terraform-lawndale-k8s/lawndale-flannel-hack.tf

/*
THIS IS A HACK!

Currently, flannel offers no option for static configuration without etcd or kubernetes api
so in order to make pods accessible from the host, I have to create this phantom node.

This will be picked up by a flannel daemon running on the host, 
and will create the necessary interfaces and routing entries on the host
to reach other pods.

This is ugly, yes.
I have no other option currently, no

Maybe a go program can be written to only use the node discovery of flannel 
without any need for this phantom node. But it's not a viable option for now, so...
*/

resource "time_static" "lawndale_node_registered" {}

resource "kubernetes_manifest" "lawndale" {
  computed_fields = ["spec.taints", "metadata.annotations"]
  manifest = {
    apiVersion = "v1"
    kind       = "Node"
    metadata = {
      annotations = {
        "flannel.alpha.coreos.com/backend-data"        = jsonencode({ "VNI" = 8000, "VtepMAC" : "86:87:0d:78:6d:58" })
        "flannel.alpha.coreos.com/backend-type"        = "vxlan"
        "flannel.alpha.coreos.com/kube-subnet-manager" = "true"
        "flannel.alpha.coreos.com/public-ip"           = "192.168.253.254"
        "node.alpha.kubernetes.io/ttl"                 = "0"
      }
      labels = {
        "beta.kubernetes.io/arch" = "amd64"
        "beta.kubernetes.io/os"   = "linux"
        "kubernetes.io/arch"      = "amd64"
        "kubernetes.io/hostname"  = "lawndale"
        "kubernetes.io/os"        = "linux"
      }
      name = "lawndale"
    }

    spec = {
      unschedulable = "true"
      podCIDR       = "192.168.15.128/30"
      podCIDRs      = ["192.168.15.128/30"]
      taints = [
        {
          effect    = "NoSchedule"
          key       = "node.kubernetes.io/unschedulable"
          timeAdded = time_static.lawndale_node_registered.rfc3339
          value     = null
        },
        {
          effect    = "NoSchedule"
          key       = "node.kubernetes.io/unreachable"
          timeAdded = time_static.lawndale_node_registered.rfc3339
          value     = null
        },
        {
          effect    = "NoExecute"
          key       = "node.kubernetes.io/unreachable"
          timeAdded = time_static.lawndale_node_registered.rfc3339
          value     = null
        },
        # {
        #   effect = "NoSchedule"
        #   key    = "node.kubernetes.io/not-ready"
        #   timeAdded = time_static.lawndale_node_registered.rfc3339
        #   value = null
        # },
        {
          effect    = "NoExecute"
          key       = "k8s.thomasklein.me/lawndale-hack"
          timeAdded = time_static.lawndale_node_registered.rfc3339
          value     = null
        },
      ]
    }
  }
}