From 6bfdc751091d687adae241435d1b433776ecbeb9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kai=20L=C3=BCke?= <kai@kinvolk.io>
Date: Wed, 12 Aug 2020 12:43:00 +0200
Subject: [PATCH] Add the kvm-libvirt platform to lokoctl

The KVM libvirt Terraform module was not yet available from lokoctl
despite it being an easy way to try out Lokomotive without any cloud
provider accounts (and their attached costs). It allows to use
Lokomotive on any Flatcar Container Linux image, even local development
builds. It also gives direct access to the VGA console for debugging.
The cluster VMs can be shut down in virt-manager while they are not
needed.
---
 README.md                                     |   1 +
 .../flatcar-linux/kubernetes/bootkube.tf      |   5 +
 .../flatcar-linux/kubernetes/controllers.tf   |   2 +-
 .../flatcar-linux/kubernetes/outputs.tf       |  12 -
 .../flatcar-linux/kubernetes/require.tf       |   3 +-
 .../flatcar-linux/kubernetes/variables.tf     |  13 +-
 .../kubernetes/workers/require.tf             |  29 +-
 .../kvm-libvirt-cluster.lokocfg.envsubst      |  11 +
 cli/cmd/root.go                               |   1 +
 .../platforms/kvm-libvirt.md                  | 142 +++++++++
 docs/quickstarts/kvm-libvirt.md               | 284 ++++++++++++++++++
 pkg/assets/generated_assets.go                |  24 +-
 pkg/platform/kvmlibvirt/kvmlibvirt.go         | 198 ++++++++++++
 pkg/platform/kvmlibvirt/template.go           | 186 ++++++++++++
 14 files changed, 863 insertions(+), 48 deletions(-)
 create mode 100644 ci/kvm-libvirt/kvm-libvirt-cluster.lokocfg.envsubst
 create mode 100644 docs/configuration-reference/platforms/kvm-libvirt.md
 create mode 100644 docs/quickstarts/kvm-libvirt.md
 create mode 100644 pkg/platform/kvmlibvirt/kvmlibvirt.go
 create mode 100644 pkg/platform/kvmlibvirt/template.go

diff --git a/README.md b/README.md
index a1890551a..281adc073 100644
--- a/README.md
+++ b/README.md
@@ -35,6 +35,7 @@ Follow one of the quickstart guides for the supported platforms:
 * [Packet quickstart](docs/quickstarts/packet.md)
 * [AWS quickstart](docs/quickstarts/aws.md)
 * [Bare metal quickstart](docs/quickstarts/baremetal.md)
+* [KVM libvirt quickstart](docs/quickstarts/kvm-libvirt.md)
 
 ## Documentation
 
diff --git a/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/bootkube.tf b/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/bootkube.tf
index 8c5463ce2..ef3718986 100644
--- a/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/bootkube.tf
+++ b/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/bootkube.tf
@@ -18,6 +18,11 @@ module "bootkube" {
   enable_reporting      = var.enable_reporting
   enable_aggregation    = var.enable_aggregation
 
+  # Disable the self hosted kubelet.
+  disable_self_hosted_kubelet = var.disable_self_hosted_kubelet
+  # Extra flags to API server.
+  kube_apiserver_extra_flags = var.kube_apiserver_extra_flags
+
   certs_validity_period_hours = var.certs_validity_period_hours
 }
 
diff --git a/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/controllers.tf b/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/controllers.tf
index 01c4daf7f..c2c6e4db2 100644
--- a/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/controllers.tf
+++ b/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/controllers.tf
@@ -11,7 +11,7 @@ resource "libvirt_pool" "volumetmp" {
 
 resource "libvirt_volume" "base" {
   name   = "${var.cluster_name}-base"
-  source = var.os_image_unpacked
+  source = var.os_image
   pool   = libvirt_pool.volumetmp.name
   format = "qcow2"
 }
diff --git a/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/outputs.tf b/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/outputs.tf
index 90950d075..912c1aa7c 100644
--- a/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/outputs.tf
+++ b/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/outputs.tf
@@ -6,18 +6,6 @@ output "kubeconfig" {
   value = module.bootkube.kubeconfig-kubelet
 }
 
-output "machine_domain" {
-  value = var.machine_domain
-}
-
-output "cluster_name" {
-  value = var.cluster_name
-}
-
-output "ssh_keys" {
-  value = var.ssh_keys
-}
-
 output "libvirtpool" {
   value = libvirt_pool.volumetmp.name
 }
diff --git a/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/require.tf b/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/require.tf
index 2318ef10c..e0b437615 100644
--- a/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/require.tf
+++ b/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/require.tf
@@ -4,13 +4,12 @@ terraform {
   required_version = ">= 0.12.0"
 
   required_providers {
-    ct       = "= 0.5.0"
+    ct       = "~> 0.5.0"
     local    = "~> 1.2"
     null     = "~> 2.1"
     template = "~> 2.1"
     tls      = "~> 2.0"
     libvirt  = "~> 0.6.0"
-    packet   = "~> 2.7.3"
     random   = "~> 2.2"
   }
 }
diff --git a/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/variables.tf b/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/variables.tf
index b6ad0eece..0e034a681 100644
--- a/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/variables.tf
+++ b/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/variables.tf
@@ -6,7 +6,7 @@ variable "cluster_name" {
 }
 
 # Nodes
-variable "os_image_unpacked" {
+variable "os_image" {
   type        = string
   description = "Path to unpacked Flatcar Container Linux image flatcar_production_qemu_image.img (probably after a qemu-img resize IMG +5G)"
 }
@@ -105,6 +105,17 @@ variable "enable_aggregation" {
   default     = true
 }
 
+variable "kube_apiserver_extra_flags" {
+  description = "Extra flags passed to self-hosted kube-apiserver."
+  type        = list(string)
+  default     = []
+}
+
+variable "disable_self_hosted_kubelet" {
+  description = "Disable the self hosted kubelet installed by default"
+  type        = bool
+}
+
 # Certificates
 
 variable "certs_validity_period_hours" {
diff --git a/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/workers/require.tf b/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/workers/require.tf
index 7da021ee4..e0b437615 100644
--- a/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/workers/require.tf
+++ b/assets/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/workers/require.tf
@@ -2,25 +2,14 @@
 
 terraform {
   required_version = ">= 0.12.0"
-}
-
-provider "ct" {
-  version = "0.4.0"
-}
-
-provider "local" {
-  version = "1.4.0"
-}
-
-provider "template" {
-  version = "~> 2.1"
-}
-
-provider "tls" {
-  version = "~> 2.0"
-}
 
-provider "libvirt" {
-  version = "~> 0.6.0"
-  uri     = "qemu:///system"
+  required_providers {
+    ct       = "~> 0.5.0"
+    local    = "~> 1.2"
+    null     = "~> 2.1"
+    template = "~> 2.1"
+    tls      = "~> 2.0"
+    libvirt  = "~> 0.6.0"
+    random   = "~> 2.2"
+  }
 }
diff --git a/ci/kvm-libvirt/kvm-libvirt-cluster.lokocfg.envsubst b/ci/kvm-libvirt/kvm-libvirt-cluster.lokocfg.envsubst
new file mode 100644
index 000000000..42554f517
--- /dev/null
+++ b/ci/kvm-libvirt/kvm-libvirt-cluster.lokocfg.envsubst
@@ -0,0 +1,11 @@
+cluster "kvm-libvirt" {
+  asset_dir         = pathexpand("~/lokoctl-assets")
+  ssh_pubkeys       = [file(pathexpand("~/.ssh/id_rsa.pub"))]
+  cluster_name      = "vmcluster"
+  machine_domain    = "vmcluster.k8s"
+  os_image          = "file:///var/tmp/flatcar_production_qemu_image.img"
+
+  worker_pool "one" {
+    count = 2
+  }
+}
diff --git a/cli/cmd/root.go b/cli/cmd/root.go
index 5bdccd899..a837cff4c 100644
--- a/cli/cmd/root.go
+++ b/cli/cmd/root.go
@@ -25,6 +25,7 @@ import (
 	_ "github.com/kinvolk/lokomotive/pkg/platform/aks"
 	_ "github.com/kinvolk/lokomotive/pkg/platform/aws"
 	_ "github.com/kinvolk/lokomotive/pkg/platform/baremetal"
+	_ "github.com/kinvolk/lokomotive/pkg/platform/kvmlibvirt"
 	_ "github.com/kinvolk/lokomotive/pkg/platform/packet"
 
