replace kustomization.yaml.tpl with yamlencode

benefit is replacing inline strings in yaml with proper files locally while still just deploying a single file to the remote host.
2022-02-11 23:49:54 +01:00 · 2022-02-11 23:49:54 +01:00 · 347ba42866
commit 347ba42866
parent ddcc473ea8
7 changed files with 143 additions and 153 deletions
--- a/locals.tf
+++ b/locals.tf
@ -1,7 +1,8 @@
 locals {
  first_control_plane_network_ip = cidrhost(hcloud_network_subnet.k3s.ip_range, 2)
  hcloud_image_name              = "ubuntu-20.04"
-  ssh_public_key                 = trimspace(file(var.public_key))
+
+  ssh_public_key = trimspace(file(var.public_key))
  # ssh_private_key is either the contents of var.private_key or null to use a ssh agent.
  ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key))
  # ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use.
@ -10,10 +11,15 @@ locals {
  # ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file
  # if an ssh agent is used.
  ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
-
  # shared flags for ssh to ignore host keys, to use root and our ssh identity file for all connections during provisioning.
  ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}"

+  ccm_version   = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag
+  ccm_latest    = var.hetzner_ccm_containers_latest
+  csi_version   = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag
+  csi_latest    = var.hetzner_csi_containers_latest
+  kured_version = data.github_release.kured.release_tag
+
  MicroOS_install_commands = [
    "set -ex",
    "apt-get install -y aria2",
@ -30,24 +36,4 @@ locals {
    "cp /root/config.ign /mnt/ignition/config.ign",
    "umount /mnt"
  ]
-
-  post_install_kustomization = templatefile(
-    "${path.module}/templates/kustomization.yaml.tpl",
-    {
-      ccm_version   = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag
-      ccm_latest    = var.hetzner_ccm_containers_latest
-      csi_version   = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag
-      csi_latest    = var.hetzner_csi_containers_latest
-      kured_version = data.github_release.kured.release_tag
-  })
-
-  traefik_config = templatefile(
-    "${path.module}/templates/traefik_config.yaml.tpl",
-    {
-      lb_disable_ipv6    = var.lb_disable_ipv6
-      lb_server_type     = var.lb_server_type
-      location           = var.location
-      traefik_acme_tls   = var.traefik_acme_tls
-      traefik_acme_email = var.traefik_acme_email
-  })
 }
--- a/master.tf
+++ b/master.tf
@ -98,16 +98,39 @@ resource "hcloud_server" "first_control_plane" {

  # Upload kustomization.yaml, containing Hetzner CSI & CSM, as well as kured.
  provisioner "file" {
-    content     = local.post_install_kustomization
+    content = yamlencode({
+      apiVersion = "kustomize.config.k8s.io/v1beta1"
+      kind       = "Kustomization"
+      resources = [
+        "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${local.ccm_version}/ccm-networks.yaml",
+        "https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml",
+        "https://github.com/weaveworks/kured/releases/download/${local.kured_version}/kured-${local.kured_version}-dockerhub.yaml",
+        "./traefik.yaml"
+      ]
+      patchesStrategicMerge = [
+        file("${path.module}/patches/kured.yaml"),
+        local.ccm_latest ? file("${path.module}/patches/ccm_latest.yaml") : file("${path.module}/patches/ccm.yaml"),
+        local.csi_latest ? file("${path.module}/patches/csi_latest.yaml") : null,
+      ]
+    })
    destination = "/tmp/post_install/kustomization.yaml"
  }

  # Upload traefik config
  provisioner "file" {
-    content     = local.traefik_config
+    content = templatefile(
+      "${path.module}/templates/traefik_config.yaml.tpl",
+      {
+        lb_disable_ipv6    = var.lb_disable_ipv6
+        lb_server_type     = var.lb_server_type
+        location           = var.location
+        traefik_acme_tls   = var.traefik_acme_tls
+        traefik_acme_email = var.traefik_acme_email
+    })
    destination = "/tmp/post_install/traefik.yaml"
  }

