added kured and fixed initial ignition disk partitioning

README.md

@@ -14,7 +14,7 @@
   <h2 align="center">Kube-Hetzner</h2>
 
   <p align="center">
-    A highly optimized and auto-upgradable, HA-able & Load-Balanced, Kubernetes cluster powered by k3s-on-k3os deployed for peanuts on <a href="https://hetzner.com" target="_blank">Hetzner Cloud</a> 🤑 🚀
+    A highly optimized and auto-upgradable, HA-able & Load-Balanced, Kubernetes cluster powered by k3s-on-MicroOS and deployed for peanuts on <a href="https://hetzner.com" target="_blank">Hetzner Cloud</a> 🤑 🚀
   </p>
   <hr />
   <br />
@@ -22,18 +22,21 @@
 
 ## About The Project
 
-[Hetzner Cloud](https://hetzner.com) is a good cloud provider that offers very affordable prices for cloud instances, with data center locations in both Europe and the US. The goal of this project is to create an optimal and highly optimized Kubernetes installation that is easily maintained, secure, and automatically upgrades. We aimed for functionality as close as possible to GKE's auto-pilot.
+[Hetzner Cloud](https://hetzner.com) is a good cloud provider that offers very affordable prices for cloud instances, with data center locations in both Europe and the US. 
+
+The goal of this project is to create an optimal and highly optimized Kubernetes installation that is easily maintained, secure, and automatically upgrades. We aimed for functionality as close as possible to GKE's auto-pilot. In order to achieve this, we built on the shoulders of giants, by choosing [openSUSE MicroOS](https://en.opensuse.org/Portal:MicroOS) as the base operating system, and [k3s](https://k3s.io/) as the Kubernetes engine.
+
 
 _Please note that we are not affiliated to Hetzner, this is just an open source project striving to be an optimal solution for deploying and maintaining Kubernetes on Hetzner Cloud._
 
 ### Features
 
-- Lightweight and resource-efficient Kubernetes powered by [k3s](https://github.com/k3s-io/k3s) on [k3os](https://github.com/rancher/k3os) nodes.
+- Maintenance free with auto-upgrade to the latest version of MicroOS, k3s, Hetzner CCM and CSI.
-- Maintenance free with auto-upgrade to the latest version of k3os, k3s, Hetzner CCM and CSI.
 - Proper use of the underlying Hetzner private network to remove the need for encryption and make the cluster both fast and secure.
 - Automatic HA with the default setting of two control-plane and agents nodes.
 - Ability to add or remove as many nodes as you want while the cluster stays running.
 - Automatic Traefik ingress controller attached to a Hetzner load balancer with proxy protocol turned on.
+- (Optional) Out of the box config of Traefik with SSL certficate auto-generation.
 
 _It uses Terraform to deploy as it's easy to use, and Hetzner provides a great [Hetzner Terraform Provider](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs)._
 
@@ -109,13 +112,13 @@ hcloud server list
 - See the Hetzner network config:
 
 ```sh
-hcloud network describe k3s-net
+hcloud network describe k3s
 ```
 
 - Log into one of your nodes (replace the location of your private key if needed):
 
 ```sh
-ssh rancher@xxx.xxx.xxx.xxx -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no
+ssh root@xxx.xxx.xxx.xxx -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no
 ```
 
 ## Automatic upgrade

agents.tf

@@ -45,7 +45,7 @@ resource "hcloud_server" "agents" {
 
   # Wait for MicroOS to reboot and be ready
   provisioner "local-exec" {
-    command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 30"
+    command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 60"
   }
 
   # Generating and uploading the angent.conf file

data.tf

@@ -10,6 +10,13 @@ data "github_release" "hetzner_csi" {
   retrieve_by = "latest"
 }
 
+// github_release for kured
+data "github_release" "kured" {
+  repository  = "kured"
+  owner       = "weaveworks"
+  retrieve_by = "latest"
+}
+
 data "hcloud_image" "linux" {
   name = local.hcloud_image_name
 }

kured/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- "https://github.com/weaveworks/kured/releases/download/1.9.1/kured-1.9.1-dockerhub.yaml"
+
+patchesStrategicMerge:
+- patch_latest.yaml

kured/patch.yaml

@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: kured
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      name: kured
+  template:
+    metadata:
+      labels:
+        name: kured
+    spec:
+      serviceAccountName: kured
+      containers:
+        - name: kured
+          command:
+            - /usr/bin/kured
+            - --reboot-command="/usr/bin/systemctl reboot"

kured/patch_latest.yaml

@@ -0,0 +1,22 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: kured
+  namespace: kube-system
+spec:
+  selector:
+    matchLabels:
+      name: kured
+  template:
+    metadata:
+      labels:
+        name: kured
+    spec:
+      serviceAccountName: kured
+      containers:
+        - name: kured
+          image: docker.io/weaveworks/kured:latest
+          imagePullPolicy: Always
+          command:
+            - /usr/bin/kured
+            - --reboot-command="/usr/bin/systemctl reboot"