 	// Register backends by adding an anonymous import.
diff --git a/docs/configuration-reference/platforms/kvm-libvirt.md b/docs/configuration-reference/platforms/kvm-libvirt.md
new file mode 100644
index 000000000..bce848f0e
--- /dev/null
+++ b/docs/configuration-reference/platforms/kvm-libvirt.md
@@ -0,0 +1,142 @@
+# Lokomotive KVM libvirt configuration reference
+
+## Contents
+
+* [Introduction](#introduction)
+* [Prerequisites](#prerequisites)
+* [Configuration](#configuration)
+* [Attribute reference](#attribute-reference)
+* [Applying](#applying)
+* [Destroying](#destroying)
+
+## Introduction
+
+This configuration reference provides information on configuring a Lokomotive cluster on KVM libvirt VMs
+with all the configuration options available to the user.
+
+## Prerequisites
+
+* Terraform providers and libvirt setup from the [quickstart guide](../../quickstarts/kvm-libvirt.md)
+* `lokoctl` [installed locally.](../../installer/lokoctl.md)
+* `kubectl` installed locally to access the Kubernetes cluster.
+
+### Configuration
+
+To create a Lokomotive cluster, we need to define a configuration.
+
+Example configuration file:
+
+```tf
+
+cluster "kvm-libvirt" {
+
+  asset_dir = pathexpand("./assets")
+
+  cluster_name = "vmcluster"
+
+  machine_domain = "vmcluster.k8s"
+
+  os_image = "file:///home/myuser/Downloads/flatcar_production_qemu_image.img"
+
+  ssh_pubkeys = [file(pathexpand("~/.ssh/id_rsa.pub"))]
+
+  controller_count = 1
+
+  node_ip_pool = "192.168.192.0/24"
+
+  disable_self_hosted_kubelet = false
+
+  kube_apiserver_extra_flags = []
+
+  controller_virtual_cpus = 1
+  controller_virtual_memory = 2048
+
+  controller_clc_snippets = []
+
+  network_mtu = 1480
+  network_ip_autodetection_method = "first-found"
+
+  pod_cidr = "10.1.0.0/16"
+  service_cidr = "10.2.0.0/16"
+
+  cluster_domain_suffix = "cluster.local"
+
+  enable_reporting = false
+  enable_aggregation = true
+
+  certs_validity_period_hours = 8760
+
+  worker_pool "worker-pool-1" {
+    count = 2
+
+    virtual_cpus = 1
+    virtual_memory = 2048
+
+    labels = "foo=oof,bar=,baz=zab"
+
+    clc_snippets = [
+  <<EOF
+systemd:
+  units:
+  - name: helloworld.service
+    dropins:
+      - name: 10-helloworld.conf
+        contents: |
+          [Install]
+          WantedBy=multi-user.target
+EOF
+        ,
+  ]
+
+  }
+}
+```
+
+
+## Attribute reference
+
+| Argument                              | Description                                                                                                                                                                                                                                                                       |       Default      |     Type     | Required |
+|---------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------:|:------------:|:--------:|
+| `asset_dir`                           | Location where Lokomotive stores cluster assets.                                                                                                                                                                                                                                  |          -         |    string    |   true   |
+| `certs_validity_period_hours`         | Validity of all the certificates in hours.                                                                                                                                                                                                                                        |        8760        |    number    |  false   |
+| `cluster_domain_suffix`               | Cluster's DNS domain.                                                                                                                                                                                                                                                             |   "cluster.local"  |    string    |  false   |
+| `cluster_name`                        | Name of the cluster.                                                                                                                                                                                                                                                              |          -         |    string    |   true   |
+| `controller_clc_snippets`             | Controller Flatcar Container Linux Config snippets.                                                                                                                                                                                                                               |          []        | list(string) |  false   |
+| `controller_count`                    | Number of controller nodes.                                                                                                                                                                                                                                                       |          1         |    number    |  false   |
+| `controller_virtual_cpus`             | Number of virtual CPUs for the controller VMs.                                                                                                                                                                                                                                    |          1         |      int     |  false   |
+| `controller_virtual_memory`           | Virtual RAM in MB for the controller VMs.                                                                                                                                                                                                                                         |         2048       |      int     |  false   |
+| `disable_self_hosted_kubelet`         | Disable self-hosting the kubelet as pod on the cluster.                                                                                                                                                                                                                           |        false       |     bool     |  false   |
+| `enable_aggregation`                  | Enable the Kubernetes Aggregation Layer.                                                                                                                                                                                                                                          |        true        |     bool     |  false   |
+| `enable_reporting`                    | Enables usage or analytics reporting to upstream.                                                                                                                                                                                                                                 |        false       |     bool     |  false   |
+| `kube_apiserver_extra_flags`          | Extra flags to pass to the kube-apiserver binary.                                                                                                                                                                                                                                 |          []        | list(string) |  false   |
+| `machine_domain`                      | DNS zone of the cluster, used by nodes to find each other as HOSTNAME.machine_domain.                                                                                                                                                                                             |          -         |    string    |   true   |
+| `network_mtu`                         | CNI interface MTU                                                                                                                                                                                                                                                                 |        1480        |    number    |  false   |
+| `node_ip_pool`                        | Unique VM IP CIDR.                                                                                                                                                                                                                                                                | "192.168.192.0/24" |    string    |  false   |
+| `os_image`                            | Path to unpacked Flatcar Container Linux image flatcar_production_qemu_image.img (probably after a qemu-img resize IMG +5G).                                                                                                                                                      |          -         |    string    |   true   |
+| `pod_cidr`                            | CIDR IPv4 range to assign Kubernetes pods.                                                                                                                                                                                                                                        |    "10.2.0.0/16"   |    string    |  false   |
+| `service_cidr`                        | CIDR IPv4 range to assign Kubernetes services.                                                                                                                                                                                                                                    |    "10.3.0.0/16"   |    string    |  false   |
+| `ssh_pubkeys`                         | List of SSH public keys for user `core`. Each element must be specified in a valid OpenSSH public key format, as defined in RFC 4253 Section 6.6, e.g. "ssh-rsa AAAAB3N...".                                                                                                      |          -         | list(string) |   true   |
+| `worker_pool.clc_snippets`            | Flatcar Container Linux Config snippets for nodes in the worker pool.                                                                                                                                                                                                             |          []        | list(string) |  false   |
+| `worker_pool`                         | Configuration block for worker pools. There can be more than one.                                                                                                                                                                                                                 |          -         | list(object) |   true   |
+| `worker_pool.count`                   | Number of workers in the worker pool. Can be changed afterwards to add or delete workers.                                                                                                                                                                                         |          1         |    number    |   true   |
+| `worker_pool.labels`                  | Custom labels to assign to worker nodes.                                                                                                                                                                                                                                          |          -         |    string    |  false   |
+| `worker_pool.virtual_cpus`            | List of tags that will be propagated to nodes in the worker pool.                                                                                                                                                                                                                 |          -         | map(string)  |  false   |
+| `worker_pool.virtual_memory`          | Disable BGP on nodes. Nodes won't be able to connect to Packet BGP peers.                                                                                                                                                                                                         |        false       |     bool     |  false   |
+
+
+## Applying
+
+To create the cluster, execute the following command:
+
+```console
+lokoctl cluster apply
+```
+
+## Destroying
+
+To destroy the Lokomotive cluster, execute the following command:
+
+```console
+lokoctl cluster destroy --confirm
+```
+
diff --git a/docs/quickstarts/kvm-libvirt.md b/docs/quickstarts/kvm-libvirt.md
new file mode 100644
index 000000000..b4d406e52
--- /dev/null
+++ b/docs/quickstarts/kvm-libvirt.md
@@ -0,0 +1,284 @@
+# Lokomotive KVM libvirt quickstart guide
+
+## Contents
+
+* [Introduction](#introduction)
+* [Requirements](#requirements)
+* [Step 1: Install lokoctl](#step-1-install-lokoctl)
+* [Step 2: Prepare the VM Image](#step-2-prepare-the-vm-image)
+* [Step 3: libvirtd Setup](#step-3-libvirtd-setup)
+* [Step 4: User Setup](#step-4-user-setup)
+* [Step 5: Create a cluster configuration](#step-5-create-a-cluster-configuration)
+* [Step 6: Check ssh-agent](#step-6-check-ssh-agent)
+* [Step 7: Deploy the cluster](#step-7-deploy-the-cluster)
+* [Verification](#verification)
+* [Using the cluster](#using-the-cluster)
+* [Cleanup](#cleanup)
+* [Troubleshooting](#troubleshooting)
+
+## Introduction
+
+This guide shows how to create a Lokomotive cluster with Flatcar Container Linux VMs on your local machine.
+By the end of this guide, you'll have a basic Lokomotive cluster running that consist of controller and worker nodes.
+
+Controllers are provisioned to run an `etcd-member` peer and a `kubelet` service.
+Workers run just a `kubelet` service. A one-time [bootkube](https://github.com/kubernetes-incubator/bootkube)
+bootstrap process schedules the `apiserver`, `scheduler`, `controller-manager`, and `coredns` pods on the controllers
+and schedules `kube-proxy` and `calico` on every node.
+A generated `kubeconfig` provides `kubectl` access to the cluster.
+
+## Requirements
+
+* A Linux host OS.
+* At least 4 GB of available RAM.
+* An SSH key pair.
+* Terraform `v0.12.x`
+  [installed](https://learn.hashicorp.com/terraform/getting-started/install.html#install-terraform).
+* [terraform-provider-ct](https://github.com/poseidon/terraform-provider-ct),
+  and [terraform-provider-libvirt](https://github.com/dmacvicar/terraform-provider-libvirt)
+  installed locally, e.g., as two binaries `~/.terraform.d/plugins/terraform-provider-ct_v0.5.0`
+  and `~/.terraform.d/plugins/terraform-provider-libvirt_v0.6.1`.
+* [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/) installed.
+
+
+## Steps
+
+### Step 1: Install lokoctl
+
+
+`lokoctl` is the command-line interface for managing Lokomotive clusters.
+
+Download the latest `lokoctl` binary:
+
+```console
+export release=$(curl -s https://api.github.com/repos/kinvolk/lokomotive/releases | jq -r '.[0].name' | tr -d v)
+curl -LO "https://github.com/kinvolk/lokomotive/releases/download/v${release}/lokoctl_${release}_linux_amd64.tar.gz"
+```
+
+Extract the binary and copy it to a place under your `$PATH`:
+
+```console
+tar zxvf lokoctl_${release}_linux_amd64.tar.gz
+cp lokoctl_${release}_linux_amd64/lokoctl ~/.local/bin/
+rm -rf lokoctl_${release}_linux_amd64*
+```
+
+### Step 2: Prepare the VM Image
+
+Download a Flatcar Container Linux image. The example below uses the Alpha Flatcar Container Linux channel.
+You need to increase its size depending on your use case because the initial size
+is only enough for some small pods to be loaded. Starting pods with normal-sized
+container images may already fail when the disk space is filled.
+That's why the example below directly increases the image size by 5 GB to make
+sure that a couple of container images fit on the node.
+
+```console
+# On Fedora/RHEL/CentOS
+sudo dnf install wget bzip2 qemu-img
+# On Ubuntu/Debian
+sudo apt install wget bzip2 qemu-utils
+wget https://alpha.release.flatcar-linux.net/amd64-usr/current/flatcar_production_qemu_image.img.bz2
+bunzip2 flatcar_production_qemu_image.img.bz2
+qemu-img resize flatcar_production_qemu_image.img +5G
+```
+
+Do not use this image file with QEMU directly because it needs to stay clean for Ignition to run on first boot.
+
+### Step 3: libvirtd Setup
+
+Ensure that libvirtd is set up.
+
+```console
+# On Fedora/RHEL/CentOS
+sudo dnf install libvirt-daemon
+# On Ubuntu/Debian
+sudo apt install libvirt-daemon
+sudo systemctl start libvirtd
+```
+
+#### AppArmor and libvirt issues
+
+If you use Ubuntu or Debian with AppArmor, you need to disable AppArmor because it disallows
+using temporary paths for the storage pool. Open `/etc/libvirt/qemu.conf` and add the
+following line below any existing commented `#security_driver = "selinux"` line:
+
+```
+security_driver = "none"
+```
+
+Restart libvirtd using `sudo systemctl restart libvirtd`.
+
+### Step 4: User Setup
+
+Ensure that libvirt is accessible for the current user because the user needs to create
+system-wide virtual machines with libvirt:
+
+```console
+groups
+```
+
+If you see some group names like `myuser wheel postgres docker` but not `libvirt` you need to
+add the current user to the libvirt group.
+
+```console
+sudo usermod -a -G libvirt $(whoami)
+newgrp libvirt
+```
+
+If `newgrp` was used you have to continue to use this terminal session or run `newgrp libvirt`
+in every new terminal sessons or log your user out and in again.
+
+### Step 5: Create a cluster configuration
+
+Create a directory for the cluster-related files and navigate to it:
+
+```console
+mkdir lokomotive-demo && cd lokomotive-demo
+```
+
+Create a file called `cluster.lokocfg` with these contents but remember to change and
+check the image path and check the SSH public key path:
+
+```hcl
+cluster "kvm-libvirt" {
+  asset_dir = pathexpand("./assets")
+  # Your SSH public key
+  ssh_pubkeys = [file(pathexpand("~/.ssh/id_rsa.pub"))]
+  cluster_name = "vmcluster"
+  machine_domain = "vmcluster.k8s"
+  # Path to the prepared image file. Note the absolute path notation with the three slashes.
+  os_image = "file:///var/tmp/lokomotive-demo/flatcar_production_qemu_image.img"
+
+  worker_pool "one" {
+    count = 1
+  }
+}
+```
+
+Again, check the contents of `cluster.lokocfg`.
+Check if you need to change the SSH key entry to match your `~/.ssh/id_*.pub` and
+change the `os_image` path to point to the image location from the VM image preparation.
+
+The rest of the parameters may be left as-is. For more information about the configuration options
+see the [configuration reference](../configuration-reference/platforms/kvm-libvirt.md).
+
+
+### Step 6: Check ssh-agent
+
+Check that your SSH key is known to `ssh-agent` so that it is unlocked if it was secured with a passphrase:
+
+```console
+ssh-add -L
+```
+
+This should normally be the case when the key was created with the GNOME _Passwords and Keys_ tool.
+Otherwise add the key:
+
+```console
+ssh-add ~/.ssh/id_rsa
+```
+
+### Step 7: Deploy the cluster
+
+Deploy the cluster with `lokoctl`:
+
+```console
+lokoctl cluster apply
+INFO[0000] Initializing Terraform working directory      phase=infrastructure
+
+You can find the logs in "assets/terraform/logs/3213353.log"
+INFO[0001] Applying Terraform configuration. This creates infrastructure so it might take a long time...  phase=infrastructure
+
+You can find the logs in "assets/terraform/logs/3213406.log"
+
+Your configurations are stored in ./assets
+
+Now checking health and readiness of the cluster nodes ...
+
+Node                                    Ready    Reason          Message
+
+vmcluster-controller-0.vmcluster.k8s    True     KubeletReady    kubelet is posting ready status
+vmcluster-one-worker-0.vmcluster.k8s    True     KubeletReady    kubelet is posting ready status
+
+Success - cluster is healthy and nodes are ready!
+INFO[0498] Applying component configuration              args="[]" command="lokoctl cluster apply"
+```
+
+The deployment process typically takes 3-6 minutes, the Lokomotive cluster is be ready, depending on your internet connection and hardware.
+
+## Verification
+
+Use the generated `kubeconfig` credentials to access the Kubernetes cluster and list nodes:
+
+```console
+export KUBECONFIG=$(pwd)/assets/cluster-assets/auth/kubeconfig
+kubectl get nodes
+NAME                                   STATUS   ROLES               AGE     VERSION
+vmcluster-controller-0.vmcluster.k8s   Ready    controller,master   5h28m   v1.14.1
+vmcluster-one-worker-0.vmcluster.k8s   Ready    node                5h28m   v1.14.1
+```
+
+List the pods.
+
+```console
+kubectl get pods --all-namespaces
+kube-system   calico-node-x5cgr                          1/1     Running   0          5h28m
+kube-system   calico-node-zp2bl                          1/1     Running   0          5h28m
+kube-system   coredns-5644c585c9-58w2r                   1/1     Running   2          5h28m
+kube-system   coredns-5644c585c9-vtknk                   1/1     Running   1          5h28m
+kube-system   kube-apiserver-8fxjs                       1/1     Running   3          5h28m
+kube-system   kube-controller-manager-865f9f995d-cj8hp   1/1     Running   1          5h28m
+kube-system   kube-controller-manager-865f9f995d-jtmqf   1/1     Running   1          5h28m
+kube-system   kube-proxy-jxsz4                           1/1     Running   0          5h28m
+kube-system   kube-proxy-r24jn                           1/1     Running   0          5h28m
+kube-system   kube-scheduler-57c444dcc8-54zpq            1/1     Running   1          5h28m
+kube-system   kube-scheduler-57c444dcc8-6gv94            1/1     Running   0          5h28m
+kube-system   pod-checkpointer-8qdrt                     1/1     Running   0          5h28m
+```
+
+
+## Using the cluster
+
+At this point you should have access to a Lokomotive cluster and can use it to deploy applications.
+
+If you don't have any Kubernetes experience, you can check out the [Kubernetes
+Basics](https://kubernetes.io/docs/tutorials/kubernetes-basics/deploy-app/deploy-intro/) tutorial.
+
+When you don't need the cluster for some time, shut the VMs down in `virt-manager` to free up RAM.
+
+>NOTE: Lokomotive uses a relatively restrictive Pod Security Policy by default. This policy
+>disallows running containers as root. Refer to the
+>[Pod Security Policy documentation](../concepts/securing-lokomotive-cluster.md#cluster-wide-pod-security-policy)
+>for more details.
+
+## Cleanup
+
+To destroy the cluster, execute the following command:
+
+```console
+lokoctl cluster destroy
+```
+
+Confirm you want to destroy the cluster by typing `yes` and hitting **Enter**.
+
+You can now safely delete the directory created for this guide if you no longer need it.
+
+## Troubleshooting
+
+If you want to log in using SSH for debugging purposes, use the Flatcar Container Linux default user `core`.
+
+You can look up the node IP address in `virt-manager` or resolve them from the hostnames,
+using the libvirt DNS server:
+
+```console
+host vmcluster-controller-0.vmcluster.k8s 192.168.192.1
+Using domain server:
+Name: 192.168.192.1
+Address: 192.168.192.1#53
+Aliases: 
+
+vmcluster-controller-0.vmcluster.k8s has address 192.168.192.10
+```
+
+On each node list the containers with `docker ps` and follow the system logs with `journalctl -f`.
+
diff --git a/pkg/assets/generated_assets.go b/pkg/assets/generated_assets.go
index 121f440ac..930c42f39 100644
--- a/pkg/assets/generated_assets.go
+++ b/pkg/assets/generated_assets.go
@@ -4974,9 +4974,9 @@ var vfsgenAssets = func() http.FileSystem {
 		"/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/bootkube.tf": &vfsgen۰CompressedFileInfo{
 			name:             "bootkube.tf",
 			modTime:          time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC),
-			uncompressedSize: 1222,
+			uncompressedSize: 1417,
 
