hetzner-k3s 0.3.1 → 0.3.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/Dockerfile +11 -0
  3. data/Gemfile.lock +5 -1
  4. data/README.md +26 -1
  5. data/entrypoint.sh +12 -0
  6. data/hetzner-k3s.gemspec +2 -0
  7. data/lib/hetzner/infra/firewall.rb +5 -0
  8. data/lib/hetzner/infra/server.rb +6 -1
  9. data/lib/hetzner/k3s/version.rb +1 -1
  10. metadata +32 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 7702216e981cea045d5c8fc09087a233a41ed06fa1a812e2aab008db8375e953
4
- data.tar.gz: 43d606e2517b62bd27ba040305b67c9a84f07d6e55a84ea5ed1a0d92ba501af9
3
+ metadata.gz: 59252c55a4a701b664c992d568121caaef5766cc28809e79484071ca018763ed
4
+ data.tar.gz: 5101372e1ce68608087529423fb7f3f61fc31bcf0966398ab4116545011c39f9
5
5
  SHA512:
6
- metadata.gz: 1b7286180209083562f31e07b6227e47c04db0fdc3eadbb9fbd8506cf63bbd59bf449f8d99a48f6d9647e03214a84c04ef2c364c9d2a004b71777557607dd9d1
7
- data.tar.gz: 6fa33623fb8dccbf06395aa5fbb14d74ad2a4581954c7a425b839eef1ccb04888ed7abe1025b245fcade8dac18be6864c702c240d5c5fdfc87370a884735bfd9
6
+ metadata.gz: ddc9b31b733f73d3e62c74b3b023d29009abb6c4e83a3504818d9bcb39657b379911dc3a00bac96c27e7c71477730e76ff42de5a09f68ab9a67f47920eac0018
7
+ data.tar.gz: dcd457cecdb1643b516448c922678ff36c46f283cdc2889befda796ccde6d42cbf6e54d74609105cef62eb7523a255a392871f1d6853cc32f86a83f1e5abcb45
data/Dockerfile ADDED
@@ -0,0 +1,11 @@
1
+ FROM ruby:2.7.4-alpine
2
+
3
+ RUN apk update --no-cache \
4
+ && apk add build-base git openssh-client
5
+
6
+ RUN gem install hetzner-k3s
7
+
8
+ COPY entrypoint.sh /entrypoint.sh
9
+
10
+ ENTRYPOINT ["/entrypoint.sh"]
11
+
data/Gemfile.lock CHANGED
@@ -1,7 +1,9 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- hetzner-k3s (0.3.0)
4
+ hetzner-k3s (0.3.5)
5
+ bcrypt_pbkdf
6
+ ed25519
5
7
  http
6
8
  k8s-ruby
7
9
  net-ssh
@@ -13,6 +15,7 @@ GEM
13
15
  specs:
14
16
  addressable (2.8.0)
15
17
  public_suffix (>= 2.0.2, < 5.0)
18
+ bcrypt_pbkdf (1.1.0)
16
19
  concurrent-ruby (1.1.9)
17
20
  diff-lcs (1.4.4)
18
21
  domain_name (0.5.20190701)
@@ -43,6 +46,7 @@ GEM
43
46
  dry-equalizer (~> 0.2)
44
47
  dry-inflector (~> 0.1, >= 0.1.2)
45
48
  dry-logic (~> 0.4, >= 0.4.2)
49
+ ed25519 (1.2.4)
46
50
  excon (0.85.0)
47
51
  ffi (1.15.3)
48
52
  ffi-compiler (1.0.1)
data/README.md CHANGED
@@ -33,6 +33,16 @@ gem install hetzner-k3s
33
33
 
34
34
  This will install the `hetzner-k3s` executable in your PATH.
35
35
 
36
+ ### With Docker
37
+
38
+ Alternatively, if you don't want to set up a Ruby runtime but have Docker installed, you can use a container. Run the following from inside the directory where you have the config file for the cluster (described in the next section):
39
+
40
+ ```bash
41
+ docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s create-cluster --config-file /cluster/test.yaml
42
+ ```
43
+
44
+ Replace `test.yaml` with the name of your config file.
45
+
36
46
  ## Creating a cluster
37
47
 
38
48
  The tool requires a simple configuration file in order to create/upgrade/delete clusters, in the YAML format like in the example below:
@@ -60,6 +70,9 @@ worker_node_pools:
60
70
 
61
71
  It should hopefully be self explanatory; you can run `hetzner-k3s releases` to see a list of the available releases from the most recent to the oldest available.
62
72
 
73
+ If you are using Docker, then set `kubeconfig_path` to `/cluster/kubeconfig` so that the kubeconfig is created in the same directory where your config file is.
74
+
75
+
63
76
  If you set `masters.instance_count` to 1 then the tool will create a non highly available control plane; for production clusters you may want to set it to a number greater than 1. This number must be odd to avoid split brain issues with etcd and the recommended number is 3.
64
77
 
65
78
  You can specify any number of worker node pools for example to have mixed nodes with different specs for different workloads.
@@ -214,6 +227,18 @@ Once the cluster is ready you can create persistent volumes out of the box with
214
227
 
215
228
  ## changelog
216
229
 
230
+ - 0.3.5
231
+ - Add descriptions for firewall rules
232
+
233
+ - 0.3.4
234
+ - Added Docker support
235
+
236
+ - 0.3.3
237
+ - Add some gems required on Linux
238
+
239
+ - 0.3.2
240
+ - Configure DNS to use Cloudflare's resolver instead of Hetzner's, since Hetzner's resolvers are not always reliable
241
+
217
242
  - 0.3.1
218
243
  - Allow enabling/disabling the host key verification
219
244
 
