Add tofu files

2025-11-23 11:22:21 +00:00
parent 0e55da940e
commit 8fc60f9d8b
2 changed files with 166 additions and 0 deletions
--- a/tofu/main.tf
+++ b/tofu/main.tf
@@ -0,0 +1,148 @@
+terraform {
+  required_providers {
+    incus = {
+      source  = "lxc/incus"
+      version = "0.3.1"
+    }
+  }
+}
+
+provider "incus" {
+}
+
+resource "incus_project" "kubernetes" {
+  name        = "kubernetes"
+  description = "Kubernetes project"
+
+  config = {
+    "features.storage.volumes" = false
+    "features.images"          = false
+    "features.profiles"        = false
+    "features.storage.buckets" = false
+  }
+}
+
+locals {
+  ssh_public_key = trimspace(file("~/.ssh/id_ed25519.pub"))
+}
+
+locals {
+  kubeadmin_password_hash = trimspace(file("./kubeadmin_password_hash"))
+}
+
+data "template_file" "cloud_init" {
+  template = file("${path.module}/files/cloud-init.yaml")
+  vars = {
+    ssh_public_key = local.ssh_public_key
+  }
+}
+
+resource "incus_profile" "kubenode" {
+  name        = "kubenode"
+  project     = "kubernetes"
+  description = "Kubernetes lab node"
+
+  depends_on = [
+    incus_project.kubernetes
+  ]
+
+  config = {
+    # "linux.kernel_modules" = "ip_tables,ip6_tables,nf_nat,overlay,br_netfilter"
+    "security.nesting"    = "true"
+    "security.privileged" = "true"
+    # "security.syscalls.intercept.mknod" = "true"
+    # "security.syscalls.intercept.mount" = "true"
+    # "security.syscalls.intercept.setxattr" = "true"
+    "limits.cpu"         = "4"
+    "limits.memory"      = "6GiB"
+    "limits.memory.swap" = "false"
+    "boot.autostart"     = "true"
+    "cloud-init.vendor-data" = templatefile(
+      "${path.module}/files/cloud-init.yaml", { ssh_public_key = local.ssh_public_key, kubeadmin_password_hash = local.kubeadmin_password_hash }
+      )
+  }
+
+  device {
+    name = "eth0"
+    type = "nic"
+    properties = {
+      network = "incusbr0"
+      name    = "eth0"
+    }
+  }
+
+  device {
+    name = "root"
+    type = "disk"
+    properties = {
+      pool = "default"
+      path = "/"
+    }
+  }
+}
+
+resource "incus_instance" "kube-main" {
+  name  = "kube-main"
+  type  = "virtual-machine"
+  image = "images:fedora/43/cloud"
+  profiles = [incus_profile.kubenode.name]
+  project  = incus_project.kubernetes.name
+
+  depends_on = [
+    incus_profile.kubenode
+  ]
+
+  device {
+    name = "eth0"
+    type = "nic"
+    properties = {
+      network        = "incusbr0"
+      name           = "eth0"
+      "ipv4.address" = "10.1.1.100"
+    }
+  }
+}
+
+resource "incus_instance" "kube-worker1" {
+  name     = "kube-worker1"
+  type  = "virtual-machine"
+  image    = "images:fedora/43/cloud"
+  profiles = [incus_profile.kubenode.name]
+  project  = incus_project.kubernetes.name
+
+  depends_on = [
+    incus_profile.kubenode
+  ]
+
+  device {
+    name = "eth0"
+    type = "nic"
+    properties = {
+      network        = "incusbr0"
+      name           = "eth0"
+      "ipv4.address" = "10.1.1.101"
+    }
+  }
+}
+
+resource "incus_instance" "kube-worker2" {
+  name     = "kube-worker2"
+  type  = "virtual-machine"
+  image    = "images:fedora/43/cloud"
+  profiles = [incus_profile.kubenode.name]
+  project  = incus_project.kubernetes.name
+
+  depends_on = [
+    incus_profile.kubenode
+  ]
+
+  device {
+    name = "eth0"
+    type = "nic"
+    properties = {
+      network        = "incusbr0"
+      name           = "eth0"
+      "ipv4.address" = "10.1.1.102"
+    }
+  }
+}