From 139e10ee4ebcbb0f34e32f72e0cb53ef276afa2a Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Wed, 23 Feb 2022 19:18:10 +0100 Subject: [PATCH 01/11] tweaked readme --- README.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 32ee44a..5821712 100644 --- a/README.md +++ b/README.md @@ -153,12 +153,17 @@ _To turn off k3s upgrades, you can either set the `k3s_upgrade=true` label in th kubectl -n system-upgrade label node k3s_upgrade- ``` -## Example Ingress with TLS +## Examples + +
+Ingress with TLS + +Here is an example of an ingress to run an application with TLS, change the host to fit your need in `examples/tls/ingress.yaml` and then deploy the example: -Here is an example of an ingress to run an application with TLS, change the host to fit your need in `examples/tls/ingress.yaml` and then deploy the example ```sh kubectl apply -f examples/tls/. ``` + ```yml apiVersion: networking.k8s.io/v1 kind: Ingress @@ -184,9 +189,10 @@ spec: port: number: 80 - ``` +
+
## Takedown @@ -210,7 +216,9 @@ There is also a branch where openSUSE MicroOS came preinstalled with the k3s RPM ## Contributing -Any contributions you make are **greatly appreciated**. +✅ There is something you can do right away to help this project succeed! **Just take a few minutes to send a support request to Hetzner, asking them to please add openSUSE MicroOS as a default image**, not just an ISO. If that succeeds, we will be able to deploy in less than 2 minutes instead of 5, without passing by the rescue mode. The more requests they receive the likelier they are to add it. The official link to openSUSE MicroOS is . + +About code contributions, they are **greatly appreciated**. 1. Fork the Project 2. Create your Branch (`git checkout -b AmazingFeature`) From b6bac3ef627f4b1d7b4413c6ca82df51ea7af0da Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Wed, 23 Feb 2022 19:19:13 +0100 Subject: [PATCH 02/11] tweaked readme --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 5821712..80d3451 100644 --- a/README.md +++ b/README.md @@ -192,7 +192,6 @@ spec: ``` -
## Takedown From 40ce7b09a3d31b45423151459e230049c3794fe5 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Wed, 23 Feb 2022 19:19:44 +0100 Subject: [PATCH 03/11] tweaked readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 80d3451..ae53fd4 100644 --- a/README.md +++ b/README.md @@ -156,6 +156,7 @@ kubectl -n system-upgrade label node k3s_upgrade- ## Examples
+ Ingress with TLS Here is an example of an ingress to run an application with TLS, change the host to fit your need in `examples/tls/ingress.yaml` and then deploy the example: From 0b19d364162982344cc32807646a839c8c05404d Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Wed, 23 Feb 2022 21:35:42 +0100 Subject: [PATCH 04/11] ability to chose k3s install channel --- README.md | 2 +- init.tf | 2 +- locals.tf | 4 ++-- terraform.tfvars.example | 7 +++---- variables.tf | 9 +++++++-- 5 files changed, 14 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index ae53fd4..c64005a 100644 --- a/README.md +++ b/README.md @@ -216,7 +216,7 @@ There is also a branch where openSUSE MicroOS came preinstalled with the k3s RPM ## Contributing -✅ There is something you can do right away to help this project succeed! **Just take a few minutes to send a support request to Hetzner, asking them to please add openSUSE MicroOS as a default image**, not just an ISO. If that succeeds, we will be able to deploy in less than 2 minutes instead of 5, without passing by the rescue mode. The more requests they receive the likelier they are to add it. The official link to openSUSE MicroOS is . +🌱 There is something you can do right away to help this project succeed! **Just take a few minutes to send a support request to Hetzner, asking them to please add openSUSE MicroOS as a default image**, not just an ISO. If that succeeds, we will be able to deploy in less than 2 minutes instead of 5, without passing by the rescue mode. The more requests they receive the likelier they are to add it. The official link to openSUSE MicroOS is . About code contributions, they are **greatly appreciated**. diff --git a/init.tf b/init.tf index cb3eec9..f2029be 100644 --- a/init.tf +++ b/init.tf @@ -110,7 +110,7 @@ resource "null_resource" "kustomization" { content = templatefile( "${path.module}/templates/plans.yaml.tpl", { - channel = var.k3s_upgrade_channel + channel = var.initial_k3s_channel }) destination = "/tmp/post_install/plans.yaml" } diff --git a/locals.tf b/locals.tf index 72c2e61..7cc21cb 100644 --- a/locals.tf +++ b/locals.tf @@ -27,7 +27,7 @@ locals { "[ -e /etc/rancher/k3s/k3s.yaml ] && exit 0", ] - install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=server sh -"]) + install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=server sh -"]) - install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=agent sh -"]) + install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=agent