Migrate to Hetzner cloud

terraform/config.tf

@@ -14,6 +14,10 @@ terraform {
   }
 }
 
-provider "scaleway" {
-  region = var.region
+provider "hcloud" {
+}
+
+resource "hcloud_ssh_key" "desktop" {
+  name = "Desktop"
+  public_key = "${file("ssh_keys/desktop.pub")}"
 }

terraform/instances.tf

@@ -1,27 +1,41 @@
-data "scaleway_image" "ubuntu" {
-  architecture = var.architecture
-  name         = var.image
+resource "hcloud_server" "node" {
+  count       = var.node_server_count
+  name        = "node${count.index + 1}"
+  image       = "ubuntu-18.04"
+  server_type = var.node_server_type
+  ssh_keys    = [hcloud_ssh_key.desktop.id]
+  keep_disk   = true
+
+  labels = {
+    environment = local.environment
+    type        = "node"
+  }
 }
 
-resource "scaleway_server" "node" {
-  count               = var.node_instance_count
-  name                = "node${count.index + 1}"
-  image               = data.scaleway_image.ubuntu.id
-  type                = var.node_instance_type
-  state               = "running"
-  dynamic_ip_required = true
-  tags                = ["${local.environment}-node"]
+resource "hcloud_server_network" "node_network" {
+  count      = var.node_server_count
+  server_id  = "${hcloud_server.node[count.index].id}"
+  network_id = "${hcloud_network.private_network.id}"
+  ip         = "192.168.2.${count.index + 1}"
 }
 
-resource "scaleway_server" "master" {
-  count               = var.master_instance_count
-  name                = "master${count.index + 1}"
-  image               = data.scaleway_image.ubuntu.id
-  type                = var.master_instance_type
-  state               = "running"
-  dynamic_ip_required = true
-  tags = [
-    "${local.environment}-master",
-    "${local.environment}-etcd",
-  ]
+resource "hcloud_server" "master" {
+  count       = var.master_server_count
+  name        = "master${count.index + 1}"
+  image       = "ubuntu-18.04"
+  server_type = var.master_server_type
+  ssh_keys    = [hcloud_ssh_key.desktop.id]
+  keep_disk   = true
+
+  labels = {
+    environment = local.environment
+    type        = "master"
+  }
+}
+
+resource "hcloud_server_network" "master_network" {
+  count      = var.master_server_count
+  server_id  = "${hcloud_server.master[count.index].id}"
+  network_id = "${hcloud_network.private_network.id}"
+  ip         = "192.168.1.${count.index + 1}"
 }

terraform/lb.tf

@@ -1,22 +0,0 @@
-resource "null_resource" "load_balancer" {
-  provisioner "local-exec" {
-    command = "./scripts/create_lb.sh lb-k8s-${local.environment} ${var.lb_ip}"
-  }
-
-  provisioner "local-exec" {
-    when    = "destroy"
-    command = "./scripts/delete_lb.sh ${var.lb_ip}"
-  }
-}
-
-resource "null_resource" "update_load_balancer_rules" {
-  triggers = {
-    node_instance_ids = "${join(",", scaleway_server.node.*.private_ip)}"
-  }
-
-  provisioner "local-exec" {
-    command = "./scripts/update_lb_rules.sh ${var.lb_ip} '${jsonencode(scaleway_server.node.*.private_ip)}'"
-  }
-
-  depends_on = [null_resource.load_balancer]
-}

terraform/network.tf

@@ -0,0 +1,22 @@
+resource "hcloud_network" "private_network" {
+  name     = "private_network"
+  ip_range = "192.168.0.0/16"
+
+  labels = {
+    environment = local.environment
+  }
+}
+
+resource "hcloud_network_subnet" "master_network" {
+  network_id   = "${hcloud_network.private_network.id}"
+  type         = "server"
+  network_zone = "eu-central"
+  ip_range     = "192.168.1.0/24"
+}
+
+resource "hcloud_network_subnet" "node_network" {
+  network_id   = "${hcloud_network.private_network.id}"
+  type         = "server"
+  network_zone = "eu-central"
+  ip_range     = "192.168.2.0/24"
+}

terraform/outputs.tf

@@ -1,11 +1,8 @@
-output "loadbalancer_ip" {
-  value = var.lb_ip
+output "master_public_ips" {
+  value = [hcloud_server.master.*.ipv4_address]
 }
 
 output "node_public_ips" {
-  value = [scaleway_server.node.*.public_ip]
+  value = [hcloud_server.node.*.ipv4_address]
 }
 
