hetzner-k3s 0.4.5 → 0.4.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ffa9a3f4a629e25c670c3d4b3301aed094275d320db95e038ceac3e3ebebe1e2
-  data.tar.gz: ada1a6fb351c70f5c3a2ad52139b96911bcaa99b7d2351c89f770204dc9883c2
+  metadata.gz: 22358cdc272faa5e09ae2f561bf4225990a87b0461f4920439f9d5e9543fbe59
+  data.tar.gz: fc7dc822d53cd881e01a18c509d666bdd0321ed25c636f2873bca3fa1e5e0ce9
 SHA512:
-  metadata.gz: 6dcd87e350acedf02f21bc7732f6515c74a3ee4482f554f982a05bfa96be39bda1d205014a3ff66efc8ea69fda545a9b5fc363ab8f6f0f16036ddebe87b3fc16
-  data.tar.gz: 2789c63c71e81b9334c9e95de8cd0e0f088f2f40bedaaf942e18003de70bac24535164f5ef225e6a9568360293611d1e20d192b1a88f306e425fb44e96a1d211
+  metadata.gz: 35a06d127f14f4848a6a87611292b67e0edbf6cc3fb1ae8b803214428369cfc519942702fe36c14c2537732b38fa024b5d2361f77db56ea58724446f4822537d
+  data.tar.gz: bfc7751afa7db09a5e929b8164cdab060dfcb7b86125ae30a4804e179ba8a0550bdb07c9a181e148284e10ef7a632fe26ad81da1e278aeeab492a2899e2cdffb

data/.ruby-version

@@ -0,0 +1 @@
+3.1.0

data/Gemfile.lock

@@ -1,13 +1,13 @@
 PATH
   remote: .
   specs:
-    hetzner-k3s (0.4.3)
+    hetzner-k3s (0.4.8)
       bcrypt_pbkdf
       ed25519
       http
-      k8s-ruby
       net-ssh
       sshkey
+      subprocess
       thor
 
 GEM
@@ -16,43 +16,14 @@ GEM
     addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
     bcrypt_pbkdf (1.1.0)
-    concurrent-ruby (1.1.9)
     diff-lcs (1.4.4)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
-    dry-configurable (0.12.1)
-      concurrent-ruby (~> 1.0)
-      dry-core (~> 0.5, >= 0.5.0)
-    dry-container (0.8.0)
-      concurrent-ruby (~> 1.0)
-      dry-configurable (~> 0.1, >= 0.1.3)
-    dry-core (0.7.1)
-      concurrent-ruby (~> 1.0)
-    dry-equalizer (0.3.0)
-    dry-inflector (0.2.1)
-    dry-logic (0.6.1)
-      concurrent-ruby (~> 1.0)
-      dry-core (~> 0.2)
-      dry-equalizer (~> 0.2)
-    dry-struct (0.5.1)
-      dry-core (~> 0.4, >= 0.4.3)
-      dry-equalizer (~> 0.2)
-      dry-types (~> 0.13)
-      ice_nine (~> 0.11)
-    dry-types (0.13.4)
-      concurrent-ruby (~> 1.0)
-      dry-container (~> 0.3)
-      dry-core (~> 0.4, >= 0.4.4)
-      dry-equalizer (~> 0.2)
-      dry-inflector (~> 0.1, >= 0.1.2)
-      dry-logic (~> 0.4, >= 0.4.2)
     ed25519 (1.2.4)
-    excon (0.85.0)
-    ffi (1.15.3)
+    ffi (1.15.4)
     ffi-compiler (1.0.1)
       ffi (>= 1.0.0)
       rake
-    hashdiff (1.0.1)
     http (4.4.1)
       addressable (~> 2.3)
       http-cookie (~> 1.0)
@@ -63,24 +34,9 @@ GEM
     http-form_data (2.3.0)
     http-parser (1.2.3)
       ffi-compiler (>= 1.0, < 2.0)
-    ice_nine (0.11.2)
-    jsonpath (0.9.9)
-      multi_json
-      to_regexp (~> 0.2.1)
-    k8s-ruby (0.10.5)
-      dry-struct (~> 0.5.0)
-      dry-types (~> 0.13.0)
-      excon (~> 0.71)
-      hashdiff (~> 1.0.0)
-      jsonpath (~> 0.9.5)
-      recursive-open-struct (~> 1.1.0)
-      yajl-ruby (~> 1.4.0)
-      yaml-safe_load_stream (~> 0.1)
-    multi_json (1.15.0)
     net-ssh (6.1.0)
     public_suffix (4.0.6)
     rake (12.3.3)
-    recursive-open-struct (1.1.3)
     rspec (3.10.0)
       rspec-core (~> 3.10.0)
       rspec-expectations (~> 3.10.0)
@@ -95,13 +51,11 @@ GEM
       rspec-support (~> 3.10.0)
     rspec-support (3.10.2)
     sshkey (2.0.0)
-    thor (1.1.0)
-    to_regexp (0.2.1)
+    subprocess (1.5.5)
+    thor (1.2.1)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.7.7)
-    yajl-ruby (1.4.1)
-    yaml-safe_load_stream (0.1.1)
+    unf_ext (0.0.8)
 
 PLATFORMS
   ruby
@@ -112,4 +66,4 @@ DEPENDENCIES
   rspec (~> 3.0)
 
 BUNDLED WITH
-   2.1.4
+   2.3.4

data/README.md

@@ -38,7 +38,7 @@ This will install the `hetzner-k3s` executable in your PATH.
