diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 29e3776..6fc36f9 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -7,7 +7,11 @@
"installTerraformDocs": true
},
"ghcr.io/dhoeric/features/trivy:1": {},
- "ghcr.io/devcontainers-contrib/features/argo-cd:1": {}
+ "ghcr.io/devcontainers-contrib/features/argo-cd:1": {},
+ "ghcr.io/devcontainers-extra/features/gh-release:1": {
+ "repo": "vitobotta/hetzner-k3s",
+ "binaryNames": "hetzner-k3s"
+ }
},
"customizations": {
"vscode": {
@@ -31,5 +35,8 @@
},
"postAttachCommand": {
"ensureKubeDir": "mkdir -p /home/vscode/.kube"
+ },
+ "containerEnv": {
+ "KUBE_CONFIG_PATH": "~/.kube/config"
}
}
diff --git a/Makefile b/Makefile
index d4a3bee..3d7285a 100644
--- a/Makefile
+++ b/Makefile
@@ -12,6 +12,10 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+CLUSTER ?= dev
+CLUSTER_ROOT = ./clusters
+CONFIG_FILE ?= /tmp/config.yaml
+
cruft-update:
ifeq (,$(wildcard .cruft.json))
@echo "Cruft not configured"
@@ -19,3 +23,19 @@ else
@cruft check || cruft update --skip-apply-ask --refresh-private-variables
endif
.PHONY: cruft-update
+
+create:
+ $(MAKE) generate-config
+
+ hetzner-k3s create --config ${CONFIG_FILE}
+.PHONY: create
+
+delete:
+ $(MAKE) generate-config
+
+ hetzner-k3s delete --config ${CONFIG_FILE}
+.PHONY: delete
+
+generate-config:
+ @yq '. *= load("${CLUSTER_ROOT}/${CLUSTER}.yaml")' ${CLUSTER_ROOT}/common.yaml > ${CONFIG_FILE}
+.PHONY: generate-config
diff --git a/clusters/common.yaml b/clusters/common.yaml
new file mode 100644
index 0000000..c0dc21a
--- /dev/null
+++ b/clusters/common.yaml
@@ -0,0 +1,41 @@
+kubeconfig_path: "~/.kube/config"
+k3s_version: v1.31.3+k3s1
+
+networking:
+ ssh:
+ port: 2244
+ use_agent: false
+ public_key_path: "~/.ssh/homelab.pub"
+ private_key_path: "~/.ssh/homelab"
+ allowed_networks:
+ ssh:
+ - 0.0.0.0/0
+ api:
+ - 0.0.0.0/0
+ public_network:
+ ipv4: true
+ ipv6: true
+ private_network:
+ enabled: true
+ subnet: 10.0.0.0/16
+ cni:
+ enabled: true
+ encryption: true
+ mode: cilium
+
+datastore:
+ mode: etcd
+
+embedded_registry_mirror:
+ enabled: true
+
+schedule_workloads_on_masters: true
+
+image: ubuntu-24.04
+
+masters_pool:
+ instance_type: cx32
+ instance_count: 3
+ location: nbg1
+
+worker_node_pools: []
diff --git a/clusters/dev.yaml b/clusters/dev.yaml
new file mode 100644
index 0000000..dfc17df
--- /dev/null
+++ b/clusters/dev.yaml
@@ -0,0 +1,4 @@
+cluster_name: dev
+networking:
+ private_network:
+ subnet: 10.2.0.0/16
diff --git a/clusters/prod.yaml b/clusters/prod.yaml
new file mode 100644
index 0000000..6e3c0ae
--- /dev/null
+++ b/clusters/prod.yaml
@@ -0,0 +1,11 @@
+cluster_name: prod
+
+worker_node_pools:
+ - name: pool1
+ instance_type: cx32
+ instance_count: 0
+ location: nbg1
+ autoscaling:
+ enabled: true
+ min_instances: 0
+ max_instances: 3
diff --git a/modules/hetzner/.terraform.lock.hcl b/modules/hetzner/.terraform.lock.hcl
deleted file mode 100644
index 5a9a2c9..0000000
--- a/modules/hetzner/.terraform.lock.hcl
+++ /dev/null
@@ -1,63 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/local" {
- version = "2.5.1"
- constraints = ">= 2.5.1, < 3.0.0"
- hashes = [
- "h1:8oTPe2VUL6E2d3OcrvqyjI4Nn/Y/UEQN26WLk5O/B0g=",
- "zh:0af29ce2b7b5712319bf6424cb58d13b852bf9a777011a545fac99c7fdcdf561",
- "zh:126063ea0d79dad1f68fa4e4d556793c0108ce278034f101d1dbbb2463924561",
- "zh:196bfb49086f22fd4db46033e01655b0e5e036a5582d250412cc690fa7995de5",
- "zh:37c92ec084d059d37d6cffdb683ccf68e3a5f8d2eb69dd73c8e43ad003ef8d24",
- "zh:4269f01a98513651ad66763c16b268f4c2da76cc892ccfd54b401fff6cc11667",
- "zh:51904350b9c728f963eef0c28f1d43e73d010333133eb7f30999a8fb6a0cc3d8",
- "zh:73a66611359b83d0c3fcba2984610273f7954002febb8a57242bbb86d967b635",
- "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
- "zh:7ae387993a92bcc379063229b3cce8af7eaf082dd9306598fcd42352994d2de0",
- "zh:9e0f365f807b088646db6e4a8d4b188129d9ebdbcf2568c8ab33bddd1b82c867",
- "zh:b5263acbd8ae51c9cbffa79743fbcadcb7908057c87eb22fd9048268056efbc4",
- "zh:dfcd88ac5f13c0d04e24be00b686d069b4879cc4add1b7b1a8ae545783d97520",
- ]
-}
-
-provider "registry.terraform.io/hetznercloud/hcloud" {
- version = "1.48.0"
- constraints = ">= 1.47.0, < 2.0.0"
- hashes = [
- "h1:pdeMfdZHftUivK+TGABJI4fnRHvF0GFbCGWxh+uL+94=",
- "zh:19d38d046e26153edcdd36ce8c0e16198aa9dea5186559651c4a75c455390573",
- "zh:3cb7c453067bcabed68275f812100685fc2f753f37c0e620d3358e642833b5f0",
- "zh:42cabdbb55dba02816be8d9d3fc30f51d610516cc54c3f057e6bb3ffc960b550",
- "zh:486aaa88c6c9af37f07ffea4b54a7dbd11e9faee09f4ed3f2dbcb2d94064427a",
- "zh:69b1a9dc867d9beac752f42501f465ea22d3fbc8af8b3a7190b6aa50fcc0db51",
- "zh:7422b2ec1188d9e70c3ee34ff201eb12809c0602a009224f7cea6940cce64567",
- "zh:7e31665f004a4d0055f0b1b0c0f4d36039c11bb789fc7c07fc9fb54d0d38d751",
- "zh:866eb35b5ca82566f7793ec88dc135c6476f33ea0f7a7f10be9768ba3408e791",
- "zh:961efe244a5163a3369817bdd1092aae2e58391d7e21929fab56473d62385d1d",
- "zh:a08a965235e6db0233730b93a024e2b8a8c1567dd453eb0aa4aec59b9ed91558",
- "zh:c031636938f665629ef3d48d771b6037571ddb886366ade241ed19551aaea24f",
- "zh:cf8fc251e4ae701d5f2503f5d1b9f7e5f804f676a1b9b2d88a59930d6b7a9054",
- "zh:d5fa2cc80a6361d92c5c725f677f93de5d98c9d644ac978f083a06a7381dda1d",
- "zh:ecef5c1e59d1c6cde6aee407b79aecd76d6c129dcec4f67666085f0403a0f46a",
- ]
-}
-
-provider "registry.terraform.io/loafoe/ssh" {
- version = "2.7.0"
- constraints = ">= 2.7.0, < 3.0.0"
- hashes = [
- "h1:MYcyNF/9w/O0nEeKmopbji1NqeD9kpd2a55r9E4rFXs=",
- "zh:0301be53defa9294c713fb3ce4c9925e83051b7444b6eb7262c692ad514f9c46",
- "zh:2670797441d6fefddaaac4498f31b0dc8053fe82a3744fca44da7471e6449f1f",
- "zh:2d70166644fba761aec397920e9e843cce2c060875ddd224f7791ea2cd7bd6e6",
- "zh:30bda314598fee47cf890adfb6f3e1db606feab99252ccfdd0e5c93108f38fdd",
- "zh:3a0c0c9f1aff15818fb5fe97b361b879baf19886d413fa468165c3c6de49d348",
- "zh:5183c1a7fb5d1f1394bfcfe716a61c4191198ccbd64311601c68c52a3a1ea7e2",
- "zh:5190fd7e18f0e46d2263fafa04a6862578abb1c14d60ea3e6597f1b00b041ec7",
- "zh:825e2a7eb6c176dc96b82a1123d63ce6e04ef502a973a7ac44ab156cae4f991a",
- "zh:8e0716c9a628801284663cad3a8f70e026780f34d04fa5ffb822f0cd5876c353",
- "zh:8f19c94a72fb4cecdc70ac97f04c24fa24c46a4e125bbb7c24f642e95f753c70",
- "zh:a965929f10651c7139009aa509a6929f2205f90e85ce91a8354416d17624ed04",
- ]
-}
diff --git a/modules/hetzner/README.md b/modules/hetzner/README.md
deleted file mode 100644
index d3f2da4..0000000
--- a/modules/hetzner/README.md
+++ /dev/null
@@ -1,82 +0,0 @@
-# Hetzner
-
-
-## Requirements
-
-| Name | Version |
-|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.0.0 |
-| [hcloud](#requirement\_hcloud) | >= 1.47.0, < 2.0.0 |
-| [local](#requirement\_local) | >= 2.5.1, < 3.0.0 |
-| [ssh](#requirement\_ssh) | >= 2.7.0, < 3.0.0 |
-
-## Providers
-
-| Name | Version |
-|------|---------|
-| [hcloud](#provider\_hcloud) | 1.48.0 |
-| [local](#provider\_local) | 2.5.1 |
-| [ssh](#provider\_ssh) | 2.7.0 |
-
-## Modules
-
-| Name | Source | Version |
-|------|--------|---------|
-| [k3s](#module\_k3s) | github.com/mrsimonemms/terraform-module-k3s | n/a |
-
-## Resources
-
-| Name | Type |
-|------|------|
-| [hcloud_firewall.firewall](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/firewall) | resource |
-| [hcloud_load_balancer.k3s_manager](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/load_balancer) | resource |
-| [hcloud_load_balancer_network.k3s_manager](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/load_balancer_network) | resource |
-| [hcloud_load_balancer_service.k3s_manager](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/load_balancer_service) | resource |
-| [hcloud_load_balancer_target.k3s_manager](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/load_balancer_target) | resource |
-| [hcloud_network.network](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/network) | resource |
-| [hcloud_network_subnet.subnet](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/network_subnet) | resource |
-| [hcloud_placement_group.managers](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/placement_group) | resource |
-| [hcloud_placement_group.workers](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/placement_group) | resource |
-| [hcloud_server.manager](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/server) | resource |
-| [hcloud_server.workers](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/server) | resource |
-| [hcloud_ssh_key.server](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/ssh_key) | resource |
-| [local_sensitive_file.kubeconfig](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/sensitive_file) | resource |
-| [ssh_resource.manager_ready](https://registry.terraform.io/providers/loafoe/ssh/latest/docs/resources/resource) | resource |
-| [ssh_resource.workers_ready](https://registry.terraform.io/providers/loafoe/ssh/latest/docs/resources/resource) | resource |
-
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|------|---------|:--------:|
-| [firewall\_allow\_api\_access](#input\_firewall\_allow\_api\_access) | CIDR range to allow access to the Kubernetes API | `list(string)` | [
"0.0.0.0/0",
"::/0"
]
| no |
-| [firewall\_allow\_ssh\_access](#input\_firewall\_allow\_ssh\_access) | CIDR range to allow access to the servers via SSH | `list(string)` | [
"0.0.0.0/0",
"::/0"
]
| no |
-| [k3s\_manager\_load\_balancer\_algorithm](#input\_k3s\_manager\_load\_balancer\_algorithm) | Algorithm to use for the k3s manager load balancer | `string` | `"round_robin"` | no |
-| [k3s\_manager\_load\_balancer\_type](#input\_k3s\_manager\_load\_balancer\_type) | Load balancer type for the k3s manager nodes | `string` | `"lb11"` | no |
-| [k3s\_manager\_pool](#input\_k3s\_manager\_pool) | Manager pool configuration | object({
name = optional(string, "manager")
server_type = optional(string, "cx22")
count = optional(number, 1)
image = optional(string, "ubuntu-24.04")
}) | `{}` | no |
-| [k3s\_worker\_pools](#input\_k3s\_worker\_pools) | Worker pools configuration | list(object({
name = string
server_type = optional(string, "cx22")
count = optional(number, 1)
image = optional(string, "ubuntu-24.04")
location = optional(string) # Defaults to var.location if not set
})) | `[]` | no |
-| [kubeconfig\_output\_path](#input\_kubeconfig\_output\_path) | Output path for the Kubeconfig | `string` | `"~/.kube/config"` | no |
-| [location](#input\_location) | Location to use. This is a single datacentre. | `string` | `"nbg1"` | no |
-| [name](#input\_name) | Name of project | `string` | `"k3s"` | no |
-| [network\_subnet](#input\_network\_subnet) | Subnet of the main network | `string` | `"10.0.0.0/16"` | no |
-| [network\_type](#input\_network\_type) | Type of network to use | `string` | `"cloud"` | no |
