diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..8d378ee
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,3 @@
+# This is a comment
+# Specify files or directories followed by the owner
+* @khanh-ph
diff --git a/.gitignore b/.gitignore
index d30131c..8304763 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,8 +5,13 @@
*.tfplan
cloud.tf
tmp
+*.tfvars
+
+# Exclude example.tfvars from being ignored
+!example.tfvars
# OS files
Icon*
.DS_Store
-.env*
\ No newline at end of file
+.env*
+
diff --git a/.terraform-docs-config.yaml b/.terraform-docs-config.yaml
index c2ae00c..fccf3ae 100644
--- a/.terraform-docs-config.yaml
+++ b/.terraform-docs-config.yaml
@@ -9,7 +9,7 @@ sort:
by: name
settings:
- anchor: true
+ anchor: false
color: true
default: true
description: false
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
index 47751ee..51f0c0c 100644
--- a/.terraform.lock.hcl
+++ b/.terraform.lock.hcl
@@ -2,42 +2,43 @@
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/null" {
- version = "3.2.1"
+ version = "3.2.2"
+ constraints = "3.2.2"
hashes = [
- "h1:ydA0/SNRVB1o95btfshvYsmxA+jZFRZcvKzZSB+4S1M=",
- "zh:58ed64389620cc7b82f01332e27723856422820cfd302e304b5f6c3436fb9840",
- "zh:62a5cc82c3b2ddef7ef3a6f2fedb7b9b3deff4ab7b414938b08e51d6e8be87cb",
- "zh:63cff4de03af983175a7e37e52d4bd89d990be256b16b5c7f919aff5ad485aa5",
- "zh:74cb22c6700e48486b7cabefa10b33b801dfcab56f1a6ac9b6624531f3d36ea3",
+ "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=",
+ "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7",
+ "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a",
+ "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3",
+ "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606",
+ "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546",
+ "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539",
+ "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452",
"zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
- "zh:79e553aff77f1cfa9012a2218b8238dd672ea5e1b2924775ac9ac24d2a75c238",
- "zh:a1e06ddda0b5ac48f7e7c7d59e1ab5a4073bbcf876c73c0299e4610ed53859dc",
- "zh:c37a97090f1a82222925d45d84483b2aa702ef7ab66532af6cbcfb567818b970",
- "zh:e4453fbebf90c53ca3323a92e7ca0f9961427d2f0ce0d2b65523cc04d5d999c2",
- "zh:e80a746921946d8b6761e77305b752ad188da60688cfd2059322875d363be5f5",
- "zh:fbdb892d9822ed0e4cb60f2fedbdbb556e4da0d88d3b942ae963ed6ff091e48f",
- "zh:fca01a623d90d0cad0843102f9b8b9fe0d3ff8244593bd817f126582b52dd694",
+ "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422",
+ "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae",
+ "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1",
+ "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e",
]
}
provider "registry.terraform.io/telmate/proxmox" {
- version = "2.9.14"
