example for three hosts behind LB

README.md

@@ -14,4 +14,6 @@
 
 ## terraform templates
 
-`single-host/` contains play for a simple test VM
+`single-host/` contains templates for a simple test VM
+
+`three-web-hosts/`  contains templates for three webservers behind a load balancer

three-web-hosts/.terraform.lock.hcl

@@ -0,0 +1,24 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hetznercloud/hcloud" {
+  version     = "1.33.2"
+  constraints = "1.33.2"
+  hashes = [
+    "h1:3Hx8p9LbcnHfBhy3nT7+unlc5rwkiSZjLt9SVQOSpB8=",
+    "zh:0a5d0f332d7dfe77fa27301094af98a185aabfb9f56d71b81936e03211e4d66f",
+    "zh:0e047859ee7296f335881933ccf8ce8c07aa47bef56d5449a81b85a2d9dac93a",
+    "zh:1d3d0896f518df9e245c3207ed231e528f5dcfe628508e7c3ceba4a2bfefaa7a",
+    "zh:1d7a31c8c490512896ce327ab220e950f1a2e30ee83cc2e58e69bbbfbbb87e72",
+    "zh:67cbb2492683cb22f6c54f26bee72aec140c8dd2d0881b2815d2ef80959fc751",
+    "zh:771062815e662979204ac2dc91c34c893f27670d67e02370e48124483d3c9838",
+    "zh:957ebb146898cd059c0cc8b4c32e574b61041d8b6a11cd854b3cc1d3baaeb3a9",
+    "zh:95dbd8634000b979213cb97b5d869cad78299ac994d0665d150c8dafc1390429",
+    "zh:a21b22b2e9d835e1b8b3b7e0b41a4d199171d62e9e9be78c444c700e96b31316",
+    "zh:aead1ba50640a51f20d574374f2c6065d9bfa4eea5ef044d1475873c33e58239",
+    "zh:cefabd0a78af40ea5cd08e1ca436c753df9b1c6496eb27281b755a2de1f167ab",
+    "zh:d98cffc5206b9a7550a23e13031a6f53566bd1ed3bf65314bc55ef12404d49ce",
+    "zh:dddaaf95b6aba701153659feff12c7bce6acc78362cb5ff8321a1a1cbf780cd9",
+    "zh:fd662b483250326a1bfbe5684c22c5083955a43e0773347eea35cd4c2cfe700e",
+  ]
+}

three-web-hosts/README.md

@@ -0,0 +1,5 @@
+# Sets up three web servers behind a load balancer
+
+* Copy secret.auto.tfvars.example to secret.auto.tfvars
+* Set up your API key in secret.auto.tfvars
+* `terraform init` && `terraform plan` && `terraform apply`

three-web-hosts/firewall.tf

@@ -0,0 +1,33 @@
+resource "hcloud_firewall" "single-firewall" {
+  name = "single-firewall"
+  rule {
+    direction = "in"
+    protocol  = "icmp"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "22"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "80"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+}
+

three-web-hosts/loadbalancer.tf

@@ -0,0 +1,24 @@
+resource "hcloud_load_balancer" "three_web_load_balancer" {
+  name               = "three-web-load-balancer"
+  load_balancer_type = "lb11"
+  location           = var.location
+}
+
+resource "hcloud_load_balancer_network" "three_web_load_balancer_network" {
+  load_balancer_id = hcloud_load_balancer.three_web_load_balancer.id
+  subnet_id        = hcloud_network_subnet.three_web_private_subnet.id
+}
+
+resource "hcloud_load_balancer_target" "three_web_load_balancer_target" {
+  type             = "label_selector"
+  load_balancer_id = hcloud_load_balancer.three_web_load_balancer.id
+  label_selector   = "type=web"
+  use_private_ip   = true
+}
+
+resource "hcloud_load_balancer_service" "load_balancer_service" {
+    load_balancer_id = hcloud_load_balancer.three_web_load_balancer.id
+    protocol         = "http"
+    listen_port      = 80
+    destination_port = 80
+}

