From 347ba428668a58e3656803a2f74ad28aefd3a68a Mon Sep 17 00:00:00 2001 From: phaer Date: Fri, 11 Feb 2022 23:49:54 +0100 Subject: [PATCH] replace kustomization.yaml.tpl with yamlencode benefit is replacing inline strings in yaml with proper files locally while still just deploying a single file to the remote host. --- locals.tf | 30 ++----- master.tf | 27 ++++++- patches/ccm.yaml | 17 ++++ patches/ccm_latest.yaml | 19 +++++ patches/csi_latest.yaml | 54 +++++++++++++ patches/kured.yaml | 20 +++++ templates/kustomization.yaml.tpl | 129 ------------------------------- 7 files changed, 143 insertions(+), 153 deletions(-) create mode 100644 patches/ccm.yaml create mode 100644 patches/ccm_latest.yaml create mode 100644 patches/csi_latest.yaml create mode 100644 patches/kured.yaml delete mode 100644 templates/kustomization.yaml.tpl diff --git a/locals.tf b/locals.tf index 98eb8d6..962fbe4 100644 --- a/locals.tf +++ b/locals.tf @@ -1,7 +1,8 @@ locals { first_control_plane_network_ip = cidrhost(hcloud_network_subnet.k3s.ip_range, 2) hcloud_image_name = "ubuntu-20.04" - ssh_public_key = trimspace(file(var.public_key)) + + ssh_public_key = trimspace(file(var.public_key)) # ssh_private_key is either the contents of var.private_key or null to use a ssh agent. ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key)) # ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use. @@ -10,10 +11,15 @@ locals { # ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file # if an ssh agent is used. ssh_identity_file = var.private_key == null ? var.public_key : var.private_key - # shared flags for ssh to ignore host keys, to use root and our ssh identity file for all connections during provisioning. ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}" + ccm_version = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag + ccm_latest = var.hetzner_ccm_containers_latest + csi_version = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag + csi_latest = var.hetzner_csi_containers_latest + kured_version = data.github_release.kured.release_tag + MicroOS_install_commands = [ "set -ex", "apt-get install -y aria2", @@ -30,24 +36,4 @@ locals { "cp /root/config.ign /mnt/ignition/config.ign", "umount /mnt" ] - - post_install_kustomization = templatefile( - "${path.module}/templates/kustomization.yaml.tpl", - { - ccm_version = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag - ccm_latest = var.hetzner_ccm_containers_latest - csi_version = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag - csi_latest = var.hetzner_csi_containers_latest - kured_version = data.github_release.kured.release_tag - }) - - traefik_config = templatefile( - "${path.module}/templates/traefik_config.yaml.tpl", - { - lb_disable_ipv6 = var.lb_disable_ipv6 - lb_server_type = var.lb_server_type - location = var.location - traefik_acme_tls = var.traefik_acme_tls - traefik_acme_email = var.traefik_acme_email - }) } diff --git a/master.tf b/master.tf index d13b9b2..ee5ce9a 100644 --- a/master.tf +++ b/master.tf @@ -98,16 +98,39 @@ resource "hcloud_server" "first_control_plane" { # Upload kustomization.yaml, containing Hetzner CSI & CSM, as well as kured. provisioner "file" { - content = local.post_install_kustomization + content = yamlencode({ + apiVersion = "kustomize.config.k8s.io/v1beta1" + kind = "Kustomization" + resources = [ + "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${local.ccm_version}/ccm-networks.yaml", + "https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml", + "https://github.com/weaveworks/kured/releases/download/${local.kured_version}/kured-${local.kured_version}-dockerhub.yaml", + "./traefik.yaml" + ] + patchesStrategicMerge = [ + file("${path.module}/patches/kured.yaml"), + local.ccm_latest ? file("${path.module}/patches/ccm_latest.yaml") : file("${path.module}/patches/ccm.yaml"), + local.csi_latest ? file("${path.module}/patches/csi_latest.yaml") : null, + ] + }) destination = "/tmp/post_install/kustomization.yaml" } # Upload traefik config provisioner "file" { - content = local.traefik_config + content = templatefile( + "${path.module}/templates/traefik_config.yaml.tpl", + { + lb_disable_ipv6 = var.lb_disable_ipv6 + lb_server_type = var.lb_server_type + location = var.location + traefik_acme_tls = var.traefik_acme_tls + traefik_acme_email = var.traefik_acme_email + }) destination = "/tmp/post_install/traefik.yaml" } + # Deploy our post-installation kustomization provisioner "remote-exec" { inline = [ "kubectl -n kube-system create secret generic hcloud --from-literal=token=${var.hcloud_token} --from-literal=network=${hcloud_network.k3s.name}", diff --git a/patches/ccm.yaml b/patches/ccm.yaml new file mode 100644 index 0000000..229fa41 --- /dev/null +++ b/patches/ccm.yaml @@ -0,0 +1,17 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hcloud-cloud-controller-manager + namespace: kube-system +spec: + template: + spec: + containers: + - name: hcloud-cloud-controller-manager + command: + - "/bin/hcloud-cloud-controller-manager" + - "--cloud-provider=hcloud" + - "--leader-elect=false" + - "--allow-untagged-cloud" + - "--allocate-node-cidrs=true" + - "--cluster-cidr=10.42.0.0/16" diff --git a/patches/ccm_latest.yaml b/patches/ccm_latest.yaml new file mode 100644 index 0000000..b461aa7 --- /dev/null +++ b/patches/ccm_latest.yaml @@ -0,0 +1,19 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hcloud-cloud-controller-manager + namespace: kube-system +spec: + template: + spec: + containers: + - name: hcloud-cloud-controller-manager + command: + - "/bin/hcloud-cloud-controller-manager" + - "--cloud-provider=hcloud" + - "--leader-elect=false" + - "--allow-untagged-cloud" + - "--allocate-node-cidrs=true" + - "--cluster-cidr=10.42.0.0/16" + image: hetznercloud/hcloud-cloud-controller-manager:latest + imagePullPolicy: Always diff --git a/patches/csi_latest.yaml b/patches/csi_latest.yaml new file mode 100644 index 0000000..a5e6f74 --- /dev/null +++ b/patches/csi_latest.yaml @@ -0,0 +1,54 @@ + kind: StatefulSet + apiVersion: apps/v1 + metadata: + name: hcloud-csi-controller + namespace: kube-system + spec: + template: + metadata: + labels: + app: hcloud-csi-controller + spec: + containers: + - name: csi-attacher + image: quay.io/k8scsi/csi-attacher:canary + imagePullPolicy: Always + - name: csi-resizer + image: quay.io/k8scsi/csi-resizer:canary + imagePullPolicy: Always + - name: csi-provisioner + image: quay.io/k8scsi/csi-provisioner:canary + imagePullPolicy: Always + - name: hcloud-csi-driver + image: hetznercloud/hcloud-csi-driver:latest + imagePullPolicy: Always + - name: liveness-probe + image: quay.io/k8scsi/livenessprobe:canary + imagePullPolicy: Always + volumes: + - name: socket-dir + emptyDir: {} + --- + kind: DaemonSet + apiVersion: apps/v1 + metadata: + name: hcloud-csi-node + namespace: kube-system + labels: + app: hcloud-csi + spec: + selector: + matchLabels: + app: hcloud-csi + template: + spec: + containers: + - name: csi-node-driver-registrar + image: quay.io/k8scsi/csi-node-driver-registrar:canary + imagePullPolicy: Always + - name: hcloud-csi-driver + image: hetznercloud/hcloud-csi-driver:latest + imagePullPolicy: Always + - name: liveness-probe + image: quay.io/k8scsi/livenessprobe:canary + imagePullPolicy: Always diff --git a/patches/kured.yaml b/patches/kured.yaml new file mode 100644 index 0000000..bf72a0c --- /dev/null +++ b/patches/kured.