Merge pull request #113 from kube-hetzner/name-suffixes

add random pet names for cluster & nodes
This commit is contained in:
Karim Naufal 2022-03-06 22:26:26 +01:00 committed by GitHub
commit c2f8c747c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 67 additions and 24 deletions

2
.gitignore vendored
View File

@ -6,4 +6,4 @@ kubeconfig.yaml-e
terraform.tfvars
plans-custom.yaml
traefik-custom.yaml
kured-custom.yaml
kured-custom.yaml

View File

@ -3,7 +3,7 @@ module "agents" {
for_each = local.agent_nodepools
name = each.key
name = "${var.use_cluster_name_in_node_name ? "${random_pet.cluster.id}-" : ""}${each.value.nodepool_name}"
ssh_keys = [hcloud_ssh_key.k3s.id]
public_key = var.public_key
private_key = var.private_key
@ -23,8 +23,6 @@ module "agents" {
"engine" = "k3s"
}
hcloud_token = var.hcloud_token
depends_on = [
hcloud_network_subnet.subnet
]

View File

@ -1,9 +1,8 @@
module "control_planes" {
source = "./modules/host"
count = var.control_plane_count
name = "control-plane-${count.index}"
count = var.control_plane_count
name = "${var.use_cluster_name_in_node_name ? "${random_pet.cluster.id}-" : ""}control-plane"
ssh_keys = [hcloud_ssh_key.k3s.id]
public_key = var.public_key
private_key = var.private_key
@ -23,8 +22,6 @@ module "control_planes" {
"engine" = "k3s"
}
hcloud_token = var.hcloud_token
depends_on = [
hcloud_network_subnet.subnet
]

View File

@ -94,6 +94,7 @@ resource "null_resource" "kustomization" {
content = local.is_single_node_cluster ? "" : templatefile(
"${path.module}/templates/traefik_config.yaml.tpl",
{
name = "${random_pet.cluster.id}-traefik"
load_balancer_disable_ipv6 = var.load_balancer_disable_ipv6
load_balancer_type = var.load_balancer_type
location = var.location

View File

@ -173,6 +173,7 @@ locals {
for nodepool_name, nodepool_obj in var.agent_nodepools : {
for index in range(nodepool_obj.count) :
format("%s-%s", nodepool_name, index) => {
nodepool_name : nodepool_name,
server_type : nodepool_obj.server_type,
subnet : nodepool_obj.subnet,
index : index

15
main.tf
View File

@ -1,15 +1,20 @@
resource "random_pet" "cluster" {
length = 1
prefix = var.cluster_prefix
}
resource "random_password" "k3s_token" {
length = 48
special = false
}
resource "hcloud_ssh_key" "k3s" {
name = "k3s"
name = random_pet.cluster.id
public_key = local.ssh_public_key
}
resource "hcloud_network" "k3s" {
name = "k3s"
name = random_pet.cluster.id
ip_range = var.network_ipv4_range
}
@ -32,7 +37,7 @@ resource "hcloud_network_subnet" "subnet" {
}
resource "hcloud_firewall" "k3s" {
name = "k3s"
name = random_pet.cluster.id
dynamic "rule" {
for_each = concat(local.base_firewall_rules, var.extra_firewall_rules)
@ -47,7 +52,7 @@ resource "hcloud_firewall" "k3s" {
}
resource "hcloud_placement_group" "k3s" {
name = "k3s"
name = random_pet.cluster.id
type = "spread"
labels = {
"provisioner" = "terraform",
@ -57,7 +62,7 @@ resource "hcloud_placement_group" "k3s" {
data "hcloud_load_balancer" "traefik" {
count = local.is_single_node_cluster ? 0 : 1
name = "traefik"
name = "${random_pet.cluster.id}-traefik"
depends_on = [null_resource.kustomization]
}

View File

@ -10,4 +10,7 @@ locals {
ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
# shared flags for ssh to ignore host keys, to use our ssh identity file for all connections during provisioning.
ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}"
# the hosts name with its unique suffix attached
name = "${var.name}-${random_pet.server.id}"
}

View File

@ -1,5 +1,25 @@
resource "random_pet" "server" {
length = 1
keepers = {
# We re-create the id (and server) whenever one of those attributes
# changes. This should include all input variables to this module,
# but NO SENSITIVE values as they might be logged here.
name = var.name
public_key = var.public_key
additional_public_keys = join(",", var.additional_public_keys)
ssh_keys = join(",", var.ssh_keys)
firewall_ids = join(",", var.firewall_ids)
placement_group_id = var.placement_group_id
labels = join(",", [for k, v in var.labels: "${k}=${v}" ])
location = var.location
ipv4_subnet_id = var.ipv4_subnet_id
private_ipv4 = var.private_ipv4
server_type = var.server_type
}
}
resource "hcloud_server" "server" {
name = var.name
name = local.name
image = "ubuntu-20.04"
rescue = "linux64"
@ -90,7 +110,7 @@ data "template_cloudinit_config" "config" {
content = templatefile(
"${path.module}/templates/userdata.yaml.tpl",
{
hostname = var.name
hostname = local.name
sshAuthorizedKeys = concat([local.ssh_public_key], var.additional_public_keys)
}
)

View File

@ -1,9 +1,3 @@
variable "hcloud_token" {
description = "Hetzner Cloud API Token"
type = string
sensitive = true
}
variable "name" {
description = "Host name"
type = string

View File

@ -1,3 +1,8 @@
output "cluster_name" {
value = random_pet.cluster.id
description = "Shared suffix for all resources belonging to this cluster."
}
output "control_planes_public_ipv4" {
value = module.control_planes.*.ipv4_address
description = "The public IPv4 addresses of the controlplane server."

View File

@ -9,7 +9,7 @@ spec:
enabled: true
type: LoadBalancer
annotations:
"load-balancer.hetzner.cloud/name": "traefik"
"load-balancer.hetzner.cloud/name": ${name}
# make hetzners load-balancer connect to our nodes via our private k3s
"load-balancer.hetzner.cloud/use-private-ip": "true"
# keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet
@ -31,4 +31,4 @@ spec:
- "--certificatesresolvers.le.acme.tlschallenge=true"
- "--certificatesresolvers.le.acme.email=${traefik_acme_email}"
- "--certificatesresolvers.le.acme.storage=/data/acme.json"
%{ endif ~}
%{ endif ~}

View File

@ -77,6 +77,12 @@ load_balancer_type = "lb11"
# Allows you to specify either stable, latest, or testing (defaults to stable), see https://rancher.com/docs/k3s/latest/en/upgrades/basic/
# initial_k3s_channel = "latest"
# Whether to use the cluster name in the node name, i.e. add the prefix k3s-(cluster_name)- to the nodes? The default is "true".
# use_cluster_name_in_node_name = false
# Prefix for the cluster name, by default "k3s"
# cluster_prefix = ""
# Adding extra firewall rules, like opening a port
# In this example with allow port TCP 5432 for a Postgres service we will open via a nodeport
# More info on the format here https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/firewall

View File

@ -121,7 +121,20 @@ variable "extra_firewall_rules" {
description = "Additional firewall rules to apply to the cluster"
}
variable "use_cluster_name_in_node_name" {
type = bool
default = true
description = "Whether to use the cluster name in the node name"
}
variable "cluster_prefix" {
type = string
default = "k3s"
description = "Prefix for the cluster name"
}
variable "traefik_additional_options" {
type = list(string)
default = []
}