khuedoan-homelab/infra/lxd/cluster.tf

119 lines
2.6 KiB
HCL

resource "lxd_profile" "kubenode" {
name = "kubenode"
config = {
"limits.cpu" = 2
"limits.memory.swap" = false
"security.privileged" = true
"security.nesting" = true
"linux.kernel_modules" = "ip_tables,ip6_tables,netlink_diag,nf_nat,overlay,br_netfilter"
"raw.lxc" = <<-EOT
lxc.apparmor.profile=unconfined
lxc.cap.drop=
lxc.cgroup.devices.allow=a
lxc.mount.auto=proc:rw sys:rw cgroup:rw
EOT
"user.user-data" = <<-EOT
#cloud-config
ssh_authorized_keys:
- ${file("~/.ssh/id_rsa.pub")}
disable_root: false
runcmd:
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
- add-apt-repository "deb [arch=$(dpkg --print-architecture)] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
- apt-get update -y
- apt-get install -y docker-ce docker-ce-cli containerd.io
- mkdir -p /etc/systemd/system/docker.service.d/
- printf "[Service]\nMountFlags=shared" > /etc/systemd/system/docker.service.d/mount_flags.conf
- mount --make-rshared /
- systemctl start docker
- systemctl enable docker
EOT
}
# echo "262144" > /sys/module/nf_conntrack/parameters/hashsize
device {
type = "disk"
name = "hashsize"
properties = {
source = "/sys/module/nf_conntrack/parameters/hashsize"
path = "/sys/module/nf_conntrack/parameters/hashsize"
}
}
device {
type = "unix-char"
name = "kmsg"
properties = {
source = "/dev/kmsg"
path = "/dev/kmsg"
}
}
device {
name = "eth0"
type = "nic"
properties = {
network = "lxdbr0"
}
}
device {
type = "disk"
name = "root"
properties = {
pool = "default"
path = "/"
}
}
}
resource "lxd_container" "k8s" {
count = 1
name = "k8s${count.index}"
image = "ubuntu:20.04"
ephemeral = false
profiles = [lxd_profile.kubenode.name]
}
resource "time_sleep" "wait_cloud_init" {
depends_on = [lxd_container.k8s]
create_duration = "5m"
}
resource "rke_cluster" "cluster" {
dynamic "nodes" {
for_each = lxd_container.k8s
content {
address = nodes.value.ip_address
user = "root"
role = [
"controlplane",
"etcd",
"worker"
]
ssh_key = file("~/.ssh/id_rsa")
}
}
ingress {
provider = "none"
}
ignore_docker_version = true
depends_on = [time_sleep.wait_cloud_init]
}
resource "local_file" "kube_config_yaml" {
filename = "${path.root}/kube_config.yaml"
content = rke_cluster.cluster.kube_config_yaml
}