJn4TlYEMV+aPNU4ZZEWFen/DFBKoX+ulkiJ8CwpY3eJxSzlBijs5ZKH89OOk/MXN1lnREElFqli+jE8EbZKQzi59Zmx8ZOb52qVNot8XZT0Un4EttAIEeE8cETqUC4jK+6RbUrsXtclVbU9i57LWRpl65LYSIJEFmkTxvYdkPXqGbvlW024IjgSo8kds121w95+Rpo6419cSYsQWowS8+aXfEv2Q8SE81QH7ObYfWFXsPBAmmNleQNN3E5HOoaxpWQjv3aTUGuxm4PCzKLdP0LsHmTfGJB7Priaj+9i8xLjDWe7zXDde2Gp9FmdedDr06uEkVSRFnS35Dwfd7M7xP6NsilfMOdWzJWWy/BAYxtnWcrEFxhaEr4vgs8Ub+KBtKhr740x3Mr8up+mythConAs4LOj37lWK4kJ8cI7TXjcSJi9nTIPd39us7tp3Aw== cardno:24_781_961"]