-			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x94\xc1\x6e\xdb\x3c\x0c\xc7\xef\x7a\x0a\xc2\x9f\x4f\x05\xaa\xaf\x2f\x90\xd3\x76\xde\x65\xc7\xa2\x10\x14\x89\x49\x88\xca\x92\x41\xd1\x5e\x8a\xc0\xef\x3e\xc8\x89\x13\xd9\x5d\xb1\xcb\x04\x9f\xc4\x9f\xff\xfc\x8b\xa4\xd4\x25\x3f\x04\x84\x66\x9f\x92\xbc\x0f\x7b\x6c\xe0\xa2\x00\x72\x1a\xd8\x21\x5c\xd7\x0e\x1a\xad\xff\xbf\x7e\x77\x4c\x01\xb8\x30\x64\x41\x36\xd1\x76\x08\x3b\x18\x2d\xeb\x7a\x4b\x29\x80\xff\xe0\x9b\x8d\x31\x09\x0c\x19\xc1\x7d\xb8\x40\x0e\x3c\xf6\x18\x3d\x46\x47\x98\x21\x45\x70\x29\x0a\xa7\x10\x90\x33\x24\x06\x39\x21\x31\x7c\xff\xf1\x13\x18\x5d\x62\x9f\x15\x80\xed\xc9\x64\xe4\xb1\x20\xf7\xb5\x83\x57\x6f\xc5\x6a\xc1\xae\x0f\x56\xd0\x1c\x28\xa0\x7e\xa8\x15\x0f\xf9\xf5\xe5\x4d\x73\x49\xc7\xe8\xdf\xd6\x4a\x06\xcf\x52\xa8\x00\x3b\x08\xb4\x1f\x89\xc5\xf8\xd4\x59\x8a\x95\xc8\x73\x67\xdd\x89\x22\xea\x27\x1d\x51\x7e\x25\x7e\x37\x14\x05\xf9\x60\x1d\xea\x17\x6d\xbd\x67\xcc\x19\xb3\x7e\xd9\x88\x53\x9f\x17\x9b\xff\x46\x1c\xc5\xf9\x4f\x45\xd8\xc1\xdf\x4b\xa0\x9f\xee\x15\x28\x1e\x73\x46\x31\x9e\x18\xa0\x2e\x65\x69\xde\x3d\xa4\x00\x16\x3f\x9d\x0c\x5b\xac\x0a\xa9\x8a\xa4\xde\xd8\x41\x92\x47\x41\x27\x94\xa2\xe9\x50\x4e\xc9\x6f\x7e\xfa\x82\x2a\x42\x7d\xf2\xc6\x91\x5f\x19\x5b\x72\x2e\xb1\x32\x9a\xc8\x23\x39\xdc\xa0\x57\xac\x8e\x55\x03\x7a\x2d\xbc\xc9\xc3\xe1\x40\xe7\xcd\xa4\xae\x62\xa5\xcc\xd1\xee\x03\x1a\xc6\x3e\xb1\x50\x3c\xd6\xf2\xdb\xd8\x03\xb7\xc7\x23\xe3\xd1\x96\x13\x7d\xc2\xab\x58\x39\xa6\x43\x96\x6c\x46\x1b\xc8\x93\x7c\x98\x1e\x99\x92\x37\xa7\x34\x70\x5e\xac\x7d\x4d\xa8\x49\xa9\xd2\x71\x68\x56\x2d\x6f\xa0\xd9\x34\xfd\x7a\x8d\x5d\x1a\xa2\x3c\x0c\x3d\x18\x33\x47\x14\xc0\x22\x53\x2e\x79\xdb\x5e\xea\xfb\x3b\x3d\x57\x93\xda\xb6\x17\x8a\x1e\xcf\x93\x6e\xdb\xcb\x6d\x6c\x6f\xb5\x9b\x9a\x72\xac\xd1\xce\xfe\x4b\x56\x80\x19\xad\x9b\x33\xa7\xd3\xf3\xf6\x0c\xac\x9e\x0e\xf8\xd3\xe3\x51\xa8\x75\x9e\x1b\xb5\xde\x54\x00\x93\x9a\xd4\xef\x00\x00\x00\xff\xff\xd6\xbc\xe7\xbf\xc6\x04\x00\x00"),
+			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x94\xcf\x6e\xdb\x30\x0c\xc6\xef\x7a\x8a\x0f\x59\x4e\x05\xaa\xf5\x05\x72\x18\xd6\x1d\x76\x19\x06\xec\x58\x14\x82\x22\x31\x89\x50\x59\x32\x28\x3a\x4b\x11\xe4\xdd\x07\xd9\xf9\x63\xbb\x6b\x77\x99\xe1\x93\xbe\x9f\x3f\x52\x34\xc9\x26\xfb\x2e\x12\x16\xeb\x9c\xe5\xa5\x5b\xd3\x02\x47\x05\x94\xdc\xb1\x23\x0c\xcf\x0a\x0b\xad\x3f\x0f\xef\x15\x53\x80\x8b\x5d\x11\x62\x93\x6c\x43\x58\x61\x6f\x59\x8f\x8f\x94\x02\x3e\xe1\xab\x4d\x29\x0b\xba\x42\x70\xaf\x2e\x06\x07\x4f\x2d\x25\x4f\xc9\x05\x2a\xc8\x09\x2e\x27\xe1\x1c\x23\x71\x41\x66\xc8\x8e\x02\xe3\xf1\xc7\x2f\x30\xb9\xcc\xbe\x28\xc0\xb6\xc1\x14\xe2\x7d\x45\xae\xcf\x0a\x4f\xde\x8a\xd5\x42\x4d\x1b\xad\x90\xd9\x84\x48\xfa\xe6\x56\x73\x28\x4f\x0f\xcf\x9a\x6b\x38\x26\xff\x3c\x75\x32\x74\x90\x4a\x45\xac\x10\xc3\x7a\x1f\x58\x8c\xcf\x8d\x0d\x69\x64\x72\xdf\x58\xb7\x0b\x89\xf4\x9d\x4e\x24\xbf\x33\xbf\x98\x90\x84\x78\x63\x1d\xe9\x07\x6d\xbd\x67\x2a\x85\x8a\x7e\x98\x99\x87\xb6\x5c\xd2\xfc\x3f\xe6\x24\xce\xbf\x29\xc2\x0a\xff\x2e\x81\xbe\xbb\x56\xa0\xe6\x58\x0a\x89\xf1\x81\x81\x71\x29\xeb\xcf\xbb\x4a\x0a\xb8\xe4\xd3\x48\x37\xc7\x46\x92\x1a\x91\xa1\x35\xb6\x93\xec\x49\xc8\x49\xc8\xc9\x34\x24\xbb\xec\x67\x1f\xbd\x43\x55\xa3\x36\x7b\xe3\x82\x9f\x24\x76\x89\x79\xd1\x6a\x6b\x12\xef\x83\xa3\x19\x3a\x60\x63\x6d\xd4\xa0\x43\xe1\x4d\xe9\x36\x9b\x70\x98\x75\xea\x44\xab\x65\x4e\x76\x1d\xc9\x30\xb5\x99\x25\xa4\xed\xd8\x7e\xae\xdd\x70\xbb\xdd\x32\x6d\x6d\xbd\xd1\x1b\x7c\xa4\x0d\x23\xf1\x18\x4a\x15\x6a\xa7\xa3\x50\xdc\x60\x97\x8b\x90\x47\x9d\xab\x48\xa2\x15\xe0\x07\xc4\x54\xd9\x0c\xb2\x39\xcb\x67\xf3\x0f\x88\x3e\xc8\xb7\x83\xb0\xc5\x26\xda\x6d\x81\x64\x7c\xf9\xf9\x1d\x43\xf3\x54\xfb\x0a\x1a\xdb\x86\xe1\xa4\x0e\x02\x5b\x33\xb0\x83\xfb\xfb\x40\xbd\x82\x23\x96\x62\xf6\x36\x06\x1f\xe4\xd5\xb4\xc4\x21\x7b\xb3\xcb\x1d\x5f\xbe\xff\x80\x50\x27\xa5\x6a\xd3\x62\x31\xe9\xda\x05\x16\xb3\xbe\x1d\x36\x91\xcb\x5d\x92\x5b\x4d\x6f\x8c\xe9\x15\x05\x5c\x6c\xea\x9e\x5a\x2e\x8f\xe3\x15\x74\xba\x1f\x0d\xdb\x72\x79\x0c\xc9\xd3\xe1\xa4\x97\xcb\xe3\x79\xf2\xce\xbf\xff\xb4\xa8\xd7\xda\xdb\x3e\xff\x1a\x15\xe8\xd1\x71\x7f\xf5\xe1\x74\x7f\xdc\x03\x93\xed\x87\xbf\xed\xbf\x4a\x4d\xe3\x9c\xa9\xe9\xa1\x02\x4e\xea\xa4\xfe\x04\x00\x00\xff\xff\xc0\x5a\x13\xb4\x89\x05\x00\x00"),
 		},
 		"/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/cl": &vfsgen۰DirInfo{
 			name:    "cl",
@@ -4992,23 +4992,23 @@ var vfsgenAssets = func() http.FileSystem {
 		"/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/controllers.tf": &vfsgen۰CompressedFileInfo{
 			name:             "controllers.tf",
 			modTime:          time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC),
-			uncompressedSize: 3100,
+			uncompressedSize: 3091,
 
