replace kustomization.yaml.tpl with yamlencode
benefit is replacing inline strings in yaml with proper files locally while still just deploying a single file to the remote host.
This commit is contained in:
parent
ddcc473ea8
commit
347ba42866
30
locals.tf
30
locals.tf
@ -1,7 +1,8 @@
|
|||||||
locals {
|
locals {
|
||||||
first_control_plane_network_ip = cidrhost(hcloud_network_subnet.k3s.ip_range, 2)
|
first_control_plane_network_ip = cidrhost(hcloud_network_subnet.k3s.ip_range, 2)
|
||||||
hcloud_image_name = "ubuntu-20.04"
|
hcloud_image_name = "ubuntu-20.04"
|
||||||
ssh_public_key = trimspace(file(var.public_key))
|
|
||||||
|
ssh_public_key = trimspace(file(var.public_key))
|
||||||
# ssh_private_key is either the contents of var.private_key or null to use a ssh agent.
|
# ssh_private_key is either the contents of var.private_key or null to use a ssh agent.
|
||||||
ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key))
|
ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key))
|
||||||
# ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use.
|
# ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use.
|
||||||
@ -10,10 +11,15 @@ locals {
|
|||||||
# ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file
|
# ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file
|
||||||
# if an ssh agent is used.
|
# if an ssh agent is used.
|
||||||
ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
|
ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
|
||||||
|
|
||||||
# shared flags for ssh to ignore host keys, to use root and our ssh identity file for all connections during provisioning.
|
# shared flags for ssh to ignore host keys, to use root and our ssh identity file for all connections during provisioning.
|
||||||
ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}"
|
ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}"
|
||||||
|
|
||||||
|
ccm_version = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag
|
||||||
|
ccm_latest = var.hetzner_ccm_containers_latest
|
||||||
|
csi_version = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag
|
||||||
|
csi_latest = var.hetzner_csi_containers_latest
|
||||||
|
kured_version = data.github_release.kured.release_tag
|
||||||
|
|
||||||
MicroOS_install_commands = [
|
MicroOS_install_commands = [
|
||||||
"set -ex",
|
"set -ex",
|
||||||
"apt-get install -y aria2",
|
"apt-get install -y aria2",
|
||||||
@ -30,24 +36,4 @@ locals {
|
|||||||
"cp /root/config.ign /mnt/ignition/config.ign",
|
"cp /root/config.ign /mnt/ignition/config.ign",
|
||||||
"umount /mnt"
|
"umount /mnt"
|
||||||
]
|
]
|
||||||
|
|
||||||
post_install_kustomization = templatefile(
|
|
||||||
"${path.module}/templates/kustomization.yaml.tpl",
|
|
||||||
{
|
|
||||||
ccm_version = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag
|
|
||||||
ccm_latest = var.hetzner_ccm_containers_latest
|
|
||||||
csi_version = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag
|
|
||||||
csi_latest = var.hetzner_csi_containers_latest
|
|
||||||
kured_version = data.github_release.kured.release_tag
|
|
||||||
})
|
|
||||||
|
|
||||||
traefik_config = templatefile(
|
|
||||||
"${path.module}/templates/traefik_config.yaml.tpl",
|
|
||||||
{
|
|
||||||
lb_disable_ipv6 = var.lb_disable_ipv6
|
|
||||||
lb_server_type = var.lb_server_type
|
|
||||||
location = var.location
|
|
||||||
traefik_acme_tls = var.traefik_acme_tls
|
|
||||||
traefik_acme_email = var.traefik_acme_email
|
|
||||||
})
