kjuulh/terraform-hcloud-kube-hetzner
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Merge 6fa7daa21d into a5d641c930

Browse Source
This commit is contained in:
Michael Karbowiak 2022-05-02 20:49:18 +00:00 committed by GitHub
commit 02b2bdad99
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 96 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -54,7 +54,7 @@ Follow those simple steps, and your world's cheapest Kube cluster will be up and
First and foremost, you need to have a Hetzner Cloud account. You can sign up for free [here](https://hetzner.com/cloud/). First and foremost, you need to have a Hetzner Cloud account. You can sign up for free [here](https://hetzner.com/cloud/).
Then you'll need to have [terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli), [kubectl](https://kubernetes.io/docs/tasks/tools/) cli, and [hcloud](<https://github.com/hetznercloud/cli>) the Hetzner cli. The easiest way is to use the [homebrew](https://brew.sh/) package manager to install them (available on Linux, Mac, and Windows Linux Subsystem). Then you'll need to have [terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli), [kubectl](https://kubernetes.io/docs/tasks/tools/) cli and [hcloud](<https://github.com/hetznercloud/cli>) the Hetzner cli. The easiest way is to use the [homebrew](https://brew.sh/) package manager to install them (available on Linux, Mac, and Windows Linux Subsystem).
```sh ```sh
brew install terraform brew install terraform
@ -205,7 +205,7 @@ It is easy to use Kube-Hetzner as a Terraform module. To do so:
``` terraform ``` terraform
module "kube-hetzner" { module "kube-hetzner" {
source = "kube-hetzner/kube-hetzner/hcloud" source = "kube-hetzner/kube-hetzner/hcloud"
# insert the required variables here found in terraform.tfvars.example # insert the required variables here found in terraform.tfvars.example
} }
``` ```
@ -285,4 +285,4 @@ Code contributions are very much **welcome**.
[issues-url]: https://github.com/mysticaltech/kube-hetzner/issues [issues-url]: https://github.com/mysticaltech/kube-hetzner/issues
[license-shield]: https://img.shields.io/github/license/mysticaltech/kube-hetzner.svg?style=for-the-badge [license-shield]: https://img.shields.io/github/license/mysticaltech/kube-hetzner.svg?style=for-the-badge
[license-url]: https://github.com/mysticaltech/kube-hetzner/blob/master/LICENSE.txt [license-url]: https://github.com/mysticaltech/kube-hetzner/blob/master/LICENSE.txt
[product-screenshot]: https://github.com/kube-hetzner/kube-hetzner/raw/master/.images/kubectl-pod-all-17022022.png [product-screenshot]: https://github.com/kube-hetzner/kube-hetzner/raw/master/.images/kubectl-pod-all-17022022.png

44
init.tf
View File

@ -80,18 +80,25 @@ resource "null_resource" "kustomization" {
content = yamlencode({ content = yamlencode({
apiVersion = "kustomize.config.k8s.io/v1beta1" apiVersion = "kustomize.config.k8s.io/v1beta1"
kind = "Kustomization" kind = "Kustomization"
resources = concat([ resources = concat(
"https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${local.ccm_version}/ccm-networks.yaml", [
"https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml", "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${local.ccm_version}/ccm-networks.yaml",
"https://github.com/weaveworks/kured/releases/download/${local.kured_version}/kured-${local.kured_version}-dockerhub.yaml", "https://github.com/weaveworks/kured/releases/download/${local.kured_version}/kured-${local.kured_version}-dockerhub.yaml",
"https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml", "https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml",
], local.is_single_node_cluster ? [] : var.traefik_enabled ? ["traefik_config.yaml"] : [] ],
, var.cni_plugin == "calico" ? ["https://projectcalico.docs.tigera.io/manifests/calico.yaml"] : []), var.disable_hetzner_csi ? [] : ["https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml"],
patchesStrategicMerge = concat([ var.enable_longhorn ? ["longhorn.yaml"] : [],
file("${path.module}/kustomize/kured.yaml"), local.is_single_node_cluster ? [] : var.traefik_enabled ? ["traefik_config.yaml"] : [],
