added possibility to use latest containers for CCM and CSI

2022-01-15 09:04:21 +01:00 · 2022-01-15 09:04:21 +01:00 · cd9bcd9710
commit cd9bcd9710
parent 8b0e0666ef
8 changed files with 104 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -120,7 +120,9 @@ ssh rancher@xxx.xxx.xxx.xxx -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no

 ## Automatic upgrade

-By default, k3os and its embedded k3s instance get upgraded automatically on each node, thanks to its embedded system upgrade controller. As for the Hetzner CCM and CSI, their container images are set to latest and with an imagePullPolicy of "Always". That means that when the nodes upgrade, these container images will be automatically upgraded too.
+By default, k3os and its embedded k3s instance get upgraded automatically on each node, thanks to its embedded system upgrade controller.
+
+_You can also choose to automatically kustomize the Hetzner CCM and CSI to set their container images to "latest" and with an imagePullPolicy of "Always". That means that when the nodes upgrade, these container images will be automatically upgraded too. For more info on this, see [terraform.tfvars.example](terraform.tfvars.example)._

 _If you wish to turn off automatic upgrade on a specific node, you need to take out the label `k3os.io/upgrade=latest`. It can be done with the following command:_

--- a/hetzner/ccm/patch_latest.yaml
+++ b/hetzner/ccm/patch_latest.yaml
@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hcloud-cloud-controller-manager
+  namespace: kube-system
+spec:
+  template:
+    spec:
+      containers:
+        - image: hetznercloud/hcloud-cloud-controller-manager:latest
+          imagePullPolicy: Always
+          name: hcloud-cloud-controller-manager
+          command:
+            - "/bin/hcloud-cloud-controller-manager"
+            - "--cloud-provider=hcloud"
+            - "--leader-elect=false"
+            - "--allow-untagged-cloud"
+            - "--allocate-node-cidrs=true"
+            - "--cluster-cidr=10.42.0.0/16"
--- a/hetzner/csi/patch_latest.yaml
+++ b/hetzner/csi/patch_latest.yaml
@ -0,0 +1,54 @@
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: hcloud-csi-controller
+  namespace: kube-system
+spec:
+  template:
+    metadata:
+      labels:
+        app: hcloud-csi-controller
+    spec:
+      containers:
+        - name: csi-attacher
+          image: quay.io/k8scsi/csi-attacher:canary
+          imagePullPolicy: Always
+        - name: csi-resizer
+          image: quay.io/k8scsi/csi-resizer:canary
+          imagePullPolicy: Always
+        - name: csi-provisioner
+          image: quay.io/k8scsi/csi-provisioner:canary
+          imagePullPolicy: Always
+        - name: hcloud-csi-driver
+          image: hetznercloud/hcloud-csi-driver:latest
+          imagePullPolicy: Always
+        - name: liveness-probe
+          image: quay.io/k8scsi/livenessprobe:canary
+          imagePullPolicy: Always
+      volumes:
+        - name: socket-dir
+          emptyDir: {}
+---
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: hcloud-csi-node
+  namespace: kube-system
+  labels:
+    app: hcloud-csi
+spec:
+  selector:
+    matchLabels:
+      app: hcloud-csi
+  template:
+    spec:
+      containers:
+        - name: csi-node-driver-registrar
+          image: quay.io/k8scsi/csi-node-driver-registrar:canary
+          imagePullPolicy: Always
+        - name: hcloud-csi-driver
+          image: hetznercloud/hcloud-csi-driver:latest
+          imagePullPolicy: Always
+        - name: liveness-probe
+          image: quay.io/k8scsi/livenessprobe:canary
+          imagePullPolicy: Always
--- a/main.tf
+++ b/main.tf
@ -147,6 +147,7 @@ resource "hcloud_firewall" "k3s" {
 resource "local_file" "hetzner_ccm_config" {
  content = templatefile("${path.module}/templates/hetzner_ccm.yaml.tpl", {
    ccm_version = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag
+    patch_name  = var.hetzner_ccm_container_latest ? "patch_latest" : "patch"
  })
  filename             = "${path.module}/hetzner/ccm/kustomization.yaml"
  file_permission      = "0644"
@ -156,6 +157,7 @@ resource "local_file" "hetzner_ccm_config" {
 resource "local_file" "hetzner_csi_config" {
  content = templatefile("${path.module}/templates/hetzner_csi.yaml.tpl", {
    csi_version = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag
+    patch_name  = var.hetzner_csi_container_latest ? "patch_latest" : ""
  })
  filename             = "${path.module}/hetzner/csi/kustomization.yaml"
  file_permission      = "0644"
--- a/templates/hetzner_ccm.yaml.tpl
+++ b/templates/hetzner_ccm.yaml.tpl
@ -5,4 +5,4 @@ resources:
 - "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${ccm_version}/ccm-networks.yaml"

 patchesStrategicMerge:
- patch.yaml
+- ${patch_name}.yaml
--- a/templates/hetzner_csi.yaml.tpl
+++ b/templates/hetzner_csi.yaml.tpl
@ -3,3 +3,8 @@ kind: Kustomization

 resources:
 - "https://raw.githubusercontent.com/hetznercloud/csi-driver/${csi_version}/deploy/kubernetes/hcloud-csi.yml"
+
+%{ if patch_name != "" }
+patchesStrategicMerge:
+- ${patch_name}.yaml
+%{ endif }
--- a/terraform.tfvars.example
+++ b/terraform.tfvars.example
@ -15,4 +15,11 @@ agents_num                = 2

 # If you want to use a specific Hetzner CCM and CSI version, set them below, otherwise leave as is for the latest versions
 # hetzner_ccm_version = ""
-# hetzner_csi_version = ""
+# hetzner_csi_version = ""
+
+# If you want to kustomize the Hetzner CCM and CSI containers with the "latest" or "canary" tags and imagePullPolicy Always, 
+# to have them automatically update when the node themselve get updated via the rancher system upgrade controller, the default is "false".
+# If you choose to keep the default of "false", you can always use ArgoCD to monitor the CSI and CCM manifest for new releases,
+# that is probably the more "vanilla" option to keep these components always updated. 
+# hetzner_ccm_container_latest = true
+# hetzner_csi_container_latest = true
--- a/variables.tf
+++ b/variables.tf
@ -55,3 +55,15 @@ variable "hetzner_csi_version" {
  default     = null
  description = "Version of Container Storage Interface driver for Hetzner Cloud"
 }
+
+variable "hetzner_ccm_container_latest" {
+  type        = bool
+  default     = false
+  description = "Whether to kustomize the Hetzner CCM manifest with the latest or canary tags for containers"
+}
+
+variable "hetzner_csi_container_latest" {
+  type        = bool
+  default     = false
+  description = "Whether to kustomize the Hetzner CSI manifest with the latest or canary tags for containers"
+}