hetzner-k3s 0.1.0

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "k3s"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/cluster_config.yaml.example

@@ -0,0 +1,17 @@
+---
+hetzner_token: blah
+cluster_name: test
+kubeconfig_path: "../kubeconfig"
+k3s_version: v1.21.3+k3s1
+ssh_key_path: "~/.ssh/id_rsa.pub"
+location: nbg1
+masters:
+  instance_type: cpx21
+  instance_count: 3
+worker_node_pools:
+- name: small
+  instance_type: cpx21
+  instance_count: 4
+- name: big
+  instance_type: cp321
+  instance_count: 2

data/exe/hetzner-k3s

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+
+require_relative '../lib/hetzner/k3s/cli'
+Hetzner::K3s::CLI.start

data/hetzner-k3s.gemspec

@@ -0,0 +1,35 @@
+require_relative 'lib/hetzner/k3s/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "hetzner-k3s"
+  spec.version       = Hetzner::K3s::VERSION
+  spec.authors       = ["Vito Botta"]
+  spec.email         = ["vito@botta.me"]
+
+  spec.summary       = %q{A CLI to create a Kubernetes cluster in Hetzner Cloud very quickly using k3s.}
+  spec.description   = %q{A CLI to create a Kubernetes cluster in Hetzner Cloud very quickly using k3s.}
+  spec.homepage      = "https://github.com/vitobotta/hetzner-k3s"
+  spec.license       = "MIT"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
+
+  # spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "https://github.com/vitobotta/hetzner-k3s"
+  spec.metadata["changelog_uri"] = "https://github.com/vitobotta/hetzner-k3s"
+
+  spec.add_dependency "thor"
+  spec.add_dependency "http"
+  spec.add_dependency "net-ssh"
+  spec.add_dependency "k8s-ruby"
+  spec.add_dependency "sshkey"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+end

data/lib/hetzner.rb

@@ -0,0 +1,2 @@
+module Hetzner
+end

data/lib/hetzner/infra.rb

@@ -0,0 +1,2 @@
+module Hetzner::Infra
+end

data/lib/hetzner/infra/client.rb

@@ -0,0 +1,32 @@
+module Hetzner
+  class Client
+    BASE_URI = "https://api.hetzner.cloud/v1"
+
+    attr_reader :token
+
+    def initialize(token:)
+      @token = token
+    end
+
+    def get(path)
+      JSON.parse HTTP.headers(headers).get(BASE_URI + path).body
+    end
+
+    def post(path, data)
+      HTTP.headers(headers).post(BASE_URI + path, json: data)
+    end
+
+    def delete(path, id)
+      HTTP.headers(headers).delete(BASE_URI + path + "/" + id.to_s)
+    end
+
+    private
+
+      def headers
+        {
+          "Authorization": "Bearer #{@token}",
+          "Content-Type": "application/json"
+        }
+      end
+  end
+end

data/lib/hetzner/infra/firewall.rb

@@ -0,0 +1,103 @@
+module Hetzner
+  class Firewall
+    def initialize(hetzner_client:, cluster_name:)
+      @hetzner_client = hetzner_client
+      @cluster_name = cluster_name
+    end
+
+    def create
+      puts
+
+      if firewall = find_firewall
+        puts "Firewall already exists, skipping."
+        puts
+        return firewall["id"]
+      end
+
+      puts "Creating firewall..."
+
+      response = hetzner_client.post("/firewalls", firewall_config).body
+      puts "...firewall created."
+      puts
+
+      JSON.parse(response)["firewall"]["id"]
+    end
+
+    def delete
+      if firewall = find_firewall
+        puts "Deleting firewall..."
+        hetzner_client.delete("/firewalls", firewall["id"])
+        puts "...firewall deleted."
+      else
+        puts "Firewall no longer exists, skipping."
+      end
+
+      puts
+    end
+
+    private
+
+      attr_reader :hetzner_client, :cluster_name, :firewall
+
+      def firewall_config
+        {
+          name: cluster_name,
+          rules: [
+            {
+              "direction": "in",
+              "protocol": "tcp",
+              "port": "22",
+              "source_ips": [
+                "0.0.0.0/0",
+                "::/0"
+              ],
+              "destination_ips": []
+            },
+            {
+              "direction": "in",
+              "protocol": "icmp",
+              "port": nil,
+              "source_ips": [
+                "0.0.0.0/0",
+                "::/0"
+              ],
+              "destination_ips": []
+            },
+            {
+              "direction": "in",
+              "protocol": "tcp",
+              "port": "6443",
+              "source_ips": [
+                "0.0.0.0/0",
+                "::/0"
+              ],
+              "destination_ips": []
+            },
+            {
+              "direction": "in",
+              "protocol": "tcp",
+              "port": "any",
+              "source_ips": [
+                "10.0.0.0/16"
+              ],
+              "destination_ips": []
+            },
+            {
+              "direction": "in",
+              "protocol": "udp",
+              "port": "any",
+              "source_ips": [
+                "10.0.0.0/16"
+              ],
+              "destination_ips": []
+            }
+          ]
+        }
+      end
+
+      def find_firewall
+        hetzner_client.get("/firewalls")["firewalls"].detect{ |firewall| firewall["name"] == cluster_name }
+      end
+
+  end
+end