@@ -235,4 +260,4 @@ The gem is available as open source under the terms of the [MIT License](https:/
235
260
 
236
261
  ## Code of Conduct
237
262
 
238
- Everyone interacting in the hetzner-k3s project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/vitobotta/k3s/blob/master/CODE_OF_CONDUCT.md).
263
+ Everyone interacting in the hetzner-k3s project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/vitobotta/hetzner-k3s/blob/main/CODE_OF_CONDUCT.md).
data/entrypoint.sh ADDED
@@ -0,0 +1,12 @@
1
+ #!/bin/sh
2
+
3
+ cp -R /tmp/.ssh /root/.ssh
4
+ chmod 700 /root/.ssh
5
+ chmod 600 /root/.ssh/*
6
+ chmod 644 /root/.ssh/*.pub
7
+
8
+ eval $(ssh-agent -s) 2&>1 > /dev/null
9
+
10
+ ssh-add ~/.ssh/* 2&>1 > /dev/null
11
+
12
+ hetzner-k3s "$@"
data/hetzner-k3s.gemspec CHANGED
@@ -23,6 +23,8 @@ Gem::Specification.new do |spec|
23
23
  spec.add_dependency "net-ssh"
24
24
  spec.add_dependency "k8s-ruby"
25
25
  spec.add_dependency "sshkey"
26
+ spec.add_dependency "ed25519"
27
+ spec.add_dependency "bcrypt_pbkdf"
26
28
 
27
29
  # Specify which files should be added to the gem when it is released.
28
30
  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
data/lib/hetzner/infra/firewall.rb CHANGED
@@ -44,6 +44,7 @@ module Hetzner
44
44
  name: cluster_name,
45
45
  rules: [
46
46
  {
47
+ "description": "Allow port 22 (SSH)",
47
48
  "direction": "in",
48
49
  "protocol": "tcp",
49
50
  "port": "22",
@@ -54,6 +55,7 @@ module Hetzner
54
55
  "destination_ips": []
55
56
  },
56
57
  {
58
+ "description": "Allow ICMP (ping)",
57
59
  "direction": "in",
58
60
  "protocol": "icmp",
59
61
  "port": nil,
@@ -64,6 +66,7 @@ module Hetzner
64
66
  "destination_ips": []
65
67
  },
66
68
  {
69
+ "description": "Allow port 6443 (Kubernetes API server)",
67
70
  "direction": "in",
68
71
  "protocol": "tcp",
69
72
  "port": "6443",
@@ -74,6 +77,7 @@ module Hetzner
74
77
  "destination_ips": []
75
78
  },
76
79
  {
80
+ "description": "Allow all TCP traffic between nodes on the private network",
77
81
  "direction": "in",
78
82
  "protocol": "tcp",
79
83
  "port": "any",
@@ -83,6 +87,7 @@ module Hetzner
83
87
  "destination_ips": []
84
88
  },
85
89
  {
90
+ "description": "Allow all UDP traffic between nodes on the private network",
86
91
  "direction": "in",
87
92
  "protocol": "udp",
88
93
  "port": "any",
data/lib/hetzner/infra/server.rb CHANGED
@@ -74,7 +74,12 @@ module Hetzner
74
74
  - sed -i 's/[#]*PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
75
75
  - sed -i 's/[#]*PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
76
76
  - systemctl restart sshd
77
- EOS
77
+ - systemctl stop systemd-resolved
78
+ - systemctl disable systemd-resolved
79
+ - rm /etc/resolv.conf
80
+ - echo "nameserver 1.1.1.1" > /etc/resolv.conf
81
+ - echo "nameserver 1.0.0.1" >> /etc/resolv.conf
82
+ EOS
78
83
  end
79
84
 
80
85
  end
data/lib/hetzner/k3s/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Hetzner
2
2
  module K3s
3
- VERSION = "0.3.1"
3
+ VERSION = "0.3.5"
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hetzner-k3s
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.1
4
+ version: 0.3.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Vito Botta
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-08-09 00:00:00.000000000 Z
11
+ date: 2021-08-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor
@@ -80,6 +80,34 @@ dependencies:
80
80
  - - ">="
81
81
  - !ruby/object:Gem::Version
82
82
  version: '0'
83
+ - !ruby/object:Gem::Dependency
84
+ name: ed25519
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :runtime
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ - !ruby/object:Gem::Dependency
98
+ name: bcrypt_pbkdf
99
+ requirement: !ruby/object:Gem::Requirement
100
+ requirements:
101
+ - - ">="
102
+ - !ruby/object:Gem::Version
103
+ version: '0'
104
+ type: :runtime
105
+ prerelease: false
106
+ version_requirements: !ruby/object:Gem::Requirement
107
+ requirements:
108
+ - - ">="
109
+ - !ruby/object:Gem::Version
110
+ version: '0'
83
111
  description: A CLI to create a Kubernetes cluster in Hetzner Cloud very quickly using
84
112
  k3s.
85
113
  email:
@@ -93,6 +121,7 @@ files:
93
121
  - ".rspec"
94
122
  - ".travis.yml"
95
123
  - CODE_OF_CONDUCT.md
124
+ - Dockerfile
96
125
  - Gemfile
97
126
  - Gemfile.lock
98
127
  - LICENSE.txt
@@ -101,6 +130,7 @@ files:
101
130
  - bin/console
102
131
  - bin/setup
103
132
  - cluster_config.yaml.example
133
+ - entrypoint.sh
104
134
  - exe/hetzner-k3s
105
135
  - hetzner-k3s.gemspec
106
136
  - lib/hetzner.rb