From bde0d5a4613276436aeb88c695bb96394f65f194 Mon Sep 17 00:00:00 2001 From: Florian Reinhold Date: Tue, 26 Apr 2022 23:49:28 +0200 Subject: [PATCH 1/8] completed k3s channel list --- terraform.tfvars.example | 3 ++- variables.tf | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/terraform.tfvars.example b/terraform.tfvars.example index 888bb8a..29fc1a3 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -127,7 +127,8 @@ load_balancer_location = "fsn1" # If you want to disable the automatic upgrade of k3s, you can set this to false. The default is "true". # automatically_upgrade_k3s = false -# Allows you to specify either stable, latest, or testing (defaults to stable), see https://rancher.com/docs/k3s/latest/en/upgrades/basic/ +# Allows you to specify either stable, latest, testing or supported minor versions (defaults to stable) +# see https://rancher.com/docs/k3s/latest/en/upgrades/basic/ and https://update.k3s.io/v1-release/channels # initial_k3s_channel = "latest" # The cluster name, by default "k3s" diff --git a/variables.tf b/variables.tf index e9726a1..6b7fba8 100644 --- a/variables.tf +++ b/variables.tf @@ -101,7 +101,7 @@ variable "initial_k3s_channel" { description = "Allows you to specify an initial k3s channel" validation { - condition = contains(["stable", "latest", "testing"], var.initial_k3s_channel) + condition = contains(["stable", "latest", "testing", "v1.16", "v1.17", "v1.18", "v1.19", "v1.20", "v1.21", "v1.22", "v1.23"], var.initial_k3s_channel) error_message = "The initial k3s channel must be one of stable, latest or testing." } } From 56ff30199d879e416d0efcd5a9b735ddf43b72ba Mon Sep 17 00:00:00 2001 From: Michael Karbowiak Date: Mon, 2 May 2022 16:03:15 +0200 Subject: [PATCH 2/8] Make Kured version changeable --- README.md | 7 ++++--- locals.tf | 2 +- terraform.tfvars.example | 8 +++++--- variables.tf | 6 ++++++ 4 files changed, 16 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 6415be5..d9fb2b3 100644 --- a/README.md +++ b/README.md @@ -54,12 +54,13 @@ Follow those simple steps, and your world's cheapest Kube cluster will be up and First and foremost, you need to have a Hetzner Cloud account. You can sign up for free [here](https://hetzner.com/cloud/). -Then you'll need to have [terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli), [kubectl](https://kubernetes.io/docs/tasks/tools/) cli, and [hcloud]() the Hetzner cli. The easiest way is to use the [homebrew](https://brew.sh/) package manager to install them (available on Linux, Mac, and Windows Linux Subsystem). +Then you'll need to have [terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli), [kubectl](https://kubernetes.io/docs/tasks/tools/) cli, [helm]() Helm and [hcloud]() the Hetzner cli. The easiest way is to use the [homebrew](https://brew.sh/) package manager to install them (available on Linux, Mac, and Windows Linux Subsystem). ```sh brew install terraform brew install kubectl brew install hcloud +brew install helm ``` @@ -205,7 +206,7 @@ It is easy to use Kube-Hetzner as a Terraform module. To do so: ``` terraform module "kube-hetzner" { source = "kube-hetzner/kube-hetzner/hcloud" - + # insert the required variables here found in terraform.tfvars.example } ``` @@ -285,4 +286,4 @@ Code contributions are very much **welcome**. [issues-url]: https://github.com/mysticaltech/kube-hetzner/issues [license-shield]: https://img.shields.io/github/license/mysticaltech/kube-hetzner.svg?style=for-the-badge [license-url]: https://github.com/mysticaltech/kube-hetzner/blob/master/LICENSE.txt -[product-screenshot]: https://github.com/kube-hetzner/kube-hetzner/raw/master/.images/kubectl-pod-all-17022022.png \ No newline at end of file +[product-screenshot]: https://github.com/kube-hetzner/kube-hetzner/raw/master/.images/kubectl-pod-all-17022022.png diff --git a/locals.tf b/locals.tf