variable "vsphere_user" {
  description = "vSphere username with permissions to deploy K3s master VMs"
  type        = string
  sensitive   = true
}

variable "vsphere_password" {
  description = "vSphere password stored in CI secrets manager"
  type        = string
  sensitive   = true
}

variable "vsphere_server" {
  description = "vCenter endpoint (FQDN or IP)"
  type        = string
}

variable "datacenter" {
  description = "Target vSphere datacenter name"
  type        = string
}

variable "cluster" {
  description = "Target vSphere compute cluster"
  type        = string
}

variable "resource_pool" {
  description = "Resource pool for the K3s master instances"
  type        = string
  default     = ""
}

variable "datastore" {
  description = "Primary datastore to host the VM disks"
  type        = string
}

variable "template" {
  description = "Hardened golden image used to clone K3s masters"
  type        = string
}

variable "network" {
  description = "Primary portgroup the masters attach to"
  type        = string
}

variable "vm_count" {
  description = "Number of K3s control-plane VMs to provision"
  type        = number
  default     = 3
}

variable "vm_cpu" {
  description = "vCPU count per K3s control-plane VM"
  type        = number
  default     = 4
}

variable "vm_memory_mb" {
  description = "Memory in MB per control-plane VM"
  type        = number
  default     = 8192
}

variable "tags" {
  description = "Map of tags applied to all created resources"
  type        = map(string)
  default     = {}
}

# Sensitive values are marked and must flow through secrets management, never plain text.