- constraints = "2.9.14"
+ version = "3.0.1-rc3"
+ constraints = "3.0.1-rc3"
hashes = [
- "h1:asZa5VKbWeCpLNv1JAutt5CdD27HaGFjxxcr6mvn8Ps=",
- "zh:0d049d33f705e5b814d30028770c084151218439424e99684ce31d7e26a720b5",
- "zh:20b1c64ed56d81de95f3f37b82b45b4654c0de26670c0e87a474c5cce13cd015",
- "zh:2946058abd1d8e50e475b9ec39781eb02576b40dbd80f4653fade4493a4514c6",
- "zh:29e50a25c456f040ce072f23ac57b5b82ebd3b916ca5ae6688332b5ec62adc4a",
- "zh:3612932306ce5f08db94868f526cbb8c56d0d3c6ebe1c11a83f92bbf94354296",
- "zh:42d1699b0abebaac82ea5a19f4393541d8bb2741bde204a8ac1028cdc29d1b14",
- "zh:5ffd5dc567262eb8aafdf2f6eac63f7f21361da9c5d75a3c36b479638a0001b0",
- "zh:6692ef323e3b89de99934ad731f6a1850525bf8142916ae28ea4e4048d73a787",
- "zh:a5afc98e9a4038516bb58e788cb77dea67a60dce780dfcd206d7373c5a56b776",
- "zh:bf902cded709d84fa27fbf91b589c241f2238a6c4924e4e479eebd74320b93a5",
- "zh:cab0e1e72c9cebcf669fc6f35ec28cb8ab2dffb0237afc8860aa40d23bf8a49f",
- "zh:e523b99a48beec83d9bc04b2d336266044f9f53514cefb652fe6768611847196",
- "zh:f593915e8a24829d322d2eaeedcb153328cf9042f0d84f66040dde1be70ede04",
- "zh:fba1aff541133e2129dfda0160369635ab48503d5c44b8407ce5922ecc15d0bd",
+ "h1:T4bbKkNL+iIAcGrtVv0CUnTkrBkHclX9Vc/e+t+o1l4=",
+ "zh:3699c41289c6fbe0f33b6c54360d43dcfba429de5fbf49506df9276d03aea915",
+ "zh:486c9ddda427d3fecdc6dfa189fce85c4a2aa1f490b024d636c0ac6a4dd3c692",
+ "zh:6091e141a0b8dcb1632c31e0f9555117bb023176c5d083f0e03441bbcf673a4e",
+ "zh:63d312c2c2994ed39dcb47b4d43c89990bd5fff20dbda63cddfb11c9202270f4",
+ "zh:6e69c70a85cfa720f543090ee3ce7d2eb2902df19657121b8b7ae64d44875d9f",
+ "zh:897b9f6075262fc9533f87d470217b14ae82614c6818a26b578a6d41c403d4eb",
+ "zh:91c24bd374fb8ee0c9e4e1c213d157139c047be78b0cafac3c4c9724db8083b0",
+ "zh:a224b58759314dc045fdbfc88b63b036b8ca6f75ad32606e94b553f150077c13",
+ "zh:a56e940c71b45e222c69a2a45388b58ed319836b922f84f62bded5b063662f4a",
+ "zh:b2e0a83aa535cd3493fbc7485d05d1a823c48bf487e313703f01a17edc631908",
+ "zh:ba0ad4fea8ba3b01c67fb164ed92fa927ac70d2d898378d192a01e818fcf6bee",
+ "zh:c49ebe13e7011d35d72e8e6a720df83f21c106444ef4383c5d6c0015aee55db6",
+ "zh:c53e2775040e103aedcce06b9acb79ca5fccdb4c578a4b6e32489c89e9c652dc",
+ "zh:c9002cc470ccfd8cd298d5655cf76af84b1d8a200207973d9ad80235818e89e3",
]
}
diff --git a/README.md b/README.md
index 3fba6fb..c339983 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@ This project allows you to create a Kubernetes cluster on [Proxmox VE](https://p
Ensure the following software versions are installed:
-* [Proxmox VE](https://www.proxmox.com/en/proxmox-ve/get-started/) `>=7.3.3`
+* [Proxmox VE](https://www.proxmox.com/en/proxmox-ve/get-started/) `7.x` or `8.x`.
* [Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli/) `>=1.3.3`
> Kubespray will be set up automatically.
@@ -30,29 +30,25 @@ Follow these steps to use the project:
