diff --git a/agents.tf b/agents.tf index 03d1399..4f6e7e5 100644 --- a/agents.tf +++ b/agents.tf @@ -4,15 +4,16 @@ module "agents" { count = var.agents_num name = "k3s-agent-${count.index}" - ssh_keys = [hcloud_ssh_key.k3s.id] - public_key = var.public_key - private_key = var.private_key - firewall_ids = [hcloud_firewall.k3s.id] - placement_group_id = hcloud_placement_group.k3s.id - location = var.location - network_id = hcloud_network.k3s.id - ip = cidrhost(hcloud_network_subnet.k3s.ip_range, 513 + count.index) - server_type = var.control_plane_server_type + ssh_keys = [hcloud_ssh_key.k3s.id] + public_key = var.public_key + private_key = var.private_key + additional_public_keys = var.additional_public_keys + firewall_ids = [hcloud_firewall.k3s.id] + placement_group_id = hcloud_placement_group.k3s.id + location = var.location + network_id = hcloud_network.k3s.id + ip = cidrhost(hcloud_network_subnet.k3s.ip_range, 513 + count.index) + server_type = var.control_plane_server_type labels = { "provisioner" = "terraform", @@ -55,12 +56,14 @@ resource "null_resource" "agents" { inline = local.install_k3s_agent } - # Upon reboot verify that k3s agent starts correctly + # Start the k3s agent and wait for it to have started provisioner "remote-exec" { inline = [ + "systemctl start k3s-agent", <<-EOT timeout 120 bash < /dev/null; do + systemctl start k3s-agent echo "Waiting for the k3s agent to start..." sleep 2 done diff --git a/locals.tf b/locals.tf index 55ac37c..0aa10e8 100644 --- a/locals.tf +++ b/locals.tf @@ -17,7 +17,6 @@ locals { csi_version = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag kured_version = data.github_release.kured.release_tag - common_commands_install_k3s = [ "set -ex", # prepare the k3s config directory @@ -28,5 +27,5 @@ locals { install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=server sh -"]) - install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_EXEC=agent sh -"]) + install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=agent sh -"]) } diff --git a/master.tf b/master.tf index 7603305..cfd3283 100644 --- a/master.tf +++ b/master.tf @@ -3,15 +3,16 @@ module "first_control_plane" { name = "k3s-control-plane-0" - ssh_keys = [hcloud_ssh_key.k3s.id] - public_key = var.public_key - private_key = var.private_key - firewall_ids = [hcloud_firewall.k3s.id] - placement_group_id = hcloud_placement_group.k3s.id - location = var.location - network_id = hcloud_network.k3s.id - ip = local.first_control_plane_network_ip - server_type = var.control_plane_server_type + ssh_keys = [hcloud_ssh_key.k3s.id] + public_key = var.public_key + private_key = var.private_key + additional_public_keys = var.additional_public_keys + firewall_ids = [hcloud_firewall.k3s.id] + placement_group_id = hcloud_placement_group.k3s.id + location = var.location + network_id = hcloud_network.k3s.id + ip = local.first_control_plane_network_ip + server_type = var.control_plane_server_type labels = { "provisioner" = "terraform", @@ -69,6 +70,7 @@ resource "null_resource" "first_control_plane" { <<-EOT timeout 120 bash < /dev/null; do + systemctl start k3s echo "Waiting for the k3s server to start..." sleep 2 done diff --git a/modules/host/locals.tf b/modules/host/locals.tf index 8fdd2c1..5a61b2a 100644 --- a/modules/host/locals.tf +++ b/modules/host/locals.tf @@ -31,6 +31,34 @@ locals { "umount /mnt" ] + ignition_config = jsonencode({ + ignition = { + version = "3.0.0" + } + passwd = { + users = [{ + name = "root" + sshAuthorizedKeys = concat([local.ssh_public_key], var.additional_public_keys) + }] + } + storage = { + files = [ + { + path = "/etc/sysconfig/network/ifcfg-eth1" + mode = 420 + overwrite = true + contents = { "source" = "data:,BOOTPROTO%3D%27dhcp%27%0ASTARTMODE%3D%27auto%27" } + }, + { + path = "/etc/ssh/sshd_config.d/kube-hetzner.conf" + mode = 420 + overwrite = true + contents = { "source" = "data:,PasswordAuthentication%20no%0AX11Forwarding%20no%0AMaxAuthTries%202%0AAllowTcpForwarding%20no%0AAllowAgentForwarding%20no%0AAuthorizedKeysFile%20.ssh%2Fauthorized_keys" } + } + ] + } + }) + combustion_script = < /dev/null do echo "Waiting for MicroOS to reboot and become available..." - sleep 