kjuulh/terraform-hcloud-kube-hetzner
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

added kured and fixed initial ignition disk partitioning

Browse Source
This commit is contained in:
Karim Naufal 2022-02-07 08:46:10 +01:00
parent 7532e7a4d5
commit fba212de47
13 changed files with 108 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@ -14,7 +14,7 @@
<h2 align="center">Kube-Hetzner</h2>
<p align="center">
A highly optimized and auto-upgradable, HA-able & Load-Balanced, Kubernetes cluster powered by k3s-on-k3os deployed for peanuts on <a href="https://hetzner.com" target="_blank">Hetzner Cloud</a> 🤑 🚀
A highly optimized and auto-upgradable, HA-able & Load-Balanced, Kubernetes cluster powered by k3s-on-MicroOS and deployed for peanuts on <a href="https://hetzner.com" target="_blank">Hetzner Cloud</a> 🤑 🚀
</p>
<hr />
<br />
@ -22,18 +22,21 @@
## About The Project
[Hetzner Cloud](https://hetzner.com) is a good cloud provider that offers very affordable prices for cloud instances, with data center locations in both Europe and the US. The goal of this project is to create an optimal and highly optimized Kubernetes installation that is easily maintained, secure, and automatically upgrades. We aimed for functionality as close as possible to GKE's auto-pilot.
[Hetzner Cloud](https://hetzner.com) is a good cloud provider that offers very affordable prices for cloud instances, with data center locations in both Europe and the US.
The goal of this project is to create an optimal and highly optimized Kubernetes installation that is easily maintained, secure, and automatically upgrades. We aimed for functionality as close as possible to GKE's auto-pilot. In order to achieve this, we built on the shoulders of giants, by choosing [openSUSE MicroOS](https://en.opensuse.org/Portal:MicroOS) as the base operating system, and [k3s](https://k3s.io/) as the Kubernetes engine.
_Please note that we are not affiliated to Hetzner, this is just an open source project striving to be an optimal solution for deploying and maintaining Kubernetes on Hetzner Cloud._
### Features
- Lightweight and resource-efficient Kubernetes powered by [k3s](https://github.com/k3s-io/k3s) on [k3os](https://github.com/rancher/k3os) nodes.
- Maintenance free with auto-upgrade to the latest version of k3os, k3s, Hetzner CCM and CSI.
- Maintenance free with auto-upgrade to the latest version of MicroOS, k3s, Hetzner CCM and CSI.
- Proper use of the underlying Hetzner private network to remove the need for encryption and make the cluster both fast and secure.
- Automatic HA with the default setting of two control-plane and agents nodes.
- Ability to add or remove as many nodes as you want while the cluster stays running.
- Automatic Traefik ingress controller attached to a Hetzner load balancer with proxy protocol turned on.
- (Optional) Out of the box config of Traefik with SSL certficate auto-generation.
_It uses Terraform to deploy as it's easy to use, and Hetzner provides a great [Hetzner Terraform Provider](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs)._
@ -109,13 +112,13 @@ hcloud server list
- See the Hetzner network config:
```sh
hcloud network describe k3s-net
hcloud network describe k3s
```
- Log into one of your nodes (replace the location of your private key if needed):
```sh
ssh rancher@xxx.xxx.xxx.xxx -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no
ssh root@xxx.xxx.xxx.xxx -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no
```
## Automatic upgrade

2
agents.tf
View File

@ -45,7 +45,7 @@ resource "hcloud_server" "agents" {
# Wait for MicroOS to reboot and be ready
provisioner "local-exec" {
command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 30"
command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 60"
}
# Generating and uploading the angent.conf file

7
data.tf
View File

@ -10,6 +10,13 @@ data "github_release" "hetzner_csi" {
retrieve_by = "latest"
}
// github_release for kured
data "github_release" "kured" {
repository = "kured"
owner = "weaveworks"
retrieve_by = "latest"
}
data "hcloud_image" "linux" {
name = local.hcloud_image_name
}

8
kured/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- "https://github.com/weaveworks/kured/releases/download/1.9.1/kured-1.9.1-dockerhub.yaml"
patchesStrategicMerge:
- patch_latest.yaml

20
kured/patch.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kured
namespace: kube-system
spec:
selector:
matchLabels:
name: kured
template:
metadata:
labels:
name: kured
spec:
serviceAccountName: kured
containers:
- name: kured
command:
- /usr/bin/kured
- --reboot-command="/usr/bin/systemctl reboot"

