hetzner-k3s 0.4.0 → 0.4.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6ee4a4ac2c31ebff805ee20edc3658ffe64be32e50b524ee4af3646e3ffc3a3c
-  data.tar.gz: 8cbc33a2a696b19c8e614932d1daa7fa9beddaf9d69dd8377d909cb382e40f87
+  metadata.gz: 153385c9fce84159b90d6b77bed3e3afebd3cb0739fbd6de1e4cc91e5f1e130f
+  data.tar.gz: '08a51842b854c2a438012c6fde115520e32fb782524a3ddd4048a772db8aeaa3'
 SHA512:
-  metadata.gz: ff2ca466abbd198b3bc76c8854113d90033fb606e9f11152ecf6d079564ee4dcbdab359a5b17229770a7dc531a9674b211d079a2204596efe3ec5b67157bf82e
-  data.tar.gz: a6a16c64b0ada5c4d1a740894df09a9f41ed0110b06cfd5629b1971c64836a5fd38bceebb7898432b275cb677779606ecd780b917d4095eb161987d26c0eecc0
+  metadata.gz: 9d6ac1e71d783a6b01d77863e30fae972c0983cda9e85dfcaac5fda8da0ea7a33565404aaa8efdd0594185f31c85ebc91cf92cdfe06fd9b92422aaf8c158feee
+  data.tar.gz: 4f93a9eb6635d2c757dfbc1205023e563bfbb564ca0b0f9b839ea4b722f9fc2d7db7978ce4ab7da70d2ce23fd3559a301342f3b222522ac4df0554a9f66317bd

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    hetzner-k3s (0.4.0)
+    hetzner-k3s (0.4.3)
       bcrypt_pbkdf
       ed25519
       http

data/README.md

@@ -2,7 +2,7 @@
 
 This is a CLI tool - based on a Ruby gem - to quickly create and manage Kubernetes clusters in [Hetzner Cloud](https://www.hetzner.com/cloud) using the lightweight Kubernetes distribution [k3s](https://k3s.io/) from [Rancher](https://rancher.com/).
 
-Hetzner Cloud is an awesome cloud provider which offers a truly great service with the best performance/cost ratio in the market. I highly recommend them if European locations (Germany and Finland) are OK for your projects (the Nuremberg data center has decent latency for US users as well). With Hetzner's Cloud Controller Manager and CSI driver you can provision load balancers and persistent volumes very easily.
+Hetzner Cloud is an awesome cloud provider which offers a truly great service with the best performance/cost ratio in the market. With Hetzner's Cloud Controller Manager and CSI driver you can provision load balancers and persistent volumes very easily.
 
 k3s is my favorite Kubernetes distribution now because it uses much less memory and CPU, leaving more resources to workloads. It is also super quick to deploy because it's a single binary.
 
@@ -25,7 +25,7 @@ All that is needed to use this tool is
 
 ## Installation
 
-Once you have the Ruby runtime up and running, you just need to install the gem:
+Once you have the Ruby runtime up and running (2.7.2 or newer in the 2.7 series is recommended at this stage), you just need to install the gem:
 
 ```bash
 gem install hetzner-k3s
@@ -38,7 +38,7 @@ This will install the `hetzner-k3s` executable in your PATH.
 Alternatively, if you don't want to set up a Ruby runtime but have Docker installed, you can use a container. Run the following from inside the directory where you have the config file for the cluster (described in the next section):
 
 ```bash
-docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.3.8 create-cluster --config-file /cluster/test.yaml
+docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.4.4 create-cluster --config-file /cluster/test.yaml
 ```
 
 Replace `test.yaml` with the name of your config file.
