Fixes for Hetzner terraform and Hetzner Cloud (#8702)
* - add ability to specify the network_zone in hetzner terraform - Export the network id from hetzner terraform the the generated inventory.ini * - Add with_networks variable to allow different deployments of hcloud controller manager - Add network id to hcloud controller secret (added via the inventory) - Don't include extra_args if it's not set
This commit is contained in:
parent
c2fb1a0747
commit
9dced7133c
13 changed files with 36 additions and 12 deletions
|
@ -97,6 +97,7 @@ terraform destroy --var-file default.tfvars ../../contrib/terraform/hetzner
|
||||||
* `prefix`: Prefix to add to all resources, if set to "" don't set any prefix
|
* `prefix`: Prefix to add to all resources, if set to "" don't set any prefix
|
||||||
* `ssh_public_keys`: List of public SSH keys to install on all machines
|
* `ssh_public_keys`: List of public SSH keys to install on all machines
|
||||||
* `zone`: The zone where to run the cluster
|
* `zone`: The zone where to run the cluster
|
||||||
|
* `network_zone`: the network zone where the cluster is running
|
||||||
* `machines`: Machines to provision. Key of this object will be used as the name of the machine
|
* `machines`: Machines to provision. Key of this object will be used as the name of the machine
|
||||||
* `node_type`: The role of this node *(master|worker)*
|
* `node_type`: The role of this node *(master|worker)*
|
||||||
* `size`: Size of the VM
|
* `size`: Size of the VM
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
prefix = "default"
|
prefix = "default"
|
||||||
zone = "hel1"
|
zone = "hel1"
|
||||||
|
network_zone = "eu-central"
|
||||||
inventory_file = "inventory.ini"
|
inventory_file = "inventory.ini"
|
||||||
|
|
||||||
ssh_public_keys = [
|
ssh_public_keys = [
|
||||||
|
|
|
@ -10,6 +10,7 @@ module "kubernetes" {
|
||||||
machines = var.machines
|
machines = var.machines
|
||||||
|
|
||||||
ssh_public_keys = var.ssh_public_keys
|
ssh_public_keys = var.ssh_public_keys
|
||||||
|
network_zone = var.network_zone
|
||||||
|
|
||||||
ssh_whitelist = var.ssh_whitelist
|
ssh_whitelist = var.ssh_whitelist
|
||||||
api_server_whitelist = var.api_server_whitelist
|
api_server_whitelist = var.api_server_whitelist
|
||||||
|
@ -34,9 +35,9 @@ data "template_file" "inventory" {
|
||||||
keys(module.kubernetes.worker_ip_addresses),
|
keys(module.kubernetes.worker_ip_addresses),
|
||||||
values(module.kubernetes.worker_ip_addresses).*.public_ip,
|
values(module.kubernetes.worker_ip_addresses).*.public_ip,
|
||||||
values(module.kubernetes.worker_ip_addresses).*.private_ip))
|
values(module.kubernetes.worker_ip_addresses).*.private_ip))
|
||||||
|
|
||||||
list_master = join("\n", keys(module.kubernetes.master_ip_addresses))
|
list_master = join("\n", keys(module.kubernetes.master_ip_addresses))
|
||||||
list_worker = join("\n", keys(module.kubernetes.worker_ip_addresses))
|
list_worker = join("\n", keys(module.kubernetes.worker_ip_addresses))
|
||||||
|
network_id = module.kubernetes.network_id
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@ resource "hcloud_network" "kubernetes" {
|
||||||
resource "hcloud_network_subnet" "kubernetes" {
|
resource "hcloud_network_subnet" "kubernetes" {
|
||||||
type = "cloud"
|
type = "cloud"
|
||||||
network_id = hcloud_network.kubernetes.id
|
network_id = hcloud_network.kubernetes.id
|
||||||
