From 406ba988bfcf9d8526a646fb38cd17ef41ef07d8 Mon Sep 17 00:00:00 2001
From: phaer <hello@phaer.org>
Date: Sat, 19 Feb 2022 15:07:39 +0100
Subject: [PATCH 1/3] use jsonencode, not template for config.ign

---
 agents.tf                |  5 +----
 locals.tf                | 29 +++++++++++++++++++++++++++++
 master.tf                |  5 +----
 servers.tf               |  5 +----
 templates/config.ign.tpl | 31 -------------------------------
 5 files changed, 32 insertions(+), 43 deletions(-)
 delete mode 100644 templates/config.ign.tpl

diff --git a/agents.tf b/agents.tf
index 39562e6..7e9724e 100644
--- a/agents.tf
+++ b/agents.tf
@@ -24,10 +24,7 @@ resource "hcloud_server" "agents" {
   }
 
   provisioner "file" {
-    content = templatefile("${path.module}/templates/config.ign.tpl", {
-      name           = self.name
-      ssh_public_key = local.ssh_public_key
-    })
+    content     = local.ignition_config
     destination = "/root/config.ign"
   }
 
diff --git a/locals.tf b/locals.tf
index 6c5a399..675935d 100644
--- a/locals.tf
+++ b/locals.tf
@@ -38,6 +38,34 @@ locals {
     "umount /mnt"
   ]
 
+  ignition_config = jsonencode({
+    ignition = {
+      version = "3.0.0"
+    }
+    passwd = {
+      users = [{
+        name              = "root"
+        sshAuthorizedKeys = [local.ssh_public_key]
+      }]
+    }
+    storage = {
+      files = [
+        {
+          path      = "/etc/sysconfig/network/ifcfg-eth1"
+          mode      = 420
+          overwrite = true
+          contents  = { "source" = "data:,BOOTPROTO%3D%27dhcp%27%0ASTARTMODE%3D%27auto%27" }
+        },
+        {
+          path      = "/etc/ssh/sshd_config.d/kube-hetzner.conf"
+          mode      = 420
+          overwrite = true
+          contents  = { "source" = "data:,PasswordAuthentication%20no%0AX11Forwarding%20no%0AMaxAuthTries%202%0AAllowTcpForwarding%20no%0AAllowAgentForwarding%20no%0AAuthorizedKeysFile%20.ssh%2Fauthorized_keys" }
+        }
+      ]
+    }
+  })
+
   combustion_script = <<EOF
 #!/bin/bash
 # combustion: network
@@ -60,4 +88,5 @@ udevadm settle
   install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=server sh -"])
 
   install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_EXEC=agent sh -"])
+
 }
diff --git a/master.tf b/master.tf
index fb1acd0..9096ab1 100644
--- a/master.tf
+++ b/master.tf
@@ -22,10 +22,7 @@ resource "hcloud_server" "first_control_plane" {
   }
 
   provisioner "file" {
-    content = templatefile("${path.module}/templates/config.ign.tpl", {
-      name           = self.name
-      ssh_public_key = local.ssh_public_key
-    })
+    content     = local.ignition_config
     destination = "/root/config.ign"
   }
 
diff --git a/servers.tf b/servers.tf
index e574a7e..18b48b7 100644
--- a/servers.tf
+++ b/servers.tf
@@ -23,10 +23,7 @@ resource "hcloud_server" "control_planes" {
   }
 
   provisioner "file" {
-    content = templatefile("${path.module}/templates/config.ign.tpl", {
-      name           = self.name
-      ssh_public_key = local.ssh_public_key
-    })
+    content     = local.ignition_config
     destination = "/root/config.ign"
   }
 
diff --git a/templates/config.ign.tpl b/templates/config.ign.tpl
deleted file mode 100644
index 009807e..0000000
--- a/templates/config.ign.tpl
+++ /dev/null
@@ -1,31 +0,0 @@
-{
-  "ignition": {
-    "version": "3.0.0"
-  },
-  "passwd": {
-    "users": [
-      {
-        "name": "root",
-        "sshAuthorizedKeys": [
-          "${ssh_public_key}"
-        ]
-      }
-    ]
-  },
-  "storage": {
-    "files": [
-      {
-        "path": "/etc/sysconfig/network/ifcfg-eth1",
-        "mode": 420,
-        "overwrite": true,
-        "contents": { "source": "data:,BOOTPROTO%3D%27dhcp%27%0ASTARTMODE%3D%27auto%27" }
-      },
-      {
-        "path": "/etc/ssh/sshd_config.d/kube-hetzner.conf",
-        "mode": 420,
-        "overwrite": true,
-        "contents": { "source": "data:,PasswordAuthentication%20no%0AX11Forwarding%20no%0AMaxAuthTries%202%0AAllowTcpForwarding%20no%0AAllowAgentForwarding%20no%0AAuthorizedKeysFile%20.ssh%2Fauthorized_keys" }
-      }
-    ]
-  }
-}