 Alternatively, if you don't want to set up a Ruby runtime but have Docker installed, you can use a container. Run the following from inside the directory where you have the config file for the cluster (described in the next section):
 
 ```bash
-docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.4.5 create-cluster --config-file /cluster/test.yaml
+docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.4.9 create-cluster --config-file /cluster/test.yaml
 ```
 
 Replace `test.yaml` with the name of your config file.
@@ -97,8 +97,20 @@ curl \
 	'https://api.hetzner.cloud/v1/server_types'
 ```
 
+By default, the image in use is Ubuntu 20.04, but you can specify an image to use with the `image` config option. This makes it also possible
+to use a snapshot that you have already created from and existing server (for example to preinstall some tools). If you want to use a custom
+snapshot you'll need to specify the **ID** of the snapshot/image, not the description you gave when you created the template server. To find
+the ID of your custom image/snapshot, run:
 
-Note: the option `verify_host_key` is by default set to `false` to disable host key verification. This is because sometimes when creating new servers, Hetzner may assign IP addresses that were previously used by other servers you owned in the past. Therefore the host key verification would fail. If you set this option to `true` and this happens, the tool won't be able to continue creating the cluster until you resolve the issue with one of the suggestions it will give you.
+```bash
+curl \
+	-H "Authorization: Bearer $API_TOKEN" \
+	'https://api.hetzner.cloud/v1/images'
+```
+
+Note that if you use a custom image, the creation of the servers may take longer than when using the default image.
+
+Also note: the option `verify_host_key` is by default set to `false` to disable host key verification. This is because sometimes when creating new servers, Hetzner may assign IP addresses that were previously used by other servers you owned in the past. Therefore the host key verification would fail. If you set this option to `true` and this happens, the tool won't be able to continue creating the cluster until you resolve the issue with one of the suggestions it will give you.
 
 Finally, to create the cluster run:
 
@@ -199,7 +211,7 @@ kubectl label node <master1> <master2> <master2> plan.upgrade.cattle.io/k3s-serv
 To delete a cluster, running
 
 ```bash
-hetzner-k3s delete-cluster --config-file cluster_config.yam
+hetzner-k3s delete-cluster --config-file cluster_config.yaml
 ```
 
 This will delete all the resources in the Hetzner Cloud project for the cluster being deleted.
@@ -242,6 +254,23 @@ I recommend that you create a separate Hetzner project for each cluster, because
 
 ## changelog
 
+- 0.4.9
+  - Ensure the program always exits with exit code 1 if the config file fails validation
+  - Upgrade System Upgrade Controller to 0.8.1
+  - Remove dependency on unmaintained gem k8s-ruby
+  - Make the gem compatible with Ruby 3.1.0
+
+- 0.4.8
+  - Increase timeout with API requests to 30 seconds
+  - Limit number of retries for API requests to 3
+  - Ensure all version tags are listed for k3s (thanks @janosmiko)
+
+- 0.4.7
+  - Made it possible to specify a custom image/snapshot for the servers
+
+- 0.4.6
+  - Added a check to abort gracefully when for some reason one or more servers are not created, for example due to temporary problems with the Hetzner API.
+
 - 0.4.5
   - Fix network creation (bug introduced in the previous version)
 

data/bin/build.sh

@@ -6,9 +6,9 @@ set -e
 
 IMAGE="vitobotta/hetzner-k3s"
 
-docker build -t ${IMAGE}:v0.4.5 \
+docker build -t ${IMAGE}:v9 \
   --platform=linux/amd64 \
-  --cache-from ${IMAGE}:v0.4.4 \
+  --cache-from ${IMAGE}:v0.4.8 \
   --build-arg BUILDKIT_INLINE_CACHE=1 .
 
-docker push vitobotta/hetzner-k3s:v0.4.5
+docker push vitobotta/hetzner-k3s:v0.4.9

data/cluster_config.yaml.example

@@ -1,11 +1,15 @@
 ---
-hetzner_token: blah
+hetzner_token: <your token>
 cluster_name: test
-kubeconfig_path: "../kubeconfig"
+kubeconfig_path: "./kubeconfig"
 k3s_version: v1.21.3+k3s1
-ssh_key_path: "~/.ssh/id_rsa.pub"
+public_ssh_key_path: "~/.ssh/id_rsa.pub"
+private_ssh_key_path: "~/.ssh/id_rsa"
+ssh_allowed_networks:
+  - 0.0.0.0/0
 verify_host_key: false
 location: nbg1
+schedule_workloads_on_masters: false
 masters:
   instance_type: cpx21
   instance_count: 3
@@ -14,5 +18,5 @@ worker_node_pools:
   instance_type: cpx21
   instance_count: 4
 - name: big
-  instance_type: cp321
+  instance_type: cpx31
   instance_count: 2

data/hetzner-k3s.gemspec

@@ -21,10 +21,10 @@ Gem::Specification.new do |spec|
   spec.add_dependency "thor"
   spec.add_dependency "http"
   spec.add_dependency "net-ssh"
-  spec.add_dependency "k8s-ruby"
   spec.add_dependency "sshkey"
   spec.add_dependency "ed25519"
   spec.add_dependency "bcrypt_pbkdf"
+  spec.add_dependency "subprocess"
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.

