mirror of
https://github.com/khuedoan/homelab.git
synced 2025-01-10 07:16:57 +07:00
180 lines
4.4 KiB
Terraform
180 lines
4.4 KiB
Terraform
|
resource "tls_private_key" "ssh" {
|
||
|
algorithm = "ECDSA"
|
||
|
ecdsa_curve = "P256"
|
||
|
}
|
||
|
|
||
|
resource "local_file" "ssh_private_key" {
|
||
|
content = tls_private_key.ssh.private_key_pem
|
||
|
filename = "${path.module}/private.pem"
|
||
|
file_permission = "0600"
|
||
|
}
|
||
|
|
||
|
resource "lxd_profile" "kubenode" {
|
||
|
name = "kubenode"
|
||
|
|
||
|
config = {
|
||
|
"limits.cpu" = 2
|
||
|
"limits.memory" = "4GiB"
|
||
|
"limits.memory.swap" = false
|
||
|
# "security.nesting" = true
|
||
|
# "security.privileged" = true
|
||
|
# "linux.kernel_modules" = "ip_tables,ip6_tables,nf_nat,overlay,br_netfilter"
|
||
|
# "raw.lxc" = <<-EOT
|
||
|
# lxc.apparmor.profile=unconfined
|
||
|
# lxc.cap.drop=
|
||
|
# lxc.cgroup.devices.allow=a
|
||
|
# lxc.mount.auto=proc:rw sys:rw cgroup:rw
|
||
|
# EOT
|
||
|
"user.user-data" = <<-EOT
|
||
|
#cloud-config
|
||
|
ssh_authorized_keys:
|
||
|
- ${tls_private_key.ssh.public_key_openssh}
|
||
|
disable_root: false
|
||
|
runcmd:
|
||
|
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
|
||
|
- add-apt-repository "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
|
||
|
- apt-get update -y
|
||
|
- apt-get install -y docker-ce docker-ce-cli containerd.io open-iscsi
|
||
|
- mkdir -p /etc/systemd/system/docker.service.d/
|
||
|
- printf "[Service]\nMountFlags=shared" > /etc/systemd/system/docker.service.d/mount_flags.conf
|
||
|
- mount --make-rshared /
|
||
|
- systemctl enable --now docker
|
||
|
- systemctl enable --now open-iscsi
|
||
|
EOT
|
||
|
}
|
||
|
|
||
|
# # echo "262144" > /sys/module/nf_conntrack/parameters/hashsize
|
||
|
# device {
|
||
|
# type = "disk"
|
||
|
# name = "hashsize"
|
||
|
|
||
|
# properties = {
|
||
|
# source = "/sys/module/nf_conntrack/parameters/hashsize"
|
||
|
# path = "/sys/module/nf_conntrack/parameters/hashsize"
|
||
|
# }
|
||
|
# }
|
||
|
|
||
|
# device {
|
||
|
# type = "unix-char"
|
||
|
# name = "kmsg"
|
||
|
|
||
|
# properties = {
|
||
|
# source = "/dev/kmsg"
|
||
|
# path = "/dev/kmsg"
|
||
|
# }
|
||
|
# }
|
||
|
|
||
|
device {
|
||
|
name = "eth0"
|
||
|
type = "nic"
|
||
|
|
||
|
properties = {
|
||
|
nictype = "macvlan"
|
||
|
parent = "eno1"
|
||
|
}
|
||
|
}
|
||
|
|
||
|
device {
|
||
|
type = "disk"
|
||
|
name = "root"
|
||
|
|
||
|
properties = {
|
||
|
pool = "default"
|
||
|
path = "/"
|
||
|
size = "32GiB"
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
# TODO (optimize) DRY master and worker definition
|
||
|
resource "lxd_container" "masters" {
|
||
|
count = 3
|
||
|
name = "master-${count.index}"
|
||
|
image = "ubuntu:20.04"
|
||
|
# TODO (bug) Use containers instead of virtual machines for Kubernetes nodes https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1226855
|
||
|
type = "virtual-machine"
|
||
|
ephemeral = false
|
||
|
|
||
|
profiles = [lxd_profile.kubenode.name]
|
||
|
|
||
|
config = {
|
||
|
# TODO (bug) Should be posible to put it in the profile instead lxd_profile.kubenode.config, and make it a variable
|
||
|
# https://github.com/terraform-lxd/terraform-provider-lxd/blob/master/lxd/resource_lxd_container.go#L473
|
||
|
"user.access_interface" = "enp5s0"
|
||
|
}
|
||
|
}
|
||
|
|
||
|
resource "lxd_container" "workers" {
|
||
|
count = 3
|
||
|
name = "worker-${count.index}"
|
||
|
image = "ubuntu:20.04"
|
||
|
type = "virtual-machine"
|
||
|
ephemeral = false
|
||
|
|
||
|
profiles = [lxd_profile.kubenode.name]
|
||
|
|
||
|
config = {
|
||
|
"user.access_interface" = "enp5s0"
|
||
|
}
|
||
|
}
|
||
|
|
||
|
module "ansible_provisioner" {
|
||
|
source = "../ansible-provisioner"
|
||
|
directory = "${path.module}/ansible"
|
||
|
private_key = local_file.ssh_private_key.filename
|
||
|
inventory = concat(
|
||
|
lxd_container.masters.*.ip_address,
|
||
|
lxd_container.workers.*.ip_address
|
||
|
)
|
||
|
}
|
||
|
|
||
|
resource "rke_cluster" "cluster" {
|
||
|
dynamic "nodes" {
|
||
|
for_each = lxd_container.masters
|
||
|
|
||
|
content {
|
||
|
address = nodes.value.ip_address
|
||
|
user = "root"
|
||
|
role = [
|
||
|
"controlplane",
|
||
|
"etcd"
|
||
|
]
|
||
|
ssh_key = tls_private_key.ssh.private_key_pem
|
||
|
}
|
||
|
}
|
||
|
|
||
|
dynamic "nodes" {
|
||
|
for_each = lxd_container.workers
|
||
|
|
||
|
content {
|
||
|
address = nodes.value.ip_address
|
||
|
user = "root"
|
||
|
role = [
|
||
|
"worker"
|
||
|
]
|
||
|
ssh_key = tls_private_key.ssh.private_key_pem
|
||
|
}
|
||
|
}
|
||
|
|
||
|
ingress {
|
||
|
provider = "none"
|
||
|
}
|
||
|
|
||
|
ignore_docker_version = true
|
||
|
|
||
|
depends_on = [
|
||
|
module.ansible_provisioner
|
||
|
]
|
||
|
}
|
||
|
|
||
|
resource "local_file" "kube_config_yaml" {
|
||
|
filename = "${path.root}/kube_config.yaml"
|
||
|
sensitive_content = rke_cluster.cluster.kube_config_yaml
|
||
|
file_permission = "0600"
|
||
|
}
|
||
|
|
||
|
module "cluster_bootstrap" {
|
||
|
source = "../kubernetes-bootstrap"
|
||
|
kube_config = rke_cluster.cluster.kube_config_yaml
|
||
|
}
|