+  # Deploy our post-installation kustomization
  provisioner "remote-exec" {
    inline = [
      "kubectl -n kube-system create secret generic hcloud --from-literal=token=${var.hcloud_token} --from-literal=network=${hcloud_network.k3s.name}",
--- a/patches/ccm.yaml
+++ b/patches/ccm.yaml
@ -0,0 +1,17 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hcloud-cloud-controller-manager
+  namespace: kube-system
+spec:
+  template:
+    spec:
+      containers:
+        - name: hcloud-cloud-controller-manager
+          command:
+            - "/bin/hcloud-cloud-controller-manager"
+            - "--cloud-provider=hcloud"
+            - "--leader-elect=false"
+            - "--allow-untagged-cloud"
+            - "--allocate-node-cidrs=true"
+            - "--cluster-cidr=10.42.0.0/16"
--- a/patches/ccm_latest.yaml
+++ b/patches/ccm_latest.yaml
@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hcloud-cloud-controller-manager
+  namespace: kube-system
+spec:
+  template:
+    spec:
+      containers:
+        - name: hcloud-cloud-controller-manager
+          command:
+            - "/bin/hcloud-cloud-controller-manager"
+            - "--cloud-provider=hcloud"
+            - "--leader-elect=false"
+            - "--allow-untagged-cloud"
+            - "--allocate-node-cidrs=true"
+            - "--cluster-cidr=10.42.0.0/16"
+          image: hetznercloud/hcloud-cloud-controller-manager:latest
+          imagePullPolicy: Always
--- a/patches/csi_latest.yaml
+++ b/patches/csi_latest.yaml
@ -0,0 +1,54 @@
+  kind: StatefulSet
+  apiVersion: apps/v1
+  metadata:
+    name: hcloud-csi-controller
+    namespace: kube-system
+  spec:
+    template:
+      metadata:
+        labels:
+          app: hcloud-csi-controller
+      spec:
+        containers:
+          - name: csi-attacher
+            image: quay.io/k8scsi/csi-attacher:canary
+            imagePullPolicy: Always
+          - name: csi-resizer
+            image: quay.io/k8scsi/csi-resizer:canary
+            imagePullPolicy: Always
+          - name: csi-provisioner
+            image: quay.io/k8scsi/csi-provisioner:canary
+            imagePullPolicy: Always
+          - name: hcloud-csi-driver
+            image: hetznercloud/hcloud-csi-driver:latest
+            imagePullPolicy: Always
+          - name: liveness-probe
+            image: quay.io/k8scsi/livenessprobe:canary
+            imagePullPolicy: Always
+        volumes:
+          - name: socket-dir
+            emptyDir: {}
+  ---
+  kind: DaemonSet
+  apiVersion: apps/v1
+  metadata:
+    name: hcloud-csi-node
+    namespace: kube-system
+    labels:
+      app: hcloud-csi
+  spec:
+    selector:
+      matchLabels:
+        app: hcloud-csi
+    template:
+      spec:
+        containers:
+          - name: csi-node-driver-registrar
+            image: quay.io/k8scsi/csi-node-driver-registrar:canary
+            imagePullPolicy: Always
+          - name: hcloud-csi-driver
+            image: hetznercloud/hcloud-csi-driver:latest
+            imagePullPolicy: Always
+          - name: liveness-probe
+            image: quay.io/k8scsi/livenessprobe:canary
+            imagePullPolicy: Always
--- a/patches/kured.yaml
+++ b/patches/kured.yaml
@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: kured
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      name: kured
+  template:
+    metadata:
+      labels:
+        name: kured
+    spec:
+      serviceAccountName: kured
+      containers:
+        - name: kured
+          command:
+            - /usr/bin/kured
+            - --reboot-command=/usr/bin/systemctl reboot
--- a/templates/kustomization.yaml.tpl
+++ b/templates/kustomization.yaml.tpl
@ -1,129 +0,0 @@
---