-| [region](#input\_region) | Region to use. This covers multiple datacentres. | `string` | `"eu-central"` | no |
-| [ssh\_key](#input\_ssh\_key) | Private SSH key | `string` | n/a | yes |
-| [ssh\_key\_public](#input\_ssh\_key\_public) | Public SSH key | `string` | n/a | yes |
-| [ssh\_port](#input\_ssh\_port) | Port to use for SSH access | `number` | `2244` | no |
-| [workspace](#input\_workspace) | Terraform workspace name | `string` | `"default"` | no |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| [hcloud\_network\_name](#output\_hcloud\_network\_name) | Name of the network |
-| [k3s\_cluster\_cidr](#output\_k3s\_cluster\_cidr) | CIDR used for the k3s cluster |
-| [kube\_api\_server](#output\_kube\_api\_server) | Kubernetes API server address |
-| [kubeconfig](#output\_kubeconfig) | Kubeconfig |
-| [location](#output\_location) | Location to use. This is a single datacentre. |
-| [network\_name](#output\_network\_name) | Name of the network |
-| [pools](#output\_pools) | Servers created |
-| [region](#output\_region) | Region to use. This covers multiple datacentres. |
-| [ssh\_port](#output\_ssh\_port) | SSH port for server |
-| [ssh\_user](#output\_ssh\_user) | SSH user for server |
-
diff --git a/modules/hetzner/files/cloud-config.yaml b/modules/hetzner/files/cloud-config.yaml
deleted file mode 100644
index 62afb1b..0000000
--- a/modules/hetzner/files/cloud-config.yaml
+++ /dev/null
@@ -1,32 +0,0 @@
-#cloud-config
-
-package_reboot_if_required: true
-package_update: true
-package_upgrade: true
-packages:
- - curl
- - yq
-runcmd:
- - [service, sshd, restart]
- - [rm, -f, /root/.ssh/authorized_keys]
- - chown ${user}:${user} "/home/${user}"
-timezone: UTC
-users:
- - default
- - name: "${user}"
- gecos: "${user}"
- sudo: ALL=(ALL) NOPASSWD:ALL
- lock_passwd: true
- shell: /bin/bash
- ssh_authorized_keys:
- - "${chomp(publicKey)}"
-write_files:
- - path: /etc/ssh/sshd_config.d/ssh.conf
- content: |
- PasswordAuthentication no
- PermitRootLogin no
- Port ${sshPort}
- - path: /etc/environment
- content: |
- KUBECONFIG="/etc/rancher/k3s/k3s.yaml"
- append: true
diff --git a/modules/hetzner/k3s.tf b/modules/hetzner/k3s.tf
deleted file mode 100644
index e051be2..0000000
--- a/modules/hetzner/k3s.tf
+++ /dev/null
@@ -1,70 +0,0 @@
-# Copyright 2024 Simon Emms
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-module "k3s" {
- # tflint-ignore: terraform_module_pinned_source
- source = "github.com/mrsimonemms/terraform-module-k3s"
-
- managers = [
- for i in hcloud_server.manager : {
- advertise-address = tolist(i.network)[0].ip
- name = i.name
- node-external-ip = i.ipv4_address
- node-ip = tolist(i.network)[0].ip
-
- connection = {
- host = i.ipv4_address
- port = var.ssh_port
- private_key = var.ssh_key
- user = local.ssh_user
- }
- }
- ]
-
- workers = {
- for i, p in local.k3s_worker_pools : p.pool => {
- name = hcloud_server.workers[i].name
- node-external-ip = hcloud_server.workers[i].ipv4_address
- node-ip = tolist(hcloud_server.workers[i].network)[0].ip
-
- connection = {
- host = hcloud_server.workers[i].ipv4_address
- port = var.ssh_port
- private_key = var.ssh_key
- user = local.ssh_user
- }
- }...
- }
-
- disable_addons = [
- "local-storage",
- "servicelb",
- "traefik"
- ]
- kubelet_args = ["cloud-provider=external"]
- manager_load_balancer_address = var.k3s_manager_pool.count > 1 ? hcloud_load_balancer.k3s_manager[0].ipv4 : null
- network_subnet = hcloud_network_subnet.subnet.ip_range
-
- depends_on = [
- ssh_resource.manager_ready,
- ssh_resource.workers_ready
- ]
-}
-
-resource "local_sensitive_file" "kubeconfig" {
- content = module.k3s.kubeconfig
- filename = pathexpand(var.kubeconfig_output_path)
- file_permission = "0600"
- directory_permission = "0755"
-}
diff --git a/modules/hetzner/load_balancer.tf b/modules/hetzner/load_balancer.tf
deleted file mode 100644
index d415bb6..0000000
--- a/modules/hetzner/load_balancer.tf
+++ /dev/null
@@ -1,60 +0,0 @@
-# Copyright 2024 Simon Emms
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-resource "hcloud_load_balancer" "k3s_manager" {
- count = var.k3s_manager_pool.count > 1 ? 1 : 0
-
- name = format(local.name_format, "load_balancer")
- load_balancer_type = var.k3s_manager_load_balancer_type
- location = var.location
-
- algorithm {
- type = var.k3s_manager_load_balancer_algorithm
- }
-
- labels = merge(local.labels, {})
-}
-
-resource "hcloud_load_balancer_network" "k3s_manager" {
- count = var.k3s_manager_pool.count > 1 ? 1 : 0
-
- load_balancer_id = hcloud_load_balancer.k3s_manager[count.index].id
- network_id = hcloud_network.network.id
-
- depends_on = [
- hcloud_network_subnet.subnet
- ]
-}
-
-resource "hcloud_load_balancer_service" "k3s_manager" {
- count = var.k3s_manager_pool.count > 1 ? 1 : 0
-
- load_balancer_id = hcloud_load_balancer.k3s_manager[count.index].id
- protocol = "tcp"
- listen_port = local.kubernetes_api_port
- destination_port = local.kubernetes_api_port
-}
-
-resource "hcloud_load_balancer_target" "k3s_manager" {
- count = var.k3s_manager_pool.count > 1 ? 1 : 0
-
- load_balancer_id = hcloud_load_balancer.k3s_manager[count.index].id
- type = "label_selector"
- label_selector = join(",", [for key, value in local.k3s_manager_labels : "${key}=${value}"])
- use_private_ip = true
-
- depends_on = [
- hcloud_load_balancer_network.k3s_manager
- ]
-}
diff --git a/modules/hetzner/locals.tf b/modules/hetzner/locals.tf
deleted file mode 100644
index 38f11b7..0000000
--- a/modules/hetzner/locals.tf
+++ /dev/null
@@ -1,57 +0,0 @@
-# Copyright 2024 Simon Emms
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-locals {
- global_ipv4_cidr = "0.0.0.0/0"
- global_ipv6_cidr = "::/0"
- k3s_manager_labels = merge(local.labels, {
- format(local.label_namespace, "type") = "manager"
- })
- k3s_worker_labels = merge(local.labels, {
- format(local.label_namespace, "type") = "worker"
- })
- # Convert pools into individual servers
- k3s_worker_pools = flatten([
- for w in var.k3s_worker_pools : [
- for n in range(w.count) :
- merge(
- w,
- {
- location = w.location != null ? w.location : var.location
- name = "${w.name}-${n}"
- pool = w.name
- }
- )
- ]
- ])
- kubernetes_api_port = 6443
- labels = {
- format(local.label_namespace, "project") = var.name
- format(local.label_namespace, "provisioner") = "terraform"
- format(local.label_namespace, "workspace") = local.workspace_name
- }
- label_namespace = "simonemms.com/%s"
- name_format = join("-", [
- local.workspace_name,
- var.name,
- "%s", # resource name
- ]) # use `format(local.name_format, "")` to use this
- ssh_user = "k3smanager"
- user_data = templatefile("${path.module}/files/cloud-config.yaml", {
- sshPort = var.ssh_port
- publicKey = hcloud_ssh_key.server.public_key
- user = local.ssh_user
- })
- workspace_name = replace(var.workspace, "/[\\W]/", "") # alphanumeric workspace name
-}
diff --git a/modules/hetzner/networks.tf b/modules/hetzner/networks.tf
deleted file mode 100644
index 1522698..0000000
--- a/modules/hetzner/networks.tf
+++ /dev/null
@@ -1,149 +0,0 @@
-# Copyright 2024 Simon Emms
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-locals {
- firewall = [
- {
- description = "SSH port"
- port = var.ssh_port
- source_ips = var.firewall_allow_ssh_access
- },
- {
- description = "Allow ICMP (ping)"
- source_ips = [
- local.global_ipv4_cidr,
- local.global_ipv6_cidr,
- ]
- protocol = "icmp"
- port = null
- },
- {
- description = "Allow all TCP traffic on private network"
- source_ips = [
- hcloud_network.network.ip_range
- ]
- },
- {
- description = "Allow all UDP traffic on private network"
- source_ips = [
- hcloud_network.network.ip_range
- ]
- protocol = "udp"
- },
- {
- description = "Allow TCP access to port 80"
- source_ips = [
- local.global_ipv4_cidr,
- local.global_ipv6_cidr,
- ]
- port = 80
- },
- {
- description = "Allow TCP access to port 443"
- source_ips = [
- local.global_ipv4_cidr,
- local.global_ipv6_cidr,
- ]
- port = 443
- },
- # Unifi ports
- {
- description = "Unifi controller"
- source_ips = [
- local.global_ipv4_cidr,
- local.global_ipv6_cidr,
- ]
- port = 8080
- },
- {
- description = "Unifi speedtest"
- source_ips = [
- local.global_ipv4_cidr,
- local.global_ipv6_cidr,
- ]
- port = 6789
- },
- {
- description = "Unifi stun"
- source_ips = [
- local.global_ipv4_cidr,
- local.global_ipv6_cidr,
- ]
- port = 3478
- protocol = "udp"
- },
- {
- description = "Unifi syslog"
- source_ips = [
- local.global_ipv4_cidr,
- local.global_ipv6_cidr,
- ]
- port = 5514
- protocol = "udp"
- },
- {
- description = "Unifi discovery"
- source_ips = [
- local.global_ipv4_cidr,
- local.global_ipv6_cidr,
- ]
- port = 10001
- protocol = "udp"
- },
- # Direct public access only allowed if single manager node
- {
- description = "Allow access to Kubernetes API"
- port = local.kubernetes_api_port
- source_ips = var.firewall_allow_api_access
- disabled = var.k3s_manager_pool.count > 1
- }
- ]
-}
-
-resource "hcloud_network" "network" {
- name = format(local.name_format, "network")
- ip_range = var.network_subnet
-
- labels = merge(local.labels, {})
-}
-
-resource "hcloud_network_subnet" "subnet" {
- network_id = hcloud_network.network.id
- type = var.network_type
- network_zone = var.region
- ip_range = var.network_subnet
-}
-
-resource "hcloud_firewall" "firewall" {
- name = format(local.name_format, "firewall")
-
- dynamic "rule" {
- for_each = [for each in local.firewall : each if lookup(each, "disabled", false) != true]
-
- content {
- description = lookup(rule.value, "description", "")
- destination_ips = lookup(rule.value, "destination_ips", [])
- direction = lookup(rule.value, "direction", "in")
- port = lookup(rule.value, "port", "any")
- protocol = lookup(rule.value, "protocol", "tcp")
- source_ips = lookup(rule.value, "source_ips", [])
- }
- }
-
- apply_to {
- label_selector = join(",", [for key, value in local.labels : "${key}=${value}"])
- }
-
- labels = merge(local.labels, {})
-}
diff --git a/modules/hetzner/output.tf b/modules/hetzner/output.tf
deleted file mode 100644
index 28f2de6..0000000
--- a/modules/hetzner/output.tf
+++ /dev/null
@@ -1,83 +0,0 @@
-# Copyright 2024 Simon Emms
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-output "hcloud_network_name" {
- description = "Name of the network"
- value = hcloud_network.network.name
-}
-
-output "kubeconfig" {
- sensitive = true
- description = "Kubeconfig"
- value = module.k3s.kubeconfig
-}
-
-output "kube_api_server" {
- sensitive = true
- description = "Kubernetes API server address"
- value = module.k3s.kube_api_server
-}
-
-output "k3s_cluster_cidr" {
- description = "CIDR used for the k3s cluster"
- value = module.k3s.cluster_cidr
-}
-
-output "location" {
- description = "Location to use. This is a single datacentre."