locals.tf

@@ -20,6 +20,7 @@ locals {
     "partprobe /dev/sda",
     "parted -s /dev/sda resizepart 4 99%",
     "parted -s /dev/sda mkpart primary ext2 99% 100%",
+    "sleep 5 && fdisk -l /dev/sda",
     "mount /dev/sda4 /mnt/ && btrfs filesystem resize max /mnt && umount /mnt",
     "mke2fs -L ignition /dev/sda5",
     "mount /dev/sda5 /mnt",

main.tf

@@ -164,6 +164,16 @@ resource "local_file" "hetzner_csi_config" {
   directory_permission = "0755"
 }
 
+resource "local_file" "kured_config" {
+  content = templatefile("${path.module}/templates/kured.yaml.tpl", {
+    version    = data.github_release.kured.release_tag
+    patch_name = var.kured_container_latest ? "patch_latest" : "patch"
+  })
+  filename             = "${path.module}/kured/kustomization.yaml"
+  file_permission      = "0644"
+  directory_permission = "0755"
+}
+
 resource "local_file" "traefik_config" {
   content = templatefile("${path.module}/templates/traefik_config.yaml.tpl", {
     lb_disable_ipv6    = var.lb_disable_ipv6

master.tf

@@ -43,7 +43,7 @@ resource "hcloud_server" "first_control_plane" {
 
   # Wait for MicroOS to reboot and be ready
   provisioner "local-exec" {
-    command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 30"
+    command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 60"
   }
 
   # Generating k3s master config file
@@ -87,7 +87,7 @@ resource "hcloud_server" "first_control_plane" {
       sleep 30
       scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${local.ssh_identity_file} root@${self.ipv4_address}:/etc/rancher/k3s/k3s.yaml ${path.module}/kubeconfig.yaml
       sed -i -e 's/127.0.0.1/${self.ipv4_address}/g' ${path.module}/kubeconfig.yaml
-      sleep 30
+      sleep 10 && until kubectl get node ${self.name}; do sleep 5; done
     EOT
   }
 
@@ -102,6 +102,14 @@ resource "hcloud_server" "first_control_plane" {
     EOT
   }
 
+  # Install Kured
+  provisioner "local-exec" {
+    command = <<-EOT
+      set -ex
+      kubectl -n kube-system apply -k ${dirname(local_file.kured_config.filename)} --kubeconfig ${path.module}/kubeconfig.yaml
+    EOT
+  }
+
   # Configure the Traefik ingress controller
   provisioner "local-exec" {
     command = "kubectl apply -f ${local_file.traefik_config.filename} --kubeconfig ${path.module}/kubeconfig.yaml"

servers.tf

@@ -44,7 +44,7 @@ resource "hcloud_server" "control_planes" {
 
   # Wait for MicroOS to reboot and be ready
   provisioner "local-exec" {
-    command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 30"
+    command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 60"
   }
 
   # Generating k3s server config file

templates/kured.yaml.tpl

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- "https://github.com/weaveworks/kured/releases/download/${version}/kured-${version}-dockerhub.yaml"
+
+patchesStrategicMerge:
+- ${patch_name}.yaml

terraform.tfvars.example

@@ -26,6 +26,9 @@ agents_num                = 2
 # hetzner_ccm_containers_latest = true
 # hetzner_csi_containers_latest = true
 
+# If you want to kustomize the kured container with the latest image tag and imagePullPolicy Always, set this to true, by default it's false
+# kured_container_latest = true
+
 # If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
 # traefik_acme_tls = true
 # traefik_acme_email = "mail@example.com"

variables.tf

@@ -70,13 +70,19 @@ variable "hetzner_csi_version" {
 variable "hetzner_ccm_containers_latest" {
   type        = bool
   default     = false
-  description = "Whether to kustomize the Hetzner CCM manifest with the latest or canary tags for containers"
+  description = "Whether to kustomize the Hetzner CCM manifest with the latest or canary tags for containers and imagePullPolicy of Always"
 }
 
 variable "hetzner_csi_containers_latest" {
   type        = bool
   default     = false
-  description = "Whether to kustomize the Hetzner CSI manifest with the latest or canary tags for containers"
+  description = "Whether to kustomize the Hetzner CSI manifest with the latest or canary tags for containers and imagePullPolicy of Always"
+}
+
+variable "kured_container_latest" {
+  type        = bool
+  default     = false
+  description = "Whether to kustomize the Kured container with the latest tag and imagePullPolicy of Always"
 }
 
 variable "traefik_acme_tls" {