22
kured/patch_latest.yaml Normal file
View File

@ -0,0 +1,22 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kured
namespace: kube-system
spec:
selector:
matchLabels:
name: kured
template:
metadata:
labels:
name: kured
spec:
serviceAccountName: kured
containers:
- name: kured
image: docker.io/weaveworks/kured:latest
imagePullPolicy: Always
command:
- /usr/bin/kured
- --reboot-command="/usr/bin/systemctl reboot"

1
locals.tf
View File

@ -20,6 +20,7 @@ locals {
"partprobe /dev/sda",
"parted -s /dev/sda resizepart 4 99%",
"parted -s /dev/sda mkpart primary ext2 99% 100%",
"sleep 5 && fdisk -l /dev/sda",
"mount /dev/sda4 /mnt/ && btrfs filesystem resize max /mnt && umount /mnt",
"mke2fs -L ignition /dev/sda5",
"mount /dev/sda5 /mnt",

10
main.tf
View File

@ -164,6 +164,16 @@ resource "local_file" "hetzner_csi_config" {
directory_permission = "0755"
}
resource "local_file" "kured_config" {
content = templatefile("${path.module}/templates/kured.yaml.tpl", {
version = data.github_release.kured.release_tag
patch_name = var.kured_container_latest ? "patch_latest" : "patch"
})
filename = "${path.module}/kured/kustomization.yaml"
file_permission = "0644"
directory_permission = "0755"
}
resource "local_file" "traefik_config" {
content = templatefile("${path.module}/templates/traefik_config.yaml.tpl", {
lb_disable_ipv6 = var.lb_disable_ipv6

12
master.tf
View File

@ -43,7 +43,7 @@ resource "hcloud_server" "first_control_plane" {
# Wait for MicroOS to reboot and be ready
provisioner "local-exec" {
command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 30"
command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 60"
}
# Generating k3s master config file
@ -87,7 +87,7 @@ resource "hcloud_server" "first_control_plane" {
sleep 30
scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${local.ssh_identity_file} root@${self.ipv4_address}:/etc/rancher/k3s/k3s.yaml ${path.module}/kubeconfig.yaml
sed -i -e 's/127.0.0.1/${self.ipv4_address}/g' ${path.module}/kubeconfig.yaml
sleep 30
sleep 10 && until kubectl get node ${self.name}; do sleep 5; done
EOT
}
@ -102,6 +102,14 @@ resource "hcloud_server" "first_control_plane" {
EOT
}
# Install Kured
provisioner "local-exec" {
command = <<-EOT
set -ex
kubectl -n kube-system apply -k ${dirname(local_file.kured_config.filename)} --kubeconfig ${path.module}/kubeconfig.yaml
EOT
}
# Configure the Traefik ingress controller
provisioner "local-exec" {
command = "kubectl apply -f ${local_file.traefik_config.filename} --kubeconfig ${path.module}/kubeconfig.yaml"

2
servers.tf
View File

@ -44,7 +44,7 @@ resource "hcloud_server" "control_planes" {
# Wait for MicroOS to reboot and be ready
provisioner "local-exec" {
command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 30"
command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 60"
}
# Generating k3s server config file

8
templates/kured.yaml.tpl Normal file
View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- "https://github.com/weaveworks/kured/releases/download/${version}/kured-${version}-dockerhub.yaml"
patchesStrategicMerge:
- ${patch_name}.yaml

3
terraform.tfvars.example
View File

@ -26,6 +26,9 @@ agents_num = 2
# hetzner_ccm_containers_latest = true
# hetzner_csi_containers_latest = true
# If you want to kustomize the kured container with the latest image tag and imagePullPolicy Always, set this to true, by default it's false
# kured_container_latest = true
# If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
# traefik_acme_tls = true
# traefik_acme_email = "mail@example.com"

10
variables.tf
View File

@ -70,13 +70,19 @@ variable "hetzner_csi_version" {
variable "hetzner_ccm_containers_latest" {
type = bool
default = false
description = "Whether to kustomize the Hetzner CCM manifest with the latest or canary tags for containers"
description = "Whether to kustomize the Hetzner CCM manifest with the latest or canary tags for containers and imagePullPolicy of Always"
}
variable "hetzner_csi_containers_latest" {
type = bool
default = false
description = "Whether to kustomize the Hetzner CSI manifest with the latest or canary tags for containers"
description = "Whether to kustomize the Hetzner CSI manifest with the latest or canary tags for containers and imagePullPolicy of Always"
}
variable "kured_container_latest" {
type = bool
default = false
description = "Whether to kustomize the Kured container with the latest tag and imagePullPolicy of Always"
}
variable "traefik_acme_tls" {