- value = var.location
-}
-
-output "network_name" {
- description = "Name of the network"
- value = hcloud_network.network.name
-}
-
-output "pools" {
- sensitive = true
- description = "Servers created"
- value = merge(
- {
- managers : [
- for m in hcloud_server.manager : {
- name = m.name
- ipv4_address = m.ipv4_address
- ipv6_address = m.ipv6_address
- }
- ]
- },
- {
- for k, w in local.k3s_worker_pools : w.pool => {
- name = hcloud_server.workers[k].name
- ipv4_address = hcloud_server.workers[k].ipv4_address
- ipv6_address = hcloud_server.workers[k].ipv6_address
- }...
- }
- )
-}
-
-output "region" {
- description = "Region to use. This covers multiple datacentres."
- value = var.region
-}
-
-output "ssh_port" {
- description = "SSH port for server"
- value = var.ssh_port
-}
-
-output "ssh_user" {
- description = "SSH user for server"
- value = local.ssh_user
-}
diff --git a/modules/hetzner/server.tf b/modules/hetzner/server.tf
deleted file mode 100644
index 30eead2..0000000
--- a/modules/hetzner/server.tf
+++ /dev/null
@@ -1,162 +0,0 @@
-# Copyright 2024 Simon Emms
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-##########
-# Common #
-##########
-resource "hcloud_ssh_key" "server" {
- name = format(local.name_format, "ssh_key")
- public_key = var.ssh_key_public
-
- labels = merge(local.k3s_manager_labels, {})
-}
-
-############
-# Managers #
-############
-resource "hcloud_placement_group" "managers" {
- count = var.k3s_manager_pool.count > 1 ? 1 : 0
-
- name = format(local.name_format, "manager")
- type = "spread"
-
- labels = merge(local.k3s_manager_labels, {})
-}
-
-resource "hcloud_server" "manager" {
- count = var.k3s_manager_pool.count
-
- name = format(local.name_format, "manager-${count.index}")
- image = var.k3s_manager_pool.image
- server_type = var.k3s_manager_pool.server_type
- location = var.location
- ssh_keys = [
- hcloud_ssh_key.server.id
- ]
-
- # No placement group if single node manager
- placement_group_id = try(hcloud_placement_group.managers[0].id, null)
-
- user_data = local.user_data
-
- network {
- network_id = hcloud_network.network.id
- # Set the alias_ips to avoid this triggering an update each run
- # @link https://github.com/hetznercloud/terraform-provider-hcloud/issues/650#issuecomment-1497160625
- alias_ips = []
- }
-
- public_net {
- ipv4_enabled = true
- ipv6_enabled = true
- }
-
- labels = merge(local.k3s_manager_labels, {})
-
- depends_on = [
- hcloud_load_balancer_network.k3s_manager
- ]
-
- lifecycle {
- ignore_changes = [
- ssh_keys
- ]
- }
-}
-
-##################
-# Static workers #
-##################
-resource "hcloud_placement_group" "workers" {
- for_each = toset([for i in var.k3s_worker_pools : i.name])
-
- name = format(local.name_format, each.value)
- type = "spread"
-
- labels = merge(local.k3s_worker_labels, {})
-}
-
-resource "hcloud_server" "workers" {
- count = length(local.k3s_worker_pools)
- # for_each = { for i in local.k3s_worker_pools : i.name => i }
-
- name = format(local.name_format, local.k3s_worker_pools[count.index].name)
- image = local.k3s_worker_pools[count.index].image
- server_type = local.k3s_worker_pools[count.index].server_type
- location = local.k3s_worker_pools[count.index].location
- ssh_keys = [
- hcloud_ssh_key.server.id
- ]
- placement_group_id = hcloud_placement_group.workers[local.k3s_worker_pools[count.index].pool].id
-
- user_data = local.user_data
-
- network {
- network_id = hcloud_network.network.id
- # Set the alias_ips to avoid this triggering an update each run
- # @link https://github.com/hetznercloud/terraform-provider-hcloud/issues/650#issuecomment-1497160625
- alias_ips = []
- }
-
- public_net {
- ipv4_enabled = true
- ipv6_enabled = true
- }
-
- labels = merge(local.k3s_worker_labels, {
- format(local.label_namespace, "pool") = local.k3s_worker_pools[count.index].pool
- })
-
- lifecycle {
- ignore_changes = [
- ssh_keys
- ]
- }
-}
-
-resource "ssh_resource" "manager_ready" {
- count = var.k3s_manager_pool.count
-
- host = hcloud_server.manager[count.index].ipv4_address
- user = local.ssh_user
- private_key = var.ssh_key
- port = var.ssh_port
-
- timeout = "5m"
- retry_delay = "5s"
-
- commands = [
- "cloud-init status | grep \"status: done\""
- ]
-
- depends_on = [hcloud_server.manager]
-}
-
-resource "ssh_resource" "workers_ready" {
- count = length(hcloud_server.workers)
-
- host = hcloud_server.workers[count.index].ipv4_address
- user = local.ssh_user
- private_key = var.ssh_key
- port = var.ssh_port
-
- timeout = "5m"
- retry_delay = "5s"
-
- commands = [
- "cloud-init status | grep \"status: done\""
- ]
-
- depends_on = [hcloud_server.workers]
-}
diff --git a/modules/hetzner/terraform.tf b/modules/hetzner/terraform.tf
deleted file mode 100644
index ed7bb9a..0000000
--- a/modules/hetzner/terraform.tf
+++ /dev/null
@@ -1,31 +0,0 @@
-# Copyright 2024 Simon Emms
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-terraform {
- required_version = ">= 1.0.0"
- required_providers {
- hcloud = {
- source = "hetznercloud/hcloud"
- version = ">= 1.47.0, < 2.0.0"
- }
- local = {
- source = "hashicorp/local"
- version = ">= 2.5.1, < 3.0.0"
- }
- ssh = {
- source = "loafoe/ssh"
- version = ">= 2.7.0, < 3.0.0"
- }
- }
-}
diff --git a/modules/hetzner/variables.tf b/modules/hetzner/variables.tf
deleted file mode 100644
index ef4cfb4..0000000
--- a/modules/hetzner/variables.tf
+++ /dev/null
@@ -1,135 +0,0 @@
-# Copyright 2024 Simon Emms
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-variable "firewall_allow_api_access" {
- type = list(string)
- description = "CIDR range to allow access to the Kubernetes API"
- default = [
- "0.0.0.0/0",
- "::/0"
- ]
-}
-
-variable "firewall_allow_ssh_access" {
- type = list(string)
- description = "CIDR range to allow access to the servers via SSH"
- default = [
- "0.0.0.0/0",
- "::/0"
- ]
-}
-
-variable "k3s_manager_load_balancer_algorithm" {
- type = string
- description = "Algorithm to use for the k3s manager load balancer"
- default = "round_robin"
-}
-
-variable "k3s_manager_load_balancer_type" {
- type = string
- description = "Load balancer type for the k3s manager nodes"
- default = "lb11"
-}
-
-variable "k3s_manager_pool" {
- type = object({
- name = optional(string, "manager")
- server_type = optional(string, "cx22")
- count = optional(number, 1)
- image = optional(string, "ubuntu-24.04")
- })
- description = "Manager pool configuration"
- default = {}
-
- validation {
- condition = var.k3s_manager_pool.count >= 1 && var.k3s_manager_pool.count % 2 == 1
- error_message = "Invalid k3s_manager_pool.count given."
- }
-}
-
-variable "k3s_worker_pools" {
- type = list(object({
- name = string
- server_type = optional(string, "cx22")
- count = optional(number, 1)
- image = optional(string, "ubuntu-24.04")
- location = optional(string) # Defaults to var.location if not set
- }))
- description = "Worker pools configuration"
- default = []
-}
-
-variable "kubeconfig_output_path" {
- type = string
- description = "Output path for the Kubeconfig"
- default = "~/.kube/config"
-}
-
-variable "location" {
- type = string
- description = "Location to use. This is a single datacentre."
- default = "nbg1"
-}
-
-variable "name" {
- type = string
- description = "Name of project"
- default = "k3s"
-}
-
-variable "network_type" {
- type = string
- description = "Type of network to use"
- default = "cloud"
-
- validation {
- condition = contains(["cloud", "server", "vswitch"], var.network_type)
- error_message = "Invalid network_type selected."
- }
-}
-
-variable "network_subnet" {
- type = string
- description = "Subnet of the main network"
- default = "10.0.0.0/16"
-}
-
-variable "region" {
- type = string
- description = "Region to use. This covers multiple datacentres."
