From 69f3ab42186734c3592bc94f3917efb6cdb52cc6 Mon Sep 17 00:00:00 2001
From: Marcel Richter <mail@mrclrchtr.de>
Date: Mon, 18 Mar 2024 13:45:29 +0100
Subject: [PATCH] feat: differentiate between k8s API and KubePrism API in
 various places

---
 manifest_cilium.tf |  4 ++--
 talos.tf           | 24 +++++++++++++-----------
 terraform.tf       |  4 ++--
 3 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/manifest_cilium.tf b/manifest_cilium.tf
index 9e4fb8e..7720594 100644
--- a/manifest_cilium.tf
+++ b/manifest_cilium.tf
@@ -40,11 +40,11 @@ data "helm_template" "cilium" {
   }
   set {
     name  = "k8sServiceHost"
-    value = local.k8s_service_host
+    value = local.cluster_api_host
   }
   set {
     name  = "k8sServicePort"
-    value = 7445 // Uses KubePrism's default port 7445 instead of KubeAPI's 6443
+    value = local.cluster_api_port_kube_prism
   }
   set {
     name  = "hubble.enabled"
diff --git a/talos.tf b/talos.tf
index ce8cdb4..3443c88 100644
--- a/talos.tf
+++ b/talos.tf
@@ -3,20 +3,22 @@ resource "talos_machine_secrets" "this" {}
 locals {
   // TODO: Possible to make domain and api_domain configurable?
   // https://github.com/kubebn/talos-proxmox-kaas?tab=readme-ov-file#cilium-cni-configuration
-  domain           = "cluster.local"
-  k8s_service_host = "api.${local.domain}"
-  k8s_service_port = 6443
-  cluster_endpoint = "https://${local.k8s_service_host}:${local.k8s_service_port}"
+  cluster_domain       = "cluster.local"
+  cluster_api_host     = "api.${local.cluster_domain}"
+  cluster_api_port_k8s = 6443
+  #  cluster_api_url_k8s         = "https://${local.cluster_api_host}:${local.cluster_api_port_k8s}"
+  cluster_api_port_kube_prism = 7445
+  cluster_api_url_kube_prism  = "https://${local.cluster_api_host}:${local.cluster_api_port_kube_prism}"
   // ************
   cert_SANs = concat(
     local.control_plane_public_ipv4_list,
     local.control_plane_public_ipv6_list,
     local.control_plane_private_ipv4_list,
-    [local.k8s_service_host]
+    [local.cluster_api_host]
   )
   extra_host_entries = concat(
     [
-      "127.0.0.1:${local.k8s_service_host}"
+      "127.0.0.1:${local.cluster_api_host}"
     ]
   )
 }
@@ -26,15 +28,15 @@ data "talos_machine_configuration" "control_plane" {
   count            = var.control_plane_count > 0 ? var.control_plane_count : 1
   talos_version    = var.talos_version
   cluster_name     = var.cluster_name
-  cluster_endpoint = local.cluster_endpoint
+  cluster_endpoint = local.cluster_api_url_kube_prism
   machine_type     = "controlplane"
   machine_secrets  = talos_machine_secrets.this.machine_secrets
   config_patches = concat(
     [
       templatefile("${path.module}/patches/controlplane.yaml.tpl", {
         allowSchedulingOnControlPlanes = var.worker_count <= 0,
-        domain                         = local.domain
-        apiDomain                      = local.k8s_service_host
+        domain                         = local.cluster_domain
+        apiDomain                      = local.cluster_api_host
         certSANs                       = join(",", local.cert_SANs)
         nodeSubnets                    = local.node_ipv4_cidr
         nodeCidrMaskSizeIpv4           = local.node_ipv4_cidr_mask_size
@@ -55,13 +57,13 @@ data "talos_machine_configuration" "worker" {
   count            = var.worker_count > 0 ? var.worker_count : 1
   talos_version    = var.talos_version
   cluster_name     = var.cluster_name
-  cluster_endpoint = local.cluster_endpoint
+  cluster_endpoint = local.cluster_api_url_kube_prism
   machine_type     = "worker"
   machine_secrets  = talos_machine_secrets.this.machine_secrets
   config_patches = concat(
     [
       templatefile("${path.module}/patches/worker.yaml.tpl", {
-        domain           = local.domain
+        domain           = local.cluster_domain
         nodeSubnets      = local.node_ipv4_cidr
         serviceSubnets   = local.service_ipv4_cidr
         podSubnets       = local.pod_ipv4_cidr
diff --git a/terraform.tf b/terraform.tf
index b08e7ce..d4f4fcc 100644
--- a/terraform.tf
+++ b/terraform.tf
@@ -40,7 +40,7 @@ provider "hcloud" {
 
 provider "helm" {
   kubernetes {
-    host                   = length(local.control_plane_public_ipv4_list) > 0 ? "${local.control_plane_public_ipv4_list[0]}:${local.k8s_service_port}" : ""
+    host                   = length(local.control_plane_public_ipv4_list) > 0 ? "${local.control_plane_public_ipv4_list[0]}:${local.cluster_api_port_k8s}" : ""
     client_certificate     = base64decode(length(data.talos_cluster_kubeconfig.this) > 0 ? data.talos_cluster_kubeconfig.this[0].kubernetes_client_configuration.client_certificate : "")
     client_key             = base64decode(length(data.talos_cluster_kubeconfig.this) > 0 ? data.talos_cluster_kubeconfig.this[0].kubernetes_client_configuration.client_key : "")
     cluster_ca_certificate = base64decode(length(data.talos_cluster_kubeconfig.this) > 0 ? data.talos_cluster_kubeconfig.this[0].kubernetes_client_configuration.ca_certificate : "")
@@ -48,7 +48,7 @@ provider "helm" {
 }
 
 provider "kubectl" {
-  host                   = length(local.control_plane_public_ipv4_list) > 0 ? "${local.control_plane_public_ipv4_list[0]}:${local.k8s_service_port}" : ""
+  host                   = length(local.control_plane_public_ipv4_list) > 0 ? "${local.control_plane_public_ipv4_list[0]}:${local.cluster_api_port_k8s}" : ""
   client_certificate     = base64decode(length(data.talos_cluster_kubeconfig.this) > 0 ? data.talos_cluster_kubeconfig.this[0].kubernetes_client_configuration.client_certificate : "")
   client_key             = base64decode(length(data.talos_cluster_kubeconfig.this) > 0 ? data.talos_cluster_kubeconfig.this[0].kubernetes_client_configuration.client_key : "")
   cluster_ca_certificate = base64decode(length(data.talos_cluster_kubeconfig.this) > 0 ? data.talos_cluster_kubeconfig.this[0].kubernetes_client_configuration.ca_certificate : "")