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kured + namespace: kube-system +spec: + selector: + matchLabels: + name: kured + template: + metadata: + labels: + name: kured + spec: + serviceAccountName: kured + containers: + - name: kured + command: + - /usr/bin/kured + - --reboot-command=/usr/bin/systemctl reboot diff --git a/templates/kustomization.yaml.tpl b/templates/kustomization.yaml.tpl deleted file mode 100644 index 8042097..0000000 --- a/templates/kustomization.yaml.tpl +++ /dev/null @@ -1,129 +0,0 @@ ---- -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: -- "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${ccm_version}/ccm-networks.yaml" -- "https://raw.githubusercontent.com/hetznercloud/csi-driver/${csi_version}/deploy/kubernetes/hcloud-csi.yml" -- "https://github.com/weaveworks/kured/releases/download/${kured_version}/kured-${kured_version}-dockerhub.yaml" -- ./traefik.yaml - -patchesStrategicMerge: -- |- - apiVersion: apps/v1 - kind: DaemonSet - metadata: - name: kured - namespace: kube-system - spec: - selector: - matchLabels: - name: kured - template: - metadata: - labels: - name: kured - spec: - serviceAccountName: kured - containers: - - name: kured - command: - - /usr/bin/kured - - --reboot-command=/usr/bin/systemctl reboot -- |- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: hcloud-cloud-controller-manager - namespace: kube-system - spec: - template: - spec: - containers: - - name: hcloud-cloud-controller-manager - command: - - "/bin/hcloud-cloud-controller-manager" - - "--cloud-provider=hcloud" - - "--leader-elect=false" - - "--allow-untagged-cloud" - - "--allocate-node-cidrs=true" - - "--cluster-cidr=10.42.0.0/16" -%{ if ccm_latest ~} -- |- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: hcloud-cloud-controller-manager - namespace: kube-system - spec: - template: - spec: - containers: - - name: hcloud-cloud-controller-manager - command: - - "/bin/hcloud-cloud-controller-manager" - - "--cloud-provider=hcloud" - - "--leader-elect=false" - - "--allow-untagged-cloud" - - "--allocate-node-cidrs=true" - - "--cluster-cidr=10.42.0.0/16" - image: hetznercloud/hcloud-cloud-controller-manager:latest - imagePullPolicy: Always -%{ endif ~} -%{ if csi_latest ~} -- |- - kind: StatefulSet - apiVersion: apps/v1 - metadata: - name: hcloud-csi-controller - namespace: kube-system - spec: - template: - metadata: - labels: - app: hcloud-csi-controller - spec: - containers: - - name: csi-attacher - image: quay.io/k8scsi/csi-attacher:canary - imagePullPolicy: Always - - name: csi-resizer - image: quay.io/k8scsi/csi-resizer:canary - imagePullPolicy: Always - - name: csi-provisioner - image: quay.io/k8scsi/csi-provisioner:canary - imagePullPolicy: Always - - name: hcloud-csi-driver - image: hetznercloud/hcloud-csi-driver:latest - imagePullPolicy: Always - - name: liveness-probe - image: quay.io/k8scsi/livenessprobe:canary - imagePullPolicy: Always - volumes: - - name: socket-dir - emptyDir: {} - --- - kind: DaemonSet - apiVersion: apps/v1 - metadata: - name: hcloud-csi-node - namespace: kube-system - labels: - app: hcloud-csi - spec: - selector: - matchLabels: - app: hcloud-csi - template: - spec: - containers: - - name: csi-node-driver-registrar - image: quay.io/k8scsi/csi-node-driver-registrar:canary - imagePullPolicy: Always - - name: hcloud-csi-driver - image: hetznercloud/hcloud-csi-driver:latest - imagePullPolicy: Always - - name: liveness-probe - image: quay.io/k8scsi/livenessprobe:canary - imagePullPolicy: Always -%{ endif ~}