From 8fc60f9d8b5976cc30539fddc01fbda270eb5d43 Mon Sep 17 00:00:00 2001 From: Evrard Van Espen Date: Sun, 23 Nov 2025 11:22:21 +0000 Subject: [PATCH] Add tofu files --- tofu/files/cloud-init.yaml | 18 +++++ tofu/main.tf | 148 +++++++++++++++++++++++++++++++++++++ 2 files changed, 166 insertions(+) create mode 100644 tofu/files/cloud-init.yaml create mode 100644 tofu/main.tf diff --git a/tofu/files/cloud-init.yaml b/tofu/files/cloud-init.yaml new file mode 100644 index 0000000..997b15a --- /dev/null +++ b/tofu/files/cloud-init.yaml @@ -0,0 +1,18 @@ +#cloud-config +users: + - name: kubeadmin + gecos: kubeadmin + sudo: ALL=(ALL) NOPASSWD:ALL + groups: wheel, root + lock_passwd: false + ssh_authorized_keys: + - ${ssh_public_key} + passwd: "${kubeadmin_password_hash}" + +packages: + - openssh-server + +runcmd: + - systemctl enable --now sshd + - systemctl restart sshd + - [touch, /tmp/cloud-init-complete] diff --git a/tofu/main.tf b/tofu/main.tf new file mode 100644 index 0000000..e0d694a --- /dev/null +++ b/tofu/main.tf @@ -0,0 +1,148 @@ +terraform { + required_providers { + incus = { + source = "lxc/incus" + version = "0.3.1" + } + } +} + +provider "incus" { +} + +resource "incus_project" "kubernetes" { + name = "kubernetes" + description = "Kubernetes project" + + config = { + "features.storage.volumes" = false + "features.images" = false + "features.profiles" = false + "features.storage.buckets" = false + } +} + +locals { + ssh_public_key = trimspace(file("~/.ssh/id_ed25519.pub")) +} + +locals { + kubeadmin_password_hash = trimspace(file("./kubeadmin_password_hash")) +} + +data "template_file" "cloud_init" { + template = file("${path.module}/files/cloud-init.yaml") + vars = { + ssh_public_key = local.ssh_public_key + } +} + +resource "incus_profile" "kubenode" { + name = "kubenode" + project = "kubernetes" + description = "Kubernetes lab node" + + depends_on = [ + incus_project.kubernetes + ] + + config = { + # "linux.kernel_modules" = "ip_tables,ip6_tables,nf_nat,overlay,br_netfilter" + "security.nesting" = "true" + "security.privileged" = "true" + # "security.syscalls.intercept.mknod" = "true" + # "security.syscalls.intercept.mount" = "true" + # "security.syscalls.intercept.setxattr" = "true" + "limits.cpu" = "4" + "limits.memory" = "6GiB" + "limits.memory.swap" = "false" + "boot.autostart" = "true" + "cloud-init.vendor-data" = templatefile( + "${path.module}/files/cloud-init.yaml", { ssh_public_key = local.ssh_public_key, kubeadmin_password_hash = local.kubeadmin_password_hash } + ) + } + + device { + name = "eth0" + type = "nic" + properties = { + network = "incusbr0" + name = "eth0" + } + } + + device { + name = "root" + type = "disk" + properties = { + pool = "default" + path = "/" + } + } +} + +resource "incus_instance" "kube-main" { + name = "kube-main" + type = "virtual-machine" + image = "images:fedora/43/cloud" + profiles = [incus_profile.kubenode.name] + project = incus_project.kubernetes.name + + depends_on = [ + incus_profile.kubenode + ] + + device { + name = "eth0" + type = "nic" + properties = { + network = "incusbr0" + name = "eth0" + "ipv4.address" = "10.1.1.100" + } + } +} + +resource "incus_instance" "kube-worker1" { + name = "kube-worker1" + type = "virtual-machine" + image = "images:fedora/43/cloud" + profiles = [incus_profile.kubenode.name] + project = incus_project.kubernetes.name + + depends_on = [ + incus_profile.kubenode + ] + + device { + name = "eth0" + type = "nic" + properties = { + network = "incusbr0" + name = "eth0" + "ipv4.address" = "10.1.1.101" + } + } +} + +resource "incus_instance" "kube-worker2" { + name = "kube-worker2" + type = "virtual-machine" + image = "images:fedora/43/cloud" + profiles = [incus_profile.kubenode.name] + project = incus_project.kubernetes.name + + depends_on = [ + incus_profile.kubenode + ] + + device { + name = "eth0" + type = "nic" + properties = { + network = "incusbr0" + name = "eth0" + "ipv4.address" = "10.1.1.102" + } + } +}