diff --git a/modules/kubernetes/.terraform.lock.hcl b/modules/kubernetes/.terraform.lock.hcl
index 23f584a..ccd1347 100644
--- a/modules/kubernetes/.terraform.lock.hcl
+++ b/modules/kubernetes/.terraform.lock.hcl
@@ -1,6 +1,26 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
+provider "registry.terraform.io/hashicorp/helm" {
+ version = "2.14.0"
+ constraints = ">= 2.14.0, < 3.0.0"
+ hashes = [
+ "h1:MCwlHF214XoAqJ11wR1SQuZmjJyAagKOqgSzl9hHrPg=",
+ "zh:087a475fda3649e4b6b9aeb5f21704972f5d85c10d0bf334289b0a1b8c1a5575",
+ "zh:1877991d976491d4e2a653a89491bd3b92123a00f442f15aa62caea8902677c7",
+ "zh:233d9e550b900be8bbf62871322964239bb4827b3500b77d7e2652a8bae6a106",
+ "zh:6ed09d405ade276dfc6ec591d113ca328ea3fe423405d4bc1116f7a06dfd86ec",
+ "zh:9039de4cbee5ae006d9cbf27f40f0a285feb02c3b00901535a1112853de55b5f",
+ "zh:aea6311b0f29edddefa21b8c7953314459caeace77d72d60588d1277f1723c54",
+ "zh:bd6a4fea3461c2751527f1c4e4c2c160e72f5b5a3b5cfbfe051adf61badd5ead",
+ "zh:c5f12a2ea4c3b62d9dd2d8f62c9918ef77b1f9dd4d6ccf1758a2a24139ab5319",
+ "zh:cd84d7258f263c3bd24138e7633b022451fdc1935a11e34932b63f71bbe6059f",
+ "zh:e637d01ee4dc2e5702d62c158399ab0d0ba3269e71f5db38db922ff05505ae2a",
+ "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+ "zh:fbf9c9936ae547b75a81170b7bd20f72bc5538e015efcf7d12f822358d758f57",
+ ]
+}
+
provider "registry.terraform.io/hashicorp/kubernetes" {
version = "2.31.0"
constraints = ">= 2.31.0, < 3.0.0"
@@ -21,6 +41,26 @@ provider "registry.terraform.io/hashicorp/kubernetes" {
]
}
+provider "registry.terraform.io/hashicorp/random" {
+ version = "3.6.2"
+ constraints = ">= 3.6.2, < 4.0.0"
+ hashes = [
+ "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=",
+ "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec",
+ "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53",
+ "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114",
+ "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad",
+ "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b",
+ "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916",
+ "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150",
+ "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544",
+ "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7",
+ "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af",
+ ]
+}
+
provider "registry.terraform.io/integrations/github" {
version = "6.2.2"
constraints = ">= 6.2.2, < 7.0.0"
diff --git a/modules/kubernetes/README.md b/modules/kubernetes/README.md
index 0355fcb..6cd7536 100644
--- a/modules/kubernetes/README.md
+++ b/modules/kubernetes/README.md
@@ -7,14 +7,18 @@
|------|---------|
| [terraform](#requirement\_terraform) | >= 1.8.0 |
| [github](#requirement\_github) | >= 6.2.2, < 7.0.0 |
+| [helm](#requirement\_helm) | >= 2.14.0, < 3.0.0 |
| [kubernetes](#requirement\_kubernetes) | >= 2.31.0, < 3.0.0 |
+| [random](#requirement\_random) | >= 3.6.2, < 4.0.0 |
## Providers
| Name | Version |
|------|---------|
| [github](#provider\_github) | 6.2.2 |
+| [helm](#provider\_helm) | 2.14.0 |
| [kubernetes](#provider\_kubernetes) | 2.31.0 |
+| [random](#provider\_random) | 3.6.2 |
## Modules
@@ -24,8 +28,17 @@ No modules.
| Name | Type |
|------|------|
+| [helm_release.cilium](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.external_dns](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.hcloud_ccm](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.ingress_nginx](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.vault_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.vault_webhook](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
| [kubernetes_manifest.csi_driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource |
-| [kubernetes_secret_v1.hcloud_token](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
+| [kubernetes_namespace_v1.external_dns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource |
+| [kubernetes_secret_v1.external_dns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
+| [kubernetes_secret_v1.hcloud](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource |
+| [random_integer.load_balancer_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) | resource |
| [github_release.csi_driver](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/release) | data source |
| [github_repository_file.csi_driver](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository_file) | data source |
@@ -33,16 +46,25 @@ No modules.
