Merge branch 'master' into modules
This commit is contained in:
commit
0f9d277293
23
agents.tf
23
agents.tf
@ -4,15 +4,16 @@ module "agents" {
|
|||||||
count = var.agents_num
|
count = var.agents_num
|
||||||
name = "k3s-agent-${count.index}"
|
name = "k3s-agent-${count.index}"
|
||||||
|
|
||||||
ssh_keys = [hcloud_ssh_key.k3s.id]
|
ssh_keys = [hcloud_ssh_key.k3s.id]
|
||||||
public_key = var.public_key
|
public_key = var.public_key
|
||||||
private_key = var.private_key
|
private_key = var.private_key
|
||||||
firewall_ids = [hcloud_firewall.k3s.id]
|
additional_public_keys = var.additional_public_keys
|
||||||
placement_group_id = hcloud_placement_group.k3s.id
|
firewall_ids = [hcloud_firewall.k3s.id]
|
||||||
location = var.location
|
placement_group_id = hcloud_placement_group.k3s.id
|
||||||
network_id = hcloud_network.k3s.id
|
location = var.location
|
||||||
ip = cidrhost(hcloud_network_subnet.k3s.ip_range, 513 + count.index)
|
network_id = hcloud_network.k3s.id
|
||||||
server_type = var.control_plane_server_type
|
ip = cidrhost(hcloud_network_subnet.k3s.ip_range, 513 + count.index)
|
||||||
|
server_type = var.control_plane_server_type
|
||||||
|
|
||||||
labels = {
|
labels = {
|
||||||
"provisioner" = "terraform",
|
"provisioner" = "terraform",
|
||||||
@ -55,12 +56,14 @@ resource "null_resource" "agents" {
|
|||||||
inline = local.install_k3s_agent
|
inline = local.install_k3s_agent
|
||||||
}
|
}
|
||||||
|
|
||||||
# Upon reboot verify that k3s agent starts correctly
|
# Start the k3s agent and wait for it to have started
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
inline = [
|
inline = [
|
||||||
|
"systemctl start k3s-agent",
|
||||||
<<-EOT
|
<<-EOT
|
||||||
timeout 120 bash <<EOF
|
timeout 120 bash <<EOF
|
||||||
until systemctl status k3s-agent > /dev/null; do
|
until systemctl status k3s-agent > /dev/null; do
|
||||||
|
systemctl start k3s-agent
|
||||||
echo "Waiting for the k3s agent to start..."
|
echo "Waiting for the k3s agent to start..."
|
||||||
sleep 2
|
sleep 2
|
||||||
done
|
done
|
||||||
|
@ -17,7 +17,6 @@ locals {
|
|||||||
csi_version = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag
|
csi_version = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag
|
||||||
kured_version = data.github_release.kured.release_tag
|
kured_version = data.github_release.kured.release_tag
|
||||||
|
|
||||||
|
|
||||||
common_commands_install_k3s = [
|
common_commands_install_k3s = [
|
||||||
"set -ex",
|
"set -ex",
|
||||||
# prepare the k3s config directory
|
# prepare the k3s config directory
|
||||||
@ -28,5 +27,5 @@ locals {
|
|||||||
|
|
||||||
install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=server sh -"])
|
install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=server sh -"])
|
||||||
|
|
||||||
install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_EXEC=agent sh -"])
|
install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=agent sh -"])
|
||||||
}
|
}
|
||||||
|
20
master.tf
20
master.tf
@ -3,15 +3,16 @@ module "first_control_plane" {
|
|||||||
|
|
||||||
name = "k3s-control-plane-0"
|
name = "k3s-control-plane-0"
|
||||||
|
|
||||||
ssh_keys = [hcloud_ssh_key.k3s.id]
|
ssh_keys = [hcloud_ssh_key.k3s.id]
|
||||||
public_key = var.public_key
|
public_key = var.public_key
|
||||||
private_key = var.private_key
|
private_key = var.private_key
|
||||||
firewall_ids = [hcloud_firewall.k3s.id]
|
additional_public_keys = var.additional_public_keys
|
||||||
placement_group_id = hcloud_placement_group.k3s.id
|
firewall_ids = [hcloud_firewall.k3s.id]
|
||||||
location = var.location
|
placement_group_id = hcloud_placement_group.k3s.id
|
||||||
network_id = hcloud_network.k3s.id
|
location = var.location
|
||||||
ip = local.first_control_plane_network_ip
|
network_id = hcloud_network.k3s.id
|
||||||
server_type = var.control_plane_server_type
|
ip = local.first_control_plane_network_ip
|
||||||
|
server_type = var.control_plane_server_type
|
||||||
|
|
||||||
labels = {
|
labels = {
|
||||||
"provisioner" = "terraform",
|
"provisioner" = "terraform",
|
||||||
@ -69,6 +70,7 @@ resource "null_resource" "first_control_plane" {
|
|||||||
<<-EOT
|
<<-EOT
|
||||||
timeout 120 bash <<EOF
|
timeout 120 bash <<EOF
|
||||||
until systemctl status k3s > /dev/null; do
|
until systemctl status k3s > /dev/null; do
|
||||||
|
systemctl start k3s
|
||||||
echo "Waiting for the k3s server to start..."