@@ -53,11 +53,13 @@ hetzner_token: <your token>
 cluster_name: test
 kubeconfig_path: "./kubeconfig"
 k3s_version: v1.21.3+k3s1
-ssh_key_path: "~/.ssh/id_rsa.pub"
+public_ssh_key_path: "~/.ssh/id_rsa.pub"
+private_ssh_key_path: "~/.ssh/id_rsa"
 ssh_allowed_networks:
   - 0.0.0.0/0
 verify_host_key: false
 location: nbg1
+schedule_workloads_on_masters: false
 masters:
   instance_type: cpx21
   instance_count: 3
@@ -76,7 +78,7 @@ If you are using Docker, then set `kubeconfig_path` to `/cluster/kubeconfig` so
 
 If you don't want to specify the Hetzner token in the config file (for example if you want to use the tool with CI), then you can use the `HCLOUD_TOKEN` environment variable instead, which has predecence.
 
-**Important**: The tool assignes the label `cluster` to each server it creates, with the clsuter name you specify in the config file, as the value. So please ensure you don't create unrelated servers in the same project having
+**Important**: The tool assignes the label `cluster` to each server it creates, with the cluster name you specify in the config file, as the value. So please ensure you don't create unrelated servers in the same project having
 the label `cluster=<cluster name>`, because otherwise they will be deleted if you delete the cluster. I recommend you create a separate Hetzner project for each cluster, see note at the end of this README for more details.
 
 
@@ -84,7 +86,8 @@ If you set `masters.instance_count` to 1 then the tool will create a non highly
 
 You can specify any number of worker node pools for example to have mixed nodes with different specs for different workloads.
 
-At the moment Hetzner Cloud has three locations: two in Germany (`nbg1`, Nuremberg and `fsn1`, Falkensteing) and one in Finland (`hel1`, Helsinki).
+At the moment Hetzner Cloud has four locations: two in Germany (`nbg1`, Nuremberg and `fsn1`, Falkensteing), one in Finland (`hel1`, Helsinki) and one in the USA (`ash`, Ashburn, Virginia). Please note that the Ashburn, Virginia location has just
+been announced and it's limited to AMD instances for now.
 
 For the available instance types and their specs, either check from inside a project when adding a server manually or run the following with your Hetzner token:
 
@@ -239,11 +242,30 @@ I recommend that you create a separate Hetzner project for each cluster, because
 
 ## changelog
 
+- 0.4.4
+  - Add support for the new Ashburn, Virginia (USA) location
+  - Automatically use a placement group so that the instances are all created on different physical hosts for high availability
+
+- 0.4.3
+  - Fix an issue with SSH key creation
+
+- 0.4.2
+  - Update Hetzner CSI driver to v1.6.0
+  - Update System Upgrade Controller to v0.8.0
+
+- 0.4.1
+  - Allow to optionally specify the path of the private SSH key
+  - Set correct permissions for the kubeconfig file
+  - Retry fetching manifests a few times to allow for temporary network issues
+  - Allow to optionally schedule workloads on masters
+  - Allow clusters with no worker node pools if scheduling is enabled for the masters
+
 - 0.4.0
   - Ensure the masters are removed from the API load balancer before deleting the load balancer
   - Ensure the servers are removed from the firewall before deleting it
   - Allow using an environment variable to specify the Hetzner token
   - Allow restricting SSH access to the nodes to specific networks
+  - Do not open the port 6443 on the nodes if a load balancer is created for an HA cluster
 
 - 0.3.9
   - Add command "version" to print the version of the tool in use

data/bin/build.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -e
+
+
+
+IMAGE="vitobotta/hetzner-k3s"
+
+docker build -t ${IMAGE}:v0.4.4 \
+  --platform=linux/amd64 \
+  --cache-from ${IMAGE}:v0.4.3 \
+  --build-arg BUILDKIT_INLINE_CACHE=1 .