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
+| [bank\_vaults\_operator\_version](#input\_bank\_vaults\_operator\_version) | Version of Bank Vaults operator to install - defaults to latest | `string` | `null` | no |
+| [bank\_vaults\_webhook\_version](#input\_bank\_vaults\_webhook\_version) | Version of Bank Vaults webhook to install - defaults to latest | `string` | `null` | no |
+| [cilium\_version](#input\_cilium\_version) | Version of Cilium to use - defaults to latest | `string` | `null` | no |
+| [cloudflare\_api\_token](#input\_cloudflare\_api\_token) | Cloudflare API token | `string` | n/a | yes |
+| [external\_dns\_version](#input\_external\_dns\_version) | Version of External DNS to install - defaults to latest | `string` | `null` | no |
+| [hcloud\_network\_name](#input\_hcloud\_network\_name) | Hetzner network name | `string` | n/a | yes |
| [hcloud\_token](#input\_hcloud\_token) | Hetzner API token | `string` | n/a | yes |
+| [hetzner\_cloud\_config\_manager\_version](#input\_hetzner\_cloud\_config\_manager\_version) | Version of the HCloud CCM to use - defaults to latest | `string` | `null` | no |
| [hetzner\_csi\_driver\_owner](#input\_hetzner\_csi\_driver\_owner) | GitHub owner to get the CSI driver from | `string` | `"hetznercloud"` | no |
| [hetzner\_csi\_driver\_repo](#input\_hetzner\_csi\_driver\_repo) | GitHub repo to get the CSI driver from | `string` | `"csi-driver"` | no |
| [hetzner\_csi\_driver\_version](#input\_hetzner\_csi\_driver\_version) | Tag of the CSI driver to use - provide the tag name or latest | `string` | `"latest"` | no |
+| [ingress\_nginx\_version](#input\_ingress\_nginx\_version) | Version of Ingress Nginx to install - defaults to latest | `string` | `null` | no |
+| [k3s\_cluster\_cidr](#input\_k3s\_cluster\_cidr) | CIDR used for the k3s cluster | `string` | `"10.244.0.0/16"` | no |
| [kube\_context](#input\_kube\_context) | Kubernetes context to use | `string` | `"default"` | no |
| [kubeconfig](#input\_kubeconfig) | Kubeconfig for the cluster | `string` | n/a | yes |
+| [load\_balancer\_region](#input\_load\_balancer\_region) | Region to use for the load balancer | `string` | n/a | yes |
+| [load\_balancer\_type](#input\_load\_balancer\_type) | Type of load balancer to use | `string` | `"lb11"` | no |
## Outputs
-| Name | Description |
-|------|-------------|
-| [csi\_version](#output\_csi\_version) | Version of the CSI driver used |
+No outputs.
diff --git a/modules/kubernetes/ccm.tf b/modules/kubernetes/ccm.tf
new file mode 100644
index 0000000..fed8153
--- /dev/null
+++ b/modules/kubernetes/ccm.tf
@@ -0,0 +1,36 @@
+# Copyright 2024 Simon Emms
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "helm_release" "hcloud_ccm" {
+ chart = "hcloud-cloud-controller-manager"
+ name = "hccm"
+ atomic = true
+ cleanup_on_fail = true
+ namespace = "kube-system"
+ repository = "https://charts.hetzner.cloud"
+ version = var.hetzner_cloud_config_manager_version
+ wait = true
+
+ set {
+ name = "networking.enabled"
+ value = "true"
+ }
+
+ set {
+ name = "networking.clusterCIDR"
+ value = var.k3s_cluster_cidr
+ }
+
+ depends_on = [kubernetes_secret_v1.hcloud]
+}
diff --git a/modules/kubernetes/cilium.tf b/modules/kubernetes/cilium.tf
new file mode 100644
index 0000000..eebb08a
--- /dev/null
+++ b/modules/kubernetes/cilium.tf
@@ -0,0 +1,34 @@
+# Copyright 2024 Simon Emms
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "helm_release" "cilium" {
+ chart = "cilium"
+ name = "cilium"
+ atomic = true
+ cleanup_on_fail = true
+ namespace = "kube-system"
+ repository = "https://helm.cilium.io"
+ version = var.cilium_version
+ wait = true
+
+ set {
+ name = "ipv4NativeRoutingCIDR"
+ value = var.k3s_cluster_cidr
+ }
+
+ set {
+ name = "ipam.mode"