data/lib/hetzner/infra/client.rb

@@ -36,11 +36,13 @@ module Hetzner
       end
 
       def make_request &block
-        Timeout::timeout(5) do
+        retries ||= 0
+
+        Timeout::timeout(30) do
           block.call
         end
       rescue Timeout::Error
-        retry
+        retry if (retries += 1) < 3
       end
   end
 end

data/lib/hetzner/infra/server.rb

@@ -5,7 +5,7 @@ module Hetzner
       @cluster_name = cluster_name
     end
 
-    def create(location:, instance_type:, instance_id:, firewall_id:, network_id:, ssh_key_id:, placement_group_id:)
+    def create(location:, instance_type:, instance_id:, firewall_id:, network_id:, ssh_key_id:, placement_group_id:, image:)
       puts
 
       server_name = "#{cluster_name}-#{instance_type}-#{instance_id}"
@@ -21,7 +21,7 @@ module Hetzner
       server_config = {
         name: server_name,
         location: location,
-        image: "ubuntu-20.04",
+        image: image,
         firewalls: [
           { firewall: firewall_id }
         ],
@@ -40,12 +40,22 @@ module Hetzner
         placement_group: placement_group_id
       }
 
-      response = hetzner_client.post("/servers", server_config).body
+      response = hetzner_client.post("/servers", server_config)
+      response_body = response.body
+
+      server = JSON.parse(response_body)["server"]
+
+      unless server
+        puts "Error creating server #{server_name}. Response details below:"
+        puts
+        p response
+        return
+      end
 
       puts "...server #{server_name} created."
       puts
 
-      JSON.parse(response)["server"]
+      server
     end
 
     def delete(server_name:)

data/lib/hetzner/k3s/cli.rb

@@ -3,10 +3,12 @@ require "http"
 require "sshkey"
 require 'ipaddr'
 require 'open-uri'
+require "yaml"
 
 require_relative "cluster"
 require_relative "version"
 
+
 module Hetzner
   module K3s
     class CLI < Thor
@@ -24,7 +26,6 @@ module Hetzner
 
       def create_cluster
         validate_config_file :create
-
         Cluster.new(hetzner_client: hetzner_client, hetzner_token: find_hetzner_token).create configuration: configuration
       end
 
@@ -64,14 +65,17 @@ module Hetzner
           if File.exists?(config_file_path)
             begin
               @configuration = YAML.load_file(options[:config_file])
-              raise "invalid" unless configuration.is_a? Hash
-            rescue
+              unless configuration.is_a? Hash
+                raise "Configuration is invalid"
+                exit 1
+              end
+            rescue => e
               puts "Please ensure that the config file is a correct YAML manifest."
-              return
+              exit 1
             end
           else
             puts "Please specify a correct path for the config file."
-            return
+            exit 1
           end
 
           @errors = []
@@ -96,7 +100,6 @@ module Hetzner
           when :upgrade
             validate_kubeconfig_path_must_exist
             validate_new_k3s_version
-            validate_new_k3s_version_must_be_more_recent
           end
 
           errors.flatten!
@@ -198,7 +201,7 @@ module Hetzner
 
         def find_available_releases
           @available_releases ||= begin
-            response = HTTP.get("https://api.github.com/repos/k3s-io/k3s/tags").body
+            response = HTTP.get("https://api.github.com/repos/k3s-io/k3s/tags?per_page=999").body
             JSON.parse(response).map { |hash| hash["name"] }
           end
         rescue
@@ -271,36 +274,6 @@ module Hetzner
           schedule_workloads_on_masters ? !!schedule_workloads_on_masters : false
         end
 
-        def validate_new_k3s_version_must_be_more_recent
-          return if options[:force] == "true"
-          return unless kubernetes_client
-
-          begin
-            Timeout::timeout(5) do
-              servers = kubernetes_client.api("v1").resource("nodes").list
-
-              if servers.size == 0
-                errors << "The cluster seems to have no nodes, nothing to upgrade"
-              else
-                available_releases = find_available_releases
-
-                current_k3s_version = servers.first.dig(:status, :nodeInfo, :kubeletVersion)
-                current_k3s_version_index = available_releases.index(current_k3s_version) || 1000
-
-                new_k3s_version = options[:new_k3s_version]
-                new_k3s_version_index = available_releases.index(new_k3s_version) || 1000
-
-                unless new_k3s_version_index < current_k3s_version_index
-                  errors << "The new k3s version must be more recent than the current one"
-                end
-              end
-            end
-
-          rescue Timeout::Error
-            puts "Cannot upgrade: Unable to fetch nodes from Kubernetes API. Is the cluster online?"
