-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdata.tf
More file actions
159 lines (138 loc) · 6.34 KB
/
data.tf
File metadata and controls
159 lines (138 loc) · 6.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
data "http" "k3s_latest_release" {
count = var.k3s_version == "latest" ? 1 : 0
url = "https://api.github.com/repos/k3s-io/k3s/releases/latest"
request_headers = {
Accept = "application/vnd.github+json"
}
lifecycle {
postcondition {
condition = self.status_code == 200
error_message = "GitHub API returned ${self.status_code} when resolving latest k3s version."
}
}
}
data "http" "github_ssh_keys" {
count = var.github_ssh_keys_username != "" ? 1 : 0
url = "https://github.com/${var.github_ssh_keys_username}.keys"
lifecycle {
postcondition {
condition = self.status_code == 200
error_message = "Failed to fetch SSH keys for GitHub user '${var.github_ssh_keys_username}' (HTTP ${self.status_code})."
}
}
}
resource "random_password" "k3s_token" {
length = 64
special = false
# Only regenerate the token when the cluster identity changes, not on unrelated variable updates
keepers = {
cluster_name = var.cluster_name
}
}
resource "random_password" "longhorn_ui_password" {
length = 24
special = false
keepers = {
cluster_name = var.cluster_name
}
}
resource "random_password" "grafana_admin_password" {
length = 24
special = false
keepers = {
cluster_name = var.cluster_name
}
}
data "cloudinit_config" "k3s_server" {
gzip = true
base64_encode = true
part {
content_type = "text/x-shellscript"
content = join("\n", [
templatefile("${path.module}/files/server-vars.sh.tpl", merge(local.k3s_common_cloud_init_vars, {
k3s_tls_san = local.k3s_internal_lb_ip
k3s_tls_san_public = try(local.public_lb_ip[0], "")
expose_kubeapi = var.expose_kubeapi
compartment_ocid = var.compartment_ocid
availability_domain = var.availability_domain
cluster_name = var.cluster_name
gitops_repo_url = var.gitops_repo_url
longhorn_ui_username = var.longhorn_ui_username
longhorn_ui_password = var.enable_vault ? "" : random_password.longhorn_ui_password.result
grafana_admin_password = var.enable_vault ? "" : random_password.grafana_admin_password.result
vault_secret_id_longhorn_password = var.enable_vault ? oci_vault_secret.longhorn_ui_password[0].id : ""
vault_secret_id_grafana_password = var.enable_vault ? oci_vault_secret.grafana_admin_password[0].id : ""
gateway_api_version = var.gateway_api_version
certmanager_email_address = var.certmanager_email_address
certmanager_chart_version = var.certmanager_chart_version
argocd_chart_version = var.argocd_chart_version
enable_external_dns = var.enable_external_dns
cloudflare_api_token = var.cloudflare_api_token != null ? var.cloudflare_api_token : ""
cloudflare_zone_id = var.cloudflare_zone_id != null ? var.cloudflare_zone_id : ""
external_dns_domain_filter = var.external_dns_domain_filter != null ? var.external_dns_domain_filter : ""
enable_external_secrets = var.enable_external_secrets
vault_ocid = var.enable_vault ? oci_kms_vault.k3s[0].id : ""
oci_region = var.region != null ? var.region : ""
external_secrets_chart_version = var.external_secrets_chart_version
enable_dns01_challenge = var.enable_dns01_challenge
notification_topic_endpoint = var.enable_notifications ? oci_ons_notification_topic.k3s_alerts[0].api_endpoint : ""
mysql_endpoint = var.enable_mysql ? "${oci_mysql_mysql_db_system.k3s[0].endpoints[0].hostname}:${oci_mysql_mysql_db_system.k3s[0].endpoints[0].port}" : ""
mysql_admin_username = var.enable_mysql ? var.mysql_admin_username : ""
mysql_admin_password = var.enable_mysql ? random_password.mysql_admin_password[0].result : ""
dockerhub_username = var.dockerhub_username
dockerhub_password = var.dockerhub_password
grafana_hostname = local.grafana_hostname
})),
file("${path.module}/files/lib/common.sh"),
file("${path.module}/files/lib/k3s-bootstrap.sh"),
file("${path.module}/files/lib/k3s-server.sh"),
])
}
}
data "cloudinit_config" "k3s_worker" {
gzip = true
base64_encode = true
part {
content_type = "text/x-shellscript"
content = join("\n", [
templatefile("${path.module}/files/agent-vars.sh.tpl", local.k3s_common_cloud_init_vars),
file("${path.module}/files/lib/common.sh"),
file("${path.module}/files/lib/k3s-agent.sh"),
])
}
}
data "oci_core_instance_pool_instances" "k3s_servers" {
depends_on = [oci_core_instance_pool.k3s_servers]
compartment_id = var.compartment_ocid
instance_pool_id = oci_core_instance_pool.k3s_servers.id
}
data "oci_core_instance" "k3s_servers" {
count = var.k3s_server_pool_size
instance_id = data.oci_core_instance_pool_instances.k3s_servers.instances[count.index].id
}
data "oci_core_instance_pool_instances" "k3s_workers" {
depends_on = [oci_core_instance_pool.k3s_workers]
compartment_id = var.compartment_ocid
instance_pool_id = oci_core_instance_pool.k3s_workers.id
}
data "oci_core_instance" "k3s_workers" {
count = var.k3s_worker_pool_size
instance_id = data.oci_core_instance_pool_instances.k3s_workers.instances[count.index].id
}
# ── k3s node image (Ubuntu 24.04 aarch64 — A1.Flex) ──────────────────────────
# Auto-resolved from tenancy when os_image_id is not set explicitly.
data "oci_core_images" "k3s_nodes" {
count = var.os_image_id == null ? 1 : 0
compartment_id = var.tenancy_ocid
operating_system = "Canonical Ubuntu"
operating_system_version = "24.04"
shape = var.compute_shape
sort_by = "TIMECREATED"
sort_order = "DESC"
lifecycle {
postcondition {
condition = length(self.images) > 0
error_message = "No Ubuntu 24.04 image found for shape ${var.compute_shape} in tenancy. Set os_image_id explicitly."
}
}
}