- default = "eu-central"
-}
-
-variable "ssh_key" {
- sensitive = true
- type = string
- description = "Private SSH key"
-}
-
-variable "ssh_key_public" {
- type = string
- description = "Public SSH key"
-}
-
-variable "ssh_port" {
- type = number
- description = "Port to use for SSH access"
- default = 2244
-}
-
-variable "workspace" {
- type = string
- description = "Terraform workspace name"
- default = "default"
-}
diff --git a/modules/kubernetes/.terraform.lock.hcl b/modules/kubernetes/.terraform.lock.hcl
index 2a56f19..692b4e7 100644
--- a/modules/kubernetes/.terraform.lock.hcl
+++ b/modules/kubernetes/.terraform.lock.hcl
@@ -2,64 +2,86 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/helm" {
- version = "2.14.1"
+ version = "2.16.1"
constraints = ">= 2.14.0, < 3.0.0"
hashes = [
- "h1:G9CHU8KJrKkOILDnkU38VLBrd8CQwk1SSLJiTNxssSU=",
- "zh:0b8190016b101edbec158f869e14e5bcb9708dc88040e3d0119f6bf0a0384fa6",
- "zh:0bd483d0193716ee7f30ce2e25eebb463aa51700c716842e25026bf2167e8feb",
- "zh:5c8c16640f84f952e7ed1bab43b91c65f97168dd3bc189ea368e07fd40d44037",
- "zh:67729452ff9c4f7a32d2e0008ce5deb86293929704ed3219971595db757924fa",
- "zh:72dd1bc749de240e3700623ab1ff9b490ad5bbf17338e02d30b13a04a3b3c4ef",
- "zh:7dcaec73d82c61f4bf315a5074217c6a8c1f774955a7b6f80c943a8907067a6f",
- "zh:a48e27fbd17112e4f29d67d0467a8ea1ca554f98bf1f0748f1ebbc61355c465e",
- "zh:b6283654f06d6ac5e0d67b0807c348fe5a700febf18f4990bf965705b379e29e",
- "zh:dee35c1a536364431b9a6e022a9f89e2942425ca7111edd1ea89d596d68ee4e7",
+ "h1:TerRBdq69SxIWg3ET2VE0bcP0BYRIWZOp1QxXj/14Fk=",
+ "zh:0003f6719a32aee9afaeeb001687fc0cfc8c2d5f54861298cf1dc5711f3b4e65",
+ "zh:16cd5bfee09e7bb081b8b4470f31a9af508e52220fd97fd81c6dda725d9422fe",
+ "zh:51817de8fdc2c2e36785f23fbf4ec022111bd1cf7679498c16ad0ad7471c16db",
+ "zh:51b95829b2873be40a65809294bffe349e40cfccc3ff6fee0f471d01770e0ebd",
+ "zh:56b158dde897c47e1460181fc472c3e920aa23db40579fdc2aad333c1456d2dd",
+ "zh:916641d26c386959eb982e680028aa677b787687ef7c1283241e45620bc8df50",
+ "zh:aec15ca8605babba77b283f2ca35daca53e006d567e1c3a3daf50497035b820b",
+ "zh:c2cecf710b87c8f3a4d186da2ea12cf08041f97ae0c6db82649720d6ed929d65",
+ "zh:dbdd96f17aea25c7db2d516ab8172a5e683c6686c72a1a44173d2fe96319be39",
+ "zh:de11e180368434a796b1ab6f20fde7554dc74f7800e063b8e4c8ec3a86d0be63",
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- "zh:f5dd0141145104c681620d470093bd16bf3e4833021907581317c0b4ed650f8d",
- "zh:f7fe46792e37d918e14740fb562b92a6d1594d60a43cc6b944a23a32930a2b16",
+ "zh:f827a9c1540d210c56053a2d5d5a6abda924896ffa8eeedc94054cf6d44c5f60",
]
}
provider "registry.terraform.io/hashicorp/kubernetes" {
- version = "2.31.0"
+ version = "2.35.0"
constraints = ">= 2.31.0, < 3.0.0"
hashes = [
- "h1:wGHbATbv/pBVTST1MtEn0zyVhZbzZJD2NYq2EddASHY=",
- "zh:0d16b861edb2c021b3e9d759b8911ce4cf6d531320e5dc9457e2ea64d8c54ecd",
- "zh:1bad69ed535a5f32dec70561eb481c432273b81045d788eb8b37f2e4a322cc40",
- "zh:43c58e3912fcd5bb346b5cb89f31061508a9be3ca7dd4cd8169c066203bcdfb3",
- "zh:4778123da9206918a92dfa73cc711475d2b9a8275ff25c13a30513c523ac9660",
- "zh:8bfa67d2db03b3bfae62beebe6fb961aee8d91b7a766efdfe4d337b33dfd23dd",
- "zh:9020bb5729db59a520ade5e24984b737e65f8b81751fbbd343926f6d44d22176",
- "zh:90431dbfc5b92498bfbce38f0b989978c84421a6c33245b97788a46b563fbd6e",
- "zh:b71a061dda1244f6a52500e703a9524b851e7b11bbf238c17bbd282f27d51cb2",
- "zh:d6232a7651b834b89591b94bf4446050119dcde740247e6083a4d55a2cefd28a",
- "zh:d89fba43e699e28e2b5e92fff2f75fc03dbc8de0df9dacefe1a8836f8f430753",
- "zh:ef85c0b744f5ba1b10dadc3c11e331ba4225c45bb733e024d7218c24b02b0512",
+ "h1:uQ3dNlUlHbm6Px3C9zOOSjHwT5EuhlYkiJU7rOImQ7c=",
+ "zh:059080ce30d4bf47ebce3bd09202c7f0e8fd7e734aeb2ace3dfbd1f1266c723c",
+ "zh:43f99c88ab344a8c108335a085483c8a786ff3194fe6acc279c1f4d8ff7a6603",
+ "zh:922aaa5766dacd0e4ef6eb401da538fe8d0ad1e79bfbb8e17dbfe86e6182d746",
+ "zh:a42b96a4570a1ba16556362a834a879d433395c8f1d8f24c0fc33c2cfd2065d9",
+ "zh:bf4271cc0f3cd81a1db34c150799cbe09ed6a131b185962a36a1e675767ef681",
+ "zh:c68cdb3c3b8aaf177af40e1cd1000d09e3a17d2610d8a125e4e6bf479d2efb71",
+ "zh:cf10a45e702af18fdec4fab30d8e6c447ab5cefa1ca9e2c94a3c9e802b7759c8",
+ "zh:d975dab312d2097700da1ea7aab1c1190e2acd99e5248f9be881093df2312bf4",
+ "zh:e297fdcb2ec49c7c77f1b2d793a7a6edaf6d9153036eb2aeaff9a3f4b9686bfa",
"zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+ "zh:f607aa5b080a317c5ed353713cc33a4b3735e98bd4f4c15d33b494ae193db0b2",
+ "zh:f82baadbd4de5d3e4871672945be843a6540a339772b63db6dc3304860a4d97d",
+ ]
+}
+
+provider "registry.terraform.io/hetznercloud/hcloud" {
+ version = "1.49.1"
+ constraints = ">= 1.49.1, < 2.0.0"
+ hashes = [
+ "h1:FKGRNHVbcfQJd8EWrb8Ze5QHkaGr8zI+ZKxBMjvOwPk=",
+ "zh:3d5f9773da4f8203cf625d04a5a0e4ff7e202684c010a801a945756140c61cde",
+ "zh:446305d492017cda91e5c15122ec16ff15bfe3ef4d3fd6bcea0cdf7742ab1b86",
+ "zh:44d4f9156ed8b4f0444bd4dc456825940be49048828565964a192286d28c9f20",
+ "zh:492ad893d2f89bb17c9beb877c8ceb4a16caf39db1a79030fefeada6c7aa217f",
+ "zh:68dc552c19ad9d209ec6018445df6e06fb77a637513a53cc66ddce1b024082be",
+ "zh:7492495ffda6f6c49ab38b539bd2eb965b1150a63fb6b191a27dec07d17601cb",
+ "zh:850fe92005981ea00db86c3e49ba5b49732fdf1f7bd5530a68f6e272847059fc",
+ "zh:8cb67f744c233acfb1d68a6c27686315439d944edf733b95f113b4aa63d86713",
+ "zh:8e13dac46e8c2497772ed1baee701b1d1c26bcc95a63b5c4566c83468f504868",
+ "zh:c44249c6a8ba931e208a334792686b5355ab2da465cadea03c1ea8e73c02db12",
+ "zh:d103125a28a85c89aea0cb0c534fe3f504416c4d4fc75c37364b9ec5f66dd77d",
+ "zh:ed8f64e826aa9bfca95b72892271678cb78411b40d7b404a52404141e05a4ab1",
+ "zh:f40efad816de00b279bd1e2cbf62c76b0e5b2da150a0764f259984b318e30945",
+ "zh:f5e912d0873bf4ecc43feba4ceccdf158048080c76d557e47f34749139fdd452",
]
}
provider "registry.terraform.io/infisical/infisical" {
- version = "0.12.4"
+ version = "0.12.8"
constraints = ">= 0.12.4, < 1.0.0"
hashes = [
- "h1:3aQ8kD5y2QnHMv95/oq3ncVkzG9CdsAvF2i7BOy6Zmc=",
- "zh:136fccc7a295cf1b5c60eb4a0987ed0f764baf9495229dce3b103f6bbb1b9bec",
- "zh:1632cb256e00eb98cd7bcee68dd1bb22ac374282afd86b069f799dfa6c5165ff",
- "zh:32243d378892171bdff9fe4a6a9c1b9a2e33d4c994ce925a7be71369499c1388",
- "zh:3286934bd93913a9b71da13412cb2063206a47595325fafc857cb129be1883b4",
- "zh:471c47214abdba700e8b1da1da1875528ddb833abedd4fc39b14b0a31b8b6d32",
- "zh:62e6a3554152f50bae482b46543916fd008a63ec477c9c4e010f330aeff26152",
- "zh:789e58b41f7013a643ed12d634e0a20b7e14fb6a999e6c9cbd3df07e46facff0",
- "zh:7a7c709a0a4ace794f5e3bcc24833c84c9e7a9d09f2a16e130c49d70f399a8c5",
- "zh:839b319aec6fc0cb53a5af93e9aa248ccff71301855557308508f1dbca61244f",
+ "h1:7YICEHXGD+RkdW/JAwcglfNglYA/bdPbGTCiHCZFUcA=",
+ "zh:2a000238a3aa10764b8f29d40955264d05b735d78412982888cc619dfd4ff743",
+ "zh:418e1c9ed2780d006d7856695c2ac04979983a8dc08c703505c0e1e106d5d989",
+ "zh:4e354cefae9fee8ef2e128ea27a4b3408712b3dd9318fd0edc1888e862253c56",
+ "zh:5dd62efb9174ac5d7420f5faf32ddafc65cbe8f1dbdbf7f864262e8f1554b1fb",
+ "zh:625c589ac2acad092a2f918093595300e46bdcec4aeff93bb32afafce2953e45",
+ "zh:65a2d6ee59a613dcb47eb8d34254fca397de7d71f60629b1fa3c703449f9813a",
+ "zh:689d744df9ee2465ab84ee48e081231c22dbc64bc7ba1e455cc2f5900c8fa8bc",
+ "zh:7034c4b44a33e8840e22dd828edb71dab7f453a8b564b3e3f322a25a567b7d5c",
+ "zh:758204f45b7484327b142e3ad79a365c2b1d94fcb34f6afc48bdf39f173d1f7c",
+ "zh:7ecfd429c5bef309feab8b28b58f017a03a484ef28232192ccc6f7fb89661ba8",
+ "zh:8768abaebe83470b7e3ac696b6e64b85dc1249f3510f9689e1169e2f2d2de451",
"zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
- "zh:afadc2e6ff247485baada2c363a40208ebc9756544d7c8b2450877e121b1da77",
- "zh:b87e5220adcbb116d144ea370788f345d6a775defd9f2c5c4aaf3a29b35d4f1e",
- "zh:c96a1f1e279bcaf3051cc4bf1828613a51f56fc819ae68920dbf3d75763e20ca",
- "zh:d4362a6f8d7d4ad96239669be361fe026eba2fd6835617037765d9196c3ebbb9",
- "zh:da7daeb4b2f9e3f9351dbd06dbb5b81a36693541c3f750554d693d82bd66d002",
+ "zh:8f0dc18dbd3843553cdc3eaa27731473817ff8e7f77155f2d276fc0c015cbc6f",
+ "zh:e7cd5733d4d6feb73818b6f32fb194aa235ed803e81dc7eeedf7d6e12933789f",
+ "zh:f3f2436ab87a0af94f43b8a7d4f9b1858ac21847415cde1e212ed9a686055ca8",
]
}
diff --git a/modules/kubernetes/README.md b/modules/kubernetes/README.md
index 5c427c5..84e1356 100644
--- a/modules/kubernetes/README.md
+++ b/modules/kubernetes/README.md
@@ -6,6 +6,7 @@
| Name | Version |
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.0.0 |
+| [hcloud](#requirement\_hcloud) | >= 1.49.1, < 2.0.0 |
| [helm](#requirement\_helm) | >= 2.14.0, < 3.0.0 |
| [infisical](#requirement\_infisical) | >= 0.12.4, < 1.0.0 |
| [kubernetes](#requirement\_kubernetes) | >= 2.31.0, < 3.0.0 |
@@ -14,9 +15,10 @@
| Name | Version |
|------|---------|
-| [helm](#provider\_helm) | 2.14.1 |
-| [infisical](#provider\_infisical) | 0.12.4 |
-| [kubernetes](#provider\_kubernetes) | 2.31.0 |
+| [hcloud](#provider\_hcloud) | 1.49.1 |
+| [helm](#provider\_helm) | 2.16.1 |
+| [infisical](#provider\_infisical) | 0.12.8 |
+| [kubernetes](#provider\_kubernetes) | 2.35.0 |
## Modules
@@ -27,18 +29,15 @@ No modules.
