From 425e26cdd9312971d5ae820a79cb83c4d64dfc51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marko=20Mudrini=C4=87?= Date: Fri, 19 Apr 2024 15:56:46 +0200 Subject: [PATCH] examples/hetzner: refactor network creation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Marko Mudrinić --- examples/terraform/hetzner/README.md | 5 +++- examples/terraform/hetzner/main.tf | 34 +++++++++++++++++-------- examples/terraform/hetzner/variables.tf | 12 ++++++--- 3 files changed, 37 insertions(+), 14 deletions(-) diff --git a/examples/terraform/hetzner/README.md b/examples/terraform/hetzner/README.md index 57dd4bcdd..e6385bf9b 100644 --- a/examples/terraform/hetzner/README.md +++ b/examples/terraform/hetzner/README.md @@ -19,6 +19,7 @@ use the configs and how to provision a Kubernetes cluster using KubeOne. | Name | Version | |------|---------| | [hcloud](#provider\_hcloud) | ~> 1.31.0 | +| [random](#provider\_random) | n/a | ## Modules @@ -39,12 +40,14 @@ No modules. | [hcloud_server.control_plane](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/server) | resource | | [hcloud_server_network.control_plane](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/server_network) | resource | | [hcloud_ssh_key.kubeone](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/ssh_key) | resource | +| [random_integer.random_subnet_netnum](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) | resource | ## Inputs | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | [apiserver\_alternative\_names](#input\_apiserver\_alternative\_names) | subject alternative names for the API Server signing cert. | `list(string)` | `[]` | no | +| [base\_network\_cidr](#input\_base\_network\_cidr) | base cidr, resulting cidr is randomly generated depending on provided subnet\_mask | `string` | `"10.100.0.0/16"` | no | | [bastion\_host\_key](#input\_bastion\_host\_key) | Bastion SSH host public key | `string` | `null` | no | | [cluster\_autoscaler\_max\_replicas](#input\_cluster\_autoscaler\_max\_replicas) | maximum number of replicas per MachineDeployment (requires cluster-autoscaler) | `number` | `0` | no | | [cluster\_autoscaler\_min\_replicas](#input\_cluster\_autoscaler\_min\_replicas) | minimum number of replicas per MachineDeployment (requires cluster-autoscaler) | `number` | `0` | no | @@ -58,7 +61,6 @@ No modules. | [image\_references](#input\_image\_references) | map with images | 
map(object({
    image_name   = string
    ssh_username = string
    worker_os    = string
  }))
| 
{
  "centos": {
    "image_name": "centos-7",
    "ssh_username": "root",
    "worker_os": "centos"
  },
  "rockylinux": {
    "image_name": "rocky-8",
    "ssh_username": "root",
    "worker_os": "rockylinux"
  },
  "ubuntu": {
    "image_name": "ubuntu-22.04",
    "ssh_username": "root",
    "worker_os": "ubuntu"
  }
}
| no | | [initial\_machinedeployment\_operating\_system\_profile](#input\_initial\_machinedeployment\_operating\_system\_profile) | Name of operating system profile for MachineDeployments, only applicable if operating-system-manager addon is enabled.