|
|
||||||
}
|
}
|
||||||
|
27
master.tf
27
master.tf
@ -98,16 +98,39 @@ resource "hcloud_server" "first_control_plane" {
|
|||||||
|
|
||||||
# Upload kustomization.yaml, containing Hetzner CSI & CSM, as well as kured.
|
# Upload kustomization.yaml, containing Hetzner CSI & CSM, as well as kured.
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
content = local.post_install_kustomization
|
content = yamlencode({
|
||||||
|
apiVersion = "kustomize.config.k8s.io/v1beta1"
|
||||||
|
kind = "Kustomization"
|
||||||
|
resources = [
|
||||||
|
"https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${local.ccm_version}/ccm-networks.yaml",
|
||||||
|
"https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml",
|
||||||
|
"https://github.com/weaveworks/kured/releases/download/${local.kured_version}/kured-${local.kured_version}-dockerhub.yaml",
|
||||||
|
"./traefik.yaml"
|
||||||
|
]
|
||||||
|
patchesStrategicMerge = [
|
||||||
|
file("${path.module}/patches/kured.yaml"),
|
||||||
|
local.ccm_latest ? file("${path.module}/patches/ccm_latest.yaml") : file("${path.module}/patches/ccm.yaml"),
|
||||||
|
local.csi_latest ? file("${path.module}/patches/csi_latest.yaml") : null,
|
||||||
|
]
|
||||||
|
})
|
||||||
destination = "/tmp/post_install/kustomization.yaml"
|
destination = "/tmp/post_install/kustomization.yaml"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Upload traefik config
|
# Upload traefik config
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
content = local.traefik_config
|
content = templatefile(
|
||||||
|
"${path.module}/templates/traefik_config.yaml.tpl",
|
||||||
|
{
|
||||||
|
lb_disable_ipv6 = var.lb_disable_ipv6
|
||||||
|
lb_server_type = var.lb_server_type
|
||||||
|
location = var.location
|
||||||
|
traefik_acme_tls = var.traefik_acme_tls
|
||||||
|
traefik_acme_email = var.traefik_acme_email
|
||||||
|
})
|
||||||
destination = "/tmp/post_install/traefik.yaml"
|
destination = "/tmp/post_install/traefik.yaml"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Deploy our post-installation kustomization
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
inline = [
|
inline = [
|
||||||
"kubectl -n kube-system create secret generic hcloud --from-literal=token=${var.hcloud_token} --from-literal=network=${hcloud_network.k3s.name}",
|
"kubectl -n kube-system create secret generic hcloud --from-literal=token=${var.hcloud_token} --from-literal=network=${hcloud_network.k3s.name}",
|
||||||
|
17
patches/ccm.yaml
Normal file
17
patches/ccm.yaml
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: hcloud-cloud-controller-manager
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: hcloud-cloud-controller-manager
|
||||||
|
command:
|
||||||
|
- "/bin/hcloud-cloud-controller-manager"
|
||||||
|
- "--cloud-provider=hcloud"
|
||||||
|
- "--leader-elect=false"
|
||||||
|
- "--allow-untagged-cloud"
|
||||||
|
- "--allocate-node-cidrs=true"
|
||||||
|
- "--cluster-cidr=10.42.0.0/16"
|
19
patches/ccm_latest.yaml
Normal file
19
patches/ccm_latest.yaml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: hcloud-cloud-controller-manager
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: hcloud-cloud-controller-manager
|
||||||
|
command:
|
||||||
|
- "/bin/hcloud-cloud-controller-manager"
|
||||||
|
- "--cloud-provider=hcloud"
|
||||||
|
- "--leader-elect=false"
|
||||||
