Added support for single-node cluster setups

Signed-off-by: Philip Schmid <philip.schmid@isovalent.com>

00-locals.tf

@@ -49,7 +49,8 @@ locals {
       extraManifests = [
         "https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml",
         "https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml"
-      ]
+      ],
+      allowSchedulingOnControlPlanes = var.allow_workload_on_cp_nodes
     },
     machine = {
       kubelet = {

00-variables.tf

@@ -43,6 +43,12 @@ variable "disable_kube_proxy" {
   default     = true
 }
 
+variable "allow_workload_on_cp_nodes" {
+  description = "Allow workloads on CP nodes or not. Allowing it means Talos Linux default taints are removed from CP nodes. More details here: https://www.talos.dev/v1.5/talos-guides/howto/workers-on-controlplane/"
+  type        = bool
+  default     = false
+}
+
 variable "talos_version" {
   description = "Talos version to use for the cluster, if not set, the newest Talos version. Check https://github.com/siderolabs/talos/releases for available releases."
   type        = string
@@ -66,12 +72,23 @@ variable "kubernetes_version" {
 
 }
 
+variable "controlplane_count" {
+  description = "Defines how many controlplane nodes are deployed in the cluster."
+  default     = 3
+  type        = number
+}
+
+variable "workers_count" {
+  description = "Defines how many worker nodes are deployed in the cluster."
+  default     = 2
+  type        = number
+}
+
 variable "control_plane" {
   description = "Info for control plane that will be created"
   type = object({
     instance_type      = optional(string, "m5.large")
     ami_id             = optional(string, null)
-    num_instances      = optional(number, 3)
     config_patch_files = optional(list(string), [])
     tags               = optional(map(string), {})
   })
@@ -90,7 +107,6 @@ variable "worker_groups" {
     name               = string
     instance_type      = optional(string, "m5.large")
     ami_id             = optional(string, null)
-    num_instances      = optional(number, 2)
     config_patch_files = optional(list(string), [])
     tags               = optional(map(string), {})
   }))

02-infra.tf

@@ -77,6 +77,6 @@ module "elb_k8s_elb" {
     timeout             = 5
   }
 
-  number_of_instances = var.control_plane.num_instances
+  number_of_instances = var.controlplane_count
   instances           = module.talos_control_plane_nodes.*.id
 }

03-talos.tf

@@ -2,7 +2,7 @@ module "talos_control_plane_nodes" {
   source  = "terraform-aws-modules/ec2-instance/aws"
   version = "~> 5.5"
 
-  count = var.control_plane.num_instances
+  count = var.controlplane_count
 
   name                        = "${var.cluster_name}-control-plane-${count.index}"
   ami                         = var.control_plane.ami_id == null ? data.aws_ami.talos.id : var.control_plane.ami_id
@@ -25,7 +25,7 @@ module "talos_worker_group" {
   source  = "terraform-aws-modules/ec2-instance/aws"
   version = "~> 5.5"
 
-  for_each = merge([for info in var.worker_groups : { for index in range(0, info.num_instances) : "${info.name}.${index}" => info }]...)
+  for_each = merge([for info in var.worker_groups : { for index in range(0, var.workers_count) : "${info.name}.${index}" => info }]...)
 
   name                        = "${var.cluster_name}-worker-group-${each.value.name}-${trimprefix(each.key, "${each.value.name}.")}"
   ami                         = each.value.ami_id == null ? data.aws_ami.talos.id : each.value.ami_id
@@ -64,7 +64,7 @@ data "talos_machine_configuration" "controlplane" {
 }
 
 data "talos_machine_configuration" "worker_group" {
-  for_each = merge([for info in var.worker_groups : { for index in range(0, info.num_instances) : "${info.name}.${index}" => info }]...)
+  for_each = merge([for info in var.worker_groups : { for index in range(0, var.workers_count) : "${info.name}.${index}" => info }]...)
 