-			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x9c\x56\x4d\x6f\x23\x37\x0c\xbd\xcf\xaf\x20\xb4\x3e\x24\x6d\x32\xce\x6e\x81\xa2\x08\xe0\x53\xf7\xdc\x3d\xb4\xb7\x20\x10\x64\x89\x63\x6b\xad\x91\xa6\x92\xc6\x89\x61\xf8\xbf\x17\x94\xe6\xd3\x6b\x67\xd3\xf8\x34\x96\xc8\x47\xf2\xf1\x91\x33\x1e\x83\x6b\xbd\x44\x60\x5e\x58\xe5\x6a\x1e\xa2\xd7\x76\xc3\x80\xed\x9d\x69\x6b\x6c\x44\xdc\x32\x38\x16\x00\x06\xed\x26\x6e\x01\x56\xf0\x7b\x01\x10\x1a\x94\x5a\x18\x58\x41\x25\x4c\xc0\xe2\x54\x14\x23\x94\xd1\xeb\xbd\xf6\x91\x37\xce\x99\x01\x29\xd6\x4d\x06\xb2\xa2\x46\x58\x01\xdb\xd7\x61\x71\x9c\x45\x2d\xc7\x98\xa5\xc7\xd0\x9a\x78\x62\x05\x40\x3c\x34\xc9\x41\x69\x4f\x7f\xe9\x9a\xfe\x2e\xf7\xc2\x2f\x63\xdd\x2c\xdf\x09\x74\x31\xc5\x6c\xc8\x80\xad\x45\xc0\x49\x7e\x54\x27\x5b\x1c\xf7\xc2\x97\xd2\xb4\x21\xa2\xe7\x74\x7e\xba\x4f\x76\x44\x40\x06\x5a\x01\x99\xb8\xc0\x75\x2d\x36\xc8\x5b\xdb\x08\xb9\x43\x45\x69\x3a\x67\x12\xcc\x94\x8d\x72\xe0\xa2\x24\xb8\x02\xa0\x72\xbe\x16\x91\xa2\xfd\x2b\xdd\xcb\x97\x9f\xa5\x29\x9d\x8d\xde\x19\x83\xfe\x5e\xe9\xb0\x9b\x65\xdc\xff\xae\x64\x3e\x71\x5d\x1c\xa5\x6b\x6d\x2c\xb5\x55\xf8\x7a\x2a\xbb\xc8\x00\xe9\x74\x0a\x94\x50\x06\x3f\x9e\xee\x0b\x00\x22\xa1\xcb\x89\x6b\x35\xa9\x31\x9f\x95\x74\x5f\xea\x09\x0b\x23\xe2\xbb\xd8\x98\x54\xf2\x16\x2b\x7a\x63\x75\xd4\xce\x32\x60\xe3\xe3\x94\x90\xff\xcb\xc4\xfd\x00\x33\x49\xfd\x67\x39\xf7\xa4\x5d\x65\x8b\x8e\xd0\x52\x8f\x95\x88\xa2\x94\x91\x4b\x67\x2b\xbd\x99\xd8\x0e\x81\xc3\xd3\x24\x9f\xe7\xd2\xa3\x55\xe8\x51\x5d\xae\xdf\x62\x7c\x71\x7e\x47\x23\x56\x5b\x8c\xe7\x62\xe8\x12\x9a\x94\x5e\x00\xd4\x4e\x0d\xd7\xcc\x8a\x48\x95\x2a\x57\x0b\x6d\x47\x97\x5a\xc8\xad\xb6\xc8\xf3\x79\x01\x20\x94\xf2\x18\x02\x06\x58\xc1\x13\x59\x58\xa7\x90\xeb\x26\x31\xf2\x5c\x10\x84\x0d\x29\x3a\x80\x71\x52\x18\xee\xac\x39\xc0\x0a\xa2\x6f\x31\x9d\x7e\x02\x29\x6c\xde\x1a\xd5\x21\xdb\xa4\x4c\x03\x6c\xd1\x93\xc9\xe9\x72\x89\x39\x85\xb9\xf0\xbb\xf4\x72\xb9\x1d\xfb\x57\xc9\x7f\x7b\x9a\xaf\x2a\x81\x68\xd9\xcb\xa6\x1d\x38\xa1\x6c\x5a\x61\xb8\x6c\xda\x40\x34\x62\xed\xfc\xe1\xec\x2e\x1f\x12\x1d\xd5\x0b\x97\xd5\x86\x0f\xbd\x58\x01\x73\x4d\x5c\x3a\xbf\x29\x2b\x23\xa2\x14\xfe\xde\x68\xdb\xbe\x2e\xb3\x12\xf2\xec\x79\xa4\x3d\xd2\x09\x61\x22\xbb\xfe\xa8\xec\x1f\xe6\x1a\xd1\x2a\x35\x40\x87\x5d\xd7\x81\x37\x06\xf3\x6c\x7d\xfc\x00\x44\x7d\x28\x00\x36\x5e\x34\x5b\x2d\x87\x96\xea\x10\xd1\xf2\x7e\x0f\x77\x6a\x60\xbd\x75\x27\x43\xae\x6d\x44\x5f\x09\x89\x9d\xdb\x70\xae\xce\x66\xbf\xbb\x28\x93\x6a\x73\x58\x80\xad\x0b\x71\xb2\xc8\x3e\xd2\xb0\xa9\x50\x3b\x90\x27\xa9\x95\x27\xe8\x9b\x73\xd9\xde\xc1\xe7\x07\xf8\x15\x26\x18\xb7\xcf\xf0\x09\xfe\xf9\xf6\xf5\xdb\x23\xb4\x01\x41\x04\x68\xda\xb5\xd1\x32\xa1\x82\xb6\xb0\x6b\xd7\x98\x1b\x96\x82\xbd\x08\x1d\x79\xe5\x3c\x37\x28\x02\x8e\x6a\x4f\x52\xa6\x51\x07\x36\xcc\xfa\x5c\xc1\xc3\xb4\xcf\x34\xfc\x8e\x15\xd2\xef\x90\x88\x75\x63\x44\x44\x5e\x69\x33\xeb\x6a\x8e\x76\x6d\x8b\x00\x04\xab\x9b\x06\x63\xb8\x10\xca\x48\xde\xdf\x8e\x05\xcc\x02\xcd\x8b\xe8\x42\xbd\xb7\x84\x1e\x89\x3e\x19\xb4\xc1\x1b\xb6\x38\xa6\xf7\x73\xed\x54\x6b\xf0\xb4\x94\x66\x39\x7a\x95\x07\x51\x9b\x32\xd6\x8d\x61\xb7\x24\xb1\xbd\xf0\x94\xf2\xb1\xdb\x25\x7f\x0a\x6b\x5d\x4c\x5d\x92\x07\x49\x2d\x52\xd8\x50\x91\x56\x6a\x0c\xe0\x2c\x8c\x50\x01\x9c\x87\xb8\x45\xed\xe1\xeb\x5f\x7f\x83\x47\xe9\xbc\x0a\x09\x08\xa3\x54\xfc\xec\xe5\xf9\x61\xe9\x25\xb0\x71\x93\x7e\xf8\x65\x9c\xad\xe7\x2b\x78\x1a\x42\x93\x74\x68\x11\x65\xbc\x14\xe2\xbb\xd3\xf6\x86\xdd\xb1\xbb\x4b\xea\x20\xaf\x50\xfe\x32\xa8\xe0\x36\x61\x8d\x5a\x3e\xab\x9d\xd2\xb0\xf1\xe6\xf3\xc3\x1d\xe4\xd6\x94\x6b\xe7\x22\x99\x97\xa3\xcf\x3d\x3d\x1a\x8c\x19\x2b\x84\x2d\xdf\xe1\x21\xc0\x39\x8f\xdf\x83\xb3\x68\xa5\x53\x98\xc6\xaf\xb7\xcb\x5e\x3d\x21\xca\x06\x1e\xd0\xef\xb5\xa4\xd9\x84\x15\xcc\x46\xb6\xbf\xa1\x43\x1a\xd9\x33\xdf\x44\x0f\x0f\x6d\x55\xe9\xd7\xf3\x37\xde\xec\x72\x3e\x97\xe7\xb2\x4e\x1c\x7d\x40\xc9\x6c\xb1\x38\x5e\x6f\xec\xe2\x98\x7b\xba\xda\xc6\xd8\x84\xc7\xe5\xf2\x5d\xd6\x97\x15\xf0\xf8\xe5\xb7\x3f\x1e\x18\x7c\xa2\xb5\x34\x95\x9a\x58\xbb\x3d\xfe\x30\x22\x09\x69\xec\xc3\x44\x60\x33\xfa\xba\x4f\xf1\x0b\x9f\x09\xc4\xd5\x7f\x01\x00\x00\xff\xff\x53\xe7\x56\x31\x1c\x0c\x00\x00"),
+			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x9c\x56\x4d\x6f\x23\x37\x0c\xbd\xcf\xaf\x20\xb4\x3e\x64\xdb\x64\xbc\xbb\x05\x8a\x22\x80\x4f\xdd\x73\xf7\xd0\xde\x82\x40\x90\x25\x8e\xad\x8d\x46\x9a\x4a\x1a\x27\x86\xe1\xff\x5e\x50\x9a\xef\xb5\xb3\x69\x7c\x1a\x4b\xe4\x23\xf9\xf8\xc8\x19\x8f\xc1\xb5\x5e\x22\x30\x2f\xac\x72\x35\x0f\xd1\x6b\xbb\x63\xc0\x0e\xce\xb4\x35\x36\x22\xee\x19\x9c\x0a\x00\x83\x76\x17\xf7\x00\x1b\xf8\xbd\x00\x08\x0d\x4a\x2d\x0c\x6c\xa0\x12\x26\x60\x71\x2e\x8a\x11\xca\xe8\xed\x41\xfb\xc8\x1b\xe7\xcc\x80\x14\xeb\x26\x03\x59\x51\x23\x6c\x80\x1d\xea\xb0\x3a\xcd\xa2\x96\x63\xcc\xd2\x63\x68\x4d\x3c\xb3\x02\x20\x1e\x9b\xe4\xa0\xb4\xa7\xbf\x74\x4d\x7f\xd7\x07\xe1\xd7\xb1\x6e\xd6\x6f\x04\xba\x98\x62\x36\x64\xc0\xb6\x22\xe0\x24\x3f\xaa\x93\xad\x4e\x07\xe1\x4b\x69\xda\x10\xd1\x73\x3a\x3f\xdf\x25\x3b\x22\x20\x03\x6d\x80\x4c\x5c\xe0\xba\x16\x3b\xa4\xec\x9c\x33\xc9\x7b\x4a\x42\x39\x50\x50\x12\x4a\x01\x50\x39\x5f\x8b\x48\x41\xfe\x95\xee\xf9\xcb\xcf\xb2\x93\xce\x46\xef\x8c\x41\x7f\xa7\x74\x78\x9a\x25\xda\xff\xae\x24\x3c\x71\x5d\x9d\xa4\x6b\x6d\x2c\xb5\x55\xf8\x72\x2e\xbb\xc8\x00\xe9\x74\x0a\x94\x50\x06\x3f\x9e\xee\x0b\x00\xaa\xbd\xcb\x89\x6b\x35\xa9\x31\x9f\x95\x74\x5f\x6a\x35\xb2\x30\x22\xbe\x89\x8d\x49\x25\xaf\xb1\xa2\x77\x56\x47\xed\x2c\x03\x36\x3e\x4e\x09\xf9\xbf\x4c\xdc\x0d\x30\x93\xd4\x7f\x96\x73\x4f\xda\x55\xb6\xe8\x08\x2d\xf5\x58\x89\x28\x4a\x19\xb9\x74\xb6\xd2\xbb\x89\xed\x10\x38\x3c\x4c\xf2\x79\x2c\x3d\x5a\x85\x1e\xd5\xe5\xfa\x2d\xc6\x67\xe7\x9f\x68\xb2\x6a\x8b\x71\x29\x86\x2e\xa1\x49\xe9\x05\x40\xed\xd4\x70\xcd\xac\x88\x54\xa9\x72\xb5\xd0\x76\x74\xa9\x85\xdc\x6b\x8b\x3c\x9f\x17\x00\x42\x29\x8f\x21\x60\x80\x0d\x3c\x90\x85\x75\x0a\xb9\x6e\x12\x23\x8f\x05\x41\xd8\x90\xa2\x03\x18\x27\x85\xe1\xce\x9a\x23\x6c\x20\xfa\x16\xd3\xe9\x07\x90\xc2\xe6\x65\x51\x1d\xb3\x4d\xca\x34\xc0\x1e\x3d\x99\x9c\x2f\x97\x98\x53\x98\x0b\xbf\x4b\x2f\x97\xdb\xb1\x7f\x95\xfc\xd7\x87\xf8\xaa\x12\x88\x96\x83\x6c\xda\x81\x13\xca\xa6\x15\x86\xcb\xa6\x0d\x44\x23\xd6\xce\x1f\x17\x77\xf9\x90\xe8\xa8\x9e\xb9\xac\x76\x7c\xe8\xc5\x06\x98\x6b\xe2\xda\xf9\x5d\x59\x19\x11\xa5\xf0\x77\x46\xdb\xf6\x65\x9d\x95\x90\x67\xcf\x23\xad\x8f\x4e\x08\x13\xd9\xf5\x47\x65\xff\x30\xd7\x88\x56\xa9\x01\x3a\x3c\x75\x1d\x78\x65\x30\x17\xeb\xe3\x07\x20\xea\x43\x01\xb0\xf3\xa2\xd9\x6b\x39\xb4\x54\x87\x88\x96\xf7\xeb\xb7\x53\x03\xeb\xad\x3b\x19\x72\x6d\x23\xfa\x4a\x48\xec\xdc\x86\x73\xb5\x98\xfd\xee\xa2\x4c\xaa\xcd\x61\x01\xf6\x2e\xc4\xc9\x22\x7b\x4f\xc3\xa6\x42\xed\x40\x1e\xa4\x56\x9e\xa0\x6f\x96\xb2\xbd\x85\xcf\x9f\xe0\x57\x98\x60\x7c\x7c\x84\x0f\xf0\xcf\xb7\xaf\xdf\xee\xa1\x0d\x08\x22\x40\xd3\x6e\x8d\x96\x09\x15\xb4\x85\xa7\x76\x8b\xb9\x61\x29\xd8\xb3\xd0\x91\x57\xce\x73\x83\x22\xe0\xa8\xf6\x24\x65\x1a\x75\x60\xc3\xac\xcf\x15\x3c\x4c\xfb\x4c\xc3\x6f\x58\x21\xfd\x0e\x89\x58\x37\x46\x44\xe4\x95\x36\xb3\xae\xe6\x68\xd7\xb6\x08\x40\xb0\xba\x69\x30\x86\x0b\xa1\x8c\xe4\xfd\xed\x58\xc0\x2c\xd0\xbc\x88\x2e\xd4\x5b\x4b\xe8\x91\xe8\x4b\x41\x1b\xbc\x61\xab\x53\x7a\x2d\xd7\x4e\xb5\x06\xcf\x6b\x69\xd6\xa3\x57\x79\x14\xb5\x29\x63\xdd\x18\xf6\x91\x24\x76\x10\x9e\x52\x3e\x75\xbb\xe4\x4f\x61\xad\x8b\xa9\x4b\xf2\x28\xa9\x45\x0a\x1b\x2a\xd2\x4a\x8d\x01\x9c\x85\x11\x2a\x80\xf3\x10\xf7\xa8\x3d\x7c\xfd\xeb\x6f\xf0\x28\x9d\x57\x21\x01\x61\x94\x8a\x2f\x5e\x9e\xef\x96\x5e\x02\x1b\x37\xe9\xbb\x5f\xc6\xd9\x7a\xbe\x82\xa7\x21\x34\x49\x87\x16\x51\xc6\x4b\x21\xbe\x3b\x6d\x6f\xd8\x2d\xbb\xbd\xa4\x0e\xf2\x0a\xe5\x2f\x83\x0a\x3e\x26\xac\x51\xcb\x8b\xda\x29\x0d\x1b\x6f\x3e\x7f\xba\x85\xdc\x9a\x72\xeb\x5c\x24\xf3\x72\xf4\xb9\xa3\x47\x83\x31\x63\x85\xb0\xe7\x4f\x78\x0c\xb0\xe4\xf1\x7b\x70\x16\xad\x74\x0a\xd3\xf8\xf5\x76\xd9\xab\x27\x44\xd9\xc0\x03\xfa\x83\x96\x34\x9b\xb0\x81\xd9\xc8\xf6\x37\x74\x48\x23\xbb\xf0\x4d\xf4\xf0\xd0\x56\x95\x7e\x59\xbe\xf1\x66\x97\xf3\xb9\x5c\xca\x3a\x71\xf4\x0e\x25\xb3\xd5\xea\x74\xbd\xb1\xab\x53\xee\xe9\x66\x1f\x63\x13\xee\xd7\xeb\x37\x59\x5f\x56\xc0\xfd\x97\xdf\xfe\xf8\xc4\xe0\x03\xad\xa5\xa9\xd4\xc4\xd6\x1d\xf0\x87\x11\x49\x48\x63\x1f\x26\x02\x9b\xd1\xd7\x7d\x81\x5f\xf8\x4c\x20\xae\xfe\x0b\x00\x00\xff\xff\x22\x86\x0d\xec\x13\x0c\x00\x00"),
 		},
 		"/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/outputs.tf": &vfsgen۰CompressedFileInfo{
 			name:             "outputs.tf",
 			modTime:          time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC),
-			uncompressedSize: 935,
+			uncompressedSize: 777,
 
