replace kustomization.yaml.tpl with yamlencode

benefit is replacing inline strings in yaml with proper files
locally while still just deploying a single file to the remote
host.
This commit is contained in:
phaer 2022-02-11 23:49:54 +01:00
parent ddcc473ea8
commit 347ba42866
7 changed files with 143 additions and 153 deletions

View File

@ -1,7 +1,8 @@
locals { locals {
first_control_plane_network_ip = cidrhost(hcloud_network_subnet.k3s.ip_range, 2) first_control_plane_network_ip = cidrhost(hcloud_network_subnet.k3s.ip_range, 2)
hcloud_image_name = "ubuntu-20.04" hcloud_image_name = "ubuntu-20.04"
ssh_public_key = trimspace(file(var.public_key))
ssh_public_key = trimspace(file(var.public_key))
# ssh_private_key is either the contents of var.private_key or null to use a ssh agent. # ssh_private_key is either the contents of var.private_key or null to use a ssh agent.
ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key)) ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key))
# ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use. # ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use.
@ -10,10 +11,15 @@ locals {
# ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file # ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file
# if an ssh agent is used. # if an ssh agent is used.
ssh_identity_file = var.private_key == null ? var.public_key : var.private_key ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
# shared flags for ssh to ignore host keys, to use root and our ssh identity file for all connections during provisioning. # shared flags for ssh to ignore host keys, to use root and our ssh identity file for all connections during provisioning.
ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}" ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}"
ccm_version = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag
ccm_latest = var.hetzner_ccm_containers_latest
csi_version = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag
csi_latest = var.hetzner_csi_containers_latest
kured_version = data.github_release.kured.release_tag
MicroOS_install_commands = [ MicroOS_install_commands = [
"set -ex", "set -ex",
"apt-get install -y aria2", "apt-get install -y aria2",
@ -30,24 +36,4 @@ locals {
"cp /root/config.ign /mnt/ignition/config.ign", "cp /root/config.ign /mnt/ignition/config.ign",
"umount /mnt" "umount /mnt"
] ]
post_install_kustomization = templatefile(
"${path.module}/templates/kustomization.yaml.tpl",
{
ccm_version = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag
ccm_latest = var.hetzner_ccm_containers_latest
csi_version = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag
csi_latest = var.hetzner_csi_containers_latest
kured_version = data.github_release.kured.release_tag
})
traefik_config = templatefile(
"${path.module}/templates/traefik_config.yaml.tpl",
{
lb_disable_ipv6 = var.lb_disable_ipv6
lb_server_type = var.lb_server_type
location = var.location
traefik_acme_tls = var.traefik_acme_tls
traefik_acme_email = var.traefik_acme_email
})
} }

View File

@ -98,16 +98,39 @@ resource "hcloud_server" "first_control_plane" {
# Upload kustomization.yaml, containing Hetzner CSI & CSM, as well as kured. # Upload kustomization.yaml, containing Hetzner CSI & CSM, as well as kured.
provisioner "file" { provisioner "file" {
content = local.post_install_kustomization content = yamlencode({
apiVersion = "kustomize.config.k8s.io/v1beta1"
kind = "Kustomization"
resources = [
"https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${local.ccm_version}/ccm-networks.yaml",
"https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml",
"https://github.com/weaveworks/kured/releases/download/${local.kured_version}/kured-${local.kured_version}-dockerhub.yaml",
"./traefik.yaml"
]
patchesStrategicMerge = [
file("${path.module}/patches/kured.yaml"),
local.ccm_latest ? file("${path.module}/patches/ccm_latest.yaml") : file("${path.module}/patches/ccm.yaml"),
local.csi_latest ? file("${path.module}/patches/csi_latest.yaml") : null,
]
})
destination = "/tmp/post_install/kustomization.yaml" destination = "/tmp/post_install/kustomization.yaml"
} }
# Upload traefik config # Upload traefik config
provisioner "file" { provisioner "file" {
content = local.traefik_config content = templatefile(
"${path.module}/templates/traefik_config.yaml.tpl",
{
lb_disable_ipv6 = var.lb_disable_ipv6
lb_server_type = var.lb_server_type
location = var.location
traefik_acme_tls = var.traefik_acme_tls
traefik_acme_email = var.traefik_acme_email
})
destination = "/tmp/post_install/traefik.yaml" destination = "/tmp/post_install/traefik.yaml"
} }
# Deploy our post-installation kustomization
provisioner "remote-exec" { provisioner "remote-exec" {
inline = [ inline = [
"kubectl -n kube-system create secret generic hcloud --from-literal=token=${var.hcloud_token} --from-literal=network=${hcloud_network.k3s.name}", "kubectl -n kube-system create secret generic hcloud --from-literal=token=${var.hcloud_token} --from-literal=network=${hcloud_network.k3s.name}",

17
patches/ccm.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: hcloud-cloud-controller-manager
namespace: kube-system
spec:
template:
spec:
containers:
- name: hcloud-cloud-controller-manager
command:
- "/bin/hcloud-cloud-controller-manager"
- "--cloud-provider=hcloud"
- "--leader-elect=false"
- "--allow-untagged-cloud"
- "--allocate-node-cidrs=true"
- "--cluster-cidr=10.42.0.0/16"