network_zone = "eu-central"
|
network_zone = var.network_zone
|
||||||
ip_range = var.private_subnet_cidr
|
ip_range = var.private_subnet_cidr
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -21,3 +21,7 @@ output "worker_ip_addresses" {
|
||||||
output "cluster_private_network_cidr" {
|
output "cluster_private_network_cidr" {
|
||||||
value = var.private_subnet_cidr
|
value = var.private_subnet_cidr
|
||||||
}
|
}
|
||||||
|
|
||||||
|
output "network_id" {
|
||||||
|
value = hcloud_network.kubernetes.id
|
||||||
|
}
|
|
@ -39,3 +39,6 @@ variable "private_network_cidr" {
|
||||||
variable "private_subnet_cidr" {
|
variable "private_subnet_cidr" {
|
||||||
default = "10.0.10.0/24"
|
default = "10.0.10.0/24"
|
||||||
}
|
}
|
||||||
|
variable "network_zone" {
|
||||||
|
default = "eu-central"
|
||||||
|
}
|
||||||
|
|
|
@ -14,3 +14,6 @@ ${list_worker}
|
||||||
[k8s-cluster:children]
|
[k8s-cluster:children]
|
||||||
kube-master
|
kube-master
|
||||||
kube-node
|
kube-node
|
||||||
|
|
||||||
|
[k8s-cluster:vars]
|
||||||
|
network_id=${network_id}
|
||||||
|
|
|
@ -1,6 +1,10 @@
|
||||||
variable "zone" {
|
variable "zone" {
|
||||||
description = "The zone where to run the cluster"
|
description = "The zone where to run the cluster"
|
||||||
}
|
}
|
||||||
|
variable "network_zone" {
|
||||||
|
description = "The network zone where the cluster is running"
|
||||||
|
default = "eu-central"
|
||||||
|
}
|
||||||
|
|
||||||
variable "prefix" {
|
variable "prefix" {
|
||||||
description = "Prefix for resource names"
|
description = "Prefix for resource names"
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
# external_hcloud_cloud:
|
# external_hcloud_cloud:
|
||||||
# hcloud_api_token: ""
|
# hcloud_api_token: ""
|
||||||
# token_secret_name: hcloud
|
# token_secret_name: hcloud
|
||||||
#
|
# with_networks: false # Use the hcloud controller-manager with networks support https://github.com/hetznercloud/hcloud-cloud-controller-manager#networks-support
|
||||||
# service_account_name: cloud-controller-manager
|
# service_account_name: cloud-controller-manager
|
||||||
#
|
#
|
||||||
# controller_image_tag: "latest"
|
# controller_image_tag: "latest"
|
||||||
|
|
|
@ -9,8 +9,8 @@
|
||||||
- {name: external-hcloud-cloud-secret, file: external-hcloud-cloud-secret.yml}
|
- {name: external-hcloud-cloud-secret, file: external-hcloud-cloud-secret.yml}
|
||||||
- {name: external-hcloud-cloud-service-account, file: external-hcloud-cloud-service-account.yml}
|
- {name: external-hcloud-cloud-service-account, file: external-hcloud-cloud-service-account.yml}
|
||||||
- {name: external-hcloud-cloud-role-bindings, file: external-hcloud-cloud-role-bindings.yml}
|
- {name: external-hcloud-cloud-role-bindings, file: external-hcloud-cloud-role-bindings.yml}
|
||||||
- {name: external-hcloud-cloud-controller-manager-ds, file: external-hcloud-cloud-controller-manager-ds.yml}
|
- {name: "{{ 'external-hcloud-cloud-controller-manager-ds-with-networks' if external_hcloud_cloud.with_networks else 'external-hcloud-cloud-controller-manager-ds' }}", file: "{{ 'external-hcloud-cloud-controller-manager-ds-with-networks.yml' if external_hcloud_cloud.with_networks else 'external-hcloud-cloud-controller-manager-ds.yml' }}"}
|
||||||
- {name: external-hcloud-cloud-controller-manager-ds-with-networks, file: external-hcloud-cloud-controller-manager-ds-with-networks.yml}
