Merge pull request #27 from phaer/optional-private-key
make private key optional to support SSH agent usage
This commit is contained in:
commit
5a46127533
@ -61,7 +61,9 @@ _The Hetzner cli `hcloud` is also useful to have, mainly for debugging without h
|
||||
### 💡 [Do not skip] Creating the terraform.tfvars file
|
||||
|
||||
1. Create a project in your [Hetzner Cloud Console](https://console.hetzner.cloud/), and go to **Security > API Tokens** of that project to grab the API key. Take note of the key! ✅
|
||||
2. Generate an ssh key pair for your cluster, unless you already have one that you'd like to use (ed25519 is the ideal type). Take note of the respective paths of your private and public keys! ✅
|
||||
2. Either...
|
||||
...generate an ssh key pair for your cluster, unless you already have one that you'd like to use (ed25519 is the ideal type). Take note of the respective paths of your private and public keys! ✅
|
||||
...or make sure you have got an SSH agent running and your key is loaded (`ssh-add -L` to verify) and set `private_key = null` ✅
|
||||
3. Copy `terraform.tfvars.example` to `terraform.tfvars`, and replace the values from steps 1 and 2. ✅
|
||||
4. (Optional) There are other variables in `terraform.tfvars` that could be customized, like Hetzner region, and the node counts and sizes.
|
||||
|
||||
|
14
agents.tf
14
agents.tf
@ -27,9 +27,10 @@ resource "hcloud_server" "agents" {
|
||||
destination = "/tmp/config.yaml"
|
||||
|
||||
connection {
|
||||
user = "root"
|
||||
private_key = file(var.private_key)
|
||||
host = self.ipv4_address
|
||||
user = "root"
|
||||
private_key = local.ssh_private_key
|
||||
agent_identity = local.ssh_identity
|
||||
host = self.ipv4_address
|
||||
}
|
||||
}
|
||||
|
||||
@ -38,9 +39,10 @@ resource "hcloud_server" "agents" {
|
||||
inline = local.k3os_install_commands
|
||||
|
||||
connection {
|
||||
user = "root"
|
||||
private_key = file(var.private_key)
|
||||
host = self.ipv4_address
|
||||
user = "root"
|
||||
private_key = local.ssh_private_key
|
||||
agent_identity = local.ssh_identity
|
||||
host = self.ipv4_address
|
||||
}
|
||||
}
|
||||
|
||||
|
10
locals.tf
10
locals.tf
@ -1,7 +1,15 @@
|
||||
locals {
|
||||
first_control_plane_network_ip = cidrhost(hcloud_network.k3s.ip_range, 2)
|
||||
ssh_public_key = trimspace(file(var.public_key))
|
||||
hcloud_image_name = "ubuntu-20.04"
|
||||
ssh_public_key = trimspace(file(var.public_key))
|
||||
# ssh_private_key is either the contents of var.private_key or null to use a ssh agent.
|
||||
ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key))
|
||||
# ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use.
|
||||
# For terraforms provisioner.connection.agent_identity, we need the public key as a string.
|
||||
ssh_identity = var.private_key == null ? local.ssh_public_key : null
|
||||
# ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file
|
||||
# if an ssh agent is used.
|
||||
ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
|
||||
|
||||
k3os_install_commands = [
|
||||
"apt install -y grub-efi grub-pc-bin mtools xorriso",
|
||||
|
16
master.tf
16
master.tf
@ -23,9 +23,10 @@ resource "hcloud_server" "first_control_plane" {
|
||||
destination = "/tmp/config.yaml"
|
||||
|
||||
connection {
|
||||
user = "root"
|
||||
private_key = file(var.private_key)
|
||||
host = self.ipv4_address
|
||||
user = "root"
|
||||
private_key = local.ssh_private_key
|
||||
agent_identity = local.ssh_identity
|
||||
host = self.ipv4_address
|
||||
}
|
||||
}
|
||||
|
||||
@ -34,16 +35,17 @@ resource "hcloud_server" "first_control_plane" {
|
||||
inline = local.k3os_install_commands
|
||||
|
||||
connection {
|
||||
user = "root"
|
||||
private_key = file(var.private_key)
|
||||
host = self.ipv4_address
|
||||
user = "root"
|
||||
private_key = local.ssh_private_key
|
||||
agent_identity = local.ssh_identity
|
||||
host = self.ipv4_address
|
||||
}
|
||||
}
|
||||
|
||||
# Wait for k3os to be ready and fetch kubeconfig.yaml
|
||||
provisioner "local-exec" {
|
||||
command = <<-EOT
|
||||
sleep 60 && ping ${self.ipv4_address} | grep --line-buffered "bytes from" | head -1 && sleep 100 && scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${var.private_key} rancher@${self.ipv4_address}:/etc/rancher/k3s/k3s.yaml ${path.module}/kubeconfig.yaml
|
||||
sleep 60 && ping ${self.ipv4_address} | grep --line-buffered "bytes from" | head -1 && sleep 100 && scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${local.ssh_identity_file} rancher@${self.ipv4_address}:/etc/rancher/k3s/k3s.yaml ${path.module}/kubeconfig.yaml
|
||||
sed -i -e 's/127.0.0.1/${self.ipv4_address}/g' ${path.module}/kubeconfig.yaml
|
||||
EOT
|
||||
}
|
||||
|
14
servers.tf
14
servers.tf
@ -26,9 +26,10 @@ resource "hcloud_server" "control_planes" {
|
||||
destination = "/tmp/config.yaml"
|
||||
|
||||
connection {
|
||||
user = "root"
|
||||
private_key = file(var.private_key)
|
||||
host = self.ipv4_address
|
||||
user = "root"
|
||||
private_key = local.ssh_private_key
|
||||
agent_identity = local.ssh_identity
|
||||
host = self.ipv4_address
|
||||
}
|
||||
}
|
||||
|
||||
@ -37,9 +38,10 @@ resource "hcloud_server" "control_planes" {
|
||||
inline = local.k3os_install_commands
|
||||
|
||||
connection {
|
||||
user = "root"
|
||||
private_key = file(var.private_key)
|
||||
host = self.ipv4_address
|
||||
user = "root"
|
||||
private_key = local.ssh_private_key
|
||||
agent_identity = local.ssh_identity
|
||||
host = self.ipv4_address
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user