nemoinho/base-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Define IPs which have access to the kubernetes-API and SSH as variables

Browse Source 
I liked the idea to have these IPs dynamically detected at runtime,
though some research showed that my current provider only renews these
every 180 days, nowadays. So, no need for such a hyper-dynamic solution.
Instead I use a variable now, which brings some other benefits, like
adding arbitrary IPs as well. This might become handy in cases of CI/CD.
This commit is contained in:
Felix Nehrke
2025-10-17 01:54:32 +02:00
parent 6ca0a07522
commit cb97668b63
3 changed files with 10 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
main.tf
View File

@@ -24,14 +24,6 @@ resource "hcloud_primary_ip" "k8s_ipv6" {
auto_delete = !var.k8s_test_installation
}
data "external" "my_ip" {
program = [
"sh",
"-c",
"(dig TXT +short -4 o-o.myaddr.l.google.com @ns1.google.com && dig TXT +short -6 o-o.myaddr.l.google.com @ns1.google.com) | jq '{(.): .}' | jq -s add"
]
}
module "k8s" {
source = "./modules/hetzner/kubernetes"
@@ -48,8 +40,8 @@ module "k8s" {
location = var.k8s_location
count = var.k8s_agent_count
}]
kubernetes_exposed_ips = var.expose_kubernetes_and_ssh_ports ? values(data.external.my_ip.result) : []
ssh_exposed_ips = var.expose_kubernetes_and_ssh_ports ? values(data.external.my_ip.result) : []
kubernetes_exposed_ips = var.kubernetes_allowed_ips
ssh_exposed_ips = var.ssh_allowed_ips
ssh_port = 1022
public_tcp_services = {
git-ssh = ["22"]

11
variables.tf
View File

@@ -1,6 +1,11 @@
variable "expose_kubernetes_and_ssh_ports" {
type = bool
default = false
variable "kubernetes_allowed_ips" {
type = set(string)
description = "A set of IPs (IPv4 and IPv6) which have access to the kubernetes API."
}
variable "ssh_allowed_ips" {
type = set(string)
description = "A set of IPs (IPv4 and IPv6) which can access the cluster via SSH."
}
variable "hetzner_dns_apitoken" {

5
versions.tf
View File

@@ -26,10 +26,6 @@ terraform {
source = "hashicorp/random"
version = "3.7.1"
}
external = {
source = "hashicorp/external"
version = "2.3.4"
}
}
}
@@ -42,4 +38,3 @@ provider "hcloud" {
}
provider "random" {}
provider "external" {}