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
- "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${ccm_version}/ccm-networks.yaml"
- "https://raw.githubusercontent.com/hetznercloud/csi-driver/${csi_version}/deploy/kubernetes/hcloud-csi.yml"
- "https://github.com/weaveworks/kured/releases/download/${kured_version}/kured-${kured_version}-dockerhub.yaml"
- ./traefik.yaml
-
-patchesStrategicMerge:
- |-
-  apiVersion: apps/v1
-  kind: DaemonSet
-  metadata:
-    name: kured
-    namespace: kube-system
-  spec:
-    selector:
-      matchLabels:
-        name: kured
-    template:
-      metadata:
-        labels:
-          name: kured
-      spec:
-        serviceAccountName: kured
-        containers:
-          - name: kured
-            command:
-              - /usr/bin/kured
-              - --reboot-command=/usr/bin/systemctl reboot
- |-
-  apiVersion: apps/v1
-  kind: Deployment
-  metadata:
-    name: hcloud-cloud-controller-manager
-    namespace: kube-system
-  spec:
-    template:
-      spec:
-        containers:
-          - name: hcloud-cloud-controller-manager
-            command:
-              - "/bin/hcloud-cloud-controller-manager"
-              - "--cloud-provider=hcloud"
-              - "--leader-elect=false"
-              - "--allow-untagged-cloud"
-              - "--allocate-node-cidrs=true"
-              - "--cluster-cidr=10.42.0.0/16"
-%{ if ccm_latest ~}
- |-
-  apiVersion: apps/v1
-  kind: Deployment
-  metadata:
-    name: hcloud-cloud-controller-manager
-    namespace: kube-system
-  spec:
-    template:
-      spec:
-        containers:
-          - name: hcloud-cloud-controller-manager
-            command:
-              - "/bin/hcloud-cloud-controller-manager"
-              - "--cloud-provider=hcloud"
-              - "--leader-elect=false"
-              - "--allow-untagged-cloud"
-              - "--allocate-node-cidrs=true"
-              - "--cluster-cidr=10.42.0.0/16"
-            image: hetznercloud/hcloud-cloud-controller-manager:latest
-            imagePullPolicy: Always
-%{ endif ~}
-%{ if csi_latest ~}
- |-
-  kind: StatefulSet
-  apiVersion: apps/v1
-  metadata:
-    name: hcloud-csi-controller
-    namespace: kube-system
-  spec:
-    template:
-      metadata:
-        labels:
-          app: hcloud-csi-controller
-      spec:
-        containers:
-          - name: csi-attacher
-            image: quay.io/k8scsi/csi-attacher:canary
-            imagePullPolicy: Always
-          - name: csi-resizer
-            image: quay.io/k8scsi/csi-resizer:canary
-            imagePullPolicy: Always
-          - name: csi-provisioner
-            image: quay.io/k8scsi/csi-provisioner:canary
-            imagePullPolicy: Always
-          - name: hcloud-csi-driver
-            image: hetznercloud/hcloud-csi-driver:latest
-            imagePullPolicy: Always
-          - name: liveness-probe
-            image: quay.io/k8scsi/livenessprobe:canary
-            imagePullPolicy: Always
-        volumes:
-          - name: socket-dir
-            emptyDir: {}
-  ---
-  kind: DaemonSet
-  apiVersion: apps/v1
-  metadata:
-    name: hcloud-csi-node
-    namespace: kube-system
-    labels:
-      app: hcloud-csi
-  spec:
-    selector:
-      matchLabels:
-        app: hcloud-csi
-    template:
-      spec:
-        containers:
-          - name: csi-node-driver-registrar
-            image: quay.io/k8scsi/csi-node-driver-registrar:canary
-            imagePullPolicy: Always
-          - name: hcloud-csi-driver
-            image: hetznercloud/hcloud-csi-driver:latest
-            imagePullPolicy: Always
-          - name: liveness-probe
-            image: quay.io/k8scsi/livenessprobe:canary
-            imagePullPolicy: Always
-%{ endif ~}