+ value = "kubernetes"
+ }
+}
diff --git a/modules/kubernetes/csi.tf b/modules/kubernetes/csi.tf
index 55ab31e..8a2e318 100644
--- a/modules/kubernetes/csi.tf
+++ b/modules/kubernetes/csi.tf
@@ -26,18 +26,6 @@ data "github_repository_file" "csi_driver" {
file = "deploy/kubernetes/hcloud-csi.yml"
}
-// This secret is required by the Hetzner CSI to create cloud resources
-resource "kubernetes_secret_v1" "hcloud_token" {
- metadata {
- name = "hcloud"
- namespace = "kube-system"
- }
-
- data = {
- token = var.hcloud_token
- }
-}
-
resource "kubernetes_manifest" "csi_driver" {
for_each = {
for m in provider::kubernetes::manifest_decode_multi(data.github_repository_file.csi_driver.content) :
@@ -54,5 +42,5 @@ resource "kubernetes_manifest" "csi_driver" {
"spec.template.spec.containers[4].resources",
]
- depends_on = [kubernetes_secret_v1.hcloud_token]
+ depends_on = [kubernetes_secret_v1.hcloud]
}
diff --git a/modules/kubernetes/ingress.tf b/modules/kubernetes/ingress.tf
new file mode 100644
index 0000000..6cb842e
--- /dev/null
+++ b/modules/kubernetes/ingress.tf
@@ -0,0 +1,91 @@
+# Copyright 2024 Simon Emms
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "kubernetes_namespace_v1" "external_dns" {
+ metadata {
+ name = "external-dns"
+ }
+
+ wait_for_default_service_account = true
+
+ depends_on = [helm_release.cilium]
+}
+
+resource "kubernetes_secret_v1" "external_dns" {
+ metadata {
+ name = "cloudflare"
+ namespace = kubernetes_namespace_v1.external_dns.metadata[0].name
+ }
+
+ data = {
+ cloudflare_api_token = var.cloudflare_api_token
+ }
+
+ depends_on = [helm_release.cilium]
+}
+
+resource "helm_release" "external_dns" {
+ chart = "oci://registry-1.docker.io/bitnamicharts/external-dns"
+ name = "external-dns"
+ atomic = true
+ cleanup_on_fail = true
+ namespace = kubernetes_namespace_v1.external_dns.metadata[0].name
+ version = var.external_dns_version
+ wait = true
+
+ set {
+ name = "provider"
+ value = "cloudflare"
+ }
+
+ set {
+ name = "cloudflare.secretName"
+ value = kubernetes_secret_v1.external_dns.metadata[0].name
+ }
+
+ depends_on = [kubernetes_manifest.csi_driver]
+}
+
+resource "random_integer" "load_balancer_id" {
+ min = 1000
+ max = 9999
+}
+
+resource "helm_release" "ingress_nginx" {
+ chart = "ingress-nginx"
+ name = "ingress-nginx"
+ atomic = true
+ cleanup_on_fail = true
+ create_namespace = true
+ namespace = "ingress-nginx"
+ repository = "https://kubernetes.github.io/ingress-nginx"
+ version = var.ingress_nginx_version
+ wait = true
+
+ dynamic "set" {
+ for_each = {
+ "load-balancer.hetzner.cloud/name" = "ingress-nginx-${random_integer.load_balancer_id.result}"
+ "load-balancer.hetzner.cloud/network-zone" = var.load_balancer_region
+ "load-balancer.hetzner.cloud/type" = var.load_balancer_type
+ "load-balancer.hetzner.cloud/use-private-ip" = "true"
+ "load-balancer.hetzner.cloud/uses-proxyprotocol" = "true"
+ }
+ content {
+ name = "controller.service.annotations.${replace(set.key, ".", "\\.")}"
+ value = set.value
+ }
+ }
+
+ depends_on = [kubernetes_manifest.csi_driver]
+}
diff --git a/modules/kubernetes/output.tf b/modules/kubernetes/secrets.tf
similarity index 63%
rename from modules/kubernetes/output.tf
rename to modules/kubernetes/secrets.tf
index 8a4758b..2a95665 100644
--- a/modules/kubernetes/output.tf
+++ b/modules/kubernetes/secrets.tf
@@ -12,12 +12,17 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-# output "csi_driver_yaml" {
-# description = "CSI driver YAML to apply with kubectl"
-# value = data.github_repository_file.csi_driver.content
-# }
+# Tell the Hetzner resources about our infrastructure
+resource "kubernetes_secret_v1" "hcloud" {
+ metadata {
+ name = "hcloud"
+ namespace = "kube-system"
+ }
-output "csi_version" {
