From fb876d2d9b74432f7ab5e859a784e8257c52a71c Mon Sep 17 00:00:00 2001 From: Dennis Hoppe Date: Thu, 13 Jan 2022 10:22:54 +0100 Subject: [PATCH 1/6] Update documentation (cp vs mv) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d97ed61..850f5c2 100644 --- a/README.md +++ b/README.md @@ -63,7 +63,7 @@ _The Hetzner cli `hcloud` is also useful to have, mainly for debugging without h 1. Create a project in your [Hetzner Cloud Console](https://console.hetzner.cloud/), and go to **Security > API Tokens** of that project to grab the API key. Take note of the key! ✅ 2. Generate an ssh key pair for your cluster, unless you already have one that you'd like to use (ed25519 is the ideal type). Take note of the respective paths of your private and public keys! ✅ -3. Rename `terraform.tfvars.example` to `terraform.tfvars`, and replace the values from steps 1 and 2. ✅ +3. Copy `terraform.tfvars.example` to `terraform.tfvars`, and replace the values from steps 1 and 2. ✅ 4. (Optional) There are other variables in `terraform.tfvars` that could be customized, like Hetzner region, and the node counts and sizes. ### 🎯 Installation From 7e4e9a45066e94ef5f588dd6507359f4c520806d Mon Sep 17 00:00:00 2001 From: Dennis Hoppe Date: Thu, 13 Jan 2022 10:29:22 +0100 Subject: [PATCH 2/6] Rename directory --- .github/{workflow => workflows}/terraform.yaml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/{workflow => workflows}/terraform.yaml (100%) diff --git a/.github/workflow/terraform.yaml b/.github/workflows/terraform.yaml similarity index 100% rename from .github/workflow/terraform.yaml rename to .github/workflows/terraform.yaml From db3876bca4b6acc212a0ecf8c973c64ccd58856e Mon Sep 17 00:00:00 2001 From: Dennis Hoppe Date: Thu, 13 Jan 2022 12:36:10 +0100 Subject: [PATCH 3/6] Add missing Terraform provider (local) --- providers.tf | 2 ++ versions.tf | 4 ++++ 2 files changed, 6 insertions(+) diff --git a/providers.tf b/providers.tf index 706ed68..00e180e 100644 --- a/providers.tf +++ b/providers.tf @@ -1,3 +1,5 @@ provider "hcloud" { token = var.hcloud_token } + +provider "local" {} diff --git a/versions.tf b/versions.tf index 630394f..da71fa3 100644 --- a/versions.tf +++ b/versions.tf @@ -4,5 +4,9 @@ terraform { source = "hetznercloud/hcloud" version = ">= 1.0.0, < 2.0.0" } + local = { + source = "hashicorp/local" + version = ">= 2.0.0, < 3.0.0" + } } } From 05332e7ae30a232029da8dca753a67ebee4bfc5b Mon Sep 17 00:00:00 2001 From: Dennis Hoppe Date: Thu, 13 Jan 2022 13:32:17 +0100 Subject: [PATCH 4/6] Make version of CCM / CSI configurable --- .gitignore | 5 ++++- data.tf | 15 +++++++++++++++ hetzner/ccm/kustomization.yaml | 8 -------- hetzner/csi/kustomization.yaml | 8 -------- main.tf | 22 +++++++++++++++++++--- master.tf | 4 ++-- providers.tf | 2 ++ templates/hetzner_ccm.yaml.tpl | 8 ++++++++ templates/hetzner_csi.yaml.tpl | 8 ++++++++ variables.tf | 12 ++++++++++++ versions.tf | 4 ++++ 11 files changed, 74 insertions(+), 22 deletions(-) create mode 100644 data.tf delete mode 100644 hetzner/ccm/kustomization.yaml delete mode 100644 hetzner/csi/kustomization.yaml create mode 100644 templates/hetzner_ccm.yaml.tpl create mode 100644 templates/hetzner_csi.yaml.tpl diff --git a/.gitignore b/.gitignore index 9ba7871..47f79cb 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,9 @@ .terraform* *.tfstate* crash.log +hetzner/ccm/kustomization.yaml +hetzner/csi/kustomization.yaml kubeconfig.yaml +kubeconfig.yaml-e terraform.tfvars -templates/rendered/traefik_config.yaml \ No newline at end of file +templates/rendered/traefik_config.yaml diff --git a/data.tf b/data.tf new file mode 100644 index 0000000..99f6fe5 --- /dev/null +++ b/data.tf @@ -0,0 +1,15 @@ +data "github_release" "hetzner_ccm" { + repository = "hcloud-cloud-controller-manager" + owner = "hetznercloud" + retrieve_by = "latest" +} + +data "github_release" "hetzner_csi" { + repository = "csi-driver" + owner = "hetznercloud" + retrieve_by = "latest" +} + +data "hcloud_image" "linux" { + name = local.hcloud_image_name +} diff --git a/hetzner/ccm/kustomization.yaml b/hetzner/ccm/kustomization.yaml deleted file mode 100644 index 8e6eab1..0000000 --- a/hetzner/ccm/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: -- https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/latest/download/ccm-networks.yaml - -patchesStrategicMerge: -- patch.yaml \ No newline at end of file diff --git a/hetzner/csi/kustomization.yaml b/hetzner/csi/kustomization.yaml deleted file mode 100644 index 78ad622..0000000 --- a/hetzner/csi/kustomization.