From 5cf6f9eef4022e8ba6b841a5f2093db956439c6c Mon Sep 17 00:00:00 2001 From: phaer Date: Fri, 4 Mar 2022 22:04:07 +0100 Subject: [PATCH 01/12] add random pet names for cluster & nodes --- agents.tf | 6 +++++- control_planes.tf | 6 +++++- init.tf | 1 + main.tf | 13 ++++++++----- output.tf | 5 +++++ templates/traefik_config.yaml.tpl | 4 ++-- 6 files changed, 26 insertions(+), 9 deletions(-) diff --git a/agents.tf b/agents.tf index 10912ec..0bdb214 100644 --- a/agents.tf +++ b/agents.tf @@ -1,9 +1,13 @@ +resource "random_pet" "agents" { + for_each = local.agent_nodepools +} + module "agents" { source = "./modules/host" for_each = local.agent_nodepools - name = each.key + name = "${each.key}-${random_pet.cluster.id}-${random_pet.agents[each.key].id}" ssh_keys = [hcloud_ssh_key.k3s.id] public_key = var.public_key private_key = var.private_key diff --git a/control_planes.tf b/control_planes.tf index 34cf4bf..082319a 100644 --- a/control_planes.tf +++ b/control_planes.tf @@ -1,8 +1,12 @@ +resource "random_pet" "control_planes" { + count = var.control_plane_count +} + module "control_planes" { source = "./modules/host" count = var.control_plane_count - name = "control-plane-${count.index}" + name = "control-plane-${random_pet.cluster.id}-${random_pet.control_planes[count.index].id}" ssh_keys = [hcloud_ssh_key.k3s.id] public_key = var.public_key diff --git a/init.tf b/init.tf index 36e85a3..39b2c47 100644 --- a/init.tf +++ b/init.tf @@ -94,6 +94,7 @@ resource "null_resource" "kustomization" { content = local.is_single_node_cluster ? "" : templatefile( "${path.module}/templates/traefik_config.yaml.tpl", { + cluster_pet_name = random_pet.cluster.id load_balancer_disable_ipv6 = var.load_balancer_disable_ipv6 load_balancer_type = var.load_balancer_type location = var.location diff --git a/main.tf b/main.tf index ce18aa8..1ca3bf6 100644 --- a/main.tf +++ b/main.tf @@ -1,15 +1,18 @@ +resource "random_pet" "cluster" { +} + resource "random_password" "k3s_token" { length = 48 special = false } resource "hcloud_ssh_key" "k3s" { - name = "k3s" + name = "k3s-${random_pet.cluster.id}" public_key = local.ssh_public_key } resource "hcloud_network" "k3s" { - name = "k3s" + name = "k3s-${random_pet.cluster.id}" ip_range = var.network_ipv4_range } @@ -22,7 +25,7 @@ resource "hcloud_network_subnet" "subnet" { } resource "hcloud_firewall" "k3s" { - name = "k3s" + name = "k3s-${random_pet.cluster.id}" dynamic "rule" { for_each = concat(local.base_firewall_rules, var.extra_firewall_rules) @@ -37,7 +40,7 @@ resource "hcloud_firewall" "k3s" { } resource "hcloud_placement_group" "k3s" { - name = "k3s" + name = "k3s-${random_pet.cluster.id}" type = "spread" labels = { "provisioner" = "terraform", @@ -47,7 +50,7 @@ resource "hcloud_placement_group" "k3s" { data "hcloud_load_balancer" "traefik" { count = local.is_single_node_cluster ? 0 : 1 - name = "traefik" + name = "traefik-${random_pet.cluster.id}" depends_on = [null_resource.kustomization] } diff --git a/output.tf b/output.tf index 4d2033e..aa0604c 100644 --- a/output.tf +++ b/output.tf @@ -1,3 +1,8 @@ +output "cluster_pet_name" { + value = random_pet.cluster + description = "Shared suffix for all resources belonging to this cluster." +} + output "control_planes_public_ipv4" { value = module.control_planes.