-output "master_public_ips" {
-  value = [scaleway_server.master.*.public_ip]
-}

terraform/scripts/create_lb.sh

@@ -1,16 +0,0 @@
-#!/bin/bash
-
-set -e
-set -x
-
-export TOKEN=`jq '.token' -r ~/.scwrc`
-REGION="fr-par"
-ORGANIZATION_ID=`jq '.organization' -r ~/.scwrc`
-
-LB_NAME=$1
-LB_IP=$2
-
-IP_ID=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/ips" X-Auth-Token:$TOKEN | jq -r ".ips[] | select(.ip_address == \"$LB_IP\") | .id")
-echo "IP_ID: $IP_ID"
-
-http POST "https://api.scaleway.com/lb/v1/regions/$REGION/lbs" X-Auth-Token:$TOKEN name=$LB_NAME organization_id=$ORGANIZATION_ID ip_id=$IP_ID --ignore-stdin | jq -r '.id'

terraform/scripts/delete_lb.sh

@@ -1,17 +0,0 @@
-#!/bin/bash
-
-set -e
-set -x
-
-export TOKEN=`jq '.token' -r ~/.scwrc`
-REGION="fr-par"
-ORGANIZATION_ID=`jq '.organization' -r ~/.scwrc`
-
-LB_IP=$1
-
-IP_ID=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/ips" X-Auth-Token:$TOKEN | jq -r ".ips[] | select(.ip_address == \"$LB_IP\") | .id")
-echo "IP_ID: $IP_ID"
-
-LB_ID=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/lbs" X-Auth-Token:$TOKEN | jq -r ".lbs[] | select(.ip[0].id == \"$IP_ID\") | .id")
-
-http DELETE "https://api.scaleway.com/lb/v1/regions/$REGION/lbs/$LB_ID" X-Auth-Token:$TOKEN

terraform/scripts/update_lb_rules.sh

@@ -1,48 +0,0 @@
-#!/bin/bash
-
-set -e
-set -x
-
-export TOKEN=`jq '.token' -r ~/.scwrc`
-REGION="fr-par"
-ORGANIZATION_ID=`jq '.organization' -r ~/.scwrc`
-
-LB_IP=$1
-LB_TARGET_IPS=$2
-
-function create_rules() {
-    LB_ID=$1
-    declare -A RULES
-    RULES[http]=80
-    RULES[https]=443
-
-    for PROTOCOL in "${!RULES[@]}"; do
-        PORT=${RULES[$PROTOCOL]}
-        BACKEND_ID=$(http POST "https://api.scaleway.com/lb/v1/regions/$REGION/lbs/$LB_ID/backends" X-Auth-Token:$TOKEN name=lbb-$PROTOCOL forward_protocol=tcp forward_port=$PORT forward_port_algorithm=roundrobin sticky_sessions=none health_check:="{\"http_config\":{\"uri\":\"/\",\"method\":\"GET\",\"code\":404},\"check_delay\":1001,\"check_max_retries\":3,\"check_timeout\":3000,\"port\":$PORT}" server_ip:=$LB_TARGET_IPS --ignore-stdin | jq -r '.id')
-        http POST "https://api.scaleway.com/lb/v1/regions/$REGION/lbs/$LB_ID/frontends" X-Auth-Token:$TOKEN backend_id=$BACKEND_ID inbound_port=$PORT name=lbf-$PROTOCOL --ignore-stdin
-    done
-}
-
-function update_rules() {
-    LB_ID=$1
-    BACKENDS_IDS$2
-
-    for BACKEND_ID in $BACKENDS_IDS
-    do
-        http PUT "https://api.scaleway.com/lb/v1/regions/$REGION/backends/$BACKEND_ID/servers" X-Auth-Token:$TOKEN server_ip:="$LB_TARGET_IPS" --ignore-stdin
-    done
-}
-
-IP_ID=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/ips" X-Auth-Token:$TOKEN | jq -r ".ips[] | select(.ip_address == \"$LB_IP\") | .id")
-echo "IP_ID: $IP_ID"
-
-LB_ID=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/lbs" X-Auth-Token:$TOKEN | jq -r ".lbs[] | select(.ip[0].id == \"$IP_ID\") | .id")
-
-BACKENDS_IDS=$(http GET "https://api.scaleway.com/lb/v1/regions/$REGION/lbs/$LB_ID/backends" X-Auth-Token:$TOKEN | jq -r ".backends[] | .id")
-
-if [ -n "$BACKENDS_IDS" ]
-then
-    update_rules $LB_ID $BACKENDS_IDS
-else
-    create_rules $LB_ID
-fi