file("${path.module}/kustomize/ccm.yaml"), var.cni_plugin == "calico" ? ["https://projectcalico.docs.tigera.io/manifests/calico.yaml"] : []
file("${path.module}/kustomize/system-upgrade-controller.yaml") ),
], var.cni_plugin == "calico" ? [file("${path.module}/kustomize/calico.yaml")] : []) patchesStrategicMerge = concat(
[
file("${path.module}/kustomize/kured.yaml"),
file("${path.module}/kustomize/ccm.yaml"),
file("${path.module}/kustomize/system-upgrade-controller.yaml")
],
var.cni_plugin == "calico" ? [file("${path.module}/kustomize/calico.yaml")] : []
)
}) })
destination = "/var/post_install/kustomization.yaml" destination = "/var/post_install/kustomization.yaml"
} }
@ -122,6 +129,16 @@ resource "null_resource" "kustomization" {
destination = "/var/post_install/plans.yaml" destination = "/var/post_install/plans.yaml"
} }
# Upload the Longhorn config
provisioner "file" {
content = templatefile(
"${path.module}/templates/longhorn.yaml.tpl",
{
disable_hetzner_csi = var.disable_hetzner_csi
})
destination = "/var/post_install/longhorn.yaml"
}
# Deploy secrets, logging is automatically disabled due to sensitive variables # Deploy secrets, logging is automatically disabled due to sensitive variables
provisioner "remote-exec" { provisioner "remote-exec" {
inline = [ inline = [
@ -161,6 +178,7 @@ resource "null_resource" "kustomization" {
} }
depends_on = [ depends_on = [
null_resource.first_control_plane null_resource.first_control_plane,
local_sensitive_file.kubeconfig
] ]
} }

2
locals.tf
View File

@ -13,7 +13,7 @@ locals {
ccm_version = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag ccm_version = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag
csi_version = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag csi_version = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag
kured_version = data.github_release.kured.release_tag kured_version = var.kured_version != null ? var.kured_version : data.github_release.kured.release_tag
common_commands_install_k3s = [ common_commands_install_k3s = [
"set -ex", "set -ex",

10
modules/host/main.tf
View File

@ -69,7 +69,7 @@ resource "hcloud_server" "server" {
provisioner "remote-exec" { provisioner "remote-exec" {
inline = [ inline = [
"set -ex", "set -ex",
"transactional-update shell <<< 'rpm --import https://rpm.rancher.io/public.key;zypper install -y https://github.com/k3s-io/k3s-selinux/releases/download/v0.5.stable.1/k3s-selinux-0.5-1.sle.noarch.rpm'" "transactional-update shell <<< 'rpm --import https://rpm.rancher.io/public.key; zypper install -y open-iscsi https://github.com/k3s-io/k3s-selinux/releases/download/v0.5.stable.1/k3s-selinux-0.5-1.sle.noarch.rpm'"
] ]
} }
@ -84,6 +84,14 @@ resource "hcloud_server" "server" {
done done
EOT EOT
} }
# Enable open-iscsi
provisioner "remote-exec" {
inline = [
"set -ex",
"systemctl enable --now iscsid"
]
}
} }
resource "hcloud_server_network" "server" { resource "hcloud_server_network" "server" {

22
templates/longhorn.yaml.tpl Normal file
View File

@ -0,0 +1,22 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: longhorn
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: longhorn
namespace: kube-system
spec:
chart: longhorn
repo: https://charts.longhorn.io
targetNamespace: longhorn
valuesContent: |-
defaultSettings:
defaultDataPath: /var/longhorn
persistence:
defaultFsType: ext4
defaultClassReplicaCount: 2
%{ if disable_hetzner_csi ~}defaultClass: true%{ else ~}defaultClass: false%{ endif ~}

2
templates/plans.yaml.tpl
View File

@ -47,4 +47,4 @@ spec:
serviceAccountName: system-upgrade serviceAccountName: system-upgrade
cordon: true cordon: true
upgrade: upgrade:
image: rancher/k3s-upgrade image: rancher/k3s-upgrade

14
terraform.tfvars.example
View File

@ -24,9 +24,9 @@ network_region = "eu-central" # change to `us-east` if location is ash
# Of course, you can choose any number of nodepools you want, with the location you want. The only constraint on the location is that you need to stay in the same network region, Europe, or the US. # Of course, you can choose any number of nodepools you want, with the location you want. The only constraint on the location is that you need to stay in the same network region, Europe, or the US.
