add toggle to disable traefik & metric server
This commit is contained in:
parent
494a2a11f3
commit
ac1b0b93a8
@ -37,7 +37,7 @@ _Please note that we are not affiliated to Hetzner, this is just an open source
|
|||||||
- Proper use of the underlying Hetzner private network to remove the need for encryption and minimize latency.
|
- Proper use of the underlying Hetzner private network to remove the need for encryption and minimize latency.
|
||||||
- Automatic HA with the default setting of three control-plane and two agents nodes.
|
- Automatic HA with the default setting of three control-plane and two agents nodes.
|
||||||
- Ability to add or remove as many nodes as you want while the cluster stays running.
|
- Ability to add or remove as many nodes as you want while the cluster stays running.
|
||||||
- Automatic Traefik ingress controller attached to a Hetzner load balancer with proxy protocol turned on.
|
- (Optional) Traefik ingress controller attached to a Hetzner load balancer with proxy protocol turned on.
|
||||||
- (Optional) Out of the box config of Traefik with SSL certficate auto-generation.
|
- (Optional) Out of the box config of Traefik with SSL certficate auto-generation.
|
||||||
|
|
||||||
_It uses Terraform to deploy as it's easy to use, and Hetzner provides a great [Hetzner Terraform Provider](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs)._
|
_It uses Terraform to deploy as it's easy to use, and Hetzner provides a great [Hetzner Terraform Provider](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs)._
|
||||||
|
8
init.tf
8
init.tf
@ -13,7 +13,7 @@ resource "null_resource" "first_control_plane" {
|
|||||||
token = random_password.k3s_token.result
|
token = random_password.k3s_token.result
|
||||||
cluster-init = true
|
cluster-init = true
|
||||||
disable-cloud-controller = true
|
disable-cloud-controller = true
|
||||||
disable = concat(["local-storage"], local.is_single_node_cluster ? [] : ["servicelb"])
|
disable = concat(["local-storage"], local.is_single_node_cluster ? [] : ["servicelb"], var.traefik_enabled ? [] : ["traefik"], var.metric_server_enabled ? [] : ["metric-server"])
|
||||||
flannel-iface = "eth1"
|
flannel-iface = "eth1"
|
||||||
kubelet-arg = "cloud-provider=external"
|
kubelet-arg = "cloud-provider=external"
|
||||||
node-ip = module.control_planes[0].private_ipv4_address
|
node-ip = module.control_planes[0].private_ipv4_address
|
||||||
@ -79,7 +79,7 @@ resource "null_resource" "kustomization" {
|
|||||||
"https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml",
|
"https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml",
|
||||||
"https://github.com/weaveworks/kured/releases/download/${local.kured_version}/kured-${local.kured_version}-dockerhub.yaml",
|
"https://github.com/weaveworks/kured/releases/download/${local.kured_version}/kured-${local.kured_version}-dockerhub.yaml",
|
||||||
"https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml",
|
"https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml",
|
||||||
], local.is_single_node_cluster ? [] : ["traefik.yaml"]),
|
], local.is_single_node_cluster ? [] : var.traefik_enabled ? ["traefik.yaml"] : []),
|
||||||
patchesStrategicMerge = [
|
patchesStrategicMerge = [
|
||||||
file("${path.module}/kustomize/kured.yaml"),
|
file("${path.module}/kustomize/kured.yaml"),
|
||||||
file("${path.module}/kustomize/ccm.yaml"),
|
file("${path.module}/kustomize/ccm.yaml"),
|
||||||
@ -91,7 +91,7 @@ resource "null_resource" "kustomization" {
|
|||||||
|
|
||||||
# Upload traefik config
|
# Upload traefik config
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
content = local.is_single_node_cluster ? "" : templatefile(
|
content = local.is_single_node_cluster ? "" : var.traefik_enabled == false ? "" : templatefile(
|
||||||
"${path.module}/templates/traefik_config.yaml.tpl",
|
"${path.module}/templates/traefik_config.yaml.tpl",
|
||||||
{
|
{
|
||||||
name = "${var.cluster_name}-traefik"
|
name = "${var.cluster_name}-traefik"
|
||||||
@ -142,7 +142,7 @@ resource "null_resource" "kustomization" {
|
|||||||
"kubectl -n system-upgrade wait --for=condition=available --timeout=120s deployment/system-upgrade-controller",
|
"kubectl -n system-upgrade wait --for=condition=available --timeout=120s deployment/system-upgrade-controller",
|
||||||
"kubectl -n system-upgrade apply -f /tmp/post_install/plans.yaml"
|
"kubectl -n system-upgrade apply -f /tmp/post_install/plans.yaml"
|
||||||
],
|
],
|
||||||
local.is_single_node_cluster ? [] : [<<-EOT
|
local.is_single_node_cluster ? [] : var.traefik_enabled == false ? [] : [<<-EOT
|
||||||
timeout 120 bash <<EOF
|
timeout 120 bash <<EOF
|
||||||
until [ -n "\$(kubectl get -n kube-system service/traefik --output=jsonpath='{.status.loadBalancer.ingress[0].ip}' 2> /dev/null)" ]; do
|
until [ -n "\$(kubectl get -n kube-system service/traefik --output=jsonpath='{.status.loadBalancer.ingress[0].ip}' 2> /dev/null)" ]; do
|
||||||
echo "Waiting for load-balancer to get an IP..."
