-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathmaster.tf
91 lines (74 loc) · 2.07 KB
/
master.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
resource "hcloud_server" "master" {
name = "${var.prefix}-${var.master_node.name}"
image = "rocky-8"
server_type = var.master_node.server_type
ssh_keys = [for key in values(hcloud_ssh_key.keys) : key.id]
location = var.master_node.location
user_data = local.master_user_data
labels = var.labels
firewall_ids = [hcloud_firewall.master.id, hcloud_firewall.agent.id]
public_net {
ipv4_enabled = true
ipv6_enabled = true
}
network {
network_id = hcloud_network.priv.id
ip = local.master_ip
}
depends_on = [
hcloud_network_subnet.master
]
}
resource "ssh_resource" "k8s-addon-manifests" {
when = "create"
host = hcloud_server.master.ipv4_address
user = "root"
agent = false
private_key = tls_private_key.ssh.private_key_openssh
timeout = "1m"
triggers = local.manifests
dynamic "file" {
for_each = local.manifests
content {
content = sensitive(file.value)
destination = "/var/lib/rancher/rke2/server/manifests/${file.key}"
}
}
}
resource "ssh_sensitive_resource" "kubeconfig" {
when = "create"
host = hcloud_server.master.ipv4_address
user = "root"
agent = false
private_key = tls_private_key.ssh.private_key_openssh
timeout = "10m"
commands = [
"cloud-init status --wait > /dev/null",
"cat /etc/rancher/rke2/rke2.yaml"
]
}
resource "ssh_sensitive_resource" "node-token" {
when = "create"
host = hcloud_server.master.ipv4_address
user = "root"
agent = false
private_key = tls_private_key.ssh.private_key_openssh
timeout = "10m"
commands = [
"cat /var/lib/rancher/rke2/server/node-token"
]
depends_on = [
ssh_sensitive_resource.kubeconfig
]
}
resource "ssh_sensitive_resource" "master-ssh-keys" {
when = "create"
host = hcloud_server.master.ipv4_address
user = "root"
agent = false
private_key = tls_private_key.ssh.private_key_openssh
timeout = "10m"
commands = [
"cat /etc/ssh/ssh_host_*_key.pub"
]
}