From 97e6bdda77e6fe9155faca6230e8078372e9420e Mon Sep 17 00:00:00 2001 From: Simon Emms Date: Mon, 24 Jun 2024 20:45:27 +0000 Subject: [PATCH] kubernetes --- modules/kubernetes/.terraform.lock.hcl | 40 +++++++++ modules/kubernetes/README.md | 30 ++++++- modules/kubernetes/ccm.tf | 36 ++++++++ modules/kubernetes/cilium.tf | 34 ++++++++ modules/kubernetes/csi.tf | 14 +-- modules/kubernetes/ingress.tf | 91 ++++++++++++++++++++ modules/kubernetes/{output.tf => secrets.tf} | 19 ++-- modules/kubernetes/terraform.tf | 18 ++++ modules/kubernetes/variables.tf | 66 ++++++++++++++ modules/kubernetes/vault.tf | 39 +++++++++ stacks/dev/kubernetes/.terraform.lock.hcl | 40 +++++++++ stacks/dev/kubernetes/terragrunt.hcl | 5 +- 12 files changed, 407 insertions(+), 25 deletions(-) create mode 100644 modules/kubernetes/ccm.tf create mode 100644 modules/kubernetes/cilium.tf create mode 100644 modules/kubernetes/ingress.tf rename modules/kubernetes/{output.tf => secrets.tf} (63%) create mode 100644 modules/kubernetes/vault.tf diff --git a/modules/kubernetes/.terraform.lock.hcl b/modules/kubernetes/.terraform.lock.hcl index 23f584a..ccd1347 100644 --- a/modules/kubernetes/.terraform.lock.hcl +++ b/modules/kubernetes/.terraform.lock.hcl @@ -1,6 +1,26 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/hashicorp/helm" { + version = "2.14.0" + constraints = ">= 2.14.0, < 3.0.0" + hashes = [ + "h1:MCwlHF214XoAqJ11wR1SQuZmjJyAagKOqgSzl9hHrPg=", + "zh:087a475fda3649e4b6b9aeb5f21704972f5d85c10d0bf334289b0a1b8c1a5575", + "zh:1877991d976491d4e2a653a89491bd3b92123a00f442f15aa62caea8902677c7", + "zh:233d9e550b900be8bbf62871322964239bb4827b3500b77d7e2652a8bae6a106", + "zh:6ed09d405ade276dfc6ec591d113ca328ea3fe423405d4bc1116f7a06dfd86ec", + "zh:9039de4cbee5ae006d9cbf27f40f0a285feb02c3b00901535a1112853de55b5f", + "zh:aea6311b0f29edddefa21b8c7953314459caeace77d72d60588d1277f1723c54", + "zh:bd6a4fea3461c2751527f1c4e4c2c160e72f5b5a3b5cfbfe051adf61badd5ead", + "zh:c5f12a2ea4c3b62d9dd2d8f62c9918ef77b1f9dd4d6ccf1758a2a24139ab5319", + "zh:cd84d7258f263c3bd24138e7633b022451fdc1935a11e34932b63f71bbe6059f", + "zh:e637d01ee4dc2e5702d62c158399ab0d0ba3269e71f5db38db922ff05505ae2a", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fbf9c9936ae547b75a81170b7bd20f72bc5538e015efcf7d12f822358d758f57", + ] +} + provider "registry.terraform.io/hashicorp/kubernetes" { version = "2.31.0" constraints = ">= 2.31.0, < 3.0.0" @@ -21,6 +41,26 @@ provider "registry.terraform.io/hashicorp/kubernetes" { ] } +provider "registry.terraform.io/hashicorp/random" { + version = "3.6.2" + constraints = ">= 3.6.2, < 4.0.0" + hashes = [ + "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", + "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", + "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", + "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", + "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", + "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", + "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", + "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", + "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", + "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", + "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", + ] +} + provider "registry.terraform.io/integrations/github" { version = "6.2.2" constraints = ">= 6.2.2, < 7.0.0" diff --git a/modules/kubernetes/README.md b/modules/kubernetes/README.md index 0355fcb..6cd7536 100644 --- a/modules/kubernetes/README.md +++ b/modules/kubernetes/README.md @@ -7,14 +7,18 @@ |------|---------| | [terraform](#requirement\_terraform) | >= 1.8.0 | | [github](#requirement\_github) | >= 6.2.2, < 7.0.0 | +| [helm](#requirement\_helm) | >= 2.14.0, < 3.0.0 | | [kubernetes](#requirement\_kubernetes) | >= 2.31.0, < 3.0.0 | +| [random](#requirement\_random) | >= 3.6.2, < 4.0.0 | ## Providers | Name | Version | |------|---------| | [github](#provider\_github) | 6.2.2 | +| [helm](#provider\_helm) | 2.14.0 | | [kubernetes](#provider\_kubernetes) | 2.31.0 | +| [random](#provider\_random) | 3.6.2 | ## Modules @@ -24,8 +28,17 @@ No modules. | Name | Type | |------|------| +| [helm_release.cilium](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.external_dns](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.hcloud_ccm](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.ingress_nginx](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.vault_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | +| [helm_release.vault_webhook](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | | [kubernetes_manifest.csi_driver](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/manifest) | resource | -| [kubernetes_secret_v1.hcloud_token](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource | +| [kubernetes_namespace_v1.external_dns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/namespace_v1) | resource | +| [kubernetes_secret_v1.external_dns](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource | +| [kubernetes_secret_v1.hcloud](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/secret_v1) | resource | +| [random_integer.load_balancer_id](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) | resource | | [github_release.csi_driver](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/release) | data source | | [github_repository_file.csi_driver](https://registry.terraform.io/providers/integrations/github/latest/docs/data-sources/repository_file) | data source | @@ -33,16 +46,25 @@ No modules. | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| +| [bank\_vaults\_operator\_version](#input\_bank\_vaults\_operator\_version) | Version of Bank Vaults operator to install - defaults to latest | `string` | `null` | no | +| [bank\_vaults\_webhook\_version](#input\_bank\_vaults\_webhook\_version) | Version of Bank Vaults webhook to install - defaults to latest | `string` | `null` | no | +| [cilium\_version](#input\_cilium\_version) | Version of Cilium to use - defaults to latest | `string` | `null` | no | +| [cloudflare\_api\_token](#input\_cloudflare\_api\_token) | Cloudflare API token | `string` | n/a | yes | +| [external\_dns\_version](#input\_external\_dns\_version) | Version of External DNS to install - defaults to latest | `string` | `null` | no | +| [hcloud\_network\_name](#input\_hcloud\_network\_name) | Hetzner network name | `string` | n/a | yes | | [hcloud\_token](#input\_hcloud\_token) | Hetzner API token | `string` | n/a | yes | +| [hetzner\_cloud\_config\_manager\_version](#input\_hetzner\_cloud\_config\_manager\_version) | Version of the HCloud CCM to use - defaults to latest | `string` | `null` | no | | [hetzner\_csi\_driver\_owner](#input\_hetzner\_csi\_driver\_owner) | GitHub owner to get the CSI driver from | `string` | `"hetznercloud"` | no | | [hetzner\_csi\_driver\_repo](#input\_hetzner\_csi\_driver\_repo) | GitHub repo to get the CSI driver from | `string` | `"csi-driver"` | no | | [hetzner\_csi\_driver\_version](#input\_hetzner\_csi\_driver\_version) | Tag of the CSI driver to use - provide the tag name or latest | `string` | `"latest"` | no | +| [ingress\_nginx\_version](#input\_ingress\_nginx\_version) | Version of Ingress Nginx to install - defaults to latest | `string` | `null` | no | +| [k3s\_cluster\_cidr](#input\_k3s\_cluster\_cidr) | CIDR used for the k3s cluster | `string` | `"10.244.0.0/16"` | no | | [kube\_context](#input\_kube\_context) | Kubernetes context to use | `string` | `"default"` | no | | [kubeconfig](#input\_kubeconfig) | Kubeconfig for the cluster | `string` | n/a | yes | +| [load\_balancer\_region](#input\_load\_balancer\_region) | Region to use for the load balancer | `string` | n/a | yes | +| [load\_balancer\_type](#input\_load\_balancer\_type) | Type of load balancer to use | `string` | `"lb11"` | no | ## Outputs -| Name | Description | -|------|-------------| -| [csi\_version](#output\_csi\_version) | Version of the CSI driver used | +No outputs. diff --git a/modules/kubernetes/ccm.tf b/modules/kubernetes/ccm.tf new file mode 100644 index 0000000..fed8153 --- /dev/null +++ b/modules/kubernetes/ccm.tf @@ -0,0 +1,36 @@ +# Copyright 2024 Simon Emms +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "helm_release" "hcloud_ccm" { + chart = "hcloud-cloud-controller-manager" + name = "hccm" + atomic = true + cleanup_on_fail = true + namespace = "kube-system" + repository = "https://charts.hetzner.cloud" + version = var.hetzner_cloud_config_manager_version + wait = true + + set { + name = "networking.enabled" + value = "true" + } + + set { + name = "networking.clusterCIDR" + value = var.k3s_cluster_cidr + } + + depends_on = [kubernetes_secret_v1.hcloud] +} diff --git a/modules/kubernetes/cilium.tf b/modules/kubernetes/cilium.tf new file mode 100644 index 0000000..eebb08a --- /dev/null +++ b/modules/kubernetes/cilium.tf @@ -0,0 +1,34 @@ +# Copyright 2024 Simon Emms +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "helm_release" "cilium" { + chart = "cilium" + name = "cilium" + atomic = true + cleanup_on_fail = true + namespace = "kube-system" + repository = "https://helm.cilium.io" + version = var.cilium_version + wait = true + + set { + name = "ipv4NativeRoutingCIDR" + value = var.k3s_cluster_cidr + } + + set { + name = "ipam.mode" + value = "kubernetes" + } +} diff --git a/modules/kubernetes/csi.tf b/modules/kubernetes/csi.tf index 55ab31e..8a2e318 100644 --- a/modules/kubernetes/csi.tf +++ b/modules/kubernetes/csi.tf @@ -26,18 +26,6 @@ data "github_repository_file" "csi_driver" { file = "deploy/kubernetes/hcloud-csi.yml" } -// This secret is required by the Hetzner CSI to create cloud resources -resource "kubernetes_secret_v1" "hcloud_token" { - metadata { - name = "hcloud" - namespace = "kube-system" - } - - data = { - token = var.hcloud_token - } -} - resource "kubernetes_manifest" "csi_driver" { for_each = { for m in provider::kubernetes::manifest_decode_multi(data.github_repository_file.csi_driver.content) : @@ -54,5 +42,5 @@ resource "kubernetes_manifest" "csi_driver" { "spec.template.spec.containers[4].resources", ] - depends_on = [kubernetes_secret_v1.hcloud_token] + depends_on = [kubernetes_secret_v1.hcloud] } diff --git a/modules/kubernetes/ingress.tf b/modules/kubernetes/ingress.tf new file mode 100644 index 0000000..6cb842e --- /dev/null +++ b/modules/kubernetes/ingress.tf @@ -0,0 +1,91 @@ +# Copyright 2024 Simon Emms +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "kubernetes_namespace_v1" "external_dns" { + metadata { + name = "external-dns" + } + + wait_for_default_service_account = true + + depends_on = [helm_release.cilium] +} + +resource "kubernetes_secret_v1" "external_dns" { + metadata { + name = "cloudflare" + namespace = kubernetes_namespace_v1.external_dns.metadata[0].name + } + + data = { + cloudflare_api_token = var.cloudflare_api_token + } + + depends_on = [helm_release.cilium] +} + +resource "helm_release" "external_dns" { + chart = "oci://registry-1.docker.io/bitnamicharts/external-dns" + name = "external-dns" + atomic = true + cleanup_on_fail = true + namespace = kubernetes_namespace_v1.external_dns.metadata[0].name + version = var.external_dns_version + wait = true + + set { + name = "provider" + value = "cloudflare" + } + + set { + name = "cloudflare.secretName" + value = kubernetes_secret_v1.external_dns.metadata[0].name + } + + depends_on = [kubernetes_manifest.csi_driver] +} + +resource "random_integer" "load_balancer_id" { + min = 1000 + max = 9999 +} + +resource "helm_release" "ingress_nginx" { + chart = "ingress-nginx" + name = "ingress-nginx" + atomic = true + cleanup_on_fail = true + create_namespace = true + namespace = "ingress-nginx" + repository = "https://kubernetes.github.io/ingress-nginx" + version = var.ingress_nginx_version + wait = true + + dynamic "set" { + for_each = { + "load-balancer.hetzner.cloud/name" = "ingress-nginx-${random_integer.load_balancer_id.result}" + "load-balancer.hetzner.cloud/network-zone" = var.load_balancer_region + "load-balancer.hetzner.cloud/type" = var.load_balancer_type + "load-balancer.hetzner.cloud/use-private-ip" = "true" + "load-balancer.hetzner.cloud/uses-proxyprotocol" = "true" + } + content { + name = "controller.service.annotations.${replace(set.key, ".", "\\.")