Merge pull request #127 from oujonny/disable-treafik
FEAT: Disable traefik & metrics-server
This commit is contained in:
commit
f98bd324f8
@ -14,7 +14,7 @@ module "control_planes" {
|
|||||||
ipv4_subnet_id = hcloud_network_subnet.subnet[1].id
|
ipv4_subnet_id = hcloud_network_subnet.subnet[1].id
|
||||||
|
|
||||||
# We leave some room so 100 eventual Hetzner LBs that can be created perfectly safely
|
# We leave some room so 100 eventual Hetzner LBs that can be created perfectly safely
|
||||||
# It leaves the subnet with 254 x 254 - 100 = 64416 IPs to use, so probably enough.
|
# It leaves the subnet with 254 x 254 - 100 = 64416 IPs to use, so probably enough.
|
||||||
private_ipv4 = cidrhost(local.network_ipv4_subnets[1], count.index + 101)
|
private_ipv4 = cidrhost(local.network_ipv4_subnets[1], count.index + 101)
|
||||||
|
|
||||||
labels = {
|
labels = {
|
||||||
@ -48,7 +48,7 @@ resource "null_resource" "control_planes" {
|
|||||||
server = "https://${element(module.control_planes.*.private_ipv4_address, count.index > 0 ? 0 : 1)}:6443"
|
server = "https://${element(module.control_planes.*.private_ipv4_address, count.index > 0 ? 0 : 1)}:6443"
|
||||||
token = random_password.k3s_token.result
|
token = random_password.k3s_token.result
|
||||||
disable-cloud-controller = true
|
disable-cloud-controller = true
|
||||||
disable = ["servicelb", "local-storage"]
|
disable = ["servicelb", "local-storage", "traefik", "metric-server"]
|
||||||
flannel-iface = "eth1"
|
flannel-iface = "eth1"
|
||||||
kubelet-arg = "cloud-provider=external"
|
kubelet-arg = "cloud-provider=external"
|
||||||
node-ip = module.control_planes[count.index].private_ipv4_address
|
node-ip = module.control_planes[count.index].private_ipv4_address
|
||||||
|
8
init.tf
8
init.tf
@ -13,7 +13,7 @@ resource "null_resource" "first_control_plane" {
|
|||||||
token = random_password.k3s_token.result
|
token = random_password.k3s_token.result
|
||||||
cluster-init = true
|
cluster-init = true
|
||||||
disable-cloud-controller = true
|
disable-cloud-controller = true
|
||||||
disable = concat(["local-storage"], local.is_single_node_cluster ? [] : ["servicelb"])
|
disable = concat(["local-storage"], local.is_single_node_cluster ? [] : ["servicelb"], var.traefik_enabled ? [] : ["traefik"], var.metric_server_enabled ? [] : ["metric-server"])
|
||||||
flannel-iface = "eth1"
|
flannel-iface = "eth1"
|
||||||
kubelet-arg = "cloud-provider=external"
|
kubelet-arg = "cloud-provider=external"
|
||||||
node-ip = module.control_planes[0].private_ipv4_address
|
node-ip = module.control_planes[0].private_ipv4_address
|
||||||
@ -79,7 +79,7 @@ resource "null_resource" "kustomization" {
|
|||||||
"https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml",
|
"https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml",
|
||||||
"https://github.com/weaveworks/kured/releases/download/${local.kured_version}/kured-${local.kured_version}-dockerhub.yaml",
|
"https://github.com/weaveworks/kured/releases/download/${local.kured_version}/kured-${local.kured_version}-dockerhub.yaml",
|
||||||
"https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml",
|
"https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml",
|
||||||
], local.is_single_node_cluster ? [] : ["traefik.yaml"]),
|
], local.is_single_node_cluster ? [] : var.traefik_enabled ? ["traefik.yaml"] : []),
|
||||||
patchesStrategicMerge = [
|
patchesStrategicMerge = [
|
||||||
file("${path.module}/kustomize/kured.yaml"),
|
file("${path.module}/kustomize/kured.yaml"),
|
||||||
file("${path.module}/kustomize/ccm.yaml"),
|
file("${path.module}/kustomize/ccm.yaml"),
|
||||||
@ -91,7 +91,7 @@ resource "null_resource" "kustomization" {
|
|||||||
|
|
||||||
# Upload traefik config
|
# Upload traefik config
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
content = local.is_single_node_cluster ? "" : templatefile(