2 + sleep 3 done EOT } diff --git a/modules/host/templates/config.ign.tpl b/modules/host/templates/config.ign.tpl deleted file mode 100644 index 009807e..0000000 --- a/modules/host/templates/config.ign.tpl +++ /dev/null @@ -1,31 +0,0 @@ -{ - "ignition": { - "version": "3.0.0" - }, - "passwd": { - "users": [ - { - "name": "root", - "sshAuthorizedKeys": [ - "${ssh_public_key}" - ] - } - ] - }, - "storage": { - "files": [ - { - "path": "/etc/sysconfig/network/ifcfg-eth1", - "mode": 420, - "overwrite": true, - "contents": { "source": "data:,BOOTPROTO%3D%27dhcp%27%0ASTARTMODE%3D%27auto%27" } - }, - { - "path": "/etc/ssh/sshd_config.d/kube-hetzner.conf", - "mode": 420, - "overwrite": true, - "contents": { "source": "data:,PasswordAuthentication%20no%0AX11Forwarding%20no%0AMaxAuthTries%202%0AAllowTcpForwarding%20no%0AAllowAgentForwarding%20no%0AAuthorizedKeysFile%20.ssh%2Fauthorized_keys" } - } - ] - } -} diff --git a/modules/host/variables.tf b/modules/host/variables.tf index 2e393fd..b336fc5 100644 --- a/modules/host/variables.tf +++ b/modules/host/variables.tf @@ -19,6 +19,12 @@ variable "private_key" { type = string } +variable "additional_public_keys" { + description = "Additional SSH public Keys. Use them to grant other team members root access to your cluster nodes" + type = list(string) + default = [] +} + variable "ssh_keys" { description = "List of SSH key IDs" type = list(string) diff --git a/servers.tf b/servers.tf index 10056bd..5bc9ba4 100644 --- a/servers.tf +++ b/servers.tf @@ -4,15 +4,16 @@ module "control_planes" { count = var.servers_num - 1 name = "k3s-control-plane-${count.index + 1}" - ssh_keys = [hcloud_ssh_key.k3s.id] - public_key = var.public_key - private_key = var.private_key - firewall_ids = [hcloud_firewall.k3s.id] - placement_group_id = hcloud_placement_group.k3s.id - location = var.location - network_id = hcloud_network.k3s.id - ip = cidrhost(hcloud_network_subnet.k3s.ip_range, 258 + count.index) - server_type = var.control_plane_server_type + ssh_keys = [hcloud_ssh_key.k3s.id] + public_key = var.public_key + private_key = var.private_key + additional_public_keys = var.additional_public_keys + firewall_ids = [hcloud_firewall.k3s.id] + placement_group_id = hcloud_placement_group.k3s.id + location = var.location + network_id = hcloud_network.k3s.id + ip = cidrhost(hcloud_network_subnet.k3s.ip_range, 258 + count.index) + server_type = var.control_plane_server_type labels = { "provisioner" = "terraform", @@ -61,13 +62,14 @@ resource "null_resource" "control_planes" { inline = local.install_k3s_server } - # Upon reboot verify that the k3s server starts correctly + # Start the k3s server and wait for it to have started correctly provisioner "remote-exec" { inline = [ "systemctl start k3s", <<-EOT timeout 120 bash < /dev/null; do + systemctl start k3s echo "Waiting for the k3s server to start..." sleep 2 done diff --git a/templates/config.ign.tpl b/templates/config.ign.tpl deleted file mode 100644 index 009807e..0000000 --- a/templates/config.ign.tpl +++ /dev/null @@ -1,31 +0,0 @@ -{ - "ignition": { - "version": "3.0.0" - }, - "passwd": { - "users": [ - { - "name": "root", - "sshAuthorizedKeys": [ - "${ssh_public_key}" - ] - } - ] - }, - "storage": { - "files": [ - { - "path": "/etc/sysconfig/network/ifcfg-eth1", - "mode": 420, - "overwrite": true, - "contents": { "source": "data:,BOOTPROTO%3D%27dhcp%27%0ASTARTMODE%3D%27auto%27" } - }, - { - "path": "/etc/ssh/sshd_config.d/kube-hetzner.conf", - "mode": 420, - "overwrite": true, - "contents": { "source": "data:,PasswordAuthentication%20no%0AX11Forwarding%20no%0AMaxAuthTries%202%0AAllowTcpForwarding%20no%0AAllowAgentForwarding%20no%0AAuthorizedKeysFile%20.ssh%2Fauthorized_keys" } - } - ] - } -} diff --git a/variables.tf b/variables.tf index e23c2bc..9346e5d 100644 --- a/variables.tf +++ b/variables.tf @@ -14,6 +14,12 @@ variable "private_key" { type = string } +variable "additional_public_keys" { + description = "Additional SSH public Keys. Use them to grant other team members root access to your cluster nodes" + type = list(string) + default = [] +} + variable "location" { description = "Default server location" type = string