Add L2 Load Balancer (#16)

Co-authored-by: Fedor Batonogov <f.batonogov@yandex.ru>
2025-12-02 18:23:02 +00:00 · 2024-07-27 11:35:15 +03:00
parent 55deb994c6
commit 52a3d0eb3b
31 changed files with 782 additions and 739 deletions
--- a/opentofu/kubeadm/.terraform.lock.hcl
+++ b/opentofu/kubeadm/.terraform.lock.hcl
@@ -2,24 +2,24 @@
 # Manual edits may be lost in future updates.

 provider "registry.opentofu.org/bpg/proxmox" {
-  version     = "0.54.0"
-  constraints = ">= 0.51.0"
+  version     = "0.61.1"
+  constraints = ">= 0.61.1"
  hashes = [
-    "h1:xgDrDol/cYu93YOPTL0UVpURchPzdxPXaHjcoieoXXI=",
-    "zh:4521f8893b4645c93e75ffc3545ea59d3f31aed7cea4c26dcd0fbd7c0cce6ca8",
-    "zh:520e56abd10d888935047ef07a7577c2a1cce5bc54e25b03a0dbdc4356997ca9",
-    "zh:53469dd058ef8b2ea29577f69a2681f8ffb9f79494b8c1d1594dd42ad314d7bd",
-    "zh:6948adb6e088fe652b7273906a5c11032528f84eb5a5ca797534ab3b6076a8c6",
-    "zh:72655e9765b7791e3e37508c70a847172561bff348c7d5f916794e5823a84efe",
-    "zh:7faa281319d90026ad9b2dce00ac059896f451cb9305ed11bb90fcfda7c5d143",
-    "zh:8fe20fa893e9545aa30672392f76948ed56a93a2decb1d3bd8693c5e1d2dd85a",
-    "zh:b175411aa820c1a47473ef691c743670eeb900999576c6cdcb113d14a7c499aa",
-    "zh:b59205ad7981f263ff287d3eb0a93296f8cd6b166a01ddd3b16606fc39d456ec",
+    "h1:SQSHTHj2ThcF08cON2gHYcnkS/XLmoF8E4cRIgpagtE=",
+    "zh:27d8b589a2dc1e0a5b0f8ab299b9f3704a2f0b69799d1d4d8845c68056986d1f",
+    "zh:46dfa6b33ddd7007a2144f38090457604eb56a59a303b37bb0ad1be5c84ddaca",
+    "zh:47a1b14a759393c5ecc76f2feb950677c418c910b8c677fde0dd3e4675c41579",
+    "zh:582e49d109d1c2b1f3b1268a7cbc43548f3c6d96a87c92a5428767097a5e383e",
+    "zh:5e98ad6afae5969a4c3ffb14c0484936550c66c8313d7686551c29b633ff32f2",
+    "zh:7b9e24b76f947ab8f1e571cf61beefc983b7d2aa1b85df35c4f015728fe37a38",
+    "zh:8255ca210f279a0f7b8ca2762df26d2ea1a01704298c5e3d5cf601bd39a743f0",
+    "zh:85d7655fdc95dedced9cf8105a0beeb0d7bc8f668c55f62019a7215a76d60300",
+    "zh:8aeea5a1d001b06baaf923b754e1a14d06c75eb8c8b87a7f65a3c8205fc8b079",
+    "zh:a9cfab6c06f613658c5fdd83742cd22c0eb7563778924b1407965ef8c36c1ce0",
+    "zh:ceaab67801d49a92eb5858b1ddae6df2569462e5ffbe31f9dbd79dcb684ea142",
+    "zh:dc25b506d5c55d1d78a335d3ebd03213c99b4b2a5859812349a955c2f746ff7e",
+    "zh:e04b477fd77a0d37a0bdb76a7cf69184dad9e7fbba9b4f3a378a8901b82b75e5",
+    "zh:f1e6838d9141557f73340df9b21fce5a82b41cc16ae36f063a920ccc36bc0758",
    "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
-    "zh:f3524bc67d995e98ad9d7e17f3be91f7a975608180fad6b227fc42087b5facc1",
-    "zh:f4bf087717e1b0f5f3ee7d3b6b47fb66e5f821097f15ec0cf6714a39c7d80959",
-    "zh:fc14a29b1aef50872d60f338af89f7cbbac307c630f973c07a7951bdde8be2a5",
