Upcloud: Add possibility to setup cluster using nodes with no public IPs (#11696)

* terraform upcloud: Added possibility to set up nodes with only private IPs * terraform upcloud: add support for gateway in private zone * terraform upcloud: split LB proxy protocol config per backend * terraform upcloud: fix flexible plans * terraform upcloud: Removed overview of cluster setup --------- Co-authored-by: davidumea <david.andersson@elastisys.com>
2026-05-11 11:27:39 -02:30 · 2025-04-01 16:58:42 +02:00
parent fe2ab898b8
commit 6f74ef17f7
9 changed files with 296 additions and 119 deletions
--- a/contrib/terraform/upcloud/variables.tf
+++ b/contrib/terraform/upcloud/variables.tf
@@ -32,16 +32,31 @@ variable "private_network_cidr" {
  default     = "172.16.0.0/24"
 }

+variable "dns_servers" {
+  description = "DNS servers that will be used by the nodes. Until [this is solved](https://github.com/UpCloudLtd/terraform-provider-upcloud/issues/562) this is done using user_data to reconfigure resolved"
+
+  type    = set(string)
+  default = []
+}
+
+variable "use_public_ips" {
+  description = "If all nodes should get a public IP"
+  type        = bool
+  default     = true
+}
+
 variable "machines" {
  description = "Cluster machines"

  type = map(object({
    node_type = string
    plan      = string
-    cpu       = string
-    mem       = string
+    cpu       = optional(number)
+    mem       = optional(number)
    disk_size = number
    server_group : string
+    force_public_ip : optional(bool, false)
+    dns_servers : optional(set(string))
    additional_disks = map(object({
      size = number
      tier = string
@@ -89,6 +104,15 @@ variable "k8s_allowed_remote_ips" {
  default = []
 }

+variable "bastion_allowed_remote_ips" {
+  description = "List of IP start/end addresses allowed to SSH to bastion"
+  type = list(object({
+    start_address = string
+    end_address   = string
+  }))
+  default = []
+}
+
 variable "master_allowed_ports" {
  description = "List of ports to allow on masters"
  type = list(object({
@@ -131,11 +155,6 @@ variable "loadbalancer_plan" {
  default     = "development"
 }

-variable "loadbalancer_proxy_protocol" {
-  type    = bool
-  default = false
-}
-
 variable "loadbalancer_legacy_network" {
  description = "If the loadbalancer should use the deprecated network field instead of networks blocks. You probably want to have this set to false"

@@ -147,6 +166,7 @@ variable "loadbalancers" {
  description = "Load balancers"

  type = map(object({
+    proxy_protocol          = bool
    port                    = number
    target_port             = number
    allow_internal_frontend = optional(bool, false)