+
+docker push vitobotta/hetzner-k3s:v0.4.4

data/lib/hetzner/infra/network.rb

@@ -5,7 +5,8 @@ module Hetzner
       @cluster_name = cluster_name
     end
 
-    def create
+    def create(location:)
+      @location = location
       puts
 
       if network = find_network
@@ -38,7 +39,7 @@ module Hetzner
 
     private
 
-      attr_reader :hetzner_client, :cluster_name
+      attr_reader :hetzner_client, :cluster_name, :location
 
       def network_config
         {
@@ -47,7 +48,7 @@ module Hetzner
           subnets: [
             {
               ip_range: "10.0.0.0/16",
-              network_zone: "eu-central",
+              network_zone: (location ? "us-east" : "eu-central"),
               type: "cloud"
             }
           ]

data/lib/hetzner/infra/placement_group.rb

@@ -0,0 +1,55 @@
+module Hetzner
+  class PlacementGroup
+    def initialize(hetzner_client:, cluster_name:)
+      @hetzner_client = hetzner_client
+      @cluster_name = cluster_name
+    end
+
+    def create
+      puts
+
+      if (placement_group = find_placement_group)
+        puts "Placement group already exists, skipping."
+        puts
+        return placement_group["id"]
+      end
+
+      puts "Creating placement group..."
+
+      response = hetzner_client.post("/placement_groups", placement_group_config).body
+
+      puts "...placement group created."
+      puts
+
+      JSON.parse(response)["placement_group"]["id"]
+    end
+
+    def delete
+      if (placement_group = find_placement_group)
+        puts "Deleting placement group..."
+        hetzner_client.delete("/placement_groups", placement_group["id"])
+        puts "...placement group deleted."
+      else
+        puts "Placement group no longer exists, skipping."
+      end
+
+      puts
+    end
+
+    private
+
+      attr_reader :hetzner_client, :cluster_name
+
+      def placement_group_config
+        {
+          name: cluster_name,
+          type: "spread"
+        }
+      end
+
+      def find_placement_group
+        hetzner_client.get("/placement_groups")["placement_groups"].detect{ |placement_group| placement_group["name"] == cluster_name }
+      end
+
+  end
+end

data/lib/hetzner/infra/server.rb

@@ -5,7 +5,7 @@ module Hetzner
       @cluster_name = cluster_name
     end
 
-    def create(location:, instance_type:, instance_id:, firewall_id:, network_id:, ssh_key_id:)
+    def create(location:, instance_type:, instance_id:, firewall_id:, network_id:, ssh_key_id:, placement_group_id:)
       puts
 
       server_name = "#{cluster_name}-#{instance_type}-#{instance_id}"
@@ -36,7 +36,8 @@ module Hetzner
         labels: {
           cluster: cluster_name,
           role: (server_name =~ /master/ ? "master" : "worker")
-        }
+        },
+        placement_group: placement_group_id
       }
 
       response = hetzner_client.post("/servers", server_config).body

data/lib/hetzner/infra/ssh_key.rb

@@ -5,15 +5,15 @@ module Hetzner
       @cluster_name = cluster_name
     end
 
-    def create(ssh_key_path:)
-      @ssh_key_path = ssh_key_path
+    def create(public_ssh_key_path:)
+      @public_ssh_key_path = public_ssh_key_path
 
       puts
 
-      if ssh_key = find_ssh_key
+      if (public_ssh_key = find_public_ssh_key)
         puts "SSH key already exists, skipping."
         puts
-        return ssh_key["id"]
+        return public_ssh_key["id"]
       end
 
       puts "Creating SSH key..."
@@ -26,13 +26,13 @@ module Hetzner
       JSON.parse(response)["ssh_key"]["id"]
     end
 
-    def delete(ssh_key_path:)
-      @ssh_key_path = ssh_key_path
+    def delete(public_ssh_key_path:)
+      @public_ssh_key_path = public_ssh_key_path
 
-      if ssh_key = find_ssh_key
-        if ssh_key["name"] == cluster_name
+      if (public_ssh_key = find_public_ssh_key)
+        if public_ssh_key["name"] == cluster_name
           puts "Deleting ssh_key..."