-          end
-        end
-
         def validate_instance_group(instance_group, workers: true)
           instance_group_errors = []
 
@@ -333,17 +306,6 @@ module Hetzner
           errors << instance_group_errors
         end
 
-        def kubernetes_client
-          return @kubernetes_client if @kubernetes_client
-
-          config_hash = YAML.load_file(File.expand_path(configuration["kubeconfig_path"]))
-          config_hash['current-context'] = configuration["cluster_name"]
-          @kubernetes_client = K8s::Client.config(K8s::Config.new(config_hash))
-        rescue
-          errors << "Cannot connect to the Kubernetes cluster"
-          false
-        end
-
         def validate_verify_host_key
           return unless [true, false].include?(configuration.fetch("public_ssh_key_path", false))
           errors << "Please set the verify_host_key option to either true or false"

data/lib/hetzner/k3s/cluster.rb

@@ -2,8 +2,8 @@ require 'thread'
 require 'net/ssh'
 require "securerandom"
 require "base64"
-require "k8s-ruby"
 require 'timeout'
+require "subprocess"
 
 require_relative "../infra/client"
 require_relative "../infra/firewall"
@@ -13,10 +13,12 @@ require_relative "../infra/server"
 require_relative "../infra/load_balancer"
 require_relative "../infra/placement_group"
 
-require_relative "../k3s/client_patch"
+require_relative "../utils"
 
 
 class Cluster
+  include Utils
+
   def initialize(hetzner_client:, hetzner_token:)
     @hetzner_client = hetzner_client
     @hetzner_token = hetzner_token
@@ -76,7 +78,7 @@ class Cluster
 
     attr_reader :hetzner_client, :cluster_name, :kubeconfig_path, :k3s_version,
                 :masters_config, :worker_node_pools,
-                :location, :public_ssh_key_path, :kubernetes_client,
+                :location, :public_ssh_key_path,
                 :hetzner_token, :tls_sans, :new_k3s_version, :configuration,
                 :config_file, :verify_host_key, :networks, :private_ssh_key_path, :configuration
 
@@ -120,7 +122,8 @@ class Cluster
           firewall_id: firewall_id,
           network_id: network_id,
           ssh_key_id: ssh_key_id,
-          placement_group_id: placement_group_id
+          placement_group_id: placement_group_id,
+          image: image
         }
       end
 
@@ -144,19 +147,24 @@ class Cluster
             firewall_id: firewall_id,
             network_id: network_id,
             ssh_key_id: ssh_key_id,
-            placement_group_id: placement_group_id
+            placement_group_id: placement_group_id,
+            image: image
           }
         end
       end
 
       threads = server_configs.map do |server_config|
         Thread.new do
-          servers << Hetzner::Server.new(hetzner_client: hetzner_client, cluster_name: cluster_name).create(server_config)
+          servers << Hetzner::Server.new(hetzner_client: hetzner_client, cluster_name: cluster_name).create(**server_config)
         end
       end
 
       threads.each(&:join) unless threads.empty?
 
+      while servers.size != server_configs.size
+        sleep 1
+      end
+
       puts
       threads = servers.map do |server|
         Thread.new { wait_for_ssh server }
@@ -201,25 +209,71 @@ class Cluster
     end
 
     def upgrade_cluster
-      resources = K8s::Resource.from_files(ugrade_plan_manifest_path)
-
-      begin
-        kubernetes_client.api("upgrade.cattle.io/v1").resource("plans").get("k3s-server", namespace: "system-upgrade")
-
-        puts "Aborting - an upgrade is already in progress."
-
-      rescue K8s::Error::NotFound
-        resources.each do |resource|
-          kubernetes_client.create_resource(resource)
-        end
-
-        puts "Upgrade will now start. Run `watch kubectl get nodes` to see the nodes being upgraded. This should take a few minutes for a small cluster."
-        puts "The API server may be briefly unavailable during the upgrade of the controlplane."
-
-        configuration["k3s_version"] = new_k3s_version
+      worker_upgrade_concurrency = workers.size - 1
+      worker_upgrade_concurrency = 1 if worker_upgrade_concurrency == 0
 
-        File.write(config_file, configuration.to_yaml)
-      end
+      cmd = <<~EOS
+        kubectl apply -f - <<-EOF
+          apiVersion: upgrade.cattle.io/v1
+          kind: Plan
+          metadata:
+            name: k3s-server
+            namespace: system-upgrade
+            labels:
+              k3s-upgrade: server
+          spec:
+            concurrency: 1
+            version: #{new_k3s_version}
+            nodeSelector:
+              matchExpressions:
+                - {key: node-role.kubernetes.io/master, operator: In, values: ["true"]}
+            serviceAccountName: system-upgrade
+            tolerations:
+            - key: "CriticalAddonsOnly"
+              operator: "Equal"
+              value: "true"
+              effect: "NoExecute"
+            cordon: true
+            upgrade:
+              image: rancher/k3s-upgrade
+        EOF
+      EOS
+
+      run cmd, kubeconfig_path: kubeconfig_path
+
+      cmd = <<~EOS
+        kubectl apply -f - <<-EOF
+          apiVersion: upgrade.cattle.io/v1
+          kind: Plan
+          metadata:
+            name: k3s-agent
+            namespace: system-upgrade
+            labels:
+              k3s-upgrade: agent
+          spec:
+            concurrency: #{worker_upgrade_concurrency}
+            version: #{new_k3s_version}
+            nodeSelector:
+              matchExpressions:
+                - {key: node-role.kubernetes.io/master, operator: NotIn, values: ["true"]}
+            serviceAccountName: system-upgrade
+            prepare:
+              image: rancher/k3s-upgrade
+              args: ["prepare", "k3s-server"]
+            cordon: true
+            upgrade:
+              image: rancher/k3s-upgrade
+        EOF
+      EOS
+
+      run cmd, kubeconfig_path: kubeconfig_path
+
+      puts "Upgrade will now start. Run `watch kubectl get nodes` to see the nodes being upgraded. This should take a few minutes for a small cluster."
