evanespen/infra-k8s
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add tofu files

Browse Source
This commit is contained in:
Evrard Van Espen
2025-11-23 11:22:21 +00:00
parent 0e55da940e
commit 8fc60f9d8b
2 changed files with 166 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
tofu/files/cloud-init.yaml Normal file
View File

@@ -0,0 +1,18 @@
#cloud-config
users:
- name: kubeadmin
gecos: kubeadmin
sudo: ALL=(ALL) NOPASSWD:ALL
groups: wheel, root
lock_passwd: false
ssh_authorized_keys:
- ${ssh_public_key}
passwd: "${kubeadmin_password_hash}"
packages:
- openssh-server
runcmd:
- systemctl enable --now sshd
- systemctl restart sshd
- [touch, /tmp/cloud-init-complete]

148
tofu/main.tf Normal file
View File

@@ -0,0 +1,148 @@
terraform {
required_providers {
incus = {
source = "lxc/incus"
version = "0.3.1"
}
}
}
provider "incus" {
}
resource "incus_project" "kubernetes" {
name = "kubernetes"
description = "Kubernetes project"
config = {
"features.storage.volumes" = false
"features.images" = false
"features.profiles" = false
"features.storage.buckets" = false
}
}
locals {
ssh_public_key = trimspace(file("~/.ssh/id_ed25519.pub"))
}
locals {
kubeadmin_password_hash = trimspace(file("./kubeadmin_password_hash"))
}
data "template_file" "cloud_init" {
template = file("${path.module}/files/cloud-init.yaml")
vars = {
ssh_public_key = local.ssh_public_key
}
}
resource "incus_profile" "kubenode" {
name = "kubenode"
project = "kubernetes"
description = "Kubernetes lab node"
depends_on = [
incus_project.kubernetes
]
config = {
# "linux.kernel_modules" = "ip_tables,ip6_tables,nf_nat,overlay,br_netfilter"
"security.nesting" = "true"
"security.privileged" = "true"
# "security.syscalls.intercept.mknod" = "true"
# "security.syscalls.intercept.mount" = "true"
# "security.syscalls.intercept.setxattr" = "true"
"limits.cpu" = "4"
"limits.memory" = "6GiB"
"limits.memory.swap" = "false"
"boot.autostart" = "true"
"cloud-init.vendor-data" = templatefile(
"${path.module}/files/cloud-init.yaml", { ssh_public_key = local.ssh_public_key, kubeadmin_password_hash = local.kubeadmin_password_hash }
)
}
device {
name = "eth0"
type = "nic"
properties = {
network = "incusbr0"
name = "eth0"
}
}
device {
name = "root"
type = "disk"
properties = {
pool = "default"
path = "/"
}
}
}
resource "incus_instance" "kube-main" {
name = "kube-main"
type = "virtual-machine"
image = "images:fedora/43/cloud"
profiles = [incus_profile.kubenode.name]
project = incus_project.kubernetes.name
depends_on = [
incus_profile.kubenode
]
device {
name = "eth0"
type = "nic"
properties = {
network = "incusbr0"
name = "eth0"
"ipv4.address" = "10.1.1.100"
}
}
}
resource "incus_instance" "kube-worker1" {
name = "kube-worker1"
type = "virtual-machine"
image = "images:fedora/43/cloud"
profiles = [incus_profile.kubenode.name]
project = incus_project.kubernetes.name
depends_on = [
incus_profile.kubenode
]
device {
name = "eth0"
type = "nic"
properties = {
network = "incusbr0"
name = "eth0"
"ipv4.address" = "10.1.1.101"
}
}
}
resource "incus_instance" "kube-worker2" {
name = "kube-worker2"
type = "virtual-machine"
image = "images:fedora/43/cloud"
profiles = [incus_profile.kubenode.name]
project = incus_project.kubernetes.name
depends_on = [
incus_profile.kubenode
]
device {
name = "eth0"
type = "nic"
properties = {
network = "incusbr0"
name = "eth0"
"ipv4.address" = "10.1.1.102"
}
}
}