-          hetzner_client.delete("/ssh_keys", ssh_key["id"])
+          hetzner_client.delete("/ssh_keys", public_ssh_key["id"])
           puts "...ssh_key deleted."
         else
           puts "The SSH key existed before creating the cluster, so I won't delete it."
@@ -46,24 +46,24 @@ module Hetzner
 
     private
 
-      attr_reader :hetzner_client, :cluster_name, :ssh_key_path
+      attr_reader :hetzner_client, :cluster_name, :public_ssh_key_path
 
-      def public_key
-        @public_key ||= File.read(ssh_key_path).chop
+      def public_ssh_key
+        @public_ssh_key ||= File.read(public_ssh_key_path).chop
       end
 
       def ssh_key_config
         {
           name: cluster_name,
-          public_key: public_key
+          public_key: public_ssh_key
         }
       end
 
       def fingerprint
-        @fingerprint ||= ::SSHKey.fingerprint(public_key)
+        @fingerprint ||= ::SSHKey.fingerprint(public_ssh_key)
       end
 
-      def find_ssh_key
+      def find_public_ssh_key
         key = hetzner_client.get("/ssh_keys")["ssh_keys"].detect do |ssh_key|
           ssh_key["fingerprint"] == fingerprint
         end

data/lib/hetzner/k3s/cli.rb

@@ -83,7 +83,8 @@ module Hetzner
 
           case action
           when :create
-            validate_ssh_key
+            validate_public_ssh_key
+            validate_private_ssh_key
             validate_ssh_allowed_networks
             validate_location
             validate_k3s_version
@@ -147,16 +148,25 @@ module Hetzner
           errors << "Invalid path for the kubeconfig"
         end
 
-        def validate_ssh_key
-          path = File.expand_path(configuration.dig("ssh_key_path"))
+        def validate_public_ssh_key
+          path = File.expand_path(configuration.dig("public_ssh_key_path"))
           errors << "Invalid Public SSH key path" and return unless File.exists? path
 
           key = File.read(path)
-          errors << "Public SSH key is invalid" unless ::SSHKey.valid_ssh_public_key? key
+          errors << "Public SSH key is invalid" unless ::SSHKey.valid_ssh_public_key?(key)
         rescue
           errors << "Invalid Public SSH key path"
         end
 
+        def validate_private_ssh_key
+          return unless (private_ssh_key_path = configuration.dig("private_ssh_key_path"))
+
+          path = File.expand_path(private_ssh_key_path)
+          errors << "Invalid Private SSH key path" and return unless File.exists?(path)
+        rescue
+          errors << "Invalid Private SSH key path"
+        end
+
         def validate_kubeconfig_path_must_exist
           path = File.expand_path configuration.dig("kubeconfig_path")
           errors << "kubeconfig path is invalid" and return unless File.exists? path
@@ -183,7 +193,7 @@ module Hetzner
 
         def validate_location
           return if locations.empty? && !valid_token?
-          errors << "Invalid location - available locations: nbg1 (Nuremberg, Germany), fsn1 (Falkenstein, Germany), hel1 (Helsinki, Finland)" unless locations.include? configuration.dig("location")
+          errors << "Invalid location - available locations: nbg1 (Nuremberg, Germany), fsn1 (Falkenstein, Germany), hel1 (Helsinki, Finland) or ash (Ashburn, Virginia, USA)" unless locations.include? configuration.dig("location")
         end
 
         def find_available_releases
@@ -231,14 +241,22 @@ module Hetzner
           begin
             worker_node_pools = configuration.dig("worker_node_pools")
           rescue
-            errors << "Invalid node pools configuration"
+            unless schedule_workloads_on_masters?
+              errors << "Invalid node pools configuration"
+              return
+            end
+          end
+
+          if worker_node_pools.nil? && schedule_workloads_on_masters?
             return
           end
 
           if !worker_node_pools.is_a? Array
             errors << "Invalid node pools configuration"
           elsif worker_node_pools.size == 0
-            errors << "At least one node pool is required in order to schedule workloads"
+            unless schedule_workloads_on_masters?