|
echo "Waiting for the k3s server to start..."
|
||||||
sleep 2
|
sleep 2
|
||||||
done
|
done
|
||||||
|
@ -31,6 +31,34 @@ locals {
|
|||||||
"umount /mnt"
|
"umount /mnt"
|
||||||
]
|
]
|
||||||
|
|
||||||
|
ignition_config = jsonencode({
|
||||||
|
ignition = {
|
||||||
|
version = "3.0.0"
|
||||||
|
}
|
||||||
|
passwd = {
|
||||||
|
users = [{
|
||||||
|
name = "root"
|
||||||
|
sshAuthorizedKeys = concat([local.ssh_public_key], var.additional_public_keys)
|
||||||
|
}]
|
||||||
|
}
|
||||||
|
storage = {
|
||||||
|
files = [
|
||||||
|
{
|
||||||
|
path = "/etc/sysconfig/network/ifcfg-eth1"
|
||||||
|
mode = 420
|
||||||
|
overwrite = true
|
||||||
|
contents = { "source" = "data:,BOOTPROTO%3D%27dhcp%27%0ASTARTMODE%3D%27auto%27" }
|
||||||
|
},
|
||||||
|
{
|
||||||
|
path = "/etc/ssh/sshd_config.d/kube-hetzner.conf"
|
||||||
|
mode = 420
|
||||||
|
overwrite = true
|
||||||
|
contents = { "source" = "data:,PasswordAuthentication%20no%0AX11Forwarding%20no%0AMaxAuthTries%202%0AAllowTcpForwarding%20no%0AAllowAgentForwarding%20no%0AAuthorizedKeysFile%20.ssh%2Fauthorized_keys" }
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
})
|
||||||
|
|
||||||
combustion_script = <<EOF
|
combustion_script = <<EOF
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# combustion: network
|
# combustion: network
|
||||||
|
@ -25,10 +25,7 @@ resource "hcloud_server" "server" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
content = templatefile("${path.module}/templates/config.ign.tpl", {
|
content = local.ignition_config
|
||||||
name = self.name
|
|
||||||
ssh_public_key = local.ssh_public_key
|
|
||||||
})
|
|
||||||
destination = "/root/config.ign"
|
destination = "/root/config.ign"
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -54,7 +51,7 @@ resource "hcloud_server" "server" {
|
|||||||
until ssh ${local.ssh_args} -o ConnectTimeout=2 root@${self.ipv4_address} true 2> /dev/null
|
until ssh ${local.ssh_args} -o ConnectTimeout=2 root@${self.ipv4_address} true 2> /dev/null
|
||||||
do
|
do
|
||||||
echo "Waiting for MicroOS to reboot and become available..."
|
echo "Waiting for MicroOS to reboot and become available..."
|
||||||
sleep 2
|
sleep 3
|
||||||
done
|
done
|
||||||
EOT
|
EOT
|
||||||
}
|
}
|
||||||
|
@ -1,31 +0,0 @@
|
|||||||
{
|
|
||||||
"ignition": {
|
|
||||||
"version": "3.0.0"
|
|
||||||
},
|
|
||||||
"passwd": {
|
|
||||||
"users": [
|
|
||||||
{
|
|
||||||
"name": "root",
|
|
||||||
"sshAuthorizedKeys": [
|
|
||||||
"${ssh_public_key}"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"storage": {
|
|
||||||
"files": [
|
|
||||||
{
|
|
||||||
"path": "/etc/sysconfig/network/ifcfg-eth1",
|
|
||||||
"mode": 420,
|
|
||||||
"overwrite": true,
|
|
||||||
"contents": { "source": "data:,BOOTPROTO%3D%27dhcp%27%0ASTARTMODE%3D%27auto%27" }
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"path": "/etc/ssh/sshd_config.d/kube-hetzner.conf",
|
|
||||||
"mode": 420,
|
|
||||||
"overwrite": true,
|
|
||||||
"contents": { "source": "data:,PasswordAuthentication%20no%0AX11Forwarding%20no%0AMaxAuthTries%202%0AAllowTcpForwarding%20no%0AAllowAgentForwarding%20no%0AAuthorizedKeysFile%20.ssh%2Fauthorized_keys" }
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
@ -19,6 +19,12 @@ variable "private_key" {
|
|||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "additional_public_keys" {
|
||||||
|
description = "Additional SSH public Keys. Use them to grant other team members root access to your cluster nodes"
|
||||||
|
type = list(string)
|
||||||
|
default = []
|
||||||
|
}
|
||||||
|
|
||||||
variable "ssh_keys" {
|
variable "ssh_keys" {
|
||||||
description = "List of SSH key IDs"
|
description = "List of SSH key IDs"
