Feature: allow the use of private networks #1567
Conversation
xavierleune
force-pushed
the
feature/private-network
branch
from
15e7571 to
e187c93
Compare
|
I attempted to switch to this implementation in an existing cookbook without making any other change to the kube.tf file. I’ve posted the current configuration here. However, I encountered several instances of the following error: Maybe is it expecting to always find the network referenced as an input? If I have some time later today, I’ll try to debug the issue and add more info |
|
@nicolaracco I confirm that the network should always be defined. It must be created before your cluster, because you have to be connected to this network through a non-k8s server. |
|
@mysticaltech do you have an opinion on this PR ? 🙏 |
|
@xavierleune Thanks for this, will review it tonight |
Hey, any updates? |
|
Tested this today (along with NAT + Wireguard) and was able to successfully deploy a cluster with public ips disabled for the nodes. |
|
@xavierleune Here's my test deploy, the one I usually use for everything. Please make sure it deploys, this is important. locals {
# You have the choice of setting your Hetzner API token here or define the TF_VAR_hcloud_token env
# within your shell, such as such: export TF_VAR_hcloud_token=xxxxxxxxxxx
# If you choose to define it in the shell, this can be left as is.
# Your Hetzner token can be found in your Project > Security > API Token (Read & Write is required).
hcloud_token = "xxxxxx"
}
module "kube-hetzner" {
providers = {
hcloud = hcloud
}
hcloud_token = var.hcloud_token != "" ? var.hcloud_token : local.hcloud_token
source = "../kube-hetzner"
cluster_name = "test12"
initial_k3s_channel = "v1.30"
ssh_public_key = file("/home/karim/.ssh/id_ed25519.pub")
ssh_private_key = file("/home/karim/.ssh/id_ed25519")
network_region = "eu-central"
control_plane_nodepools = [
{
name = "control-plane",
server_type = "cx22",
location = "fsn1",
labels = [],
taints = [],
count = 1
}
]
agent_nodepools = [
{
name = "agent-small",
server_type = "cx22",
location = "fsn1",
labels = [],
taints = [],
count = 1
}
]
autoscaler_nodepools = [
{
name = "autoscaled-small"
server_type = "cx22",
location = "fsn1",
min_nodes = 1
max_nodes = 2
}
]
load_balancer_type = "lb11"
load_balancer_location = "fsn1"
}
provider "hcloud" {
token = var.hcloud_token != "" ? var.hcloud_token : local.hcloud_token
}
terraform {
required_version = ">= 1.5.0"
required_providers {
hcloud = {
source = "hetznercloud/hcloud"
version = ">= 1.43.0"
}
}
}
output "kubeconfig" {
value = module.kube-hetzner.kubeconfig
sensitive = true
}
variable "hcloud_token" {
sensitive = true
default = ""
}Currently, having the following error. |
There was a problem hiding this comment.
@xavierleune The ball is in your camp. Please, let's make sure this is fully backward compatible. See above. Thanks!
|
@mysticaltech thanks for your feedback, I'll have a look ! |
|
This is something I am also really looking forward to. I have never done k8s cluster with publicly available nodes, and made me concerned. In fact, I was thinking about creating an own module because of that. But having this here would be way better :-) Big thanks for the implementation! |
Hi there,
First, thank you for this awesome project! 🙌
This feature allows you to deploy k3s using only private IPs on your servers. It requires a VPN and NAT configuration, which are out of scope for this deployment.
This is my very first time working with Terraform, so I'm open to any feedback on this pull request as it can probably be improved.
Have a nice day!
CF #282 #1255