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: -- https://raw.githubusercontent.com/hetznercloud/csi-driver/master/deploy/kubernetes/hcloud-csi.yml - -patchesStrategicMerge: -- patch.yaml \ No newline at end of file diff --git a/main.tf b/main.tf index e33087b..3c9fee7 100644 --- a/main.tf +++ b/main.tf @@ -144,8 +144,22 @@ resource "hcloud_firewall" "k3s" { } -data "hcloud_image" "linux" { - name = local.hcloud_image_name +resource "local_file" "hetzner_ccm_config" { + content = templatefile("${path.module}/templates/hetzner_ccm.yaml.tpl", { + ccm_version = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag + }) + filename = "${path.module}/hetzner/ccm/kustomization.yaml" + file_permission = "0644" + directory_permission = "0755" +} + +resource "local_file" "hetzner_csi_config" { + content = templatefile("${path.module}/templates/hetzner_csi.yaml.tpl", { + csi_version = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag + }) + filename = "${path.module}/hetzner/csi/kustomization.yaml" + file_permission = "0644" + directory_permission = "0755" } resource "local_file" "traefik_config" { @@ -153,5 +167,7 @@ resource "local_file" "traefik_config" { lb_server_type = var.lb_server_type location = var.location }) - filename = "${path.module}/templates/rendered/traefik_config.yaml" + filename = "${path.module}/templates/rendered/traefik_config.yaml" + file_permission = "0644" + directory_permission = "0755" } diff --git a/master.tf b/master.tf index 0b2dfc2..8da0368 100644 --- a/master.tf +++ b/master.tf @@ -52,9 +52,9 @@ resource "hcloud_server" "first_control_plane" { provisioner "local-exec" { command = <<-EOT kubectl -n kube-system create secret generic hcloud --from-literal=token=${var.hcloud_token} --from-literal=network=${hcloud_network.k3s.name} --kubeconfig ${path.module}/kubeconfig.yaml - kubectl apply -k ${path.module}/hetzner/ccm --kubeconfig ${path.module}/kubeconfig.yaml + kubectl apply -k ${dirname(local_file.hetzner_ccm_config.filename)} --kubeconfig ${path.module}/kubeconfig.yaml kubectl -n kube-system create secret generic hcloud-csi --from-literal=token=${var.hcloud_token} --kubeconfig ${path.module}/kubeconfig.yaml - kubectl apply -k ${path.module}/hetzner/csi --kubeconfig ${path.module}/kubeconfig.yaml + kubectl apply -k ${dirname(local_file.hetzner_csi_config.filename)} --kubeconfig ${path.module}/kubeconfig.yaml EOT } diff --git a/providers.tf b/providers.tf index 00e180e..dcb6222 100644 --- a/providers.tf +++ b/providers.tf @@ -1,3 +1,5 @@ +provider "github" {} + provider "hcloud" { token = var.hcloud_token } diff --git a/templates/hetzner_ccm.yaml.tpl b/templates/hetzner_ccm.yaml.tpl new file mode 100644 index 0000000..af54617 --- /dev/null +++ b/templates/hetzner_ccm.yaml.tpl @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${ccm_version}/ccm-networks.yaml" + +patchesStrategicMerge: +- patch.yaml diff --git a/templates/hetzner_csi.yaml.tpl b/templates/hetzner_csi.yaml.tpl new file mode 100644 index 0000000..8a91b8d --- /dev/null +++ b/templates/hetzner_csi.yaml.tpl @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- "https://raw.githubusercontent.com/hetznercloud/csi-driver/${csi_version}/deploy/kubernetes/hcloud-csi.yml" + +patchesStrategicMerge: +- patch.yaml diff --git a/variables.tf b/variables.tf index 8f2c670..34a33f6 100644 --- a/variables.tf +++ b/variables.tf @@ -42,3 +42,15 @@ variable "agents_num" { description = "Number of agent nodes." type = number } + +variable "hetzner_ccm_version" { + type = string + default = null + description = "Version of Kubernetes Cloud Controller Manager for Hetzner Cloud" +} + +variable "hetzner_csi_version" { + type = string + default = null + description = "Version of Container Storage Interface driver for Hetzner Cloud" +} diff --git a/versions.tf b/versions.tf index da71fa3..ed5848d 100644 --- a/versions.tf +++ b/versions.tf @@ -1,5 +1,9 @@ terraform { required_providers { + github = { + source = "integrations/github" + version = ">= 4.0.0, < 5.0.0" + } hcloud = { source = "hetznercloud/hcloud" version = ">= 1.0.0, < 2.0.0" From 26cc66f42b27a5f84b003575abaa7a02363d443c Mon Sep 17 00:00:00 2001 From: Dennis Hoppe Date: Thu, 13 Jan 2022 15:10:53 +0100 Subject: [PATCH 5/6] Update documentation (fix typo) --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 850f5c2..7ed86f5 100644 --- a/README.md +++ b/README.md @@ -134,8 +134,8 @@ kubectl label node 'k3os.io/upgrade'- If you want to takedown the cluster, you can proceed as follows: ```sh -kubectl delete -k hetzer/csi -kubectl delete -k hetzer/ccm +kubectl delete -k hetzner/csi +kubectl delete -k hetzner/ccm hcloud load-balancer delete traefik terraform destroy -auto-approve ``` From 37d21785331834c6b1c20da86ffaa6f197d4b1b8 Mon Sep 17 00:00:00 2001 From: Dennis Hoppe Date: Thu, 13 Jan 2022 18:34:53 +0100 Subject: [PATCH 6/6] Prevent secrets from being exposed --- variables.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 8f2c670..3af945a 100644 --- a/variables.tf +++ b/variables.tf @@ -1,6 +1,7 @@ variable "hcloud_token" { - description = "Hetzner API tokey" + description = "Hetzner Cloud API Token" type = string + sensitive = true } variable "public_key" {