19
patches/ccm_latest.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: hcloud-cloud-controller-manager
namespace: kube-system
spec:
template:
spec:
containers:
- name: hcloud-cloud-controller-manager
command:
- "/bin/hcloud-cloud-controller-manager"
- "--cloud-provider=hcloud"
- "--leader-elect=false"
- "--allow-untagged-cloud"
- "--allocate-node-cidrs=true"
- "--cluster-cidr=10.42.0.0/16"
image: hetznercloud/hcloud-cloud-controller-manager:latest
imagePullPolicy: Always

54
patches/csi_latest.yaml Normal file
View File

@ -0,0 +1,54 @@
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: hcloud-csi-controller
namespace: kube-system
spec:
template:
metadata:
labels:
app: hcloud-csi-controller
spec:
containers:
- name: csi-attacher
image: quay.io/k8scsi/csi-attacher:canary
imagePullPolicy: Always
- name: csi-resizer
image: quay.io/k8scsi/csi-resizer:canary
imagePullPolicy: Always
- name: csi-provisioner
image: quay.io/k8scsi/csi-provisioner:canary
imagePullPolicy: Always
- name: hcloud-csi-driver
image: hetznercloud/hcloud-csi-driver:latest
imagePullPolicy: Always
- name: liveness-probe
image: quay.io/k8scsi/livenessprobe:canary
imagePullPolicy: Always
volumes:
- name: socket-dir
emptyDir: {}
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: hcloud-csi-node
namespace: kube-system
labels:
app: hcloud-csi
spec:
selector:
matchLabels:
app: hcloud-csi
template:
spec:
containers:
- name: csi-node-driver-registrar
image: quay.io/k8scsi/csi-node-driver-registrar:canary
imagePullPolicy: Always
- name: hcloud-csi-driver
image: hetznercloud/hcloud-csi-driver:latest
imagePullPolicy: Always
- name: liveness-probe
image: quay.io/k8scsi/livenessprobe:canary
imagePullPolicy: Always

20
patches/kured.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kured
namespace: kube-system
spec:
selector:
matchLabels:
name: kured
template:
metadata:
labels:
name: kured
spec:
serviceAccountName: kured
containers:
- name: kured
command:
- /usr/bin/kured
- --reboot-command=/usr/bin/systemctl reboot

View File

@ -1,129 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${ccm_version}/ccm-networks.yaml"
- "https://raw.githubusercontent.com/hetznercloud/csi-driver/${csi_version}/deploy/kubernetes/hcloud-csi.yml"
- "https://github.com/weaveworks/kured/releases/download/${kured_version}/kured-${kured_version}-dockerhub.yaml"
- ./traefik.yaml
patchesStrategicMerge:
- |-
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kured
namespace: kube-system
spec:
selector:
matchLabels:
name: kured
template:
metadata:
labels:
name: kured
spec:
serviceAccountName: kured
containers:
- name: kured
command:
- /usr/bin/kured
- --reboot-command=/usr/bin/systemctl reboot
- |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: hcloud-cloud-controller-manager
namespace: kube-system
spec:
template:
spec:
containers:
- name: hcloud-cloud-controller-manager
command:
- "/bin/hcloud-cloud-controller-manager"
- "--cloud-provider=hcloud"
- "--leader-elect=false"
- "--allow-untagged-cloud"
- "--allocate-node-cidrs=true"
- "--cluster-cidr=10.42.0.0/16"
%{ if ccm_latest ~}
- |-
apiVersion: apps/v1
kind: Deployment
metadata:
name: hcloud-cloud-controller-manager
namespace: kube-system
spec:
template:
spec:
containers:
- name: hcloud-cloud-controller-manager
command:
- "/bin/hcloud-cloud-controller-manager"
- "--cloud-provider=hcloud"
- "--leader-elect=false"
- "--allow-untagged-cloud"
- "--allocate-node-cidrs=true"
- "--cluster-cidr=10.42.0.0/16"
image: hetznercloud/hcloud-cloud-controller-manager:latest
imagePullPolicy: Always
%{ endif ~}
%{ if csi_latest ~}
- |-
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: hcloud-csi-controller
namespace: kube-system
spec:
template:
metadata:
labels:
app: hcloud-csi-controller
spec:
containers:
- name: csi-attacher
image: quay.io/k8scsi/csi-attacher:canary
imagePullPolicy: Always
- name: csi-resizer
image: quay.io/k8scsi/csi-resizer:canary
imagePullPolicy: Always
- name: csi-provisioner
image: quay.io/k8scsi/csi-provisioner:canary
imagePullPolicy: Always
- name: hcloud-csi-driver
image: hetznercloud/hcloud-csi-driver:latest
imagePullPolicy: Always
- name: liveness-probe
image: quay.io/k8scsi/livenessprobe:canary
imagePullPolicy: Always
volumes:
- name: socket-dir
emptyDir: {}
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: hcloud-csi-node
namespace: kube-system
labels:
app: hcloud-csi
spec:
selector:
matchLabels:
app: hcloud-csi
template:
spec:
containers:
- name: csi-node-driver-registrar
image: quay.io/k8scsi/csi-node-driver-registrar:canary
imagePullPolicy: Always
- name: hcloud-csi-driver
image: hetznercloud/hcloud-csi-driver:latest
imagePullPolicy: Always
- name: liveness-probe
image: quay.io/k8scsi/livenessprobe:canary
imagePullPolicy: Always
%{ endif ~}