From 394a4cfcb559d974e81619d1714f87687ad7c37b Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Fri, 5 Nov 2021 19:58:49 +0100
Subject: [PATCH] Rename controlplane nodes to controllers

---
 terraform/firewall.tf     | 32 ++++++++++++++++----------------
 terraform/loadbalancer.tf |  2 +-
 terraform/main.tf         |  6 +++---
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/terraform/firewall.tf b/terraform/firewall.tf
index bf85feb7a..b585cd600 100644
--- a/terraform/firewall.tf
+++ b/terraform/firewall.tf
@@ -21,49 +21,49 @@ resource "hcloud_firewall" "k8s-node" {
     direction   = "in"
     protocol    = "tcp"
     port        = "10250"
-    source_ips  = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
+    source_ips  = [for s in concat(module.controllers.ipv4_addresses, module.workers.ipv4_addresses) : "${s}/32"]
   }
   rule {
     description = "Kubernetes NodePort"
     direction   = "in"
     protocol    = "tcp"
     port        = "30000-32767"
-    source_ips  = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
+    source_ips  = [for s in concat([hcloud_load_balancer.lb.ipv4], module.controllers.ipv4_addresses, module.workers.ipv4_addresses) : "${s}/32"]
   }
   rule {
     description = "Kubernetes NodePort"
     direction   = "in"
     protocol    = "udp"
     port        = "30000-32767"
-    source_ips  = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
+    source_ips  = [for s in concat([hcloud_load_balancer.lb.ipv4], module.controllers.ipv4_addresses, module.workers.ipv4_addresses) : "${s}/32"]
   }
   rule {
     description = "Calico BGP"
     direction   = "in"
     protocol    = "tcp"
     port        = "179"
-    source_ips  = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
+    source_ips  = [for s in concat(module.controllers.ipv4_addresses, module.workers.ipv4_addresses) : "${s}/32"]
   }
   rule {
     description = "Calico VXLAN"
     direction   = "in"
     protocol    = "udp"
     port        = "4789"
-    source_ips  = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
+    source_ips  = [for s in concat(module.controllers.ipv4_addresses, module.workers.ipv4_addresses) : "${s}/32"]
   }
   rule {
     description = "Calico Typha"
     direction   = "in"
     protocol    = "tcp"
     port        = "5473"
-    source_ips  = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
+    source_ips  = [for s in concat(module.controllers.ipv4_addresses, module.workers.ipv4_addresses) : "${s}/32"]
   }
   rule {
     description = "Calico Wireguard"
     direction   = "in"
     protocol    = "udp"
     port        = "51820"
-    source_ips  = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
+    source_ips  = [for s in concat(module.controllers.ipv4_addresses, module.workers.ipv4_addresses) : "${s}/32"]
   }
   # Host level services, including the node exporter on ports 9100-9101.
   rule {
@@ -71,7 +71,7 @@ resource "hcloud_firewall" "k8s-node" {
     direction   = "in"
     protocol    = "tcp"
     port        = "9000-9999"
-    source_ips  = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
+    source_ips  = [for s in concat(module.controllers.ipv4_addresses, module.workers.ipv4_addresses) : "${s}/32"]
   }
   # Host level services, including the node exporter on ports 9100-9101.
   rule {
@@ -79,7 +79,7 @@ resource "hcloud_firewall" "k8s-node" {
     direction   = "in"
     protocol    = "udp"
     port        = "9000-9999"
-    source_ips  = [for s in concat(module.nodes.ipv4_addresses) : "${s}/32"]
+    source_ips  = [for s in concat(module.controllers.ipv4_addresses, module.workers.ipv4_addresses) : "${s}/32"]
   }
 }
 
@@ -87,7 +87,7 @@ resource "hcloud_firewall" "k8s-node" {
 resource "hcloud_firewall" "k8s-master" {
   name = "k8s-master"
   apply_to {
-    label_selector = "k8s.io/master"
+    label_selector = "k8s.io/controlplane"
   }
 