sh -"]) } diff --git a/terraform.tfvars.example b/terraform.tfvars.example index 323955c..89c9f26 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -30,9 +30,8 @@ agents_num = 2 # If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false". # allow_scheduling_on_control_plane = true -# If you want to disable automatic upgrade of k3s (stable channel), you can set this to false, default is "true". +# If you want to disable automatic upgrade of k3s, you can set this to false, default is "true". # automatically_upgrade_k3s = false -# If you would like to specify the k3s upgrade channel from the get go, you can do so, the default is "stable". -# For a list of available channels, see https://rancher.com/docs/k3s/latest/en/upgrades/basic/ and https://update.k3s.io/v1-release/channels -# k3s_upgrade_channel = "latest" +# Allows you to specify either stable, latest, or testing (defaults to stable), see https://rancher.com/docs/k3s/latest/en/upgrades/basic/ +# initial_k3s_channel = "latest" diff --git a/variables.tf b/variables.tf index 9346e5d..7f0e2f3 100644 --- a/variables.tf +++ b/variables.tf @@ -91,10 +91,15 @@ variable "allow_scheduling_on_control_plane" { description = "Whether to allow non-control-plane workloads to run on the control-plane nodes" } -variable "k3s_upgrade_channel" { +variable "initial_k3s_channel" { type = string default = "stable" - description = "Allows you to specify the k3s upgrade channel" + description = "Allows you to specify an initial k3s channel" + + validation { + condition = contains(["stable", "latest", "testing"], var.initial_k3s_channel) + error_message = "The initial k3s channel must be one of stable, latest or testing." + } } variable "automatically_upgrade_k3s" { From 4e3858e54b293faa8627b2f7128efbdb40bffd54 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Thu, 24 Feb 2022 00:03:05 +0100 Subject: [PATCH 05/11] tweaked readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c64005a..ff97478 100644 --- a/README.md +++ b/README.md @@ -216,7 +216,7 @@ There is also a branch where openSUSE MicroOS came preinstalled with the k3s RPM ## Contributing -🌱 There is something you can do right away to help this project succeed! **Just take a few minutes to send a support request to Hetzner, asking them to please add openSUSE MicroOS as a default image**, not just an ISO. If that succeeds, we will be able to deploy in less than 2 minutes instead of 5, without passing by the rescue mode. The more requests they receive the likelier they are to add it. The official link to openSUSE MicroOS is . +🌱 This project currently installed openSUSE MicroOS via the Hetzner rescue mode, which makes things a few minutes slower. If you could **take a few minutes to send a support request to Hetzner, asking them to please add openSUSE MicroOS as a default image**, not just an ISO, it would be wonderful. The more requests they receive the likelier they are to add support for it, and if they do, that would cut the deploy time by half. The official link to openSUSE MicroOS is . About code contributions, they are **greatly appreciated**. From 6739b4a493af4372e8cfca082f40f8d00246cf25 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Thu, 24 Feb 2022 01:44:56 +0100 Subject: [PATCH 06/11] added null ressouce to destroy lb --- main.tf | 17 +++++++++++++++++ modules/host/locals.tf | 1 + 2 files changed, 18 insertions(+) diff --git a/main.tf b/main.tf index 3e71a22..61bcc8b 100644 --- a/main.tf +++ b/main.tf @@ -158,3 +158,20 @@ data "hcloud_load_balancer" "traefik" { depends_on = [null_resource.kustomization] } + +resource "null_resource" "destroy_lb" { + triggers = { + token = random_password.k3s_token.result + } + + # Important when issuing terraform destroy, otherwise the LB will not let the network get deleted + provisioner "local-exec" { + when = destroy + command = <<-EOT + hcloud load-balancer delete traefik + hcloud network delete k3s + EOT + + on_failure = continue + } +} diff --git a/modules/host/locals.tf b/modules/host/locals.tf index 5a61b2a..4e32a8c 100644 --- a/modules/host/locals.tf +++ b/modules/host/locals.tf @@ -66,6 +66,7 @@ rpm --import https://rpm.rancher.io/public.key zypper refresh zypper --gpg-auto-import-keys install -y https://rpm.rancher.io/k3s/stable/common/microos/noarch/k3s-selinux-0.4-1.sle.noarch.rpm udevadm settle +exit 0 EOF } From 115163b8be675ef6533243db6b796c1c55a166e1 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Fri, 25 Feb 2022 00:21:28 +0100 Subject: [PATCH 07/11] traefik deletes successfully --- main.tf | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/main.tf b/main.tf index 61bcc8b..cbab0cf 100644 --- a/main.tf +++ b/main.tf @@ -159,19 +159,29 @@ data "hcloud_load_balancer" "traefik" { depends_on = [null_resource.kustomization] } -resource "null_resource" "destroy_lb" { + +resource "null_resource" "destroy_traefik_loadbalancer" { + # this only gets triggered before total