preparation for k3s

terraform/main.tf

@@ -64,12 +64,20 @@ resource "proxmox_vm_qemu" "vm_deployment" {
   tags = each.value.tags
 
   lifecycle {
-    ignore_changes = [ network ]
+    ignore_changes = [ 
+      network, 
+      sshkeys,
+      ciuser,
+      cipassword
+    ]
   }
 }
 
 resource "opnsense_unbound_host_override" "dns_entries" {
-  for_each = local.vms
+  for_each = merge(
+    { for k, v in local.vms : k => { ip = v.ip, tags = v.tags } },
+    local.extra_dns
+  )
 
   enabled     = true
   hostname    = each.key
@@ -77,3 +85,12 @@ resource "opnsense_unbound_host_override" "dns_entries" {
   description = "Managed by Terraform: ${each.value.tags}"
   server      = each.value.ip
 }
+
+# Wildcard DNS record for K3s Ingress
+resource "opnsense_unbound_host_override" "dns_wildcard_k3s" {
+  enabled     = true
+  hostname    = "*"
+  domain      = "k3s.stabify.de"
+  description = "Managed by Terraform: Wildcard for K3s Ingress VIP"
+  server      = local.extra_dns["k3s-ingress"].ip
+}