Merge pull request #127 from oujonny/disable-treafik

FEAT: Disable traefik & metrics-server

control_planes.tf

@@ -14,7 +14,7 @@ module "control_planes" {
   ipv4_subnet_id         = hcloud_network_subnet.subnet[1].id
 
   # We leave some room so 100 eventual Hetzner LBs that can be created perfectly safely
-  # It leaves the subnet with 254 x 254 - 100 = 64416 IPs to use, so probably enough.  
+  # It leaves the subnet with 254 x 254 - 100 = 64416 IPs to use, so probably enough.
   private_ipv4 = cidrhost(local.network_ipv4_subnets[1], count.index + 101)
 
   labels = {
@@ -48,7 +48,7 @@ resource "null_resource" "control_planes" {
       server                   = "https://${element(module.control_planes.*.private_ipv4_address, count.index > 0 ? 0 : 1)}:6443"
       token                    = random_password.k3s_token.result
       disable-cloud-controller = true
-      disable                  = ["servicelb", "local-storage"]
+      disable                  = ["servicelb", "local-storage", "traefik", "metric-server"]
       flannel-iface            = "eth1"
       kubelet-arg              = "cloud-provider=external"
       node-ip                  = module.control_planes[count.index].private_ipv4_address

init.tf

@@ -13,7 +13,7 @@ resource "null_resource" "first_control_plane" {
       token                    = random_password.k3s_token.result
       cluster-init             = true
       disable-cloud-controller = true
-      disable                  = concat(["local-storage"], local.is_single_node_cluster ? [] : ["servicelb"])
+      disable                  = concat(["local-storage"], local.is_single_node_cluster ? [] : ["servicelb"], var.traefik_enabled ? [] : ["traefik"], var.metric_server_enabled ? [] : ["metric-server"])
       flannel-iface            = "eth1"
       kubelet-arg              = "cloud-provider=external"
       node-ip                  = module.control_planes[0].private_ipv4_address
@@ -79,7 +79,7 @@ resource "null_resource" "kustomization" {
         "https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml",
         "https://github.com/weaveworks/kured/releases/download/${local.kured_version}/kured-${local.kured_version}-dockerhub.yaml",
         "https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml",
-      ], local.is_single_node_cluster ? [] : ["traefik.yaml"]),
+      ], local.is_single_node_cluster ? [] : var.traefik_enabled ? ["traefik.yaml"] : []),
       patchesStrategicMerge = [
         file("${path.module}/kustomize/kured.yaml"),
         file("${path.module}/kustomize/ccm.yaml"),
@@ -91,7 +91,7 @@ resource "null_resource" "kustomization" {
 
   # Upload traefik config
   provisioner "file" {
-    content = local.is_single_node_cluster ? "" : templatefile(
+    content = local.is_single_node_cluster || var.traefik_enabled == false ? "" : templatefile(
       "${path.module}/templates/traefik_config.yaml.tpl",
       {
         name                       = "${var.cluster_name}-traefik"
@@ -142,7 +142,7 @@ resource "null_resource" "kustomization" {
       "kubectl -n system-upgrade wait --for=condition=available --timeout=120s deployment/system-upgrade-controller",
       "kubectl -n system-upgrade apply -f /tmp/post_install/plans.yaml"
       ],
-      local.is_single_node_cluster ? [] : [<<-EOT
+      local.is_single_node_cluster || var.traefik_enabled == false ? [] : [<<-EOT
       timeout 120 bash <<EOF
       until [ -n "\$(kubectl get -n kube-system service/traefik --output=jsonpath='{.status.loadBalancer.ingress[0].ip}' 2> /dev/null)" ]; do
           echo "Waiting for load-balancer to get an IP..."

kubeconfig.tf

@@ -23,8 +23,8 @@ locals {
   }
 }
 
-resource "local_file" "kubeconfig" {
+resource "local_sensitive_file" "kubeconfig" {
-  sensitive_content = local.kubeconfig_external
+  content         = local.kubeconfig_external
-  filename          = "kubeconfig.yaml"
+  filename        = "kubeconfig.yaml"
-  file_permission   = "600"
+  file_permission = "600"
 }

main.tf

@@ -46,7 +46,7 @@ resource "hcloud_placement_group" "k3s" {
 }
 
 data "hcloud_load_balancer" "traefik" {
-  count = local.is_single_node_cluster ? 0 : 1
+  count = local.is_single_node_cluster ? 0 : var.traefik_enabled == false ? 0 : 1
   name  = "${var.cluster_name}-traefik"
 
   depends_on = [null_resource.kustomization]
@@ -68,7 +68,7 @@ resource "null_resource" "destroy_traefik_loadbalancer" {
   }
 
   depends_on = [
-    local_file.kubeconfig,
+    local_sensitive_file.kubeconfig,
     null_resource.control_planes[0],
     hcloud_network_subnet.subnet,
     hcloud_network.k3s,

output.tf

@@ -17,7 +17,7 @@ output "agents_public_ipv4" {
 
 output "load_balancer_public_ipv4" {
   description = "The public IPv4 address of the Hetzner load balancer"
-  value       = local.is_single_node_cluster ? module.control_planes[0].ipv4_address : data.hcloud_load_balancer.traefik[0].ipv4
+  value       = local.is_single_node_cluster ? module.control_planes[0].ipv4_address : var.traefik_enabled == false ? null : data.hcloud_load_balancer.traefik[0].ipv4
 }
 
 output "kubeconfig_file" {

terraform.tfvars.example

@@ -5,7 +5,7 @@
 # This is in order to keep terraform from re-provisioning all nodes at once which would loose data. If you want to update,
 # those, you should instead change the value here and then manually re-provision each node one-by-one. Grep for "lifecycle".
 
-# * Your Hetzner project API token 
+# * Your Hetzner project API token
 hcloud_token = "xxxxxxxxxxxxxxxxxxYYYYYYYYYYYYYYYYYYYzzzzzzzzzzzzzzzzzzzzz"
 # * Your public key
 public_key   = "/home/username/.ssh/id_ed25519.pub"
@@ -53,10 +53,15 @@ load_balancer_type        = "lb11"
 # hetzner_ccm_version = ""
 # hetzner_csi_version = ""
 
+# If you want to use traefik ingress controller with a loadbalancer
+# traefik_enabled = true
 # If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
 # traefik_acme_tls = true
 # traefik_acme_email = "mail@example.com"
 
+# If you want to enable k8s metric server or not
+# metric_server_enabled = false
+
 # If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false".
 # Also good for single node clusters.
 # allow_scheduling_on_control_plane = true

variables.tf

@@ -69,6 +69,12 @@ variable "hetzner_csi_version" {
   description = "Version of Container Storage Interface driver for Hetzner Cloud"
 }
 
+variable "traefik_enabled" {
+  type        = bool
+  default     = true
+  description = "Whether to enable or disbale k3s traefik installation"
+}
+
 variable "traefik_acme_tls" {
   type        = bool
   default     = false
@@ -87,6 +93,12 @@ variable "allow_scheduling_on_control_plane" {
   description = "Whether to allow non-control-plane workloads to run on the control-plane nodes"
 }
 
+variable "metric_server_enabled" {
+  type        = bool
+  default     = true
+  description = "Whether to enable or disbale k3s mertric server"
+}
+
 variable "initial_k3s_channel" {
   type        = string
   default     = "stable"