added kured and fixed initial ignition disk partitioning

This commit is contained in:
Karim Naufal 2022-02-07 08:46:10 +01:00
parent 7532e7a4d5
commit fba212de47
13 changed files with 108 additions and 12 deletions

View File

@ -14,7 +14,7 @@
<h2 align="center">Kube-Hetzner</h2> <h2 align="center">Kube-Hetzner</h2>
<p align="center"> <p align="center">
A highly optimized and auto-upgradable, HA-able & Load-Balanced, Kubernetes cluster powered by k3s-on-k3os deployed for peanuts on <a href="https://hetzner.com" target="_blank">Hetzner Cloud</a> 🤑 🚀 A highly optimized and auto-upgradable, HA-able & Load-Balanced, Kubernetes cluster powered by k3s-on-MicroOS and deployed for peanuts on <a href="https://hetzner.com" target="_blank">Hetzner Cloud</a> 🤑 🚀
</p> </p>
<hr /> <hr />
<br /> <br />
@ -22,18 +22,21 @@
## About The Project ## About The Project
[Hetzner Cloud](https://hetzner.com) is a good cloud provider that offers very affordable prices for cloud instances, with data center locations in both Europe and the US. The goal of this project is to create an optimal and highly optimized Kubernetes installation that is easily maintained, secure, and automatically upgrades. We aimed for functionality as close as possible to GKE's auto-pilot. [Hetzner Cloud](https://hetzner.com) is a good cloud provider that offers very affordable prices for cloud instances, with data center locations in both Europe and the US.
The goal of this project is to create an optimal and highly optimized Kubernetes installation that is easily maintained, secure, and automatically upgrades. We aimed for functionality as close as possible to GKE's auto-pilot. In order to achieve this, we built on the shoulders of giants, by choosing [openSUSE MicroOS](https://en.opensuse.org/Portal:MicroOS) as the base operating system, and [k3s](https://k3s.io/) as the Kubernetes engine.
_Please note that we are not affiliated to Hetzner, this is just an open source project striving to be an optimal solution for deploying and maintaining Kubernetes on Hetzner Cloud._ _Please note that we are not affiliated to Hetzner, this is just an open source project striving to be an optimal solution for deploying and maintaining Kubernetes on Hetzner Cloud._
### Features ### Features
- Lightweight and resource-efficient Kubernetes powered by [k3s](https://github.com/k3s-io/k3s) on [k3os](https://github.com/rancher/k3os) nodes. - Maintenance free with auto-upgrade to the latest version of MicroOS, k3s, Hetzner CCM and CSI.
- Maintenance free with auto-upgrade to the latest version of k3os, k3s, Hetzner CCM and CSI.
- Proper use of the underlying Hetzner private network to remove the need for encryption and make the cluster both fast and secure. - Proper use of the underlying Hetzner private network to remove the need for encryption and make the cluster both fast and secure.
- Automatic HA with the default setting of two control-plane and agents nodes. - Automatic HA with the default setting of two control-plane and agents nodes.
- Ability to add or remove as many nodes as you want while the cluster stays running. - Ability to add or remove as many nodes as you want while the cluster stays running.
- Automatic Traefik ingress controller attached to a Hetzner load balancer with proxy protocol turned on. - Automatic Traefik ingress controller attached to a Hetzner load balancer with proxy protocol turned on.
- (Optional) Out of the box config of Traefik with SSL certficate auto-generation.
_It uses Terraform to deploy as it's easy to use, and Hetzner provides a great [Hetzner Terraform Provider](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs)._ _It uses Terraform to deploy as it's easy to use, and Hetzner provides a great [Hetzner Terraform Provider](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs)._
@ -109,13 +112,13 @@ hcloud server list
- See the Hetzner network config: - See the Hetzner network config:
```sh ```sh
hcloud network describe k3s-net hcloud network describe k3s
``` ```
- Log into one of your nodes (replace the location of your private key if needed): - Log into one of your nodes (replace the location of your private key if needed):
```sh ```sh
ssh rancher@xxx.xxx.xxx.xxx -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no ssh root@xxx.xxx.xxx.xxx -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no
``` ```
## Automatic upgrade ## Automatic upgrade