|
content = local.is_single_node_cluster || var.traefik_enabled == false ? "" : templatefile(
|
||||||
"${path.module}/templates/traefik_config.yaml.tpl",
|
"${path.module}/templates/traefik_config.yaml.tpl",
|
||||||
{
|
{
|
||||||
name = "${var.cluster_name}-traefik"
|
name = "${var.cluster_name}-traefik"
|
||||||
@ -142,7 +142,7 @@ resource "null_resource" "kustomization" {
|
|||||||
"kubectl -n system-upgrade wait --for=condition=available --timeout=120s deployment/system-upgrade-controller",
|
"kubectl -n system-upgrade wait --for=condition=available --timeout=120s deployment/system-upgrade-controller",
|
||||||
"kubectl -n system-upgrade apply -f /tmp/post_install/plans.yaml"
|
"kubectl -n system-upgrade apply -f /tmp/post_install/plans.yaml"
|
||||||
],
|
],
|
||||||
local.is_single_node_cluster ? [] : [<<-EOT
|
local.is_single_node_cluster || var.traefik_enabled == false ? [] : [<<-EOT
|
||||||
timeout 120 bash <<EOF
|
timeout 120 bash <<EOF
|
||||||
until [ -n "\$(kubectl get -n kube-system service/traefik --output=jsonpath='{.status.loadBalancer.ingress[0].ip}' 2> /dev/null)" ]; do
|
until [ -n "\$(kubectl get -n kube-system service/traefik --output=jsonpath='{.status.loadBalancer.ingress[0].ip}' 2> /dev/null)" ]; do
|
||||||
echo "Waiting for load-balancer to get an IP..."
|
echo "Waiting for load-balancer to get an IP..."
|
||||||
|
@ -23,8 +23,8 @@ locals {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "local_file" "kubeconfig" {
|
resource "local_sensitive_file" "kubeconfig" {
|
||||||
sensitive_content = local.kubeconfig_external
|
content = local.kubeconfig_external
|
||||||
filename = "kubeconfig.yaml"
|
filename = "kubeconfig.yaml"
|
||||||
file_permission = "600"
|
file_permission = "600"
|
||||||
}
|
}
|
||||||
|
4
main.tf
4
main.tf
@ -46,7 +46,7 @@ resource "hcloud_placement_group" "k3s" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
data "hcloud_load_balancer" "traefik" {
|
data "hcloud_load_balancer" "traefik" {
|
||||||
count = local.is_single_node_cluster ? 0 : 1
|
count = local.is_single_node_cluster ? 0 : var.traefik_enabled == false ? 0 : 1
|
||||||
name = "${var.cluster_name}-traefik"
|
name = "${var.cluster_name}-traefik"
|
||||||
|
|
||||||
depends_on = [null_resource.kustomization]
|
depends_on = [null_resource.kustomization]
|
||||||
@ -68,7 +68,7 @@ resource "null_resource" "destroy_traefik_loadbalancer" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
depends_on = [
|
depends_on = [
|
||||||
local_file.kubeconfig,
|
local_sensitive_file.kubeconfig,
|
||||||
null_resource.control_planes[0],
|
null_resource.control_planes[0],
|
||||||
hcloud_network_subnet.subnet,
|
hcloud_network_subnet.subnet,
|
||||||
hcloud_network.k3s,
|
hcloud_network.k3s,
|
||||||
|
@ -17,7 +17,7 @@ output "agents_public_ipv4" {
|
|||||||
|
|
||||||
output "load_balancer_public_ipv4" {
|
output "load_balancer_public_ipv4" {
|
||||||
description = "The public IPv4 address of the Hetzner load balancer"
|
description = "The public IPv4 address of the Hetzner load balancer"
|
||||||
value = local.is_single_node_cluster ? module.control_planes[0].ipv4_address : data.hcloud_load_balancer.traefik[0].ipv4
|
value = local.is_single_node_cluster ? module.control_planes[0].ipv4_address : var.traefik_enabled == false ? null : data.hcloud_load_balancer.traefik[0].ipv4
|
||||||
}
|
}
|
||||||
|
|
||||||
output "kubeconfig_file" {
|
output "kubeconfig_file" {
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
# This is in order to keep terraform from re-provisioning all nodes at once which would loose data. If you want to update,
|
# This is in order to keep terraform from re-provisioning all nodes at once which would loose data. If you want to update,
|
||||||
# those, you should instead change the value here and then manually re-provision each node one-by-one. Grep for "lifecycle".
