docs: add OpenStack example

Author: tensor5

README.md

@@ -2,4 +2,4 @@
 
 This is a [Terraform](https://www.terraform.io) provider for [Talos](https://www.talos.dev), a minimal and modern OS for running Kubernetes clusters. It helps to bootstrap a Talos based Kubernetes cluster, and returns the `kubeconfig` data that can be used with the [Kubernetes](https://registry.terraform.io/providers/hashicorp/kubernetes/latest) and [Helm](https://registry.terraform.io/providers/hashicorp/helm/latest) providers.
 
-The `examples/digitalocean` folder contains instructions on how to deploy a Talos cluster on [DigitalOcean](https://www.digitalocean.com), and can be used as a starting point to write configurations for other cloud providers.
+The `examples` folder contains working Terraform configurations to deploy Talos clusters on [DigitalOcean](https://www.digitalocean.com) and [OpenStack](https://www.openstack.org), and can be used as a starting point to write configurations for other cloud providers.

examples/openstack/README.md

@@ -0,0 +1,9 @@
+# OpenStack
+
+```shell-session
+talosctl gen config openstack https://1.2.3.4
+terraform init
+terraform apply
+```
+
+(tested on [VEXXHOST](https://vexxhost.com)).

examples/openstack/control-plane.tf

@@ -0,0 +1,25 @@
+resource "openstack_compute_instance_v2" "talos_control_plane" {
+  count = var.control_plane_number
+
+  name        = "talos-control-plane-${count.index}"
+  flavor_name = var.control_plane_flavor
+  image_id    = openstack_images_image_v2.talos.id
+
+  network {
+    name = var.network_name
+  }
+
+  user_data = yamlencode(merge(
+    local.control_plane_config,
+    {
+      cluster = merge(
+        local.control_plane_config.cluster,
+        {
+          controlPlane = {
+            endpoint = "https://${openstack_lb_loadbalancer_v2.talos_control_plane.vip_address}"
+          }
+        }
+      )
+    }
+  ))
+}

examples/openstack/custom-image.tf

@@ -0,0 +1,6 @@
+resource "openstack_images_image_v2" "talos" {
+  container_format = "bare"
+  disk_format      = "raw"
+  image_source_url = var.talos_image
+  name             = "Talos"
+}

examples/openstack/kubernetes.tf

@@ -0,0 +1,31 @@
+resource "talos_bootstrap" "openstack" {
+  endpoint    = openstack_compute_instance_v2.talos_control_plane[0].access_ip_v4
+  machine_ca  = base64decode(local.talos_config.contexts.openstack.ca)
+  machine_crt = base64decode(local.talos_config.contexts.openstack.crt)
+  machine_key = base64decode(local.talos_config.contexts.openstack.key)
+}
+
+output "kubeconfig" {
+  value = talos_bootstrap.openstack
+}
+
+provider "kubernetes" {
+  host                   = openstack_lb_loadbalancer_v2.talos_control_plane.vip_address
+  client_certificate     = talos_bootstrap.openstack.client_certificate
+  client_key             = talos_bootstrap.openstack.client_key
+  cluster_ca_certificate = talos_bootstrap.openstack.cluster_ca_certificate
+}
+
+resource "time_sleep" "wait_60_seconds" {
+  depends_on = [talos_bootstrap.openstack]
+
+  create_duration = "60s"
+}
+
+data "kubernetes_all_namespaces" "allns" {
+  depends_on = [time_sleep.wait_60_seconds]
+}
+
+output "all-ns" {
+  value = data.kubernetes_all_namespaces.allns.namespaces
+}