- description = "Version of the CSI driver used"
- value = data.github_release.csi_driver.release_tag
+ data = {
+ network = var.hcloud_network_name # Required by the CCM
+ token = var.hcloud_token # Required by the CSI
+ }
+
+ depends_on = [helm_release.cilium]
}
diff --git a/modules/kubernetes/terraform.tf b/modules/kubernetes/terraform.tf
index 3430b48..3406b7b 100644
--- a/modules/kubernetes/terraform.tf
+++ b/modules/kubernetes/terraform.tf
@@ -19,13 +19,31 @@ terraform {
source = "integrations/github"
version = ">= 6.2.2, < 7.0.0"
}
+ helm = {
+ source = "hashicorp/helm"
+ version = ">= 2.14.0, < 3.0.0"
+ }
kubernetes = {
source = "hashicorp/kubernetes"
version = ">= 2.31.0, < 3.0.0"
}
+ random = {
+ source = "hashicorp/random"
+ version = ">= 3.6.2, < 4.0.0"
+ }
+ }
+}
+
+provider "helm" {
+ kubernetes {
+ host = local.kubeconfig_by_context[var.kube_context].server
+ client_certificate = base64decode(local.kubeconfig_by_context[var.kube_context].client-certificate-data)
+ client_key = base64decode(local.kubeconfig_by_context[var.kube_context].client-key-data)
+ cluster_ca_certificate = base64decode(local.kubeconfig_by_context[var.kube_context].certificate-authority-data)
}
}
+
provider "kubernetes" {
host = local.kubeconfig_by_context[var.kube_context].server
client_certificate = base64decode(local.kubeconfig_by_context[var.kube_context].client-certificate-data)
diff --git a/modules/kubernetes/variables.tf b/modules/kubernetes/variables.tf
index 65d3315..44f1e1f 100644
--- a/modules/kubernetes/variables.tf
+++ b/modules/kubernetes/variables.tf
@@ -12,12 +12,55 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+variable "bank_vaults_webhook_version" {
+ type = string
+ description = "Version of Bank Vaults webhook to install - defaults to latest"
+ default = null
+}
+
+
+variable "bank_vaults_operator_version" {
+ type = string
+ description = "Version of Bank Vaults operator to install - defaults to latest"
+ default = null
+}
+
+
+variable "cilium_version" {
+ type = string
+ description = "Version of Cilium to use - defaults to latest"
+ default = null
+}
+
+variable "cloudflare_api_token" {
+ type = string
+ description = "Cloudflare API token"
+ sensitive = true
+}
+
+variable "external_dns_version" {
+ type = string
+ description = "Version of External DNS to install - defaults to latest"
+ default = null
+}
+
+variable "hcloud_network_name" {
+ type = string
+ description = "Hetzner network name"
+}
+
variable "hcloud_token" {
type = string
description = "Hetzner API token"
sensitive = true
}
+variable "hetzner_cloud_config_manager_version" {
+ type = string
+ description = "Version of the HCloud CCM to use - defaults to latest"
+ default = null
+}
+
variable "hetzner_csi_driver_owner" {
type = string
description = "GitHub owner to get the CSI driver from"
@@ -36,6 +79,18 @@ variable "hetzner_csi_driver_version" {
default = "latest"
}
+variable "ingress_nginx_version" {
+ type = string
+ description = "Version of Ingress Nginx to install - defaults to latest"
+ default = null
+}
+
+variable "k3s_cluster_cidr" {
+ type = string
+ description = "CIDR used for the k3s cluster"
+ default = "10.244.0.0/16"
+}
+
variable "kubeconfig" {
type = string
description = "Kubeconfig for the cluster"
@@ -47,3 +102,14 @@ variable "kube_context" {
description = "Kubernetes context to use"
default = "default"
}
+
+variable "load_balancer_region" {
+ type = string
+ description = "Region to use for the load balancer"
+}
+
+variable "load_balancer_type" {
+ type = string
+ description = "Type of load balancer to use"
+ default = "lb11"
+}
diff --git a/modules/kubernetes/vault.tf b/modules/kubernetes/vault.tf
new file mode 100644
index 0000000..58bc909
--- /dev/null
+++ b/modules/kubernetes/vault.tf
@@ -0,0 +1,39 @@