-			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x8c\x92\x51\x6e\x84\x20\x10\x86\xdf\x3d\x05\xd9\x3e\x2f\x37\xe8\x59\xcc\x08\xb3\x95\x38\x30\x04\x06\x93\x4d\xb3\x77\x6f\x8c\xdb\x56\x70\xdb\xf0\x66\xf2\x7f\xdf\x87\x06\xb9\x48\x2c\xa2\x2e\x4b\x99\xd0\x70\xb8\xb9\x8f\x2b\x58\xef\xc2\x45\x7d\x0e\x4a\xad\x40\x05\xd5\xbb\xf2\x6c\x0b\xa1\x9e\x98\x65\x03\x75\x4b\x0f\x8f\x61\x38\x97\xba\x1b\xdb\x23\xa1\x1c\x2b\x1e\xcc\xec\x02\x8e\x96\x3d\xb4\x6f\xb3\x42\xd2\xf5\x7e\x34\x0d\x95\x2c\x98\xc6\x00\x1e\xcf\xde\x71\x3d\x5a\x39\xcf\xe3\x82\xf7\x7c\x36\xbe\x97\x23\x4d\x6e\x5a\x5d\x92\xc8\x4c\xb5\xf0\x1c\xc6\x6d\xd1\x2b\x53\xf1\x28\x3e\xea\xf6\xb4\x27\x36\x41\x46\x67\x5f\x17\x76\x59\x6f\x88\x76\x76\x93\xdf\x76\x26\xeb\x3b\x78\x52\x86\x83\x60\x10\x75\xe3\xa4\x80\x48\x59\x8c\xc4\x77\xb4\xca\xcc\x90\x24\xeb\x9f\xb3\x22\xdb\xab\x99\xd1\x2c\x91\x5d\xd8\x3e\x7d\xaf\xfc\x7f\x39\x7f\x48\xed\x3d\x5f\x21\xba\x8c\x69\xed\xac\xbe\x54\xda\x66\x0a\x28\x98\xbb\x7b\x15\xde\xb6\x08\xa5\x3b\xf4\xcb\x56\x7f\x13\x90\x33\xdc\x15\xa9\xd0\xea\xb6\x79\x61\xcf\xe2\x56\xec\xea\x9c\xf0\xe1\x31\x7c\x05\x00\x00\xff\xff\x35\x1f\xf0\x39\xa7\x03\x00\x00"),
+			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x8c\xd1\x51\x6a\xc4\x20\x10\xc6\xf1\x77\x4f\x31\x6c\x9f\xd7\x1b\xf4\x2c\x8b\xd1\xd9\xee\x90\xd1\x11\x33\x0a\x4b\xd9\xbb\x17\x49\x69\x37\xd9\xb4\xf8\x16\xf0\xff\xfd\x42\xa2\x54\xcd\x55\xe1\x34\xd7\x09\xbd\xa4\x2b\x7d\x9c\x5d\x88\x94\x4e\xf0\x69\x00\x9a\xe3\x8a\xf0\x0e\x51\x42\x65\xb4\x93\x88\xf6\xd0\xee\x6b\xf3\x30\xe6\x55\x1a\x36\xfa\x23\xa3\x3e\x2b\x4c\x53\xa3\xa2\x59\x84\xb7\xcc\xf7\xc1\xa5\x9f\xd8\x26\x5c\x23\x6a\xcc\x36\xb9\x88\x07\xfb\xc9\x2d\x48\xe1\x58\x58\xc7\xb6\x27\x96\x42\x1f\xbf\xad\xcd\x62\xef\x2e\x32\x78\x49\x8a\x49\xe1\x2a\x05\x1c\x33\x04\xcc\x2c\x77\x0c\xe0\x6f\xae\xe8\x62\x7f\xde\x95\x25\x9c\xfd\x0d\xfd\x9c\x85\x92\x62\xb9\xac\xca\xff\x9f\xff\xc7\x68\xff\x27\xcf\x2e\xd3\x82\xa5\x0d\xaa\x87\x93\xbd\x59\x12\x2a\x2e\xc3\xde\x26\xdf\x5b\x8c\x3a\x0c\xfd\xb6\xcf\x8a\x77\x4c\x5e\x86\x90\x4d\xba\xb9\x6d\x99\x25\x8a\x52\xc3\x21\xe7\x25\x37\x0f\xf3\x15\x00\x00\xff\xff\xe7\x43\x4b\x14\x09\x03\x00\x00"),
 		},
 		"/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/require.tf": &vfsgen۰CompressedFileInfo{
 			name:             "require.tf",
 			modTime:          time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC),
-			uncompressedSize: 313,
+			uncompressedSize: 288,
 