*.ipv4_address description = "The public IPv4 addresses of the controlplane server." diff --git a/templates/traefik_config.yaml.tpl b/templates/traefik_config.yaml.tpl index 75ce20f..e78d957 100644 --- a/templates/traefik_config.yaml.tpl +++ b/templates/traefik_config.yaml.tpl @@ -9,7 +9,7 @@ spec: enabled: true type: LoadBalancer annotations: - "load-balancer.hetzner.cloud/name": "traefik" + "load-balancer.hetzner.cloud/name": "traefik-${cluster_pet_name}" # make hetzners load-balancer connect to our nodes via our private k3s "load-balancer.hetzner.cloud/use-private-ip": "true" # keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet @@ -28,4 +28,4 @@ spec: - "--certificatesresolvers.le.acme.tlschallenge=true" - "--certificatesresolvers.le.acme.email=${traefik_acme_email}" - "--certificatesresolvers.le.acme.storage=/data/acme.json" -%{ endif ~} \ No newline at end of file +%{ endif ~} From 385bd788be27833c27275b3477add5d3f271c312 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Fri, 4 Mar 2022 23:41:49 +0100 Subject: [PATCH 02/12] reduced number of words in names and remove cluster name in node names --- agents.tf | 3 ++- control_planes.tf | 5 +++-- locals.tf | 1 + main.tf | 1 + output.tf | 2 +- 5 files changed, 8 insertions(+), 4 deletions(-) diff --git a/agents.tf b/agents.tf index 0bdb214..b279e0e 100644 --- a/agents.tf +++ b/agents.tf @@ -1,5 +1,6 @@ resource "random_pet" "agents" { for_each = local.agent_nodepools + length = 1 } module "agents" { @@ -7,7 +8,7 @@ module "agents" { for_each = local.agent_nodepools - name = "${each.key}-${random_pet.cluster.id}-${random_pet.agents[each.key].id}" + name = "${each.value.nodepool_name}-${random_pet.agents[each.key].id}" ssh_keys = [hcloud_ssh_key.k3s.id] public_key = var.public_key private_key = var.private_key diff --git a/control_planes.tf b/control_planes.tf index 082319a..adccd05 100644 --- a/control_planes.tf +++ b/control_planes.tf @@ -1,12 +1,13 @@ resource "random_pet" "control_planes" { - count = var.control_plane_count + count = var.control_plane_count + length = 1 } module "control_planes" { source = "./modules/host" count = var.control_plane_count - name = "control-plane-${random_pet.cluster.id}-${random_pet.control_planes[count.index].id}" + name = "control-plane-${random_pet.control_planes[count.index].id}" ssh_keys = [hcloud_ssh_key.k3s.id] public_key = var.public_key diff --git a/locals.tf b/locals.tf index 595cf45..a01b5cd 100644 --- a/locals.tf +++ b/locals.tf @@ -173,6 +173,7 @@ locals { for nodepool_name, nodepool_obj in var.agent_nodepools : { for index in range(nodepool_obj.count) : format("%s-%s", nodepool_name, index) => { + nodepool_name : nodepool_name, server_type : nodepool_obj.server_type, subnet : nodepool_obj.subnet, index : index diff --git a/main.tf b/main.tf index 1ca3bf6..fa0da53 100644 --- a/main.tf +++ b/main.tf @@ -1,4 +1,5 @@ resource "random_pet" "cluster" { + length = 1 } resource "random_password" "k3s_token" { diff --git a/output.tf b/output.tf index aa0604c..6631e6d 100644 --- a/output.tf +++ b/output.tf @@ -1,5 +1,5 @@ output "cluster_pet_name" { - value = random_pet.cluster + value = random_pet.cluster.id description = "Shared suffix for all resources belonging to this cluster." } From 75362c249aac280d6682ce1139b8c58977c9b999 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Sat, 5 Mar 2022 00:08:19 +0100 Subject: [PATCH 03/12] renamed output variable for cluster name --- output.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/output.tf b/output.tf index 6631e6d..9337e1d 100644 --- a/output.tf +++ b/output.tf @@ -1,4 +1,4 @@ -output "cluster_pet_name" { +output "cluster_name" { value = random_pet.cluster.id description = "Shared suffix for all resources belonging to this cluster." } From c18234b1eaa064ef310be3af281ecc2404842525 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Sat, 5 Mar 2022 00:25:15 +0100 Subject: [PATCH 04/12] reverted the cluster name two words --- main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main.tf b/main.tf index fa0da53..b42ff77 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ resource "random_pet" "cluster" { - length = 1 + length = 2 } resource "random_password" "k3s_token" { From 213845e543e9d498d092710b021ce14421e0f12e Mon Sep 17 00:00:00 2001 From: MartiniMoe Date: Fri, 4 Mar 2022 21:58:36 +0100 Subject: [PATCH 05/12] Remove secret from TLS example --- README.md | 1 - examples/tls/ingress.