| Name | Type |
|------|------|
| [helm_release.argocd](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.hcloud_ccm](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
-| [helm_release.hcloud_csi](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [kubernetes_config_map_v1.metallb](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map_v1) | resource |
| [kubernetes_namespace_v1.argocd](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
| [kubernetes_namespace_v1.external_secrets](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
| [kubernetes_namespace_v1.metallb](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
| [kubernetes_secret_v1.bitwarden](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
-| [kubernetes_secret_v1.hcloud](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
| [kubernetes_secret_v1.infisical](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
| [kubernetes_secret_v1.oidc_secret](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
+| [hcloud_servers.manager_nodes](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/data-sources/servers) | data source |
| [infisical_secrets.common_secrets](https://registry.terraform.io/providers/infisical/infisical/latest/docs/data-sources/secrets) | data source |
-| [kubernetes_nodes.cluster](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/data-sources/nodes) | data source |
## Inputs
@@ -50,18 +49,13 @@ No modules.
| [argocd\_version](#input\_argocd\_version) | Version of ArgoCD to use - defaults to latest | `string` | `null` | no |
| [bitwarden\_token](#input\_bitwarden\_token) | Bitwarden Secret Manager token | `string` | n/a | yes |
| [cluster\_issuer](#input\_cluster\_issuer) | Cluster issuer to use for certificate | `string` | `"letsencrypt-staging"` | no |
+| [cluster\_name](#input\_cluster\_name) | Name of the cluster | `string` | n/a | yes |
| [domain](#input\_domain) | Domain to use - this may be a top-level or subdomain | `string` | n/a | yes |
-| [hcloud\_network\_name](#input\_hcloud\_network\_name) | Name of the network | `string` | n/a | yes |
-| [hcloud\_token](#input\_hcloud\_token) | Write token for the Hetzner API | `string` | n/a | yes |
-| [hetzner\_cloud\_config\_manager\_version](#input\_hetzner\_cloud\_config\_manager\_version) | Version of the HCloud CCM to use - defaults to latest | `string` | `null` | no |
-| [hetzner\_csi\_driver\_version](#input\_hetzner\_csi\_driver\_version) | Tag of the CSI driver to use - defaults to latest | `string` | `null` | no |
| [infisical\_client\_id](#input\_infisical\_client\_id) | Infisical client ID | `string` | n/a | yes |
| [infisical\_client\_secret](#input\_infisical\_client\_secret) | Infisical client secret | `string` | n/a | yes |
| [infisical\_environment\_slug](#input\_infisical\_environment\_slug) | Infisical environment slug | `string` | n/a | yes |
| [infisical\_project\_id](#input\_infisical\_project\_id) | Infisical project ID | `string` | n/a | yes |
-| [k3s\_cluster\_cidr](#input\_k3s\_cluster\_cidr) | CIDR used for the k3s cluster | `string` | `"10.244.0.0/16"` | no |
-| [kube\_context](#input\_kube\_context) | Kubernetes context to use | `string` | `"default"` | no |
-| [kubeconfig](#input\_kubeconfig) | Kubeconfig for the cluster | `string` | n/a | yes |
+| [kubeconfig\_path](#input\_kubeconfig\_path) | Kubeconfig for the cluster | `string` | n/a | yes |
## Outputs
diff --git a/modules/kubernetes/argocd.tf b/modules/kubernetes/argocd.tf
index 61bfc61..fe23510 100644
--- a/modules/kubernetes/argocd.tf
+++ b/modules/kubernetes/argocd.tf
@@ -108,8 +108,4 @@ resource "helm_release" "argocd" {
))
})
]
-
- depends_on = [
- helm_release.hcloud_ccm,
- ]
}
diff --git a/stacks/prod/terragrunt.hcl b/modules/kubernetes/dev.tfvars
similarity index 74%
rename from stacks/prod/terragrunt.hcl
rename to modules/kubernetes/dev.tfvars
index fd4d9ea..0f8567e 100644
--- a/stacks/prod/terragrunt.hcl
+++ b/modules/kubernetes/dev.tfvars
@@ -11,3 +11,9 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+
+argocd_oidc_tls_skip_verify = true
+cluster_name = "dev"
+domain = "dev.simonemms.com"
+infisical_environment_slug = "dev"
+kubeconfig_path = "~/.kube/config"
diff --git a/modules/kubernetes/files/cloud-controller-manager.yaml b/modules/kubernetes/files/cloud-controller-manager.yaml
index eaa98ca..2b80dbc 100644
--- a/modules/kubernetes/files/cloud-controller-manager.yaml
+++ b/modules/kubernetes/files/cloud-controller-manager.yaml
@@ -3,4 +3,4 @@ networking:
env:
HCLOUD_LOAD_BALANCERS_ENABLED:
- value: "false"
+ value: "false"
diff --git a/modules/kubernetes/hetzner.tf b/modules/kubernetes/hetzner.tf
deleted file mode 100644
index e157f50..0000000
--- a/modules/kubernetes/hetzner.tf
+++ /dev/null
@@ -1,96 +0,0 @@
-# Copyright 2024 Simon Emms
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-resource "kubernetes_secret_v1" "hcloud" {
- metadata {
- name = "hcloud"
- namespace = "kube-system"
- }
-
- data = {
- network = var.hcloud_network_name # Required by the CCM
- token = var.hcloud_token # Required by the CSI
- }
-}
-
-resource "helm_release" "hcloud_ccm" {
- chart = "hcloud-cloud-controller-manager"
- name = "hccm"
- atomic = true
- cleanup_on_fail = true
- namespace = "kube-system"
- repository = "https://charts.hetzner.cloud"
- reset_values = true
- version = var.hetzner_cloud_config_manager_version
- wait = true
-
- values = [
- templatefile("${path.module}/files/cloud-controller-manager.yaml", {})
- ]
-
- set {
- name = "networking.clusterCIDR"
- value = var.k3s_cluster_cidr
- }
-
- set {
- name = "podAnnotations.secret"
- value = sha512(yamlencode(kubernetes_secret_v1.hcloud.data))
- }
-
- depends_on = [kubernetes_secret_v1.hcloud]
-}
-
-resource "helm_release" "hcloud_csi" {
- chart = "hcloud-csi"
- name = "hcsi"
- atomic = true
- cleanup_on_fail = true
- namespace = "kube-system"
- repository = "https://charts.hetzner.cloud"
- reset_values = true
- version = var.hetzner_csi_driver_version
- wait = true
-
- set {
- name = "controller.podAnnotations.secret"
- value = sha512(yamlencode(kubernetes_secret_v1.hcloud.data))
- }
-
- # Allow running on control plane nodes
- dynamic "set" {
- for_each = flatten([
- for i, taint in local.control_plane_taints :
- [
- for k, v in taint :
- [
- {
- name = "controller.tolerations[${i}].${k}"
- value = v
- },
- {
- name = "node.tolerations[${i}].${k}"
- value = v
- },
- ]
- ]
- ])
- iterator = each
-
- content {
- name = each.value.name
- value = each.value.value
- }
- }
-}
diff --git a/modules/kubernetes/local.tf b/modules/kubernetes/local.tf
deleted file mode 100644
index 04570b5..0000000
--- a/modules/kubernetes/local.tf
+++ /dev/null
@@ -1,29 +0,0 @@
-# Copyright 2024 Simon Emms
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-locals {
- control_plane_taints = [
- {
- key = "CriticalAddonsOnly"
- operator = "Exists"
- },
- ]
- kubeconfig = yamldecode(var.kubeconfig)
- kubeconfig_clusters = try({ for context in local.kubeconfig.clusters : context.name => context.cluster }, {})
- kubeconfig_users = try({ for context in local.kubeconfig.users : context.name => context.user }, {})
- kubeconfig_by_context = try({ for context, cluster in local.kubeconfig_clusters : context => merge(cluster, local.kubeconfig_users[context]) }, {})
- manager_nodes = [
- for n in flatten(data.kubernetes_nodes.cluster.nodes) : n if strcontains(n.metadata[0].name, "manager")
- ]
-}
diff --git a/modules/kubernetes/metallb.tf b/modules/kubernetes/metallb.tf
index cee6e20..0d96496 100644
--- a/modules/kubernetes/metallb.tf
+++ b/modules/kubernetes/metallb.tf
@@ -12,11 +12,10 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-data "kubernetes_nodes" "cluster" {
- depends_on = [
- helm_release.hcloud_ccm,
- helm_release.hcloud_csi,
- ]
+
+# Only use managers as ingress IP
+data "hcloud_servers" "manager_nodes" {
+ with_selector = "cluster=${var.cluster_name},role=master"
}
resource "kubernetes_namespace_v1" "metallb" {
@@ -47,10 +46,7 @@ resource "kubernetes_config_map_v1" "metallb" {
namespace = kubernetes_namespace_v1.metallb.metadata[0].name
}
spec = {
- addresses = [
- # Only use managers as ingress IP
- for n in flatten(local.manager_nodes[*].status[*].addresses) : "${n.address}/32" if n.type == "ExternalIP"
- ]
+ addresses = [for s in data.hcloud_servers.manager_nodes.servers : s.ipv4_address]
}
})
}
diff --git a/modules/kubernetes/terraform.tf b/modules/kubernetes/terraform.tf
index 8cb32b6..a6ec00a 100644
--- a/modules/kubernetes/terraform.tf
+++ b/modules/kubernetes/terraform.tf
@@ -14,11 +14,21 @@
terraform {
required_version = ">= 1.0.0"
+
+ backend "kubernetes" {
+ secret_suffix = "state"
+ namespace = "kube-system"
+ }
+
required_providers {
helm = {
source = "hashicorp/helm"
version = ">= 2.14.0, < 3.0.0"
}
+ hcloud = {
+ source = "hetznercloud/hcloud"
+ version = ">= 1.49.1, < 2.0.0"
+ }
infisical = {
source = "infisical/infisical"
version = ">= 0.12.4, < 1.0.0"
@@ -32,10 +42,7 @@ terraform {
provider "helm" {
kubernetes {
- host = try(local.kubeconfig_by_context[var.kube_context].server, null)
- client_certificate = try(base64decode(local.kubeconfig_by_context[var.kube_context].client-certificate-data), null)
- client_key = try(base64decode(local.kubeconfig_by_context[var.kube_context].client-key-data), null)
- cluster_ca_certificate = try(base64decode(local.kubeconfig_by_context[var.kube_context].certificate-authority-data), null)
+ config_path = var.kubeconfig_path
}
}
@@ -45,8 +52,5 @@ provider "infisical" {
}
provider "kubernetes" {
- host = try(local.kubeconfig_by_context[var.kube_context].server, null)
- client_certificate = try(base64decode(local.kubeconfig_by_context[var.kube_context].client-certificate-data), null)
- client_key = try(base64decode(local.kubeconfig_by_context[var.kube_context].client-key-data), null)
- cluster_ca_certificate = try(base64decode(local.kubeconfig_by_context[var.kube_context].certificate-authority-data), null)
+ config_path = var.kubeconfig_path
}