index 797f230..1de9764 100644 --- a/locals.tf +++ b/locals.tf @@ -13,7 +13,7 @@ locals { ccm_version = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag csi_version = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag - kured_version = data.github_release.kured.release_tag + kured_version = var.kured_version != null ? var.kured_version : data.github_release.kured.release_tag common_commands_install_k3s = [ "set -ex", diff --git a/terraform.tfvars.example b/terraform.tfvars.example index 29fc1a3..fceaafc 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -24,9 +24,9 @@ network_region = "eu-central" # change to `us-east` if location is ash # Of course, you can choose any number of nodepools you want, with the location you want. The only constraint on the location is that you need to stay in the same network region, Europe, or the US. # For the server type, the minimum instance supported is cpx11 (just a few cents more than cx11); see https://www.hetzner.com/cloud. -# IMPORTANT: Before you create your cluster, you can do anything you want with the nodepools, but you need at least one of each control plane and agent. +# IMPORTANT: Before you create your cluster, you can do anything you want with the nodepools, but you need at least one of each control plane and agent. # Once the cluster is up and running, you can change nodepool count and even set it to 0 (in the case of the first control-plane nodepool, the minimum is 1), -# you can also rename it (if the count is 0), but do not remove a nodepool from the list. +# you can also rename it (if the count is 0), but do not remove a nodepool from the list. # The only nodepools that are safe to remove from the list when you edit it are at the end of the lists. That is due to how subnets and IPs get allocated (FILO). # You can, however, freely add other nodepools at the end of each list if you want! The maximum number of nodepools you can create combined for both lists is 255. @@ -107,6 +107,8 @@ load_balancer_location = "fsn1" # hetzner_ccm_version = "" # hetzner_csi_version = "" +# If you want to specify the Kured version, set it below - otherwise it'll use the latest version available +# kured_version = "" # We give you the possibility to use letsencrypt directly with Traefik because it's an easy setup, however it's not optimal, # as the free version of Traefik causes a little bit of downtime when when the certificates get renewed. For proper SSL management, @@ -175,4 +177,4 @@ load_balancer_location = "fsn1" # If you want to disable the automatic use of placement group "spread". See https://docs.hetzner.com/cloud/placement-groups/overview/ # That may be useful if you need to deploy more than 500 nodes! The default is "false". -# placement_group_disable = true \ No newline at end of file +# placement_group_disable = true diff --git a/variables.tf b/variables.tf index 6b7fba8..6ad438e 100644 --- a/variables.tf +++ b/variables.tf @@ -65,6 +65,12 @@ variable "hetzner_csi_version" { description = "Version of Container Storage Interface driver for Hetzner Cloud" } +variable "kured_version" { + type = string + default = null + description = "Version of Kured" +} + variable "traefik_enabled" { type = bool default = true From f905b68e7c882088f5a4bf33965a7b6bb7c59119 Mon Sep 17 00:00:00 2001 From: Michael Karbowiak Date: Mon, 2 May 2022 16:21:18 +0200 Subject: [PATCH 3/8] Add Longhorn and make it possible to enable/disable it and the hetzner csi --- helm/longhorn.yaml | 22 +++++++++++++++++ init.tf | 53 ++++++++++++++++++++++++++++++---------- modules/host/main.tf | 10 +++++++- terraform.tfvars.example | 6 +++++ variables.tf | 12 +++++++++ 5 files changed, 89 insertions(+), 14 deletions(-) create mode 100644 helm/longhorn.yaml diff --git a/helm/longhorn.yaml b/helm/longhorn.yaml new file mode 100644 index 0000000..9c8c7a5 --- /dev/null +++ b/helm/longhorn.yaml @@ -0,0 +1,22 @@ +--- +helmDefaults: + timeout: 3600 + wait: true + force: false + atomic: true + +repositories: + - name: longhorn + url: https://charts.longhorn.io + +releases: + - name: longhorn + namespace: longhorn + chart: longhorn/longhorn + values: + - persistence: + defaultClass: true + defaultFsType: ext4 + defaultClassReplicaCount: 2 + - defaultSettings: + defaultDataPath: /var/longhorn diff --git a/init.tf b/init.tf index 54534f6..e16d02c 100644 --- a/init.tf +++ b/init.tf @@ -80,18 +80,24 @@ resource "null_resource" "kustomization" { content = yamlencode({ apiVersion = "kustomize.config.k8s.io/v1beta1" kind = "Kustomization" - resources = concat([ - "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${local.ccm_version}/ccm-networks.yaml", - "https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml", - "https://github.com/weaveworks/kured/releases/download/${local.kured_version}/kured-${local.kured_version}-dockerhub.yaml", - "https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml", - ], local.is_single_node_cluster ? [] : var.traefik_enabled ? ["traefik_config.yaml"] : [] - , var.cni_plugin == "calico" ? ["https://projectcalico.docs.tigera.io/manifests/calico.yaml"] : []), - patchesStrategicMerge = concat([ - file("${path.module}/kustomize/kured.yaml"), - file("${path.module}/kustomize/ccm.yaml"), - file("${path.module}/kustomize/system-upgrade-controller.yaml") - ], var.cni_plugin == "calico" ? [file("${path.module}/kustomize/calico.yaml")] : []) + resources = concat( + [ + "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${local.ccm_version}/ccm-networks.yaml", + "https://github.com/weaveworks/kured/releases/download/${local.kured_version}/kured-${local.kured_version}-dockerhub.yaml", + "https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml", + ], + var.disable_hetzner_csi ? [] : ["https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml"], + local.is_single_node_cluster ? [] : var.traefik_enabled ? ["traefik_config.yaml"] : [], + var.cni_plugin == "calico" ? ["https://projectcalico.docs.tigera.io/manifests/calico.yaml"] : [] + ), + patchesStrategicMerge = concat( + [ + file("${path.module}/kustomize/kured.yaml"), + file("${path.module}/kustomize/ccm.yaml"), + file("${path.module}/kustomize/system-upgrade-controller.yaml") + ], + var.cni_plugin == "calico" ? [file("${path.module}/kustomize/calico.yaml")] : [] + ) }) destination = "/var/post_install/kustomization.yaml" } @@ -161,6 +167,27 @@ resource "null_resource" "kustomization" { } depends_on = [ - null_resource.first_control_plane + null_resource.first_control_plane, + local_sensitive_file.kubeconfig + ] +} + +resource "null_resource" "longhorn" { + # If longhorn isn't enabled, we don't want any Helm resources + count = var.enable_longhorn ? 1 : 0 + + # Install Helm charts + provisioner "local-exec" { + when = create + command = <<-EOT + export KUBECONFIG=$(readlink -f ${path.module}/kubeconfig.yaml) + helmfile -f ${path.module}/helm/longhorn.yaml apply + EOT + on_failure = continue + } + + depends_on = [ + null_resource.first_control_plane, + local_sensitive_file.kubeconfig ] } diff --git a/modules/host/main.tf b/modules/host/main.tf index be7637d..2897fff 100644 --- a/modules/host/main.tf +++ b/modules/host/main.tf @@ -69,7 +69,7 @@ resource "hcloud_server" "server" { provisioner "remote-exec" { inline = [ "set -ex", - "transactional-update shell <<< 'rpm --import https://rpm.rancher.io/public.key;zypper install -y https://github.com/k3s-io/k3s-selinux/releases/download/v0.5.stable.1/k3s-selinux-0.5-1.sle.noarch.rpm'" + "transactional-update shell <<< 'rpm --import https://rpm.rancher.io/public.key; zypper install -y open-iscsi https://github.com/k3s-io/k3s-selinux/releases/download/v0.5.stable.1/k3s-selinux-0.5-1.sle.noarch.rpm'" ] } @@ -84,6 +84,14 @@ resource "hcloud_server" "server" { done EOT } + + # Enable open-iscsi + provisioner "remote-exec" { + inline = [ + "set -ex", + "systemctl enable --now iscsid" + ] + } } resource "hcloud_server_network" "server" { diff --git a/terraform.tfvars.example b/terraform.tfvars.example index fceaafc..9571bc0 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -103,6 +103,12 @@ load_balancer_location = "fsn1" ### The following values are entirely optional +# To use local storage on the nodes, you can enable Longhorn, default is "false" +# enable_longhorn = false + +# To disable Hetzner CSI storage, you can set the following to true, default is "false" +# disable_hetzner_csi = false + # If you want to use a specific Hetzner CCM and CSI version, set them below; otherwise, leave them as-is for the latest versions # hetzner_ccm_version = "" # hetzner_csi_version = "" diff --git a/variables.tf b/variables.tf index 6ad438e..4994180 100644 --- a/variables.tf +++ b/variables.tf @@ -163,3 +163,15 @@ variable "cni_plugin" { default = "flannel" description = "CNI plugin for k3s" } + +variable "enable_longhorn" { + type = bool + default = false + description = "Enable Longhorn" +} + +variable "disable_hetzner_csi" { + type = bool + default = false + description = "Disable hetzner csi driver" +} From 547ca6d29bf5b53a17eb70f1a3dccfb6974b2884 Mon Sep 17 00:00:00 2001 From: Michael Karbowiak Date: Mon, 2 May 2022 16:32:21 +0200 Subject: [PATCH 4/8] Allow Longhorn and Hetzner CSI to live side by side, since Hetzner CSI takes over as default - we don't want Longhorn to also be default (It'll pick Hetzner simply because H comes before L) --- helm/longhorn.yaml | 2 +- init.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/helm/longhorn.yaml b/helm/longhorn.yaml index 9c8c7a5..bd3e6f2 100644 --- a/helm/longhorn.yaml +++ b/helm/longhorn.yaml @@ -15,7 +15,7 @@ releases: chart: longhorn/longhorn values: - persistence: - defaultClass: true + defaultClass: {{ requiredEnv "HETZNER_CSI_DISABLED" }} defaultFsType: ext4 defaultClassReplicaCount: 2 - defaultSettings: diff --git a/init.tf b/init.tf index e16d02c..77ee7f7 100644 --- a/init.tf +++ b/init.tf @@ -181,6 +181,7 @@ resource "null_resource" "longhorn" { when = create command = <<-EOT export KUBECONFIG=$(readlink -f ${path.module}/kubeconfig.yaml) + export HETZNER_CSI_DISABLED=${var.disable_hetzner_csi ? "true" : "false"} helmfile -f ${path.module}/helm/longhorn.yaml apply EOT on_failure = continue From 6fa7daa21d92f34d33264ab555d9db93e07a442c Mon Sep 17 00:00:00 2001 From: Michael Karbowiak Date: Mon, 2 May 2022 22:47:50 +0200 Subject: [PATCH 5/8] Remove the requirement of Helm, and use the K3s HelmChart CRD installation method instead --- README.md | 3 +-- helm/longhorn.yaml | 22 ---------------------- init.tf | 32 +++++++++++--------------------- templates/longhorn.yaml.tpl | 22 ++++++++++++++++++++++ templates/plans.yaml.tpl | 2 +- 5 files changed, 35 insertions(+), 46 deletions(-) delete mode 100644 helm/longhorn.yaml create mode 100644 templates/longhorn.yaml.tpl diff --git a/README.md b/README.md index d9fb2b3..8c92c5d 100644 --- a/README.md +++ b/README.md @@ -54,13 +54,12 @@ Follow those simple steps, and your world's cheapest Kube cluster will be up and First and foremost, you need to have a Hetzner Cloud account. You can sign up for free [here](https://hetzner.com/cloud/). -Then you'll need to have [terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli), [kubectl](https://kubernetes.io/docs/tasks/tools/) cli, [helm]() Helm and [hcloud]() the Hetzner cli. The easiest way is to use the [homebrew](https://brew.sh/) package manager to install them (available on Linux, Mac, and Windows Linux Subsystem). +Then you'll need to have [terraform](https://learn.hashicorp.com/tutorials/terraform/install-cli), [kubectl](https://kubernetes.io/docs/tasks/tools/) cli