merge from upstream

This commit is contained in:
jodhi 2022-02-26 01:18:34 +07:00
commit ec42a2b519
8 changed files with 61 additions and 21 deletions

View File

@ -153,12 +153,18 @@ _To turn off k3s upgrades, you can either set the `k3s_upgrade=true` label in th
kubectl -n system-upgrade label node <node-name> k3s_upgrade- kubectl -n system-upgrade label node <node-name> k3s_upgrade-
``` ```
## Example Ingress with TLS ## Examples
<details>
<summary>Ingress with TLS</summary>
Here is an example of an ingress to run an application with TLS, change the host to fit your need in `examples/tls/ingress.yaml` and then deploy the example:
Here is an example of an ingress to run an application with TLS, change the host to fit your need in `examples/tls/ingress.yaml` and then deploy the example
```sh ```sh
kubectl apply -f examples/tls/. kubectl apply -f examples/tls/.
``` ```
```yml ```yml
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
@ -184,20 +190,20 @@ spec:
port: port:
number: 80 number: 80
``` ```
</details>
## Takedown ## Takedown
If you want to takedown the cluster, you can proceed as follows: If you want to takedown the cluster, you can proceed as follows:
```sh ```sh
hcloud load-balancer delete traefik
hcloud network delete k3s
terraform destroy -auto-approve terraform destroy -auto-approve
``` ```
And if the network is slow to delete, just issue `hcloud network delete k3s` to speed things up!
_Also, if you had a full-blown cluster in use, it would be best to delete the whole project in your Hetzner account directly as operators or deployments may create other resources during regular operation._ _Also, if you had a full-blown cluster in use, it would be best to delete the whole project in your Hetzner account directly as operators or deployments may create other resources during regular operation._
<!-- CONTRIBUTING --> <!-- CONTRIBUTING -->
@ -210,7 +216,9 @@ There is also a branch where openSUSE MicroOS came preinstalled with the k3s RPM
## Contributing ## Contributing
Any contributions you make are **greatly appreciated**. 🌱 This project currently installs openSUSE MicroOS via the Hetzner rescue mode, which makes things a few minutes slower. If you could **take a few minutes to send a support request to Hetzner, asking them to please add openSUSE MicroOS as a default image**, not just an ISO, it would be wonderful. The more requests they receive the likelier they are to add support for it, and if they do, that would cut the deploy time by half. The official link to openSUSE MicroOS is <https://get.opensuse.org/microos>.
About code contributions, they are **greatly appreciated**.
1. Fork the Project 1. Fork the Project
2. Create your Branch (`git checkout -b AmazingFeature`) 2. Create your Branch (`git checkout -b AmazingFeature`)

View File

@ -110,7 +110,7 @@ resource "null_resource" "kustomization" {
content = templatefile( content = templatefile(
"${path.module}/templates/plans.yaml.tpl", "${path.module}/templates/plans.yaml.tpl",
{ {
channel = var.k3s_upgrade_channel channel = var.initial_k3s_channel
}) })
destination = "/tmp/post_install/plans.yaml" destination = "/tmp/post_install/plans.yaml"
} }

View File

@ -27,9 +27,9 @@ locals {
"[ -e /etc/rancher/k3s/k3s.yaml ] && exit 0", "[ -e /etc/rancher/k3s/k3s.yaml ] && exit 0",
] ]
install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=server sh -"]) install_k3s_server = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=server sh -"])
install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_EXEC=agent sh -"]) install_k3s_agent = concat(local.common_commands_install_k3s, ["curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true INSTALL_K3S_SKIP_START=true INSTALL_K3S_CHANNEL=${var.initial_k3s_channel} INSTALL_K3S_EXEC=agent sh -"])
agent_nodepools = merge([ agent_nodepools = merge([
for nodepool_name, nodepool_obj in var.agent_nodepools : { for nodepool_name, nodepool_obj in var.agent_nodepools : {

26
main.tf
View File

@ -159,3 +159,29 @@ data "hcloud_load_balancer" "traefik" {
depends_on = [null_resource.kustomization] depends_on = [null_resource.kustomization]
} }
resource "null_resource" "destroy_traefik_loadbalancer" {
