added kured and fixed initial ignition disk partitioning
This commit is contained in:
parent
7532e7a4d5
commit
fba212de47
15
README.md
15
README.md
@ -14,7 +14,7 @@
|
||||
<h2 align="center">Kube-Hetzner</h2>
|
||||
|
||||
<p align="center">
|
||||
A highly optimized and auto-upgradable, HA-able & Load-Balanced, Kubernetes cluster powered by k3s-on-k3os deployed for peanuts on <a href="https://hetzner.com" target="_blank">Hetzner Cloud</a> 🤑 🚀
|
||||
A highly optimized and auto-upgradable, HA-able & Load-Balanced, Kubernetes cluster powered by k3s-on-MicroOS and deployed for peanuts on <a href="https://hetzner.com" target="_blank">Hetzner Cloud</a> 🤑 🚀
|
||||
</p>
|
||||
<hr />
|
||||
<br />
|
||||
@ -22,18 +22,21 @@
|
||||
|
||||
## About The Project
|
||||
|
||||
[Hetzner Cloud](https://hetzner.com) is a good cloud provider that offers very affordable prices for cloud instances, with data center locations in both Europe and the US. The goal of this project is to create an optimal and highly optimized Kubernetes installation that is easily maintained, secure, and automatically upgrades. We aimed for functionality as close as possible to GKE's auto-pilot.
|
||||
[Hetzner Cloud](https://hetzner.com) is a good cloud provider that offers very affordable prices for cloud instances, with data center locations in both Europe and the US.
|
||||
|
||||
The goal of this project is to create an optimal and highly optimized Kubernetes installation that is easily maintained, secure, and automatically upgrades. We aimed for functionality as close as possible to GKE's auto-pilot. In order to achieve this, we built on the shoulders of giants, by choosing [openSUSE MicroOS](https://en.opensuse.org/Portal:MicroOS) as the base operating system, and [k3s](https://k3s.io/) as the Kubernetes engine.
|
||||
|
||||
|
||||
_Please note that we are not affiliated to Hetzner, this is just an open source project striving to be an optimal solution for deploying and maintaining Kubernetes on Hetzner Cloud._
|
||||
|
||||
### Features
|
||||
|
||||
- Lightweight and resource-efficient Kubernetes powered by [k3s](https://github.com/k3s-io/k3s) on [k3os](https://github.com/rancher/k3os) nodes.
|
||||
- Maintenance free with auto-upgrade to the latest version of k3os, k3s, Hetzner CCM and CSI.
|
||||
- Maintenance free with auto-upgrade to the latest version of MicroOS, k3s, Hetzner CCM and CSI.
|
||||
- Proper use of the underlying Hetzner private network to remove the need for encryption and make the cluster both fast and secure.
|
||||
- Automatic HA with the default setting of two control-plane and agents nodes.
|
||||
- Ability to add or remove as many nodes as you want while the cluster stays running.
|
||||
- Automatic Traefik ingress controller attached to a Hetzner load balancer with proxy protocol turned on.
|
||||
- (Optional) Out of the box config of Traefik with SSL certficate auto-generation.