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/README.md b/README.md index fdadc06..6d351dc 100644 --- a/README.md +++ b/README.md @@ -149,7 +149,6 @@ spec: tls: - hosts: - example.com - secretName: example-tls rules: - host: example.com http: diff --git a/examples/tls/ingress.yaml b/examples/tls/ingress.yaml index 9888094..3c2d2ab 100644 --- a/examples/tls/ingress.yaml +++ b/examples/tls/ingress.yaml @@ -9,7 +9,6 @@ spec: tls: - hosts: - example.com - secretName: example-tls rules: - host: example.com http: From 34eb57522333bc6c1255adfdbc491329afa45547 Mon Sep 17 00:00:00 2001 From: phaer Date: Sat, 5 Mar 2022 00:19:16 +0100 Subject: [PATCH 06/12] re-add cluster pet name to nodes --- agents.tf | 2 +- control_planes.tf | 2 +- main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/agents.tf b/agents.tf index b279e0e..d9870c7 100644 --- a/agents.tf +++ b/agents.tf @@ -8,7 +8,7 @@ module "agents" { for_each = local.agent_nodepools - name = "${each.value.nodepool_name}-${random_pet.agents[each.key].id}" + name = "${each.value.nodepool_name}-${random_pet.cluster.id}-${random_pet.agents[each.key].id}" ssh_keys = [hcloud_ssh_key.k3s.id] public_key = var.public_key private_key = var.private_key diff --git a/control_planes.tf b/control_planes.tf index adccd05..0472a45 100644 --- a/control_planes.tf +++ b/control_planes.tf @@ -7,7 +7,7 @@ module "control_planes" { source = "./modules/host" count = var.control_plane_count - name = "control-plane-${random_pet.control_planes[count.index].id}" + name = "control-plane-${random_pet.cluster.id}-${random_pet.control_planes[count.index].id}" ssh_keys = [hcloud_ssh_key.k3s.id] public_key = var.public_key diff --git a/main.tf b/main.tf index b42ff77..fa0da53 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ resource "random_pet" "cluster" { - length = 2 + length = 1 } resource "random_password" "k3s_token" { From b2d160f33a90aa69753917b87b498b4d7543f4af Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Sat, 5 Mar 2022 03:23:42 +0100 Subject: [PATCH 07/12] tweaked traefik name to align with the rest of the ressources --- init.tf | 2 +- main.tf | 2 +- templates/traefik_config.yaml.tpl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/init.tf b/init.tf index 39b2c47..c09b428 100644 --- a/init.tf +++ b/init.tf @@ -94,7 +94,7 @@ resource "null_resource" "kustomization" { content = local.is_single_node_cluster ? "" : templatefile( "${path.module}/templates/traefik_config.yaml.tpl", { - cluster_pet_name = random_pet.cluster.id + name = "k3s-${random_pet.cluster.id}-traefik" load_balancer_disable_ipv6 = var.load_balancer_disable_ipv6 load_balancer_type = var.load_balancer_type location = var.location diff --git a/main.tf b/main.tf index fa0da53..2c14ef7 100644 --- a/main.tf +++ b/main.tf @@ -51,7 +51,7 @@ resource "hcloud_placement_group" "k3s" { data "hcloud_load_balancer" "traefik" { count = local.is_single_node_cluster ? 