|
- "--allow-untagged-cloud"
|
||||||
|
- "--allocate-node-cidrs=true"
|
||||||
|
- "--cluster-cidr=10.42.0.0/16"
|
||||||
|
image: hetznercloud/hcloud-cloud-controller-manager:latest
|
||||||
|
imagePullPolicy: Always
|
54
patches/csi_latest.yaml
Normal file
54
patches/csi_latest.yaml
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
kind: StatefulSet
|
||||||
|
apiVersion: apps/v1
|
||||||
|
metadata:
|
||||||
|
name: hcloud-csi-controller
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: hcloud-csi-controller
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: csi-attacher
|
||||||
|
image: quay.io/k8scsi/csi-attacher:canary
|
||||||
|
imagePullPolicy: Always
|
||||||
|
- name: csi-resizer
|
||||||
|
image: quay.io/k8scsi/csi-resizer:canary
|
||||||
|
imagePullPolicy: Always
|
||||||
|
- name: csi-provisioner
|
||||||
|
image: quay.io/k8scsi/csi-provisioner:canary
|
||||||
|
imagePullPolicy: Always
|
||||||
|
- name: hcloud-csi-driver
|
||||||
|
image: hetznercloud/hcloud-csi-driver:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
- name: liveness-probe
|
||||||
|
image: quay.io/k8scsi/livenessprobe:canary
|
||||||
|
imagePullPolicy: Always
|
||||||
|
volumes:
|
||||||
|
- name: socket-dir
|
||||||
|
emptyDir: {}
|
||||||
|
---
|
||||||
|
kind: DaemonSet
|
||||||
|
apiVersion: apps/v1
|
||||||
|
metadata:
|
||||||
|
name: hcloud-csi-node
|
||||||
|
namespace: kube-system
|
||||||
|
labels:
|
||||||
|
app: hcloud-csi
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: hcloud-csi
|
||||||
|
template:
|
||||||
|
spec:
|
||||||
|
containers:
|
||||||
|
- name: csi-node-driver-registrar
|
||||||
|
image: quay.io/k8scsi/csi-node-driver-registrar:canary
|
||||||
|
imagePullPolicy: Always
|
||||||
|
- name: hcloud-csi-driver
|
||||||
|
image: hetznercloud/hcloud-csi-driver:latest
|
||||||
|
imagePullPolicy: Always
|
||||||
|
- name: liveness-probe
|
||||||
|
image: quay.io/k8scsi/livenessprobe:canary
|
||||||
|
imagePullPolicy: Always
|
20
patches/kured.yaml
Normal file
20
patches/kured.yaml
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
apiVersion: apps/v1
|
||||||
|
kind: DaemonSet
|
||||||
|
metadata:
|
||||||
|
name: kured
|
||||||
|
namespace: kube-system
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
name: kured
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
name: kured
|
||||||
|
spec:
|
||||||
|
serviceAccountName: kured
|
||||||
|
containers:
|
||||||
|
- name: kured
|
||||||
|
command:
|
||||||
|
- /usr/bin/kured
|
||||||
|
- --reboot-command=/usr/bin/systemctl reboot
|
@ -1,129 +0,0 @@
|
|||||||
---
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
|
|
||||||
resources:
|
|
||||||
- "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${ccm_version}/ccm-networks.yaml"
|
|
||||||
- "https://raw.githubusercontent.com/hetznercloud/csi-driver/${csi_version}/deploy/kubernetes/hcloud-csi.yml"
|
|
||||||
- "https://github.com/weaveworks/kured/releases/download/${kured_version}/kured-${kured_version}-dockerhub.yaml"
|
|
||||||
- ./traefik.yaml
|
|
||||||
|
|
||||||
patchesStrategicMerge:
|
|
||||||
- |-
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: DaemonSet
|
|
||||||
metadata:
|
|
||||||
name: kured
|
|
||||||
namespace: kube-system
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
name: kured
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
