khuedoan-homelab/infra/cluster.tf

resource "lxd_profile" "kubenode" {
  name = "kubenode"

  config = {
    "limits.cpu" = 2
    "limits.memory.swap" = false
    "user.access_interface" = "eth0"
    "security.nesting"     = true
    "security.privileged"  = true
    "linux.kernel_modules" = "ip_tables,ip6_tables,nf_nat,overlay,br_netfilter"
    "raw.lxc"       = <<-EOT
      lxc.apparmor.profile=unconfined
      lxc.cap.drop=
      lxc.cgroup.devices.allow=a
      lxc.mount.auto=proc:rw sys:rw cgroup:rw
    EOT
    "user.user-data"       = <<-EOT
      #cloud-config
      ssh_authorized_keys:
        - ${file(var.ssh_public_key)}
      disable_root: false
      runcmd:
        - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
        - add-apt-repository "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
        - apt-get update -y
        - apt-get install -y docker-ce docker-ce-cli containerd.io
        - mkdir -p /etc/systemd/system/docker.service.d/
        - printf "[Service]\nMountFlags=shared" > /etc/systemd/system/docker.service.d/mount_flags.conf
        - mount --make-rshared /
        - systemctl start docker
        - systemctl enable docker
    EOT
  }

  # echo "262144" > /sys/module/nf_conntrack/parameters/hashsize
  device {
    type = "disk"
    name = "hashsize"

    properties = {
      source = "/sys/module/nf_conntrack/parameters/hashsize"
      path = "/sys/module/nf_conntrack/parameters/hashsize"
    }
  }

  device {
    type = "unix-char"
    name = "kmsg"

    properties = {
      source = "/dev/kmsg"
      path = "/dev/kmsg"
    }
  }

  device {
    name = "eth0"
    type = "nic"

    properties = {
      nictype = "macvlan"
      parent  = "eno1"
    }
  }

  device {
    type = "disk"
    name = "root"

    properties = {
      pool = "default"
      path = "/"
    }
  }
}

resource "lxd_container" "masters" {
  count     = 1
  name      = "master-${count.index}"
  image     = "ubuntu:20.04"
  ephemeral = false

  profiles = [lxd_profile.kubenode.name]
}

resource "lxd_container" "workers" {
  count     = 1
  name      = "worker-${count.index}"
  image     = "ubuntu:20.04"
  ephemeral = false

  profiles = [lxd_profile.kubenode.name]
}

resource "time_sleep" "wait_cloud_init" {
  depends_on = [
    lxd_container.masters,
    lxd_container.workers
  ]

  create_duration = "5m"
}

resource "rke_cluster" "cluster" {
  dynamic "nodes" {
    for_each = lxd_container.masters

    content {
      address = nodes.value.ip_address
      user    = "root"
      role = [
        "controlplane",
        "etcd"
      ]
      ssh_key = file(var.ssh_private_key)
    }
  }

  dynamic "nodes" {
    for_each = lxd_container.workers

    content {
      address = nodes.value.ip_address
      user    = "root"
      role = [
        "worker"
      ]
      ssh_key = file(var.ssh_private_key)
    }
  }

  ingress {
    provider = "none"
  }

  ignore_docker_version = true

  depends_on = [time_sleep.wait_cloud_init]
}

resource "local_file" "kube_config_yaml" {
  filename = "${path.root}/kube_config.yaml"
  content  = rke_cluster.cluster.kube_config_yaml
}
Sperate lxd profile 2021-02-13 21:02:32 +07:00			`resource "lxd_profile" "kubenode" {`
			`name = "kubenode"`
Working lxd container 2021-02-12 21:51:19 +07:00
			`config = {`
Sperate lxd profile 2021-02-13 21:02:32 +07:00			`"limits.cpu" = 2`
Fix docker shared mount 2021-02-14 01:52:12 +07:00			`"limits.memory.swap" = false`
Add workers 2021-02-14 12:54:11 +07:00			`"user.access_interface" = "eth0"`
Update lxd rke 2021-02-13 18:54:46 +07:00			`"security.nesting" = true`
Add workers 2021-02-14 12:54:11 +07:00			`"security.privileged" = true`
			`"linux.kernel_modules" = "ip_tables,ip6_tables,nf_nat,overlay,br_netfilter"`
Update lxd rke 2021-02-13 18:54:46 +07:00			`"raw.lxc" = <<-EOT`
Update lxd profile 2021-02-13 16:31:30 +07:00			`lxc.apparmor.profile=unconfined`
			`lxc.cap.drop=`
			`lxc.cgroup.devices.allow=a`
Fix docker shared mount 2021-02-14 01:52:12 +07:00			`lxc.mount.auto=proc:rw sys:rw cgroup:rw`
Update lxd profile 2021-02-13 16:31:30 +07:00			`EOT`
Update lxd rke 2021-02-13 18:54:46 +07:00			`"user.user-data" = <<-EOT`
Experimental LXD rke cluster 2021-02-13 12:49:59 +07:00			`#cloud-config`
			`ssh_authorized_keys:`
Add workers 2021-02-14 12:54:11 +07:00			`- ${file(var.ssh_public_key)}`
Experimental LXD rke cluster 2021-02-13 12:49:59 +07:00			`disable_root: false`
			`runcmd:`
Install docker instead of k3s 2021-02-13 22:41:31 +07:00			`- curl -fsSL https://download.docker.com/linux/ubuntu/gpg \| apt-key add -`
			`- add-apt-repository "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"`
			`- apt-get update -y`
Fix docker shared mount 2021-02-14 01:52:12 +07:00			`- apt-get install -y docker-ce docker-ce-cli containerd.io`
Install docker instead of k3s 2021-02-13 22:41:31 +07:00			`- mkdir -p /etc/systemd/system/docker.service.d/`
			`- printf "[Service]\nMountFlags=shared" > /etc/systemd/system/docker.service.d/mount_flags.conf`
Fix docker shared mount 2021-02-14 01:52:12 +07:00			`- mount --make-rshared /`
Install docker instead of k3s 2021-02-13 22:41:31 +07:00			`- systemctl start docker`
			`- systemctl enable docker`
Experimental LXD rke cluster 2021-02-13 12:49:59 +07:00			`EOT`
Working lxd container 2021-02-12 21:51:19 +07:00			`}`