data/lib/hetzner/infra/load_balancer.rb

@@ -0,0 +1,84 @@
+module Hetzner
+  class LoadBalancer
+    def initialize(hetzner_client:, cluster_name:)
+      @hetzner_client = hetzner_client
+      @cluster_name = cluster_name
+    end
+
+    def create(location:, network_id:)
+      @location = location
+      @network_id = network_id
+
+      puts
+
+      if load_balancer = find_load_balancer
+        puts "API load balancer already exists, skipping."
+        puts
+        return load_balancer["id"]
+      end
+
+      puts "Creating API load_balancer..."
+
+      response = hetzner_client.post("/load_balancers", load_balancer_config).body
+      puts "...API load balancer created."
+      puts
+
+      JSON.parse(response)["load_balancer"]["id"]
+    end
+
+    def delete
+      if load_balancer = find_load_balancer
+        puts "Deleting API load balancer..."
+        hetzner_client.delete("/load_balancers", load_balancer["id"])
+        puts "...API load balancer deleted."
+      else
+        puts "API load balancer no longer exists, skipping."
+      end
+
+      puts
+    end
+
+    private
+
+      attr_reader :hetzner_client, :cluster_name, :load_balancer, :location, :network_id
+
+      def load_balancer_name
+        "#{cluster_name}-api"
+      end
+
+      def load_balancer_config
+        {
+          "algorithm": {
+            "type": "round_robin"
+          },
+          "load_balancer_type": "lb11",
+          "location": location,
+          "name": load_balancer_name,
+          "network": network_id,
+          "public_interface": true,
+          "services": [
+            {
+              "destination_port": 6443,
+              "listen_port": 6443,
+              "protocol": "tcp",
+              "proxyprotocol": false
+            }
+          ],
+          "targets": [
+            {
+              "label_selector": {
+                "selector": "cluster=#{cluster_name},role=master"
+              },
+              "type": "label_selector",
+              "use_private_ip": true
+            }
+          ]
+        }
+      end
+
+      def find_load_balancer
+        hetzner_client.get("/load_balancers")["load_balancers"].detect{ |load_balancer| load_balancer["name"] == load_balancer_name }
+      end
+
+  end
+end

data/lib/hetzner/infra/network.rb

@@ -0,0 +1,62 @@
+module Hetzner
+  class Network
+    def initialize(hetzner_client:, cluster_name:)
+      @hetzner_client = hetzner_client
+      @cluster_name = cluster_name
+    end
+
+    def create
+      puts
+
+      if network = find_network
+        puts "Private network already exists, skipping."
+        puts
+        return network["id"]
+      end
+
+      puts "Creating private network..."
+
+      response = hetzner_client.post("/networks", network_config).body
+
+      puts "...private network created."
+      puts
+
+      JSON.parse(response)["network"]["id"]
+    end
+
+    def delete
+      if network = find_network
+        puts "Deleting network..."
+        hetzner_client.delete("/networks", network["id"])
+        puts "...network deleted."
+      else
+        puts "Network no longer exists, skipping."
+      end
+
+      puts
+    end
+
+    private
+
+      attr_reader :hetzner_client, :cluster_name
+
+      def network_config
+        {
+          name: cluster_name,
+          ip_range: "10.0.0.0/16",
+          subnets: [
+            {
+              ip_range: "10.0.0.0/16",
+              network_zone: "eu-central",
+              type: "cloud"
+            }
+          ]
+        }
+      end
+
+      def find_network
+        hetzner_client.get("/networks")["networks"].detect{ |network| network["name"] == cluster_name }
+      end
+
+  end
+end

data/lib/hetzner/infra/server.rb

@@ -0,0 +1,81 @@
+module Hetzner
+  class Server
+    def initialize(hetzner_client:, cluster_name:)
+      @hetzner_client = hetzner_client
+      @cluster_name = cluster_name
+    end
+
+    def create(location:, instance_type:, instance_id:, firewall_id:, network_id:, ssh_key_id:)
+      puts
+
+      server_name = "#{cluster_name}-#{instance_type}-#{instance_id}"
+
+      if server = find_server(server_name)
+        puts "Server #{server_name} already exists, skipping."
+        puts
+        return server
+      end
+
+      puts "Creating server #{server_name}..."
+
+      server_config = {
+        name: server_name,
+        location: location,
+        image: "ubuntu-20.04",
+        firewalls: [
+          { firewall: firewall_id }
+        ],
+        networks: [
+          network_id
+        ],
+        server_type: instance_type,
+        ssh_keys: [
+          ssh_key_id
+        ],
+        user_data: user_data,
+        labels: {
+          cluster: cluster_name,
+          role: (server_name =~ /master/ ? "master" : "worker")
+        }
+      }
+
+      response = hetzner_client.post("/servers", server_config).body
+
+      puts "...server #{server_name} created."
+      puts
+
+      JSON.parse(response)["server"]
+    end
+
+    def delete(server_name:)
+      if server = find_server(server_name)
+        puts "Deleting server #{server_name}..."
+        hetzner_client.delete "/servers", server["id"]
+        puts "...server #{server_name} deleted."
+      else
+        puts "Server #{server_name} no longer exists, skipping."
+      end
+    end
+
+    private
+
+      attr_reader :hetzner_client, :cluster_name
+
+      def find_server(server_name)
+        hetzner_client.get("/servers")["servers"].detect{ |network| network["name"] == server_name }
+      end
+
+      def user_data
+        <<~EOS
+          #cloud-config
+          packages:
+            - fail2ban
+          runcmd:
+            - sed -i 's/[#]*PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
+            - sed -i 's/[#]*PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
+            - systemctl restart sshd
+        EOS
+      end
+
+  end
+end