From 1736f02460d0b5105ca763dd0a02810f10635163 Mon Sep 17 00:00:00 2001 From: Florian Nowarre Date: Sun, 18 Sep 2022 20:40:32 +0200 Subject: [PATCH] enable flatcar for hetzner --- contrib/terraform/hetzner/main.tf | 2 +- .../kubernetes-cluster-flatcar/main.tf | 202 ++++++++++++++++++ .../kubernetes-cluster-flatcar/outputs.tf | 27 +++ .../templates/machine.yaml.tmpl | 16 ++ .../kubernetes-cluster-flatcar/variables.tf | 51 +++++ .../kubernetes-cluster-flatcar/versions.tf | 13 ++ 6 files changed, 310 insertions(+), 1 deletion(-) create mode 100644 contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/main.tf create mode 100644 contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/outputs.tf create mode 100644 contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/templates/machine.yaml.tmpl create mode 100644 contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/variables.tf create mode 100644 contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/versions.tf diff --git a/contrib/terraform/hetzner/main.tf b/contrib/terraform/hetzner/main.tf index 805c7bfb8..32b3cc146 100644 --- a/contrib/terraform/hetzner/main.tf +++ b/contrib/terraform/hetzner/main.tf @@ -1,7 +1,7 @@ provider "hcloud" {} module "kubernetes" { - source = "./modules/kubernetes-cluster" + source = "./modules/kubernetes-cluster-flatcar" prefix = var.prefix diff --git a/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/main.tf b/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/main.tf new file mode 100644 index 000000000..64787374e --- /dev/null +++ b/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/main.tf @@ -0,0 +1,202 @@ +resource "hcloud_network" "kubernetes" { + name = "${var.prefix}-network" + ip_range = var.private_network_cidr +} + +resource "hcloud_network_subnet" "kubernetes" { + type = "cloud" + network_id = hcloud_network.kubernetes.id + network_zone = var.network_zone + ip_range = var.private_subnet_cidr +} + +resource "hcloud_ssh_key" "first" { + name = var.prefix + public_key = var.ssh_public_keys.0 +} + +resource "hcloud_server" "master" { + for_each = { + for name, machine in var.machines : + name => machine + if machine.node_type == "master" + } + name = "${var.prefix}-${each.key}" + ssh_keys = [hcloud_ssh_key.first.id] + # boot into rescue OS + rescue = "linux64" + # dummy value for the OS because Flatcar is not available + image = each.value.image + server_type = each.value.size + location = var.zone + connection { + host = self.ipv4_address + timeout = "5m" + private_key = file(var.ssh_private_key_path) + } + firewall_ids = [hcloud_firewall.machine.id] + provisioner "file" { + content = data.ct_config.machine-ignitions[each.key].rendered + destination = "/root/ignition.json" + } + + provisioner "remote-exec" { + inline = [ + "set -ex", + "apt update", + "apt install -y gawk", + "curl -fsSLO --retry-delay 1 --retry 60 --retry-connrefused --retry-max-time 60 --connect-timeout 20 https://raw.githubusercontent.com/kinvolk/init/flatcar-master/bin/flatcar-install", + "chmod +x flatcar-install", + "./flatcar-install -s -i /root/ignition.json", + "shutdown -r +1", + ] + } + + # optional: + provisioner "remote-exec" { + connection { + host = self.ipv4_address + timeout = "3m" + user = "core" + } + + inline = [ + "sudo hostnamectl set-hostname ${self.name}", + ] + } +} + +resource "hcloud_server_network" "master" { + for_each = hcloud_server.master + server_id = each.value.id + subnet_id = hcloud_network_subnet.kubernetes.id +} + +resource "hcloud_server" "worker" { + for_each = { + for name, machine in var.machines : + name => machine + if machine.node_type == "worker" + } + name = "${var.prefix}-${each.key}" + ssh_keys = [hcloud_ssh_key.first.id] + # boot into rescue OS + rescue = "linux64" + # dummy value for the OS because Flatcar is not available + image = each.value.image + server_type = each.value.size + location = var.zone + connection { + host = self.ipv4_address + timeout = "5m" + private_key = file(var.ssh_private_key_path) + } + firewall_ids = [hcloud_firewall.machine.id] + provisioner "file" { + content = data.ct_config.machine-ignitions[each.key].rendered + destination = "/root/ignition.json" + } + + provisioner "remote-exec" { + inline = [ + "set -ex", + "apt update", + "apt install -y gawk", + "curl -fsSLO --retry-delay 1 --retry 60 --retry-connrefused --retry-max-time 60 --connect-timeout 20 https://raw.githubusercontent.com/kinvolk/init/flatcar-master/bin/flatcar-install", + "chmod +x flatcar-install", + "./flatcar-install -s -i /root/ignition.json", + "shutdown -r +1", + ] + } + + # optional: + provisioner "remote-exec" { + connection { + host = self.ipv4_address + timeout = "3m" + user = "core" + } + + inline = [ + "sudo hostnamectl set-hostname ${self.name}", + ] + } +} + +resource "hcloud_server_network" "worker" { + for_each = hcloud_server.worker + server_id = each.value.id + subnet_id = hcloud_network_subnet.kubernetes.id +} + +data "ct_config" "machine-ignitions" { + for_each = { + for name, machine in var.machines : + name => machine + } + content = data.template_file.machine-configs[each.key].rendered +} + +data "template_file" "machine-configs" { + for_each = { + for name, machine in var.machines : + name => machine + } + #template = file("${path.module}/machine-${each.key}.yaml.tmpl") + template = file("${path.module}/machine.yaml.tmpl") + + vars = { + ssh_keys = jsonencode(var.ssh_public_keys) + name = each.key + } +} + +resource "hcloud_firewall" "machine" { + name = "${var.prefix}-machine-firewall" + + rule { + direction = "in" + protocol = "tcp" + port = "22" + source_ips = var.ssh_whitelist + } + + rule { + direction = "in" + protocol = "tcp" + port = "6443" + source_ips = var.api_server_whitelist + } +} + +resource "hcloud_firewall" "worker" { + name = "${var.prefix}-worker-firewall" + + rule { + direction = "in" + protocol = "tcp" + port = "22" + source_ips = var.ssh_whitelist + } + + rule { + direction = "in" + protocol = "tcp" + port = "80" + source_ips = var.ingress_whitelist + } + + rule { + direction = "in" + protocol = "tcp" + port = "443" + source_ips = var.ingress_whitelist + } + + rule { + direction = "in" + protocol = "tcp" + port = "30000-32767" + source_ips = var.nodeport_whitelist + } +} diff --git a/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/outputs.tf b/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/outputs.tf new file mode 100644 index 000000000..c6bb276da --- /dev/null +++ b/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/outputs.tf @@ -0,0 +1,27 @@ +output "master_ip_addresses" { + value = { + for key, instance in hcloud_server.master : + instance.name => { + "private_ip" = hcloud_server_network.master[key].ip + "public_ip" = hcloud_server.master[key].ipv4_address + } + } +} + +output "worker_ip_addresses" { + value = { + for key, instance in hcloud_server.worker : + instance.name => { + "private_ip" = hcloud_server_network.worker[key].ip + "public_ip" = hcloud_server.worker[key].ipv4_address + } + } +} + +output "cluster_private_network_cidr" { + value = var.private_subnet_cidr +} + +output "network_id" { + value = hcloud_network.kubernetes.id +} \ No newline at end of file diff --git a/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/templates/machine.yaml.tmpl b/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/templates/machine.yaml.tmpl new file mode 100644 index 000000000..9ddc77564 --- /dev/null +++ b/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/templates/machine.yaml.tmpl @@ -0,0 +1,16 @@ +--- +passwd: + users: + - name: core + ssh_authorized_keys: ${ssh_keys} +storage: + files: + - path: /home/core/works + filesystem: root + mode: 0755 + contents: + inline: | + #!/bin/bash + set -euo pipefail + hostname="$(hostname)" + echo My name is ${name} and the hostname is $${hostname} \ No newline at end of file diff --git a/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/variables.tf b/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/variables.tf new file mode 100644 index 000000000..fcd696f86 --- /dev/null +++ b/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/variables.tf @@ -0,0 +1,51 @@ + +variable "ssh_private_key_path" {} +variable "hcloud_token" {} +########################### +variable "zone" { + type = string + default = "fsn1" +} + +variable "prefix" { + default = "k8s" +} + +variable "machines" { + type = map(object({ + node_type = string + size = string + image = string + })) +} + +variable "ssh_public_keys" { + type = list(string) +} + +variable "ssh_whitelist" { + type = list(string) +} + +variable "api_server_whitelist" { + type = list(string) +} + +variable "nodeport_whitelist" { + type = list(string) +} + +variable "ingress_whitelist" { + type = list(string) +} + +variable "private_network_cidr" { + default = "10.0.0.0/16" +} + +variable "private_subnet_cidr" { + default = "10.0.10.0/24" +} +variable "network_zone" { + default = "eu-central" +} diff --git a/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/versions.tf b/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/versions.tf new file mode 100644 index 000000000..4291f8a61 --- /dev/null +++ b/contrib/terraform/hetzner/modules/kubernetes-cluster-flatcar/versions.tf @@ -0,0 +1,13 @@ +terraform { + required_providers { + hcloud = { + source = "hetznercloud/hcloud" + } + ct = { + source = "poseidon/ct" + } + null = { + source = "hashicorp/null" + } + } +} \ No newline at end of file