Merge pull request #113 from kube-hetzner/name-suffixes

add random pet names for cluster & nodes

.gitignore

@@ -6,4 +6,4 @@ kubeconfig.yaml-e
 terraform.tfvars
 plans-custom.yaml
 traefik-custom.yaml
-kured-custom.yaml
+kured-custom.yaml

agents.tf

@@ -3,7 +3,7 @@ module "agents" {
 
   for_each = local.agent_nodepools
 
-  name                   = each.key
+  name                   = "${var.use_cluster_name_in_node_name ? "${random_pet.cluster.id}-" : ""}${each.value.nodepool_name}"
   ssh_keys               = [hcloud_ssh_key.k3s.id]
   public_key             = var.public_key
   private_key            = var.private_key
@@ -23,8 +23,6 @@ module "agents" {
     "engine"      = "k3s"
   }
 
-  hcloud_token = var.hcloud_token
-
   depends_on = [
     hcloud_network_subnet.subnet
   ]

control_planes.tf

@@ -1,9 +1,8 @@
 module "control_planes" {
   source = "./modules/host"
 
-  count = var.control_plane_count
-  name  = "control-plane-${count.index}"
-
+  count                  = var.control_plane_count
+  name                   = "${var.use_cluster_name_in_node_name ? "${random_pet.cluster.id}-" : ""}control-plane"
   ssh_keys               = [hcloud_ssh_key.k3s.id]
   public_key             = var.public_key
   private_key            = var.private_key
@@ -23,8 +22,6 @@ module "control_planes" {
     "engine"      = "k3s"
   }
 
-  hcloud_token = var.hcloud_token
-
   depends_on = [
     hcloud_network_subnet.subnet
   ]

init.tf

@@ -94,6 +94,7 @@ resource "null_resource" "kustomization" {
     content = local.is_single_node_cluster ? "" : templatefile(
       "${path.module}/templates/traefik_config.yaml.tpl",
       {
+        name                       = "${random_pet.cluster.id}-traefik"
         load_balancer_disable_ipv6 = var.load_balancer_disable_ipv6
         load_balancer_type         = var.load_balancer_type
         location                   = var.location

locals.tf

@@ -173,6 +173,7 @@ locals {
     for nodepool_name, nodepool_obj in var.agent_nodepools : {
       for index in range(nodepool_obj.count) :
       format("%s-%s", nodepool_name, index) => {
+        nodepool_name : nodepool_name,
         server_type : nodepool_obj.server_type,
         subnet : nodepool_obj.subnet,
         index : index

main.tf

@@ -1,15 +1,20 @@
+resource "random_pet" "cluster" {
+  length = 1
+  prefix = var.cluster_prefix
+}
+
 resource "random_password" "k3s_token" {
   length  = 48
   special = false
 }
 
 resource "hcloud_ssh_key" "k3s" {
-  name       = "k3s"
+  name       = random_pet.cluster.id
   public_key = local.ssh_public_key
 }
 
 resource "hcloud_network" "k3s" {
-  name     = "k3s"
+  name     = random_pet.cluster.id
   ip_range = var.network_ipv4_range
 }
 
@@ -32,7 +37,7 @@ resource "hcloud_network_subnet" "subnet" {
 }
 
 resource "hcloud_firewall" "k3s" {
-  name = "k3s"
+  name = random_pet.cluster.id
 
   dynamic "rule" {
     for_each = concat(local.base_firewall_rules, var.extra_firewall_rules)
@@ -47,7 +52,7 @@ resource "hcloud_firewall" "k3s" {
 }
 
 resource "hcloud_placement_group" "k3s" {
-  name = "k3s"
+  name = random_pet.cluster.id
   type = "spread"
   labels = {
     "provisioner" = "terraform",
@@ -57,7 +62,7 @@ resource "hcloud_placement_group" "k3s" {
 
 data "hcloud_load_balancer" "traefik" {
   count = local.is_single_node_cluster ? 0 : 1
-  name  = "traefik"
+  name  = "${random_pet.cluster.id}-traefik"
 