   cluster_name       = var.cluster_name
   cluster_endpoint   = "https://${module.elb_k8s_elb.elb_dns_name}"
@@ -83,7 +83,7 @@ data "talos_machine_configuration" "worker_group" {
 }
 
 resource "talos_machine_configuration_apply" "controlplane" {
-  count = var.control_plane.num_instances
+  count = var.controlplane_count
 
   client_configuration        = talos_machine_secrets.this.client_configuration
   machine_configuration_input = data.talos_machine_configuration.controlplane.machine_configuration
@@ -92,7 +92,7 @@ resource "talos_machine_configuration_apply" "controlplane" {
 }
 
 resource "talos_machine_configuration_apply" "worker_group" {
-  for_each = merge([for info in var.worker_groups : { for index in range(0, info.num_instances) : "${info.name}.${index}" => info }]...)
+  for_each = merge([for info in var.worker_groups : { for index in range(0, var.workers_count) : "${info.name}.${index}" => info }]...)
 
   client_configuration        = talos_machine_secrets.this.client_configuration
   machine_configuration_input = data.talos_machine_configuration.worker_group[each.key].machine_configuration

README.md

@@ -6,6 +6,7 @@ A Terraform module to manage a Talos-based Kubernetes on AWS (EC2 instances). Is
 
 - Install Talos Linux OS EC2 VMs
   - For now, it's only supported to deploy the VMs in public subnets with public IPs assigned
+- Support for single- and multi-node cluster architectures
 - Bootstrap Talos Kubernetes cluster with some infrastructure components:
   - [Talos' KubePrism](https://www.talos.dev/v1.5/kubernetes-guides/configuration/kubeprism/) to get an internal endpoint for the KAPI (used for [Cilium Kube-Proxy replacement](https://docs.cilium.io/en/stable/network/kubernetes/kubeproxy-free/))
   - [kubernetes-sigs/metrics-server](https://github.com/kubernetes-sigs/metrics-server/)
@@ -91,10 +92,12 @@ module "talos" {
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_allocate_node_cidrs"></a> [allocate\_node\_cidrs](#input\_allocate\_node\_cidrs) | Whether to assign PodCIDRs to Node resources or not. Only needed in case Cilium runs in 'kubernetes' IPAM mode. | `bool` | `true` | no |
+| <a name="input_allow_workload_on_cp_nodes"></a> [allow\_workload\_on\_cp\_nodes](#input\_allow\_workload\_on\_cp\_nodes) | Allow workloads on CP nodes or not. Allowing it means Talos Linux default taints are removed from CP nodes. More details here: https://www.talos.dev/v1.5/talos-guides/howto/workers-on-controlplane/ | `bool` | `false` | no |
 | <a name="input_cluster_id"></a> [cluster\_id](#input\_cluster\_id) | The ID of the cluster. | `number` | `"1"` | no |
 | <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | Name of cluster | `string` | n/a | yes |
 | <a name="input_config_patch_files"></a> [config\_patch\_files](#input\_config\_patch\_files) | Path to talos config path files that applies to all nodes | `list(string)` | `[]` | no |
-| <a name="input_control_plane"></a> [control\_plane](#input\_control\_plane) | Info for control plane that will be created | <pre>object({<br>    instance_type      = optional(string, "m5.large")<br>    ami_id             = optional(string, null)<br>    num_instances      = optional(number, 3)<br>    config_patch_files = optional(list(string), [])<br>    tags               = optional(map(string), {})<br>  })</pre> | `{}` | no |
+| <a name="input_control_plane"></a> [control\_plane](#input\_control\_plane) | Info for control plane that will be created | <pre>object({<br>    instance_type      = optional(string, "m5.large")<br>    ami_id             = optional(string, null)<br>    config_patch_files = optional(list(string), [])<br>    tags               = optional(map(string), {})<br>  })</pre> | `{}` | no |
+| <a name="input_controlplane_count"></a> [controlplane\_count](#input\_controlplane\_count) | Defines how many controlplane nodes are deployed in the cluster. | `number` | `3` | no |
 | <a name="input_disable_kube_proxy"></a> [disable\_kube\_proxy](#input\_disable\_kube\_proxy) | Whether to deploy Kube-Proxy or not. By default, KP shouldn't be deployed. | `bool` | `true` | no |
 | <a name="input_kubernetes_api_allowed_cidr"></a> [kubernetes\_api\_allowed\_cidr](#input\_kubernetes\_api\_allowed\_cidr) | The CIDR from which to allow to access the Kubernetes API | `string` | `"0.0.0.0/0"` | no |
 | <a name="input_kubernetes_version"></a> [kubernetes\_version](#input\_kubernetes\_version) | Kubernetes version to use for the Talos cluster, if not set, the K8s version shipped with the selected Talos version will be used. Check https://www.talos.dev/v1.5/introduction/support-matrix/. For example '1.27.3'. | `string` | `""` | no |
@@ -106,7 +109,8 @@ module "talos" {
 | <a name="input_talos_version"></a> [talos\_version](#input\_talos\_version) | Talos version to use for the cluster, if not set, the newest Talos version. Check https://github.com/siderolabs/talos/releases for available releases. | `string` | `"v1.5.3"` | no |
 | <a name="input_vpc_cidr"></a> [vpc\_cidr](#input\_vpc\_cidr) | The IPv4 CIDR block for the VPC. | `string` | `"10.0.0.0/16"` | no |
 | <a name="input_vpc_id"></a> [vpc\_id](#input\_vpc\_id) | ID of the VPC where to place the VMs. | `string` | n/a | yes |
-| <a name="input_worker_groups"></a> [worker\_groups](#input\_worker\_groups) | List of node worker node groups to create | <pre>list(object({<br>    name               = string<br>    instance_type      = optional(string, "m5.large")<br>    ami_id             = optional(string, null)<br>    num_instances      = optional(number, 2)<br>    config_patch_files = optional(list(string), [])<br>    tags               = optional(map(string), {})<br>  }))</pre> | <pre>[<br>  {<br>    "name": "default"<br>  }<br>]</pre> | no |
+| <a name="input_worker_groups"></a> [worker\_groups](#input\_worker\_groups) | List of node worker node groups to create | <pre>list(object({<br>    name               = string<br>    instance_type      = optional(string, "m5.large")<br>    ami_id             = optional(string, null)<br>    config_patch_files = optional(list(string), [])<br>    tags               = optional(map(string), {})<br>  }))</pre> | <pre>[<br>  {<br>    "name": "default"<br>  }<br>]</pre> | no |
+| <a name="input_workers_count"></a> [workers\_count](#input\_workers\_count) | Defines how many worker nodes are deployed in the cluster. | `number` | `2` | no |
 
