Commit Graph

49 Commits

Author SHA1 Message Date
Karim Naufal
e6b12a172c fix for error messages 2022-02-12 01:45:25 +01:00
phaer
740b20966f remove duplicate systemctl start k3s-server 2022-02-12 01:09:34 +01:00
phaer
8ba33a12c8 fix post-install kustomization, keep file...
this risks exposing secrets from the deployed manifests,
but those are currently deployed beforehand so we should
be good as long as kustomization.yaml does not contain
any.
2022-02-12 00:52:13 +01:00
phaer
ca64e97563 split provisioning for better logging 2022-02-12 00:32:11 +01:00
phaer
1daa14defc fix waiting for the cluster once again 2022-02-11 23:57:18 +01:00
phaer
347ba42866 replace kustomization.yaml.tpl with yamlencode
benefit is replacing inline strings in yaml with proper files
locally while still just deploying a single file to the remote
host.
2022-02-11 23:49:54 +01:00
phaer
ddcc473ea8 (hopefully) simplify wait for cluster ready 2022-02-11 23:49:16 +01:00
phaer
48a0d0e33f fix /tmp/post_install...
...without an explicit mkdir before, it just writes the latest
file to /tmp/post_install (which is a file, not a directory)
2022-02-11 23:28:32 +01:00
phaer
d56031951e undo readyz formatting...
...running into weird issues and keep getting 403, while it worked
with the old formatting. maybe bash escaping?
2022-02-11 23:10:43 +01:00
phaer
92937f0081 cleanup first control plane provisioning...
* move yaml to subdirectory of /tmp
* reformat loop waiting for /readyz endpoint
* add logging message
* split provisioner because sensitive var.hcloud_token prohibits
  log output
2022-02-11 22:47:57 +01:00
phaer
c46e912d3e use resource-level connection blocks...
this is now possible, since all our provisioners are using
the same settings. And it saves a bunch of lines
2022-02-11 16:00:19 +01:00
phaer
9dc4952665 Expose kubeconfig in outputs...
* To do so, we need to ensure that the generated kubeconfig is part of
  terraforms dependency graph. This has the additional benefit of not
  depending on local files anymore which should enable multi-user
  setups.

* This also means that we can't deploy CCM, CSI & Traefik from our local
  host, because we don't have kubeconfig.yaml locally while provisioning
  the control plane, only afterwards.

* So we just run kubectl apply on the control plane itself, after k3s is
  ready.

* To do so, we need to deploy all manifests. I've merged the patches
  into a single kustomization.yaml file, because that makes the
  deployment of those files to the control-plane server easier.

* we could also put the traefik config into the same kustomization file,
  which would save us one of the file provisioner blocks. I didn't want
  this PR to get any bigger, and will consider merging this config later
  on. kustomization.yaml is small enough that we could yamlencode() for
  it and store the patches in separate files again, not as
  inline-strings which is kind of ugly.
2022-02-11 12:45:03 +01:00
Karim Naufal
7a846f3a61 pre master 2022-02-10 03:31:20 +01:00
Karim Naufal
cd6b5e2768 pre master 2022-02-10 03:01:40 +01:00
Marco Nenciarini
573155e5b7
Fix the kured reboot command 2022-02-09 11:53:11 +01:00
Karim Naufal
b123845937 changed kured config 2022-02-09 10:17:33 +01:00
Paul Haerle
4f6812a59a
Use yaml list for disabled k3s features
Co-authored-by: Marco Nenciarini <mnencia@kcore.it>
2022-02-08 14:14:23 +01:00
phaer
af78d8fc86 terraform fmt 2022-02-08 09:12:16 +01:00
phaer
d6fe4152c9 re-add node-taints after rebase 2022-02-08 09:05:36 +01:00
phaer
960311ebd4 use yamlencode for k3s configs...
...and remove the now, hopefully unneeded workaround for
agent.conf, all values are in config.yaml now
2022-02-08 09:00:12 +01:00
Marco Nenciarini
d939600561
Avoid connection timeout errors while waiting for reboot 2022-02-07 22:58:34 +01:00
Karim Naufal
95c6b8be93 removed the ssh connection timeout messages while waiting, and also reduced the connection refused messages 2022-02-07 22:07:05 +01:00
Marco Nenciarini
7e6eb731dd
Add setting to allow_scheduling_on_control_plane 2022-02-07 16:11:41 +01:00
Karim Naufal
9803e9a920
Merge pull request #44 from phaer/fix-ssh-identity
fix ssh identity in staging
2022-02-07 15:45:42 +01:00
phaer
bc18586132 fix kubectl get nodes missing --kubeconfig
the current implementation works co-incidentally for most
setups, when terraform apply is run from the repos root,
but not when kube-hetzner is used as a terraform module
2022-02-07 13:58:21 +01:00
phaer
1a50ace0d3 remove root from ssh_args...
because scp does not take the username via -l, so we just re-add
it to the commands themselves.
2022-02-07 13:19:06 +01:00
phaer
a5914f81e6 fix ssh identity...
Newly added ssh commands were missing the flag -i to pass an
identity file. This means that those commands use different
settings then the provisioners and their connection blocks
around them.

