You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
164 lines
2.7 KiB
HCL
164 lines
2.7 KiB
HCL
terraform {
|
|
required_providers {
|
|
hcloud = {
|
|
source = "hetznercloud/hcloud"
|
|
}
|
|
}
|
|
required_version = ">= 0.14"
|
|
}
|
|
|
|
variable "hcloud_token" {
|
|
sensitive = true
|
|
}
|
|
|
|
provider "hcloud" {
|
|
token = var.hcloud_token
|
|
}
|
|
|
|
resource "hcloud_network" "vnet" {
|
|
name = "cluster-vnet"
|
|
ip_range = "10.0.0.0/16"
|
|
}
|
|
|
|
resource "hcloud_network_subnet" "vnet_subnet" {
|
|
network_id = hcloud_network.vnet.id
|
|
type = "cloud"
|
|
network_zone = "eu-central"
|
|
ip_range = "10.0.0.0/24"
|
|
}
|
|
|
|
resource "hcloud_placement_group" "spread-group" {
|
|
name = "cluster-spread-group"
|
|
type = "spread"
|
|
}
|
|
|
|
resource "hcloud_server" "control" {
|
|
name = "cluster-control"
|
|
image = "ubuntu-22.04"
|
|
location = "nbg1"
|
|
ssh_keys = ["archomen_cloud1", "deepthought_cloud1"]
|
|
server_type = "cx11"
|
|
firewall_ids = [hcloud_firewall.firewall.id]
|
|
placement_group_id = hcloud_placement_group.spread-group.id
|
|
|
|
public_net {
|
|
ipv4_enabled = true
|
|
ipv6_enabled = true
|
|
}
|
|
network {
|
|
network_id = hcloud_network.vnet.id
|
|
ip = "10.0.0.2"
|
|
}
|
|
|
|
depends_on = [
|
|
hcloud_network.vnet
|
|
]
|
|
}
|
|
|
|
resource "hcloud_server" "worker-1" {
|
|
name = "cluster-worker-1"
|
|
image = "ubuntu-20.04"
|
|
location = "nbg1"
|
|
ssh_keys = ["archomen_cloud2", "deepthought_cloud2"]
|
|
server_type = "cx21"
|
|
firewall_ids = [hcloud_firewall.firewall.id]
|
|
placement_group_id = hcloud_placement_group.spread-group.id
|
|
|
|
public_net {
|
|
ipv4_enabled = true
|
|
ipv6_enabled = true
|
|
}
|
|
network {
|
|
network_id = hcloud_network.vnet.id
|
|
ip = "10.0.0.3"
|
|
}
|
|
|
|
depends_on = [
|
|
hcloud_network.vnet
|
|
]
|
|
}
|
|
|
|
resource "hcloud_firewall" "firewall" {
|
|
name = "cluster-firewall"
|
|
## Inbound rules
|
|
rule {
|
|
direction = "in"
|
|
protocol = "icmp"
|
|
source_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
|
|
rule {
|
|
direction = "in"
|
|
protocol = "tcp"
|
|
port = "22"
|
|
source_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
|
|
## Outbound rules
|
|
rule {
|
|
direction = "out"
|
|
protocol = "tcp"
|
|
port = "53"
|
|
destination_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
|
|
rule {
|
|
direction = "out"
|
|
protocol = "udp"
|
|
port = "53"
|
|
destination_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
|
|
rule {
|
|
direction = "out"
|
|
protocol = "udp"
|
|
port = "123"
|
|
destination_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
|
|
rule {
|
|
direction = "out"
|
|
protocol = "tcp"
|
|
port = "80"
|
|
destination_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
|
|
rule {
|
|
direction = "out"
|
|
protocol = "udp"
|
|
port = "443"
|
|
destination_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
|
|
rule {
|
|
direction = "out"
|
|
protocol = "icmp"
|
|
destination_ips = [
|
|
"0.0.0.0/0",
|
|
"::/0"
|
|
]
|
|
}
|
|
|
|
}
|