nemoinho/base-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make ssh-port of servers initially configurable

Browse Source 
It looks somehow random that the SSH-port was simply defined in the
configuration of the k3s-setup. It looks somehow "configurable" although
it isn't. Therefore I moved this setting to the correct place in the
terraform-setup.

An important side-note is that this change doesn't make it possible to
_change_ the ssh-port, though. Once decided for an port and I have to
stick to it until I tear down the cluster!
This commit is contained in:
Felix Nehrke
2025-09-19 18:03:04 +02:00
parent 9c19a21273
commit adec38e1cd
6 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
infra/inventory.ini.tftpl
View File

@@ -3,6 +3,9 @@
${ip} ${ip}
%{endfor~} %{endfor~}
[server:vars]
ansible_port=${ssh_port}
[agent] [agent]
%{for ip in agent_ips~} %{for ip in agent_ips~}
${ip} ${ip}

2
infra/main.tf
View File

@@ -50,6 +50,7 @@ module "k8s" {
}] }]
kubernetes_exposed_ips = var.expose_kubernetes_and_ssh_ports ? values(data.external.my_ip.result) : [] kubernetes_exposed_ips = var.expose_kubernetes_and_ssh_ports ? values(data.external.my_ip.result) : []
ssh_exposed_ips = var.expose_kubernetes_and_ssh_ports ? values(data.external.my_ip.result) : [] ssh_exposed_ips = var.expose_kubernetes_and_ssh_ports ? values(data.external.my_ip.result) : []
ssh_port = 1022
public_tcp_services = { public_tcp_services = {
git-ssh = ["22"] git-ssh = ["22"]
http = ["80", "443"] http = ["80", "443"]
@@ -63,6 +64,7 @@ resource "local_file" "ansible_inventory" {
agent_ips = module.k8s.agent_ips_v4, agent_ips = module.k8s.agent_ips_v4,
network_cidr = module.k8s.private_network_cidr, network_cidr = module.k8s.private_network_cidr,
private_nat = module.k8s.private_network_nat, private_nat = module.k8s.private_network_nat,
ssh_port = module.k8s.ssh_port,
}) })
} }

2
infra/modules/hetzner/kubernetes/main.tf
View File

@@ -21,7 +21,7 @@ locals {
all_ips = ["0.0.0.0/0", "::/0"] all_ips = ["0.0.0.0/0", "::/0"]
ping_firewall = var.ping_enabled ? { "ping" : [{ protocol = "icmp", port = null }] } : {} ping_firewall = var.ping_enabled ? { "ping" : [{ protocol = "icmp", port = null }] } : {}
k8s_firewall = { "kubernetes" : [{ port = "6443", source_ips = concat([local.network], var.kubernetes_exposed_ips) }] } k8s_firewall = { "kubernetes" : [{ port = "6443", source_ips = concat([local.network], var.kubernetes_exposed_ips) }] }
ssh_firewall = length(var.ssh_exposed_ips) > 0 ? { "ssh" : [{ port = 1022, source_ips = var.ssh_exposed_ips }] } : {} ssh_firewall = length(var.ssh_exposed_ips) > 0 ? { "ssh" : [{ port = var.ssh_port, source_ips = var.ssh_exposed_ips }] } : {}
service_firewalls = { for service, ports in var.public_tcp_services : service => [for port in ports : { port = port }] } service_firewalls = { for service, ports in var.public_tcp_services : service => [for port in ports : { port = port }] }
firewalls = merge( firewalls = merge(
local.ping_firewall, local.ping_firewall,

4
infra/modules/hetzner/kubernetes/outputs.tf
View File

@@ -17,3 +17,7 @@ output "private_network_cidr" {
output "private_network_nat" { output "private_network_nat" {
value = cidrhost(local.subnet_eu_central, 1) value = cidrhost(local.subnet_eu_central, 1)
} }
output "ssh_port" {
value = var.ssh_port
}

5
infra/modules/hetzner/kubernetes/variables.tf
View File

@@ -42,3 +42,8 @@ variable "ssh_exposed_ips" {
type = list(string) type = list(string)
default = [] default = []
} }
variable "ssh_port" {
type = number
default = 1022
}

1
k3s/config.ini
View File

@@ -12,5 +12,4 @@ k3s_version = v1.31.6+k3s1
[server:vars] [server:vars]
ansible_ssh_common_args = '-o StrictHostKeyChecking=accept-new' ansible_ssh_common_args = '-o StrictHostKeyChecking=accept-new'
ansible_port = 1022
k3s_version = v1.31.6+k3s1 k3s_version = v1.31.6+k3s1