forked from kube-hetzner/terraform-hcloud-kube-hetzner
-
Notifications
You must be signed in to change notification settings - Fork 0
/
main.tf
71 lines (61 loc) · 2.01 KB
/
main.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
resource "random_password" "k3s_token" {
length = 48
special = false
}
data "hcloud_image" "microos_x86_snapshot" {
with_selector = "microos-snapshot=yes"
with_architecture = "x86"
most_recent = true
}
data "hcloud_image" "microos_arm_snapshot" {
with_selector = "microos-snapshot=yes"
with_architecture = "arm"
most_recent = true
}
resource "hcloud_ssh_key" "k3s" {
count = var.hcloud_ssh_key_id == null ? 1 : 0
name = var.cluster_name
public_key = var.ssh_public_key
labels = local.labels
}
resource "hcloud_network" "k3s" {
count = local.use_existing_network ? 0 : 1
name = var.cluster_name
ip_range = var.network_ipv4_cidr
labels = local.labels
}
data "hcloud_network" "k3s" {
id = local.use_existing_network ? var.existing_network_id[0] : hcloud_network.k3s[0].id
}
# We start from the end of the subnets cidr array,
# as we would have fewer control plane nodepools, than agent ones.
resource "hcloud_network_subnet" "control_plane" {
count = length(var.control_plane_nodepools)
network_id = data.hcloud_network.k3s.id
type = "cloud"
network_zone = var.network_region
ip_range = local.network_ipv4_subnets[255 - count.index]
}
# Here we start at the beginning of the subnets cidr array
resource "hcloud_network_subnet" "agent" {
count = length(var.agent_nodepools)
network_id = data.hcloud_network.k3s.id
type = "cloud"
network_zone = var.network_region
ip_range = local.network_ipv4_subnets[count.index]
}
resource "hcloud_firewall" "k3s" {
name = var.cluster_name
labels = local.labels
dynamic "rule" {
for_each = local.firewall_rules_list
content {
description = rule.value.description
direction = rule.value.direction
protocol = rule.value.protocol
port = lookup(rule.value, "port", null)
destination_ips = lookup(rule.value, "destination_ips", [])
source_ips = lookup(rule.value, "source_ips", [])
}
}
}