1. Clone the repo:
- ```sh
- $ git clone https://github.com/khanh-ph/proxmox-kubernetes.git
- ```
-
+ ```sh
+ $ git clone https://github.com/khanh-ph/proxmox-kubernetes.git
+ ```
2. Open the `example.tfvars` file in a text editor and update all the mandatory variables with your own values.
-
3. Initialize the Terraform working directory.
- ```sh
- $ terraform init
- ```
-
+ ```sh
+ $ terraform init
+ ```
4. Generate an execution plan and review the output to ensure that the planned changes align with your expectations.
- ```sh
- $ terraform plan -var-file="example.tfvars"
- ```
-
+ ```sh
+ $ terraform plan -var-file="example.tfvars"
+ ```
5. If you're satisfied with the plan and ready to apply the changes. Run the following command:
- ```sh
- $ terraform apply -var-file="example.tfvars"
- ```
+ ```sh
+ $ terraform apply -var-file="example.tfvars"
+ ```
## Terraform configurations
@@ -63,49 +59,49 @@ The project provides several Terraform variables that allow you to customize the
| Name | Description | Type | Default | Required |
|------|-------------|------|---------|:--------:|
-| [env\_name](#input\_env\_name) | The stage of the development lifecycle for the k8s cluster. Example: `prod`, `dev`, `qa`, `stage`, `test` | `string` | `"test"` | no |
-| [location](#input\_location) | The city or region where the cluster is provisioned | `string` | `null` | no |
-| [cluster\_number](#input\_cluster\_number) | The instance count for the k8s cluster, to differentiate it from other clusters. Example: `00`, `01` | `string` | `"01"` | no |
-| [cluster\_domain](#input\_cluster\_domain) | The cluster domain name | `string` | `"local"` | no |
-| [use\_legacy\_naming\_convention](#input\_use\_legacy\_naming\_convention) | A boolean value that indicates whether to use legacy naming convention for the VM and cluster name. If your cluster was provisioned using version <= 3.x, set it to `true` | `bool` | `false` | no |
-| [pm\_api\_url](#input\_pm\_api\_url) | The base URL for Proxmox VE API. See https://pve.proxmox.com/wiki/Proxmox_VE_API#API_URL | `string` | n/a | yes |
-| [pm\_api\_token\_id](#input\_pm\_api\_token\_id) | The token ID to access Proxmox VE API. | `string` | n/a | yes |
-| [pm\_api\_token\_secret](#input\_pm\_api\_token\_secret) | The UUID/secret of the token defined in the variable `pm_api_token_id`. | `string` | n/a | yes |
-| [pm\_tls\_insecure](#input\_pm\_tls\_insecure) | Disable TLS verification while connecting to the Proxmox VE API server. | `bool` | n/a | yes |
-| [pm\_host](#input\_pm\_host) | The name of Proxmox node where the VM is placed. | `string` | n/a | yes |
-| [pm\_parallel](#input\_pm\_parallel) | The number of simultaneous Proxmox processes. E.g: creating resources. | `number` | `2` | no |
-| [pm\_timeout](#input\_pm\_timeout) | Timeout value (seconds) for proxmox API calls. | `number` | `600` | no |
-| [internal\_net\_name](#input\_internal\_net\_name) | Name of the internal network bridge | `string` | `"vmbr1"` | no |
-| [internal\_net\_subnet\_cidr](#input\_internal\_net\_subnet\_cidr) | CIDR of the internal network | `string` | `"10.0.1.0/24"` | no |
-| [ssh\_private\_key](#input\_ssh\_private\_key) | SSH private key in base64, will be used by Terraform client to connect to the VM after provisioning | `string` | n/a | yes |
-| [ssh\_public\_keys](#input\_ssh\_public\_keys) | SSH public keys in base64 | `string` | n/a | yes |
-| [vm\_user](#input\_vm\_user) | The default user for all VMs | `string` | `"ubuntu"` | no |
-| [vm\_sockets](#input\_vm\_sockets) | Number of the CPU socket to allocate to the VMs | `number` | `1` | no |
-| [vm\_max\_vcpus](#input\_vm\_max\_vcpus) | The maximum CPU cores available per CPU socket to allocate to the VM | `number` | `2` | no |
-| [vm\_cpu\_type](#input\_vm\_cpu\_type) | The type of CPU to emulate in the Guest | `string` | `"host"` | no |
-| [vm\_os\_disk\_storage](#input\_vm\_os\_disk\_storage) | Default storage pool where OS VM disk is placed | `string` | n/a | yes |