# this only gets triggered before total destruction of the cluster, but when the necessary elements to run the commands are still available
triggers = {
kustomization_id = null_resource.kustomization.id
}
# Important when issuing terraform destroy, otherwise the LB will not let the network get deleted
provisioner "local-exec" {
when = destroy
command = <<-EOT
kubectl -n kube-system delete service traefik --kubeconfig ${path.module}/kubeconfig.yaml
EOT
on_failure = continue
}
depends_on = [
local_file.kubeconfig,
null_resource.control_planes[0],
hcloud_network_subnet.k3s,
hcloud_network.k3s,
hcloud_firewall.k3s,
hcloud_placement_group.k3s,
hcloud_ssh_key.k3s
]
}

View File

@ -61,11 +61,14 @@ locals {
combustion_script = <<EOF combustion_script = <<EOF
#!/bin/bash #!/bin/bash
sed -i 's#NETCONFIG_NIS_SETDOMAINNAME="yes"#NETCONFIG_NIS_SETDOMAINNAME="no"#g' /etc/sysconfig/network/config
sed -i 's#WAIT_FOR_INTERFACES="30"#WAIT_FOR_INTERFACES="60"#g' /etc/sysconfig/network/config
sed -i 's#CHECK_DUPLICATE_IP="yes"#CHECK_DUPLICATE_IP="no"#g' /etc/sysconfig/network/config
# combustion: network # combustion: network
rpm --import https://rpm.rancher.io/public.key rpm --import https://rpm.rancher.io/public.key
zypper refresh zypper refresh
zypper --gpg-auto-import-keys install -y https://rpm.rancher.io/k3s/stable/common/microos/noarch/k3s-selinux-0.4-1.sle.noarch.rpm zypper --gpg-auto-import-keys install -y https://rpm.rancher.io/k3s/stable/common/microos/noarch/k3s-selinux-0.4-1.sle.noarch.rpm
udevadm settle udevadm settle || true
EOF EOF
} }

View File

@ -54,12 +54,11 @@ resource "hcloud_server" "server" {
provisioner "remote-exec" { provisioner "remote-exec" {
inline = [ inline = [
# Disable automatic reboot (after transactional updates), and configure the reboot method as kured # Disable automatic reboot (after transactional updates), and configure the reboot method as kured
"rebootmgrctl set-strategy off && echo 'REBOOT_METHOD=kured' > /etc/transactional-update.conf", "set -ex",
"rebootmgrctl set-strategy off",
"echo 'REBOOT_METHOD=kured' > /etc/transactional-update.conf",
# set the hostname # set the hostname
<<-EOT "hostnamectl set-hostname ${self.name}"
hostnamectl set-hostname ${self.name}
sed -e 's#NETCONFIG_NIS_SETDOMAINNAME="yes"#NETCONFIG_NIS_SETDOMAINNAME="no"#g' /etc/sysconfig/network/config > /dev/null
EOT
] ]
} }
} }

View File

@ -47,9 +47,8 @@ agent_nodepools = {
# If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false". # If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false".
# allow_scheduling_on_control_plane = true # allow_scheduling_on_control_plane = true
# If you want to disable automatic upgrade of k3s (stable channel), you can set this to false, default is "true". # If you want to disable automatic upgrade of k3s, you can set this to false, default is "true".
# automatically_upgrade_k3s = false # automatically_upgrade_k3s = false
# If you would like to specify the k3s upgrade channel from the get go, you can do so, the default is "stable". # Allows you to specify either stable, latest, or testing (defaults to stable), see https://rancher.com/docs/k3s/latest/en/upgrades/basic/
# For a list of available channels, see https://rancher.com/docs/k3s/latest/en/upgrades/basic/ and https://update.k3s.io/v1-release/channels # initial_k3s_channel = "latest"
# k3s_upgrade_channel = "latest"

View File

@ -97,10 +97,15 @@ variable "allow_scheduling_on_control_plane" {
description = "Whether to allow non-control-plane workloads to run on the control-plane nodes" description = "Whether to allow non-control-plane workloads to run on the control-plane nodes"
} }
variable "k3s_upgrade_channel" { variable "initial_k3s_channel" {
type = string type = string
default = "stable" default = "stable"
description = "Allows you to specify the k3s upgrade channel" description = "Allows you to specify an initial k3s channel"
validation {
condition = contains(["stable", "latest", "testing"], var.initial_k3s_channel)
error_message = "The initial k3s channel must be one of stable, latest or testing."
}
} }
variable "automatically_upgrade_k3s" { variable "automatically_upgrade_k3s" {