|
|
||||||
register: external_hcloud_manifests
|
register: external_hcloud_manifests
|
||||||
when: inventory_hostname == groups['kube_control_plane'][0]
|
when: inventory_hostname == groups['kube_control_plane'][0]
|
||||||
tags: external-hcloud
|
tags: external-hcloud
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: DeamonSet
|
kind: DaemonSet
|
||||||
metadata:
|
metadata:
|
||||||
name: hcloud-cloud-controller-manager
|
name: hcloud-cloud-controller-manager
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
|
@ -44,10 +44,13 @@ spec:
|
||||||
- "--allow-untagged-cloud"
|
- "--allow-untagged-cloud"
|
||||||
- "--allocate-node-cidrs=true"
|
- "--allocate-node-cidrs=true"
|
||||||
- "--cluster-cidr=10.244.0.0/16"
|
- "--cluster-cidr=10.244.0.0/16"
|
||||||
|
{% if external_hcloud_cloud.controller_extra_args is defined %}
|
||||||
|
|
||||||
args:
|
args:
|
||||||
{% for key, value in external_hcloud_cloud.controller_extra_args.items() %}
|
{% for key, value in external_hcloud_cloud.controller_extra_args.items() %}
|
||||||
- "{{ '--' + key + '=' + value }}"
|
- "{{ '--' + key + '=' + value }}"
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 100m
|
cpu: 100m
|
||||||
|
@ -60,10 +63,10 @@ spec:
|
||||||
- name: HCLOUD_TOKEN
|
- name: HCLOUD_TOKEN
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: hcloud
|
name: {{ external_hcloud_cloud.token_secret_name }}
|
||||||
key: token
|
key: token
|
||||||
- name: HCLOUD_NETWORK
|
- name: HCLOUD_NETWORK
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ external_hcloud_cloud.token_secret_name }}
|
name: {{ external_hcloud_cloud.token_secret_name }}
|
||||||
key: {{ external_hcloud_cloud.token_secret_key }}
|
key: network
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
kind: DeamonSet
|
kind: DaemonSet
|
||||||
metadata:
|
metadata:
|
||||||
name: hcloud-cloud-controller-manager
|
name: hcloud-cloud-controller-manager
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
|
@ -41,10 +41,12 @@ spec:
|
||||||
- "--cloud-provider=hcloud"
|
- "--cloud-provider=hcloud"
|
||||||
- "--leader-elect=false"
|
- "--leader-elect=false"
|
||||||
- "--allow-untagged-cloud"
|
- "--allow-untagged-cloud"
|
||||||
|
{% if external_hcloud_cloud.controller_extra_args is defined %}
|
||||||
args:
|
args:
|
||||||
{% for key, value in external_hcloud_cloud.controller_extra_args.items() %}
|
{% for key, value in external_hcloud_cloud.controller_extra_args.items() %}
|
||||||
- "{{ '--' + key + '=' + value }}"
|
- "{{ '--' + key + '=' + value }}"
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: 100m
|
cpu: 100m
|
||||||
|
@ -58,4 +60,4 @@ spec:
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: {{ external_hcloud_cloud.token_secret_name }}
|
name: {{ external_hcloud_cloud.token_secret_name }}
|
||||||
key: {{ external_hcloud_cloud.token_secret_key }}
|
key: token
|
|
@ -5,4 +5,7 @@ metadata:
|
||||||
name: "{{ external_hcloud_cloud.token_secret_name }}"
|
name: "{{ external_hcloud_cloud.token_secret_name }}"
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
data:
|
data:
|
||||||
token: "{{ external_hcloud_cloud.hcloud_api_token | base64 }}"
|
token: "{{ external_hcloud_cloud.hcloud_api_token | b64encode }}"
|
||||||
|
{% if external_hcloud_cloud.with_networks %}
|
||||||
|
network: "{{ network_id|b64encode }}"
|
||||||
|
{% endif %}
|
||||||
|
|
Loading…
Reference in a new issue