From 2fa1b17ac6e9fa1e9ebd75db43c1d062b1443a8d Mon Sep 17 00:00:00 2001
From: phaer <hello@phaer.org>
Date: Sat, 19 Feb 2022 15:12:04 +0100
Subject: [PATCH 2/3] allow additional ssh public keys

---
 locals.tf    | 2 +-
 variables.tf | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/locals.tf b/locals.tf
index 675935d..ce74971 100644
--- a/locals.tf
+++ b/locals.tf
@@ -45,7 +45,7 @@ locals {
     passwd = {
       users = [{
         name              = "root"
-        sshAuthorizedKeys = [local.ssh_public_key]
+        sshAuthorizedKeys = concat([local.ssh_public_key], var.additional_public_keys)
       }]
     }
     storage = {
diff --git a/variables.tf b/variables.tf
index e23c2bc..9346e5d 100644
--- a/variables.tf
+++ b/variables.tf
@@ -14,6 +14,12 @@ variable "private_key" {
   type        = string
 }
 
+variable "additional_public_keys" {
+  description = "Additional SSH public Keys. Use them to grant other team members root access to your cluster nodes"
+  type        = list(string)
+  default     = []
+}
+
 variable "location" {
   description = "Default server location"
   type        = string

From e39dc064e234ca0222b60cd0e82a4c7d9c0b934e Mon Sep 17 00:00:00 2001
From: Karim Naufal <rimkashox@gmail.com>
Date: Sun, 20 Feb 2022 02:04:37 +0100
Subject: [PATCH 3/3] making k3s start more robust

---
 agents.tf  | 4 +++-
 locals.tf  | 2 +-
 master.tf  | 1 +
 servers.tf | 3 ++-
 4 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/agents.tf b/agents.tf
index 7e9724e..2944711 100644
--- a/agents.tf
+++ b/agents.tf
@@ -72,12 +72,14 @@ resource "hcloud_server" "agents" {
     inline = local.install_k3s_agent
   }
 
-  # Upon reboot verify that k3s agent starts correctly
+  # Start the k3s agent and wait for it to have started
   provisioner "remote-exec" {
     inline = [
+      "systemctl start k3s-agent",
       <<-EOT
       timeout 120 bash <<EOF
         until systemctl status k3s-agent > /dev/null; do
+          systemctl start k3s-agent
           echo "Waiting for the k3s agent to start..."
           sleep 2
         done
diff --git a/locals.tf b/locals.tf
index ce74971..9ccfbc0 100644
--- a/locals.tf
+++ b/locals.tf
@@ -87,6 +87,6 @@ udevadm settle
 
   install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=server sh -"])
 
-  install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_EXEC=agent sh -"])
+  install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=agent sh -"])
 
 }
diff --git a/master.tf b/master.tf
index 9096ab1..a0015dd 100644
--- a/master.tf
+++ b/master.tf
@@ -84,6 +84,7 @@ resource "hcloud_server" "first_control_plane" {
       <<-EOT
       timeout 120 bash <<EOF
         until systemctl status k3s > /dev/null; do
+          systemctl start k3s
           echo "Waiting for the k3s server to start..."
           sleep 2
         done
diff --git a/servers.tf b/servers.tf
index 18b48b7..e1d069b 100644
--- a/servers.tf
+++ b/servers.tf
@@ -77,13 +77,14 @@ resource "hcloud_server" "control_planes" {
     inline = local.install_k3s_server
   }
 
-  # Upon reboot verify that the k3s server starts correctly
+  # Start the k3s server and wait for it to have started correctly
   provisioner "remote-exec" {
     inline = [
       "systemctl start k3s",
       <<-EOT
       timeout 120 bash <<EOF
         until systemctl status k3s > /dev/null; do
+          systemctl start k3s
           echo "Waiting for the k3s server to start..."
           sleep 2
         done