name: kured
|
|
||||||
spec:
|
|
||||||
serviceAccountName: kured
|
|
||||||
containers:
|
|
||||||
- name: kured
|
|
||||||
command:
|
|
||||||
- /usr/bin/kured
|
|
||||||
- --reboot-command=/usr/bin/systemctl reboot
|
|
||||||
- |-
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: hcloud-cloud-controller-manager
|
|
||||||
namespace: kube-system
|
|
||||||
spec:
|
|
||||||
template:
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: hcloud-cloud-controller-manager
|
|
||||||
command:
|
|
||||||
- "/bin/hcloud-cloud-controller-manager"
|
|
||||||
- "--cloud-provider=hcloud"
|
|
||||||
- "--leader-elect=false"
|
|
||||||
- "--allow-untagged-cloud"
|
|
||||||
- "--allocate-node-cidrs=true"
|
|
||||||
- "--cluster-cidr=10.42.0.0/16"
|
|
||||||
%{ if ccm_latest ~}
|
|
||||||
- |-
|
|
||||||
apiVersion: apps/v1
|
|
||||||
kind: Deployment
|
|
||||||
metadata:
|
|
||||||
name: hcloud-cloud-controller-manager
|
|
||||||
namespace: kube-system
|
|
||||||
spec:
|
|
||||||
template:
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: hcloud-cloud-controller-manager
|
|
||||||
command:
|
|
||||||
- "/bin/hcloud-cloud-controller-manager"
|
|
||||||
- "--cloud-provider=hcloud"
|
|
||||||
- "--leader-elect=false"
|
|
||||||
- "--allow-untagged-cloud"
|
|
||||||
- "--allocate-node-cidrs=true"
|
|
||||||
- "--cluster-cidr=10.42.0.0/16"
|
|
||||||
image: hetznercloud/hcloud-cloud-controller-manager:latest
|
|
||||||
imagePullPolicy: Always
|
|
||||||
%{ endif ~}
|
|
||||||
%{ if csi_latest ~}
|
|
||||||
- |-
|
|
||||||
kind: StatefulSet
|
|
||||||
apiVersion: apps/v1
|
|
||||||
metadata:
|
|
||||||
name: hcloud-csi-controller
|
|
||||||
namespace: kube-system
|
|
||||||
spec:
|
|
||||||
template:
|
|
||||||
metadata:
|
|
||||||
labels:
|
|
||||||
app: hcloud-csi-controller
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: csi-attacher
|
|
||||||
image: quay.io/k8scsi/csi-attacher:canary
|
|
||||||
imagePullPolicy: Always
|
|
||||||
- name: csi-resizer
|
|
||||||
image: quay.io/k8scsi/csi-resizer:canary
|
|
||||||
imagePullPolicy: Always
|
|
||||||
- name: csi-provisioner
|
|
||||||
image: quay.io/k8scsi/csi-provisioner:canary
|
|
||||||
imagePullPolicy: Always
|
|
||||||
- name: hcloud-csi-driver
|
|
||||||
image: hetznercloud/hcloud-csi-driver:latest
|
|
||||||
imagePullPolicy: Always
|
|
||||||
- name: liveness-probe
|
|
||||||
image: quay.io/k8scsi/livenessprobe:canary
|
|
||||||
imagePullPolicy: Always
|
|
||||||
volumes:
|
|
||||||
- name: socket-dir
|
|
||||||
emptyDir: {}
|
|
||||||
---
|
|
||||||
kind: DaemonSet
|
|
||||||
apiVersion: apps/v1
|
|
||||||
metadata:
|
|
||||||
name: hcloud-csi-node
|
|
||||||
namespace: kube-system
|
|
||||||
labels:
|
|
||||||
app: hcloud-csi
|
|
||||||
spec:
|
|
||||||
selector:
|
|
||||||
matchLabels:
|
|
||||||
app: hcloud-csi
|
|
||||||
template:
|
|
||||||
spec:
|
|
||||||
containers:
|
|
||||||
- name: csi-node-driver-registrar
|
|
||||||
image: quay.io/k8scsi/csi-node-driver-registrar:canary
|
|
||||||
imagePullPolicy: Always
|
|
||||||
- name: hcloud-csi-driver
|
|
||||||
image: hetznercloud/hcloud-csi-driver:latest
|
|
||||||
imagePullPolicy: Always
|
|
||||||
- name: liveness-probe
|
|
||||||
image: quay.io/k8scsi/livenessprobe:canary
|
|
||||||
imagePullPolicy: Always
|
|
||||||
%{ endif ~}
|
|
Loading…
Reference in New Issue
Block a user