diff --git a/modules/kubernetes/variables.tf b/modules/kubernetes/variables.tf
index 52ce493..830d69c 100644
--- a/modules/kubernetes/variables.tf
+++ b/modules/kubernetes/variables.tf
@@ -48,50 +48,19 @@ variable "cluster_issuer" {
default = "letsencrypt-staging"
}
-variable "domain" {
- type = string
- description = "Domain to use - this may be a top-level or subdomain"
-}
-
-variable "hcloud_network_name" {
- type = string
- description = "Name of the network"
-}
-
-variable "hcloud_token" {
- sensitive = true
+variable "cluster_name" {
type = string
- description = "Write token for the Hetzner API"
+ description = "Name of the cluster"
}
-variable "hetzner_cloud_config_manager_version" {
- type = string
- description = "Version of the HCloud CCM to use - defaults to latest"
- default = null
-}
-
-variable "hetzner_csi_driver_version" {
- type = string
- description = "Tag of the CSI driver to use - defaults to latest"
- default = null
-}
-
-variable "k3s_cluster_cidr" {
+variable "domain" {
type = string
- description = "CIDR used for the k3s cluster"
- default = "10.244.0.0/16"
+ description = "Domain to use - this may be a top-level or subdomain"
}
-variable "kubeconfig" {
+variable "kubeconfig_path" {
type = string
description = "Kubeconfig for the cluster"
- sensitive = true
-}
-
-variable "kube_context" {
- type = string
- description = "Kubernetes context to use"
- default = "default"
}
variable "infisical_client_id" {
diff --git a/registry/clusters/dev/components/10-cert-manager.yaml b/registry/clusters/dev/components/10-cert-manager.yaml
index 1f3b773..b2ac334 100644
--- a/registry/clusters/dev/components/10-cert-manager.yaml
+++ b/registry/clusters/dev/components/10-cert-manager.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/cert-manager
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: cert-manager
diff --git a/registry/clusters/dev/components/10-external-secrets.yaml b/registry/clusters/dev/components/10-external-secrets.yaml
index d12078f..c06b7c2 100644
--- a/registry/clusters/dev/components/10-external-secrets.yaml
+++ b/registry/clusters/dev/components/10-external-secrets.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/external-secrets
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
kustomize:
patches:
- target:
diff --git a/registry/clusters/dev/components/10-metrics.yaml b/registry/clusters/dev/components/10-metrics.yaml
new file mode 100644
index 0000000..115be52
--- /dev/null
+++ b/registry/clusters/dev/components/10-metrics.yaml
@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: metrics-components
+ namespace: argocd
+ annotations:
+ argocd.argoproj.io/sync-wave: "10"
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ project: default
+ source:
+ repoURL: https://github.com/mrsimonemms/infrastructure
+ path: registry/components/metrics
+ targetRevision: sje/hetzner-k3s
+ destination:
+ server: https://kubernetes.default.svc
+ namespace: metrics
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true
+ syncOptions:
+ - CreateNamespace=true
diff --git a/registry/clusters/dev/components/10-reloader.yaml b/registry/clusters/dev/components/10-reloader.yaml
index 00546af..da06b02 100644
--- a/registry/clusters/dev/components/10-reloader.yaml
+++ b/registry/clusters/dev/components/10-reloader.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/reloader
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: reloader
diff --git a/registry/clusters/dev/components/10-tailscale.yaml b/registry/clusters/dev/components/10-tailscale.yaml
index 3346fa7..a53a99f 100644
--- a/registry/clusters/dev/components/10-tailscale.yaml
+++ b/registry/clusters/dev/components/10-tailscale.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/tailscale
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
kustomize:
patches:
- target:
diff --git a/registry/clusters/dev/components/20-dex.yaml b/registry/clusters/dev/components/20-dex.yaml
index 86e18f2..760b185 100644
--- a/registry/clusters/dev/components/20-dex.yaml
+++ b/registry/clusters/dev/components/20-dex.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/dex
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
kustomize:
patches:
- target:
diff --git a/registry/clusters/dev/components/20-ingress-nginx.yaml b/registry/clusters/dev/components/20-ingress-nginx.yaml
index 856bf41..c38a902 100644
--- a/registry/clusters/dev/components/20-ingress-nginx.yaml
+++ b/registry/clusters/dev/components/20-ingress-nginx.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/ingress-nginx
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: ingress-nginx
diff --git a/registry/clusters/dev/components/20-metallb.yaml b/registry/clusters/dev/components/20-metallb.yaml
index 2294c0e..3a82d8c 100644
--- a/registry/clusters/dev/components/20-metallb.yaml
+++ b/registry/clusters/dev/components/20-metallb.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/metallb
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: metallb-system
diff --git a/registry/clusters/dev/components/20-monitoring.yaml b/registry/clusters/dev/components/20-monitoring.yaml
index 601878e..b7aa7f6 100644
--- a/registry/clusters/dev/components/20-monitoring.yaml
+++ b/registry/clusters/dev/components/20-monitoring.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/monitoring
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
kustomize:
patches:
- target:
diff --git a/registry/clusters/dev/components/30-argocd.yaml b/registry/clusters/dev/components/30-argocd.yaml
index b7afd55..d7b3b8f 100644
--- a/registry/clusters/dev/components/30-argocd.yaml
+++ b/registry/clusters/dev/components/30-argocd.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/argocd
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: argocd
diff --git a/registry/clusters/dev/components/30-external-dns.yaml b/registry/clusters/dev/components/30-external-dns.yaml
index 10ab298..e159363 100644
--- a/registry/clusters/dev/components/30-external-dns.yaml
+++ b/registry/clusters/dev/components/30-external-dns.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/external-dns
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: external-dns
diff --git a/registry/clusters/dev/components/30-unifi.yaml b/registry/clusters/dev/components/30-unifi.yaml
index 10372de..6ceeeee 100644
--- a/registry/clusters/dev/components/30-unifi.yaml
+++ b/registry/clusters/dev/components/30-unifi.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/unifi
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
kustomize:
patches:
- target:
diff --git a/registry/clusters/dev/components/40-fission.yaml b/registry/clusters/dev/components/40-fission.yaml
index 13900e6..c4bb278 100644
--- a/registry/clusters/dev/components/40-fission.yaml
+++ b/registry/clusters/dev/components/40-fission.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/fission
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
kustomize:
patches:
- target:
diff --git a/registry/clusters/dev/components/40-homepage.yaml b/registry/clusters/dev/components/40-homepage.yaml
index d10775e..138f5cb 100644
--- a/registry/clusters/dev/components/40-homepage.yaml
+++ b/registry/clusters/dev/components/40-homepage.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/homepage
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
kustomize:
patches:
- target:
diff --git a/registry/clusters/dev/registry.yaml b/registry/clusters/dev/registry.yaml
index 63a3173..3ae7e63 100644
--- a/registry/clusters/dev/registry.yaml
+++ b/registry/clusters/dev/registry.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/clusters/dev/components
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: argocd
diff --git a/registry/clusters/prod/components/10-cert-manager.yaml b/registry/clusters/prod/components/10-cert-manager.yaml
index 1f3b773..b2ac334 100644
--- a/registry/clusters/prod/components/10-cert-manager.yaml
+++ b/registry/clusters/prod/components/10-cert-manager.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/cert-manager
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: cert-manager
diff --git a/registry/clusters/prod/components/10-external-secrets.yaml b/registry/clusters/prod/components/10-external-secrets.yaml
index 65a1813..362ddd7 100644
--- a/registry/clusters/prod/components/10-external-secrets.yaml
+++ b/registry/clusters/prod/components/10-external-secrets.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/external-secrets
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: external-secrets
diff --git a/registry/clusters/prod/components/10-metrics.yaml b/registry/clusters/prod/components/10-metrics.yaml
new file mode 100644
index 0000000..115be52
--- /dev/null
+++ b/registry/clusters/prod/components/10-metrics.yaml
@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: metrics-components
+ namespace: argocd
+ annotations:
+ argocd.argoproj.io/sync-wave: "10"
+ finalizers:
+ - resources-finalizer.argocd.argoproj.io
+spec:
+ project: default
+ source:
+ repoURL: https://github.com/mrsimonemms/infrastructure
+ path: registry/components/metrics
+ targetRevision: sje/hetzner-k3s
+ destination:
+ server: https://kubernetes.default.svc
+ namespace: metrics
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true
+ syncOptions:
+ - CreateNamespace=true
diff --git a/registry/clusters/prod/components/10-reloader.yaml b/registry/clusters/prod/components/10-reloader.yaml
index 00546af..da06b02 100644
--- a/registry/clusters/prod/components/10-reloader.yaml
+++ b/registry/clusters/prod/components/10-reloader.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/reloader
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: reloader
diff --git a/registry/clusters/prod/components/10-tailscale.yaml b/registry/clusters/prod/components/10-tailscale.yaml
index aae8e9f..7679547 100644
--- a/registry/clusters/prod/components/10-tailscale.yaml
+++ b/registry/clusters/prod/components/10-tailscale.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/tailscale
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: tailscale