-    "zh:fc72da3d651bf0f0e20a0860e9217a94797b4c1d5cae1742f1b8e15d28f8ceeb",
-    "zh:fff2299a427e1590775611bf186220686795af966772e61e44234f0df44b6c22",
  ]
 }
--- a/opentofu/kubeadm/control-plane-01.tf
+++ b/opentofu/kubeadm/control-plane-01.tf
@@ -1,70 +0,0 @@
-# Машинка
-resource "proxmox_virtual_environment_vm" "kubeadm-cp-01" {
-  name        = "kubeadm-cp-01"
-  migrate     = true
-  description = "Managed by OpenTofu"
-  tags        = ["kubeadm", "test"]
-  on_boot     = true
-
-  # Указываем целевой узел, на котором будет запущена ВМ
-  node_name = "pve-01"
-
-  # Шоблон из которого будет создавать ВМ
-  clone {
-    vm_id     = "2204"
-    node_name = "pve-01"
-    retries   = 2
-  }
-
-  # Активируем QEMU для этов ВМ
-  agent {
-    enabled = true
-  }
-
-  operating_system {
-    type = "l26"
-  }
-
-  cpu {
-    cores = 4
-    type  = "host"
-    numa  = true
-  }
-
-  memory {
-    dedicated = 4096
-  }
-
-  disk {
-    size         = "50"
-    interface    = "virtio0"
-    datastore_id = "k8s-data-01"
-    file_format  = "raw"
-  }
-
-  network_device {
-    bridge = "vmbr0"
-    model  = "virtio"
-  }
-
-  initialization {
-    datastore_id = "k8s-data-01"
-    ip_config {
-      ipv4 {
-        address = "10.0.70.70/24"
-        gateway = "10.0.70.101"
-      }
-    }
-    dns {
-      servers = [
-        "77.88.8.8"
-      ]
-    }
-    user_account {
-      username = "infra"
-      keys = [
-        "ssh-rsa..."
-      ]
-    }
-  }
-}
--- a/opentofu/kubeadm/control-plane-02.tf
+++ b/opentofu/kubeadm/control-plane-02.tf
@@ -1,70 +0,0 @@
-# Машинка
-resource "proxmox_virtual_environment_vm" "kubeadm-cp-02" {
-  name        = "kubeadm-cp-02"
-  migrate     = true
-  description = "Managed by OpenTofu"
-  tags        = ["kubeadm", "test"]
-  on_boot     = true
-
-  # Указываем целевой узел, на котором будет запущена ВМ
-  node_name = "pve-02"
-
-  # Шоблон из которого будет создавать ВМ
-  clone {
-    vm_id     = "2204"
-    node_name = "pve-01"
-    retries   = 2
-  }
-
-  # Активируем QEMU для этов ВМ
-  agent {
-    enabled = true
-  }
-
-  operating_system {
-    type = "l26"
-  }
-
-  cpu {
-    cores = 4
-    type  = "host"
-    numa  = true
-  }
-
-  memory {
-    dedicated = 4096
-  }
-
-  disk {
-    size         = "50"
-    interface    = "virtio0"
-    datastore_id = "k8s-data-01"
-    file_format  = "raw"
-  }
-
-  network_device {
-    bridge = "vmbr0"
-    model  = "virtio"
-  }
-
-  initialization {
-    datastore_id = "k8s-data-01"
-    ip_config {
-      ipv4 {
-        address = "10.0.70.78/24"
-        gateway = "10.0.70.101"
-      }
-    }
-    dns {
-      servers = [
-        "77.88.8.8"
-      ]
-    }
-    user_account {
-      username = "infra"
-      keys = [
-        "ssh-rsa..."
