diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..8d378ee
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,3 @@
+# This is a comment
+# Specify files or directories followed by the owner
+* @khanh-ph
diff --git a/README.md b/README.md
index 9b6f912..c339983 100644
--- a/README.md
+++ b/README.md
@@ -55,53 +55,51 @@ Follow these steps to use the project:
The project provides several Terraform variables that allow you to customize the cluster to suit your needs. Please see the following:
-
### Inputs
-| Name | Description | Type | Default | Required |
-| --------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | :------: |
-| env\_name | The stage of the development lifecycle for the k8s cluster. Example:`prod`, `dev`, `qa`, `stage`, `test` | `string` | `"test"` | no |
-| location | The city or region where the cluster is provisioned | `string` | `null` | no |
-| cluster\_number | The instance count for the k8s cluster, to differentiate it from other clusters. Example:`00`, `01` | `string` | `"01"` | no |
-| cluster\_domain | The cluster domain name | `string` | `"local"` | no |
-| use\_legacy\_naming\_convention | Whether to use legacy naming convention for the VM and cluster name. If your cluster was provisioned using version <= 3.x, set it to `true` | `bool` | `false` | no |
-| pm\_api\_url | The base URL for Proxmox VE API. See https://pve.proxmox.com/wiki/Proxmox_VE_API#API_URL | `string` | n/a | yes |
-| pm\_api\_token\_id | The token ID to access Proxmox VE API. | `string` | n/a | yes |
-| pm\_api\_token\_secret | The UUID/secret of the token defined in the variable `pm_api_token_id`. | `string` | n/a | yes |
-| pm\_tls\_insecure | Disable TLS verification while connecting to the Proxmox VE API server. | `bool` | n/a | yes |
-| pm\_host | The name of Proxmox node where the VM is placed. | `string` | n/a | yes |
-| pm\_parallel | The number of simultaneous Proxmox processes. E.g: creating resources. | `number` | `2` | no |
-| pm\_timeout | Timeout value (seconds) for proxmox API calls. | `number` | `600` | no |
-| internal\_net\_name | Name of the internal network bridge | `string` | `"vmbr1"` | no |
-| internal\_net\_subnet\_cidr | CIDR of the internal network | `string` | `"10.0.1.0/24"` | no |
-| ssh\_private\_key | SSH private key in base64, will be used by Terraform client to connect to the VM after provisioning | `string` | n/a | yes |
-| ssh\_public\_keys | SSH public keys in base64 | `string` | n/a | yes |
-| vm\_user | The default user for all VMs | `string` | `"ubuntu"` | no |
-| vm\_sockets | Number of the CPU socket to allocate to the VMs | `number` | `1` | no |
-| vm\_max\_vcpus | The maximum CPU cores available per CPU socket to allocate to the VM | `number` | `2` | no |
-| vm\_cpu\_type | The type of CPU to emulate in the Guest | `string` | `"host"` | no |
-| vm\_os\_disk\_storage | Default storage pool where OS VM disk is placed | `string` | n/a | yes |
-| add\_worker\_node\_data\_disk | Whether to add a data disk to each worker node of the cluster | `bool` | `false` | no |
-| worker\_node\_data\_disk\_storage | The storage pool where the data disk is placed | `string` | `""` | no |
-| worker\_node\_data\_disk\_size | The size of worker node data disk in Gigabyte | `string` | `10` | no |
-| vm\_ubuntu\_tmpl\_name | Name of Cloud-init template Ubuntu VM | `string` | `"ubuntu-2404"` | no |
-| bastion\_ssh\_ip | IP of the bastion host, could be either public IP or local network IP of the bastion host | `string` | `""` | no |