destruction of the cluster, but when the necessary elements to run the commands are still available triggers = { - token = random_password.k3s_token.result + kustomization_id = null_resource.kustomization.id } # Important when issuing terraform destroy, otherwise the LB will not let the network get deleted provisioner "local-exec" { - when = destroy - command = <<-EOT - hcloud load-balancer delete traefik - hcloud network delete k3s + when = destroy + command = <<-EOT + kubectl -n kube-system delete service traefik --kubeconfig ${path.module}/kubeconfig.yaml EOT - on_failure = continue } + + depends_on = [ + local_file.kubeconfig, + null_resource.control_planes[0], + hcloud_network_subnet.k3s, + hcloud_network.k3s, + hcloud_firewall.k3s, + hcloud_placement_group.k3s, + hcloud_ssh_key.k3s + ] } From f0fb1adc6d532c79d496c69a440268b7f6c7d1c5 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Fri, 25 Feb 2022 01:51:01 +0100 Subject: [PATCH 08/11] small fix --- modules/host/locals.tf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/host/locals.tf b/modules/host/locals.tf index 4e32a8c..0547e70 100644 --- a/modules/host/locals.tf +++ b/modules/host/locals.tf @@ -65,8 +65,7 @@ locals { rpm --import https://rpm.rancher.io/public.key zypper refresh zypper --gpg-auto-import-keys install -y https://rpm.rancher.io/k3s/stable/common/microos/noarch/k3s-selinux-0.4-1.sle.noarch.rpm -udevadm settle -exit 0 +udevadm settle || true EOF } From 580b051ecdc10aac20c7cf111b49b59397583df8 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Fri, 25 Feb 2022 01:59:13 +0100 Subject: [PATCH 09/11] tweaked readme --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ff97478..a676571 100644 --- a/README.md +++ b/README.md @@ -216,7 +216,7 @@ There is also a branch where openSUSE MicroOS came preinstalled with the k3s RPM ## Contributing -🌱 This project currently installed openSUSE MicroOS via the Hetzner rescue mode, which makes things a few minutes slower. If you could **take a few minutes to send a support request to Hetzner, asking them to please add openSUSE MicroOS as a default image**, not just an ISO, it would be wonderful. The more requests they receive the likelier they are to add support for it, and if they do, that would cut the deploy time by half. The official link to openSUSE MicroOS is . +🌱 This project currently installs openSUSE MicroOS via the Hetzner rescue mode, which makes things a few minutes slower. If you could **take a few minutes to send a support request to Hetzner, asking them to please add openSUSE MicroOS as a default image**, not just an ISO, it would be wonderful. The more requests they receive the likelier they are to add support for it, and if they do, that would cut the deploy time by half. The official link to openSUSE MicroOS is . About code contributions, they are **greatly appreciated**. From 46dd37383c845da5e3e15d6923b4e61242386633 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Fri, 25 Feb 2022 15:30:39 +0100 Subject: [PATCH 10/11] network fix attempt --- main.tf | 1 - modules/host/locals.tf | 3 +++ modules/host/main.tf | 9 ++++----- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/main.tf b/main.tf index cbab0cf..e66cedf 100644 --- a/main.tf +++ b/main.tf @@ -159,7 +159,6 @@ data "hcloud_load_balancer" "traefik" { depends_on = [null_resource.kustomization] } - resource "null_resource" "destroy_traefik_loadbalancer" { # this only gets triggered before total destruction of the cluster, but when the necessary elements to run the commands are still available triggers = { diff --git a/modules/host/locals.tf b/modules/host/locals.tf index 0547e70..08306d6 100644 --- a/modules/host/locals.tf +++ b/modules/host/locals.tf @@ -61,6 +61,9 @@ locals { combustion_script = < /etc/transactional-update.conf", + "set -ex", + "rebootmgrctl set-strategy off", + "echo 'REBOOT_METHOD=kured' > /etc/transactional-update.conf", # set the hostname - <<-EOT - hostnamectl set-hostname ${self.name} - sed -e 's#NETCONFIG_NIS_SETDOMAINNAME="yes"#NETCONFIG_NIS_SETDOMAINNAME="no"#g' /etc/sysconfig/network/config > /dev/null - EOT + "hostnamectl set-hostname ${self.name}" ] } } From 68edf879719d3ac89b6496659c91e4b4e96910a7 Mon Sep 17 00:00:00 2001 From: Karim Naufal Date: Fri, 25 Feb 2022 15:56:18 +0100 Subject: [PATCH 11/11] tweaked readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a676571..f5d0301 100644 --- a/README.md +++ b/README.md @@ -199,11 +199,11 @@ spec: If you want to takedown the cluster, you can proceed as follows: ```sh -hcloud load-balancer delete traefik -hcloud network delete k3s terraform destroy -auto-approve ``` +And if the network is slow to delete, just issue `hcloud network delete k3s` to speed things up! + _Also, if you had a full-blown cluster in use, it would be best to delete the whole project in your Hetzner account directly as operators or deployments may create other resources during regular operation._