Fixes for Hetzner terraform and Hetzner Cloud (#8702)

* - add ability to specify the network_zone in hetzner terraform
- Export the network id from hetzner terraform the the generated inventory.ini

* - Add with_networks variable to allow different deployments of hcloud controller manager

- Add network id to hcloud controller secret (added via the inventory)

- Don't include extra_args if it's not set
This commit is contained in:
Anthony Bible 2022-04-11 11:26:06 -06:00 committed by GitHub
parent c2fb1a0747
commit 9dced7133c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 36 additions and 12 deletions

View file

@ -97,6 +97,7 @@ terraform destroy --var-file default.tfvars ../../contrib/terraform/hetzner
* `prefix`: Prefix to add to all resources, if set to "" don't set any prefix * `prefix`: Prefix to add to all resources, if set to "" don't set any prefix
* `ssh_public_keys`: List of public SSH keys to install on all machines * `ssh_public_keys`: List of public SSH keys to install on all machines
* `zone`: The zone where to run the cluster * `zone`: The zone where to run the cluster
* `network_zone`: the network zone where the cluster is running
* `machines`: Machines to provision. Key of this object will be used as the name of the machine * `machines`: Machines to provision. Key of this object will be used as the name of the machine
* `node_type`: The role of this node *(master|worker)* * `node_type`: The role of this node *(master|worker)*
* `size`: Size of the VM * `size`: Size of the VM

View file

@ -1,6 +1,6 @@
prefix = "default" prefix = "default"
zone = "hel1" zone = "hel1"
network_zone = "eu-central"
inventory_file = "inventory.ini" inventory_file = "inventory.ini"
ssh_public_keys = [ ssh_public_keys = [

View file

@ -10,6 +10,7 @@ module "kubernetes" {
machines = var.machines machines = var.machines
ssh_public_keys = var.ssh_public_keys ssh_public_keys = var.ssh_public_keys
network_zone = var.network_zone
ssh_whitelist = var.ssh_whitelist ssh_whitelist = var.ssh_whitelist
api_server_whitelist = var.api_server_whitelist api_server_whitelist = var.api_server_whitelist
@ -34,9 +35,9 @@ data "template_file" "inventory" {
keys(module.kubernetes.worker_ip_addresses), keys(module.kubernetes.worker_ip_addresses),
values(module.kubernetes.worker_ip_addresses).*.public_ip, values(module.kubernetes.worker_ip_addresses).*.public_ip,
values(module.kubernetes.worker_ip_addresses).*.private_ip)) values(module.kubernetes.worker_ip_addresses).*.private_ip))
list_master = join("\n", keys(module.kubernetes.master_ip_addresses)) list_master = join("\n", keys(module.kubernetes.master_ip_addresses))
list_worker = join("\n", keys(module.kubernetes.worker_ip_addresses)) list_worker = join("\n", keys(module.kubernetes.worker_ip_addresses))
network_id = module.kubernetes.network_id
} }
} }

View file

@ -6,7 +6,7 @@ resource "hcloud_network" "kubernetes" {
resource "hcloud_network_subnet" "kubernetes" { resource "hcloud_network_subnet" "kubernetes" {
type = "cloud" type = "cloud"
network_id = hcloud_network.kubernetes.id network_id = hcloud_network.kubernetes.id
network_zone = "eu-central" network_zone = var.network_zone
ip_range = var.private_subnet_cidr ip_range = var.private_subnet_cidr
} }

View file

@ -21,3 +21,7 @@ output "worker_ip_addresses" {
output "cluster_private_network_cidr" { output "cluster_private_network_cidr" {
value = var.private_subnet_cidr value = var.private_subnet_cidr
} }
output "network_id" {
value = hcloud_network.kubernetes.id
}

View file

@ -39,3 +39,6 @@ variable "private_network_cidr" {
variable "private_subnet_cidr" { variable "private_subnet_cidr" {
default = "10.0.10.0/24" default = "10.0.10.0/24"
} }
variable "network_zone" {
default = "eu-central"
}

View file

@ -14,3 +14,6 @@ ${list_worker}
[k8s-cluster:children] [k8s-cluster:children]
kube-master kube-master
kube-node kube-node
[k8s-cluster:vars]
network_id=${network_id}

View file

@ -1,6 +1,10 @@
variable "zone" { variable "zone" {
description = "The zone where to run the cluster" description = "The zone where to run the cluster"
} }
variable "network_zone" {
description = "The network zone where the cluster is running"
default = "eu-central"
}
variable "prefix" { variable "prefix" {
description = "Prefix for resource names" description = "Prefix for resource names"

View file

@ -2,7 +2,7 @@
# external_hcloud_cloud: # external_hcloud_cloud:
# hcloud_api_token: "" # hcloud_api_token: ""
# token_secret_name: hcloud # token_secret_name: hcloud
# # with_networks: false # Use the hcloud controller-manager with networks support https://github.com/hetznercloud/hcloud-cloud-controller-manager#networks-support
# service_account_name: cloud-controller-manager # service_account_name: cloud-controller-manager
# #
# controller_image_tag: "latest" # controller_image_tag: "latest"