+      puts "The API server may be briefly unavailable during the upgrade of the controlplane."
+
+      configuration["k3s_version"] = new_k3s_version
+
+      File.write(config_file, configuration.to_yaml)
     end
 
 
@@ -230,28 +284,28 @@ class Cluster
       taint = schedule_workloads_on_masters? ? " " : " --node-taint CriticalAddonsOnly=true:NoExecute "
 
       <<~EOF
-      curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="#{k3s_version}" K3S_TOKEN="#{k3s_token}" INSTALL_K3S_EXEC="server \
-        --disable-cloud-controller \
-        --disable servicelb \
-        --disable traefik \
-        --disable local-storage \
-        --disable metrics-server \
-        --write-kubeconfig-mode=644 \
-        --node-name="$(hostname -f)" \
-        --cluster-cidr=10.244.0.0/16 \
-        --etcd-expose-metrics=true \
-        --kube-controller-manager-arg="address=0.0.0.0" \
-        --kube-controller-manager-arg="bind-address=0.0.0.0" \
-        --kube-proxy-arg="metrics-bind-address=0.0.0.0" \
-        --kube-scheduler-arg="address=0.0.0.0" \
-        --kube-scheduler-arg="bind-address=0.0.0.0" \
-        #{taint} \
-        --kubelet-arg="cloud-provider=external" \
-        --advertise-address=$(hostname -I | awk '{print $2}') \
-        --node-ip=$(hostname -I | awk '{print $2}') \
-        --node-external-ip=$(hostname -I | awk '{print $1}') \
-        --flannel-iface=#{flannel_interface} \
-        #{server} #{tls_sans}" sh -
+        curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="#{k3s_version}" K3S_TOKEN="#{k3s_token}" INSTALL_K3S_EXEC="server \
+          --disable-cloud-controller \
+          --disable servicelb \
+          --disable traefik \
+          --disable local-storage \
+          --disable metrics-server \
+          --write-kubeconfig-mode=644 \
+          --node-name="$(hostname -f)" \
+          --cluster-cidr=10.244.0.0/16 \
+          --etcd-expose-metrics=true \
+          --kube-controller-manager-arg="address=0.0.0.0" \
+          --kube-controller-manager-arg="bind-address=0.0.0.0" \
+          --kube-proxy-arg="metrics-bind-address=0.0.0.0" \
+          --kube-scheduler-arg="address=0.0.0.0" \
+          --kube-scheduler-arg="bind-address=0.0.0.0" \
+          #{taint} \
+          --kubelet-arg="cloud-provider=external" \
+          --advertise-address=$(hostname -I | awk '{print $2}') \
+          --node-ip=$(hostname -I | awk '{print $2}') \
+          --node-external-ip=$(hostname -I | awk '{print $1}') \
+          --flannel-iface=#{flannel_interface} \
+          #{server} #{tls_sans}" sh -
       EOF
     end
 
@@ -259,12 +313,12 @@ class Cluster
       flannel_interface = find_flannel_interface(worker)
 
       <<~EOF
-      curl -sfL https://get.k3s.io | K3S_TOKEN="#{k3s_token}" INSTALL_K3S_VERSION="#{k3s_version}" K3S_URL=https://#{first_master_private_ip}:6443 INSTALL_K3S_EXEC="agent \
-        --node-name="$(hostname -f)" \
-        --kubelet-arg="cloud-provider=external" \
-        --node-ip=$(hostname -I | awk '{print $2}') \
-        --node-external-ip=$(hostname -I | awk '{print $1}') \
-        --flannel-iface=#{flannel_interface}" sh -
+        curl -sfL https://get.k3s.io | K3S_TOKEN="#{k3s_token}" INSTALL_K3S_VERSION="#{k3s_version}" K3S_URL=https://#{first_master_private_ip}:6443 INSTALL_K3S_EXEC="agent \
+          --node-name="$(hostname -f)" \
+          --kubelet-arg="cloud-provider=external" \
+          --node-ip=$(hostname -I | awk '{print $2}') \
+          --node-external-ip=$(hostname -I | awk '{print $1}') \
+          --flannel-iface=#{flannel_interface}" sh -
       EOF
     end
 
@@ -311,201 +365,71 @@ class Cluster
     end
 
     def deploy_cloud_controller_manager
+      check_kubectl
+
       puts
       puts "Deploying Hetzner Cloud Controller Manager..."