+              errors << "At least one node pool is required in order to schedule workloads"
+            end
           elsif worker_node_pools.map{ |worker_node_pool| worker_node_pool["name"]}.uniq.size != worker_node_pools.size
             errors << "Each node pool must have an unique name"
           elsif server_types
@@ -248,6 +266,11 @@ module Hetzner
           end
         end
 
+        def schedule_workloads_on_masters?
+          schedule_workloads_on_masters = configuration.dig("schedule_workloads_on_masters")
+          schedule_workloads_on_masters ? !!schedule_workloads_on_masters : false
+        end
+
         def validate_new_k3s_version_must_be_more_recent
           return if options[:force] == "true"
           return unless kubernetes_client
@@ -316,12 +339,13 @@ module Hetzner
           config_hash = YAML.load_file(File.expand_path(configuration["kubeconfig_path"]))
           config_hash['current-context'] = configuration["cluster_name"]
           @kubernetes_client = K8s::Client.config(K8s::Config.new(config_hash))
+        rescue
           errors << "Cannot connect to the Kubernetes cluster"
           false
         end
 
         def validate_verify_host_key
-          return unless [true, false].include?(configuration.fetch("ssh_key_path", false))
+          return unless [true, false].include?(configuration.fetch("public_ssh_key_path", false))
           errors << "Please set the verify_host_key option to either true or false"
         end
 

data/lib/hetzner/k3s/cluster.rb

@@ -11,6 +11,7 @@ require_relative "../infra/network"
 require_relative "../infra/ssh_key"
 require_relative "../infra/server"
 require_relative "../infra/load_balancer"
+require_relative "../infra/placement_group"
 
 require_relative "../k3s/client_patch"
 
@@ -22,12 +23,15 @@ class Cluster
   end
 
   def create(configuration:)
+    @configuration = configuration
     @cluster_name = configuration.dig("cluster_name")
     @kubeconfig_path = File.expand_path(configuration.dig("kubeconfig_path"))
-    @ssh_key_path = File.expand_path(configuration.dig("ssh_key_path"))
+    @public_ssh_key_path = File.expand_path(configuration.dig("public_ssh_key_path"))
+    private_ssh_key_path = configuration.dig("private_ssh_key_path")
+    @private_ssh_key_path = File.expand_path(private_ssh_key_path) if private_ssh_key_path
     @k3s_version = configuration.dig("k3s_version")
     @masters_config = configuration.dig("masters")
-    @worker_node_pools = configuration.dig("worker_node_pools")
+    @worker_node_pools = find_worker_node_pools(configuration)
     @location = configuration.dig("location")
     @verify_host_key = configuration.fetch("verify_host_key", false)
     @servers = []
@@ -47,7 +51,7 @@ class Cluster
   def delete(configuration:)
     @cluster_name = configuration.dig("cluster_name")
     @kubeconfig_path = File.expand_path(configuration.dig("kubeconfig_path"))
-    @ssh_key_path = File.expand_path(configuration.dig("ssh_key_path"))
+    @public_ssh_key_path = File.expand_path(configuration.dig("public_ssh_key_path"))
 
     delete_resources
   end
@@ -64,13 +68,17 @@ class Cluster
 
   private
 
+    def find_worker_node_pools(configuration)
+      configuration.fetch("worker_node_pools", [])
+    end
+
     attr_accessor :servers
 
     attr_reader :hetzner_client, :cluster_name, :kubeconfig_path, :k3s_version,
                 :masters_config, :worker_node_pools,
-                :location, :ssh_key_path, :kubernetes_client,
+                :location, :public_ssh_key_path, :kubernetes_client,
                 :hetzner_token, :tls_sans, :new_k3s_version, :configuration,
-                :config_file, :verify_host_key, :networks
+                :config_file, :verify_host_key, :networks, :private_ssh_key_path, :configuration
 
 