# For the server type, the minimum instance supported is cpx11 (just a few cents more than cx11); see https://www.hetzner.com/cloud. # For the server type, the minimum instance supported is cpx11 (just a few cents more than cx11); see https://www.hetzner.com/cloud.
# IMPORTANT: Before you create your cluster, you can do anything you want with the nodepools, but you need at least one of each control plane and agent. # IMPORTANT: Before you create your cluster, you can do anything you want with the nodepools, but you need at least one of each control plane and agent.
# Once the cluster is up and running, you can change nodepool count and even set it to 0 (in the case of the first control-plane nodepool, the minimum is 1), # Once the cluster is up and running, you can change nodepool count and even set it to 0 (in the case of the first control-plane nodepool, the minimum is 1),
# you can also rename it (if the count is 0), but do not remove a nodepool from the list. # you can also rename it (if the count is 0), but do not remove a nodepool from the list.
# The only nodepools that are safe to remove from the list when you edit it are at the end of the lists. That is due to how subnets and IPs get allocated (FILO). # The only nodepools that are safe to remove from the list when you edit it are at the end of the lists. That is due to how subnets and IPs get allocated (FILO).
# You can, however, freely add other nodepools at the end of each list if you want! The maximum number of nodepools you can create combined for both lists is 255. # You can, however, freely add other nodepools at the end of each list if you want! The maximum number of nodepools you can create combined for both lists is 255.
@ -103,10 +103,18 @@ load_balancer_location = "fsn1"
### The following values are entirely optional ### The following values are entirely optional
# To use local storage on the nodes, you can enable Longhorn, default is "false"
# enable_longhorn = false
# To disable Hetzner CSI storage, you can set the following to true, default is "false"
# disable_hetzner_csi = false
# If you want to use a specific Hetzner CCM and CSI version, set them below; otherwise, leave them as-is for the latest versions # If you want to use a specific Hetzner CCM and CSI version, set them below; otherwise, leave them as-is for the latest versions
# hetzner_ccm_version = "" # hetzner_ccm_version = ""
# hetzner_csi_version = "" # hetzner_csi_version = ""
# If you want to specify the Kured version, set it below - otherwise it'll use the latest version available
# kured_version = ""
# We give you the possibility to use letsencrypt directly with Traefik because it's an easy setup, however it's not optimal, # We give you the possibility to use letsencrypt directly with Traefik because it's an easy setup, however it's not optimal,
# as the free version of Traefik causes a little bit of downtime when when the certificates get renewed. For proper SSL management, # as the free version of Traefik causes a little bit of downtime when when the certificates get renewed. For proper SSL management,
@ -175,4 +183,4 @@ load_balancer_location = "fsn1"
# If you want to disable the automatic use of placement group "spread". See https://docs.hetzner.com/cloud/placement-groups/overview/ # If you want to disable the automatic use of placement group "spread". See https://docs.hetzner.com/cloud/placement-groups/overview/
# That may be useful if you need to deploy more than 500 nodes! The default is "false". # That may be useful if you need to deploy more than 500 nodes! The default is "false".
# placement_group_disable = true # placement_group_disable = true

18
variables.tf
View File

@ -65,6 +65,12 @@ variable "hetzner_csi_version" {
description = "Version of Container Storage Interface driver for Hetzner Cloud" description = "Version of Container Storage Interface driver for Hetzner Cloud"
} }
variable "kured_version" {
type = string
default = null
description = "Version of Kured"
}
variable "traefik_enabled" { variable "traefik_enabled" {
type = bool type = bool
default = true default = true
@ -157,3 +163,15 @@ variable "cni_plugin" {
default = "flannel" default = "flannel"
description = "CNI plugin for k3s" description = "CNI plugin for k3s"
} }
variable "enable_longhorn" {
type = bool
default = false
description = "Enable Longhorn"
}
variable "disable_hetzner_csi" {
type = bool
default = false
description = "Disable hetzner csi driver"
}