}" + value = set.value + } + } + + depends_on = [kubernetes_manifest.csi_driver] +} diff --git a/modules/kubernetes/output.tf b/modules/kubernetes/secrets.tf similarity index 63% rename from modules/kubernetes/output.tf rename to modules/kubernetes/secrets.tf index 8a4758b..2a95665 100644 --- a/modules/kubernetes/output.tf +++ b/modules/kubernetes/secrets.tf @@ -12,12 +12,17 @@ # See the License for the specific language governing permissions and # limitations under the License. -# output "csi_driver_yaml" { -# description = "CSI driver YAML to apply with kubectl" -# value = data.github_repository_file.csi_driver.content -# } +# Tell the Hetzner resources about our infrastructure +resource "kubernetes_secret_v1" "hcloud" { + metadata { + name = "hcloud" + namespace = "kube-system" + } -output "csi_version" { - description = "Version of the CSI driver used" - value = data.github_release.csi_driver.release_tag + data = { + network = var.hcloud_network_name # Required by the CCM + token = var.hcloud_token # Required by the CSI + } + + depends_on = [helm_release.cilium] } diff --git a/modules/kubernetes/terraform.tf b/modules/kubernetes/terraform.tf index 3430b48..3406b7b 100644 --- a/modules/kubernetes/terraform.tf +++ b/modules/kubernetes/terraform.tf @@ -19,13 +19,31 @@ terraform { source = "integrations/github" version = ">= 6.2.2, < 7.0.0" } + helm = { + source = "hashicorp/helm" + version = ">= 2.14.0, < 3.0.0" + } kubernetes = { source = "hashicorp/kubernetes" version = ">= 2.31.0, < 3.0.0" } + random = { + source = "hashicorp/random" + version = ">= 3.6.2, < 4.0.0" + } + } +} + +provider "helm" { + kubernetes { + host = local.kubeconfig_by_context[var.kube_context].server + client_certificate = base64decode(local.kubeconfig_by_context[var.kube_context].client-certificate-data) + client_key = base64decode(local.kubeconfig_by_context[var.kube_context].client-key-data) + cluster_ca_certificate = base64decode(local.kubeconfig_by_context[var.kube_context].certificate-authority-data) } } + provider "kubernetes" { host = local.kubeconfig_by_context[var.kube_context].server client_certificate = base64decode(local.kubeconfig_by_context[var.kube_context].client-certificate-data) diff --git a/modules/kubernetes/variables.tf b/modules/kubernetes/variables.tf index 65d3315..44f1e1f 100644 --- a/modules/kubernetes/variables.tf +++ b/modules/kubernetes/variables.tf @@ -12,12 +12,55 @@ # See the License for the specific language governing permissions and # limitations under the License. +variable "bank_vaults_webhook_version" { + type = string + description = "Version of Bank Vaults webhook to install - defaults to latest" + default = null +} + + +variable "bank_vaults_operator_version" { + type = string + description = "Version of Bank Vaults operator to install - defaults to latest" + default = null +} + + +variable "cilium_version" { + type = string + description = "Version of Cilium to use - defaults to latest" + default = null +} + +variable "cloudflare_api_token" { + type = string + description = "Cloudflare API token" + sensitive = true +} + +variable "external_dns_version" { + type = string + description = "Version of External DNS to install - defaults to latest" + default = null +} + +variable "hcloud_network_name" { + type = string + description = "Hetzner network name" +} + variable "hcloud_token" { type = string description = "Hetzner API token" sensitive = true } +variable "hetzner_cloud_config_manager_version" { + type = string + description = "Version of the HCloud CCM to use - defaults to latest" + default = null +} + variable "hetzner_csi_driver_owner" { type = string description = "GitHub owner to get the CSI driver from" @@ -36,6 +79,18 @@ variable "hetzner_csi_driver_version" { default = "latest" } +variable "ingress_nginx_version" { + type = string + description = "Version of Ingress Nginx to install - defaults to latest" + default = null +} + +variable "k3s_cluster_cidr" { + type = string + description = "CIDR used for the k3s cluster" + default = "10.244.0.0/16" +} + variable "kubeconfig" { type = string description = "Kubeconfig for the cluster" @@ -47,3 +102,14 @@ variable "kube_context" { description = "Kubernetes context to use" default = "default" } + +variable "load_balancer_region" { + type = string + description = "Region to use for the load balancer" +} + +variable "load_balancer_type" { + type = string + description = "Type of load balancer to use" + default = "lb11" +} diff --git a/modules/kubernetes/vault.tf b/modules/kubernetes/vault.tf new file mode 100644 index 0000000..58bc909 --- /dev/null +++ b/modules/kubernetes/vault.tf @@ -0,0 +1,39 @@ +# Copyright 2024 Simon Emms +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resource "helm_release" "vault_operator" { + chart = "oci://ghcr.io/bank-vaults/helm-charts/vault-operator" + name = "vault-operator" + atomic = true + cleanup_on_fail = true + create_namespace = true + namespace = "vault" + version = var.bank_vaults_operator_version + wait = true + + depends_on = [kubernetes_manifest.csi_driver] +} + +resource "helm_release" "vault_webhook" { + chart = "oci://ghcr.io/bank-vaults/helm-charts/vault-secrets-webhook" + name = "vault-secrets-webhook" + atomic = true + cleanup_on_fail = true + create_namespace = true + namespace = "vault" + version = var.bank_vaults_webhook_version + wait = true + + depends_on = [helm_release.vault_operator] +} diff --git a/stacks/dev/kubernetes/.terraform.lock.hcl b/stacks/dev/kubernetes/.terraform.lock.hcl index 23f584a..ccd1347 100644 --- a/stacks/dev/kubernetes/.terraform.lock.hcl +++ b/stacks/dev/kubernetes/.terraform.lock.hcl @@ -1,6 +1,26 @@ # This file is maintained automatically by "terraform init". # Manual edits may be lost in future updates. +provider "registry.terraform.io/hashicorp/helm" { + version = "2.14.0" + constraints = ">= 2.14.0, < 3.0.0" + hashes = [ + "h1:MCwlHF214XoAqJ11wR1SQuZmjJyAagKOqgSzl9hHrPg=", + "zh:087a475fda3649e4b6b9aeb5f21704972f5d85c10d0bf334289b0a1b8c1a5575", + "zh:1877991d976491d4e2a653a89491bd3b92123a00f442f15aa62caea8902677c7", + "zh:233d9e550b900be8bbf62871322964239bb4827b3500b77d7e2652a8bae6a106", + "zh:6ed09d405ade276dfc6ec591d113ca328ea3fe423405d4bc1116f7a06dfd86ec", + "zh:9039de4cbee5ae006d9cbf27f40f0a285feb02c3b00901535a1112853de55b5f", + "zh:aea6311b0f29edddefa21b8c7953314459caeace77d72d60588d1277f1723c54", + "zh:bd6a4fea3461c2751527f1c4e4c2c160e72f5b5a3b5cfbfe051adf61badd5ead", + "zh:c5f12a2ea4c3b62d9dd2d8f62c9918ef77b1f9dd4d6ccf1758a2a24139ab5319", + "zh:cd84d7258f263c3bd24138e7633b022451fdc1935a11e34932b63f71bbe6059f", + "zh:e637d01ee4dc2e5702d62c158399ab0d0ba3269e71f5db38db922ff05505ae2a", + "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", + "zh:fbf9c9936ae547b75a81170b7bd20f72bc5538e015efcf7d12f822358d758f57", + ] +} + provider "registry.terraform.io/hashicorp/kubernetes" { version = "2.31.0" constraints = ">= 2.31.0, < 3.0.0" @@ -21,6 +41,26 @@ provider "registry.terraform.io/hashicorp/kubernetes" { ] } +provider "registry.terraform.io/hashicorp/random" { + version = "3.6.2" + constraints = ">= 3.6.2, < 4.0.0" + hashes = [ + "h1:wmG0QFjQ2OfyPy6BB7mQ57WtoZZGGV07uAPQeDmIrAE=", + "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec", + "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53", + "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114", + "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad", + "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b", + "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916", + "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6", + "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3", + "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150", + "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544", + "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7", + "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af", + ] +} + provider "registry.terraform.io/integrations/github" { version = "6.2.2" constraints = ">= 6.2.2, < 7.0.0" diff --git a/stacks/dev/kubernetes/terragrunt.hcl b/stacks/dev/kubernetes/terragrunt.hcl index 42f63fc..818f3f3 100644 --- a/stacks/dev/kubernetes/terragrunt.hcl +++ b/stacks/dev/kubernetes/terragrunt.hcl @@ -25,5 +25,8 @@ dependency "hetzner" { } inputs = { - kubeconfig = dependency.hetzner.outputs.kubeconfig + hcloud_network_name = dependency.hetzner.outputs.hcloud_network_name + k3s_cluster_cidr = dependency.hetzner.outputs.k3s_cluster_cidr + kubeconfig = dependency.hetzner.outputs.kubeconfig + load_balancer_region = dependency.hetzner.outputs.region }