Skip to content

Commit

Permalink
feat(network): add floating IP support
Browse files Browse the repository at this point in the history
  • Loading branch information
@mrclrchtr
mrclrchtr committed Mar 20, 2024
1 parent cd631b7 commit 5a69725
Show file tree
Hide file tree
Showing 4 changed files with 159 additions and 113 deletions.
8 changes: 8 additions & 0 deletions network.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,11 @@ resource "hcloud_floating_ip" "control_plane_ipv4" {
delete_protection = false
}

resource "hcloud_floating_ip_assignment" "this" {
floating_ip_id = hcloud_floating_ip.control_plane_ipv4[0].id
server_id = hcloud_server.control_planes[0].id
}

resource "hcloud_primary_ip" "control_plane_ipv4" {
count = var.control_plane_count > 0 ? var.control_plane_count : 1 # If control_plane_count is 0, we still need to create a primary IP for debugging purposes
name = "control-plane-${count.index + 1}-ipv4"
Expand Down Expand Up @@ -71,6 +76,9 @@ locals {
control_plane_public_ipv6_list = [
for ipv6 in hcloud_primary_ip.control_plane_ipv6 : ipv6.ip_address
]
worker_public_ipv4_list = [
for ipv4 in hcloud_primary_ip.worker_ipv4 : ipv4.ip_address
]

# https://docs.hetzner.com/cloud/networks/faq/#are-any-ip-addresses-reserved
# We may not use th following IP addresses:
Expand Down
32 changes: 13 additions & 19 deletions talos.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,28 +14,22 @@ locals {
local.control_plane_public_ipv4_list,
local.control_plane_public_ipv6_list,
local.control_plane_private_ipv4_list,
[local.cluster_api_host]
compact([
local.cluster_api_host,
# TODO: not working atm https://github.com/siderolabs/talos/issues/3599
# local.control_plane_private_ipv4_vip,
var.enable_floating_ip ? hcloud_floating_ip.control_plane_ipv4[0].ip_address : null,
])
)

interfaces = [
extra_host_entries = [
{
interface = "eth0"
dhcp = true
vip = var.enable_floating_ip ? {
ip = hcloud_floating_ip.control_plane_ipv4[0].ip_address
hcloud = {
apiToken = var.hcloud_token
}
} : null
ip = "127.0.0.1"
aliases = [
local.cluster_api_host
]
}
]

extra_host_entries = [{
ip = "127.0.0.1"
aliases = [
local.cluster_api_host
]
}]
}