|
# those, you should instead change the value here and then manually re-provision each node one-by-one. Grep for "lifecycle".
|
||||||
|
|
||||||
# * Your Hetzner project API token
|
# * Your Hetzner project API token
|
||||||
hcloud_token = "xxxxxxxxxxxxxxxxxxYYYYYYYYYYYYYYYYYYYzzzzzzzzzzzzzzzzzzzzz"
|
hcloud_token = "xxxxxxxxxxxxxxxxxxYYYYYYYYYYYYYYYYYYYzzzzzzzzzzzzzzzzzzzzz"
|
||||||
# * Your public key
|
# * Your public key
|
||||||
public_key = "/home/username/.ssh/id_ed25519.pub"
|
public_key = "/home/username/.ssh/id_ed25519.pub"
|
||||||
@ -53,10 +53,15 @@ load_balancer_type = "lb11"
|
|||||||
# hetzner_ccm_version = ""
|
# hetzner_ccm_version = ""
|
||||||
# hetzner_csi_version = ""
|
# hetzner_csi_version = ""
|
||||||
|
|
||||||
|
# If you want to use traefik ingress controller with a loadbalancer
|
||||||
|
# traefik_enabled = true
|
||||||
# If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
|
# If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
|
||||||
# traefik_acme_tls = true
|
# traefik_acme_tls = true
|
||||||
# traefik_acme_email = "mail@example.com"
|
# traefik_acme_email = "mail@example.com"
|
||||||
|
|
||||||
|
# If you want to enable k8s metric server or not
|
||||||
|
# metric_server_enabled = false
|
||||||
|
|
||||||
# If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false".
|
# If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false".
|
||||||
# Also good for single node clusters.
|
# Also good for single node clusters.
|
||||||
# allow_scheduling_on_control_plane = true
|
# allow_scheduling_on_control_plane = true
|
||||||
|
12
variables.tf
12
variables.tf
@ -69,6 +69,12 @@ variable "hetzner_csi_version" {
|
|||||||
description = "Version of Container Storage Interface driver for Hetzner Cloud"
|
description = "Version of Container Storage Interface driver for Hetzner Cloud"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "traefik_enabled" {
|
||||||
|
type = bool
|
||||||
|
default = true
|
||||||
|
description = "Whether to enable or disbale k3s traefik installation"
|
||||||
|
}
|
||||||
|
|
||||||
variable "traefik_acme_tls" {
|
variable "traefik_acme_tls" {
|
||||||
type = bool
|
type = bool
|
||||||
default = false
|
default = false
|
||||||
@ -87,6 +93,12 @@ variable "allow_scheduling_on_control_plane" {
|
|||||||
description = "Whether to allow non-control-plane workloads to run on the control-plane nodes"
|
description = "Whether to allow non-control-plane workloads to run on the control-plane nodes"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
variable "metric_server_enabled" {
|
||||||
|
type = bool
|
||||||
|
default = true
|
||||||
|
description = "Whether to enable or disbale k3s mertric server"
|
||||||
|
}
|
||||||
|
|
||||||
variable "initial_k3s_channel" {
|
variable "initial_k3s_channel" {
|
||||||
type = string
|
type = string
|
||||||
default = "stable"
|
default = "stable"
|
||||||
|
Loading…
Reference in New Issue
Block a user