0 : 1 - name = "traefik-${random_pet.cluster.id}" + name = "k3s-${random_pet.cluster.id}-traefik" depends_on = [null_resource.kustomization] } diff --git a/templates/traefik_config.yaml.tpl b/templates/traefik_config.yaml.tpl index e78d957..35f6037 100644 --- a/templates/traefik_config.yaml.tpl +++ b/templates/traefik_config.yaml.tpl @@ -9,7 +9,7 @@ spec: enabled: true type: LoadBalancer annotations: - "load-balancer.hetzner.cloud/name": "traefik-${cluster_pet_name}" + "load-balancer.hetzner.cloud/name": name # make hetzners load-balancer connect to our nodes via our private k3s "load-balancer.hetzner.cloud/use-private-ip": "true" # keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet From ae731a774666e94024dfd44b377661c050924cb3 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Sat, 5 Mar 2022 04:02:09 +0100 Subject: [PATCH 08/12] added a flag for the node names --- agents.tf | 2 +- control_planes.tf | 5 ++--- templates/traefik_config.yaml.tpl | 2 +- terraform.tfvars.example | 3 +++ variables.tf | 6 ++++++ 5 files changed, 13 insertions(+), 5 deletions(-) diff --git a/agents.tf b/agents.tf index d9870c7..54e6941 100644 --- a/agents.tf +++ b/agents.tf @@ -8,7 +8,7 @@ module "agents" { for_each = local.agent_nodepools - name = "${each.value.nodepool_name}-${random_pet.cluster.id}-${random_pet.agents[each.key].id}" + name = var.use_cluster_name_in_node_name ? "k3s-${random_pet.cluster.id}-${each.value.nodepool_name}-${random_pet.agents[each.key].id}" : "${each.value.nodepool_name}-${random_pet.agents[each.key].id}" ssh_keys = [hcloud_ssh_key.k3s.id] public_key = var.public_key private_key = var.private_key diff --git a/control_planes.tf b/control_planes.tf index 0472a45..8c5b633 100644 --- a/control_planes.tf +++ b/control_planes.tf @@ -6,9 +6,8 @@ resource "random_pet" "control_planes" { module "control_planes" { source = "./modules/host" - count = var.control_plane_count - name = "control-plane-${random_pet.cluster.id}-${random_pet.control_planes[count.index].id}" - + count = var.control_plane_count + name = var.use_cluster_name_in_node_name ? "k3s-${random_pet.cluster.id}-control-plane-${random_pet.control_planes[count.index].id}" : "control-plane-${random_pet.control_planes[count.index].id}" ssh_keys = [hcloud_ssh_key.k3s.id] public_key = var.public_key private_key = var.private_key diff --git a/templates/traefik_config.yaml.tpl b/templates/traefik_config.yaml.tpl index 35f6037..d0ada91 100644 --- a/templates/traefik_config.yaml.tpl +++ b/templates/traefik_config.yaml.tpl @@ -9,7 +9,7 @@ spec: enabled: true type: LoadBalancer annotations: - "load-balancer.hetzner.cloud/name": name + "load-balancer.hetzner.cloud/name": ${name} # make hetzners load-balancer connect to our nodes via our private k3s "load-balancer.hetzner.cloud/use-private-ip": "true" # keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet diff --git a/terraform.tfvars.example b/terraform.tfvars.example index 3c4878b..c7e3e0b 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -77,6 +77,9 @@ load_balancer_type = "lb11" # Allows you to specify either stable, latest, or testing (defaults to stable), see https://rancher.com/docs/k3s/latest/en/upgrades/basic/ # initial_k3s_channel = "latest" +# Whether to use the cluster name in the node name, i.e. add the prefix k3s-(cluster_name)- to the nodes? The default is "false". +# use_cluster_name_in_node_name = true + # Adding extra firewall rules, like opening a port # In this example with allow port TCP 5432 for a Postgres service we will open via a nodeport # More info on the format here https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/firewall diff --git a/variables.tf b/variables.tf index d3439ae..837bcdb 100644 --- a/variables.tf +++ b/variables.tf @@ -120,3 +120,9 @@ variable "extra_firewall_rules" { default = [] description = "Additional firewall rules to apply to the cluster" } + +variable "use_cluster_name_in_node_name" { + type = bool + default = false + description = "Whether to use the cluster name in the node name" +} From b93087d896f9969ba1b188bfb30e91a7b3d7b375 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Sat, 5 Mar 2022 04:10:29 +0100 Subject: [PATCH 09/12] made cluster name