wenzel-felix · wenzel-felix · Apr 10, 2023 · Apr 10, 2023 · Apr 10, 2023
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,14 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "terraform" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
+    labels:
+      - dependencies
+      - terraform
diff --git a/examples/simple-setup/main.tf b/examples/simple-setup/main.tf
@@ -5,3 +5,8 @@ module "rancher" {
   worker_node_count = 1
 }
 
+resource "local_file" "name" {
+  content = module.rancher.kube_config
+  filename = "kubeconfig.yaml"
+}
+
diff --git a/main.tf b/main.tf
@@ -23,7 +23,7 @@ resource "hcloud_network" "main" {
 resource "hcloud_network_subnet" "main" {
   network_id   = hcloud_network.main.id
   type         = "cloud"
-  network_zone = "eu-central"
+  network_zone = var.network_zone
   ip_range     = "10.0.0.0/16"
 }
 
@@ -46,24 +46,24 @@ resource "random_password" "rke2_token" {
 
 locals {
   cluster_loadbalancer_running = length(data.hcloud_load_balancers.rke2_management.load_balancers) > 0
-  cluster_ca   = data.remote_file.kubeconfig.content == "" ? "" : base64decode(yamldecode(data.remote_file.kubeconfig.content).clusters[0].cluster.certificate-authority-data)
-  client_key   = data.remote_file.kubeconfig.content == "" ? "" : base64decode(yamldecode(data.remote_file.kubeconfig.content).users[0].user.client-key-data)
-  client_cert  = data.remote_file.kubeconfig.content == "" ? "" : base64decode(yamldecode(data.remote_file.kubeconfig.content).users[0].user.client-certificate-data)
-  cluster_host = "https://${hcloud_load_balancer.management_lb.ipv4}:6443"
-  kube_config = replace(data.remote_file.kubeconfig.content, "https://127.0.0.1:6443", local.cluster_host)
+  cluster_ca                   = data.remote_file.kubeconfig.content == "" ? "" : base64decode(yamldecode(data.remote_file.kubeconfig.content).clusters[0].cluster.certificate-authority-data)
+  client_key                   = data.remote_file.kubeconfig.content == "" ? "" : base64decode(yamldecode(data.remote_file.kubeconfig.content).users[0].user.client-key-data)
+  client_cert                  = data.remote_file.kubeconfig.content == "" ? "" : base64decode(yamldecode(data.remote_file.kubeconfig.content).users[0].user.client-certificate-data)
+  cluster_host                 = "https://${hcloud_load_balancer.management_lb.ipv4}:6443"
+  kube_config                  = replace(data.remote_file.kubeconfig.content, "https://127.0.0.1:6443", local.cluster_host)
 }
 
 resource "hcloud_server" "master" {
   count       = var.master_node_count
   name        = "rke2-master-${random_string.master_node_suffix[count.index].result}"
   server_type = "cpx21"
   image       = "ubuntu-20.04"
-  location    = "hel1"
+  location    = element(var.node_locations, count.index)
   ssh_keys    = [hcloud_ssh_key.main.id]
   user_data = templatefile("${path.module}/scripts/rke-master.sh.tpl", {
-    RKE_TOKEN      = random_password.rke2_token.result
-    INITIAL_MASTER = count.index == 0 && !local.cluster_loadbalancer_running
-    SERVER_ADDRESS = hcloud_load_balancer.management_lb.ipv4
+    RKE_TOKEN            = random_password.rke2_token.result
+    INITIAL_MASTER       = count.index == 0 && !local.cluster_loadbalancer_running
+    SERVER_ADDRESS       = hcloud_load_balancer.management_lb.ipv4
     INSTALL_RKE2_VERSION = var.rke2_version
   })
 
@@ -100,11 +100,11 @@ resource "hcloud_server" "worker" {
   name        = "rke2-worker-${random_string.worker_node_suffix[count.index].result}"
   server_type = "cpx21"
   image       = "ubuntu-20.04"
-  location    = "hel1"
+  location    = element(var.node_locations, count.index)
   ssh_keys    = [hcloud_ssh_key.main.id]
   user_data = templatefile("${path.module}/scripts/rke-worker.sh.tpl", {
-    RKE_TOKEN      = random_password.rke2_token.result
-    SERVER_ADDRESS = hcloud_load_balancer.management_lb.ipv4
+    RKE_TOKEN            = random_password.rke2_token.result
+    SERVER_ADDRESS       = hcloud_load_balancer.management_lb.ipv4
     INSTALL_RKE2_VERSION = var.rke2_version
   })
 
@@ -143,7 +143,7 @@ resource "hcloud_server_network" "worker" {
 }
 
 resource "local_file" "name" {
-  count = var.generate_ssh_key_file ? 1 : 0
+  count           = var.generate_ssh_key_file ? 1 : 0
   content         = tls_private_key.machines.private_key_openssh
   filename        = "rancher-host-key"
   file_permission = "0600"

diff --git a/variables.tf b/variables.tf
@@ -31,4 +31,16 @@ variable "additional_lb_service_ports" {
   type = list(string)
   default = []
   description = "Define additional service ports for the management cluster loadbalancer."
+}
+
+variable "network_zone" {
+  type = string
+  default = "eu-central"
+  description = "Define the network location for the cluster."
+}
+
+variable "node_locations" {
+  type = list(string)
+  default = ["hel1", "nbg1", "fsn1"]
+  description = "Define the location in which nodes will be deployed. (Most be in the same network zone.)"
 }