-| bastion\_ssh\_user | The user to authenticate to the bastion host | `string` | `"ubuntu"` | no |
-| bastion\_ssh\_port | The SSH port number on the bastion host | `number` | `22` | no |
-| vm\_k8s\_control\_plane | Control Plane VM specification | `object({ node_count = number, vcpus = number, memory = number, disk_size = number })` | ``{`
` "disk_size": 20,`
` "memory":2048,`
` "node_count": 1,`
` "vcpus": 2 `
`}`` | no |
-| vm\_k8s\_worker | Worker VM specification | `object({ node_count = number, vcpus = number, memory = number, disk_size = number })` | ``{`
` "disk_size": 20,`
` "memory":3072,`
` "node_count": 3,`
` "vcpus": 2 `
`}`` | no |
-| create\_kubespray\_host | Whether to provision the Kubespray as a VM | `bool` | `true` | no |
-| kubespray\_image | The Docker image to deploy Kubespray | `string` | `"quay.io/kubespray/kubespray:v2.25.0"` | no |
-| kube\_version | Kubernetes version | `string` | `"v1.29.5"` | no |
-| kube\_network\_plugin | The network plugin to be installed on your cluster. Example:`cilium`, `calico`, `kube-ovn`, `weave` or `flannel` | `string` | `"calico"` | no |
-| enable\_nodelocaldns | Whether to enable nodelocal dns cache on your cluster | `bool` | `false` | no |
-| podsecuritypolicy\_enabled | Whether to enable pod security policy on your cluster (RBAC must be enabled either by having 'RBAC' in authorization\_modes or kubeadm enabled) | `bool` | `false` | no |
-| persistent\_volumes\_enabled | Whether to add Persistent Volumes Storage Class for corresponding cloud provider (supported: in-tree OpenStack, Cinder CSI, AWS EBS CSI, Azure Disk CSI, GCP Persistent Disk CSI) | `bool` | `false` | no |
-| helm\_enabled | Whether to enable Helm on your cluster | `bool` | `false` | no |
-| ingress\_nginx\_enabled | Whether to enable Nginx ingress on your cluster | `bool` | `false` | no |
-| argocd\_enabled | Whether to enable ArgoCD on your cluster | `bool` | `false` | no |
-| argocd\_version | The ArgoCD version to be installed | `string` | `"v2.11.4"` | no |
-
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| env\_name | The stage of the development lifecycle for the k8s cluster. Example: `prod`, `dev`, `qa`, `stage`, `test` | `string` | `"test"` | no |
+| location | The city or region where the cluster is provisioned | `string` | `null` | no |
+| cluster\_number | The instance count for the k8s cluster, to differentiate it from other clusters. Example: `00`, `01` | `string` | `"01"` | no |
+| cluster\_domain | The cluster domain name | `string` | `"local"` | no |
+| use\_legacy\_naming\_convention | Whether to use legacy naming convention for the VM and cluster name. If your cluster was provisioned using version <= 3.x, set it to `true` | `bool` | `false` | no |
+| pm\_api\_url | The base URL for Proxmox VE API. See https://pve.proxmox.com/wiki/Proxmox_VE_API#API_URL | `string` | n/a | yes |
+| pm\_api\_token\_id | The token ID to access Proxmox VE API. | `string` | n/a | yes |
+| pm\_api\_token\_secret | The UUID/secret of the token defined in the variable `pm_api_token_id`. | `string` | n/a | yes |
+| pm\_tls\_insecure | Disable TLS verification while connecting to the Proxmox VE API server. | `bool` | n/a | yes |
+| pm\_host | The name of Proxmox node where the VM is placed. | `string` | n/a | yes |
+| pm\_parallel | The number of simultaneous Proxmox processes. E.g: creating resources. | `number` | `2` | no |
+| pm\_timeout | Timeout value (seconds) for proxmox API calls. | `number` | `600` | no |
+| internal\_net\_name | Name of the internal network bridge | `string` | `"vmbr1"` | no |