 ### Outputs
 

example/02-talos.tf

@@ -3,13 +3,16 @@ module "talos" {
   source = "../"
 
   // Supported Talos versions (and therefore K8s versions) can be found here: https://github.com/siderolabs/talos/releases
-  talos_version       = var.talos_version
-  kubernetes_version  = var.kubernetes_version
-  cluster_name        = var.cluster_name
-  cluster_id          = var.cluster_id
-  region              = var.region
-  tags                = local.tags
-  allocate_node_cidrs = var.allocate_node_cidrs
+  talos_version      = var.talos_version
+  kubernetes_version = var.kubernetes_version
+  cluster_name       = var.cluster_name
+  cluster_id         = var.cluster_id
+  region             = var.region
+  tags               = local.tags
+  # For single-node cluster support:
+  #allow_workload_on_cp_nodes = true
+  #controlplane_count         = 1
+  #workers_count              = 0
   // VPC needs to be created in advance via https://github.com/isovalent/terraform-aws-vpc
   vpc_id       = module.vpc.id
   pod_cidr     = var.pod_cidr

example/03-cilium.tf

@@ -5,8 +5,10 @@ module "cilium" {
     module.talos
   ]
 
-  cilium_helm_release_name                = "cilium"
-  wait_for_total_control_plane_nodes      = true
+  cilium_helm_release_name           = "cilium"
+  wait_for_total_control_plane_nodes = true
+  # For single-node cluster support:
+  #total_control_plane_nodes               = 1
   cilium_helm_values_file_path            = var.cilium_helm_values_file_path
   cilium_helm_version                     = var.cilium_helm_version
   cilium_helm_chart                       = var.cilium_helm_chart