terraform/security.tf

@@ -0,0 +1,39 @@
+# resource "scaleway_security_group" "k8s-sg" {
+#   name                    = "Kubernetes"
+#   description             = "Kubernetes cluster nodes security group"
+#   enable_default_security = true
+#   stateful                = true
+#   inbound_default_policy  = "drop"
+#   outbound_default_policy = "accept"
+# }
+
+
+# resource "scaleway_security_group_rule" "k8s-sg-rule-ssh" {
+#   security_group = "${scaleway_security_group.k8s-sg.id}"
+
+#   action    = "accept"
+#   direction = "inbound"
+#   ip_range  = "0.0.0.0/0"
+#   protocol  = "TCP"
+#   port      = 22
+# }
+
+# resource "scaleway_security_group_rule" "k8s-sg-rule-http" {
+#   security_group = "${scaleway_security_group.k8s-sg.id}"
+
+#   action    = "accept"
+#   direction = "inbound"
+#   ip_range  = "0.0.0.0/0"
+#   protocol  = "TCP"
+#   port      = 80
+# }
+
+# resource "scaleway_security_group_rule" "k8s-sg-rule-https" {
+#   security_group = "${scaleway_security_group.k8s-sg.id}"
+
+#   action    = "accept"
+#   direction = "inbound"
+#   ip_range  = "0.0.0.0/0"
+#   protocol  = "TCP"
+#   port      = 443
+# }

terraform/ssh_keys/desktop.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMPhCld0dsDzpdkMvPRdiwd6IX8HF8Mb2V6uQzBl8/syeny8FbZxlZR8gk39RGxNYcLaZ+nA50DS6mOIplXCGdtozfw0Vm+FdITN3apMufWIdobG7Igs1vxKBBbkAb5lwxkEFUCUMzPdCLFHd5zabVH0WE42Be8+hYPLd5W/ikPCOgxRaGwryHHroxRMdkD3PcNE8upSEMdGl51pzgXhO6Fcig8UokOYHxV92SiQ0KEsCbc+oe8e9Gkr7g78tz+6YcTYLY2p2ygR7Vrh/WyTaUVnrNNqL8NIqp+Lc2kVtnqGXHFBJ0Wggaly+AeKWygy+dnOMEGSirhQ6/dUcB/Phz phfroidmont@archdesktop-2017-07-31

terraform/variables.tf

@@ -1,31 +1,20 @@
 variable "region" {
-  default = "par1"
+  default = "ams1"
 }
 
-variable "architecture" {
-  default = "x86_64"
+variable "master_server_type" {
+  default = "cx11"
 }
 
-variable "image" {
-  default = "Ubuntu Bionic"
-}
-
-variable "master_instance_type" {
-  default = "DEV1-S"
-}
-
-variable "master_instance_count" {
+variable "master_server_count" {
   default = 1
 }
 
-variable "node_instance_type" {
-  default = "DEV1-S"
+variable "node_server_type" {
+  default = "cx21"
 }
 
-variable "node_instance_count" {
-  default = 2
+variable "node_server_count" {
+  default = 3
 }
 
-variable "lb_ip" {
-  default = "51.159.26.139"
-}

terraform/versions.tf

@@ -1,4 +0,0 @@
-
-terraform {
-  required_version = ">= 0.12"
-}