+| internal\_net\_subnet\_cidr | CIDR of the internal network | `string` | `"10.0.1.0/24"` | no |
+| ssh\_private\_key | SSH private key in base64, will be used by Terraform client to connect to the Kubespray VM after provisioning. We can set its sensitivity to false; otherwise, the output of the Kubespray script will be hidden. | `string` | n/a | yes |
+| ssh\_public\_keys | SSH public keys in base64 | `string` | n/a | yes |
+| vm\_user | The default user for all VMs | `string` | `"ubuntu"` | no |
+| vm\_sockets | Number of the CPU socket to allocate to the VMs | `number` | `1` | no |
+| vm\_max\_vcpus | The maximum CPU cores available per CPU socket to allocate to the VM | `number` | `2` | no |
+| vm\_cpu\_type | The type of CPU to emulate in the Guest | `string` | `"host"` | no |
+| vm\_os\_disk\_storage | Default storage pool where OS VM disk is placed | `string` | n/a | yes |
+| add\_worker\_node\_data\_disk | Whether to add a data disk to each worker node of the cluster | `bool` | `false` | no |
+| worker\_node\_data\_disk\_storage | The storage pool where the data disk is placed | `string` | `""` | no |
+| worker\_node\_data\_disk\_size | The size of worker node data disk in Gigabyte | `string` | `10` | no |
+| vm\_ubuntu\_tmpl\_name | Name of Cloud-init template Ubuntu VM | `string` | `"ubuntu-2404"` | no |
+| bastion\_ssh\_ip | IP of the bastion host, could be either public IP or local network IP of the bastion host | `string` | `""` | no |
+| bastion\_ssh\_user | The user to authenticate to the bastion host | `string` | `"ubuntu"` | no |
+| bastion\_ssh\_port | The SSH port number on the bastion host | `number` | `22` | no |
+| vm\_k8s\_control\_plane | Control Plane VM specification | `object({ node_count = number, vcpus = number, memory = number, disk_size = number })` | {
"disk_size": 20,
"memory": 1536,
"node_count": 1,
"vcpus": 2
} | no |
+| vm\_k8s\_worker | Worker VM specification | `object({ node_count = number, vcpus = number, memory = number, disk_size = number })` | {
"disk_size": 20,
"memory": 2048,
"node_count": 2,
"vcpus": 2
} | no |
+| create\_kubespray\_host | Whether to provision the Kubespray as a VM | `bool` | `true` | no |
+| kubespray\_image | The Docker image to deploy Kubespray | `string` | `"quay.io/kubespray/kubespray:v2.25.0"` | no |
+| kube\_version | Kubernetes version | `string` | `"v1.29.5"` | no |
+| kube\_network\_plugin | The network plugin to be installed on your cluster. Example: `cilium`, `calico`, `kube-ovn`, `weave` or `flannel` | `string` | `"calico"` | no |
+| enable\_nodelocaldns | Whether to enable nodelocal dns cache on your cluster | `bool` | `false` | no |
+| podsecuritypolicy\_enabled | Whether to enable pod security policy on your cluster (RBAC must be enabled either by having 'RBAC' in authorization\_modes or kubeadm enabled) | `bool` | `false` | no |
+| persistent\_volumes\_enabled | Whether to add Persistent Volumes Storage Class for corresponding cloud provider (supported: in-tree OpenStack, Cinder CSI, AWS EBS CSI, Azure Disk CSI, GCP Persistent Disk CSI) | `bool` | `false` | no |
+| helm\_enabled | Whether to enable Helm on your cluster | `bool` | `false` | no |
+| ingress\_nginx\_enabled | Whether to enable Nginx ingress on your cluster | `bool` | `false` | no |
+| argocd\_enabled | Whether to enable ArgoCD on your cluster | `bool` | `false` | no |
+| argocd\_version | The ArgoCD version to be installed | `string` | `"v2.11.4"` | no |
## Blog posts
diff --git a/example.tfvars b/example.tfvars
index d40c3f1..6593e6a 100644
--- a/example.tfvars
+++ b/example.tfvars