-      ]
-    }
-  }
-}
--- a/opentofu/kubeadm/control-plane-03.tf
+++ b/opentofu/kubeadm/control-plane-03.tf
@@ -1,70 +0,0 @@
-# Машинка
-resource "proxmox_virtual_environment_vm" "kubeadm-cp-03" {
-  name        = "kubeadm-cp-03"
-  migrate     = true
-  description = "Managed by OpenTofu"
-  tags        = ["kubeadm", "test"]
-  on_boot     = true
-
-  # Указываем целевой узел, на котором будет запущена ВМ
-  node_name = "pve-03"
-
-  # Шоблон из которого будет создавать ВМ
-  clone {
-    vm_id     = "2204"
-    node_name = "pve-01"
-    retries   = 2
-  }
-
-  # Активируем QEMU для этов ВМ
-  agent {
-    enabled = true
-  }
-
-  operating_system {
-    type = "l26"
-  }
-
-  cpu {
-    cores = 4
-    type  = "host"
-    numa  = true
-  }
-
-  memory {
-    dedicated = 4096
-  }
-
-  disk {
-    size         = "50"
-    interface    = "virtio0"
-    datastore_id = "k8s-data-01"
-    file_format  = "raw"
-  }
-
-  network_device {
-    bridge = "vmbr0"
-    model  = "virtio"
-  }
-
-  initialization {
-    datastore_id = "k8s-data-01"
-    ip_config {
-      ipv4 {
-        address = "10.0.70.79/24"
-        gateway = "10.0.70.101"
-      }
-    }
-    dns {
-      servers = [
-        "77.88.8.8"
-      ]
-    }
-    user_account {
-      username = "infra"
-      keys = [
-        "ssh-rsa..."
-      ]
-    }
-  }
-}
--- a/opentofu/kubeadm/control-plane.tf
+++ b/opentofu/kubeadm/control-plane.tf
@@ -0,0 +1,110 @@
+variable "cp_vms" {
+  type = list(object({
+    name      = string
+    address   = string
+    node_name = string
+  }))
+  default = [
+    {
+      name      = "kubeadm-cp-01"
+      address   = "10.0.75.81/24"
+      node_name = "pve-01"
+    },
+    {
+      name      = "kubeadm-cp-02"
+      address   = "10.0.75.82/24"
+      node_name = "pve-02"
+    },
+    {
+      name      = "kubeadm-cp-03"
+      address   = "10.0.75.83/24"
+      node_name = "pve-02"
+    }
+  ]
+}
+
+# Создание виртуальных машин
+resource "proxmox_virtual_environment_vm" "control-plane" {
+  for_each = { for vm in var.cp_vms : vm.name => vm }
+
+  name    = each.value.name
+  migrate = true
+  # protection  = true
+  description = "Managed by OpenTofu"
+  tags        = ["kubeadm", "kubernetes"]
+  on_boot     = true
+  node_name   = each.value.node_name
+
+  clone {
+    vm_id     = "2404"
+    node_name = "pve-01"
+    retries   = 3
+  }
+
+  agent {
+    enabled = true
+  }
+
+  operating_system {
+    type = "l26"
+  }
+
+  cpu {
+    cores = 4
+    type  = "host"
+    numa  = true
+  }
+
+  memory {
+    dedicated = 4096
+  }
+
+  vga {
+    memory = 4
+    type   = "serial0"
+  }
+
+  disk {
+    size         = "20"
+    interface    = "virtio0"
+    datastore_id = "proxmox-data-01"
+    file_format  = "raw"
+  }
+
+  network_device {
+    bridge = "vmbr0"
+    model  = "virtio"
+  }
+
+  initialization {
+    datastore_id = "proxmox-data-01"
+    ip_config {
+      ipv4 {
+        address = each.value.address
+        gateway = "10.0.75.1"
+      }
+    }
+    dns {
+      servers = [
+        "10.0.75.65",
+        "10.0.75.66"
+      ]
+    }
+    user_account {
+      username = "infra"
+      keys = [
+        var.ssh_public_key
+      ]
+    }
+  }
+}
+
+# Создание ресурсов высокой доступности
+# resource "proxmox_virtual_environment_haresource" "patroni" {
+#   for_each = { for vm in var.cp_vms : vm.name => vm }
+
+#   resource_id = "vm:${proxmox_virtual_environment_vm.patroni[each.key].vm_id}"
+#   state       = "started"
+#   group       = "prod"
+#   comment     = "Managed by OpenTofu"
+# }
--- a/opentofu/kubeadm/node-01.tf
+++ b/opentofu/kubeadm/node-01.tf
@@ -1,70 +0,0 @@
-# Машинка
-resource "proxmox_virtual_environment_vm" "kubeadm-node-01" {
-  name        = "kubeadm-node-01"
-  migrate     = true
-  description = "Managed by OpenTofu"
-  tags        = ["kubeadm", "test"]
-  on_boot     = true
-
-  # Указываем целевой узел, на котором будет запущена ВМ
-  node_name = "pve-01"
-
-  # Шоблон из которого будет создавать ВМ
-  clone {
-    vm_id     = "2204"
-    node_name = "pve-01"
-    retries   = 2
-  }
-
-  # Активируем QEMU для этов ВМ
-  agent {
-    enabled = true
-  }
-
-  operating_system {
-    type = "l26"
-  }
-
-  cpu {
-    cores = 4
-    type  = "host"
-    numa  = true
-  }
-
-  memory {
-    dedicated = 32768
-  }
-
-  disk {
-    size         = "500"
-    interface    = "virtio0"
-    datastore_id = "k8s-data-01"
-    file_format  = "raw"
-  }
-
-  network_device {
-    bridge = "vmbr0"
-    model  = "virtio"
-  }
-
-  initialization {
-    datastore_id = "k8s-data-01"
-    ip_config {
-      ipv4 {
-        address = "10.0.70.71/24"
-        gateway = "10.0.70.101"
-      }
-    }
-    dns {
-      servers = [
-        "77.88.8.8"
-      ]
-    }
-    user_account {
-      username = "infra"
-      keys = [
-        "ssh-rsa..."
