Merge pull request #127 from oujonny/disable-treafik

FEAT: Disable traefik & metrics-server
This commit is contained in:
Karim Naufal 2022-03-14 09:38:02 +01:00 committed by GitHub
commit f98bd324f8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 31 additions and 14 deletions

View File

@ -14,7 +14,7 @@ module "control_planes" {
ipv4_subnet_id = hcloud_network_subnet.subnet[1].id ipv4_subnet_id = hcloud_network_subnet.subnet[1].id
# We leave some room so 100 eventual Hetzner LBs that can be created perfectly safely # We leave some room so 100 eventual Hetzner LBs that can be created perfectly safely
# It leaves the subnet with 254 x 254 - 100 = 64416 IPs to use, so probably enough. # It leaves the subnet with 254 x 254 - 100 = 64416 IPs to use, so probably enough.
private_ipv4 = cidrhost(local.network_ipv4_subnets[1], count.index + 101) private_ipv4 = cidrhost(local.network_ipv4_subnets[1], count.index + 101)
labels = { labels = {
@ -48,7 +48,7 @@ resource "null_resource" "control_planes" {
server = "https://${element(module.control_planes.*.private_ipv4_address, count.index > 0 ? 0 : 1)}:6443" server = "https://${element(module.control_planes.*.private_ipv4_address, count.index > 0 ? 0 : 1)}:6443"
token = random_password.k3s_token.result token = random_password.k3s_token.result
disable-cloud-controller = true disable-cloud-controller = true
disable = ["servicelb", "local-storage"] disable = ["servicelb", "local-storage", "traefik", "metric-server"]
flannel-iface = "eth1" flannel-iface = "eth1"
kubelet-arg = "cloud-provider=external" kubelet-arg = "cloud-provider=external"
node-ip = module.control_planes[count.index].private_ipv4_address node-ip = module.control_planes[count.index].private_ipv4_address

View File

@ -13,7 +13,7 @@ resource "null_resource" "first_control_plane" {
token = random_password.k3s_token.result token = random_password.k3s_token.result
cluster-init = true cluster-init = true
disable-cloud-controller = true disable-cloud-controller = true
disable = concat(["local-storage"], local.is_single_node_cluster ? [] : ["servicelb"]) disable = concat(["local-storage"], local.is_single_node_cluster ? [] : ["servicelb"], var.traefik_enabled ? [] : ["traefik"], var.metric_server_enabled ? [] : ["metric-server"])
flannel-iface = "eth1" flannel-iface = "eth1"
kubelet-arg = "cloud-provider=external" kubelet-arg = "cloud-provider=external"
node-ip = module.control_planes[0].private_ipv4_address node-ip = module.control_planes[0].private_ipv4_address
@ -79,7 +79,7 @@ resource "null_resource" "kustomization" {
"https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml", "https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml",
"https://github.com/weaveworks/kured/releases/download/${local.kured_version}/kured-${local.kured_version}-dockerhub.yaml", "https://github.com/weaveworks/kured/releases/download/${local.kured_version}/kured-${local.kured_version}-dockerhub.yaml",
"https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml", "https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml",
], local.is_single_node_cluster ? [] : ["traefik.yaml"]), ], local.is_single_node_cluster ? [] : var.traefik_enabled ? ["traefik.yaml"] : []),
patchesStrategicMerge = [ patchesStrategicMerge = [
file("${path.module}/kustomize/kured.yaml"), file("${path.module}/kustomize/kured.yaml"),
file("${path.module}/kustomize/ccm.yaml"), file("${path.module}/kustomize/ccm.yaml"),
@ -91,7 +91,7 @@ resource "null_resource" "kustomization" {
# Upload traefik config # Upload traefik config
provisioner "file" { provisioner "file" {
content = local.is_single_node_cluster ? "" : templatefile( content = local.is_single_node_cluster || var.traefik_enabled == false ? "" : templatefile(
"${path.module}/templates/traefik_config.yaml.tpl", "${path.module}/templates/traefik_config.yaml.tpl",
{ {
name = "${var.cluster_name}-traefik" name = "${var.cluster_name}-traefik"
@ -142,7 +142,7 @@ resource "null_resource" "kustomization" {
"kubectl -n system-upgrade wait --for=condition=available --timeout=120s deployment/system-upgrade-controller", "kubectl -n system-upgrade wait --for=condition=available --timeout=120s deployment/system-upgrade-controller",
"kubectl -n system-upgrade apply -f /tmp/post_install/plans.yaml" "kubectl -n system-upgrade apply -f /tmp/post_install/plans.yaml"
], ],
local.is_single_node_cluster ? [] : [<<-EOT local.is_single_node_cluster || var.traefik_enabled == false ? [] : [<<-EOT
timeout 120 bash <<EOF timeout 120 bash <<EOF
until [ -n "\$(kubectl get -n kube-system service/traefik --output=jsonpath='{.status.loadBalancer.ingress[0].ip}' 2> /dev/null)" ]; do until [ -n "\$(kubectl get -n kube-system service/traefik --output=jsonpath='{.status.loadBalancer.ingress[0].ip}' 2> /dev/null)" ]; do
echo "Waiting for load-balancer to get an IP..." echo "Waiting for load-balancer to get an IP..."

