Add environments/production/k8s-cluster.tf
Some checks failed
PR Checks / tofu-checks (pull_request) Failing after 2s
1/1 projects applied successfully.

This commit is contained in:
claude 2026-02-14 01:12:30 +01:00
parent c26947696e
commit d78a78004e

View File

@ -0,0 +1,84 @@
# Kubernetes PoC cluster Phase 6
# 2 VMs on NAT bridge vmbr0 (10.10.10.200-201)
# kubeadm + containerd + Calico
#
# Access: DNAT 6443 from bare_srv_1 public IP k8s-master
# Firewall: Proxmox FW on node level restricts 6443 to control plane IP
#
# Cloud image dependency: proxmox_virtual_environment_download_file.ubuntu_2404_cloud (in main.tf)
locals {
k8s_nodes = {
"k8s-master" = {
vm_id = 300
ip_address = "10.10.10.200"
}
"k8s-worker-01" = {
vm_id = 301
ip_address = "10.10.10.201"
}
}
}
module "k8s_node" {
source = "../../modules/k8s-node"
for_each = local.k8s_nodes
name = each.key
vm_id = each.value.vm_id
ip_address = each.value.ip_address
depends_on = [proxmox_virtual_environment_download_file.ubuntu_2404_cloud]
}
# Proxmox node-level FW allow K8s API + ArgoCD from control plane
resource "proxmox_virtual_environment_firewall_rules" "k8s_api_access" {
node_name = "georgeops"
rule {
type = "in"
action = "ACCEPT"
proto = "tcp"
dport = "6443"
source = "78.109.17.180"
comment = "K8s API from control plane (DNAT to k8s-master)"
}
rule {
type = "in"
action = "ACCEPT"
proto = "tcp"
dport = "30443"
source = "78.109.17.180"
comment = "ArgoCD UI from control plane (DNAT to k8s-master)"
}
rule {
type = "in"
action = "ACCEPT"
proto = "tcp"
dport = "9200"
source = "78.109.17.180"
comment = "k8s-master node_exporter (DNAT)"
}
rule {
type = "in"
action = "ACCEPT"
proto = "tcp"
dport = "9201"
source = "78.109.17.180"
comment = "k8s-worker-01 node_exporter (DNAT)"
}
}
output "k8s_nodes" {
description = "K8s cluster nodes"
value = {
for name, node in module.k8s_node : name => {
vm_id = node.vm_id
ip_address = node.ip_address
}
}
}