examples/openstack/load-balancer.tf

@@ -0,0 +1,39 @@
+data "openstack_networking_network_v2" "talos_network" {
+  name = var.network_name
+}
+
+resource "openstack_lb_loadbalancer_v2" "talos_control_plane" {
+  name           = "talos-control-plane"
+  vip_network_id = data.openstack_networking_network_v2.talos_network.id
+}
+
+resource "openstack_lb_listener_v2" "talos_control_plane" {
+  name            = "talos-control-plane"
+  loadbalancer_id = openstack_lb_loadbalancer_v2.talos_control_plane.id
+  protocol        = "TCP"
+  protocol_port   = 443
+}
+
+resource "openstack_lb_pool_v2" "talos_control_plane" {
+  name        = "talos-control-plane"
+  lb_method   = "ROUND_ROBIN"
+  listener_id = openstack_lb_listener_v2.talos_control_plane.id
+  protocol    = "TCP"
+}
+
+resource "openstack_lb_monitor_v2" "talos_control_plane" {
+  pool_id     = openstack_lb_pool_v2.talos_control_plane.id
+  delay       = 5
+  max_retries = 4
+  timeout     = 10
+  type        = "TCP"
+}
+
+resource "openstack_lb_member_v2" "talos_control_plane" {
+  count = var.control_plane_number
+
+  name          = "talos-control-plane-${count.index}"
+  address       = openstack_compute_instance_v2.talos_control_plane[count.index].network[0].fixed_ip_v4
+  pool_id       = openstack_lb_pool_v2.talos_control_plane.id
+  protocol_port = 6443
+}

examples/openstack/local-values.tf

@@ -0,0 +1,5 @@
+locals {
+  control_plane_config = yamldecode(file("${path.module}/controlplane.yaml"))
+  talos_config         = yamldecode(file("${path.module}/talosconfig"))
+  worker_config        = yamldecode(file("${path.module}/worker.yaml"))
+}

examples/openstack/main.tf

@@ -0,0 +1,22 @@
+terraform {
+  required_providers {
+    openstack = {
+      source  = "terraform-provider-openstack/openstack"
+      version = "~> 1.43"
+    }
+    talos = {
+      source  = "tensor5/talos"
+      version = "~> 0.1"
+    }
+  }
+}
+
+provider "openstack" {
+  auth_url                      = var.auth_url
+  application_credential_id     = var.application_credential_id
+  application_credential_secret = var.application_credential_secret
+  region                        = var.region
+  use_octavia                   = true
+}
+
+provider "talos" {}

examples/openstack/variables.tf

@@ -0,0 +1,48 @@
+variable "control_plane_number" {
+  description = "Number of control plane nodes"
+  default     = 3
+}
+
+variable "control_plane_flavor" {
+  description = "Flavor of a control plane node"
+  type        = string
+}
+
+variable "worker_number" {
+  description = "Number of worker nodes"
+  default     = 1
+}
+
+variable "worker_flavor" {
+  description = "Flavor of a worker node"
+  type        = string
+}
+
+variable "auth_url" {
+  description = "OpenStack authentication URL"
+  type        = string
+}
+
+variable "application_credential_id" {
+  type = string
+}
+
+variable "application_credential_secret" {
+  sensitive = true
+  type      = string
+}
+
+variable "network_name" {
+  description = "Network name"
+  default     = "public"
+}
+
+variable "region" {
+  description = "Region"
+  type        = string
+}
+
+variable "talos_image" {
+  description = "URL of Talos raw disk image"
+  type        = string
+}

examples/openstack/worker.tf

@@ -0,0 +1,25 @@
+resource "openstack_compute_instance_v2" "talos_worker" {
+  count = var.worker_number
+
+  name        = "talos-worker-${count.index}"
+  flavor_name = var.worker_flavor
+  image_id    = openstack_images_image_v2.talos.id
+
+  network {
+    name = var.network_name
+  }
+
+  user_data = yamlencode(merge(
+    local.worker_config,
+    {
+      cluster = merge(
+        local.worker_config.cluster,
+        {
+          controlPlane = {
+            endpoint = "https://${openstack_lb_loadbalancer_v2.talos_control_plane.vip_address}"
+          }
+        }
+      )
+    }
+  ))
+}