my-homelab-configs/bootstrap/cluster/main.tf

terraform {
  required_version = ">= 1.0"
  required_providers {
    null = {
      source  = "hashicorp/null"
      version = "~> 3.2"
    }
    external = {
      source  = "hashicorp/external"
      version = "~> 2.3"
    }
  }
}

resource "null_resource" "kubeadm_control_plane" {
  provisioner "local-exec" {
    command = <<EOT
      sudo apt-get update && sudo apt-get install -y open-iscsi nfs-common
      sudo systemctl enable --now iscsid
      sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --node-name=debian
      mkdir -p /home/jv/.kube
      sudo cp -i /etc/kubernetes/admin.conf /home/jv/.kube/config
      sudo chown jv:jv /home/jv/.kube/config
      kubectl taint nodes debian node-role.kubernetes.io/control-plane-
    EOT
  }

  provisioner "local-exec" {
    when    = destroy
    command = <<EOT
      sudo kubeadm reset --force
      sudo iptables -F && sudo iptables -t nat -F && sudo iptables -t mangle -F && sudo iptables -X
      sudo ip link delete cilium_host || true
      sudo ip link delete cilium_net || true
      sudo ip link delete cilium_vxlan || true
      rm -rf /home/jv/.kube
      sudo rm -rf /etc/kubernetes/ /var/lib/etcd/ /var/lib/kubelet/ /var/lib/cni/ /etc/cni/net.d
    EOT
  }
}

data "external" "kubeadm_join_command" {
  depends_on = [null_resource.kubeadm_control_plane]
  program    = ["sh", "-c", "echo \"{\\\"cmd\\\":\\\"$(sudo kubeadm token create --print-join-command)\\\"}\""]
}

resource "null_resource" "kubeadm_worker_raspberry" {
  depends_on = [null_resource.kubeadm_control_plane]

  connection {
    type        = "ssh"
    user        = "jv"
    private_key = file("/home/jv/.ssh/id_ed25519")
    host        = "192.168.100.89"
  }

  provisioner "remote-exec" {
    inline = [
      "sudo apt-get update && sudo apt-get install -y open-iscsi nfs-common",
      "sudo systemctl enable --now iscsid",
      "echo '${data.external.kubeadm_join_command.result.cmd} --node-name=raspberry' > /tmp/join.sh",
      "sudo sh /tmp/join.sh",
      "rm -f /tmp/join.sh"
    ]
  }

  provisioner "remote-exec" {
    when    = destroy
    inline = [
      "sudo kubeadm reset --force",
      "sudo iptables -F && sudo iptables -t nat -F && sudo iptables -t mangle -F && sudo iptables -X",
      "sudo rm -rf /var/lib/kubelet/ /var/lib/cni/ /etc/cni/net.d"
    ]
  }
}