From 4965017b86b7c91ad385be9037a583d1645c49df Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Mon, 23 Mar 2026 02:44:35 +0000
Subject: [PATCH] Fix Load Balancer network attachment

Add hcloud_load_balancer_network resource to attach LB to private network.
This is required before targets can use use_private_ip=true.
LB gets IP 10.0.1.5 on the private network.
---
 terraform/loadbalancer.tf | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/terraform/loadbalancer.tf b/terraform/loadbalancer.tf
index 7a92a58..e762f7e 100644
--- a/terraform/loadbalancer.tf
+++ b/terraform/loadbalancer.tf
@@ -12,6 +12,13 @@ resource "hcloud_load_balancer" "kube_api" {
   }
 }
 
+# Attach Load Balancer to private network (required for use_private_ip)
+resource "hcloud_load_balancer_network" "kube_api" {
+  load_balancer_id = hcloud_load_balancer.kube_api.id
+  network_id       = hcloud_network.cluster.id
+  ip               = cidrhost(var.subnet_cidr, 5) # 10.0.1.5
+}
+
 # Attach all control plane servers as targets
 resource "hcloud_load_balancer_target" "kube_api_targets" {
   count            = var.control_plane_count
@@ -20,7 +27,7 @@ resource "hcloud_load_balancer_target" "kube_api_targets" {
   server_id        = hcloud_server.control_plane[count.index].id
   use_private_ip   = true
 
-  depends_on = [hcloud_server.control_plane]
+  depends_on = [hcloud_load_balancer_network.kube_api, hcloud_server.control_plane]
 }
 
 # Kubernetes API service on port 6443