-			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x64\x8e\xc1\x8e\x83\x20\x14\x45\xf7\x7c\xc5\x8d\xb3\x27\xea\x64\x66\x56\xfa\x15\xb3\x9f\x30\xf2\xda\x90\x22\xd0\x07\xba\x69\xec\xb7\x37\x4a\x69\x6d\xca\x8e\x73\xee\x21\x7c\xe0\x97\x98\xd5\xc1\xf3\x88\x99\x38\x1a\xef\xa0\x9c\x46\xb0\xd3\xd1\xb8\x82\xa2\x10\xe9\x31\xbb\x08\x80\xe9\x3c\x19\x26\xfd\x57\x9a\x0e\x55\xdf\xa1\x96\x4d\x2b\xeb\x4a\xec\x17\x81\xfd\x6c\x34\x71\xdc\x42\x60\x48\xc8\xa7\x43\xb5\x16\x5f\x6b\xb0\xde\xad\x1f\x94\xbd\x8b\x6b\x8f\x46\xb6\x99\xbb\xc9\x5a\x3c\x79\x2b\x9b\xcc\x13\x8d\xc1\xaa\x44\x6f\xdc\x46\xbc\xec\xcb\xfb\xe6\x7f\x36\x9c\x0a\xaf\xe5\x77\x31\x41\x0d\x27\x4a\xbb\xe2\x47\x7e\x66\xc3\xca\x69\x3f\xee\xcc\xf6\xa7\x45\x2c\xe2\x16\x00\x00\xff\xff\x68\x6b\xdb\x28\x39\x01\x00\x00"),
+			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x64\x8d\xc1\xce\x82\x30\x10\x84\xef\x7d\x8a\x09\xff\xbd\x01\x92\xdf\x1b\x3c\x85\x77\x53\xe9\x6a\x9a\x2c\x2d\x6e\x0b\x17\x83\xcf\x6e\x80\x54\x30\xee\xf1\x9b\xf9\x76\xfe\x70\x26\x11\x73\x0b\xd2\x63\x22\x89\x2e\x78\x18\x6f\x31\xf0\x78\x77\x3e\xa3\xa8\x54\xfa\xd4\x9e\x0a\x10\x7a\x8c\x4e\xc8\x5e\xb2\xd3\xa0\x68\x1b\x94\xba\xaa\x75\x59\xa8\x63\x63\x90\x30\x39\x4b\x12\x57\x11\xe8\x12\xb6\x6b\x50\xbc\x5a\x94\xfa\x7f\x31\x16\xc0\xa1\x33\xbc\x27\x95\xae\x37\xee\x47\xe6\x83\x51\xeb\x6a\xe3\x89\xfa\x81\x4d\xa2\x1f\xce\x11\x5f\xfd\xfc\xdf\x5d\x27\x27\x69\x5f\x3e\xe5\x44\x8c\xb7\xa1\x3f\x18\xeb\xf2\xac\x66\xf5\x0e\x00\x00\xff\xff\x6c\xb6\x93\x3d\x20\x01\x00\x00"),
 		},
 		"/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/ssh.tf": &vfsgen۰CompressedFileInfo{
 			name:             "ssh.tf",
@@ -5020,9 +5020,9 @@ var vfsgenAssets = func() http.FileSystem {
 		"/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/variables.tf": &vfsgen۰CompressedFileInfo{
 			name:             "variables.tf",
 			modTime:          time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC),
-			uncompressedSize: 2644,
+			uncompressedSize: 2930,
 
-			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x56\x5f\x6f\xdb\x36\x10\x7f\xd7\xa7\x38\xa4\x0f\x75\xb0\x55\xb5\x83\x2c\xcb\x80\xf6\xa1\x73\xba\x2e\x58\x9d\x65\x4d\x93\x97\x61\x20\x28\xf2\x24\x11\xa1\x48\xf5\x8e\x74\xea\x0d\xfb\xee\x03\x25\xc5\x75\x6c\x79\x4b\x86\xfa\xc5\x80\x79\xf7\xfb\x73\xbc\x3b\xfa\x19\x9c\x5d\x5c\x01\xa1\xf2\xa4\x39\xcb\x96\x92\x8c\x2c\x2c\xc2\x81\xb2\x91\x03\x92\x70\xb2\xc1\x03\xf8\x2b\x03\x08\xab\x16\x61\xf8\xbc\x06\x0e\x64\x5c\x95\x01\x68\x64\x45\xa6\x0d\xc6\x3b\x78\x0d\x07\xd7\xce\x7c\x8a\x08\x43\x3a\x74\xe9\xd9\xdf\x59\xf6\x0c\x2e\xbc\x46\xde\x60\xf0\x2c\x4c\x23\x2b\x14\xd1\xb5\x52\xdd\xa2\x7e\x0a\xcd\xa5\x0c\x35\x04\x0f\xf7\xb9\xf0\x93\x95\x41\x49\x82\xb9\x77\x41\x1a\x87\x04\xef\x8d\x8b\x9f\xa1\xa3\x80\xb2\x3f\x15\x2d\x79\x1d\x55\x02\x11\x9f\xb0\x89\xbd\x80\xdc\x34\x15\x4c\x5a\xf2\x85\x2c\xec\x0a\x64\x99\x84\x4b\x48\x01\x2f\xd2\x11\x21\x9b\x3f\x11\xce\x17\xef\xe0\x9b\xef\xde\x1d\x76\x76\x36\x0a\xe5\x5d\x20\x6f\x2d\x92\x50\x3e\xba\x30\xe6\xc2\xc5\xa6\x40\xea\x5c\x94\x32\xda\x30\xfc\x3c\xdb\xf5\x75\xd1\x45\x82\x2f\xe1\x0b\x2e\xc3\xc4\xe4\x98\x43\x23\x53\x49\x79\x5b\x40\x23\x55\x6d\x1c\x0a\xed\x1b\x69\xdc\x53\x8a\xb8\xe8\x33\x61\xc8\x7c\x08\xeb\xbc\x46\x61\x5a\xd1\x7a\x6f\xff\x03\x74\xd3\xd3\xc1\xec\x87\xa3\x7c\x76\x72\x9a\xa7\xef\xe9\xcb\xa3\xe3\x83\xbd\x3d\x72\xb3\x80\xf3\x4b\x98\x9f\x9f\x7d\xd8\xa2\x5e\x1a\x0a\x51\x5a\xa1\xda\xc8\x5f\xab\x9c\x03\x26\xcc\x2f\xaf\x79\x0f\x5d\x83\x8d\xa7\xd5\x13\x08\x8f\xa6\xc7\xa7\xbb\x9c\x37\x03\xd3\x87\x37\x0b\x30\x0e\x16\x3f\xfe\x4b\xc3\x58\x25\xd8\x99\xb6\xc5\x30\x6a\xd4\x1a\x0e\x93\xbe\xd0\x87\xbb\x44\xf3\x35\xd0\x4e\xd7\xcf\xbd\x2b\x4d\x05\x6b\xec\x1d\xe9\xbf\xff\xd1\x0f\x65\x1f\x18\x49\x26\xd0\x4d\x95\xcc\xb5\xb8\xc5\xd5\xff\x90\x75\x75\xf5\x33\xb4\xb1\xb0\x46\x41\x02\x80\xd2\x13\x44\x46\x82\xe7\xca\x13\x3e\xdf\xaa\x86\x64\xc6\x20\xb4\xa1\x9e\x68\xcf\x98\x4b\xd0\x86\x50\x05\x4f\x2b\xb8\xab\x91\x10\x2a\x74\x48\x32\xa0\x86\x0e\x81\x81\x6b\x1f\xad\x86\x02\xa1\xb5\x52\xa1\x86\x89\xea\x8b\xc2\xc0\xa8\x08\x43\x1a\x9c\x3d\x4d\xfc\xb0\xf1\x31\xdc\x79\xba\x15\x4d\x88\xa3\x9a\xe6\x17\xe7\x60\x5c\x40\x2a\xa5\x42\x58\x7c\xbc\xde\x85\xdd\xd7\xa0\xc7\xa7\xd3\x71\x2e\xd3\x0a\x19\x83\xd7\x18\xb0\xdf\x4e\x0d\x86\xda\xeb\x51\xfe\x45\x77\xd4\x55\x65\x9d\x02\xa1\x46\xa8\x3d\x07\x38\xbf\x5c\x1e\x83\xd4\x9a\x90\x79\xaf\xdf\x9d\xa1\x2d\x0d\x71\x78\x51\xfa\xe8\xf4\xd6\xfd\xb4\x5e\x0b\x65\xf4\xf8\xf5\xa4\xd9\xed\x19\x49\xba\x0a\x3b\x4d\xcc\xa6\x72\xf0\x4b\x2c\x90\x1c\x06\x64\x68\xbd\x7e\x82\x92\xd9\x34\x9f\xe5\xd3\x7c\xfa\x72\x76\xb2\xa5\x84\x91\x96\x46\xe1\x5e\x35\xaf\x5e\xbd\xfd\xf5\x2c\x7b\x94\xa4\x01\x8a\xf3\xec\x63\x8d\x30\xeb\xca\x06\x77\xc6\xda\xd4\x3e\x84\xe9\x18\x75\xd7\xb8\xb7\xb1\x40\x21\x5b\xd3\xfd\x44\xdf\x76\x75\x9e\x4d\x43\xbd\x37\x21\xf5\xb8\x76\x9c\x67\x49\x4c\xb6\x61\x7b\xc4\x72\x6f\xf7\x68\xdc\xee\xfd\x03\xdc\x2f\x67\xc1\xb1\x2c\xcd\xe7\xd1\x5b\xf8\x2d\x22\x19\xec\x07\xad\x8f\x66\xb8\x33\x69\x70\x6a\x84\x3e\x6f\xad\x55\x3a\xbe\x43\x42\x0d\xc5\x6a\x2d\x15\xce\x06\x3d\x86\xef\xdf\xed\xdc\x7a\x25\x2d\x4c\x30\xaf\x72\x28\xbd\xcf\x07\xc9\x39\x2f\x55\xfe\x20\xe6\x10\x1e\x7f\xb7\x0f\x12\xb7\xec\xa2\x4b\xdf\x82\xb0\xf5\x14\x8c\xab\xc6\xf6\x4e\xe1\xbd\xdd\xb5\xff\xb6\xcb\x84\xc8\xe9\xa1\xf7\x04\xd2\x49\xbb\x0a\x46\x31\xac\xc1\xba\x7f\x0a\x2d\x07\x42\xd9\x30\x4c\xe6\xd2\x1a\xe5\x0f\x77\xb7\x62\x29\x2d\xe3\xa8\x2e\x59\x55\x84\x55\xb7\x25\x47\xef\x60\x10\x91\x2a\xbe\xd1\x67\x6f\xbe\x64\xc1\x7b\xb9\x42\x82\xc9\x40\xc8\x49\x52\xa0\x88\x23\x4b\x69\x6d\x73\x53\x5a\x8a\x1d\x56\x36\x52\x30\xa5\x51\x32\xe0\xc3\x7f\x6c\x48\x81\xc5\x52\x5a\xa3\x4d\x58\x89\x16\xc9\x78\x2d\x6a\x1f\x89\x47\x25\xdf\x0c\x91\xe9\x75\x94\xd6\x76\xda\xd5\x06\x76\x7a\xbc\xfa\xec\xc7\xee\xb7\xd3\xef\x4f\xd2\x7e\xfb\x27\x00\x00\xff\xff\xfd\x93\x3e\xa8\x54\x0a\x00\x00"),