View File

@ -45,7 +45,7 @@ resource "hcloud_server" "agents" {
# Wait for MicroOS to reboot and be ready # Wait for MicroOS to reboot and be ready
provisioner "local-exec" { provisioner "local-exec" {
command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 30" command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 60"
} }
# Generating and uploading the angent.conf file # Generating and uploading the angent.conf file

View File

@ -10,6 +10,13 @@ data "github_release" "hetzner_csi" {
retrieve_by = "latest" retrieve_by = "latest"
} }
// github_release for kured
data "github_release" "kured" {
repository = "kured"
owner = "weaveworks"
retrieve_by = "latest"
}
data "hcloud_image" "linux" { data "hcloud_image" "linux" {
name = local.hcloud_image_name name = local.hcloud_image_name
} }

8
kured/kustomization.yaml Normal file
View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- "https://github.com/weaveworks/kured/releases/download/1.9.1/kured-1.9.1-dockerhub.yaml"
patchesStrategicMerge:
- patch_latest.yaml

20
kured/patch.yaml Normal file
View File

@ -0,0 +1,20 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kured
namespace: kube-system
spec:
selector:
matchLabels:
name: kured
template:
metadata:
labels:
name: kured
spec:
serviceAccountName: kured
containers:
- name: kured
command:
- /usr/bin/kured
- --reboot-command="/usr/bin/systemctl reboot"

22
kured/patch_latest.yaml Normal file
View File

@ -0,0 +1,22 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kured
namespace: kube-system
spec:
selector:
matchLabels:
name: kured
template:
metadata:
labels:
name: kured
spec:
serviceAccountName: kured
containers:
- name: kured
image: docker.io/weaveworks/kured:latest
imagePullPolicy: Always
command:
- /usr/bin/kured
- --reboot-command="/usr/bin/systemctl reboot"

View File

@ -20,6 +20,7 @@ locals {
"partprobe /dev/sda", "partprobe /dev/sda",
"parted -s /dev/sda resizepart 4 99%", "parted -s /dev/sda resizepart 4 99%",
"parted -s /dev/sda mkpart primary ext2 99% 100%", "parted -s /dev/sda mkpart primary ext2 99% 100%",
"sleep 5 && fdisk -l /dev/sda",
"mount /dev/sda4 /mnt/ && btrfs filesystem resize max /mnt && umount /mnt", "mount /dev/sda4 /mnt/ && btrfs filesystem resize max /mnt && umount /mnt",
"mke2fs -L ignition /dev/sda5", "mke2fs -L ignition /dev/sda5",
"mount /dev/sda5 /mnt", "mount /dev/sda5 /mnt",

10
main.tf
View File

@ -164,6 +164,16 @@ resource "local_file" "hetzner_csi_config" {
directory_permission = "0755" directory_permission = "0755"
} }
resource "local_file" "kured_config" {
content = templatefile("${path.module}/templates/kured.yaml.tpl", {
version = data.github_release.kured.release_tag
patch_name = var.kured_container_latest ? "patch_latest" : "patch"
})
filename = "${path.module}/kured/kustomization.yaml"
file_permission = "0644"
directory_permission = "0755"
}
resource "local_file" "traefik_config" { resource "local_file" "traefik_config" {
content = templatefile("${path.module}/templates/traefik_config.yaml.tpl", { content = templatefile("${path.module}/templates/traefik_config.yaml.tpl", {
lb_disable_ipv6 = var.lb_disable_ipv6 lb_disable_ipv6 = var.lb_disable_ipv6