|
echo "Waiting for load-balancer to get an IP..."
|
||||||
|
2
main.tf
2
main.tf
@ -56,7 +56,7 @@ resource "hcloud_placement_group" "k3s" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
data "hcloud_load_balancer" "traefik" {
|
data "hcloud_load_balancer" "traefik" {
|
||||||
count = local.is_single_node_cluster ? 0 : 1
|
count = local.is_single_node_cluster ? 0 : var.traefik_enabled == false ? 0 : 1
|
||||||
name = "${var.cluster_name}-traefik"
|
name = "${var.cluster_name}-traefik"
|
||||||
|
|
||||||
depends_on = [null_resource.kustomization]
|
depends_on = [null_resource.kustomization]
|
||||||
|
@ -17,7 +17,7 @@ output "agents_public_ipv4" {
|
|||||||
|
|
||||||
output "load_balancer_public_ipv4" {
|
output "load_balancer_public_ipv4" {
|
||||||
description = "The public IPv4 address of the Hetzner load balancer"
|
description = "The public IPv4 address of the Hetzner load balancer"
|
||||||
value = local.is_single_node_cluster ? module.control_planes[0].ipv4_address : data.hcloud_load_balancer.traefik[0].ipv4
|
value = local.is_single_node_cluster || var.traefik_enabled == false ? module.control_planes[0].ipv4_address : data.hcloud_load_balancer.traefik[0].ipv4
|
||||||
}
|
}
|
||||||
|
|
||||||
output "kubeconfig_file" {
|
output "kubeconfig_file" {
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
# This is in order to keep terraform from re-provisioning all nodes at once which would loose data. If you want to update,
|
# This is in order to keep terraform from re-provisioning all nodes at once which would loose data. If you want to update,
|
||||||
# those, you should instead change the value here and then manually re-provision each node one-by-one. Grep for "lifecycle".
|
# those, you should instead change the value here and then manually re-provision each node one-by-one. Grep for "lifecycle".
|
||||||
|
|
||||||
# * Your Hetzner project API token
|
# * Your Hetzner project API token
|
||||||
hcloud_token = "xxxxxxxxxxxxxxxxxxYYYYYYYYYYYYYYYYYYYzzzzzzzzzzzzzzzzzzzzz"
|
hcloud_token = "xxxxxxxxxxxxxxxxxxYYYYYYYYYYYYYYYYYYYzzzzzzzzzzzzzzzzzzzzz"
|
||||||
# * Your public key
|
# * Your public key
|
||||||
public_key = "/home/username/.ssh/id_ed25519.pub"
|
public_key = "/home/username/.ssh/id_ed25519.pub"
|
||||||
@ -63,10 +63,15 @@ load_balancer_type = "lb11"
|
|||||||
# hetzner_ccm_version = ""
|
# hetzner_ccm_version = ""
|
||||||
# hetzner_csi_version = ""
|
# hetzner_csi_version = ""
|
||||||
|
|
||||||
|
# If you want to use traefik ingress controller with a loadbalancer
|
||||||
|
# traefik_enabled = true
|
||||||
# If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
|
# If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
|
||||||
# traefik_acme_tls = true
|
# traefik_acme_tls = true
|
||||||
# traefik_acme_email = "mail@example.com"
|
# traefik_acme_email = "mail@example.com"
|
||||||
|
|
||||||
|
# If you want to enable k8s metric server or not
|
||||||
|
# metric_server_enabled = false
|
||||||
|
|
||||||
# If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false".
|
# If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false".
|
||||||
# Also good for single node clusters.
|
# Also good for single node clusters.
|
||||||
# allow_scheduling_on_control_plane = true
|
# allow_scheduling_on_control_plane = true
|
||||||
|
12
variables.tf
12
variables.tf
@ -80,6 +80,12 @@ variable "hetzner_csi_version" {
|
|||||||
description = "Version of Container Storage Interface driver for Hetzner Cloud"
|
description = "Version of Container Storage Interface driver for Hetzner Cloud"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "traefik_enabled" {
|
||||||
|
type = bool
|
||||||
|
default = false
|
||||||
|
description = "Whether to enable or disbale k3s traefik installation"
|
||||||
|
}
|
||||||
|
|
||||||
variable "traefik_acme_tls" {
|
variable "traefik_acme_tls" {
|
||||||
type = bool
|
type = bool
|
||||||
default = false
|
default = false
|
||||||
@ -98,6 +104,12 @@ variable "allow_scheduling_on_control_plane" {
|
|||||||
description = "Whether to allow non-control-plane workloads to run on the control-plane nodes"
|
description = "Whether to allow non-control-plane workloads to run on the control-plane nodes"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "metric_server_enabled" {
|
||||||
|
type = bool
|
||||||
|
default = true
|
||||||
|
description = "Whether to enable or disbale k3s mertric server"
|
||||||
|
}
|
||||||
|
|
||||||
variable "initial_k3s_channel" {
|
variable "initial_k3s_channel" {
|
||||||
type = string
|
type = string
|
||||||
default = "stable"
|
default = "stable"
|
||||||
|
Loading…
Reference in New Issue
Block a user