+			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xac\x56\xdf\x6f\xdb\x36\x10\x7e\xf7\x5f\x71\x48\x1f\xea\x60\x8b\x6a\x07\x59\x96\x01\xed\x43\xe7\x74\x5d\xb0\x3a\xcb\x9a\x26\x2f\xc3\x40\xd0\xe4\x49\x22\x42\x91\xea\x1d\xe9\xc4\x1b\xf6\xbf\x0f\x94\x54\xc7\xb6\xe4\x2d\x19\xea\x17\x03\xe2\xdd\xf7\x7d\x77\xbc\x1f\x7c\x01\xe7\x97\xd7\x40\xa8\x3c\x69\x1e\x8d\x96\x92\x8c\x5c\x58\x84\x03\x65\x23\x07\x24\xe1\x64\x85\x07\xf0\xd7\x08\x20\xac\x6a\x84\xee\xf7\x06\x38\x90\x71\xc5\x08\x40\x23\x2b\x32\x75\x30\xde\xc1\x1b\x38\xb8\x71\xe6\x73\x44\xe8\xdc\xa1\x71\x1f\xfd\x3d\x1a\xbd\x80\x4b\xaf\x91\x37\x18\x3c\x0b\x53\xc9\xe2\x59\xe8\x57\x32\x94\x10\x3c\x44\x57\x4b\x75\x87\x1a\x7e\xb2\x32\x28\x49\x30\xf3\x2e\x48\xe3\x90\xe0\x83\x71\xf1\x01\x1a\x64\xc8\xdb\x53\x51\x93\xd7\x51\x25\x10\xf1\x19\xab\xd8\xf2\x66\xa6\x2a\x60\x5c\x93\x5f\xc8\x85\x5d\x81\xcc\x93\x5e\x09\xc9\xe0\x28\x1d\x11\xb2\xf9\x13\xe1\x62\xfe\x1e\xbe\xf9\xee\xfd\x61\x13\xc5\x46\x7e\xbc\x0b\xe4\xad\x45\x12\xca\x47\x17\x86\xa2\x70\xb1\x5a\x20\x35\x51\xe4\x32\xda\xd0\x7d\x9e\xf6\xe3\xba\x6c\x2c\xc1\xe7\xf0\x88\xcb\x30\x36\x19\x66\x50\xc9\x94\x49\xde\x15\x50\x49\x55\x1a\x87\x42\xfb\x4a\x1a\xf7\x9c\x24\xce\x5b\x4f\xe8\x3c\xb7\x61\x9d\xd7\x28\x4c\x2d\x6a\xef\xed\x7f\x80\x6e\xc6\x74\x30\xfd\xe1\x38\x9b\x9e\x9e\x65\xe9\x7f\xf2\xea\xf8\xe4\x60\x6f\x69\xdc\xce\xe1\xe2\x0a\x66\x17\xe7\x1f\x77\xa8\x97\x86\x42\x94\x56\xa8\x3a\xf2\xd7\x4a\x67\x87\x09\xb3\xab\x1b\xde\x43\x57\x61\xe5\x69\xf5\x0c\xc2\xe3\xc9\xc9\x59\x9f\xf3\xb6\x63\xfa\xf8\x76\x0e\xc6\xc1\xfc\xc7\x7f\x29\x18\xab\x04\x3b\x53\xd7\x18\x06\x03\xb5\x86\xc3\xb8\x4d\xf4\x61\x9f\x68\xb6\x06\xea\x55\xfd\xcc\xbb\xdc\x14\xb0\xc6\xee\x49\xff\xfd\x8f\xb6\x17\x5b\xc3\x48\x32\x81\x6e\xaa\x64\x2e\xc5\x1d\xae\xfe\x87\xac\xeb\xeb\x9f\xa1\x8e\x0b\x6b\x14\x24\x00\xc8\x3d\x41\x64\x24\x78\xa9\x3c\xe1\xcb\x9d\x6c\x48\x66\x0c\x42\x1b\x6a\x89\xf6\xb4\xb9\x04\x6d\x08\x55\xf0\xb4\x82\xfb\x12\x09\xa1\x40\x87\x24\x03\x6a\x68\x10\x18\xb8\xf4\xd1\x6a\x58\x20\xd4\x56\x2a\xd4\x30\x56\x6d\x52\x18\x18\x15\x61\x48\x8d\xb3\xa7\x88\xb7\x0b\x1f\xc3\xbd\xa7\x3b\x51\x85\x38\xa8\x69\x76\x79\x01\xc6\x05\xa4\x5c\x2a\x84\xf9\xa7\x9b\x3e\xec\xbe\x02\x3d\x39\x9b\x0c\x73\x99\x5a\xc8\x18\xbc\xc6\x80\xed\x74\xaa\x30\x94\x5e\x0f\xf2\xcf\x9b\xa3\x26\x2b\x6b\x17\x08\x25\x42\xe9\x39\xc0\xc5\xd5\xf2\x04\xa4\xd6\x84\xcc\x7b\xe3\xed\x35\x6d\x6e\x88\xc3\x51\xee\xa3\xd3\x3b\xf7\x53\x7b\x2d\x94\xd1\xc3\xd7\x93\x7a\xb7\x65\x24\xe9\x0a\x6c\x34\x31\x9b\xc2\xc1\x2f\x71\x81\xe4\x30\x20\x43\xed\xf5\x33\x94\x4c\x27\xd9\x34\x9b\x64\x93\x57\xd3\xd3\x1d\x25\x8c\xb4\x34\x0a\xf7\xaa\x79\xfd\xfa\xdd\xaf\xe7\xa3\x27\x49\xea\xa0\x38\x1b\x7d\x2a\x11\xa6\x4d\xda\xe0\xde\x58\x9b\xca\x87\x30\x1d\xa3\x6e\x0a\xf7\x2e\x2e\x50\xc8\xda\x34\x9f\xe8\xdb\x26\xcf\xd3\x49\x28\xf7\x3a\xa4\x1a\xd7\x8e\xb3\x51\x12\x33\xda\x08\x7b\x20\xe4\x36\xdc\xe3\xe1\x70\xbf\xec\xdd\x76\x38\x0b\x8e\x79\x6e\x1e\x06\x6f\xe1\xb7\x88\x64\xb0\x6d\xb4\xd6\x9a\xe1\xde\xa4\xc6\x29\x11\x5a\xbf\xb5\x56\xe9\xf8\x1e\x09\x35\x2c\x56\x6b\xa9\x70\xde\xe9\x31\xfc\x65\x5d\x67\xd6\x2b\x69\x61\x8c\x59\x91\x41\xee\x7d\xd6\x49\xce\x78\xa9\xb2\x2d\x9b\x43\x78\xfa\xdd\x6e\x39\xee\x84\x8b\x2e\xfd\x0b\xc2\xda\x53\x30\xae\x18\x9a\x3b\x0b\xef\x6d\x3f\xfc\x77\x8d\x27\x44\x4e\x8b\xde\x13\x48\x27\xed\x2a\x18\xc5\xb0\x06\x6b\x5e\x0a\x35\x07\x42\x59\x31\x8c\x67\xd2\x1a\xe5\x0f\xfb\x53\x31\x97\x96\x71\x50\x97\x2c\x0a\xc2\xa2\x99\x92\x83\x77\xd0\x89\x48\x19\xdf\xa8\xb3\xb7\x8f\x5e\xf0\x41\xae\x90\x60\xdc\x11\x72\x92\x14\x28\xe2\xc0\x50\x5a\x87\xb9\x29\x2d\xd9\x6e\x2b\xdb\x2e\x4d\x81\x0f\x81\xa4\xc8\xad\x2c\x78\x58\x61\x3a\x87\xe6\x1c\xea\x34\x33\x9b\x11\xc2\x68\xf3\xa3\x34\x38\x50\x37\xb5\x7e\xb4\x06\xcc\xfa\xc2\x7a\x73\xbf\xbf\x51\x1e\xe5\x69\xc3\x4d\xe6\x12\x83\x68\x19\x44\x62\xb0\x18\x06\xf5\x9d\xb7\xf6\x6d\xd1\xa2\xcd\x61\x43\x95\xc5\x00\xc6\x71\x90\xd6\xb6\xa5\xdb\x51\xef\xc9\x5d\xbb\xd9\x90\x82\xc9\x8d\x92\x01\xb7\xdf\xb3\x48\x81\xc5\x52\x5a\xa3\x4d\x58\x89\x1a\xc9\x78\x2d\x4a\x1f\x69\x38\x6f\xb7\x9d\x65\x7a\x44\x48\x6b\x1b\x7d\x6a\x03\x3b\xed\xf8\xd6\xfb\xa9\x6b\xe0\xec\xfb\xd3\xb4\x06\xfe\x09\x00\x00\xff\xff\xe2\x9a\x1f\x5d\x72\x0b\x00\x00"),
 		},
 		"/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/workers": &vfsgen۰DirInfo{
 			name:    "workers",
@@ -5042,9 +5042,9 @@ var vfsgenAssets = func() http.FileSystem {
 		"/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/workers/require.tf": &vfsgen۰CompressedFileInfo{
 			name:             "require.tf",
 			modTime:          time.Date(1970, 1, 1, 0, 0, 1, 0, time.UTC),
-			uncompressedSize: 332,
+			uncompressedSize: 288,
 