-| [add\_worker\_node\_data\_disk](#input\_add\_worker\_node\_data\_disk) | A boolean value that indicates whether to add a data disk to each worker node of the cluster | `bool` | `false` | no |
-| [worker\_node\_data\_disk\_storage](#input\_worker\_node\_data\_disk\_storage) | The storage pool where the data disk is placed | `string` | `""` | no |
-| [worker\_node\_data\_disk\_size](#input\_worker\_node\_data\_disk\_size) | The size of worker node data disk in Gigabyte | `string` | `10` | no |
-| [vm\_ubuntu\_tmpl\_name](#input\_vm\_ubuntu\_tmpl\_name) | Name of Cloud-init template Ubuntu VM | `string` | `"ubuntu-2204"` | no |
-| [bastion\_ssh\_ip](#input\_bastion\_ssh\_ip) | IP of the bastion host, could be either public IP or local network IP of the bastion host | `string` | `""` | no |
-| [bastion\_ssh\_user](#input\_bastion\_ssh\_user) | The user to authenticate to the bastion host | `string` | `"ubuntu"` | no |
-| [bastion\_ssh\_port](#input\_bastion\_ssh\_port) | The SSH port number on the bastion host | `number` | `22` | no |
-| [vm\_k8s\_control\_plane](#input\_vm\_k8s\_control\_plane) | Control Plane VM specification | `object({ node_count = number, vcpus = number, memory = number, disk_size = number })` | {
"disk_size": 20,
"memory": 1536,
"node_count": 1,
"vcpus": 2
} | no |
-| [vm\_k8s\_worker](#input\_vm\_k8s\_worker) | Worker VM specification | `object({ node_count = number, vcpus = number, memory = number, disk_size = number })` | {
"disk_size": 20,
"memory": 2048,
"node_count": 2,
"vcpus": 2
} | no |
-| [create\_kubespray\_host](#input\_create\_kubespray\_host) | Kubernetes settings ####################################################################### | `bool` | `true` | no |
-| [kubespray\_image](#input\_kubespray\_image) | n/a | `string` | `"khanhphhub/kubespray:v2.22.0"` | no |
-| [kube\_version](#input\_kube\_version) | Kubernetes version | `string` | `"v1.24.6"` | no |
-| [kube\_network\_plugin](#input\_kube\_network\_plugin) | The network plugin to be installed on your cluster. Example: `cilium`, `calico`, `kube-ovn`, `weave` or `flannel` | `string` | `"calico"` | no |
-| [enable\_nodelocaldns](#input\_enable\_nodelocaldns) | A boolean value that indicates whether to enable nodelocal dns cache on your cluster | `bool` | `false` | no |
-| [podsecuritypolicy\_enabled](#input\_podsecuritypolicy\_enabled) | A boolean value that indicates whether to enable pod security policy on your cluster (RBAC must be enabled either by having 'RBAC' in authorization\_modes or kubeadm enabled) | `bool` | `false` | no |
-| [persistent\_volumes\_enabled](#input\_persistent\_volumes\_enabled) | A boolean value that indicates whether to add Persistent Volumes Storage Class for corresponding cloud provider (supported: in-tree OpenStack, Cinder CSI, AWS EBS CSI, Azure Disk CSI, GCP Persistent Disk CSI) | `bool` | `false` | no |
-| [helm\_enabled](#input\_helm\_enabled) | A boolean value that indicates whether to enable Helm on your cluster | `bool` | `false` | no |
-| [ingress\_nginx\_enabled](#input\_ingress\_nginx\_enabled) | A boolean value that indicates whether to enable Nginx ingress on your cluster | `bool` | `false` | no |
-| [argocd\_enabled](#input\_argocd\_enabled) | A boolean value that indicates whether to enable ArgoCD on your cluster | `bool` | `false` | no |
-| [argocd\_version](#input\_argocd\_version) | The ArgoCD version to be installed | `string` | `"v2.4.12"` | no |
+| env\_name | The stage of the development lifecycle for the k8s cluster. Example: `prod`, `dev`, `qa`, `stage`, `test` | `string` | `"test"` | no |
+| location | The city or region where the cluster is provisioned | `string` | `null` | no |
+| cluster\_number | The instance count for the k8s cluster, to differentiate it from other clusters. Example: `00`, `01` | `string` | `"01"` | no |
+| cluster\_domain | The cluster domain name | `string` | `"local"` | no |
+| use\_legacy\_naming\_convention | Whether to use legacy naming convention for the VM and cluster name. If your cluster was provisioned using version <= 3.x, set it to `true` | `bool` | `false` | no |