 
-      begin
-        kubernetes_client.api("v1").resource("secrets").get("hcloud", namespace: "kube-system")
-
-      rescue K8s::Error::NotFound
-        secret = K8s::Resource.new(
-          apiVersion: "v1",
-          kind: "Secret",
-          metadata: {
-            namespace: 'kube-system',
-            name: 'hcloud',
-          },
-          data: {
-            network: Base64.encode64(cluster_name),
-            token: Base64.encode64(hetzner_token)
-          }
-        )
-
-        kubernetes_client.api('v1').resource('secrets').create_resource(secret)
-      end
-
-
-      manifest = fetch_manifest("https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/latest/download/ccm-networks.yaml")
-
-      File.write("/tmp/cloud-controller-manager.yaml", manifest)
-
-      resources = K8s::Resource.from_files("/tmp/cloud-controller-manager.yaml")
-
-      begin
-        kubernetes_client.api("apps/v1").resource("deployments").get("hcloud-cloud-controller-manager", namespace: "kube-system")
+      cmd = <<~EOS
+        kubectl apply -f - <<-EOF
+          apiVersion: "v1"
+          kind: "Secret"
+          metadata:
+            namespace: 'kube-system'
+            name: 'hcloud'
+          stringData:
+            network: "#{cluster_name}"
+            token: "#{hetzner_token}"
+        EOF
+      EOS
 
-        resources.each do |resource|
-          kubernetes_client.update_resource(resource)
-        end
+      run cmd, kubeconfig_path: kubeconfig_path
 
-      rescue K8s::Error::NotFound
-        resources.each do |resource|
-          kubernetes_client.create_resource(resource)
-        end
+      cmd = "kubectl apply -f https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/latest/download/ccm-networks.yaml"
 
-      end
+      run cmd, kubeconfig_path: kubeconfig_path
 
       puts "...Cloud Controller Manager deployed"
-    rescue Excon::Error::Socket
-      retry
-    end
-
-    def fetch_manifest(url)
-      retries ||= 1
-      HTTP.follow.get(url).body
-    rescue
-      retry if (retries += 1) <= 10
     end
 
     def deploy_system_upgrade_controller
+      check_kubectl
+
       puts
       puts "Deploying k3s System Upgrade Controller..."
 
-      manifest = HTTP.follow.get("https://github.com/rancher/system-upgrade-controller/releases/download/v0.8.0/system-upgrade-controller.yaml").body
+      cmd = "kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/download/v0.8.1/system-upgrade-controller.yaml"
 
-      File.write("/tmp/system-upgrade-controller.yaml", manifest)
-
-      resources = K8s::Resource.from_files("/tmp/system-upgrade-controller.yaml")
-
-      begin
-        kubernetes_client.api("apps/v1").resource("deployments").get("system-upgrade-controller", namespace: "system-upgrade")
-
-        resources.each do |resource|
-          kubernetes_client.update_resource(resource)
-        end
-
-      rescue K8s::Error::NotFound
-        resources.each do |resource|
-          kubernetes_client.create_resource(resource)
-        end
-
-      end
+      run cmd, kubeconfig_path: kubeconfig_path
 
       puts "...k3s System Upgrade Controller deployed"
-    rescue Excon::Error::Socket
-      retry
     end
 
     def deploy_csi_driver
+      check_kubectl
+
       puts
       puts "Deploying Hetzner CSI Driver..."
 
-      begin
-        kubernetes_client.api("v1").resource("secrets").get("hcloud-csi", namespace: "kube-system")
-
-      rescue K8s::Error::NotFound
-        secret = K8s::Resource.new(
-          apiVersion: "v1",
-          kind: "Secret",
-          metadata: {
-            namespace: 'kube-system',
-            name: 'hcloud-csi',
-          },
-          data: {
-            token: Base64.encode64(hetzner_token)
-          }
-        )
-
-        kubernetes_client.api('v1').resource('secrets').create_resource(secret)
-      end
-
-
-      manifest = HTTP.follow.get("https://raw.githubusercontent.com/hetznercloud/csi-driver/v1.6.0/deploy/kubernetes/hcloud-csi.yml").body
-
-      File.write("/tmp/csi-driver.yaml", manifest)
+      cmd = <<~EOS
+        kubectl apply -f - <<-EOF
+          apiVersion: "v1"
+          kind: "Secret"
+          metadata:
+            namespace: 'kube-system'
+            name: 'hcloud-csi'
+          stringData:
+            token: "#{hetzner_token}"
+        EOF
+      EOS
 
-      resources = K8s::Resource.from_files("/tmp/csi-driver.yaml")
+      run cmd, kubeconfig_path: kubeconfig_path
 
-      begin
-        kubernetes_client.api("apps/v1").resource("daemonsets").get("hcloud-csi-node", namespace: "kube-system")
+      cmd = "kubectl apply -f https://raw.githubusercontent.com/hetznercloud/csi-driver/v1.6.0/deploy/kubernetes/hcloud-csi.yml"
 
-
-        resources.each do |resource|
-          begin
-            kubernetes_client.update_resource(resource)
-          rescue K8s::Error::Invalid => e
-            raise e unless e.message =~ /must be specified/i
-          end
-        end
-
-      rescue K8s::Error::NotFound
-        resources.each do |resource|
-          kubernetes_client.create_resource(resource)
-        end
-
-      end
+      run cmd, kubeconfig_path: kubeconfig_path
 
       puts "...CSI Driver deployed"
-    rescue Excon::Error::Socket
-      retry
-    end
-
-    def wait_for_ssh(server)
-      Timeout::timeout(5) do
-        server_name = server["name"]
-
-        puts "Waiting for server #{server_name} to be up..."
-
-        loop do
-          result = ssh(server, "echo UP")
-          break if result == "UP"
-        end
-
-        puts "...server #{server_name} is now up."
