Bootstrap a cluster with Terraform¶
Customization¶
- Add terraform files to
.gitignore
```sh cat << EOF >> .gitignore .terraform/ .tfstate .lock.hcl .zip *.ova .env .envrc
modules/terraform-vsphere/ archive/
main.tf govcvars.sh EOF ```
-
Review
./main.tf.template
and module examples and customize configuration as needed. Remember that we'll substitute secret environmental variables in. -
Update
.envrc
with secrets
```sh # these variables should be known from VCSA installation cat << EOF >> .envrc # vars for govc export GOVC_URL="vsphere-ip-or-hostname" export GOVC_USERNAME="administrator@example.com" export GOVC_PASSWORD="changeme" export GOVC_DATACENTER=Homelab export GOVC_INSECURE=true
# vars for 'main.tf' export TF_VAR_VSPHERE_USER="administrator@example.com" export TF_VAR_VSPHERE_USER_PASS="changeme" export TF_VAR_VSPHERE_SERVER="vcenter.example.com" export TF_VAR_VSPHERE_DC="" export TF_VAR_VSPHERE_VMRP="Cluster/Resources/poolname" export TF_VAR_VSPHERE_VMFOLDER="folderna e" export TF_VAR_VSPHERE_DATASTORE="datastore/dsname" export TF_VAR_VSPHERE_VMTEMPLATE="ubuntu_2004-k8s-nodhcp" export TF_VAR_VSPHERE_PORTGROUP="DPortGrp-name" export TF_VAR_DNS='["10.42.42.1", "10.42.42.2"]' export TF_VAR_DOMAIN="example.com" export TF_VAR_GATEWAY="10.42.42.1"
export TF_VAR_CTRL_IPs='["10.42.42.10", "10.42.42.11", "10.42.42.12"]' export TF_VAR_WORK_IPs='["10.42.42.30", "10.42.42.31", "10.42.42.32"]' export TF_VAR_KUBE_VIP="10.42.42.42"
export TF_VAR_NODE_USER="username" export TF_VAR_NODE_PASS="changeme" export TF_VAR_SSH_ID="ssh-rsa IamANsshKey12345== administrator@example.com
export TF_VAR_ANSIBLE_HOSTS_FILE="./ansible/inventory/cluster/host.ini" export TF_VAR_ANSIBLE_PLAYBOOK_DIR="./ansible/playbooks" export TF_VAR_KUBECONFIG=$(expand_path ./kubeconfig)
EOF ```
-
Update
main.tf.template
template file with non-secret info (machine specs, IP addresses. etc) -
Source environmental variables
```zsh # reload all env variables direnv allow .
```
Bootstrap¶
Run terraform commands
terraform init
terraform plan
terraform apply # -auto-approve
Terraform will
- Provision VMs on vSphere
- Create a hosts.ini file based on inventory.tmpl which is then used by Ansible
Update¶
NOTE: Terraform expects it will be used to manage all infrastructure changes. To update currently 'managed' deployment:
- Run
terraform plan
against the updatedmain.tf
file.plan
will warn if the change will require destroying/reprovisioning a replacement host - Run
terraform apply
to execute
Destroy¶
To tear down terraform-managed infra, run:
terraform destroy # -auto-approve