replace kustomization.yaml.tpl with yamlencode

benefit is replacing inline strings in yaml with proper files locally while still just deploying a single file to the remote host.
2022-02-11 23:49:54 +01:00 · 2022-02-11 23:49:54 +01:00 · 347ba42866
commit 347ba42866
parent ddcc473ea8
7 changed files with 143 additions and 153 deletions
--- a/locals.tf
+++ b/locals.tf
@ -1,7 +1,8 @@
 locals {
  first_control_plane_network_ip = cidrhost(hcloud_network_subnet.k3s.ip_range, 2)
  hcloud_image_name              = "ubuntu-20.04"
-  ssh_public_key                 = trimspace(file(var.public_key))
+
  ssh_public_key = trimspace(file(var.public_key))
  # ssh_private_key is either the contents of var.private_key or null to use a ssh agent.
  ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key))
  # ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use.
@ -10,10 +11,15 @@ locals {
  # ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file
  # if an ssh agent is used.
  ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
  # shared flags for ssh to ignore host keys, to use root and our ssh identity file for all connections during provisioning.
  ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}"
  ccm_version   = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag
  ccm_latest    = var.hetzner_ccm_containers_latest
  csi_version   = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag
  csi_latest    = var.hetzner_csi_containers_latest
  kured_version = data.github_release.kured.release_tag
  MicroOS_install_commands = [
    "set -ex",
    "apt-get install -y aria2",
@ -30,24 +36,4 @@ locals {
    "cp /root/config.ign /mnt/ignition/config.ign",
    "umount /mnt"
  ]
  post_install_kustomization = templatefile(
    "${path.module}/templates/kustomization.yaml.tpl",
    {
      ccm_version   = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag
      ccm_latest    = var.hetzner_ccm_containers_latest
      csi_version   = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag
      csi_latest    = var.hetzner_csi_containers_latest
      kured_version = data.github_release.kured.release_tag
  })
  traefik_config = templatefile(
    "${path.module}/templates/traefik_config.yaml.tpl",
    {
      lb_disable_ipv6    = var.lb_disable_ipv6
      lb_server_type     = var.lb_server_type
      location           = var.location
      traefik_acme_tls   = var.traefik_acme_tls
      traefik_acme_email = var.traefik_acme_email
  })
 }
--- a/master.tf
+++ b/master.tf
@ -98,16 +98,39 @@ resource "hcloud_server" "first_control_plane" {
  # Upload kustomization.yaml, containing Hetzner CSI & CSM, as well as kured.
  provisioner "file" {
-    content     = local.post_install_kustomization
+    content = yamlencode({
      apiVersion = "kustomize.config.k8s.io/v1beta1"
      kind       = "Kustomization"
      resources = [
        "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${local.ccm_version}/ccm-networks.yaml",
        "https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml",
        "https://github.com/weaveworks/kured/releases/download/${local.kured_version}/kured-${local.kured_version}-dockerhub.yaml",
        "./traefik.yaml"
      ]
      patchesStrategicMerge = [
        file("${path.module}/patches/kured.yaml"),
        local.ccm_latest ? file("${path.module}/patches/ccm_latest.yaml") : file("${path.module}/patches/ccm.yaml"),
        local.csi_latest ? file("${path.module}/patches/csi_latest.yaml") : null,
      ]
    })
    destination = "/tmp/post_install/kustomization.yaml"
  }
  # Upload traefik config
  provisioner "file" {
-    content     = local.traefik_config
+    content = templatefile(
      "${path.module}/templates/traefik_config.yaml.tpl",
      {
        lb_disable_ipv6    = var.lb_disable_ipv6
        lb_server_type     = var.lb_server_type
        location           = var.location
        traefik_acme_tls   = var.traefik_acme_tls
        traefik_acme_email = var.traefik_acme_email
    })
    destination = "/tmp/post_install/traefik.yaml"
  }
  # Deploy our post-installation kustomization
  provisioner "remote-exec" {
    inline = [
      "kubectl -n kube-system create secret generic hcloud --from-literal=token=${var.hcloud_token} --from-literal=network=${hcloud_network.k3s.name}",
--- a/patches/ccm.yaml
+++ b/patches/ccm.yaml
@ -0,0 +1,17 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: hcloud-cloud-controller-manager
  namespace: kube-system
 spec:
  template:
    spec:
      containers:
        - name: hcloud-cloud-controller-manager
          command:
            - "/bin/hcloud-cloud-controller-manager"
            - "--cloud-provider=hcloud"
            - "--leader-elect=false"
            - "--allow-untagged-cloud"
            - "--allocate-node-cidrs=true"
            - "--cluster-cidr=10.42.0.0/16"
--- a/patches/ccm_latest.yaml
+++ b/patches/ccm_latest.yaml
@ -0,0 +1,19 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: hcloud-cloud-controller-manager
  namespace: kube-system
 spec:
  template:
    spec:
      containers:
        - name: hcloud-cloud-controller-manager
          command:
            - "/bin/hcloud-cloud-controller-manager"
            - "--cloud-provider=hcloud"
            - "--leader-elect=false"
            - "--allow-untagged-cloud"
            - "--allocate-node-cidrs=true"
            - "--cluster-cidr=10.42.0.0/16"
          image: hetznercloud/hcloud-cloud-controller-manager:latest
          imagePullPolicy: Always
--- a/patches/csi_latest.yaml
+++ b/patches/csi_latest.yaml
@ -0,0 +1,54 @@
  kind: StatefulSet
  apiVersion: apps/v1
  metadata:
    name: hcloud-csi-controller
    namespace: kube-system