|
||||
|
||||
_It uses Terraform to deploy as it's easy to use, and Hetzner provides a great [Hetzner Terraform Provider](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs)._
|
||||
|
||||
@ -109,13 +112,13 @@ hcloud server list
|
||||
- See the Hetzner network config:
|
||||
|
||||
```sh
|
||||
hcloud network describe k3s-net
|
||||
hcloud network describe k3s
|
||||
```
|
||||
|
||||
- Log into one of your nodes (replace the location of your private key if needed):
|
||||
|
||||
```sh
|
||||
ssh rancher@xxx.xxx.xxx.xxx -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no
|
||||
ssh root@xxx.xxx.xxx.xxx -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no
|
||||
```
|
||||
|
||||
## Automatic upgrade
|
||||
|
@ -45,7 +45,7 @@ resource "hcloud_server" "agents" {
|
||||
|
||||
# Wait for MicroOS to reboot and be ready
|
||||
provisioner "local-exec" {
|
||||
command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 30"
|
||||
command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 60"
|
||||
}
|
||||
|
||||
# Generating and uploading the angent.conf file
|
||||
|
7
data.tf
7
data.tf
@ -10,6 +10,13 @@ data "github_release" "hetzner_csi" {
|
||||
retrieve_by = "latest"
|
||||
}
|
||||
|
||||
// github_release for kured
|
||||
data "github_release" "kured" {
|
||||
repository = "kured"
|
||||
owner = "weaveworks"
|
||||
retrieve_by = "latest"
|
||||
}
|
||||
|
||||
data "hcloud_image" "linux" {
|
||||
name = local.hcloud_image_name
|
||||
}
|
||||
|
8
kured/kustomization.yaml
Normal file
8
kured/kustomization.yaml
Normal file
@ -0,0 +1,8 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- "https://github.com/weaveworks/kured/releases/download/1.9.1/kured-1.9.1-dockerhub.yaml"
|
||||
|
||||
patchesStrategicMerge:
|
||||
- patch_latest.yaml
|
20
kured/patch.yaml
Normal file
20
kured/patch.yaml
Normal file
@ -0,0 +1,20 @@
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: kured
|
||||
namespace: kube-system
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
name: kured
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
name: kured
|
||||
spec:
|
||||
serviceAccountName: kured
|
||||
containers:
|
||||
- name: kured
|
||||
command:
|
||||
- /usr/bin/kured
|
||||
- --reboot-command="/usr/bin/systemctl reboot"
|
22
kured/patch_latest.yaml
Normal file
22
kured/patch_latest.yaml
Normal file
@ -0,0 +1,22 @@
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: kured
|
||||
namespace: kube-system
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
name: kured
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
name: kured
|
||||
spec:
|
||||
serviceAccountName: kured
|
||||
containers:
|
||||
- name: kured
|
||||
image: docker.io/weaveworks/kured:latest
|
||||
imagePullPolicy: Always
|
||||
command:
|
||||
- /usr/bin/kured
|
||||
- --reboot-command="/usr/bin/systemctl reboot"
|
@ -20,6 +20,7 @@ locals {
|
||||
"partprobe /dev/sda",
|
||||
"parted -s /dev/sda resizepart 4 99%",
|
||||
"parted -s /dev/sda mkpart primary ext2 99% 100%",
|
||||
"sleep 5 && fdisk -l /dev/sda",
|
||||
"mount /dev/sda4 /mnt/ && btrfs filesystem resize max /mnt && umount /mnt",
|
||||
"mke2fs -L ignition /dev/sda5",
|
||||
"mount /dev/sda5 /mnt",
|
||||
|
10
main.tf
10
main.tf
@ -164,6 +164,16 @@ resource "local_file" "hetzner_csi_config" {
|
||||
directory_permission = "0755"
|
||||
}
|
||||
|
||||
resource "local_file" "kured_config" {
|
||||
content = templatefile("${path.module}/templates/kured.yaml.tpl", {
|
||||
version = data.github_release.kured.release_tag
|
||||
patch_name = var.kured_container_latest ? "patch_latest" : "patch"
|
||||
})
|
||||
filename = "${path.module}/kured/kustomization.yaml"
|
||||
file_permission = "0644"
|
||||
directory_permission = "0755"
|
||||
}
|
||||
|
||||
resource "local_file" "traefik_config" {
|
||||