-      end
-    rescue Errno::ENETUNREACH, Errno::EHOSTUNREACH, Timeout::Error, IOError
-      retry
-    end
-
-    def ssh(server, command, print_output: false)
-      public_ip = server.dig("public_net", "ipv4", "ip")
-      output = ""
-
-      params = { verify_host_key: (verify_host_key ? :always : :never) }
-
-      if private_ssh_key_path
-        params[:keys] = [private_ssh_key_path]
-      end
-
-      Net::SSH.start(public_ip, "root", params) do |session|
-        session.exec!(command) do |channel, stream, data|
-          output << data
-          puts data if print_output
-        end
-      end
-      output.chop
-    rescue Net::SSH::Disconnect => e
-      retry unless e.message =~ /Too many authentication failures/
-    rescue Net::SSH::ConnectionTimeout, Errno::ECONNREFUSED, Errno::ENETUNREACH, Errno::EHOSTUNREACH
-      retry
-    rescue Net::SSH::AuthenticationFailed
-      puts
-      puts "Cannot continue: SSH authentication failed. Please ensure that the private SSH key is correct."
-      exit 1
-    rescue Net::SSH::HostKeyMismatch
-      puts
-      puts "Cannot continue: Unable to SSH into server with IP #{public_ip} because the existing fingerprint in the known_hosts file does not match that of the actual host key."
-      puts "This is due to a security check but can also happen when creating a new server that gets assigned the same IP address as another server you've owned in the past."
-      puts "If are sure no security is being violated here and you're just creating new servers, you can eiher remove the relevant lines from your known_hosts (see IPs from the cloud console) or disable host key verification by setting the option 'verify_host_key' to false in the configuration file for the cluster."
-      exit 1
-    end
-
-    def kubernetes_client
-      return @kubernetes_client if @kubernetes_client
-
-      config_hash = YAML.load_file(kubeconfig_path)
-      config_hash['current-context'] = cluster_name
-      @kubernetes_client = K8s::Client.config(K8s::Config.new(config_hash))
     end
 
     def find_flannel_interface(server)
@@ -585,63 +509,6 @@ class Cluster
       FileUtils.chmod "go-r", kubeconfig_path
     end
 
-    def ugrade_plan_manifest_path
-      worker_upgrade_concurrency = workers.size - 1
-      worker_upgrade_concurrency = 1 if worker_upgrade_concurrency == 0
-
-      manifest = <<~EOF
-        apiVersion: upgrade.cattle.io/v1
-        kind: Plan
-        metadata:
-          name: k3s-server
-          namespace: system-upgrade
-          labels:
-            k3s-upgrade: server
-        spec:
-          concurrency: 1
-          version: #{new_k3s_version}
-          nodeSelector:
-            matchExpressions:
-              - {key: node-role.kubernetes.io/master, operator: In, values: ["true"]}
-          serviceAccountName: system-upgrade
-          tolerations:
-          - key: "CriticalAddonsOnly"
-            operator: "Equal"
-            value: "true"
-            effect: "NoExecute"
-          cordon: true
-          upgrade:
-            image: rancher/k3s-upgrade
-        ---
-        apiVersion: upgrade.cattle.io/v1
-        kind: Plan
-        metadata:
-          name: k3s-agent
-          namespace: system-upgrade
-          labels:
-            k3s-upgrade: agent
-        spec:
-          concurrency: #{worker_upgrade_concurrency}
-          version: #{new_k3s_version}
-          nodeSelector:
-            matchExpressions:
-              - {key: node-role.kubernetes.io/master, operator: NotIn, values: ["true"]}
-          serviceAccountName: system-upgrade
-          prepare:
-            image: rancher/k3s-upgrade
-            args: ["prepare", "k3s-server"]
-          cordon: true
-          upgrade:
-            image: rancher/k3s-upgrade
-      EOF
-
-      temp_file_path = "/tmp/k3s-upgrade-plan.yaml"
-
-      File.write(temp_file_path, manifest)
-
-      temp_file_path
-    end
-
     def belongs_to_cluster?(server)
       server.dig("labels", "cluster") == cluster_name
     end
@@ -651,4 +518,15 @@ class Cluster
       schedule_workloads_on_masters ? !!schedule_workloads_on_masters : false
     end
 
+    def image
+      configuration.dig("image") || "ubuntu-20.04"
+    end
+
+    def check_kubectl
+      unless which("kubectl")
+        puts "Please ensure kubectl is installed and in your PATH."
+        exit 1
+      end
+    end
+
 end

data/lib/hetzner/k3s/version.rb

@@ -1,5 +1,5 @@
 module Hetzner
   module K3s
-    VERSION = "0.4.5"
+    VERSION = "0.4.9"
   end
 end

data/lib/hetzner/utils.rb

@@ -0,0 +1,99 @@
+module Utils
+  def which(cmd)
+    exts = ENV['PATHEXT'] ? ENV['PATHEXT'].split(';') : ['']
+    ENV['PATH'].split(File::PATH_SEPARATOR).each do |path|
+      exts.each do |ext|
+        exe = File.join(path, "#{cmd}#{ext}")
+        return exe if File.executable?(exe) && !File.directory?(exe)
+      end
+    end
+    nil
+  end
+
+  def run(command, kubeconfig_path:)
+    env = ENV.to_hash.merge({
+      "KUBECONFIG" => kubeconfig_path
+    })
+
+    cmd_path = "/tmp/cli.cmd"
+
+    File.open(cmd_path, "w") do |f|
+      f.write("set -euo pipefail\n")
+      f.write(command)
+    end
+
+    FileUtils.chmod("+x", cmd_path)
+
+    begin
+      process = nil
+
+      at_exit do
+        begin
+          process&.send_signal("SIGTERM")
+        rescue Errno::ESRCH, Interrupt
+        end
+      end
+
+      Subprocess.check_call(["bash", "-c", cmd_path], env: env) do |p|
+        process = p
+      end
+
+    rescue Subprocess::NonZeroExit
+      puts "Command failed: non-zero exit code"
+      exit 1
+    rescue Interrupt
+      puts "Command interrupted"
+      exit 1
+    end
+  end
+
+  def wait_for_ssh(server)
+    Timeout::timeout(5) do
+      server_name = server["name"]
+
+      puts "Waiting for server #{server_name} to be up..."