  spec:
    template:
      metadata:
        labels:
          app: hcloud-csi-controller
      spec:
        containers:
          - name: csi-attacher
            image: quay.io/k8scsi/csi-attacher:canary
            imagePullPolicy: Always
          - name: csi-resizer
            image: quay.io/k8scsi/csi-resizer:canary
            imagePullPolicy: Always
          - name: csi-provisioner
            image: quay.io/k8scsi/csi-provisioner:canary
            imagePullPolicy: Always
          - name: hcloud-csi-driver
            image: hetznercloud/hcloud-csi-driver:latest
            imagePullPolicy: Always
          - name: liveness-probe
            image: quay.io/k8scsi/livenessprobe:canary
            imagePullPolicy: Always
        volumes:
          - name: socket-dir
            emptyDir: {}
  ---
  kind: DaemonSet
  apiVersion: apps/v1
  metadata:
    name: hcloud-csi-node
    namespace: kube-system
    labels:
      app: hcloud-csi
  spec:
    selector:
      matchLabels:
        app: hcloud-csi
    template:
      spec:
        containers:
          - name: csi-node-driver-registrar
            image: quay.io/k8scsi/csi-node-driver-registrar:canary
            imagePullPolicy: Always
          - name: hcloud-csi-driver
            image: hetznercloud/hcloud-csi-driver:latest
            imagePullPolicy: Always
          - name: liveness-probe
            image: quay.io/k8scsi/livenessprobe:canary
            imagePullPolicy: Always
--- a/patches/kured.yaml
+++ b/patches/kured.yaml
@ -0,0 +1,20 @@
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
  name: kured
  namespace: kube-system
 spec:
  selector:
    matchLabels:
      name: kured
  template:
    metadata:
      labels:
        name: kured
    spec:
      serviceAccountName: kured
      containers:
        - name: kured
          command:
            - /usr/bin/kured
            - --reboot-command=/usr/bin/systemctl reboot
--- a/templates/kustomization.yaml.tpl
+++ b/templates/kustomization.yaml.tpl
@ -1,129 +0,0 @@
 ---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
 - "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${ccm_version}/ccm-networks.yaml"
 - "https://raw.githubusercontent.com/hetznercloud/csi-driver/${csi_version}/deploy/kubernetes/hcloud-csi.yml"
 - "https://github.com/weaveworks/kured/releases/download/${kured_version}/kured-${kured_version}-dockerhub.yaml"
 - ./traefik.yaml
 patchesStrategicMerge:
 - |-
  apiVersion: apps/v1
  kind: DaemonSet
  metadata:
    name: kured
    namespace: kube-system
  spec:
    selector:
      matchLabels:
        name: kured
    template:
      metadata:
        labels:
          name: kured
      spec:
        serviceAccountName: kured
        containers:
          - name: kured
            command:
              - /usr/bin/kured
              - --reboot-command=/usr/bin/systemctl reboot
 - |-
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: hcloud-cloud-controller-manager
    namespace: kube-system
  spec:
    template:
      spec:
        containers:
          - name: hcloud-cloud-controller-manager
            command:
              - "/bin/hcloud-cloud-controller-manager"
              - "--cloud-provider=hcloud"
              - "--leader-elect=false"
              - "--allow-untagged-cloud"
              - "--allocate-node-cidrs=true"
              - "--cluster-cidr=10.42.0.0/16"
 %{ if ccm_latest ~}
 - |-
  apiVersion: apps/v1
  kind: Deployment
  metadata:
    name: hcloud-cloud-controller-manager
    namespace: kube-system
  spec:
    template:
      spec:
        containers:
          - name: hcloud-cloud-controller-manager
            command:
              - "/bin/hcloud-cloud-controller-manager"
              - "--cloud-provider=hcloud"
              - "--leader-elect=false"
              - "--allow-untagged-cloud"
              - "--allocate-node-cidrs=true"
              - "--cluster-cidr=10.42.0.0/16"
            image: hetznercloud/hcloud-cloud-controller-manager:latest
            imagePullPolicy: Always
 %{ endif ~}
 %{ if csi_latest ~}
 - |-
  kind: StatefulSet
  apiVersion: apps/v1
  metadata:
    name: hcloud-csi-controller
    namespace: kube-system
  spec:
    template:
      metadata:
        labels:
          app: hcloud-csi-controller
      spec:
        containers:
          - name: csi-attacher
            image: quay.io/k8scsi/csi-attacher:canary
            imagePullPolicy: Always
          - name: csi-resizer
            image: quay.io/k8scsi/csi-resizer:canary
            imagePullPolicy: Always
          - name: csi-provisioner
            image: quay.io/k8scsi/csi-provisioner:canary
            imagePullPolicy: Always
          - name: hcloud-csi-driver
            image: hetznercloud/hcloud-csi-driver:latest
            imagePullPolicy: Always
          - name: liveness-probe
            image: quay.io/k8scsi/livenessprobe:canary
            imagePullPolicy: Always
        volumes:
          - name: socket-dir
            emptyDir: {}
  ---
  kind: DaemonSet
  apiVersion: apps/v1
  metadata:
    name: hcloud-csi-node
    namespace: kube-system
    labels:
      app: hcloud-csi
  spec:
    selector:
      matchLabels:
        app: hcloud-csi
    template:
      spec:
        containers:
          - name: csi-node-driver-registrar
            image: quay.io/k8scsi/csi-node-driver-registrar:canary
            imagePullPolicy: Always
          - name: hcloud-csi-driver
            image: hetznercloud/hcloud-csi-driver:latest
            imagePullPolicy: Always
          - name: liveness-probe
            image: quay.io/k8scsi/livenessprobe:canary
            imagePullPolicy: Always
 %{ endif ~}