@@ -11,7 +11,7 @@ use_legacy_naming_convention = false
# Proxmox VE
########################################################################
# Proxmox VE API details and VM hosting configuration
-# API token guide: https://registry.terraform.io/providers/Telmate/proxmox/2.9.14/docs
+# API token guide: https://registry.terraform.io/providers/Telmate/proxmox/latest/docs
pm_api_url = "https://your-proxmox-url/api"
pm_api_token_id = "your-api-token-id"
pm_api_token_secret = "your-api-token-secret"
diff --git a/modules/proxmox_ubuntu_vm/.terraform.lock.hcl b/modules/proxmox_ubuntu_vm/.terraform.lock.hcl
new file mode 100644
index 0000000..dccb359
--- /dev/null
+++ b/modules/proxmox_ubuntu_vm/.terraform.lock.hcl
@@ -0,0 +1,24 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/telmate/proxmox" {
+ version = "3.0.1-rc3"
+ constraints = "3.0.1-rc3"
+ hashes = [
+ "h1:T4bbKkNL+iIAcGrtVv0CUnTkrBkHclX9Vc/e+t+o1l4=",
+ "zh:3699c41289c6fbe0f33b6c54360d43dcfba429de5fbf49506df9276d03aea915",
+ "zh:486c9ddda427d3fecdc6dfa189fce85c4a2aa1f490b024d636c0ac6a4dd3c692",
+ "zh:6091e141a0b8dcb1632c31e0f9555117bb023176c5d083f0e03441bbcf673a4e",
+ "zh:63d312c2c2994ed39dcb47b4d43c89990bd5fff20dbda63cddfb11c9202270f4",
+ "zh:6e69c70a85cfa720f543090ee3ce7d2eb2902df19657121b8b7ae64d44875d9f",
+ "zh:897b9f6075262fc9533f87d470217b14ae82614c6818a26b578a6d41c403d4eb",
+ "zh:91c24bd374fb8ee0c9e4e1c213d157139c047be78b0cafac3c4c9724db8083b0",
+ "zh:a224b58759314dc045fdbfc88b63b036b8ca6f75ad32606e94b553f150077c13",
+ "zh:a56e940c71b45e222c69a2a45388b58ed319836b922f84f62bded5b063662f4a",
+ "zh:b2e0a83aa535cd3493fbc7485d05d1a823c48bf487e313703f01a17edc631908",
+ "zh:ba0ad4fea8ba3b01c67fb164ed92fa927ac70d2d898378d192a01e818fcf6bee",
+ "zh:c49ebe13e7011d35d72e8e6a720df83f21c106444ef4383c5d6c0015aee55db6",
+ "zh:c53e2775040e103aedcce06b9acb79ca5fccdb4c578a4b6e32489c89e9c652dc",
+ "zh:c9002cc470ccfd8cd298d5655cf76af84b1d8a200207973d9ad80235818e89e3",
+ ]
+}
diff --git a/modules/proxmox_ubuntu_vm/main.tf b/modules/proxmox_ubuntu_vm/main.tf
index c1b25ae..275e601 100644
--- a/modules/proxmox_ubuntu_vm/main.tf
+++ b/modules/proxmox_ubuntu_vm/main.tf
@@ -34,12 +34,12 @@ resource "proxmox_vm_qemu" "ubuntu_vm" {
disks {
virtio {
virtio0 {
- disk {
- size = "${var.vm_os_disk_size_gb}G"
- storage = var.vm_os_disk_storage
- iothread = true
- }
+ disk {
+ size = "${var.vm_os_disk_size_gb}G"
+ storage = var.vm_os_disk_storage
+ iothread = true
}
+ }
dynamic "virtio1" {
for_each = var.add_worker_node_data_disk ? [var.worker_node_data_disk_size] : []
diff --git a/variables.tf b/variables.tf
index e11f913..4c3e02f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -87,14 +87,14 @@ variable "internal_net_subnet_cidr" {
variable "ssh_private_key" {
type = string
- description = "SSH private key in base64, will be used by Terraform client to connect to the VM after provisioning"
- sensitive = false
+ description = "SSH private key in base64, will be used by Terraform client to connect to the Kubespray VM after provisioning. We can set its sensitivity to false; otherwise, the output of the Kubespray script will be hidden."
+ sensitive = false
}
variable "ssh_public_keys" {
type = string
description = "SSH public keys in base64"
- sensitive = false
+ sensitive = false
}
variable "vm_user" {
@@ -193,7 +193,7 @@ variable "create_kubespray_host" {
variable "kubespray_image" {
type = string
description = "The Docker image to deploy Kubespray"
- default = "quay.io/kubespray/kubespray:v2.25.0"
+ default = "quay.io/kubespray/kubespray:v2.25.0"
}
variable "kube_version" {