-			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x6c\xce\x41\x8b\x83\x30\x10\x05\xe0\x7b\x7e\xc5\x23\x7b\x8f\x51\x96\x3d\x2c\xe8\xaf\xd8\xfb\x92\xea\xb4\x04\x12\xa3\x93\x44\x28\xa5\xfe\xf6\x62\xc1\x52\x1a\xe7\x38\x7c\xef\xf1\xbe\xf0\x47\xcc\xe6\x1c\xd8\x63\x21\x8e\x36\x8c\x30\xe3\x80\xc9\xe5\x8b\x1d\xf7\x57\x14\x22\xbd\xd8\x4d\x00\x4c\x73\xb6\x4c\xc3\xff\x9e\x69\x21\xbb\x16\x5a\xd5\x8d\xd2\x52\xdc\x85\x98\x38\x2c\x76\x20\x86\xec\x93\x7c\x66\xde\xa8\x56\xdf\x05\x73\xa1\x37\xae\x90\xf5\x81\x4c\xe4\x27\x67\x12\x15\x78\xed\xd0\xa8\xfa\x53\xbb\x78\x0c\x8b\x01\xf6\xb4\x58\x2e\xc7\xae\x1d\xb4\xfa\xd9\x38\x90\xd9\x62\xbb\x16\x72\x26\x9f\x7f\xab\xaa\x8a\xd7\x98\xc8\x6f\x5d\x8f\x00\x00\x00\xff\xff\xc7\x00\x6c\x9b\x4c\x01\x00\x00"),
+			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x64\x8d\xc1\xce\x82\x30\x10\x84\xef\x7d\x8a\x09\xff\xbd\x01\x92\xdf\x1b\x3c\x85\x77\x53\xe9\x6a\x9a\x2c\x2d\x6e\x0b\x17\x83\xcf\x6e\x80\x54\x30\xee\xf1\x9b\xf9\x76\xfe\x70\x26\x11\x73\x0b\xd2\x63\x22\x89\x2e\x78\x18\x6f\x31\xf0\x78\x77\x3e\xa3\xa8\x54\xfa\xd4\x9e\x0a\x10\x7a\x8c\x4e\xc8\x5e\xb2\xd3\xa0\x68\x1b\x94\xba\xaa\x75\x59\xa8\x63\x63\x90\x30\x39\x4b\x12\x57\x11\xe8\x12\xb6\x6b\x50\xbc\x5a\x94\xfa\x7f\x31\x16\xc0\xa1\x33\xbc\x27\x95\xae\x37\xee\x47\xe6\x83\x51\xeb\x6a\xe3\x89\xfa\x81\x4d\xa2\x1f\xce\x11\x5f\xfd\xfc\xdf\x5d\x27\x27\x69\x5f\x3e\xe5\x44\x8c\xb7\xa1\x3f\x18\xeb\xf2\xac\x66\xf5\x0e\x00\x00\xff\xff\x6c\xb6\x93\x3d\x20\x01\x00\x00"),
 		},
 		"/terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/workers/variables.tf": &vfsgen۰CompressedFileInfo{
 			name:             "variables.tf",
diff --git a/pkg/platform/kvmlibvirt/kvmlibvirt.go b/pkg/platform/kvmlibvirt/kvmlibvirt.go
new file mode 100644
index 000000000..000696332
--- /dev/null
+++ b/pkg/platform/kvmlibvirt/kvmlibvirt.go
@@ -0,0 +1,198 @@
+// Copyright 2020 The Lokomotive Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package kvmlibvirt
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+	"text/template"
+
+	"github.com/hashicorp/hcl/v2"
+	"github.com/hashicorp/hcl/v2/gohcl"
+	"github.com/mitchellh/go-homedir"
+	"github.com/pkg/errors"
+
+	"github.com/kinvolk/lokomotive/pkg/platform"
+	"github.com/kinvolk/lokomotive/pkg/terraform"
+)
+
+type workerPool struct {
+	Name          string   `hcl:"pool_name,label"`
+	Count         int      `hcl:"count"`
+	VirtualCPUs   int      `hcl:"virtual_cpus,optional"`
+	VirtualMemory int      `hcl:"virtual_memory,optional"`
+	CLCSnippets   []string `hcl:"clc_snippets,optional"`
+	Labels        string   `hcl:"labels,optional"`
+}
+
+type config struct {
+	AssetDir                     string       `hcl:"asset_dir"`
+	ClusterName                  string       `hcl:"cluster_name"`
+	ControllerCount              int          `hcl:"controller_count,optional"`
+	MachineDomain                string       `hcl:"machine_domain"`
+	OSImage                      string       `hcl:"os_image"`
+	NodeIpPool                   string       `hcl:"node_ip_pool,optional"`
+	SSHPubKeys                   []string     `hcl:"ssh_pubkeys"`
+	WorkerPools                  []workerPool `hcl:"worker_pool,block"`
+	DisableSelfHostedKubelet     bool         `hcl:"disable_self_hosted_kubelet,optional"`
+	KubeAPIServerExtraFlags      []string     `hcl:"kube_apiserver_extra_flags,optional"`
+	ControllerVirtualCPUs        int          `hcl:"controller_virtual_cpus,optional"`
+	ControllerVirtualMemory      int          `hcl:"controller_virtual_memory,optional"`
+	ControllerCLCSnippets        []string     `hcl:"controller_clc_snippets,optional"`
+	NetworkMTU                   int          `hcl:"network_mtu,optional"`
+	NetworkIpAutodetectionMethod string       `hcl:"network_ip_autodetection_method,optional"`
+	PodCidr                      string       `hcl:"pod_cidr,optional"`
+	ServiceCidr                  string       `hcl:"service_cidr,optional"`
+	ClusterDomainSuffix          string       `hcl:"cluster_domain_suffix,optional"`
+	EnableReporting              bool         `hcl:"enable_reporting,optional"`
+	EnableAggregation            bool         `hcl:"enable_aggregation,optional"`
+	CertsValidityPeriodHours     int          `hcl:"certs_validity_period_hours,optional"`
+}
+
+func init() {
+	platform.Register("kvm-libvirt", NewConfig())
+}
+
+func (c *config) LoadConfig(configBody *hcl.Body, evalContext *hcl.EvalContext) hcl.Diagnostics {
+	if configBody == nil {
+		return hcl.Diagnostics{}
+	}
+
+	if diags := gohcl.DecodeBody(*configBody, evalContext, c); diags.HasErrors() {
+		return diags
+	}
+
+	return c.checkValidConfig()
+}
+
+// Meta is part of Platform interface and returns common information about the platform configuration.
+func (c *config) Meta() platform.Meta {
+	nodes := c.ControllerCount
+	for _, workerpool := range c.WorkerPools {
+		nodes += workerpool.Count
+	}
+	return platform.Meta{
+		AssetDir:      c.AssetDir,
+		ExpectedNodes: nodes,
+	}
+}
+
+func NewConfig() *config {
+	return &config{}
+}
+
+func (c *config) Apply(ex *terraform.Executor) error {
+	if err := c.Initialize(ex); err != nil {
+		return err
+	}
+
+	return ex.Apply()
+}
+
+func (c *config) Destroy(ex *terraform.Executor) error {
+	if err := c.Initialize(ex); err != nil {
+		return err
+	}
+
+	return ex.Destroy()
+}
+
+func (c *config) Initialize(ex *terraform.Executor) error {
+	assetDir, err := homedir.Expand(c.AssetDir)
+	if err != nil {
+		return err
+	}
+
+	terraformRootDir := terraform.GetTerraformRootDir(assetDir)
+
+	return createTerraformConfigFile(c, terraformRootDir)
+}
+
+func createTerraformConfigFile(cfg *config, terraformRootDir string) error {
+	tmplName := "cluster.tf"
+	t := template.New(tmplName).Funcs(template.FuncMap{"StringsJoin": strings.Join})
+	t, err := t.Parse(terraformConfigTmpl)
+	if err != nil {
+		return errors.Wrap(err, "failed to parse template")
+	}
+
+	path := filepath.Join(terraformRootDir, tmplName)
+	f, err := os.Create(path)
+	if err != nil {
+		return errors.Wrapf(err, "failed to create file %q", path)
+	}
+	defer f.Close()
+
+	terraformCfg := struct {
+		Config config
+	}{
+		Config: *cfg,
+	}
+
+	if err := t.Execute(f, terraformCfg); err != nil {
+		return errors.Wrapf(err, "failed to write template to file: %q", path)
+	}
+	return nil
+}
+
+// checkValidConfig validates cluster configuration.
+func (c *config) checkValidConfig() hcl.Diagnostics {
+	var diagnostics hcl.Diagnostics
+
+	diagnostics = append(diagnostics, c.checkNotEmptyWorkers()...)
+	diagnostics = append(diagnostics, c.checkWorkerPoolNamesUnique()...)
+
+	return diagnostics
+}
+
+// checkNotEmptyWorkers checks if the cluster has at least 1 node pool defined.
+func (c *config) checkNotEmptyWorkers() hcl.Diagnostics {
+	var diagnostics hcl.Diagnostics
+
+	if len(c.WorkerPools) == 0 {
+		diagnostics = append(diagnostics, &hcl.Diagnostic{
+			Severity: hcl.DiagError,
+			Summary:  "At least one worker pool must be defined",
+			Detail:   "Make sure to define at least one worker pool block in your cluster block",
+		})
+	}
+
+	return diagnostics
+}
+
+// checkWorkerPoolNamesUnique verifies that all worker pool names are unique.
+func (c *config) checkWorkerPoolNamesUnique() hcl.Diagnostics {
+	var diagnostics hcl.Diagnostics
+
+	dup := make(map[string]bool)
+
+	for _, w := range c.WorkerPools {
+		if !dup[w.Name] {
+			dup[w.Name] = true
+			continue
+		}
+
+		// It is duplicated.
+		diagnostics = append(diagnostics, &hcl.Diagnostic{
+			Severity: hcl.DiagError,
+			Summary:  "Worker pools name should be unique",
+			Detail:   fmt.Sprintf("Worker pool '%v' is duplicated", w.Name),
+		})
+	}
+
+	return diagnostics
+}
diff --git a/pkg/platform/kvmlibvirt/template.go b/pkg/platform/kvmlibvirt/template.go
new file mode 100644
index 000000000..1b31fe9b8
--- /dev/null
+++ b/pkg/platform/kvmlibvirt/template.go
@@ -0,0 +1,186 @@
+// Copyright 2020 The Lokomotive Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package kvmlibvirt
+
+var terraformConfigTmpl = `
+module "kvm-libvirt-{{.Config.ClusterName}}" {
+  source = "../terraform-modules/kvm-libvirt/flatcar-linux/kubernetes"
+
+  cluster_name = "{{.Config.ClusterName}}"
+
+  ssh_keys = {{ StringsJoin .Config.SSHPubKeys "\", \"" | printf "[%q]" }}
+
+  asset_dir = "../cluster-assets"
+
+  os_image = "{{.Config.OSImage}}"
+
+  machine_domain = "{{.Config.MachineDomain}}"
+
+  {{- if .Config.NodeIpPool}}
+  node_ip_pool   = "{{.Config.NodeIpPool}}"
+  {{- end }}
+
+  {{- if .Config.ControllerCount}}
+  controller_count = {{.Config.ControllerCount}}
+  {{- end }}
+
+  {{- if .Config.ControllerVirtualCPUs}}
+  virtual_cpus = {{ .Config.ControllerVirtualCPUs}}
+  {{- end }}
+
+  {{- if .Config.ControllerVirtualMemory}}
+  virtual_memory {{ .Config.ControllerVirtualMemory}}
+  {{- end }}
+
+  {{- if .Config.NetworkMTU }}
+  network_mtu = {{.Config.NetworkMTU}}
+  {{- end }}
+
+  {{- if .Config.NetworkIpAutodetectionMethod }}
+  network_ip_autodetection_method = {{ .Config.NetworkIpAutodetectionMethod }}
+  {{- end }}
+
+  {{- if .Config.PodCidr }}
+  pod_cidr = {{.Config.PodCidr }}
+  {{- end }}
+  {{- if .Config.ServiceCidr }}
+  service_cidr = {{.Config.ServiceCidr }}
+  {{- end }}
+
+  {{- if .Config.ClusterDomainSuffix }}
+  cluster_domain_suffix = {{.Config.ClusterDomainSuffix }}
+  {{- end }}
+
+  enable_reporting   = {{.Config.EnableReporting}}
+  enable_aggregation = {{.Config.EnableAggregation}}
+
+  {{- if .Config.ControllerCLCSnippets }}
+  controller_clc_snippets = {{ StringsJoin .Config.ControllerCLCSnippets "\", \"" | printf "[%q]" }}
+  {{- end }}
+
+  disable_self_hosted_kubelet = {{ .Config.DisableSelfHostedKubelet }}
+
+  {{- if .Config.KubeAPIServerExtraFlags }}
+  kube_apiserver_extra_flags = {{ StringsJoin .Config.KubeAPIServerExtraFlags "\", \"" | printf "[%q]" }}
+  {{- end }}
+
+  {{- if .Config.CertsValidityPeriodHours }}
+  certs_validity_period_hours = {{.Config.CertsValidityPeriodHours}}
+  {{- end }}
+}
+
+{{ range $index, $pool := .Config.WorkerPools }}
+module "worker-pool-{{ $index }}" {
+  source = "../terraform-modules/kvm-libvirt/flatcar-linux/kubernetes/workers"
+
+  ssh_keys = {{ StringsJoin $.Config.SSHPubKeys "\", \"" | printf "[%q]" }}
+  machine_domain        = "{{$.Config.MachineDomain}}"
+  cluster_name          = "{{$.Config.ClusterName}}"
+  {{- if $.Config.ClusterDomainSuffix }}
+  cluster_domain_suffix = {{$.Config.ClusterDomainSuffix }}
+  {{- end }}
+  {{- if $.Config.ServiceCidr }}
+  service_cidr = {{$.Config.ServiceCidr }}
+  {{- end }}
+
+  libvirtpool           = module.kvm-libvirt-{{$.Config.ClusterName}}.libvirtpool
+  libvirtbaseid         = module.kvm-libvirt-{{$.Config.ClusterName}}.libvirtbaseid
+  kubeconfig            = module.kvm-libvirt-{{$.Config.ClusterName}}.kubeconfig
+
+  pool_name             = "{{ $pool.Name }}"
+  worker_count          = "{{ $pool.Count}}"
+
+  {{- if $pool.VirtualCPUs }}
+  virtual_cpus = {{ $pool.VirtualCPUs }}
+  {{- end }}
+
+  {{- if $pool.VirtualMemory }}
+  virtual_memory {{ $pool.VirtualMemory }}
+  {{- end }}
+
+  {{- if $pool.Labels }}
+  labels = {{ $pool.Labels }}
+  {{- end }}
+
+  {{- if $pool.CLCSnippets }}
+  clc_snippets = {{ StringsJoin $pool.CLCSnippets "\", \"" | printf "[%q]" }}
+  {{- end }}
+}
+{{- end }}
+
+provider "libvirt" {
+  uri     = "qemu:///system"
+  version = "~> 0.6.0"
+}
+
+provider "ct" {
+  version = "~> 0.5.0"
+}
+
+provider "local" {
+  version = "~> 1.2"
+}
+
+provider "null" {
+  version = "~> 2.1"
+}
+
+provider "template" {
+  version = "~> 2.1"
+}
+
+provider "tls" {
+  version = "~> 2.0"
+}
+
+provider "random" {
+  version = "~> 2.2"
+}
+
+
+# Stub output, which indicates, that Terraform run at least once.
+# Used when checking, if we should ask user for confirmation, when
+# applying changes to the cluster.
+output "initialized" {
+  value     = true
+  sensitive = true
+}
+
+# values.yaml content for all deployed charts.
+output "pod-checkpointer_values" {
+  value     = module.kvm-libvirt-{{.Config.ClusterName}}.pod-checkpointer_values
+  sensitive = true
+}
+
+output "kube-apiserver_values" {
+  value     = module.kvm-libvirt-{{.Config.ClusterName}}.kube-apiserver_values
+  sensitive = true
+}
+
+output "kubernetes_values" {
+  value     = module.kvm-libvirt-{{.Config.ClusterName}}.kubernetes_values
+  sensitive = true
+}
+
+output "kubelet_values" {
+  value     = module.kvm-libvirt-{{.Config.ClusterName}}.kubelet_values
+  sensitive = true
+}
+
+output "calico_values" {
+  value     = module.kvm-libvirt-{{.Config.ClusterName}}.calico_values
+  sensitive = true
+}
+`