+| pm\_api\_url | The base URL for Proxmox VE API. See https://pve.proxmox.com/wiki/Proxmox_VE_API#API_URL | `string` | n/a | yes |
+| pm\_api\_token\_id | The token ID to access Proxmox VE API. | `string` | n/a | yes |
+| pm\_api\_token\_secret | The UUID/secret of the token defined in the variable `pm_api_token_id`. | `string` | n/a | yes |
+| pm\_tls\_insecure | Disable TLS verification while connecting to the Proxmox VE API server. | `bool` | n/a | yes |
+| pm\_host | The name of Proxmox node where the VM is placed. | `string` | n/a | yes |
+| pm\_parallel | The number of simultaneous Proxmox processes. E.g: creating resources. | `number` | `2` | no |
+| pm\_timeout | Timeout value (seconds) for proxmox API calls. | `number` | `600` | no |
+| internal\_net\_name | Name of the internal network bridge | `string` | `"vmbr1"` | no |
+| internal\_net\_subnet\_cidr | CIDR of the internal network | `string` | `"10.0.1.0/24"` | no |
+| ssh\_private\_key | SSH private key in base64, will be used by Terraform client to connect to the Kubespray VM after provisioning. We can set its sensitivity to false; otherwise, the output of the Kubespray script will be hidden. | `string` | n/a | yes |
+| ssh\_public\_keys | SSH public keys in base64 | `string` | n/a | yes |
+| vm\_user | The default user for all VMs | `string` | `"ubuntu"` | no |
+| vm\_sockets | Number of the CPU socket to allocate to the VMs | `number` | `1` | no |
+| vm\_max\_vcpus | The maximum CPU cores available per CPU socket to allocate to the VM | `number` | `2` | no |
+| vm\_cpu\_type | The type of CPU to emulate in the Guest | `string` | `"host"` | no |
+| vm\_os\_disk\_storage | Default storage pool where OS VM disk is placed | `string` | n/a | yes |
+| add\_worker\_node\_data\_disk | Whether to add a data disk to each worker node of the cluster | `bool` | `false` | no |
+| worker\_node\_data\_disk\_storage | The storage pool where the data disk is placed | `string` | `""` | no |
+| worker\_node\_data\_disk\_size | The size of worker node data disk in Gigabyte | `string` | `10` | no |
+| vm\_ubuntu\_tmpl\_name | Name of Cloud-init template Ubuntu VM | `string` | `"ubuntu-2404"` | no |
+| bastion\_ssh\_ip | IP of the bastion host, could be either public IP or local network IP of the bastion host | `string` | `""` | no |
+| bastion\_ssh\_user | The user to authenticate to the bastion host | `string` | `"ubuntu"` | no |
+| bastion\_ssh\_port | The SSH port number on the bastion host | `number` | `22` | no |
+| vm\_k8s\_control\_plane | Control Plane VM specification | `object({ node_count = number, vcpus = number, memory = number, disk_size = number })` | {
"disk_size": 20,
"memory": 1536,
"node_count": 1,
"vcpus": 2
} | no |
+| vm\_k8s\_worker | Worker VM specification | `object({ node_count = number, vcpus = number, memory = number, disk_size = number })` | {
"disk_size": 20,
"memory": 2048,
"node_count": 2,
"vcpus": 2
} | no |
+| create\_kubespray\_host | Whether to provision the Kubespray as a VM | `bool` | `true` | no |
+| kubespray\_image | The Docker image to deploy Kubespray | `string` | `"quay.io/kubespray/kubespray:v2.25.0"` | no |
+| kube\_version | Kubernetes version | `string` | `"v1.29.5"` | no |
+| kube\_network\_plugin | The network plugin to be installed on your cluster. Example: `cilium`, `calico`, `kube-ovn`, `weave` or `flannel` | `string` | `"calico"` | no |
+| enable\_nodelocaldns | Whether to enable nodelocal dns cache on your cluster | `bool` | `false` | no |
+| podsecuritypolicy\_enabled | Whether to enable pod security policy on your cluster (RBAC must be enabled either by having 'RBAC' in authorization\_modes or kubeadm enabled) | `bool` | `false` | no |
+| persistent\_volumes\_enabled | Whether to add Persistent Volumes Storage Class for corresponding cloud provider (supported: in-tree OpenStack, Cinder CSI, AWS EBS CSI, Azure Disk CSI, GCP Persistent Disk CSI) | `bool` | `false` | no |
