diff --git a/.github/workflow/terraform.yaml b/.github/workflows/terraform.yaml similarity index 100% rename from .github/workflow/terraform.yaml rename to .github/workflows/terraform.yaml diff --git a/.gitignore b/.gitignore index 9ba7871..47f79cb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,9 @@ .terraform* *.tfstate* crash.log +hetzner/ccm/kustomization.yaml +hetzner/csi/kustomization.yaml kubeconfig.yaml +kubeconfig.yaml-e terraform.tfvars -templates/rendered/traefik_config.yaml \ No newline at end of file +templates/rendered/traefik_config.yaml diff --git a/README.md b/README.md index d97ed61..7ed86f5 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ _The Hetzner cli `hcloud` is also useful to have, mainly for debugging without h 1. Create a project in your [Hetzner Cloud Console](https://console.hetzner.cloud/), and go to **Security > API Tokens** of that project to grab the API key. Take note of the key! ✅ 2. Generate an ssh key pair for your cluster, unless you already have one that you'd like to use (ed25519 is the ideal type). Take note of the respective paths of your private and public keys! ✅ -3. Rename `terraform.tfvars.example` to `terraform.tfvars`, and replace the values from steps 1 and 2. ✅ +3. Copy `terraform.tfvars.example` to `terraform.tfvars`, and replace the values from steps 1 and 2. ✅ 4. (Optional) There are other variables in `terraform.tfvars` that could be customized, like Hetzner region, and the node counts and sizes. ### 🎯 Installation @@ -134,8 +134,8 @@ kubectl label node 'k3os.io/upgrade'- If you want to takedown the cluster, you can proceed as follows: ```sh -kubectl delete -k hetzer/csi -kubectl delete -k hetzer/ccm +kubectl delete -k hetzner/csi +kubectl delete -k hetzner/ccm hcloud load-balancer delete traefik terraform destroy -auto-approve ``` diff --git a/data.tf b/data.tf index e9448dc..294b0e2 100644 --- a/data.tf +++ b/data.tf @@ -1,3 +1,19 @@ data "hcloud_load_balancer" "lb11" { name = "traefik" } + +data "github_release" "hetzner_ccm" { + repository = "hcloud-cloud-controller-manager" + owner = "hetznercloud" + retrieve_by = "latest" +} + +data "github_release" "hetzner_csi" { + repository = "csi-driver" + owner = "hetznercloud" + retrieve_by = "latest" +} + +data "hcloud_image" "linux" { + name = local.hcloud_image_name +} diff --git a/hetzner/ccm/kustomization.yaml b/hetzner/ccm/kustomization.yaml deleted file mode 100644 index 8e6eab1..0000000 --- a/hetzner/ccm/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: -- https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/latest/download/ccm-networks.yaml - -patchesStrategicMerge: -- patch.yaml \ No newline at end of file diff --git a/hetzner/csi/kustomization.yaml b/hetzner/csi/kustomization.yaml deleted file mode 100644 index 78ad622..0000000 --- a/hetzner/csi/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: -- https://raw.githubusercontent.com/hetznercloud/csi-driver/master/deploy/kubernetes/hcloud-csi.yml - -patchesStrategicMerge: -- patch.yaml \ No newline at end of file diff --git a/main.tf b/main.tf index e33087b..3c9fee7 100644 --- a/main.tf +++ b/main.tf @@ -144,8 +144,22 @@ resource "hcloud_firewall" "k3s" { } -data "hcloud_image" "linux" { - name = local.hcloud_image_name +resource "local_file" "hetzner_ccm_config" { + content = templatefile("${path.module}/templates/hetzner_ccm.yaml.tpl", { + ccm_version = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag + }) + filename = "${path.module}/hetzner/ccm/kustomization.yaml" + file_permission = "0644" + directory_permission = "0755" +} + +resource "local_file" "hetzner_csi_config" { + content = templatefile("${path.module}/templates/hetzner_csi.yaml.tpl", { + csi_version = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag + }) + filename = "${path.module}/hetzner/csi/kustomization.yaml" + file_permission = "0644" + directory_permission = "0755" } resource "local_file" "traefik_config" { @@ -153,5 +167,7 @@ resource "local_file" "traefik_config" { lb_server_type = var.lb_server_type location = var.location }) - filename = "${path.module}/templates/rendered/traefik_config.yaml" + filename = "${path.module}/templates/rendered/traefik_config.yaml" + file_permission = "0644" + directory_permission = "0755" } diff --git a/master.tf b/master.tf index 0b2dfc2..8da0368 100644 --- a/master.tf +++ b/master.tf @@ -52,9 +52,9 @@ resource "hcloud_server" "first_control_plane" { provisioner "local-exec" { command = <<-EOT kubectl -n kube-system create secret generic hcloud --from-literal=token=${var.hcloud_token} --from-literal=network=${hcloud_network.k3s.name} --kubeconfig ${path.module}/kubeconfig.yaml - kubectl apply -k ${path.module}/hetzner/ccm --kubeconfig ${path.module}/kubeconfig.yaml + kubectl apply -k ${dirname(local_file.hetzner_ccm_config.filename)} --kubeconfig ${path.module}/kubeconfig.yaml kubectl -n kube-system create secret generic hcloud-csi --from-literal=token=${var.hcloud_token} --kubeconfig ${path.module}/kubeconfig.yaml - kubectl apply -k ${path.module}/hetzner/csi --kubeconfig ${path.module}/kubeconfig.yaml + kubectl apply -k ${dirname(local_file.hetzner_csi_config.filename)} --kubeconfig ${path.module}/kubeconfig.yaml EOT } diff --git a/providers.tf b/providers.tf index 706ed68..dcb6222 100644 --- a/providers.tf +++ b/providers.tf @@ -1,3 +1,7 @@ +provider "github" {} + provider "hcloud" { token = var.hcloud_token } + +provider "local" {} diff --git a/templates/hetzner_ccm.yaml.tpl b/templates/hetzner_ccm.yaml.tpl new file mode 100644 index 0000000..af54617 --- /dev/null +++ b/templates/hetzner_ccm.yaml.tpl @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${ccm_version}/ccm-networks.yaml" + +patchesStrategicMerge: +- patch.yaml diff --git a/templates/hetzner_csi.yaml.tpl b/templates/hetzner_csi.yaml.tpl new file mode 100644 index 0000000..8a91b8d --- /dev/null +++ b/templates/hetzner_csi.yaml.tpl @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- "https://raw.githubusercontent.com/hetznercloud/csi-driver/${csi_version}/deploy/kubernetes/hcloud-csi.yml" + +patchesStrategicMerge: +- patch.yaml diff --git a/variables.tf b/variables.tf index 8f2c670..42f00a0 100644 --- a/variables.tf +++ b/variables.tf @@ -1,6 +1,7 @@ variable "hcloud_token" { - description = "Hetzner API tokey" + description = "Hetzner Cloud API Token" type = string + sensitive = true } variable "public_key" { @@ -42,3 +43,15 @@ variable "agents_num" { description = "Number of agent nodes." type = number } + +variable "hetzner_ccm_version" { + type = string + default = null + description = "Version of Kubernetes Cloud Controller Manager for Hetzner Cloud" +} + +variable "hetzner_csi_version" { + type = string + default = null + description = "Version of Container Storage Interface driver for Hetzner Cloud" +} diff --git a/versions.tf b/versions.tf index 630394f..ed5848d 100644 --- a/versions.tf +++ b/versions.tf @@ -1,8 +1,16 @@ terraform { required_providers { + github = { + source = "integrations/github" + version = ">= 4.0.0, < 5.0.0" + } hcloud = { source = "hetznercloud/hcloud" version = ">= 1.0.0, < 2.0.0" } + local = { + source = "hashicorp/local" + version = ">= 2.0.0, < 3.0.0" + } } }