   depends_on = [null_resource.kustomization]
 }

modules/host/locals.tf

@@ -10,4 +10,7 @@ locals {
   ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
   # shared flags for ssh to ignore host keys, to use our ssh identity file for all connections during provisioning.
   ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}"
+
+  # the hosts name with its unique suffix attached
+  name = "${var.name}-${random_pet.server.id}"
 }

modules/host/main.tf

@@ -1,5 +1,25 @@
+resource "random_pet" "server" {
+  length  = 1
+  keepers = {
+    # We re-create the id (and server) whenever one of those attributes
+    # changes. This should include all input variables to this module,
+    # but NO SENSITIVE values as they might be logged here.
+    name = var.name
+    public_key = var.public_key
+    additional_public_keys = join(",", var.additional_public_keys)
+    ssh_keys = join(",", var.ssh_keys)
+    firewall_ids = join(",", var.firewall_ids)
+    placement_group_id = var.placement_group_id
+    labels = join(",", [for k, v in var.labels: "${k}=${v}" ])
+    location = var.location
+    ipv4_subnet_id = var.ipv4_subnet_id
+    private_ipv4 = var.private_ipv4
+    server_type = var.server_type
+  }
+}
+
 resource "hcloud_server" "server" {
-  name = var.name
+  name = local.name
 
   image              = "ubuntu-20.04"
   rescue             = "linux64"
@@ -90,7 +110,7 @@ data "template_cloudinit_config" "config" {
     content = templatefile(
       "${path.module}/templates/userdata.yaml.tpl",
       {
-        hostname          = var.name
+        hostname          = local.name
         sshAuthorizedKeys = concat([local.ssh_public_key], var.additional_public_keys)
       }
     )

modules/host/variables.tf

@@ -1,9 +1,3 @@
-variable "hcloud_token" {
-  description = "Hetzner Cloud API Token"
-  type        = string
-  sensitive   = true
-}
-
 variable "name" {
   description = "Host name"
   type        = string

output.tf

@@ -1,3 +1,8 @@
+output "cluster_name" {
+  value       = random_pet.cluster.id
+  description = "Shared suffix for all resources belonging to this cluster."
+}
+
 output "control_planes_public_ipv4" {
   value       = module.control_planes.*.ipv4_address
   description = "The public IPv4 addresses of the controlplane server."

templates/traefik_config.yaml.tpl

@@ -9,7 +9,7 @@ spec:
       enabled: true
       type: LoadBalancer
       annotations:
-        "load-balancer.hetzner.cloud/name": "traefik"
+        "load-balancer.hetzner.cloud/name": ${name}
         # make hetzners load-balancer connect to our nodes via our private k3s
         "load-balancer.hetzner.cloud/use-private-ip": "true"
         # keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet
@@ -31,4 +31,4 @@ spec:
       - "--certificatesresolvers.le.acme.tlschallenge=true"
       - "--certificatesresolvers.le.acme.email=${traefik_acme_email}"
       - "--certificatesresolvers.le.acme.storage=/data/acme.json"
-%{ endif ~}
+%{ endif ~}

terraform.tfvars.example

@@ -77,6 +77,12 @@ load_balancer_type        = "lb11"
 # Allows you to specify either stable, latest, or testing (defaults to stable), see https://rancher.com/docs/k3s/latest/en/upgrades/basic/
 # initial_k3s_channel = "latest"
 
+# Whether to use the cluster name in the node name, i.e. add the prefix k3s-(cluster_name)- to the nodes? The default is "true".
+# use_cluster_name_in_node_name = false
+
+# Prefix for the cluster name, by default "k3s"
+# cluster_prefix = ""
+
 # Adding extra firewall rules, like opening a port
 # In this example with allow port TCP 5432 for a Postgres service we will open via a nodeport
 # More info on the format here https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/firewall

variables.tf

@@ -121,7 +121,20 @@ variable "extra_firewall_rules" {
   description = "Additional firewall rules to apply to the cluster"
 }
 
+variable "use_cluster_name_in_node_name" {
+  type        = bool
+  default     = true
+  description = "Whether to use the cluster name in the node name"
+}
+
+variable "cluster_prefix" {
+  type        = string
+  default     = "k3s"
+  description = "Prefix for the cluster name"
+}
+
 variable "traefik_additional_options" {
   type    = list(string)
   default = []
+
 }