-      ]
-    }
-  }
-}
--- a/opentofu/kubeadm/node-02.tf
+++ b/opentofu/kubeadm/node-02.tf
@@ -1,70 +0,0 @@
-# Машинка
-resource "proxmox_virtual_environment_vm" "kubeadm-node-02" {
-  name        = "kubeadm-node-02"
-  migrate     = true
-  description = "Managed by OpenTofu"
-  tags        = ["kubeadm", "test"]
-  on_boot     = true
-
-  # Указываем целевой узел, на котором будет запущена ВМ
-  node_name = "pve-02"
-
-  # Шоблон из которого будет создавать ВМ
-  clone {
-    vm_id     = "2204"
-    node_name = "pve-01"
-    retries   = 2
-  }
-
-  # Активируем QEMU для этов ВМ
-  agent {
-    enabled = true
-  }
-
-  operating_system {
-    type = "l26"
-  }
-
-  cpu {
-    cores = 4
-    type  = "host"
-    numa  = true
-  }
-
-  memory {
-    dedicated = 32768
-  }
-
-  disk {
-    size         = "500"
-    interface    = "virtio0"
-    datastore_id = "k8s-data-01"
-    file_format  = "raw"
-  }
-
-  network_device {
-    bridge = "vmbr0"
-    model  = "virtio"
-  }
-
-  initialization {
-    datastore_id = "k8s-data-01"
-    ip_config {
-      ipv4 {
-        address = "10.0.70.77/24"
-        gateway = "10.0.70.101"
-      }
-    }
-    dns {
-      servers = [
-        "77.88.8.8"
-      ]
-    }
-    user_account {
-      username = "infra"
-      keys = [
-        "ssh-rsa..."
-      ]
-    }
-  }
-}
--- a/opentofu/kubeadm/node-03.tf
+++ b/opentofu/kubeadm/node-03.tf
@@ -1,70 +0,0 @@
-# Машинка
-resource "proxmox_virtual_environment_vm" "kubeadm-node-03" {
-  name        = "kubeadm-node-03"
-  migrate     = true
-  description = "Managed by OpenTofu"
-  tags        = ["kubeadm", "test"]
-  on_boot     = true
-
-  # Указываем целевой узел, на котором будет запущена ВМ
-  node_name = "pve-03"
-
-  # Шоблон из которого будет создавать ВМ
-  clone {
-    vm_id     = "2204"
-    node_name = "pve-01"
-    retries   = 2
-  }
-
-  # Активируем QEMU для этов ВМ
-  agent {
-    enabled = true
-  }
-
-  operating_system {
-    type = "l26"
-  }
-
-  cpu {
-    cores = 4
-    type  = "host"
-    numa  = true
-  }
-
-  memory {
-    dedicated = 32768
-  }
-
-  disk {
-    size         = "500"
-    interface    = "virtio0"
-    datastore_id = "k8s-data-01"
-    file_format  = "raw"
-  }
-
-  network_device {
-    bridge = "vmbr0"
-    model  = "virtio"
-  }
-
-  initialization {
-    datastore_id = "k8s-data-01"
-    ip_config {
-      ipv4 {
-        address = "10.0.70.74/24"
-        gateway = "10.0.70.101"
-      }
-    }
-    dns {
-      servers = [
-        "77.88.8.8"
-      ]
-    }
-    user_account {
-      username = "infra"
-      keys = [
-        "ssh-rsa..."