data "talos_machine_configuration" "control_plane" {
Expand All @@ -46,7 +40,7 @@ data "talos_machine_configuration" "control_plane" {
cluster_endpoint = local.cluster_api_url_kube_prism
machine_type = "controlplane"
machine_secrets = talos_machine_secrets.this.machine_secrets
config_patches = [local.controlplane_yaml]
config_patches = [local.controlplane_yaml[count.index]]
docs = false
examples = false
}
Expand All @@ -59,7 +53,7 @@ data "talos_machine_configuration" "worker" {
cluster_endpoint = local.cluster_api_url_kube_prism
machine_type = "worker"
machine_secrets = talos_machine_secrets.this.machine_secrets
config_patches = [local.worker_yaml]
config_patches = [local.worker_yaml[count.index]]
docs = false
examples = false
}
Expand Down
209 changes: 117 additions & 92 deletions talos_patch_control_plane.tf
View file
Original file line number Diff line number Diff line change
@@ -1,107 +1,132 @@
locals {
controlplane_yaml = yamlencode({
machine = {
certSANs = local.cert_SANs
kubelet = {
extraArgs = {
"cloud-provider" = "external"
"rotate-server-certificates" = "true"
controlplane_yaml = [
for index in range(0, var.control_plane_count) : yamlencode({
machine = {
certSANs = local.cert_SANs
kubelet = {
extraArgs = {
"cloud-provider" = "external"
"rotate-server-certificates" = "true"
}
clusterDNS = concat(
[cidrhost(local.service_ipv4_cidr, 10)]
)
nodeIP = {
validSubnets = [
local.node_ipv4_cidr
]
}
}
clusterDNS = concat(
[cidrhost(local.service_ipv4_cidr, 10)]
)
nodeIP = {
validSubnets = [
local.node_ipv4_cidr
network = {
interfaces = [
{
interface = "eth0"
dhcp = false
addresses : compact([
local.control_plane_public_ipv4_list[index]
])
routes = [
{
network = "172.31.1.1/32"
},
{
network = "0.0.0.0/0"
gateway : "172.31.1.1"
}
]
vip = var.enable_floating_ip ? {
ip = hcloud_floating_ip.control_plane_ipv4[0].ip_address
hcloud = {
apiToken = var.hcloud_token
}
} : null
},
]
extraHostEntries = local.extra_host_entries
}
sysctls = {
"net.core.somaxconn" = "65535"
"net.core.netdev_max_backlog" = "4096"
}
features = {
kubernetesTalosAPIAccess = {
enabled = true
allowedRoles = [
"os:reader"
]
allowedKubernetesNamespaces = [
"kube-system"
]
}
}
time = {
servers = [
"ntp1.hetzner.de",
"ntp2.hetzner.com",
"ntp3.hetzner.net",
"time.cloudflare.com"
]
}
}
network = {
interfaces = local.interfaces
extraHostEntries = local.extra_host_entries
}
sysctls = {
"net.core.somaxconn" = "65535"
"net.core.netdev_max_backlog" = "4096"
}
features = {
kubernetesTalosAPIAccess = {
enabled = true
allowedRoles = [
"os:reader"
cluster = {
allowSchedulingOnControlPlanes = var.worker_count <= 0
network = {
dnsDomain = local.cluster_domain
podSubnets = [
local.pod_ipv4_cidr
]
allowedKubernetesNamespaces = [
"kube-system"
serviceSubnets = [
local.service_ipv4_cidr
]
cni = {
name = "none"
}
}
}
time = {
servers = [
"ntp1.hetzner.de",
"ntp2.hetzner.com",
"ntp3.hetzner.net",
"time.cloudflare.com"
]
}
}
cluster = {
allowSchedulingOnControlPlanes = var.worker_count <= 0
network = {
dnsDomain = local.cluster_domain
podSubnets = [
local.pod_ipv4_cidr
]
serviceSubnets = [
local.service_ipv4_cidr
]
cni = {
name = "none"
proxy = {
disabled = true
}
}
proxy = {
disabled = true
}
apiServer = {
certSANs = local.cert_SANs
}
controllerManager = {
extraArgs = {
"cloud-provider" = "external"
"node-cidr-mask-size-ipv4" = local.node_ipv4_cidr_mask_size
apiServer = {
certSANs = local.cert_SANs
}
}
etcd = {
advertisedSubnets = [
local.node_ipv4_cidr
]
extraArgs = {
"listen-metrics-urls" = "http://0.0.0.0:2381"
controllerManager = {
extraArgs = {
"cloud-provider" = "external"
"node-cidr-mask-size-ipv4" = local.node_ipv4_cidr_mask_size
}
}
}
inlineManifests = [
{
name = "hcloud-secret"
contents = replace(yamlencode({
apiVersion = "v1"
kind = "Secret"
type = "Opaque"
metadata = {
name = "hcloud"
namespace = "kube-system"
}
data = {
network = base64encode(hcloud_network.this.id)
token = base64encode(var.hcloud_token)
}
}), "\"", "")
etcd = {
advertisedSubnets = [
local.node_ipv4_cidr
]
extraArgs = {
"listen-metrics-urls" = "http://0.0.0.0:2381"
}
}
]
externalCloudProvider = {
enabled = true
manifests = [
"https://raw.githubusercontent.com/siderolabs/talos-cloud-controller-manager/main/docs/deploy/cloud-controller-manager.yml"
inlineManifests = [
{
name = "hcloud-secret"
contents = replace(yamlencode({
apiVersion = "v1"
kind = "Secret"
type = "Opaque"
metadata = {
name = "hcloud"
namespace = "kube-system"
}
data = {
network = base64encode(hcloud_network.this.id)
token = base64encode(var.hcloud_token)
}
}), "\"", "")
}
]
externalCloudProvider = {
enabled = true
manifests = [
"https://raw.githubusercontent.com/siderolabs/talos-cloud-controller-manager/main/docs/deploy/cloud-controller-manager.yml"
]
}
}
}
})
})
]
}
23 changes: 21 additions & 2 deletions talos_patch_worker.tf
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
locals {
worker_yaml = yamlencode({
worker_yaml = [for index in range(0, var.control_plane_count) : yamlencode({
machine = {
kubelet = {
extraArgs = {
Expand All @@ -16,6 +16,24 @@ locals {
}
}
network = {
interfaces = [
{
interface = "eth0"
dhcp = false
addresses : [
local.worker_public_ipv4_list[index],
]
routes = [
{
network = "172.31.1.1/32"
},
{
network = "0.0.0.0/0"
gateway : "172.31.1.1"
}
]
}
]
extraHostEntries = local.extra_host_entries
}
sysctls = {
Expand Down Expand Up @@ -45,5 +63,6 @@ locals {
disabled = true
}
}
})
})
]
}

0 comments on commit 5a69725

Please sign in to comment.