github-personal/terraform-hcloud-talos
1
0
Fork 0
mirror of https://github.com/outbackdingo/terraform-hcloud-talos.git synced 2026-01-27 02:20:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
terraform-hcloud-talos/talos_patch_control_plane.tf
Julia Mertz 287b4f13df fix: check worker_nodes in scheduling condition
2025-10-12 09:31:18 +02:00

182 lines
5.4 KiB
HCL
Raw Permalink Blame History

locals {
# Define a dummy control plane entry for when count is 0
dummy_control_planes = var.control_plane_count == 0 ? [{
index = 0
name = "dummy-cp-0"
ipv4_public = "0.0.0.0" # Fallback
ipv6_public = null # Fallback
ipv6_public_subnet = null # Fallback
ipv4_private = cidrhost(local.node_ipv4_cidr, 100) # Use a predictable dummy private IP
}] : []
# Combine real and dummy control planes
merged_control_planes = concat(local.control_planes, local.dummy_control_planes)
# Generate YAML for all (real or dummy) control planes
controlplane_yaml = {
for control_plane in local.merged_control_planes : control_plane.name => {
machine = {
install = {
image = "ghcr.io/siderolabs/installer:${var.talos_version}"
extraKernelArgs = [
"ipv6.disable=${var.enable_ipv6 ? 0 : 1}",
]
}
certSANs = local.cert_SANs
kubelet = {
extraArgs = merge(
{
"cloud-provider" = "external"
"rotate-server-certificates" = true
},
var.kubelet_extra_args
)
nodeIP = {
validSubnets = [
local.node_ipv4_cidr
]
}
}
nodeLabels = var.worker_count <= 0 ? {
"node.kubernetes.io/exclude-from-external-load-balancers" = {
"$patch" = "delete"
}
} : {}
network = {
interfaces = [
{
interface = "eth0"
dhcp = true
vip = var.enable_floating_ip ? {
ip = data.hcloud_floating_ip.control_plane_ipv4[0].ip_address
hcloud = {
apiToken = var.hcloud_token
}
} : null
},
{
interface = "eth1"
dhcp = true
vip = var.enable_alias_ip ? {
ip = local.control_plane_private_vip_ipv4
hcloud = {
apiToken = var.hcloud_token
}
} : null
}
]
extraHostEntries = local.extra_host_entries
kubespan = {
enabled = var.enable_kube_span
advertiseKubernetesNetworks : false # Disabled because of cilium
mtu : 1370 # Hcloud has a MTU of 1450 (KubeSpanMTU = UnderlyingMTU - 80)
}
}
kernel = {
modules = var.kernel_modules_to_load
}
sysctls = merge(
{
"net.core.somaxconn" = "65535"
"net.core.netdev_max_backlog" = "4096"
},
var.sysctls_extra_args
)
features = {
kubernetesTalosAPIAccess = {
enabled = true
allowedRoles = [
"os:reader"
]
allowedKubernetesNamespaces = [
"kube-system"
]
}
hostDNS = {
enabled = true
forwardKubeDNSToHost = true
resolveMemberNames = true
}
}
time = {
servers = [
"ntp1.hetzner.de",
"ntp2.hetzner.com",
"ntp3.hetzner.net",
"time.cloudflare.com"
]
}
registries = var.registries
}
cluster = {
allowSchedulingOnControlPlanes = var.control_plane_allow_schedule || (var.worker_count <= 0 && length(var.worker_nodes) <= 0)
network = {
dnsDomain = var.cluster_domain
podSubnets = [
local.pod_ipv4_cidr
]
serviceSubnets = [
local.service_ipv4_cidr
]
cni = {
name = "none"
}
}
coreDNS = {
disabled = var.disable_talos_coredns
}
proxy = {
disabled = true
}
apiServer = {
certSANs = local.cert_SANs
extraArgs = var.kube_api_extra_args
}
controllerManager = {
extraArgs = {
"cloud-provider" = "external"
"node-cidr-mask-size-ipv4" = local.node_ipv4_cidr_mask_size
"bind-address" : "0.0.0.0"
}
}
etcd = {
advertisedSubnets = [
local.node_ipv4_cidr
]
extraArgs = {
"listen-metrics-urls" = "http://0.0.0.0:2381"
}
}
scheduler = {
extraArgs = {
"bind-address" = "0.0.0.0"
}
}
extraManifests = var.extraManifests
inlineManifests = [
{
name = "hcloud-secret"
contents = <<-EOT
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: hcloud
namespace: kube-system
data:
network: ${base64encode(hcloud_network.this.id)}
token: ${base64encode(var.hcloud_token)}
EOT
}
]
externalCloudProvider = {
enabled = true
manifests = [
"https://raw.githubusercontent.com/siderolabs/talos-cloud-controller-manager/v1.6.0/docs/deploy/cloud-controller-manager-daemonset.yml"
]
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink