Skip to content

Commit

Permalink
examples/hetzner: refactor network creation
Browse files Browse the repository at this point in the history 
Signed-off-by: Marko Mudrinić <mudrinic.mare@gmail.com>
  • Loading branch information
@xmudrii
xmudrii committed Apr 19, 2024
1 parent ccc1f3b commit 425e26c
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 14 deletions.
5 changes: 4 additions & 1 deletion examples/terraform/hetzner/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ use the configs and how to provision a Kubernetes cluster using KubeOne.
| Name | Version |
|------|---------|
| <a name="provider_hcloud"></a> [hcloud](#provider\_hcloud) | ~> 1.31.0 |
| <a name="provider_random"></a> [random](#provider\_random) | n/a |

## Modules

Expand All @@ -39,12 +40,14 @@ No modules.
| [hcloud_server.control_plane](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/server) | resource |
| [hcloud_server_network.control_plane](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/server_network) | resource |
| [hcloud_ssh_key.kubeone](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/ssh_key) | resource |
| [random_integer.random_subnet_netnum](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) | resource |

## Inputs

| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
| <a name="input_apiserver_alternative_names"></a> [apiserver\_alternative\_names](#input\_apiserver\_alternative\_names) | subject alternative names for the API Server signing cert. | `list(string)` | `[]` | no |
| <a name="input_base_network_cidr"></a> [base\_network\_cidr](#input\_base\_network\_cidr) | base cidr, resulting cidr is randomly generated depending on provided subnet\_mask | `string` | `"10.100.0.0/16"` | no |
| <a name="input_bastion_host_key"></a> [bastion\_host\_key](#input\_bastion\_host\_key) | Bastion SSH host public key | `string` | `null` | no |
| <a name="input_cluster_autoscaler_max_replicas"></a> [cluster\_autoscaler\_max\_replicas](#input\_cluster\_autoscaler\_max\_replicas) | maximum number of replicas per MachineDeployment (requires cluster-autoscaler) | `number` | `0` | no |
| <a name="input_cluster_autoscaler_min_replicas"></a> [cluster\_autoscaler\_min\_replicas](#input\_cluster\_autoscaler\_min\_replicas) | minimum number of replicas per MachineDeployment (requires cluster-autoscaler) | `number` | `0` | no |
Expand All @@ -58,7 +61,6 @@ No modules.
| <a name="input_image_references"></a> [image\_references](#input\_image\_references) | map with images | <pre>map(object({<br> image_name = string<br> ssh_username = string<br> worker_os = string<br> }))</pre> | <pre>{<br> "centos": {<br> "image_name": "centos-7",<br> "ssh_username": "root",<br> "worker_os": "centos"<br> },<br> "rockylinux": {<br> "image_name": "rocky-8",<br> "ssh_username": "root",<br> "worker_os": "rockylinux"<br> },<br> "ubuntu": {<br> "image_name": "ubuntu-22.04",<br> "ssh_username": "root",<br> "worker_os": "ubuntu"<br> }<br>}</pre> | no |
| <a name="input_initial_machinedeployment_operating_system_profile"></a> [initial\_machinedeployment\_operating\_system\_profile](#input\_initial\_machinedeployment\_operating\_system\_profile) | Name of operating system profile for MachineDeployments, only applicable if operating-system-manager addon is enabled.<br>If not specified, the default value will be added by machine-controller addon. | `string` | `""` | no |
| <a name="input_initial_machinedeployment_replicas"></a> [initial\_machinedeployment\_replicas](#input\_initial\_machinedeployment\_replicas) | Number of replicas per MachineDeployment | `number` | `2` | no |
| <a name="input_ip_range"></a> [ip\_range](#input\_ip\_range) | ip range to use for private network | `string` | `"192.168.0.0/16"` | no |
| <a name="input_lb_type"></a> [lb\_type](#input\_lb\_type) | n/a | `string` | `"lb11"` | no |
| <a name="input_network_zone"></a> [network\_zone](#input\_network\_zone) | network zone to use for private network | `string` | `"eu-central"` | no |
| <a name="input_os"></a> [os](#input\_os) | Operating System to use in image filtering and MachineDeployment | `string` | `"ubuntu"` | no |
Expand All @@ -68,6 +70,7 @@ No modules.
| <a name="input_ssh_private_key_file"></a> [ssh\_private\_key\_file](#input\_ssh\_private\_key\_file) | SSH private key file used to access instances | `string` | `""` | no |
| <a name="input_ssh_public_key_file"></a> [ssh\_public\_key\_file](#input\_ssh\_public\_key\_file) | SSH public key file | `string` | `"~/.ssh/id_rsa.pub"` | no |
| <a name="input_ssh_username"></a> [ssh\_username](#input\_ssh\_username) | SSH user, used only in output | `string` | `""` | no |
| <a name="input_subnet_mask"></a> [subnet\_mask](#input\_subnet\_mask) | subnet mask to use for generating cidr for a private network | `number` | `24` | no |
| <a name="input_worker_os"></a> [worker\_os](#input\_worker\_os) | OS to run on worker machines | `string` | `""` | no |
| <a name="input_worker_type"></a> [worker\_type](#input\_worker\_type) | n/a | `string` | `"cx21"` | no |

