183 lines
5.4 KiB
HCL
183 lines
5.4 KiB
HCL
terraform {
|
|
required_providers {
|
|
digitalocean = {
|
|
source = "digitalocean/digitalocean"
|
|
version = "~> 2.0"
|
|
}
|
|
}
|
|
}
|
|
|
|
data "digitalocean_region" "provided" {
|
|
slug = var.digitalocean_region
|
|
}
|
|
|
|
resource "digitalocean_ssh_key" "dummy" {
|
|
# DigitalOcean requires a key when deploying an image even if the machine
|
|
# will not have SSH access
|
|
name = "Dummy Talos Key"
|
|
public_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAseDS76tIQnZyiaBSuZOMI8nixs9NuXqCDGKuv5XPJZ"
|
|
}
|
|
|
|
/*
|
|
// Not necessary on single node planes
|
|
resource "digitalocean_loadbalancer" "public" {
|
|
name = "loadbalancer-1"
|
|
region = "sfo3"
|
|
|
|
forwarding_rule {
|
|
entry_port = 443
|
|
entry_protocol = "tcp"
|
|
|
|
target_port = 6443
|
|
target_protocol = "tcp"
|
|
}
|
|
|
|
healthcheck {
|
|
port = 6443
|
|
protocol = "tcp"
|
|
check_interval_seconds = 10
|
|
response_timeout_seconds = 5
|
|
healthy_threshold = 5
|
|
unhealthy_threshold = 3
|
|
}
|
|
|
|
droplet_tag = "talos-digital-ocean-control-plane"
|
|
|
|
provisioner "local-exec" {
|
|
command = "sh scripts/init-talos-config.sh ${self.ip}"
|
|
}
|
|
}
|
|
*/
|
|
|
|
locals {
|
|
control_plane_patch_labels = "${path.module}/files/control-plane-load-balancer-labels.patch.json"
|
|
control_plane_patch_cni = "${path.module}/files/default-cni.patch.json"
|
|
config_directory = "${path.root}/${var.talos_config_directory}"
|
|
worker_nodes = flatten([
|
|
for pool in var.worker_pools: [
|
|
for i in range(pool.count): {
|
|
name = pool.name
|
|
size = pool.size
|
|
count = i
|
|
name_numbered = "${pool.name}-${i}"
|
|
}
|
|
]
|
|
])
|
|
}
|
|
|
|
resource "digitalocean_reserved_ip" "control_plane" {
|
|
region = data.digitalocean_region.provided.slug
|
|
|
|
provisioner "local-exec" {
|
|
command = "mkdir -p ${local.config_directory}"
|
|
}
|
|
|
|
provisioner "local-exec" {
|
|
command = join(" ", ["talosctl", "gen", "config",
|
|
"--output-dir=${local.config_directory}",
|
|
"--config-patch-control-plane=@${local.control_plane_patch_labels}",
|
|
"--config-patch-control-plane=@${local.control_plane_patch_cni}",
|
|
var.talos_cluster_name,
|
|
"https://${self.ip_address}:6443"
|
|
])
|
|
}
|
|
|
|
/*
|
|
* Terraform is stinky, won't let us use `local.config_directory`
|
|
provisioner "local-exec" {
|
|
command = "rm -rf ${local.config_directory}"
|
|
when = destroy
|
|
}
|
|
*/
|
|
}
|
|
|
|
data "local_file" "controlplane" {
|
|
depends_on = [digitalocean_reserved_ip.control_plane]
|
|
filename = "${local.config_directory}/controlplane.yaml"
|
|
}
|
|
|
|
data "local_file" "worker" {
|
|
depends_on = [digitalocean_reserved_ip.control_plane]
|
|
filename = "${local.config_directory}/worker.yaml"
|
|
}
|
|
|
|
resource "digitalocean_droplet" "control_plane" {
|
|
name = "talos-control-plane"
|
|
region = data.digitalocean_region.provided.slug
|
|
image = var.talos_image
|
|
size = var.control_plane_pool.size
|
|
backups = true
|
|
user_data = data.local_file.controlplane.content
|
|
ssh_keys = [digitalocean_ssh_key.dummy.fingerprint]
|
|
vpc_uuid = var.vpc_id
|
|
|
|
// talos expects the endpoint and node to be that of the machine itself, not the elastic IP
|
|
provisioner "local-exec" {
|
|
command = "talosctl --talosconfig ${local.config_directory}/talosconfig config endpoint ${self.ipv4_address}"
|
|
}
|
|
|
|
provisioner "local-exec" {
|
|
command = "talosctl --talosconfig ${local.config_directory}/talosconfig config node ${self.ipv4_address}"
|
|
}
|
|
|
|
provisioner "local-exec" {
|
|
# lol
|
|
command = "sleep 30"
|
|
}
|
|
|
|
provisioner "local-exec" {
|
|
command = "talosctl --talosconfig ${local.config_directory}/talosconfig bootstrap"
|
|
}
|
|
}
|
|
|
|
resource "digitalocean_reserved_ip_assignment" "control_plane" {
|
|
ip_address = digitalocean_reserved_ip.control_plane.ip_address
|
|
droplet_id = digitalocean_droplet.control_plane.id
|
|
}
|
|
|
|
resource "digitalocean_droplet" "worker" {
|
|
depends_on = [digitalocean_droplet.control_plane]
|
|
for_each = { for node in local.worker_nodes : node.name_numbered => node }
|
|
name = "talos-worker-node-${each.value.name_numbered}"
|
|
region = data.digitalocean_region.provided.slug
|
|
image = var.talos_image
|
|
size = each.value.size
|
|
user_data = data.local_file.worker.content
|
|
ssh_keys = [digitalocean_ssh_key.dummy.fingerprint]
|
|
vpc_uuid = var.vpc_id
|
|
}
|
|
|
|
# TODO(RyanSquared): Commenting this part out until I get Kustomizations built
|
|
# for all the necessary resources
|
|
/*
|
|
resource "null_resource" "init-cluster" {
|
|
depends_on = [digitalocean_droplet.worker]
|
|
|
|
provisioner "local-exec" {
|
|
command = "sh scripts/init-cluster.sh ${digitalocean_droplet.control-plane[0].ipv4_address}"
|
|
}
|
|
}
|
|
*/
|
|
|
|
resource "null_resource" "generate_kubeconfig" {
|
|
triggers = {
|
|
workers = join(",", [
|
|
for node_name, node in digitalocean_droplet.worker: node_name
|
|
])
|
|
}
|
|
|
|
provisioner "local-exec" {
|
|
command = "talosctl --talosconfig ${local.config_directory}/talosconfig kubeconfig --nodes ${digitalocean_droplet.control_plane.ipv4_address} -f ${local.config_directory}/kubeconfig"
|
|
}
|
|
|
|
provisioner "local-exec" {
|
|
command = "talosctl --talosconfig ${local.config_directory}/talosconfig config node ${digitalocean_droplet.control_plane.ipv4_address} ${join(" ", [for node_name, node in digitalocean_droplet.worker: node.ipv4_address])}"
|
|
}
|
|
|
|
/*
|
|
provisioner "local-exec" {
|
|
command = "kubectl --kubeconfig ${local.config_directory}/kubeconfig -n kube-system create configmap calico-machine-config --from-literal=kubernetes_service_host=${digitalocean_reserved_ip.control_plane.ip_address} --from-literal=kubernetes_service_port=6443"
|
|
}
|
|
*/
|
|
}
|