in hostname the default --- terraform.tfvars.example | 4 ++-- variables.tf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform.tfvars.example b/terraform.tfvars.example index c7e3e0b..b732636 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -77,8 +77,8 @@ load_balancer_type = "lb11" # Allows you to specify either stable, latest, or testing (defaults to stable), see https://rancher.com/docs/k3s/latest/en/upgrades/basic/ # initial_k3s_channel = "latest" -# Whether to use the cluster name in the node name, i.e. add the prefix k3s-(cluster_name)- to the nodes? The default is "false". -# use_cluster_name_in_node_name = true +# Whether to use the cluster name in the node name, i.e. add the prefix k3s-(cluster_name)- to the nodes? The default is "true". +# use_cluster_name_in_node_name = false # Adding extra firewall rules, like opening a port # In this example with allow port TCP 5432 for a Postgres service we will open via a nodeport diff --git a/variables.tf b/variables.tf index 837bcdb..029ca59 100644 --- a/variables.tf +++ b/variables.tf @@ -123,6 +123,6 @@ variable "extra_firewall_rules" { variable "use_cluster_name_in_node_name" { type = bool - default = false + default = true description = "Whether to use the cluster name in the node name" } From e6b8249846ce2a9f0b41ad5ecb16d16691909f03 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Sat, 5 Mar 2022 05:33:29 +0100 Subject: [PATCH 10/12] made cluster name prefix configurable and tweaked ways the agents random pets are created small tweaks small tweaks --- .gitignore | 2 +- agents.tf | 6 +++--- control_planes.tf | 2 +- init.tf | 2 +- main.tf | 11 ++++++----- terraform.tfvars.example | 3 +++ variables.tf | 6 ++++++ 7 files changed, 21 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index 5f02e99..6c2542f 100644 --- a/.gitignore +++ b/.gitignore @@ -6,4 +6,4 @@ kubeconfig.yaml-e terraform.tfvars plans-custom.yaml traefik-custom.yaml -kured-custom.yaml \ No newline at end of file +kured-custom.yaml diff --git a/agents.tf b/agents.tf index 54e6941..4232b41 100644 --- a/agents.tf +++ b/agents.tf @@ -1,6 +1,6 @@ resource "random_pet" "agents" { - for_each = local.agent_nodepools - length = 1 + count = length(local.agent_nodepools) + length = 1 } module "agents" { @@ -8,7 +8,7 @@ module "agents" { for_each = local.agent_nodepools - name = var.use_cluster_name_in_node_name ? "k3s-${random_pet.cluster.id}-${each.value.nodepool_name}-${random_pet.agents[each.key].id}" : "${each.value.nodepool_name}-${random_pet.agents[each.key].id}" + name = var.use_cluster_name_in_node_name ? "${random_pet.cluster.id}-${each.value.nodepool_name}-${random_pet.agents[each.value.index].id}" : "${each.value.nodepool_name}-${random_pet.agents[each.value.index].id}" ssh_keys = [hcloud_ssh_key.k3s.id] public_key = var.public_key private_key = var.private_key diff --git a/control_planes.tf b/control_planes.tf index 8c5b633..ab68b8d 100644 --- a/control_planes.tf +++ b/control_planes.tf @@ -7,7 +7,7 @@ module "control_planes" { source = "./modules/host" count = var.control_plane_count - name = var.use_cluster_name_in_node_name ? "k3s-${random_pet.cluster.id}-control-plane-${random_pet.control_planes[count.index].id}" : "control-plane-${random_pet.control_planes[count.index].id}" + name = var.use_cluster_name_in_node_name ? "${random_pet.cluster.id}-control-plane-${random_pet.control_planes[count.index].id}" : "control-plane-${random_pet.control_planes[count.index].id}" ssh_keys = [hcloud_ssh_key.k3s.id] public_key = var.public_key private_key = var.private_key diff --git a/init.tf b/init.tf index c09b428..8d42dbc 100644 --- a/init.tf +++ b/init.tf @@ -94,7 +94,7 @@ resource "null_resource" "kustomization" { content = local.is_single_node_cluster ? "" : templatefile( "${path.module}/templates/traefik_config.yaml.tpl", { - name = "k3s-${random_pet.cluster.id}-traefik" + name = "${random_pet.cluster.id}-traefik" load_balancer_disable_ipv6 = var.load_balancer_disable_ipv6 load_balancer_type = var.load_balancer_type location = var.location diff --git a/main.tf b/main.tf index 2c14ef7..8254f1c 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,6 @@ resource "random_pet" "cluster" { length = 1 + prefix = var.cluster_prefix } resource "random_password" "k3s_token" { @@ -8,12 +9,12 @@ resource "random_password" "k3s_token" { } resource "hcloud_ssh_key" "k3s" { - name = "k3s-${random_pet.cluster.id}" + name = random_pet.cluster.id public_key = local.ssh_public_key } resource "hcloud_network" "k3s" { - name = "k3s-${random_pet.cluster.id}" + name = random_pet.cluster.id ip_range = var.network_ipv4_range } @@ -26,7 +27,7 @@ resource "hcloud_network_subnet" "subnet" { } resource "hcloud_firewall" "k3s" { - name = "k3s-${random_pet.cluster.id}" + name = random_pet.cluster.id dynamic "rule" { for_each = concat(local.base_firewall_rules, var.extra_firewall_rules) @@ -41,7 +42,7 @@ resource "hcloud_firewall" "k3s" { } resource "hcloud_placement_group" "k3s" { - name = "k3s-${random_pet.cluster.id}" + name = random_pet.cluster.id type = "spread" labels = { "provisioner" = "terraform", @@ -51,7 +52,7 @@ resource "hcloud_placement_group" "k3s" { data "hcloud_load_balancer" "traefik" { count = local.is_single_node_cluster ? 0 : 1 - name = "k3s-${random_pet.cluster.id}-traefik" + name = "${random_pet.cluster.id}-traefik" depends_on = [null_resource.kustomization] } diff --git a/terraform.tfvars.example b/terraform.tfvars.example index b732636..8959aab 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -80,6 +80,9 @@ load_balancer_type = "lb11" # Whether to use the cluster name in the node name, i.e. add the prefix k3s-(cluster_name)- to the nodes? The default is "true". # use_cluster_name_in_node_name = false +# Prefix for the cluster name, by default "k3s" +# cluster_prefix = "" + # Adding extra firewall rules, like opening a port # In this example with allow port TCP 5432 for a Postgres service we will open via a nodeport # More info on the format here https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs/resources/firewall diff --git a/variables.tf b/variables.tf index 029ca59..a9dee31 100644 --- a/variables.tf +++ b/variables.tf @@ -126,3 +126,9 @@ variable "use_cluster_name_in_node_name" { default = true description = "Whether to use the cluster name in the node name" } + +variable "cluster_prefix" { + type = string + default = "k3s" + description = "Prefix for the cluster name" +} From 3337a6a4f529082e9fe711aea2e3e9a84db0e919 Mon Sep 17 00:00:00 2001 From: phaer Date: Sat, 5 Mar 2022 14:50:54 +0100 Subject: [PATCH 11/12] remove unecessary hcloud_token var in host module --- agents.tf | 2 -- control_planes.tf | 2 -- modules/host/variables.tf | 6 ------ 3 files changed, 10 deletions(-) diff --git a/agents.tf b/agents.tf index 4232b41..43453b4 100644 --- a/agents.tf +++ b/agents.tf @@ -24,8 +24,6 @@ module "agents" { "engine" = "k3s" } - hcloud_token = var.hcloud_token - depends_on = [ hcloud_network_subnet.subnet ] diff --git a/control_planes.tf b/control_planes.tf index ab68b8d..3ed4825 100644 --- a/control_planes.tf +++ b/control_planes.tf @@ -24,8 +24,6 @@ module "control_planes" { "engine" = "k3s" } - hcloud_token = var.hcloud_token - depends_on = [ hcloud_network_subnet.subnet ] diff --git a/modules/host/variables.tf b/modules/host/variables.tf index 01abaa6..a8a454e 100644 --- a/modules/host/variables.tf +++ b/modules/host/variables.tf @@ -1,9 +1,3 @@ -variable "hcloud_token" { - description = "Hetzner Cloud API Token" - type = string - sensitive = true -} - variable "name" { description = "Host name" type = string From d08a3503620f7358ecdb621204c03b1ea0e545a4 Mon Sep 17 00:00:00 2001 From: phaer Date: Sat, 5 Mar 2022 15:25:43 +0100 Subject: [PATCH 12/12] move random_pet to host module --- agents.tf | 7 +------ control_planes.tf | 7 +------ modules/host/locals.tf | 3 +++ modules/host/main.tf | 24 ++++++++++++++++++++++-- 4 files changed, 27 insertions(+), 14 deletions(-) diff --git a/agents.tf b/agents.tf index 43453b4..a3ac5b6 100644 --- a/agents.tf +++ b/agents.tf @@ -1,14 +1,9 @@ -resource "random_pet" "agents" { - count = length(local.agent_nodepools) - length = 1 -} - module "agents" { source = "./modules/host" for_each = local.agent_nodepools - name = var.use_cluster_name_in_node_name ? "${random_pet.cluster.id}-${each.value.nodepool_name}-${random_pet.agents[each.value.index].id}" : "${each.value.nodepool_name}-${random_pet.agents[each.value.index].id}" + name = "${var.use_cluster_name_in_node_name ? "${random_pet.cluster.id}-" : ""}${each.value.nodepool_name}" ssh_keys = [hcloud_ssh_key.k3s.id] public_key = var.public_key private_key = var.private_key diff --git a/control_planes.tf b/control_planes.tf index 3ed4825..e4db4c9 100644 --- a/control_planes.tf +++ b/control_planes.tf @@ -1,13 +1,8 @@ -resource "random_pet" "control_planes" { - count = var.control_plane_count - length = 1 -} - module "control_planes" { source = "./modules/host" count = var.control_plane_count - name = var.use_cluster_name_in_node_name ? "${random_pet.cluster.id}-control-plane-${random_pet.control_planes[count.index].id}" : "control-plane-${random_pet.control_planes[count.index].id}" + name = "${var.use_cluster_name_in_node_name ? "${random_pet.cluster.id}-" : ""}control-plane" ssh_keys = [hcloud_ssh_key.k3s.id] public_key = var.public_key private_key = var.private_key diff --git a/modules/host/locals.tf b/modules/host/locals.tf index 1fcef4d..46e0f81 100644 --- a/modules/host/locals.tf +++ b/modules/host/locals.tf @@ -10,4 +10,7 @@ locals { ssh_identity_file = var.private_key == null ? var.public_key : var.private_key # shared flags for ssh to ignore host keys, to use our ssh identity file for all connections during provisioning. ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}" + + # the hosts name with its unique suffix attached + name = "${var.name}-${random_pet.server.id}" } diff --git a/modules/host/main.tf b/modules/host/main.tf index e085883..e397391 100644 --- a/modules/host/main.tf +++ b/modules/host/main.tf @@ -1,5 +1,25 @@ +resource "random_pet" "server" { + length = 1 + keepers = { + # We re-create the id (and server) whenever one of those attributes + # changes. This should include all input variables to this module, + # but NO SENSITIVE values as they might be logged here. + name = var.name + public_key = var.public_key + additional_public_keys = join(",", var.additional_public_keys) + ssh_keys = join(",", var.ssh_keys) + firewall_ids = join(",", var.firewall_ids) + placement_group_id = var.placement_group_id + labels = join(",", [for k, v in var.labels: "${k}=${v}" ]) + location = var.location + ipv4_subnet_id = var.ipv4_subnet_id + private_ipv4 = var.private_ipv4 + server_type = var.server_type + } +} + resource "hcloud_server" "server" { - name = var.name + name = local.name image = "ubuntu-20.04" rescue = "linux64" @@ -90,7 +110,7 @@ data "template_cloudinit_config" "config" { content = templatefile( "${path.module}/templates/userdata.yaml.tpl", { - hostname = var.name + hostname = local.name sshAuthorizedKeys = concat([local.ssh_public_key], var.additional_public_keys) } )