   # ICMP is always a good idea
@@ -107,28 +107,28 @@ resource "hcloud_firewall" "k8s-master" {
     direction   = "in"
     protocol    = "tcp"
     port        = "6443"
-    source_ips  = [for s in concat([hcloud_load_balancer.lb.ipv4], module.nodes.ipv4_addresses) : "${s}/32"]
+    source_ips  = [for s in concat([hcloud_load_balancer.lb.ipv4], module.controllers.ipv4_addresses, module.workers.ipv4_addresses) : "${s}/32"]
   }
   rule {
     description = "etcd"
     direction   = "in"
     protocol    = "tcp"
     port        = "2379-2381"
-    source_ips  = [for s in module.nodes.ipv4_addresses : "${s}/32"]
+    source_ips  = [for s in module.controllers.ipv4_addresses : "${s}/32"]
   }
   rule {
     description = "kube-scheduler"
     direction   = "in"
     protocol    = "tcp"
     port        = "10251"
-    source_ips  = [for s in module.nodes.ipv4_addresses : "${s}/32"]
+    source_ips  = [for s in concat(module.controllers.ipv4_addresses, module.workers.ipv4_addresses) : "${s}/32"]
   }
   rule {
     description = "kube-controller-manager"
     direction   = "in"
     protocol    = "tcp"
     port        = "10252"
-    source_ips  = [for s in module.nodes.ipv4_addresses : "${s}/32"]
+    source_ips  = [for s in concat(module.controllers.ipv4_addresses, module.workers.ipv4_addresses) : "${s}/32"]
   }
 }
 
@@ -155,13 +155,13 @@ resource "hcloud_firewall" "k8s-ingress" {
     direction   = "in"
     protocol    = "tcp"
     port        = "32080"
-    source_ips  = [for s in [hcloud_load_balancer.lb.ipv4] : "${s}/32"]
+    source_ips  = [for s in concat([hcloud_load_balancer.lb.ipv4], module.controllers.ipv4_addresses, module.workers.ipv4_addresses) : "${s}/32"]
   }
   rule {
     description = "Public HTTPS"
     direction   = "in"
     protocol    = "tcp"
     port        = "32443"
-    source_ips  = [for s in [hcloud_load_balancer.lb.ipv4] : "${s}/32"]
+    source_ips  = [for s in concat([hcloud_load_balancer.lb.ipv4], module.controllers.ipv4_addresses, module.workers.ipv4_addresses) : "${s}/32"]
   }
 }
diff --git a/terraform/loadbalancer.tf b/terraform/loadbalancer.tf
index f01dca818..3ff60529b 100644
--- a/terraform/loadbalancer.tf
+++ b/terraform/loadbalancer.tf
@@ -7,7 +7,7 @@ resource "hcloud_load_balancer" "lb" {
 resource "hcloud_load_balancer_target" "lb_target_master" {
   type             = "label_selector"
   load_balancer_id = hcloud_load_balancer.lb.id
-  label_selector   = "k8s.io/master"
+  label_selector   = "k8s.io/controlplane"
   use_private_ip   = false
 }
 
diff --git a/terraform/main.tf b/terraform/main.tf
index cd1dd2a20..cd652b33d 100644
--- a/terraform/main.tf
+++ b/terraform/main.tf
@@ -6,17 +6,17 @@ resource "hcloud_placement_group" "k8s" {
   }
 }
 
-module "nodes" {
+module "controllers" {
   source         = "./modules/hcloud_instance"
   instance_count = var.replicas_nodes
   location       = var.location
-  name           = "node"
+  name           = "cp"
   dns_domain     = var.dns_domain
   dns_zone_id    = var.dns_zone_id
   image          = var.image
   labels = {
     "k8s.io/node"    = "true",
-    "k8s.io/master"  = "true",
+    "k8s.io/controlplane"  = "true",
     "k8s.io/ingress" = "true",
   }
   placement_group_id = hcloud_placement_group.k8s.id
-- 
GitLab