If not specified, the default value will be added by machine-controller addon. | `string` | `""` | no | | [initial\_machinedeployment\_replicas](#input\_initial\_machinedeployment\_replicas) | Number of replicas per MachineDeployment | `number` | `2` | no | -| [ip\_range](#input\_ip\_range) | ip range to use for private network | `string` | `"192.168.0.0/16"` | no | | [lb\_type](#input\_lb\_type) | n/a | `string` | `"lb11"` | no | | [network\_zone](#input\_network\_zone) | network zone to use for private network | `string` | `"eu-central"` | no | | [os](#input\_os) | Operating System to use in image filtering and MachineDeployment | `string` | `"ubuntu"` | no | @@ -68,6 +70,7 @@ No modules. | [ssh\_private\_key\_file](#input\_ssh\_private\_key\_file) | SSH private key file used to access instances | `string` | `""` | no | | [ssh\_public\_key\_file](#input\_ssh\_public\_key\_file) | SSH public key file | `string` | `"~/.ssh/id_rsa.pub"` | no | | [ssh\_username](#input\_ssh\_username) | SSH user, used only in output | `string` | `""` | no | +| [subnet\_mask](#input\_subnet\_mask) | subnet mask to use for generating cidr for a private network | `number` | `24` | no | | [worker\_os](#input\_worker\_os) | OS to run on worker machines | `string` | `""` | no | | [worker\_type](#input\_worker\_type) | n/a | `string` | `"cx21"` | no | diff --git a/examples/terraform/hetzner/main.tf b/examples/terraform/hetzner/main.tf index febb3c548..0a5d78695 100644 --- a/examples/terraform/hetzner/main.tf +++ b/examples/terraform/hetzner/main.tf @@ -25,6 +25,20 @@ locals { cluster_autoscaler_min_replicas = var.cluster_autoscaler_min_replicas > 0 ? var.cluster_autoscaler_min_replicas : var.initial_machinedeployment_replicas cluster_autoscaler_max_replicas = var.cluster_autoscaler_max_replicas > 0 ? var.cluster_autoscaler_max_replicas : var.initial_machinedeployment_replicas + + base_network_mask = parseint(split("/", var.base_network_cidr)[1], 10) + subnet_newbits = var.subnet_mask - local.base_network_mask + subnet_netnum = pow(2, local.subnet_newbits) - 1 + ip_range = cidrsubnet( + var.base_network_cidr, + local.subnet_newbits, + random_integer.random_subnet_netnum.result, + ) +} + +resource "random_integer" "random_subnet_netnum" { + min = 0 + max = local.subnet_netnum } resource "hcloud_ssh_key" "kubeone" { @@ -34,7 +48,14 @@ resource "hcloud_ssh_key" "kubeone" { resource "hcloud_network" "net" { name = var.cluster_name - ip_range = var.ip_range + ip_range = local.ip_range +} + +resource "hcloud_network_subnet" "kubeone" { + network_id = hcloud_network.net.id + type = "server" + network_zone = var.network_zone + ip_range = local.ip_range } resource "hcloud_firewall" "cluster" { @@ -63,7 +84,7 @@ resource "hcloud_firewall" "cluster" { protocol = "tcp" port = "any" source_ips = [ - var.ip_range, + hcloud_network.net.ip_range, ] } @@ -73,7 +94,7 @@ resource "hcloud_firewall" "cluster" { protocol = "udp" port = "any" source_ips = [ - var.ip_range, + hcloud_network.net.ip_range, ] } @@ -98,13 +119,6 @@ resource "hcloud_firewall" "cluster" { } } -resource "hcloud_network_subnet" "kubeone" { - network_id = hcloud_network.net.id - type = "server" - network_zone = var.network_zone - ip_range = var.ip_range -} - resource "hcloud_server_network" "control_plane" { count = var.control_plane_vm_count server_id = element(hcloud_server.control_plane.*.id, count.index) diff --git a/examples/terraform/hetzner/variables.tf b/examples/terraform/hetzner/variables.tf index c1b698409..8aa6e8306 100644 --- a/examples/terraform/hetzner/variables.tf +++ b/examples/terraform/hetzner/variables.tf @@ -190,12 +190,18 @@ variable "image" { type = string } -variable "ip_range" { - default = "192.168.0.0/16" - description = "ip range to use for private network" +variable "base_network_cidr" { + default = "10.100.0.0/16" + description = "base cidr, resulting cidr is randomly generated depending on provided subnet_mask" type = string } +variable "subnet_mask" { + default = 24 + description = "subnet mask to use for generating cidr for a private network" + type = number +} + variable "network_zone" { default = "eu-central" description = "network zone to use for private network"