and [hcloud]() the Hetzner cli. The easiest way is to use the [homebrew](https://brew.sh/) package manager to install them (available on Linux, Mac, and Windows Linux Subsystem). ```sh brew install terraform brew install kubectl brew install hcloud -brew install helm ``` diff --git a/helm/longhorn.yaml b/helm/longhorn.yaml deleted file mode 100644 index bd3e6f2..0000000 --- a/helm/longhorn.yaml +++ /dev/null @@ -1,22 +0,0 @@ ---- -helmDefaults: - timeout: 3600 - wait: true - force: false - atomic: true - -repositories: - - name: longhorn - url: https://charts.longhorn.io - -releases: - - name: longhorn - namespace: longhorn - chart: longhorn/longhorn - values: - - persistence: - defaultClass: {{ requiredEnv "HETZNER_CSI_DISABLED" }} - defaultFsType: ext4 - defaultClassReplicaCount: 2 - - defaultSettings: - defaultDataPath: /var/longhorn diff --git a/init.tf b/init.tf index 77ee7f7..f790c8f 100644 --- a/init.tf +++ b/init.tf @@ -87,6 +87,7 @@ resource "null_resource" "kustomization" { "https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml", ], var.disable_hetzner_csi ? [] : ["https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml"], + var.enable_longhorn ? ["longhorn.yaml"] : [], local.is_single_node_cluster ? [] : var.traefik_enabled ? ["traefik_config.yaml"] : [], var.cni_plugin == "calico" ? ["https://projectcalico.docs.tigera.io/manifests/calico.yaml"] : [] ), @@ -128,6 +129,16 @@ resource "null_resource" "kustomization" { destination = "/var/post_install/plans.yaml" } + # Upload the Longhorn config + provisioner "file" { + content = templatefile( + "${path.module}/templates/longhorn.yaml.tpl", + { + disable_hetzner_csi = var.disable_hetzner_csi + }) + destination = "/var/post_install/longhorn.yaml" + } + # Deploy secrets, logging is automatically disabled due to sensitive variables provisioner "remote-exec" { inline = [ @@ -171,24 +182,3 @@ resource "null_resource" "kustomization" { local_sensitive_file.kubeconfig ] } - -resource "null_resource" "longhorn" { - # If longhorn isn't enabled, we don't want any Helm resources - count = var.enable_longhorn ? 1 : 0 - - # Install Helm charts - provisioner "local-exec" { - when = create - command = <<-EOT - export KUBECONFIG=$(readlink -f ${path.module}/kubeconfig.yaml) - export HETZNER_CSI_DISABLED=${var.disable_hetzner_csi ? "true" : "false"} - helmfile -f ${path.module}/helm/longhorn.yaml apply - EOT - on_failure = continue - } - - depends_on = [ - null_resource.first_control_plane, - local_sensitive_file.kubeconfig - ] -} diff --git a/templates/longhorn.yaml.tpl b/templates/longhorn.yaml.tpl new file mode 100644 index 0000000..fc28768 --- /dev/null +++ b/templates/longhorn.yaml.tpl @@ -0,0 +1,22 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: longhorn +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: longhorn + namespace: kube-system +spec: + chart: longhorn + repo: https://charts.longhorn.io + targetNamespace: longhorn + valuesContent: |- + defaultSettings: + defaultDataPath: /var/longhorn + persistence: + defaultFsType: ext4 + defaultClassReplicaCount: 2 + %{ if disable_hetzner_csi ~}defaultClass: true%{ else ~}defaultClass: false%{ endif ~} diff --git a/templates/plans.yaml.tpl b/templates/plans.yaml.tpl index 337aa59..508dcca 100644 --- a/templates/plans.yaml.tpl +++ b/templates/plans.yaml.tpl @@ -47,4 +47,4 @@ spec: serviceAccountName: system-upgrade cordon: true upgrade: - image: rancher/k3s-upgrade \ No newline at end of file + image: rancher/k3s-upgrade From bbe66ee977837d584c168bb3c1138a8cd274e14e Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Wed, 4 May 2022 02:27:24 +0200 Subject: [PATCH 6/8] fixed k3s selinux failed update --- modules/host/locals.tf | 7 +++++++ modules/host/main.tf | 20 ++++++++++++++++---- modules/host/templates/userdata.yaml.tpl | 11 +++++++++++ modules/host/variables.tf | 6 ++++++ 4 files changed, 40 insertions(+), 4 deletions(-) diff --git a/modules/host/locals.tf b/modules/host/locals.tf index 4edc40e..3ffa723 100644 --- a/modules/host/locals.tf +++ b/modules/host/locals.tf @@ -1,16 +1,23 @@ locals { + # ssh public key ssh_public_key = trimspace(file(var.public_key)) # ssh_private_key is either the contents of var.private_key or null to use a ssh agent. ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key)) + # ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use. # For terraforms provisioner.connection.agent_identity, we need the public key as a string. ssh_identity = var.private_key == null ? local.ssh_public_key : null + # ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file # if an ssh agent is used. ssh_identity_file = var.private_key == null ? var.public_key : var.private_key + # shared flags for ssh to ignore host keys, to use our ssh identity file for all connections during provisioning. ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}" + # Final list of packages to install + needed_packages = join(" ", concat(["k3s-selinux"], var.packages_to_install)) + # the hosts name with its unique suffix attached name = "${var.name}-${random_string.server.id}" } diff --git a/modules/host/main.tf b/modules/host/main.tf index be7637d..be8e0be 100644 --- a/modules/host/main.tf +++ b/modules/host/main.tf @@ -65,11 +65,12 @@ resource "hcloud_server" "server" { EOT } - # Install k3s-selinux (compatible version) + # Install k3s-selinux (compatible version) and open-iscsi provisioner "remote-exec" { - inline = [ - "set -ex", - "transactional-update shell <<< 'rpm --import https://rpm.rancher.io/public.key;zypper install -y https://github.com/k3s-io/k3s-selinux/releases/download/v0.5.stable.1/k3s-selinux-0.5-1.sle.noarch.rpm'" + inline = [<<-EOT + set -ex + transactional-update shell <<< "zypper --gpg-auto-import-keys install -y ${local.needed_packages}" + EOT ] } @@ -84,6 +85,17 @@ resource "hcloud_server" "server" { done EOT } + + # Enable open-iscsi + provisioner "remote-exec" { + inline = [<<-EOT + set -ex + if [[ $(systemctl list-units --all -t service --full --no-legend "iscsid.service" | sed 's/^\s*//g' | cut -f1 -d' ') == iscsid.service ]]; then + systemctl enable --now iscsid + fi + EOT + ] + } } resource "hcloud_server_network" "server" { diff --git a/modules/host/templates/userdata.yaml.tpl b/modules/host/templates/userdata.yaml.tpl index 51ff107..297f3ed 100644 --- a/modules/host/templates/userdata.yaml.tpl +++ b/modules/host/templates/userdata.yaml.tpl @@ -23,6 +23,17 @@ write_files: REBOOT_METHOD=kured path: /etc/transactional-update.conf +# Create Rancher repo config +- content: | + [rancher-k3s-common-stable] + name=Rancher K3s Common (stable) + baseurl=https://rpm.rancher.io/k3s/stable/common/microos/noarch + enabled=1 + gpgcheck=1 + repo_gpgcheck=0 + gpgkey=https://rpm.rancher.io/public.key + path: /etc/zypp/repos.d/rancher-k3s-common.repo + # Add ssh authorized keys ssh_authorized_keys: %{ for key in sshAuthorizedKeys ~} diff --git a/modules/host/variables.tf b/modules/host/variables.tf index a8a454e..c6ab0ea 100644 --- a/modules/host/variables.tf +++ b/modules/host/variables.tf @@ -62,3 +62,9 @@ variable "server_type" { description = "The server type" type = string } + +variable "packages_to_install" { + description = "Packages to install" + type = list(string) + default = [] +} From 4bedcc50929b0e400f66666f16c76aa11b0c4f3f Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Wed, 4 May 2022 03:05:39 +0200 Subject: [PATCH 7/8] made use of packages_to_install to install open-iscsi for when longhorn is enabled --- agents.tf | 1 + control_planes.tf | 1 + terraform.tfvars.example | 14 +++++++------- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/agents.tf b/agents.tf index