From c2f7048c23f83418fae589e9f24506542dee70e2 Mon Sep 17 00:00:00 2001
From: Michael Wilson <mw@ciphron.de>
Date: Fri, 25 Nov 2022 14:09:15 +0100
Subject: [PATCH] initial commit

---
 hcloud-k3s-cluster/main.tf    | 155 ++++++++++++++++++++++++++++++++++
 hcloud-k3s-cluster/outputs.tf |  14 +++
 hcloud-k3s-cluster/vars.tf    |  44 ++++++++++
 3 files changed, 213 insertions(+)
 create mode 100644 hcloud-k3s-cluster/main.tf
 create mode 100644 hcloud-k3s-cluster/outputs.tf
 create mode 100644 hcloud-k3s-cluster/vars.tf

diff --git a/hcloud-k3s-cluster/main.tf b/hcloud-k3s-cluster/main.tf
new file mode 100644
index 0000000..db947ab
--- /dev/null
+++ b/hcloud-k3s-cluster/main.tf
@@ -0,0 +1,155 @@
+# terraform config
+terraform {
+  required_providers {
+    hcloud = {
+      source = "hetznercloud/hcloud"
+      version = "1.35.2"
+    }
+    hetznerdns = {
+      source = "timohirt/hetznerdns"
+      version = "2.2.0"
+    }
+  }
+}
+
+provider "hcloud" {
+  token = var.hcloud_token
+}
+
+provider "hetznerdns" {
+  apitoken = var.hetznerdns_token
+}
+
+# bootstrap ssh key
+resource "hcloud_ssh_key" "pubkey" {
+  name = "bootstrap-ssh"
+  public_key = file(var.ssh_public_key_path)
+}
+
+
+# server
+resource "hcloud_server" "k3s-node" {
+  count = var.node_count
+  name = "k3s-node-${count.index + 1}"
+  image = "ubuntu-22.04"
+  server_type = var.server_type
+  ssh_keys = [ "${hcloud_ssh_key.pubkey.id}" ]
+  location = var.server_location
+  rescue = "linux64"
+  firewall_ids = [ hcloud_firewall.fw.id ]
+  depends_on = [
+    hcloud_network_subnet.k3s-net,
+    hcloud_firewall.fw
+  ]
+}
+
+
+# internal network
+resource "hcloud_network" "internal_net" {
+  name     = "internal network"
+  ip_range = "10.0.0.0/8"
+}
+
+resource "hcloud_network_subnet" "k3s-net" {
+  network_id   = hcloud_network.internal_net.id
+  type         = "cloud"
+  network_zone = "eu-central"
+  ip_range     = "10.0.1.0/24"
+}
+
+resource "hcloud_server_network" "k3s-node-to-network-allocation" {
+  count = var.node_count
+  server_id  = hcloud_server.k3s-node[count.index].id
+  subnet_id = hcloud_network_subnet.k3s-net.id
+  ip         = "10.0.1.${count.index + 1}"
+}
+
+
+#DNS
+data "hetznerdns_zone" "dns_zone" {
+    name = var.hetznerdns_zone
+}
+
+resource "hetznerdns_record" "k3sv4" {
+    zone_id = data.hetznerdns_zone.dns_zone.id
+    name = "*.k3s"
+    value = hcloud_load_balancer.lb.ipv4
+    type = "A"
+    ttl= 3400
+  depends_on = [
+    hcloud_load_balancer.lb
+  ]
+}
+
+resource "hetznerdns_record" "k3sv6" {
+    zone_id = data.hetznerdns_zone.dns_zone.id
+    name = "*.k3s"
+    value = hcloud_load_balancer.lb.ipv6
+    type = "AAAA"
+    ttl= 3400
+  depends_on = [
+    hcloud_load_balancer.lb
+  ]
+}
+
+
+# loadbalancer
+resource "hcloud_load_balancer" "lb" {
+  name               = "k3s-load-balancer"
+  load_balancer_type = var.loadbalancer_type
+  location           = var.server_location
+}
+
+resource "hcloud_load_balancer_target" "load_balancer_target" {
+  count            = var.node_count
+  type             = "server"
+  load_balancer_id = hcloud_load_balancer.lb.id
+  server_id        = hcloud_server.k3s-node[count.index].id
+  depends_on = [
+    hcloud_server.k3s-node
+  ]
+}
+
+resource "hcloud_load_balancer_network" "lb_backend_net" {
+  load_balancer_id = hcloud_load_balancer.lb.id
+  subnet_id = hcloud_network_subnet.k3s-net.id
+  ip = "10.0.1.${var.node_count + 1 }"
+}
+
+resource "hcloud_load_balancer_service" "load_balancer_tcp_80" {
+    load_balancer_id = hcloud_load_balancer.lb.id
+    protocol         = "tcp"
+    listen_port      = 80
+    destination_port = 80
+}
+
+resource "hcloud_load_balancer_service" "load_balancer_tcp_443" {
+    load_balancer_id = hcloud_load_balancer.lb.id
+    protocol         = "tcp"
+    listen_port      = 443 
+    destination_port = 443 
+}
+
+# firewall
+resource "hcloud_firewall" "fw" {
+  name = "fw"
+  rule {
+    direction = "in"
+    protocol  = "icmp"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "22"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+}
diff --git a/hcloud-k3s-cluster/outputs.tf b/hcloud-k3s-cluster/outputs.tf
new file mode 100644
index 0000000..be24a31
--- /dev/null
+++ b/hcloud-k3s-cluster/outputs.tf
@@ -0,0 +1,14 @@
+output "lb_ipv4" {
+  value       = hcloud_load_balancer.lb.ipv4
+  description = "Loadblancer IPv4 address"
+}
+
+output "lb_ipv6" {
+  value       = hcloud_load_balancer.lb.ipv6
+  description = "Loadblancer IPv6 address"
+}
+
+output "dns_record" {
+  value      = "*.k3s.${var.hetznerdns_zone}"
+  description = "Configured wildcard records (A and AAAA) pointed at Loadblancer."
+}
diff --git a/hcloud-k3s-cluster/vars.tf b/hcloud-k3s-cluster/vars.tf
new file mode 100644
index 0000000..a53db42
--- /dev/null
+++ b/hcloud-k3s-cluster/vars.tf
@@ -0,0 +1,44 @@
+variable "ssh_public_key_path" {
+  type = string
+  description = "Path to ssh public key file used for bootstrap."
+  default = "./.ssh/id_rsa.pub"
+}
+
+variable "hcloud_token" {
+  type = string
+  description = "hcloud API token"
+}
+
+variable "hetznerdns_token" {
+  type = string
+  description = "hetznerdns API token"
+}
+
+variable "node_count" {
+  type = number
+  default = 3
+  description = "Number of cluster nodes to be deployed."
+}
+
+variable "server_type" {
+  type = string
+  default = "cx21"
+  description = "Hetzner Cloud server type."
+}
+
+variable "loadbalancer_type" {
+  type = string
+  default = "lb11"
+  description = "Hetzner Cloud loadblancer type."
+}
+
+variable "server_location" {
+  type = string
+  default = "nbg1"
+  description = "Hetzner Location for server deployment."
+}
+
+variable "hetznerdns_zone" {
+  type = string
+  description = "DNS Zone to configure *.k3s subdomain wildcard records in"
+}