While adding this parameter, I decided it would be cleanest
to add local.ssh_args.
2022-02-07 13:08:47 +01:00
Marco Nenciarini
cf68368eea
Reduce reboot time 2022-02-07 09:55:02 +01:00
Karim Naufal
fba212de47 added kured and fixed initial ignition disk partitioning 2022-02-07 08:46:10 +01:00
Karim Naufal
7532e7a4d5 initial k3s on MicroOS on Hetzner ok 2022-02-06 08:40:51 +01:00
Marco Nenciarini
63eb166eb9
Configure eth1 and set hostname 2022-02-05 19:34:36 +01:00
Karim Naufal
623954e5ef microOS eth1 still down 2022-02-05 01:22:35 +01:00
Karim Naufal
3f0f0ca705 microOS prep 2022-02-05 00:02:25 +01:00
Waël Ammar
8aa3cf780f Add Hetzner placement group and link servers to it 2022-01-29 21:15:23 +01:00
phaer
07ab83a09f use locals to deduplicate ssh key expressions 2022-01-25 14:29:10 +01:00
phaer
9bb945a302 run terraform fmt 2022-01-25 14:28:48 +01:00
Karim Naufal
1ed7932dc9
Revert "make private key optional to support hardware tokens for SSH" 2022-01-25 13:17:40 +01:00
phaer
1236bbe6f3 make private key optional
Setting private_key to null uses the local ssh-agent as a fallback for
authentication. Using the public_key instead of the private_key for
ssh -i lets the agent select the right identity if loaded. tested
with a yubikey
2022-01-23 14:14:53 +01:00
Dennis Hoppe
05332e7ae3
Make version of CCM / CSI configurable 2022-01-13 14:28:00 +01:00
Karim Naufal
0415a43e9e attempt to fix waitForAction 2022-01-12 15:26:52 +01:00
Karim Naufal
76a1e00805 added traefik 2022-01-05 15:04:22 +01:00
Karim Naufal
8de7171cf5 Switched to k3os and removed cilium 2021-12-05 10:50:51 +01:00
Karim Naufal
8113016f86 k3os ok 2021-12-03 02:11:52 +01:00
Karim Naufal
61f8093951 k3os master ok 2021-11-30 23:09:34 +01:00
Karim Naufal
f308220bfe before move to k3os 2021-11-10 06:28:52 +01:00
Karim Naufal
f31fac8814 added nginx ingress 2021-10-05 07:35:42 +02:00
Karim Naufal
d25acf5439 Fixed a potential bug coming from hardcoded interface names, now it should detect it automatically 2021-09-25 15:12:37 +02:00
Karim Naufal
ca2bf4dc82 Added Hetzner firewall and fixed addresses 2021-09-01 00:37:11 +02:00
Karim Naufal
f615c994af initial commit 2021-07-30 10:12:37 +02:00