fec9eb8..a0c3b45 100644 --- a/agents.tf +++ b/agents.tf @@ -13,6 +13,7 @@ module "agents" { location = each.value.location server_type = each.value.server_type ipv4_subnet_id = hcloud_network_subnet.agent[[for i, v in var.agent_nodepools : i if v.name == each.value.nodepool_name][0]].id + packages_to_install = concat(var.enable_longhorn ? ["open-iscsi"] : [], []) private_ipv4 = cidrhost(hcloud_network_subnet.agent[[for i, v in var.agent_nodepools : i if v.name == each.value.nodepool_name][0]].ip_range, each.value.index + 101) diff --git a/control_planes.tf b/control_planes.tf index 1ca97f2..b7b5c88 100644 --- a/control_planes.tf +++ b/control_planes.tf @@ -13,6 +13,7 @@ module "control_planes" { location = each.value.location server_type = each.value.server_type ipv4_subnet_id = hcloud_network_subnet.control_plane[[for i, v in var.control_plane_nodepools : i if v.name == each.value.nodepool_name][0]].id + packages_to_install = concat(var.enable_longhorn ? ["open-iscsi"] : [], []) # We leave some room so 100 eventual Hetzner LBs that can be created perfectly safely # It leaves the subnet with 254 x 254 - 100 = 64416 IPs to use, so probably enough. diff --git a/terraform.tfvars.example b/terraform.tfvars.example index 2346a51..40bec6d 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -103,13 +103,13 @@ load_balancer_location = "fsn1" ### The following values are entirely optional -# To use local storage on the nodes, you can enable Longhorn, default is "false" -# enable_longhorn = false +# To use local storage on the nodes, you can enable Longhorn, default is "false". +# enable_longhorn = true -# To disable Hetzner CSI storage, you can set the following to true, default is "false" -# disable_hetzner_csi = false +# To disable Hetzner CSI storage, you can set the following to true, default is "false". +# disable_hetzner_csi = true -# If you want to use a specific Hetzner CCM and CSI version, set them below; otherwise, leave them as-is for the latest versions +# If you want to use a specific Hetzner CCM and CSI version, set them below; otherwise, leave them as-is for the latest versions. # hetzner_ccm_version = "" # hetzner_csi_version = "" @@ -176,8 +176,8 @@ load_balancer_location = "fsn1" # CAVEATS: Calico is not supported for single node setups, because of the following issue https://github.com/k3s-io/klipper-lb/issues/6. # cni_plugin = "calico" -# If you want to disable the k3s default network policy controller, use this flag -# Calico overrides this value to true automatically +# If you want to disable the k3s default network policy controller, use this flag! +# Calico overrides this value to true automatically, the default is "false". # disable_network_policy = true # If you want to disable the automatic use of placement group "spread". See https://docs.hetzner.com/cloud/placement-groups/overview/ From 5417d80b9a01d90265d577c975a4b6ac6fe45e76 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Wed, 4 May 2022 03:18:47 +0200 Subject: [PATCH 8/8] tweaked readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 38e0cff..3e55cac 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,8 @@ _Please note that we are not affiliates of Hetzner; this is just an open-source - Possibility to have a single node cluster with a proper ingress controller. - Ability to add nodes and nodepools when the cluster is running. - Traefik ingress controller attached to a Hetzner load balancer with proxy protocol turned on. +- Possibility to turn Longhorn on, and optionally also turn Hetzner CSI off. +- Ability to switch to Calico as CNI, and Cilium can also be easily added. - Tons of flexible configuration options to suit all needs. _It uses Terraform to deploy as it's easy to use, and Hetzner provides a great [Hetzner Terraform Provider](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs)._