+| helm\_enabled | Whether to enable Helm on your cluster | `bool` | `false` | no |
+| ingress\_nginx\_enabled | Whether to enable Nginx ingress on your cluster | `bool` | `false` | no |
+| argocd\_enabled | Whether to enable ArgoCD on your cluster | `bool` | `false` | no |
+| argocd\_version | The ArgoCD version to be installed | `string` | `"v2.11.4"` | no |
## Blog posts
-For more detailed instructions, refer to the following blog post: [Create a Kubernetes cluster on Proxmox with Terraform & Kubespray](https://www.khanhph.com/install-proxmox-kubernetes/)
+For more detailed instructions, refer to the following blog post: [Create a Kubernetes cluster on Proxmox with Terraform & Kubespray](https://www.khanhph.com/install-proxmox-kubernetes/)
diff --git a/example.tfvars b/example.tfvars
index d85c296..6593e6a 100644
--- a/example.tfvars
+++ b/example.tfvars
@@ -11,7 +11,7 @@ use_legacy_naming_convention = false
# Proxmox VE
########################################################################
# Proxmox VE API details and VM hosting configuration
-# API token guide: https://registry.terraform.io/providers/Telmate/proxmox/2.9.14/docs
+# API token guide: https://registry.terraform.io/providers/Telmate/proxmox/latest/docs
pm_api_url = "https://your-proxmox-url/api"
pm_api_token_id = "your-api-token-id"
pm_api_token_secret = "your-api-token-secret"
@@ -63,7 +63,7 @@ vm_k8s_worker = {
# Kubernetes settings
########################################################################
-kube_version = "v1.24.6"
+kube_version = "v1.29.5"
kube_network_plugin = "calico"
enable_nodelocaldns = false
podsecuritypolicy_enabled = false
@@ -71,4 +71,4 @@ persistent_volumes_enabled = false
helm_enabled = false
ingress_nginx_enabled = false
argocd_enabled = false
-argocd_version = "v2.4.12"
\ No newline at end of file
+argocd_version = "v2.11.4"
\ No newline at end of file
diff --git a/modules/proxmox_ubuntu_vm/.terraform.lock.hcl b/modules/proxmox_ubuntu_vm/.terraform.lock.hcl
new file mode 100644
index 0000000..dccb359
--- /dev/null
+++ b/modules/proxmox_ubuntu_vm/.terraform.lock.hcl
@@ -0,0 +1,24 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/telmate/proxmox" {
+ version = "3.0.1-rc3"
+ constraints = "3.0.1-rc3"
+ hashes = [
+ "h1:T4bbKkNL+iIAcGrtVv0CUnTkrBkHclX9Vc/e+t+o1l4=",
+ "zh:3699c41289c6fbe0f33b6c54360d43dcfba429de5fbf49506df9276d03aea915",
+ "zh:486c9ddda427d3fecdc6dfa189fce85c4a2aa1f490b024d636c0ac6a4dd3c692",
+ "zh:6091e141a0b8dcb1632c31e0f9555117bb023176c5d083f0e03441bbcf673a4e",
+ "zh:63d312c2c2994ed39dcb47b4d43c89990bd5fff20dbda63cddfb11c9202270f4",
+ "zh:6e69c70a85cfa720f543090ee3ce7d2eb2902df19657121b8b7ae64d44875d9f",
+ "zh:897b9f6075262fc9533f87d470217b14ae82614c6818a26b578a6d41c403d4eb",
+ "zh:91c24bd374fb8ee0c9e4e1c213d157139c047be78b0cafac3c4c9724db8083b0",
+ "zh:a224b58759314dc045fdbfc88b63b036b8ca6f75ad32606e94b553f150077c13",
+ "zh:a56e940c71b45e222c69a2a45388b58ed319836b922f84f62bded5b063662f4a",
+ "zh:b2e0a83aa535cd3493fbc7485d05d1a823c48bf487e313703f01a17edc631908",
+ "zh:ba0ad4fea8ba3b01c67fb164ed92fa927ac70d2d898378d192a01e818fcf6bee",
+ "zh:c49ebe13e7011d35d72e8e6a720df83f21c106444ef4383c5d6c0015aee55db6",
+ "zh:c53e2775040e103aedcce06b9acb79ca5fccdb4c578a4b6e32489c89e9c652dc",
+ "zh:c9002cc470ccfd8cd298d5655cf76af84b1d8a200207973d9ad80235818e89e3",
+ ]
+}
diff --git a/modules/proxmox_ubuntu_vm/main.tf b/modules/proxmox_ubuntu_vm/main.tf
index 959eac8..275e601 100644
--- a/modules/proxmox_ubuntu_vm/main.tf
+++ b/modules/proxmox_ubuntu_vm/main.tf
@@ -4,7 +4,7 @@ terraform {
required_providers {
proxmox = {
source = "telmate/proxmox"
- version = "2.9.14"
+ version = "3.0.1-rc3"
}
}
}
@@ -27,27 +27,37 @@ resource "proxmox_vm_qemu" "ubuntu_vm" {
scsihw = "virtio-scsi-single"
hotplug = "network,disk,usb,memory,cpu"
numa = true
- automatic_reboot = false
+ automatic_reboot = true
desc = "This VM is managed by Terraform, cloned from an Cloud-init Ubuntu image, configured with an internal network and supports CPU hotplug/hot unplug and memory hotplug capabilities."