View File

@ -43,7 +43,7 @@ resource "hcloud_server" "first_control_plane" {
# Wait for MicroOS to reboot and be ready # Wait for MicroOS to reboot and be ready
provisioner "local-exec" { provisioner "local-exec" {
command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 30" command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 60"
} }
# Generating k3s master config file # Generating k3s master config file
@ -87,7 +87,7 @@ resource "hcloud_server" "first_control_plane" {
sleep 30 sleep 30
scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${local.ssh_identity_file} root@${self.ipv4_address}:/etc/rancher/k3s/k3s.yaml ${path.module}/kubeconfig.yaml scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ${local.ssh_identity_file} root@${self.ipv4_address}:/etc/rancher/k3s/k3s.yaml ${path.module}/kubeconfig.yaml
sed -i -e 's/127.0.0.1/${self.ipv4_address}/g' ${path.module}/kubeconfig.yaml sed -i -e 's/127.0.0.1/${self.ipv4_address}/g' ${path.module}/kubeconfig.yaml
sleep 30 sleep 10 && until kubectl get node ${self.name}; do sleep 5; done
EOT EOT
} }
@ -102,6 +102,14 @@ resource "hcloud_server" "first_control_plane" {
EOT EOT
} }
# Install Kured
provisioner "local-exec" {
command = <<-EOT
set -ex
kubectl -n kube-system apply -k ${dirname(local_file.kured_config.filename)} --kubeconfig ${path.module}/kubeconfig.yaml
EOT
}
# Configure the Traefik ingress controller # Configure the Traefik ingress controller
provisioner "local-exec" { provisioner "local-exec" {
command = "kubectl apply -f ${local_file.traefik_config.filename} --kubeconfig ${path.module}/kubeconfig.yaml" command = "kubectl apply -f ${local_file.traefik_config.filename} --kubeconfig ${path.module}/kubeconfig.yaml"

View File

@ -44,7 +44,7 @@ resource "hcloud_server" "control_planes" {
# Wait for MicroOS to reboot and be ready # Wait for MicroOS to reboot and be ready
provisioner "local-exec" { provisioner "local-exec" {
command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 30" command = "sleep 60 && ping ${self.ipv4_address} | grep --line-buffered 'bytes from' | head -1 && sleep 60"
} }
# Generating k3s server config file # Generating k3s server config file

8
templates/kured.yaml.tpl Normal file
View File

@ -0,0 +1,8 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- "https://github.com/weaveworks/kured/releases/download/${version}/kured-${version}-dockerhub.yaml"
patchesStrategicMerge:
- ${patch_name}.yaml

View File

@ -26,6 +26,9 @@ agents_num = 2
# hetzner_ccm_containers_latest = true # hetzner_ccm_containers_latest = true
# hetzner_csi_containers_latest = true # hetzner_csi_containers_latest = true
# If you want to kustomize the kured container with the latest image tag and imagePullPolicy Always, set this to true, by default it's false
# kured_container_latest = true
# If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices # If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices
# traefik_acme_tls = true # traefik_acme_tls = true
# traefik_acme_email = "mail@example.com" # traefik_acme_email = "mail@example.com"

View File

@ -70,13 +70,19 @@ variable "hetzner_csi_version" {
variable "hetzner_ccm_containers_latest" { variable "hetzner_ccm_containers_latest" {
type = bool type = bool
default = false default = false
description = "Whether to kustomize the Hetzner CCM manifest with the latest or canary tags for containers" description = "Whether to kustomize the Hetzner CCM manifest with the latest or canary tags for containers and imagePullPolicy of Always"
} }
variable "hetzner_csi_containers_latest" { variable "hetzner_csi_containers_latest" {
type = bool type = bool
default = false default = false
description = "Whether to kustomize the Hetzner CSI manifest with the latest or canary tags for containers" description = "Whether to kustomize the Hetzner CSI manifest with the latest or canary tags for containers and imagePullPolicy of Always"
}
variable "kured_container_latest" {
type = bool
default = false
description = "Whether to kustomize the Kured container with the latest tag and imagePullPolicy of Always"
} }
variable "traefik_acme_tls" { variable "traefik_acme_tls" {