content = templatefile("${path.module}/templates/traefik_config.yaml.tpl", {
|
||||
lb_disable_ipv6 = var.lb_disable_ipv6
|
||||
|
12
master.tf
12
master.tf
@ -43,7 +43,7 @@ resource "hcloud_server" "first_control_plane" {
|
||||
|
||||
# Wait for MicroOS to reboot and be ready
|
||||
provisioner "local-exec" {
|
||||
command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 30"
|
||||
command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 60"
|
||||
}
|
||||
|
||||
# Generating k3s master config file
|
||||
@ -87,7 +87,7 @@ resource "hcloud_server" "first_control_plane" {
|
||||
sleep 30
|
||||
scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${local.ssh_identity_file} root@${self.ipv4_address}:/etc/rancher/k3s/k3s.yaml ${path.module}/kubeconfig.yaml
|
||||
sed -i -e 's/127.0.0.1/${self.ipv4_address}/g' ${path.module}/kubeconfig.yaml
|
||||
sleep 30
|
||||
sleep 10 && until kubectl get node ${self.name}; do sleep 5; done
|
||||
EOT
|
||||
}
|
||||
|
||||
@ -102,6 +102,14 @@ resource "hcloud_server" "first_control_plane" {
|
||||
EOT
|
||||
}
|
||||
|
||||
# Install Kured
|
||||
provisioner "local-exec" {
|
||||
command = <<-EOT
|
||||
set -ex
|
||||
kubectl -n kube-system apply -k ${dirname(local_file.kured_config.filename)} --kubeconfig ${path.module}/kubeconfig.yaml
|
||||
EOT
|
||||
}
|
||||
|
||||
# Configure the Traefik ingress controller
|
||||
provisioner "local-exec" {
|
||||
command = "kubectl apply -f ${local_file.traefik_config.filename} --kubeconfig ${path.module}/kubeconfig.yaml"
|
||||
|
@ -44,7 +44,7 @@ resource "hcloud_server" "control_planes" {
|
||||
|
||||
# Wait for MicroOS to reboot and be ready
|
||||
provisioner "local-exec" {
|
||||
command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 30"
|
||||
command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 60"
|
||||
}
|
||||
|
||||
# Generating k3s server config file
|
||||
|
8
templates/kured.yaml.tpl
Normal file
8
templates/kured.yaml.tpl
Normal file
@ -0,0 +1,8 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
resources:
|
||||
- "https://github.com/weaveworks/kured/releases/download/${version}/kured-${version}-dockerhub.yaml"
|
||||
|
||||
patchesStrategicMerge:
|
||||
- ${patch_name}.yaml
|
@ -26,6 +26,9 @@ agents_num = 2
|
||||
# hetzner_ccm_containers_latest = true
|
||||
# hetzner_csi_containers_latest = true
|
||||
|
||||
# If you want to kustomize the kured container with the latest image tag and imagePullPolicy Always, set this to true, by default it's false
|
||||
# kured_container_latest = true
|
||||
|
||||
# If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
|
||||
# traefik_acme_tls = true
|
||||
# traefik_acme_email = "mail@example.com"
|
||||
|
10
variables.tf
10
variables.tf
@ -70,13 +70,19 @@ variable "hetzner_csi_version" {
|
||||
variable "hetzner_ccm_containers_latest" {
|
||||
type = bool
|
||||
default = false
|
||||
description = "Whether to kustomize the Hetzner CCM manifest with the latest or canary tags for containers"
|
||||
description = "Whether to kustomize the Hetzner CCM manifest with the latest or canary tags for containers and imagePullPolicy of Always"
|
||||
}
|
||||
|
||||
variable "hetzner_csi_containers_latest" {
|
||||
type = bool
|
||||
default = false
|
||||
description = "Whether to kustomize the Hetzner CSI manifest with the latest or canary tags for containers"
|
||||
description = "Whether to kustomize the Hetzner CSI manifest with the latest or canary tags for containers and imagePullPolicy of Always"
|
||||
}
|
||||
|
||||
variable "kured_container_latest" {
|
||||
type = bool
|
||||
default = false
|
||||
description = "Whether to kustomize the Kured container with the latest tag and imagePullPolicy of Always"
|
||||
}
|
||||
|
||||
variable "traefik_acme_tls" {
|
||||
|
Loading…
Reference in New Issue
Block a user