     def latest_k3s_version
@@ -82,6 +90,11 @@ class Cluster
       master_instance_type = masters_config["instance_type"]
       masters_count = masters_config["instance_count"]
 
+      placement_group_id = Hetzner::PlacementGroup.new(
+        hetzner_client: hetzner_client,
+        cluster_name: cluster_name
+      ).create
+
       firewall_id = Hetzner::Firewall.new(
         hetzner_client: hetzner_client,
         cluster_name: cluster_name
@@ -90,12 +103,12 @@ class Cluster
       network_id = Hetzner::Network.new(
         hetzner_client: hetzner_client,
         cluster_name: cluster_name
-      ).create
+      ).create(location: location)
 
       ssh_key_id = Hetzner::SSHKey.new(
         hetzner_client: hetzner_client,
         cluster_name: cluster_name
-      ).create(ssh_key_path: ssh_key_path)
+      ).create(public_ssh_key_path: public_ssh_key_path)
 
       server_configs = []
 
@@ -106,7 +119,8 @@ class Cluster
           instance_id: "master#{i+1}",
           firewall_id: firewall_id,
           network_id: network_id,
-          ssh_key_id: ssh_key_id
+          ssh_key_id: ssh_key_id,
+          placement_group_id: placement_group_id
         }
       end
 
@@ -129,7 +143,8 @@ class Cluster
             instance_id: "pool-#{worker_node_pool_name}-worker#{i+1}",
             firewall_id: firewall_id,
             network_id: network_id,
-            ssh_key_id: ssh_key_id
+            ssh_key_id: ssh_key_id,
+            placement_group_id: placement_group_id
           }
         end
       end
@@ -151,6 +166,11 @@ class Cluster
     end
 
     def delete_resources
+      Hetzner::PlacementGroup.new(
+        hetzner_client: hetzner_client,
+        cluster_name: cluster_name
+      ).delete
+
       Hetzner::LoadBalancer.new(
         hetzner_client: hetzner_client,
         cluster_name: cluster_name
@@ -169,7 +189,7 @@ class Cluster
       Hetzner::SSHKey.new(
         hetzner_client: hetzner_client,
         cluster_name: cluster_name
-      ).delete(ssh_key_path: ssh_key_path)
+      ).delete(public_ssh_key_path: public_ssh_key_path)
 
       threads = all_servers.map do |server|
         Thread.new do
@@ -207,6 +227,8 @@ class Cluster
       server = master == first_master ? " --cluster-init " : " --server https://#{first_master_private_ip}:6443 "
       flannel_interface = find_flannel_interface(master)
 
+      taint = schedule_workloads_on_masters? ? " " : " --node-taint CriticalAddonsOnly=true:NoExecute "
+
       <<~EOF
       curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="#{k3s_version}" K3S_TOKEN="#{k3s_token}" INSTALL_K3S_EXEC="server \
         --disable-cloud-controller \
@@ -223,7 +245,7 @@ class Cluster
         --kube-proxy-arg="metrics-bind-address=0.0.0.0" \
         --kube-scheduler-arg="address=0.0.0.0" \
         --kube-scheduler-arg="bind-address=0.0.0.0" \
-        --node-taint CriticalAddonsOnly=true:NoExecute \
+        #{taint} \
         --kubelet-arg="cloud-provider=external" \
         --advertise-address=$(hostname -I | awk '{print $2}') \
         --node-ip=$(hostname -I | awk '{print $2}') \
@@ -313,7 +335,7 @@ class Cluster
       end
 
 
-      manifest = HTTP.follow.get("https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/latest/download/ccm-networks.yaml").body
+      manifest = fetch_manifest("https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/latest/download/ccm-networks.yaml")
 
       File.write("/tmp/cloud-controller-manager.yaml", manifest)
 
@@ -338,11 +360,18 @@ class Cluster
       retry
     end
 
+    def fetch_manifest(url)
+      retries ||= 1
+      HTTP.follow.get(url).body
+    rescue
+      retry if (retries += 1) <= 10
+    end
+
     def deploy_system_upgrade_controller
       puts
       puts "Deploying k3s System Upgrade Controller..."
