117 lines
3.3 KiB
HCL
117 lines
3.3 KiB
HCL
# =============================================================================
|
|
# UpCloud Workload Cluster
|
|
# =============================================================================
|
|
# A lean UCS cluster for running application workloads. No managed data
|
|
# services — those live on the platform cluster. ArgoCD (on the platform
|
|
# cluster) deploys apps to this cluster via the app-of-apps pattern.
|
|
#
|
|
# Platform components deployed by deploy-workload.sh:
|
|
# nginx-ingress, cert-manager, external-dns, external-secrets, alloy
|
|
#
|
|
# Usage:
|
|
# tofu init && tofu plan && tofu apply
|
|
# ./sync-tofu-outputs.sh --env upcloud-workload
|
|
# ./deploy-workload.sh --env upcloud-workload
|
|
# =============================================================================
|
|
|
|
variable "prefix" {
|
|
description = "Prefix for resource names"
|
|
type = string
|
|
default = "devhub-workload"
|
|
}
|
|
|
|
variable "zone" {
|
|
description = "UpCloud zone"
|
|
type = string
|
|
default = "fi-hel1"
|
|
}
|
|
|
|
variable "node_plan" {
|
|
description = "UpCloud server plan for worker nodes"
|
|
type = string
|
|
default = "2xCPU-4GB"
|
|
}
|
|
|
|
variable "node_count" {
|
|
description = "Number of worker nodes"
|
|
type = number
|
|
default = 2
|
|
}
|
|
|
|
variable "network_cidr" {
|
|
description = "CIDR block for the private network"
|
|
type = string
|
|
default = "10.110.0.0/24"
|
|
}
|
|
|
|
variable "control_plane_ip_filter" {
|
|
description = "CIDRs allowed to access the K8s API"
|
|
type = list(string)
|
|
default = ["0.0.0.0/0"]
|
|
}
|
|
|
|
variable "tags" {
|
|
description = "Labels to apply to resources"
|
|
type = map(string)
|
|
default = {
|
|
Environment = "workload"
|
|
ManagedBy = "tofu"
|
|
}
|
|
}
|
|
|
|
# ─── Networking ───────────────────────────────────────────────────────
|
|
|
|
resource "upcloud_router" "kubernetes" {
|
|
name = "${var.prefix}-workload-router"
|
|
}
|
|
|
|
resource "upcloud_gateway" "kubernetes" {
|
|
name = "${var.prefix}-workload-gateway"
|
|
zone = var.zone
|
|
features = ["nat"]
|
|
router {
|
|
id = upcloud_router.kubernetes.id
|
|
}
|
|
}
|
|
|
|
resource "upcloud_network" "kubernetes" {
|
|
name = "${var.prefix}-workload-network"
|
|
zone = var.zone
|
|
router = upcloud_router.kubernetes.id
|
|
|
|
ip_network {
|
|
address = var.network_cidr
|
|
dhcp = true
|
|
dhcp_default_route = true
|
|
family = "IPv4"
|
|
gateway = cidrhost(var.network_cidr, 1)
|
|
}
|
|
|
|
depends_on = [upcloud_gateway.kubernetes]
|
|
}
|
|
|
|
# ─── Kubernetes Cluster ───────────────────────────────────────────────
|
|
|
|
resource "upcloud_kubernetes_cluster" "main" {
|
|
name = "${var.prefix}-workload"
|
|
zone = var.zone
|
|
network = upcloud_network.kubernetes.id
|
|
control_plane_ip_filter = var.control_plane_ip_filter
|
|
|
|
private_node_groups = true
|
|
}
|
|
|
|
resource "upcloud_kubernetes_node_group" "workers" {
|
|
cluster = upcloud_kubernetes_cluster.main.id
|
|
name = "${var.prefix}-workload-workers"
|
|
node_count = var.node_count
|
|
plan = var.node_plan
|
|
anti_affinity = var.node_count > 1
|
|
labels = {
|
|
prefix = var.prefix
|
|
cluster = "workload"
|
|
role = "worker"
|
|
env = lookup(var.tags, "Environment", "workload")
|
|
}
|
|
}
|