+# Copyright 2024 Simon Emms
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resource "helm_release" "vault_operator" {
+ chart = "oci://ghcr.io/bank-vaults/helm-charts/vault-operator"
+ name = "vault-operator"
+ atomic = true
+ cleanup_on_fail = true
+ create_namespace = true
+ namespace = "vault"
+ version = var.bank_vaults_operator_version
+ wait = true
+
+ depends_on = [kubernetes_manifest.csi_driver]
+}
+
+resource "helm_release" "vault_webhook" {
+ chart = "oci://ghcr.io/bank-vaults/helm-charts/vault-secrets-webhook"
+ name = "vault-secrets-webhook"
+ atomic = true
+ cleanup_on_fail = true
+ create_namespace = true
+ namespace = "vault"
+ version = var.bank_vaults_webhook_version
+ wait = true
+
+ depends_on = [helm_release.vault_operator]
+}
diff --git a/stacks/dev/kubernetes/.terraform.lock.hcl b/stacks/dev/kubernetes/.terraform.lock.hcl
index 23f584a..ccd1347 100644
--- a/stacks/dev/kubernetes/.terraform.lock.hcl
+++ b/stacks/dev/kubernetes/.terraform.lock.hcl
@@ -1,6 +1,26 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
+provider "registry.terraform.io/hashicorp/helm" {
+ version = "2.14.0"
+ constraints = ">= 2.14.0, < 3.0.0"
+ hashes = [
+ "h1:MCwlHF214XoAqJ11wR1SQuZmjJyAagKOqgSzl9hHrPg=",
+ "zh:087a475fda3649e4b6b9aeb5f21704972f5d85c10d0bf334289b0a1b8c1a5575",
+ "zh:1877991d976491d4e2a653a89491bd3b92123a00f442f15aa62caea8902677c7",
+ "zh:233d9e550b900be8bbf62871322964239bb4827b3500b77d7e2652a8bae6a106",
+ "zh:6ed09d405ade276dfc6ec591d113ca328ea3fe423405d4bc1116f7a06dfd86ec",
+ "zh:9039de4cbee5ae006d9cbf27f40f0a285feb02c3b00901535a1112853de55b5f",
+ "zh:aea6311b0f29edddefa21b8c7953314459caeace77d72d60588d1277f1723c54",
+ "zh:bd6a4fea3461c2751527f1c4e4c2c160e72f5b5a3b5cfbfe051adf61badd5ead",
+ "zh:c5f12a2ea4c3b62d9dd2d8f62c9918ef77b1f9dd4d6ccf1758a2a24139ab5319",
+ "zh:cd84d7258f263c3bd24138e7633b022451fdc1935a11e34932b63f71bbe6059f",
+ "zh:e637d01ee4dc2e5702d62c158399ab0d0ba3269e71f5db38db922ff05505ae2a",
+ "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+ "zh:fbf9c9936ae547b75a81170b7bd20f72bc5538e015efcf7d12f822358d758f57",
+ ]
+}
+
provider "registry.terraform.io/hashicorp/kubernetes" {
version = "2.31.0"
constraints = ">= 2.31.0, < 3.0.0"
@@ -21,6 +41,26 @@ provider "registry.terraform.io/hashicorp/kubernetes" {
]
}
+provider "registry.terraform.io/hashicorp/random" {
+ version = "3.6.2"
+ constraints = ">= 3.6.2, < 4.0.0"
+ hashes = [
+ "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=",
+ "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec",
+ "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53",
+ "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114",
+ "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad",
+ "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b",
+ "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916",
+ "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150",
+ "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544",
+ "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7",
+ "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af",
+ ]
+}
+
provider "registry.terraform.io/integrations/github" {
version = "6.2.2"
constraints = ">= 6.2.2, < 7.0.0"
diff --git a/stacks/dev/kubernetes/terragrunt.hcl b/stacks/dev/kubernetes/terragrunt.hcl
index 42f63fc..818f3f3 100644
--- a/stacks/dev/kubernetes/terragrunt.hcl
+++ b/stacks/dev/kubernetes/terragrunt.hcl
@@ -25,5 +25,8 @@ dependency "hetzner" {
}
inputs = {
- kubeconfig = dependency.hetzner.outputs.kubeconfig
+ hcloud_network_name = dependency.hetzner.outputs.hcloud_network_name
+ k3s_cluster_cidr = dependency.hetzner.outputs.k3s_cluster_cidr
+ kubeconfig = dependency.hetzner.outputs.kubeconfig
+ load_balancer_region = dependency.hetzner.outputs.region
}