 
-      manifest = HTTP.follow.get("https://github.com/rancher/system-upgrade-controller/releases/download/v0.7.3/system-upgrade-controller.yaml").body
+      manifest = HTTP.follow.get("https://github.com/rancher/system-upgrade-controller/releases/download/v0.8.0/system-upgrade-controller.yaml").body
 
       File.write("/tmp/system-upgrade-controller.yaml", manifest)
 
@@ -391,7 +420,7 @@ class Cluster
       end
 
 
-      manifest = HTTP.follow.get("https://raw.githubusercontent.com/hetznercloud/csi-driver/v1.5.3/deploy/kubernetes/hcloud-csi.yml").body
+      manifest = HTTP.follow.get("https://raw.githubusercontent.com/hetznercloud/csi-driver/v1.6.0/deploy/kubernetes/hcloud-csi.yml").body
 
       File.write("/tmp/csi-driver.yaml", manifest)
 
@@ -442,7 +471,13 @@ class Cluster
       public_ip = server.dig("public_net", "ipv4", "ip")
       output = ""
 
-      Net::SSH.start(public_ip, "root", verify_host_key: (verify_host_key ? :always : :never)) do |session|
+      params = { verify_host_key: (verify_host_key ? :always : :never) }
+
+      if private_ssh_key_path
+        params[:keys] = [private_ssh_key_path]
+      end
+
+      Net::SSH.start(public_ip, "root", params) do |session|
         session.exec!(command) do |channel, stream, data|
           output << data
           puts data if print_output
@@ -453,6 +488,10 @@ class Cluster
       retry unless e.message =~ /Too many authentication failures/
     rescue Net::SSH::ConnectionTimeout, Errno::ECONNREFUSED, Errno::ENETUNREACH, Errno::EHOSTUNREACH
       retry
+    rescue Net::SSH::AuthenticationFailed
+      puts
+      puts "Cannot continue: SSH authentication failed. Please ensure that the private SSH key is correct."
+      exit 1
     rescue Net::SSH::HostKeyMismatch
       puts
       puts "Cannot continue: Unable to SSH into server with IP #{public_ip} because the existing fingerprint in the known_hosts file does not match that of the actual host key."
@@ -542,6 +581,8 @@ class Cluster
         gsub("default", cluster_name)
 
       File.write(kubeconfig_path, kubeconfig)
+
+      FileUtils.chmod "go-r", kubeconfig_path
     end
 
     def ugrade_plan_manifest_path
@@ -605,4 +646,9 @@ class Cluster
       server.dig("labels", "cluster") == cluster_name
     end
 
+    def schedule_workloads_on_masters?
+      schedule_workloads_on_masters = configuration.dig("schedule_workloads_on_masters")
+      schedule_workloads_on_masters ? !!schedule_workloads_on_masters : false
+    end
+
 end

data/lib/hetzner/k3s/version.rb

@@ -1,5 +1,5 @@
 module Hetzner
   module K3s
-    VERSION = "0.4.0"
+    VERSION = "0.4.4"
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hetzner-k3s
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.4
 platform: ruby
 authors:
 - Vito Botta
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-08-24 00:00:00.000000000 Z
+date: 2021-11-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -127,6 +127,7 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- bin/build.sh
 - bin/console
 - bin/setup
 - cluster_config.yaml.example
@@ -139,6 +140,7 @@ files:
 - lib/hetzner/infra/firewall.rb
 - lib/hetzner/infra/load_balancer.rb
 - lib/hetzner/infra/network.rb
+- lib/hetzner/infra/placement_group.rb
 - lib/hetzner/infra/server.rb
 - lib/hetzner/infra/ssh_key.rb
 - lib/hetzner/k3s/cli.rb