feat: reuse loadbalancer for ingress

2026-01-13 21:11:02 +00:00 · 2022-01-08 19:05:53 +01:00 · 2022-01-08 19:05:53 +01:00 · da1b4c9082
commit da1b4c9082
parent 9e528c9b7b
8 changed files with 65 additions and 10 deletions
--- a/k3s_cluster_v2/agents.tf
+++ b/k3s_cluster_v2/agents.tf
@ -20,3 +20,11 @@ resource "hcloud_server_network" "agents_network" {
  subnet_id = hcloud_network_subnet.k3s_nodes.id
  ip        = cidrhost(hcloud_network_subnet.k3s_nodes.ip_range, 1 + var.control_count + count.index)
 }
 resource "hcloud_load_balancer_target" "ingress" {
  count            = var.compute_count
  type             = "server"
  load_balancer_id = hcloud_load_balancer.k3s.id
  server_id        = hcloud_server.agents[count.index].id
  use_private_ip   = true
 }
--- a/k3s_cluster_v2/flux.tf
+++ b/k3s_cluster_v2/flux.tf
@ -92,6 +92,18 @@ resource "kubernetes_secret" "main" {
  }
 }
 resource "kubernetes_secret" "github_notifications" {
  metadata {
    name      = "github"
    namespace = data.flux_sync.main.namespace
  }
  data = {
    token = var.github_token_flux_notifications
  }
 }
 # GitHub
 resource "github_repository" "main" {
  name       = var.repository_name
--- a/k3s_cluster_v2/k3s.tf
+++ b/k3s_cluster_v2/k3s.tf
@ -25,7 +25,12 @@ module "k3s" {
        agent = true
      }
-      flags       = ["--disable-cloud-controller", "--tls-san ${var.domain}"]
+      flags = [
        "--disable-cloud-controller",
        "--tls-san ${var.domain}",
        # We need to modify the helm release to work with one loadbalancer for api+ingress
        "--disable traefik"
      ]
      annotations = { "server_id" : i } // theses annotations will not be managed by this module
    }
  }
--- a/k3s_cluster_v2/main.tf
+++ b/k3s_cluster_v2/main.tf
@ -44,3 +44,19 @@ resource "hcloud_rdns" "k3s" {
  ip_address       = hcloud_load_balancer.k3s.ipv4
  dns_ptr          = var.domain
 }
 ### LB Ingress
 resource "hcloud_load_balancer_service" "ingress_https" {
  load_balancer_id = hcloud_load_balancer.k3s.id
  protocol         = "tcp"
  listen_port      = 443
  destination_port = 32443
 }
 resource "hcloud_load_balancer_service" "ingress_http" {
  load_balancer_id = hcloud_load_balancer.k3s.id
  protocol         = "tcp"
  listen_port      = 80
  destination_port = 32080
 }
--- a/k3s_cluster_v2/server.tf
+++ b/k3s_cluster_v2/server.tf
@ -35,4 +35,5 @@ resource "hcloud_load_balancer_target" "api" {
  type             = "server"
  load_balancer_id = hcloud_load_balancer.k3s.id
  server_id        = hcloud_server.control_planes[count.index].id
  use_private_ip   = true
 }
--- a/k3s_cluster_v2/variables.tf
+++ b/k3s_cluster_v2/variables.tf
@ -67,6 +67,11 @@ variable "github_token" {
  sensitive = true
 }
 variable "github_token_flux_notifications" {
  type      = string
  sensitive = true
 }
 variable "repository_name" {
  type = string
 }
--- a/main.tf
+++ b/main.tf
@ -41,6 +41,7 @@ module "k3s_cluster_v2" {
  ## Flux
  github_owner                    = "apricote"
  github_token                    = var.github_token
  github_token_flux_notifications = var.github_token_flux_notifications
  repository_name                 = "home-cloud-flux-v2"
  branch                          = "main"
  repository_visibility           = "private"
--- a/variables.tf
+++ b/variables.tf
@ -9,6 +9,13 @@ variable "hcloud_ccm_token" {
 }
 variable "github_token" {
  description = "Github Personal Access Token that is used by Terraform"
  type        = string
  sensitive   = true
 }
 variable "github_token_flux_notifications" {
  description = "GH PAT used by flux for notifications"
  type        = string
  sensitive   = true
 }