|
||||||
type = list(string)
|
type = list(string)
|
||||||
|
22
servers.tf
22
servers.tf
@ -4,15 +4,16 @@ module "control_planes" {
|
|||||||
count = var.servers_num - 1
|
count = var.servers_num - 1
|
||||||
name = "k3s-control-plane-${count.index + 1}"
|
name = "k3s-control-plane-${count.index + 1}"
|
||||||
|
|
||||||
ssh_keys = [hcloud_ssh_key.k3s.id]
|
ssh_keys = [hcloud_ssh_key.k3s.id]
|
||||||
public_key = var.public_key
|
public_key = var.public_key
|
||||||
private_key = var.private_key
|
private_key = var.private_key
|
||||||
firewall_ids = [hcloud_firewall.k3s.id]
|
additional_public_keys = var.additional_public_keys
|
||||||
placement_group_id = hcloud_placement_group.k3s.id
|
firewall_ids = [hcloud_firewall.k3s.id]
|
||||||
location = var.location
|
placement_group_id = hcloud_placement_group.k3s.id
|
||||||
network_id = hcloud_network.k3s.id
|
location = var.location
|
||||||
ip = cidrhost(hcloud_network_subnet.k3s.ip_range, 258 + count.index)
|
network_id = hcloud_network.k3s.id
|
||||||
server_type = var.control_plane_server_type
|
ip = cidrhost(hcloud_network_subnet.k3s.ip_range, 258 + count.index)
|
||||||
|
server_type = var.control_plane_server_type
|
||||||
|
|
||||||
labels = {
|
labels = {
|
||||||
"provisioner" = "terraform",
|
"provisioner" = "terraform",
|
||||||
@ -61,13 +62,14 @@ resource "null_resource" "control_planes" {
|
|||||||
inline = local.install_k3s_server
|
inline = local.install_k3s_server
|
||||||
}
|
}
|
||||||
|
|
||||||
# Upon reboot verify that the k3s server starts correctly
|
# Start the k3s server and wait for it to have started correctly
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
inline = [
|
inline = [
|
||||||
"systemctl start k3s",
|
"systemctl start k3s",
|
||||||
<<-EOT
|
<<-EOT
|
||||||
timeout 120 bash <<EOF
|
timeout 120 bash <<EOF
|
||||||
until systemctl status k3s > /dev/null; do
|
until systemctl status k3s > /dev/null; do
|
||||||
|
systemctl start k3s
|
||||||
echo "Waiting for the k3s server to start..."
|
echo "Waiting for the k3s server to start..."
|
||||||
sleep 2
|
sleep 2
|
||||||
done
|
done
|
||||||
|
@ -1,31 +0,0 @@
|
|||||||
{
|
|
||||||
"ignition": {
|
|
||||||
"version": "3.0.0"
|
|
||||||
},
|
|
||||||
"passwd": {
|
|
||||||
"users": [
|
|
||||||
{
|
|
||||||
"name": "root",
|
|
||||||
"sshAuthorizedKeys": [
|
|
||||||
"${ssh_public_key}"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"storage": {
|
|
||||||
"files": [
|
|
||||||
{
|
|
||||||
"path": "/etc/sysconfig/network/ifcfg-eth1",
|
|
||||||
"mode": 420,
|
|
||||||
"overwrite": true,
|
|
||||||
"contents": { "source": "data:,BOOTPROTO%3D%27dhcp%27%0ASTARTMODE%3D%27auto%27" }
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"path": "/etc/ssh/sshd_config.d/kube-hetzner.conf",
|
|
||||||
"mode": 420,
|
|
||||||
"overwrite": true,
|
|
||||||
"contents": { "source": "data:,PasswordAuthentication%20no%0AX11Forwarding%20no%0AMaxAuthTries%202%0AAllowTcpForwarding%20no%0AAllowAgentForwarding%20no%0AAuthorizedKeysFile%20.ssh%2Fauthorized_keys" }
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
@ -14,6 +14,12 @@ variable "private_key" {
|
|||||||
type = string
|
type = string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "additional_public_keys" {
|
||||||
|
description = "Additional SSH public Keys. Use them to grant other team members root access to your cluster nodes"
|
||||||
|
type = list(string)
|
||||||
|
default = []
|
||||||
|
}
|
||||||
|
|
||||||
variable "location" {
|
variable "location" {
|
||||||
description = "Default server location"
|
description = "Default server location"
|
||||||
type = string
|
type = string
|
||||||
|
Loading…
Reference in New Issue
Block a user