View File

@ -23,8 +23,8 @@ locals {
} }
} }
resource "local_file" "kubeconfig" { resource "local_sensitive_file" "kubeconfig" {
sensitive_content = local.kubeconfig_external content = local.kubeconfig_external
filename = "kubeconfig.yaml" filename = "kubeconfig.yaml"
file_permission = "600" file_permission = "600"
} }

View File

@ -46,7 +46,7 @@ resource "hcloud_placement_group" "k3s" {
} }
data "hcloud_load_balancer" "traefik" { data "hcloud_load_balancer" "traefik" {
count = local.is_single_node_cluster ? 0 : 1 count = local.is_single_node_cluster ? 0 : var.traefik_enabled == false ? 0 : 1
name = "${var.cluster_name}-traefik" name = "${var.cluster_name}-traefik"
depends_on = [null_resource.kustomization] depends_on = [null_resource.kustomization]
@ -68,7 +68,7 @@ resource "null_resource" "destroy_traefik_loadbalancer" {
} }
depends_on = [ depends_on = [
local_file.kubeconfig, local_sensitive_file.kubeconfig,
null_resource.control_planes[0], null_resource.control_planes[0],
hcloud_network_subnet.subnet, hcloud_network_subnet.subnet,
hcloud_network.k3s, hcloud_network.k3s,

View File

@ -17,7 +17,7 @@ output "agents_public_ipv4" {
output "load_balancer_public_ipv4" { output "load_balancer_public_ipv4" {
description = "The public IPv4 address of the Hetzner load balancer" description = "The public IPv4 address of the Hetzner load balancer"
value = local.is_single_node_cluster ? module.control_planes[0].ipv4_address : data.hcloud_load_balancer.traefik[0].ipv4 value = local.is_single_node_cluster ? module.control_planes[0].ipv4_address : var.traefik_enabled == false ? null : data.hcloud_load_balancer.traefik[0].ipv4
} }
output "kubeconfig_file" { output "kubeconfig_file" {

View File

@ -5,7 +5,7 @@
# This is in order to keep terraform from re-provisioning all nodes at once which would loose data. If you want to update, # This is in order to keep terraform from re-provisioning all nodes at once which would loose data. If you want to update,
# those, you should instead change the value here and then manually re-provision each node one-by-one. Grep for "lifecycle". # those, you should instead change the value here and then manually re-provision each node one-by-one. Grep for "lifecycle".
# * Your Hetzner project API token # * Your Hetzner project API token
hcloud_token = "xxxxxxxxxxxxxxxxxxYYYYYYYYYYYYYYYYYYYzzzzzzzzzzzzzzzzzzzzz" hcloud_token = "xxxxxxxxxxxxxxxxxxYYYYYYYYYYYYYYYYYYYzzzzzzzzzzzzzzzzzzzzz"
# * Your public key # * Your public key
public_key = "/home/username/.ssh/id_ed25519.pub" public_key = "/home/username/.ssh/id_ed25519.pub"
@ -53,10 +53,15 @@ load_balancer_type = "lb11"
# hetzner_ccm_version = "" # hetzner_ccm_version = ""
# hetzner_csi_version = "" # hetzner_csi_version = ""
# If you want to use traefik ingress controller with a loadbalancer
# traefik_enabled = true
# If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices # If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
# traefik_acme_tls = true # traefik_acme_tls = true
# traefik_acme_email = "mail@example.com" # traefik_acme_email = "mail@example.com"
# If you want to enable k8s metric server or not
# metric_server_enabled = false
# If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false". # If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false".
# Also good for single node clusters. # Also good for single node clusters.
# allow_scheduling_on_control_plane = true # allow_scheduling_on_control_plane = true

View File

@ -69,6 +69,12 @@ variable "hetzner_csi_version" {
description = "Version of Container Storage Interface driver for Hetzner Cloud" description = "Version of Container Storage Interface driver for Hetzner Cloud"
} }
variable "traefik_enabled" {
type = bool
default = true
description = "Whether to enable or disbale k3s traefik installation"
}
variable "traefik_acme_tls" { variable "traefik_acme_tls" {
type = bool type = bool
default = false default = false
@ -87,6 +93,12 @@ variable "allow_scheduling_on_control_plane" {
description = "Whether to allow non-control-plane workloads to run on the control-plane nodes" description = "Whether to allow non-control-plane workloads to run on the control-plane nodes"
} }
variable "metric_server_enabled" {
type = bool
default = true
description = "Whether to enable or disbale k3s mertric server"
}
variable "initial_k3s_channel" { variable "initial_k3s_channel" {
type = string type = string
default = "stable" default = "stable"