diff --git a/registry/clusters/prod/components/20-dex.yaml b/registry/clusters/prod/components/20-dex.yaml
index 9a34f0b..fd0ba37 100644
--- a/registry/clusters/prod/components/20-dex.yaml
+++ b/registry/clusters/prod/components/20-dex.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/dex
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: dex
diff --git a/registry/clusters/prod/components/20-ingress-nginx.yaml b/registry/clusters/prod/components/20-ingress-nginx.yaml
index 856bf41..c38a902 100644
--- a/registry/clusters/prod/components/20-ingress-nginx.yaml
+++ b/registry/clusters/prod/components/20-ingress-nginx.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/ingress-nginx
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: ingress-nginx
diff --git a/registry/clusters/prod/components/20-metallb.yaml b/registry/clusters/prod/components/20-metallb.yaml
index 673d8f4..dc63fd4 100644
--- a/registry/clusters/prod/components/20-metallb.yaml
+++ b/registry/clusters/prod/components/20-metallb.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/metallb
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: metallb-system
diff --git a/registry/clusters/prod/components/20-monitoring.yaml b/registry/clusters/prod/components/20-monitoring.yaml
index 46122d0..8cf85d2 100644
--- a/registry/clusters/prod/components/20-monitoring.yaml
+++ b/registry/clusters/prod/components/20-monitoring.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/monitoring
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: monitoring
diff --git a/registry/clusters/prod/components/20-pihole-ingress.yaml b/registry/clusters/prod/components/20-pihole-ingress.yaml
index 9ff9a9f..efdfce0 100644
--- a/registry/clusters/prod/components/20-pihole-ingress.yaml
+++ b/registry/clusters/prod/components/20-pihole-ingress.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/pihole-ingress
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: pihole
diff --git a/registry/clusters/prod/components/30-argocd.yaml b/registry/clusters/prod/components/30-argocd.yaml
index b7afd55..d7b3b8f 100644
--- a/registry/clusters/prod/components/30-argocd.yaml
+++ b/registry/clusters/prod/components/30-argocd.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/argocd
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: argocd
diff --git a/registry/clusters/prod/components/30-external-dns.yaml b/registry/clusters/prod/components/30-external-dns.yaml
index 10ab298..e159363 100644
--- a/registry/clusters/prod/components/30-external-dns.yaml
+++ b/registry/clusters/prod/components/30-external-dns.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/external-dns
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: external-dns
diff --git a/registry/clusters/prod/components/30-unifi.yaml b/registry/clusters/prod/components/30-unifi.yaml
index fd44912..76a6a36 100644
--- a/registry/clusters/prod/components/30-unifi.yaml
+++ b/registry/clusters/prod/components/30-unifi.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/unifi
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: unifi
diff --git a/registry/clusters/prod/components/40-fission.yaml b/registry/clusters/prod/components/40-fission.yaml
index 0f79b90..eb5afdc 100644
--- a/registry/clusters/prod/components/40-fission.yaml
+++ b/registry/clusters/prod/components/40-fission.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/fission
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: fission
diff --git a/registry/clusters/prod/components/40-homepage.yaml b/registry/clusters/prod/components/40-homepage.yaml
index 7310cbd..877928f 100644
--- a/registry/clusters/prod/components/40-homepage.yaml
+++ b/registry/clusters/prod/components/40-homepage.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/components/homepage
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: homepage
diff --git a/registry/clusters/prod/registry.yaml b/registry/clusters/prod/registry.yaml
index fc88aaf..9b24b54 100644
--- a/registry/clusters/prod/registry.yaml
+++ b/registry/clusters/prod/registry.yaml
@@ -12,7 +12,7 @@ spec:
source:
repoURL: https://github.com/mrsimonemms/infrastructure
path: registry/clusters/prod/components
- targetRevision: HEAD
+ targetRevision: sje/hetzner-k3s
destination:
server: https://kubernetes.default.svc
namespace: argocd
diff --git a/registry/components/ingress-nginx/application.yaml b/registry/components/ingress-nginx/application.yaml
index 2081c77..c46a4e4 100644
--- a/registry/components/ingress-nginx/application.yaml
+++ b/registry/components/ingress-nginx/application.yaml
@@ -24,7 +24,8 @@ spec:
enable-ssl-passthrough: true
service:
annotations:
- metallb.universe.tf/allow-shared-ip: primary
+ load-balancer.hetzner.cloud/location: nbg1
+ load-balancer.hetzner.cloud/use-private-ip: "true"
resources:
requests:
cpu: 100m
diff --git a/registry/components/metrics/application.yaml b/registry/components/metrics/application.yaml
new file mode 100644
index 0000000..d62cf01
--- /dev/null
+++ b/registry/components/metrics/application.yaml
@@ -0,0 +1,20 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+ name: metrics
+ namespace: argocd
+ annotations:
+ argocd.argoproj.io/sync-wave: "10"
+spec:
+ project: default
+ source:
+ chart: metrics-server
+ repoURL: https://kubernetes-sigs.github.io/metrics-server
+ targetRevision: 3.12.2
+ destination:
+ server: https://kubernetes.default.svc
+ namespace: kube-system
+ syncPolicy:
+ automated:
+ prune: true
+ selfHeal: true
diff --git a/stacks/common.hcl b/stacks/common.hcl
deleted file mode 100644
index 490b3bf..0000000
--- a/stacks/common.hcl
+++ /dev/null
@@ -1,40 +0,0 @@
-# Copyright 2024 Simon Emms
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-locals {
- tfc_hostname = "app.terraform.io"
- tfc_organization = "mrsimonemms"
- project = reverse(split("/", get_terragrunt_dir()))[0]
- workspace = basename(dirname(get_terragrunt_dir()))
-}
-
-generate "remote_state" {
- path = "backend.tf"
- if_exists = "overwrite_terragrunt"
- contents = <
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-terraform {
- source = "../../../modules/${basename(get_terragrunt_dir())}"
-}
-
-include {
- path = "../../common.hcl"
-}
-
-inputs = {
- k3s_manager_pool = {
- count = 1
- }
- k3s_worker_pools = [
- {
- count = 2
- name = "pool1"
- },
- ]
- network_subnet = "10.2.0.0/16"
-}
diff --git a/stacks/dev/kubernetes/.terraform.lock.hcl b/stacks/dev/kubernetes/.terraform.lock.hcl
deleted file mode 100644
index 5279d8c..0000000
--- a/stacks/dev/kubernetes/.terraform.lock.hcl
+++ /dev/null
@@ -1,65 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/helm" {
- version = "2.16.1"
- constraints = ">= 2.14.0, < 3.0.0"
- hashes = [
- "h1:TerRBdq69SxIWg3ET2VE0bcP0BYRIWZOp1QxXj/14Fk=",
- "zh:0003f6719a32aee9afaeeb001687fc0cfc8c2d5f54861298cf1dc5711f3b4e65",
- "zh:16cd5bfee09e7bb081b8b4470f31a9af508e52220fd97fd81c6dda725d9422fe",
- "zh:51817de8fdc2c2e36785f23fbf4ec022111bd1cf7679498c16ad0ad7471c16db",
- "zh:51b95829b2873be40a65809294bffe349e40cfccc3ff6fee0f471d01770e0ebd",
- "zh:56b158dde897c47e1460181fc472c3e920aa23db40579fdc2aad333c1456d2dd",
- "zh:916641d26c386959eb982e680028aa677b787687ef7c1283241e45620bc8df50",
- "zh:aec15ca8605babba77b283f2ca35daca53e006d567e1c3a3daf50497035b820b",
- "zh:c2cecf710b87c8f3a4d186da2ea12cf08041f97ae0c6db82649720d6ed929d65",
- "zh:dbdd96f17aea25c7db2d516ab8172a5e683c6686c72a1a44173d2fe96319be39",
- "zh:de11e180368434a796b1ab6f20fde7554dc74f7800e063b8e4c8ec3a86d0be63",
- "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- "zh:f827a9c1540d210c56053a2d5d5a6abda924896ffa8eeedc94054cf6d44c5f60",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/kubernetes" {
- version = "2.33.0"
- constraints = ">= 2.31.0, < 3.0.0"
- hashes = [
- "h1:Z2R1cnALV1BgzldRWir/TUvg10gkWSdEGsYJHFqD3bc=",
- "zh:255b35790b706d405e987750190658dcaefb663741b96803a9529ba5d7435329",
- "zh:362feba1aa820a8e02869ec71d1a08e87243dbce43671dc0995fa6c5a2fafa1d",
- "zh:39332abcf75b5dd9c78c79c7c0c094f7d4ca908d1b76bbd2aae67e8e3516710c",
- "zh:3e8e7f758bb09a9b5b613c8866e77541f8f00b521070cc86bc095ce61f010baf",
- "zh:427883b889b9c36630c3eec4d5c07bc4ae12cc0d358fc17ea42a8049bf8d5275",
- "zh:69bfc4ed067a5e4844db1a1809343652ff239aa0a8da089b1671524c44e8740a",
- "zh:6b9f731062b945c5020e0930ed9a1b1b50afd2caf751f0e70a282d165c970979",
- "zh:6faf9ec006af7ee7014a9c3251d65b701792abb823f149b0b7e4ac4433848201",
- "zh:b706f76d695104a47682ee6ab842870f9c70a680f979fa9e7efe34278c0831bc",
- "zh:b9bca48de2c92f57389ed58dd2fac564deaccd79a92cafd08edeed3ba6b91d4d",
- "zh:bbd3336dbee5aed9880f98e36fb8340e0c6d8f0399a05787521af599ccb3dac4",
- "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- ]
-}
-
-provider "registry.terraform.io/infisical/infisical" {
- version = "0.12.4"
- constraints = ">= 0.12.4, < 1.0.0"
- hashes = [
- "h1:3aQ8kD5y2QnHMv95/oq3ncVkzG9CdsAvF2i7BOy6Zmc=",
- "zh:136fccc7a295cf1b5c60eb4a0987ed0f764baf9495229dce3b103f6bbb1b9bec",
- "zh:1632cb256e00eb98cd7bcee68dd1bb22ac374282afd86b069f799dfa6c5165ff",
- "zh:32243d378892171bdff9fe4a6a9c1b9a2e33d4c994ce925a7be71369499c1388",
- "zh:3286934bd93913a9b71da13412cb2063206a47595325fafc857cb129be1883b4",
- "zh:471c47214abdba700e8b1da1da1875528ddb833abedd4fc39b14b0a31b8b6d32",
- "zh:62e6a3554152f50bae482b46543916fd008a63ec477c9c4e010f330aeff26152",
- "zh:789e58b41f7013a643ed12d634e0a20b7e14fb6a999e6c9cbd3df07e46facff0",
- "zh:7a7c709a0a4ace794f5e3bcc24833c84c9e7a9d09f2a16e130c49d70f399a8c5",
- "zh:839b319aec6fc0cb53a5af93e9aa248ccff71301855557308508f1dbca61244f",
- "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
- "zh:afadc2e6ff247485baada2c363a40208ebc9756544d7c8b2450877e121b1da77",
- "zh:b87e5220adcbb116d144ea370788f345d6a775defd9f2c5c4aaf3a29b35d4f1e",
- "zh:c96a1f1e279bcaf3051cc4bf1828613a51f56fc819ae68920dbf3d75763e20ca",
- "zh:d4362a6f8d7d4ad96239669be361fe026eba2fd6835617037765d9196c3ebbb9",
- "zh:da7daeb4b2f9e3f9351dbd06dbb5b81a36693541c3f750554d693d82bd66d002",
- ]
-}
