9dc4952665
* To do so, we need to ensure that the generated kubeconfig is part of terraforms dependency graph. This has the additional benefit of not depending on local files anymore which should enable multi-user setups. * This also means that we can't deploy CCM, CSI & Traefik from our local host, because we don't have kubeconfig.yaml locally while provisioning the control plane, only afterwards. * So we just run kubectl apply on the control plane itself, after k3s is ready. * To do so, we need to deploy all manifests. I've merged the patches into a single kustomization.yaml file, because that makes the deployment of those files to the control-plane server easier. * we could also put the traefik config into the same kustomization file, which would save us one of the file provisioner blocks. I didn't want this PR to get any bigger, and will consider merging this config later on. kustomization.yaml is small enough that we could yamlencode() for it and store the patches in separate files again, not as inline-strings which is kind of ugly.
54 lines
2.7 KiB
HCL
54 lines
2.7 KiB
HCL
locals {
|
|
first_control_plane_network_ip = cidrhost(hcloud_network_subnet.k3s.ip_range, 2)
|
|
hcloud_image_name = "ubuntu-20.04"
|
|
ssh_public_key = trimspace(file(var.public_key))
|
|
# ssh_private_key is either the contents of var.private_key or null to use a ssh agent.
|
|
ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key))
|
|
# ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use.
|
|
# For terraforms provisioner.connection.agent_identity, we need the public key as a string.
|
|
ssh_identity = var.private_key == null ? local.ssh_public_key : null
|
|
# ssh_identity_file is used for ssh "-i" flag, its the private key if that is set, or a public key file
|
|
# if an ssh agent is used.
|
|
ssh_identity_file = var.private_key == null ? var.public_key : var.private_key
|
|
|
|
# shared flags for ssh to ignore host keys, to use root and our ssh identity file for all connections during provisioning.
|
|
ssh_args = "-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${local.ssh_identity_file}"
|
|
|
|
MicroOS_install_commands = [
|
|
"set -ex",
|
|
"apt-get install -y aria2",
|
|
"aria2c --follow-metalink=mem https://raw.githubusercontent.com/kube-hetzner/kube-hetzner/master/.files/openSUSE-MicroOS.x86_64-k3s-kvm-and-xen.qcow2.meta4",
|
|
"qemu-img convert -p -f qcow2 -O host_device $(ls -a | grep -ie '^opensuse.*microos.*k3s.*qcow2$') /dev/sda",
|
|
"sgdisk -e /dev/sda",
|
|
"parted -s /dev/sda resizepart 4 99%",
|
|
"parted -s /dev/sda mkpart primary ext2 99% 100%",
|
|
"partprobe /dev/sda && udevadm settle && fdisk -l /dev/sda",
|
|
"mount /dev/sda4 /mnt/ && btrfs filesystem resize max /mnt && umount /mnt",
|
|
"mke2fs -L ignition /dev/sda5",
|
|
"mount /dev/sda5 /mnt",
|
|
"mkdir /mnt/ignition",
|
|
"cp /root/config.ign /mnt/ignition/config.ign",
|
|
"umount /mnt"
|
|
]
|
|
|
|
post_install_kustomization = templatefile(
|
|
"${path.module}/templates/kustomization.yaml.tpl",
|
|
{
|
|
ccm_version = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag
|
|
ccm_latest = var.hetzner_ccm_containers_latest
|
|
csi_version = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag
|
|
csi_latest = var.hetzner_csi_containers_latest
|
|
kured_version = data.github_release.kured.release_tag
|
|
})
|
|
|
|
traefik_config = templatefile(
|
|
"${path.module}/templates/traefik_config.yaml.tpl",
|
|
{
|
|
lb_disable_ipv6 = var.lb_disable_ipv6
|
|
lb_server_type = var.lb_server_type
|
|
location = var.location
|
|
traefik_acme_tls = var.traefik_acme_tls
|
|
traefik_acme_email = var.traefik_acme_email
|
|
})
|
|
}
|