three-web-hosts/network.tf

@@ -0,0 +1,17 @@
+resource "hcloud_network" "three_web_private" {
+  name     = "three_web_private"
+  ip_range = var.ip_range
+}
+
+resource "hcloud_server_network" "three_web_network" {
+  count     = var.instance_count
+  server_id = hcloud_server.web-server[count.index].id
+  subnet_id = hcloud_network_subnet.three_web_private_subnet.id
+}
+
+resource "hcloud_network_subnet" "three_web_private_subnet" {
+  network_id   = hcloud_network.three_web_private.id
+  type         = "cloud"
+  network_zone = "eu-central"
+  ip_range     = var.ip_range
+}

three-web-hosts/output.tf

@@ -0,0 +1,20 @@
+output "lb_ip" {
+  description = "Load balancer IP address"
+  value = hcloud_load_balancer.three_web_load_balancer.ipv6
+}
+
+output "web_ips" {
+  description = "Test VM IP"
+  value = {
+    for server in hcloud_server.web-server :
+    server.name => server.ipv6_address
+  }
+}
+
+output "web_ipv4" {
+  description = "Test VM legacy IP"
+  value = {
+    for server in hcloud_server.web-server :
+    server.name => server.ipv4_address
+  }
+}

three-web-hosts/provider.tf

@@ -0,0 +1,3 @@
+provider "hcloud" {
+  token   = var.hcloud_token
+}

three-web-hosts/secret.auto.tfvars.example

@@ -0,0 +1 @@
+hcloud_token = "tokitoki"

three-web-hosts/server.tf

@@ -0,0 +1,14 @@
+resource "hcloud_server" "web-server" {
+  count       = var.instance_count
+  name        = "web-server-${count.index}"
+  image       = var.os_type
+  server_type = var.server_type
+  location    = var.location
+  labels      = {
+    type = "web"
+  }
+  ssh_keys    = [hcloud_ssh_key.default.id]
+  user_data   = templatefile("user-data.yaml.tpl",
+    {ssh_pubkey = file("../ssh-terraform-hetzner.pub")})
+  firewall_ids = [hcloud_firewall.single-firewall.id]
+}

three-web-hosts/ssh.tf

@@ -0,0 +1,4 @@
+resource "hcloud_ssh_key" "default" {
+  name       = "terraform"
+  public_key = file("../ssh-terraform-hetzner.pub")
+}

three-web-hosts/terraform.tf

@@ -0,0 +1,10 @@
+terraform {
+  required_providers {
+    hcloud = {
+      source  = "hetznercloud/hcloud"
+      version = "1.33.2"
+    }
+  }
+
+  required_version = ">= 1.1"
+}

three-web-hosts/user-data.yaml.tpl

@@ -0,0 +1,18 @@
+#cloud-config
+users:
+  - name: "ansible"
+    groups: ["sudo"]
+    sudo: "ALL=(ALL) NOPASSWD:ALL"
+    shell: "/bin/bash"
+    ssh_authorized_keys:
+      - "${ssh_pubkey}"
+
+packages:
+  - nginx
+
+package_update: true
+package_upgrade: true
+
+runcmd:
+  - systemctl enable --now nginx
+  - echo "<h1>terraformed</h1>\nthis is $(hostname)" > /var/www/html/index.html

three-web-hosts/variables.tf

@@ -0,0 +1,24 @@
+variable "hcloud_token" {
+  sensitive = true
+  # default = <defined in secret.auto.tfvars>
+}
+
+variable "location" {
+  default = "nbg1"
+}
+
+variable "server_type" {
+  default = "cx11"
+}
+
+variable "os_type" {
+  default = "debian-11"
+}
+
+variable "instance_count" {
+  default = 3
+}
+
+variable "ip_range" {
+  default = "10.0.30.0/24"
+}