tags = var.vm_tags
- disk {
- slot = 0
- type = "virtio"
- storage = var.vm_os_disk_storage
- size = "${var.vm_os_disk_size_gb}G"
- iothread = 1
- }
-
- dynamic "disk" {
- for_each = var.add_worker_node_data_disk ? [var.worker_node_data_disk_size] : []
+ disks {
+ virtio {
+ virtio0 {
+ disk {
+ size = "${var.vm_os_disk_size_gb}G"
+ storage = var.vm_os_disk_storage
+ iothread = true
+ }
+ }
- content {
- slot = 1
- type = "virtio"
- storage = var.worker_node_data_disk_storage
- size = "${var.worker_node_data_disk_size}G"
- iothread = 1
+ dynamic "virtio1" {
+ for_each = var.add_worker_node_data_disk ? [var.worker_node_data_disk_size] : []
+ content {
+ disk {
+ size = "${var.worker_node_data_disk_size}G"
+ storage = var.worker_node_data_disk_storage
+ iothread = true
+ }
+ }
+ }
+ }
+ ide {
+ ide0 {
+ cloudinit {
+ storage = var.vm_os_disk_storage
+ }
+ }
}
}
diff --git a/modules/proxmox_ubuntu_vm/variables.tf b/modules/proxmox_ubuntu_vm/variables.tf
index c937d2e..6d5eeda 100644
--- a/modules/proxmox_ubuntu_vm/variables.tf
+++ b/modules/proxmox_ubuntu_vm/variables.tf
@@ -88,7 +88,7 @@ variable "vm_os_disk_storage" {
variable "vm_ubuntu_tmpl_name" {
type = string
description = "Name of Cloud-init template Ubuntu VM."
- default = "ubuntu-2204"
+ default = "ubuntu-2404"
}
variable "vm_host_number" {
diff --git a/providers.tf b/providers.tf
index 2b7bd61..6eee723 100644
--- a/providers.tf
+++ b/providers.tf
@@ -4,11 +4,11 @@ terraform {
required_providers {
proxmox = {
source = "telmate/proxmox"
- version = "2.9.14"
+ version = "3.0.1-rc3"
}
null = {
source = "hashicorp/null"
- version = "3.2.1"
+ version = "3.2.2"
}
}
}
diff --git a/scripts/setup_kubespray.sh b/scripts/setup_kubespray.sh
index c0eb7b3..2f21148 100644
--- a/scripts/setup_kubespray.sh
+++ b/scripts/setup_kubespray.sh
@@ -42,6 +42,16 @@ if ! command -v docker &> /dev/null; then
exit 1
fi
+# Check and add DPkg::Lock::Timeout=600 to apt-get install if not already present
+ if ! grep -q 'apt-get install.*DPkg::Lock::Timeout=600' get-docker.sh; then
+ sed -i 's/apt-get install/apt-get install -o DPkg::Lock::Timeout=600/g' get-docker.sh
+ fi
+
+ # Check and add DPkg::Lock::Timeout=600 to apt-get update if not already present
+ if ! grep -q 'apt-get update.*DPkg::Lock::Timeout=600' get-docker.sh; then
+ sed -i 's/apt-get update/apt-get update -o DPkg::Lock::Timeout=600/g' get-docker.sh
+ fi
+
# Install Docker
if ! sudo sh get-docker.sh; then
echo "Error installing Docker. Exiting." >&2
diff --git a/variables.tf b/variables.tf
index fa4dfbb..4c3e02f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -31,7 +31,7 @@ locals {
variable "use_legacy_naming_convention" {
type = bool
- description = "A boolean value that indicates whether to use legacy naming convention for the VM and cluster name. If your cluster was provisioned using version <= 3.x, set it to `true`"
+ description = "Whether to use legacy naming convention for the VM and cluster name. If your cluster was provisioned using version <= 3.x, set it to `true`"
default = false
}
@@ -87,12 +87,14 @@ variable "internal_net_subnet_cidr" {
variable "ssh_private_key" {
type = string
- description = "SSH private key in base64, will be used by Terraform client to connect to the VM after provisioning"
+ description = "SSH private key in base64, will be used by Terraform client to connect to the Kubespray VM after provisioning. We can set its sensitivity to false; otherwise, the output of the Kubespray script will be hidden."