Expand Down
34 changes: 24 additions & 10 deletions examples/terraform/hetzner/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,20 @@ locals {

cluster_autoscaler_min_replicas = var.cluster_autoscaler_min_replicas > 0 ? var.cluster_autoscaler_min_replicas : var.initial_machinedeployment_replicas
cluster_autoscaler_max_replicas = var.cluster_autoscaler_max_replicas > 0 ? var.cluster_autoscaler_max_replicas : var.initial_machinedeployment_replicas

base_network_mask = parseint(split("/", var.base_network_cidr)[1], 10)
subnet_newbits = var.subnet_mask - local.base_network_mask
subnet_netnum = pow(2, local.subnet_newbits) - 1
ip_range = cidrsubnet(
var.base_network_cidr,
local.subnet_newbits,
random_integer.random_subnet_netnum.result,
)
}

resource "random_integer" "random_subnet_netnum" {
min = 0
max = local.subnet_netnum
}

resource "hcloud_ssh_key" "kubeone" {
Expand All @@ -34,7 +48,14 @@ resource "hcloud_ssh_key" "kubeone" {

resource "hcloud_network" "net" {
name = var.cluster_name
ip_range = var.ip_range
ip_range = local.ip_range
}

resource "hcloud_network_subnet" "kubeone" {
network_id = hcloud_network.net.id
type = "server"
network_zone = var.network_zone
ip_range = local.ip_range
}

resource "hcloud_firewall" "cluster" {
Expand Down Expand Up @@ -63,7 +84,7 @@ resource "hcloud_firewall" "cluster" {
protocol = "tcp"
port = "any"
source_ips = [
var.ip_range,
hcloud_network.net.ip_range,
]
}

Expand All @@ -73,7 +94,7 @@ resource "hcloud_firewall" "cluster" {
protocol = "udp"
port = "any"
source_ips = [
var.ip_range,
hcloud_network.net.ip_range,
]
}

Expand All @@ -98,13 +119,6 @@ resource "hcloud_firewall" "cluster" {
}
}

resource "hcloud_network_subnet" "kubeone" {
network_id = hcloud_network.net.id
type = "server"
network_zone = var.network_zone
ip_range = var.ip_range
}

resource "hcloud_server_network" "control_plane" {
count = var.control_plane_vm_count
server_id = element(hcloud_server.control_plane.*.id, count.index)
Expand Down
12 changes: 9 additions & 3 deletions examples/terraform/hetzner/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,12 +190,18 @@ variable "image" {
type = string
}

variable "ip_range" {
default = "192.168.0.0/16"
description = "ip range to use for private network"
variable "base_network_cidr" {
default = "10.100.0.0/16"
description = "base cidr, resulting cidr is randomly generated depending on provided subnet_mask"
type = string
}

variable "subnet_mask" {
default = 24
description = "subnet mask to use for generating cidr for a private network"
type = number
}

variable "network_zone" {
default = "eu-central"
description = "network zone to use for private network"
Expand Down

0 comments on commit 425e26c

Please sign in to comment.