Fix kube-proxy trying to write to nf_conntrack hashsize 2021-02-14 10:48:05 +07:00			`# echo "262144" > /sys/module/nf_conntrack/parameters/hashsize`
			`device {`
			`type = "disk"`
			`name = "hashsize"`

			`properties = {`
			`source = "/sys/module/nf_conntrack/parameters/hashsize"`
			`path = "/sys/module/nf_conntrack/parameters/hashsize"`
			`}`
			`}`

Fix docker shared mount 2021-02-14 01:52:12 +07:00			`device {`
			`type = "unix-char"`
			`name = "kmsg"`

			`properties = {`
			`source = "/dev/kmsg"`
			`path = "/dev/kmsg"`
			`}`
			`}`

Sperate lxd profile 2021-02-13 21:02:32 +07:00			`device {`
			`name = "eth0"`
			`type = "nic"`

			`properties = {`
Make LXD containers accessible from LAN 2021-04-18 23:45:53 +07:00			`nictype = "macvlan"`
			`parent = "eno1"`
Sperate lxd profile 2021-02-13 21:02:32 +07:00			`}`
Working lxd container 2021-02-12 21:51:19 +07:00			`}`
Sperate lxd profile 2021-02-13 21:02:32 +07:00
			`device {`
			`type = "disk"`
			`name = "root"`

			`properties = {`
Change storage pool name back to default 2021-02-15 02:20:33 +07:00			`pool = "default"`
Sperate lxd profile 2021-02-13 21:02:32 +07:00			`path = "/"`
			`}`
			`}`
			`}`

Add workers 2021-02-14 12:54:11 +07:00			`resource "lxd_container" "masters" {`
			`count = 1`
			`name = "master-${count.index}"`
			`image = "ubuntu:20.04"`
			`ephemeral = false`

			`profiles = [lxd_profile.kubenode.name]`
			`}`

			`resource "lxd_container" "workers" {`
Sperate lxd profile 2021-02-13 21:02:32 +07:00			`count = 1`
Add workers 2021-02-14 12:54:11 +07:00			`name = "worker-${count.index}"`
Install docker instead of k3s 2021-02-13 22:41:31 +07:00			`image = "ubuntu:20.04"`
Sperate lxd profile 2021-02-13 21:02:32 +07:00			`ephemeral = false`

			`profiles = [lxd_profile.kubenode.name]`
Working lxd container 2021-02-12 21:51:19 +07:00			`}`
Experimental LXD rke cluster 2021-02-13 12:49:59 +07:00
Update lxd rke 2021-02-13 18:54:46 +07:00			`resource "time_sleep" "wait_cloud_init" {`
Add workers 2021-02-14 12:54:11 +07:00			`depends_on = [`
			`lxd_container.masters,`
			`lxd_container.workers`
			`]`
Experimental LXD rke cluster 2021-02-13 12:49:59 +07:00
Install docker instead of k3s 2021-02-13 22:41:31 +07:00			`create_duration = "5m"`
Update lxd rke 2021-02-13 18:54:46 +07:00			`}`

			`resource "rke_cluster" "cluster" {`
			`dynamic "nodes" {`
Add workers 2021-02-14 12:54:11 +07:00			`for_each = lxd_container.masters`
Experimental LXD rke cluster 2021-02-13 12:49:59 +07:00
Update lxd rke 2021-02-13 18:54:46 +07:00			`content {`
			`address = nodes.value.ip_address`
			`user = "root"`
			`role = [`
			`"controlplane",`
Add workers 2021-02-14 12:54:11 +07:00			`"etcd"`
			`]`
			`ssh_key = file(var.ssh_private_key)`
			`}`
			`}`

			`dynamic "nodes" {`
			`for_each = lxd_container.workers`

			`content {`
			`address = nodes.value.ip_address`
			`user = "root"`
			`role = [`
Update lxd rke 2021-02-13 18:54:46 +07:00			`"worker"`
			`]`
Add workers 2021-02-14 12:54:11 +07:00			`ssh_key = file(var.ssh_private_key)`
Update lxd rke 2021-02-13 18:54:46 +07:00			`}`
			`}`

			`ingress {`
			`provider = "none"`
			`}`
Experimental LXD rke cluster 2021-02-13 12:49:59 +07:00
Update lxd rke 2021-02-13 18:54:46 +07:00			`ignore_docker_version = true`

			`depends_on = [time_sleep.wait_cloud_init]`
			`}`

			`resource "local_file" "kube_config_yaml" {`
			`filename = "${path.root}/kube_config.yaml"`
			`content = rke_cluster.cluster.kube_config_yaml`
			`}`