diff --git a/stacks/dev/kubernetes/terragrunt.hcl b/stacks/dev/kubernetes/terragrunt.hcl
deleted file mode 100644
index 536d9d5..0000000
--- a/stacks/dev/kubernetes/terragrunt.hcl
+++ /dev/null
@@ -1,40 +0,0 @@
-# Copyright 2024 Simon Emms
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-terraform {
- source = "../../../modules/${basename(get_terragrunt_dir())}"
-}
-
-include {
- path = "../../common.hcl"
-}
-
-dependency "hetzner" {
- config_path = "../hetzner"
-
- mock_outputs = {
- hcloud_network_name = "some-network-name"
- k3s_cluster_cidr = "some-cluster-cidr"
- kubeconfig = "some-kubeconfig"
- }
-}
-
-inputs = {
- argocd_oidc_tls_skip_verify = true
- domain = "dev.simonemms.com"
- hcloud_network_name = dependency.hetzner.outputs.hcloud_network_name
- infisical_environment_slug = "dev"
- k3s_cluster_cidr = dependency.hetzner.outputs.k3s_cluster_cidr
- kubeconfig = dependency.hetzner.outputs.kubeconfig
-}
diff --git a/stacks/dev/terragrunt.hcl b/stacks/dev/terragrunt.hcl
deleted file mode 100644
index fd4d9ea..0000000
--- a/stacks/dev/terragrunt.hcl
+++ /dev/null
@@ -1,13 +0,0 @@
-# Copyright 2024 Simon Emms
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
diff --git a/stacks/prod/hetzner/.terraform.lock.hcl b/stacks/prod/hetzner/.terraform.lock.hcl
deleted file mode 100644
index 5a9a2c9..0000000
--- a/stacks/prod/hetzner/.terraform.lock.hcl
+++ /dev/null
@@ -1,63 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/local" {
- version = "2.5.1"
- constraints = ">= 2.5.1, < 3.0.0"
- hashes = [
- "h1:8oTPe2VUL6E2d3OcrvqyjI4Nn/Y/UEQN26WLk5O/B0g=",
- "zh:0af29ce2b7b5712319bf6424cb58d13b852bf9a777011a545fac99c7fdcdf561",
- "zh:126063ea0d79dad1f68fa4e4d556793c0108ce278034f101d1dbbb2463924561",
- "zh:196bfb49086f22fd4db46033e01655b0e5e036a5582d250412cc690fa7995de5",
- "zh:37c92ec084d059d37d6cffdb683ccf68e3a5f8d2eb69dd73c8e43ad003ef8d24",
- "zh:4269f01a98513651ad66763c16b268f4c2da76cc892ccfd54b401fff6cc11667",
- "zh:51904350b9c728f963eef0c28f1d43e73d010333133eb7f30999a8fb6a0cc3d8",
- "zh:73a66611359b83d0c3fcba2984610273f7954002febb8a57242bbb86d967b635",
- "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
- "zh:7ae387993a92bcc379063229b3cce8af7eaf082dd9306598fcd42352994d2de0",
- "zh:9e0f365f807b088646db6e4a8d4b188129d9ebdbcf2568c8ab33bddd1b82c867",
- "zh:b5263acbd8ae51c9cbffa79743fbcadcb7908057c87eb22fd9048268056efbc4",
- "zh:dfcd88ac5f13c0d04e24be00b686d069b4879cc4add1b7b1a8ae545783d97520",
- ]
-}
-
-provider "registry.terraform.io/hetznercloud/hcloud" {
- version = "1.48.0"
- constraints = ">= 1.47.0, < 2.0.0"
- hashes = [
- "h1:pdeMfdZHftUivK+TGABJI4fnRHvF0GFbCGWxh+uL+94=",
- "zh:19d38d046e26153edcdd36ce8c0e16198aa9dea5186559651c4a75c455390573",
- "zh:3cb7c453067bcabed68275f812100685fc2f753f37c0e620d3358e642833b5f0",
- "zh:42cabdbb55dba02816be8d9d3fc30f51d610516cc54c3f057e6bb3ffc960b550",
- "zh:486aaa88c6c9af37f07ffea4b54a7dbd11e9faee09f4ed3f2dbcb2d94064427a",
- "zh:69b1a9dc867d9beac752f42501f465ea22d3fbc8af8b3a7190b6aa50fcc0db51",
- "zh:7422b2ec1188d9e70c3ee34ff201eb12809c0602a009224f7cea6940cce64567",
- "zh:7e31665f004a4d0055f0b1b0c0f4d36039c11bb789fc7c07fc9fb54d0d38d751",
- "zh:866eb35b5ca82566f7793ec88dc135c6476f33ea0f7a7f10be9768ba3408e791",
- "zh:961efe244a5163a3369817bdd1092aae2e58391d7e21929fab56473d62385d1d",
- "zh:a08a965235e6db0233730b93a024e2b8a8c1567dd453eb0aa4aec59b9ed91558",
- "zh:c031636938f665629ef3d48d771b6037571ddb886366ade241ed19551aaea24f",
- "zh:cf8fc251e4ae701d5f2503f5d1b9f7e5f804f676a1b9b2d88a59930d6b7a9054",
- "zh:d5fa2cc80a6361d92c5c725f677f93de5d98c9d644ac978f083a06a7381dda1d",
- "zh:ecef5c1e59d1c6cde6aee407b79aecd76d6c129dcec4f67666085f0403a0f46a",
- ]
-}
-
-provider "registry.terraform.io/loafoe/ssh" {
- version = "2.7.0"
- constraints = ">= 2.7.0, < 3.0.0"
- hashes = [
- "h1:MYcyNF/9w/O0nEeKmopbji1NqeD9kpd2a55r9E4rFXs=",
- "zh:0301be53defa9294c713fb3ce4c9925e83051b7444b6eb7262c692ad514f9c46",
- "zh:2670797441d6fefddaaac4498f31b0dc8053fe82a3744fca44da7471e6449f1f",
- "zh:2d70166644fba761aec397920e9e843cce2c060875ddd224f7791ea2cd7bd6e6",
- "zh:30bda314598fee47cf890adfb6f3e1db606feab99252ccfdd0e5c93108f38fdd",
- "zh:3a0c0c9f1aff15818fb5fe97b361b879baf19886d413fa468165c3c6de49d348",
- "zh:5183c1a7fb5d1f1394bfcfe716a61c4191198ccbd64311601c68c52a3a1ea7e2",
- "zh:5190fd7e18f0e46d2263fafa04a6862578abb1c14d60ea3e6597f1b00b041ec7",
- "zh:825e2a7eb6c176dc96b82a1123d63ce6e04ef502a973a7ac44ab156cae4f991a",
- "zh:8e0716c9a628801284663cad3a8f70e026780f34d04fa5ffb822f0cd5876c353",
- "zh:8f19c94a72fb4cecdc70ac97f04c24fa24c46a4e125bbb7c24f642e95f753c70",
- "zh:a965929f10651c7139009aa509a6929f2205f90e85ce91a8354416d17624ed04",
- ]
-}
diff --git a/stacks/prod/hetzner/terragrunt.hcl b/stacks/prod/hetzner/terragrunt.hcl
deleted file mode 100644
index 519bf59..0000000
--- a/stacks/prod/hetzner/terragrunt.hcl
+++ /dev/null
@@ -1,29 +0,0 @@
-# Copyright 2024 Simon Emms
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-terraform {
- source = "../../../modules/${basename(get_terragrunt_dir())}"
-}
-
-include {
- path = "../../common.hcl"
-}
-
-inputs = {
- k3s_manager_pool = {
- count = 3
- server_type = "cx32"
- }
- k3s_worker_pools = []
-}
diff --git a/stacks/prod/kubernetes/.terraform.lock.hcl b/stacks/prod/kubernetes/.terraform.lock.hcl
deleted file mode 100644
index 2a56f19..0000000
--- a/stacks/prod/kubernetes/.terraform.lock.hcl
+++ /dev/null
@@ -1,65 +0,0 @@
-# This file is maintained automatically by "terraform init".
-# Manual edits may be lost in future updates.
-
-provider "registry.terraform.io/hashicorp/helm" {
- version = "2.14.1"
- constraints = ">= 2.14.0, < 3.0.0"
- hashes = [
- "h1:G9CHU8KJrKkOILDnkU38VLBrd8CQwk1SSLJiTNxssSU=",
- "zh:0b8190016b101edbec158f869e14e5bcb9708dc88040e3d0119f6bf0a0384fa6",
- "zh:0bd483d0193716ee7f30ce2e25eebb463aa51700c716842e25026bf2167e8feb",
- "zh:5c8c16640f84f952e7ed1bab43b91c65f97168dd3bc189ea368e07fd40d44037",
- "zh:67729452ff9c4f7a32d2e0008ce5deb86293929704ed3219971595db757924fa",
- "zh:72dd1bc749de240e3700623ab1ff9b490ad5bbf17338e02d30b13a04a3b3c4ef",
- "zh:7dcaec73d82c61f4bf315a5074217c6a8c1f774955a7b6f80c943a8907067a6f",
- "zh:a48e27fbd17112e4f29d67d0467a8ea1ca554f98bf1f0748f1ebbc61355c465e",
- "zh:b6283654f06d6ac5e0d67b0807c348fe5a700febf18f4990bf965705b379e29e",
- "zh:dee35c1a536364431b9a6e022a9f89e2942425ca7111edd1ea89d596d68ee4e7",
- "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- "zh:f5dd0141145104c681620d470093bd16bf3e4833021907581317c0b4ed650f8d",
- "zh:f7fe46792e37d918e14740fb562b92a6d1594d60a43cc6b944a23a32930a2b16",
- ]
-}
-
-provider "registry.terraform.io/hashicorp/kubernetes" {
- version = "2.31.0"
- constraints = ">= 2.31.0, < 3.0.0"
- hashes = [
- "h1:wGHbATbv/pBVTST1MtEn0zyVhZbzZJD2NYq2EddASHY=",
- "zh:0d16b861edb2c021b3e9d759b8911ce4cf6d531320e5dc9457e2ea64d8c54ecd",
- "zh:1bad69ed535a5f32dec70561eb481c432273b81045d788eb8b37f2e4a322cc40",
- "zh:43c58e3912fcd5bb346b5cb89f31061508a9be3ca7dd4cd8169c066203bcdfb3",
- "zh:4778123da9206918a92dfa73cc711475d2b9a8275ff25c13a30513c523ac9660",
- "zh:8bfa67d2db03b3bfae62beebe6fb961aee8d91b7a766efdfe4d337b33dfd23dd",
- "zh:9020bb5729db59a520ade5e24984b737e65f8b81751fbbd343926f6d44d22176",
- "zh:90431dbfc5b92498bfbce38f0b989978c84421a6c33245b97788a46b563fbd6e",
- "zh:b71a061dda1244f6a52500e703a9524b851e7b11bbf238c17bbd282f27d51cb2",
- "zh:d6232a7651b834b89591b94bf4446050119dcde740247e6083a4d55a2cefd28a",
- "zh:d89fba43e699e28e2b5e92fff2f75fc03dbc8de0df9dacefe1a8836f8f430753",
- "zh:ef85c0b744f5ba1b10dadc3c11e331ba4225c45bb733e024d7218c24b02b0512",
- "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
- ]
-}
-
-provider "registry.terraform.io/infisical/infisical" {
- version = "0.12.4"
- constraints = ">= 0.12.4, < 1.0.0"
- hashes = [
- "h1:3aQ8kD5y2QnHMv95/oq3ncVkzG9CdsAvF2i7BOy6Zmc=",
- "zh:136fccc7a295cf1b5c60eb4a0987ed0f764baf9495229dce3b103f6bbb1b9bec",
- "zh:1632cb256e00eb98cd7bcee68dd1bb22ac374282afd86b069f799dfa6c5165ff",
- "zh:32243d378892171bdff9fe4a6a9c1b9a2e33d4c994ce925a7be71369499c1388",
- "zh:3286934bd93913a9b71da13412cb2063206a47595325fafc857cb129be1883b4",
- "zh:471c47214abdba700e8b1da1da1875528ddb833abedd4fc39b14b0a31b8b6d32",
- "zh:62e6a3554152f50bae482b46543916fd008a63ec477c9c4e010f330aeff26152",
- "zh:789e58b41f7013a643ed12d634e0a20b7e14fb6a999e6c9cbd3df07e46facff0",
- "zh:7a7c709a0a4ace794f5e3bcc24833c84c9e7a9d09f2a16e130c49d70f399a8c5",
- "zh:839b319aec6fc0cb53a5af93e9aa248ccff71301855557308508f1dbca61244f",
- "zh:890df766e9b839623b1f0437355032a3c006226a6c200cd911e15ee1a9014e9f",
- "zh:afadc2e6ff247485baada2c363a40208ebc9756544d7c8b2450877e121b1da77",
- "zh:b87e5220adcbb116d144ea370788f345d6a775defd9f2c5c4aaf3a29b35d4f1e",
- "zh:c96a1f1e279bcaf3051cc4bf1828613a51f56fc819ae68920dbf3d75763e20ca",
- "zh:d4362a6f8d7d4ad96239669be361fe026eba2fd6835617037765d9196c3ebbb9",
- "zh:da7daeb4b2f9e3f9351dbd06dbb5b81a36693541c3f750554d693d82bd66d002",
- ]
-}
diff --git a/stacks/prod/kubernetes/terragrunt.hcl b/stacks/prod/kubernetes/terragrunt.hcl
deleted file mode 100644
index 9cd7014..0000000
--- a/stacks/prod/kubernetes/terragrunt.hcl
+++ /dev/null
@@ -1,40 +0,0 @@
-# Copyright 2024 Simon Emms
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-terraform {
- source = "../../../modules/${basename(get_terragrunt_dir())}"
-}
-
-include {
- path = "../../common.hcl"
-}
-
-dependency "hetzner" {
- config_path = "../hetzner"
-
- mock_outputs = {
- hcloud_network_name = "some-network-name"
- k3s_cluster_cidr = "some-cluster-cidr"
- kubeconfig = "some-kubeconfig"
- }
-}
-
-inputs = {
- cluster_issuer = "letsencrypt"
- domain = "simonemms.com"
- hcloud_network_name = dependency.hetzner.outputs.hcloud_network_name
- infisical_environment_slug = "prod"
- k3s_cluster_cidr = dependency.hetzner.outputs.k3s_cluster_cidr
- kubeconfig = dependency.hetzner.outputs.kubeconfig
-}
diff --git a/stacks/terragrunt.hcl b/stacks/terragrunt.hcl
deleted file mode 100644
index fd4d9ea..0000000
--- a/stacks/terragrunt.hcl
+++ /dev/null
@@ -1,13 +0,0 @@
-# Copyright 2024 Simon Emms
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.