+ sensitive = false
}
variable "ssh_public_keys" {
type = string
description = "SSH public keys in base64"
+ sensitive = false
}
variable "vm_user" {
@@ -126,7 +128,7 @@ variable "vm_os_disk_storage" {
variable "add_worker_node_data_disk" {
type = bool
- description = "A boolean value that indicates whether to add a data disk to each worker node of the cluster"
+ description = "Whether to add a data disk to each worker node of the cluster"
default = false
}
@@ -145,7 +147,7 @@ variable "worker_node_data_disk_size" {
variable "vm_ubuntu_tmpl_name" {
type = string
description = "Name of Cloud-init template Ubuntu VM"
- default = "ubuntu-2204"
+ default = "ubuntu-2404"
}
variable "bastion_ssh_ip" {
@@ -183,19 +185,21 @@ variable "vm_k8s_worker" {
# Kubernetes settings
########################################################################
variable "create_kubespray_host" {
- type = bool
- default = true
+ type = bool
+ description = "Whether to provision the Kubespray as a VM"
+ default = true
}
variable "kubespray_image" {
- type = string
- default = "khanhphhub/kubespray:v2.22.0"
+ type = string
+ description = "The Docker image to deploy Kubespray"
+ default = "quay.io/kubespray/kubespray:v2.25.0"
}
variable "kube_version" {
type = string
description = "Kubernetes version"
- default = "v1.24.6"
+ default = "v1.29.5"
}
variable "kube_network_plugin" {
type = string
@@ -205,38 +209,38 @@ variable "kube_network_plugin" {
variable "enable_nodelocaldns" {
type = bool
- description = "A boolean value that indicates whether to enable nodelocal dns cache on your cluster"
+ description = "Whether to enable nodelocal dns cache on your cluster"
default = false
}
variable "podsecuritypolicy_enabled" {
type = bool
- description = "A boolean value that indicates whether to enable pod security policy on your cluster (RBAC must be enabled either by having 'RBAC' in authorization_modes or kubeadm enabled)"
+ description = "Whether to enable pod security policy on your cluster (RBAC must be enabled either by having 'RBAC' in authorization_modes or kubeadm enabled)"
default = false
}
variable "persistent_volumes_enabled" {
type = bool
- description = "A boolean value that indicates whether to add Persistent Volumes Storage Class for corresponding cloud provider (supported: in-tree OpenStack, Cinder CSI, AWS EBS CSI, Azure Disk CSI, GCP Persistent Disk CSI)"
+ description = "Whether to add Persistent Volumes Storage Class for corresponding cloud provider (supported: in-tree OpenStack, Cinder CSI, AWS EBS CSI, Azure Disk CSI, GCP Persistent Disk CSI)"
default = false
}
variable "helm_enabled" {
type = bool
- description = "A boolean value that indicates whether to enable Helm on your cluster"
+ description = "Whether to enable Helm on your cluster"
default = false
}
variable "ingress_nginx_enabled" {
type = bool
- description = "A boolean value that indicates whether to enable Nginx ingress on your cluster"
+ description = "Whether to enable Nginx ingress on your cluster"
default = false
}
variable "argocd_enabled" {
type = bool
- description = "A boolean value that indicates whether to enable ArgoCD on your cluster"
+ description = "Whether to enable ArgoCD on your cluster"
default = false
}
variable "argocd_version" {
type = string
description = "The ArgoCD version to be installed"
- default = "v2.4.12"
+ default = "v2.11.4"
}
diff --git a/vm-k8s-nodes.tf b/vm-k8s-nodes.tf
index 78a0fba..5cb98d9 100644
--- a/vm-k8s-nodes.tf
+++ b/vm-k8s-nodes.tf
@@ -16,7 +16,7 @@ module "k8s_control_plane_nodes" {
vm_net_subnet_cidr = var.internal_net_subnet_cidr
vm_host_number = 10
vm_user = var.vm_user
- vm_tags = "${var.env_name};terraform;k8s-control-plane"
+ vm_tags = "${var.env_name};terraform;k8s_control_plane"
ssh_public_keys = var.ssh_public_keys
use_legacy_naming_convention = var.use_legacy_naming_convention
}
@@ -39,7 +39,7 @@ module "k8s_worker_nodes" {
vm_net_subnet_cidr = var.internal_net_subnet_cidr
vm_host_number = 20
vm_user = var.vm_user
- vm_tags = "${var.env_name};terraform;k8s-worker"
+ vm_tags = "${var.env_name};terraform;k8s_worker"
ssh_public_keys = var.ssh_public_keys
add_worker_node_data_disk = var.add_worker_node_data_disk
worker_node_data_disk_storage = var.worker_node_data_disk_storage
diff --git a/vm-kubespray-host.tf b/vm-kubespray-host.tf
index 27fd333..c961dc7 100644
--- a/vm-kubespray-host.tf
+++ b/vm-kubespray-host.tf
@@ -80,7 +80,7 @@ resource "null_resource" "setup_kubespray" {
provisioner "remote-exec" {
inline = [
local.setup_kubespray_script_content,
- "echo ${var.ssh_private_key} | base64 -d > ${local.kubespray_data_dir}/id_rsa",
+ "echo \"${var.ssh_private_key}\" | base64 -d > ${local.kubespray_data_dir}/id_rsa",
<<-EOT
cat < ${local.kubespray_data_dir}/inventory.ini
${local.kubespray_inventory_content}