Add modules/k8s-node/main.tf

2026-02-14 01:12:28 +01:00 · 2026-02-14 01:12:28 +01:00 · 6de60586d6
commit 6de60586d6
parent 727a68c24d
1 changed files with 89 additions and 0 deletions
--- a/modules/k8s-node/main.tf
+++ b/modules/k8s-node/main.tf
@ -0,0 +1,89 @@
+# K8s node module — creates a Kubernetes node VM on vmbr0 (NAT)
+#
+# Resources created:
+# 1. Cloud-init snippet (containerd, kubeadm, kubelet, node_exporter)
+# 2. VM on NAT bridge vmbr0 (firewall=false — NAT breaks with per-NIC FW)
+#
+# No per-VM Proxmox firewall — NAT provides isolation.
+# Host-level INPUT DROP on vmbr0 prevents VM→host access.
+
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "bpg/proxmox"
+      version = "~> 0.90"
+    }
+  }
+}
+
+# ─── Cloud-init snippet ──────────────────────────────────────────────────────
+
+resource "proxmox_virtual_environment_file" "cloud_init" {
+  content_type = "snippets"
+  datastore_id = "local"
+  node_name    = var.node_name
+
+  source_raw {
+    data = templatefile("${path.module}/cloud-init.yaml.tftpl", {
+      hostname = var.name
+      ssh_key  = var.ssh_public_key
+    })
+    file_name = "ci-${var.name}.yaml"
+  }
+}
+
+# ─── VM ───────────────────────────────────────────────────────────────────────
+
+resource "proxmox_virtual_environment_vm" "k8s_node" {
+  depends_on = [proxmox_virtual_environment_file.cloud_init]
+
+  name      = var.name
+  node_name = var.node_name
+  vm_id     = var.vm_id
+  tags      = ["k8s", "tofu", "ubuntu"]
+
+  stop_on_destroy = true
+  started         = true
+  on_boot         = true # K8s nodes auto-start on host reboot
+
+  cpu {
+    cores = var.cpu_cores
+    type  = "x86-64-v2-AES"
+  }
+
+  memory {
+    dedicated = var.ram_mb
+  }
+
+  disk {
+    datastore_id = "local"
+    # Hardcoded path — resource reference forces VM replacement (ForceNew)
+    file_id     = "local:iso/ubuntu-24.04-cloudimg-amd64.img"
+    interface   = "virtio0"
+    size        = var.disk_gb
+    file_format = "qcow2"
+    discard     = "on"
+    iothread    = true
+  }
+
+  network_device {
+    bridge   = "vmbr0"
+    firewall = false # NAT bridge — firewall=true creates fwbr and breaks NAT
+  }
+
+  initialization {
+    datastore_id      = "local"
+    user_data_file_id = proxmox_virtual_environment_file.cloud_init.id
+
+    ip_config {
+      ipv4 {
+        address = "${var.ip_address}/24"
+        gateway = "10.10.10.1"
+      }
+    }
+
+    dns {
+      servers = ["8.8.8.8", "1.1.1.1"]
+    }
+  }
+}