View file

@ -9,8 +9,8 @@
- {name: external-hcloud-cloud-secret, file: external-hcloud-cloud-secret.yml} - {name: external-hcloud-cloud-secret, file: external-hcloud-cloud-secret.yml}
- {name: external-hcloud-cloud-service-account, file: external-hcloud-cloud-service-account.yml} - {name: external-hcloud-cloud-service-account, file: external-hcloud-cloud-service-account.yml}
- {name: external-hcloud-cloud-role-bindings, file: external-hcloud-cloud-role-bindings.yml} - {name: external-hcloud-cloud-role-bindings, file: external-hcloud-cloud-role-bindings.yml}
- {name: external-hcloud-cloud-controller-manager-ds, file: external-hcloud-cloud-controller-manager-ds.yml} - {name: "{{ 'external-hcloud-cloud-controller-manager-ds-with-networks' if external_hcloud_cloud.with_networks else 'external-hcloud-cloud-controller-manager-ds' }}", file: "{{ 'external-hcloud-cloud-controller-manager-ds-with-networks.yml' if external_hcloud_cloud.with_networks else 'external-hcloud-cloud-controller-manager-ds.yml' }}"}
- {name: external-hcloud-cloud-controller-manager-ds-with-networks, file: external-hcloud-cloud-controller-manager-ds-with-networks.yml}
register: external_hcloud_manifests register: external_hcloud_manifests
when: inventory_hostname == groups['kube_control_plane'][0] when: inventory_hostname == groups['kube_control_plane'][0]
tags: external-hcloud tags: external-hcloud

View file

@ -1,6 +1,6 @@
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: DeamonSet kind: DaemonSet
metadata: metadata:
name: hcloud-cloud-controller-manager name: hcloud-cloud-controller-manager
namespace: kube-system namespace: kube-system
@ -44,10 +44,13 @@ spec:
- "--allow-untagged-cloud" - "--allow-untagged-cloud"
- "--allocate-node-cidrs=true" - "--allocate-node-cidrs=true"
- "--cluster-cidr=10.244.0.0/16" - "--cluster-cidr=10.244.0.0/16"
{% if external_hcloud_cloud.controller_extra_args is defined %}
args: args:
{% for key, value in external_hcloud_cloud.controller_extra_args.items() %} {% for key, value in external_hcloud_cloud.controller_extra_args.items() %}
- "{{ '--' + key + '=' + value }}" - "{{ '--' + key + '=' + value }}"
{% endfor %} {% endfor %}
{% endif %}
resources: resources:
requests: requests:
cpu: 100m cpu: 100m
@ -60,10 +63,10 @@ spec:
- name: HCLOUD_TOKEN - name: HCLOUD_TOKEN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: hcloud name: {{ external_hcloud_cloud.token_secret_name }}
key: token key: token
- name: HCLOUD_NETWORK - name: HCLOUD_NETWORK
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ external_hcloud_cloud.token_secret_name }} name: {{ external_hcloud_cloud.token_secret_name }}
key: {{ external_hcloud_cloud.token_secret_key }} key: network

View file

@ -1,6 +1,6 @@
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: DeamonSet kind: DaemonSet
metadata: metadata:
name: hcloud-cloud-controller-manager name: hcloud-cloud-controller-manager
namespace: kube-system namespace: kube-system
@ -41,10 +41,12 @@ spec:
- "--cloud-provider=hcloud" - "--cloud-provider=hcloud"
- "--leader-elect=false" - "--leader-elect=false"
- "--allow-untagged-cloud" - "--allow-untagged-cloud"
{% if external_hcloud_cloud.controller_extra_args is defined %}
args: args:
{% for key, value in external_hcloud_cloud.controller_extra_args.items() %} {% for key, value in external_hcloud_cloud.controller_extra_args.items() %}
- "{{ '--' + key + '=' + value }}" - "{{ '--' + key + '=' + value }}"
{% endfor %} {% endfor %}
{% endif %}
resources: resources:
requests: requests:
cpu: 100m cpu: 100m
@ -58,4 +60,4 @@ spec:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: {{ external_hcloud_cloud.token_secret_name }} name: {{ external_hcloud_cloud.token_secret_name }}
key: {{ external_hcloud_cloud.token_secret_key }} key: token

View file

@ -5,4 +5,7 @@ metadata:
name: "{{ external_hcloud_cloud.token_secret_name }}" name: "{{ external_hcloud_cloud.token_secret_name }}"
namespace: kube-system namespace: kube-system
data: data:
token: "{{ external_hcloud_cloud.hcloud_api_token | base64 }}" token: "{{ external_hcloud_cloud.hcloud_api_token | b64encode }}"
{% if external_hcloud_cloud.with_networks %}
network: "{{ network_id|b64encode }}"
{% endif %}