-      ]
-    }
-  }
-}
--- a/opentofu/kubeadm/node.tf
+++ b/opentofu/kubeadm/node.tf
@@ -0,0 +1,110 @@
+variable "node_vms" {
+  type = list(object({
+    name      = string
+    address   = string
+    node_name = string
+  }))
+  default = [
+    {
+      name      = "kubeadm-node-01"
+      address   = "10.0.75.84/24"
+      node_name = "pve-01"
+    },
+    {
+      name      = "kubeadm-node-02"
+      address   = "10.0.75.85/24"
+      node_name = "pve-02"
+    },
+    {
+      name      = "kubeadm-node-03"
+      address   = "10.0.75.86/24"
+      node_name = "pve-02"
+    }
+  ]
+}
+
+# Создание виртуальных машин
+resource "proxmox_virtual_environment_vm" "node" {
+  for_each = { for vm in var.node_vms : vm.name => vm }
+
+  name    = each.value.name
+  migrate = true
+  # protection  = true
+  description = "Managed by OpenTofu"
+  tags        = ["kubeadm", "kubernetes"]
+  on_boot     = true
+  node_name   = each.value.node_name
+
+  clone {
+    vm_id     = "2404"
+    node_name = "pve-01"
+    retries   = 3
+  }
+
+  agent {
+    enabled = true
+  }
+
+  operating_system {
+    type = "l26"
+  }
+
+  cpu {
+    cores = 16
+    type  = "host"
+    numa  = true
+  }
+
+  memory {
+    dedicated = 32768
+  }
+
+  vga {
+    memory = 4
+    type   = "serial0"
+  }
+
+  disk {
+    size         = "20"
+    interface    = "virtio0"
+    datastore_id = "proxmox-data-01"
+    file_format  = "raw"
+  }
+
+  network_device {
+    bridge = "vmbr0"
+    model  = "virtio"
+  }
+
+  initialization {
+    datastore_id = "proxmox-data-01"
+    ip_config {
+      ipv4 {
+        address = each.value.address
+        gateway = "10.0.75.1"
+      }
+    }
+    dns {
+      servers = [
+        "10.0.75.65",
+        "10.0.75.66"
+      ]
+    }
+    user_account {
+      username = "infra"
+      keys = [
+        var.ssh_public_key
+      ]
+    }
+  }
+}
+
+# Создание ресурсов высокой доступности
+# resource "proxmox_virtual_environment_haresource" "patroni" {
+#   for_each = { for vm in var.node_vms : vm.name => vm }
+
+#   resource_id = "vm:${proxmox_virtual_environment_vm.patroni[each.key].vm_id}"
+#   state       = "started"
+#   group       = "prod"
+#   comment     = "Managed by OpenTofu"
+# }
--- a/opentofu/kubeadm/provider.tf
+++ b/opentofu/kubeadm/provider.tf
@@ -2,7 +2,7 @@ terraform {
  required_providers {
    proxmox = {
      source  = "bpg/proxmox"
-      version = ">= 0.51.0"
+      version = ">= 0.61.1"
    }
  }
 }
--- a/opentofu/kubeadm/terraform.tfvars.example
+++ b/opentofu/kubeadm/terraform.tfvars.example
@@ -1,2 +1,3 @@
 virtual_environment_api_token = "root@pam!for-terraform-provider=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
 virtual_environment_endpoint = "https://x.x.x.x:8006/"
+ssh_public_key = "ssh-rsa ..."
--- a/opentofu/kubeadm/variables.tf
+++ b/opentofu/kubeadm/variables.tf
@@ -7,3 +7,8 @@ variable "virtual_environment_api_token" {
  type        = string
  description = "The api roken the Proxmox Virtual Environment API (example: root@pam!for-terraform-provider=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)"
 }
+
+variable "ssh_public_key" {
+  type        = string
+  description = "SSH Puclic key for VMs (example: ssh-rsa ...)"
+}