iac/k3s-master
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
docs/ch-readme
k3s-master/terraform/README.md
doudou 85772b9168
Some checks failed
terraform-plan / plan (push) Has been cancelled
Details
chore: initialize k3s master iac skeleton
2025-11-07 15:23:27 +08:00

1.4 KiB
Raw Permalink Blame History

Terraform K3s Master Scaffold

Purpose

This module provisions K3s control-plane virtual machines on vSphere. It only includes the provider bootstrap today; VM resources and data sources are added in future iterations.

Required Inputs

Variable Description
vsphere_user / vsphere_password Service account stored in CI secrets (never commit plaintext).
vsphere_server vCenter hostname or IP.
datacenter, cluster, resource_pool Target placement scope.
datastore Datastore or datastore cluster for disks.
template Hardened golden image for K3s masters.
network Portgroup for primary NIC.
vm_count, vm_cpu, vm_memory_mb Control-plane sizing knobs.
tags Optional key/value metadata for governance.

Security Notes

  • Inject credentials via Terraform Cloud/Enterprise variables, Vault, or Gitea Actions secrets.
  • Rotate the vSphere service account per security policy; constrain RBAC to cloning and tagging only.
  • Validate SSL certificates where possible; set allow_unverified_ssl only for lab use.
  • Store generated Terraform state in a remote backend with encryption-at-rest (e.g., Consul, S3 compatible).

Next Steps

  1. Wire vSphere data sources (datacenter, datastore, network).
  2. Define vsphere_virtual_machine resources aligned with K3s sizing guidance.
  3. Emit provisioning outputs consumed by Ansible inventory generation.