diff --git a/infrastructure/equinix-metal/main.tf b/infrastructure/equinix-metal/main.tf index 947e589..5c16b90 100644 --- a/infrastructure/equinix-metal/main.tf +++ b/infrastructure/equinix-metal/main.tf @@ -28,6 +28,14 @@ resource "equinix_metal_project_ssh_key" "ssh_key" { public_key = var.ssh_public_key } +resource "equinix_metal_reserved_ip_block" "elastic_ip" { + for_each = toset(var.elastic_ips) + project_id = var.equinix_project_id + type = "global_ipv4" + quantity = 1 + description = each.value +} + resource "equinix_metal_device" "control_plane" { hostname = "${var.cluster_name}-control-plane" plan = var.device_plan @@ -71,8 +79,9 @@ resource "equinix_metal_device" "worker" { depends_on = [equinix_metal_device.control_plane] user_data = < /etc/netplan/01-netcfg.yaml\nnetplan apply\n" : ""} curl -sfL https://get.k3s.io | INSTALL_K3S_CHANNEL="${var.k3s_version}" sh -s - agent \ ---token "${var.k3s_token}" \ +${each.value.elastic_ip != "" ? "--node-external-ip ${cidrhost(equinix_metal_reserved_ip_block.elastic_ip[each.value.elastic_ip].cidr_notation, 0)}" : ""} --token "${var.k3s_token}" \ --server "https://${equinix_metal_device.control_plane.access_private_ipv4}:6443" \ ${join(" \\\n", [for k, v in each.value.labels : "--node-label ${k}=${v}"])} EOF @@ -85,6 +94,11 @@ EOF } } +resource "equinix_metal_ip_attachment" "monitoring" { + device_id = equinix_metal_device.worker["internal-1"].id + cidr_notation = join("/", [cidrhost(equinix_metal_reserved_ip_block.elastic_ip["monitoring"].cidr_notation, 0), "32"]) +} + resource "null_resource" "install_cilium_cni" { depends_on = [equinix_metal_device.control_plane] triggers = { diff --git a/infrastructure/equinix-metal/variables.tf b/infrastructure/equinix-metal/variables.tf index 3517f41..d760216 100644 --- a/infrastructure/equinix-metal/variables.tf +++ b/infrastructure/equinix-metal/variables.tf @@ -34,6 +34,12 @@ variable "device_plan" { default = "m3.small.x86" } +variable "elastic_ips" { + description = "List of Equinix Metal elastic ip names" + type = list(string) + default = ["monitoring"] +} + variable "equinix_auth_token" { description = "Authentication token for Equinix Metal" type = string @@ -103,11 +109,13 @@ variable "ssh_private_key_path" { variable "worker_nodes" { description = "Map of worker nodes and config" type = map(object({ + elastic_ip = string labels = map(string) plan = string })) default = { internal-1 = { + elastic_ip = "monitoring" labels = { cncf-project = "wg-green-reviews" cncf-project-sub = "internal" @@ -115,6 +123,7 @@ variable "worker_nodes" { plan = "m3.small.x86" }, falco-a = { + elastic_ip = "" labels = { cncf-project = "falco" cncf-project-sub = "falco-driver-modern-ebpf"