+
+      loop do
+        result = ssh(server, "echo UP")
+        break if result == "UP"
+      end
+
+      puts "...server #{server_name} is now up."
+    end
+  rescue Errno::ENETUNREACH, Errno::EHOSTUNREACH, Timeout::Error, IOError
+    retry
+  end
+
+  def ssh(server, command, print_output: false)
+    public_ip = server.dig("public_net", "ipv4", "ip")
+    output = ""
+
+    params = { verify_host_key: (verify_host_key ? :always : :never) }
+
+    if private_ssh_key_path
+      params[:keys] = [private_ssh_key_path]
+    end
+
+    Net::SSH.start(public_ip, "root", params) do |session|
+      session.exec!(command) do |channel, stream, data|
+        output << data
+        puts data if print_output
+      end
+    end
+    output.chop
+  rescue Net::SSH::Disconnect => e
+    retry unless e.message =~ /Too many authentication failures/
+  rescue Net::SSH::ConnectionTimeout, Errno::ECONNREFUSED, Errno::ENETUNREACH, Errno::EHOSTUNREACH
+    retry
+  rescue Net::SSH::AuthenticationFailed
+    puts
+    puts "Cannot continue: SSH authentication failed. Please ensure that the private SSH key is correct."
+    exit 1
+  rescue Net::SSH::HostKeyMismatch
+    puts
+    puts "Cannot continue: Unable to SSH into server with IP #{public_ip} because the existing fingerprint in the known_hosts file does not match that of the actual host key."
+    puts "This is due to a security check but can also happen when creating a new server that gets assigned the same IP address as another server you've owned in the past."
+    puts "If are sure no security is being violated here and you're just creating new servers, you can eiher remove the relevant lines from your known_hosts (see IPs from the cloud console) or disable host key verification by setting the option 'verify_host_key' to false in the configuration file for the cluster."
+    exit 1
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hetzner-k3s
 version: !ruby/object:Gem::Version
-  version: 0.4.5
+  version: 0.4.9
 platform: ruby
 authors:
 - Vito Botta
-autorequire: 
+autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-11-03 00:00:00.000000000 Z
+date: 2022-01-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -53,7 +53,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: k8s-ruby
+  name: sshkey
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -67,7 +67,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: sshkey
+  name: ed25519
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -81,7 +81,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: ed25519
+  name: bcrypt_pbkdf
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -95,7 +95,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: bcrypt_pbkdf
+  name: subprocess
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -119,6 +119,7 @@ extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rspec"
+- ".ruby-version"
 - ".travis.yml"
 - CODE_OF_CONDUCT.md
 - Dockerfile
@@ -144,9 +145,9 @@ files:
 - lib/hetzner/infra/server.rb
 - lib/hetzner/infra/ssh_key.rb
 - lib/hetzner/k3s/cli.rb
-- lib/hetzner/k3s/client_patch.rb
 - lib/hetzner/k3s/cluster.rb
 - lib/hetzner/k3s/version.rb
+- lib/hetzner/utils.rb
 homepage: https://github.com/vitobotta/hetzner-k3s
 licenses:
 - MIT
@@ -154,7 +155,7 @@ metadata:
   homepage_uri: https://github.com/vitobotta/hetzner-k3s
   source_code_uri: https://github.com/vitobotta/hetzner-k3s
   changelog_uri: https://github.com/vitobotta/hetzner-k3s
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -169,8 +170,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
-signing_key: 
+rubygems_version: 3.3.3
+signing_key:
 specification_version: 4
 summary: A CLI to create a Kubernetes cluster in Hetzner Cloud very quickly using
   k3s.

data/lib/hetzner/k3s/client_patch.rb

@@ -1,38 +0,0 @@
-module K8s
-  class ResourceClient
-    def initialize(transport, api_client, api_resource, namespace: nil, resource_class: K8s::Resource)
-      @transport = transport
-      @api_client = api_client
-      @api_resource = api_resource
-      @namespace = namespace
-      @resource_class = resource_class
-
-      if @api_resource.name.include? '/'
-        @resource, @subresource = @api_resource.name.split('/', 2)
-      else
-        @resource = @api_resource.name
-        @subresource = nil
-      end
-
-      # fail "Resource #{api_resource.name} is not namespaced" unless api_resource.namespaced || !namespace
-    end
-
-    def path(name = nil, subresource: @subresource, namespace: @namespace)
-      namespace_part = namespace ? ['namespaces', namespace] : []
-
-      if namespaced?
-        if name && subresource
-          @api_client.path(*namespace_part, @resource, name, subresource)
-        elsif name
-          @api_client.path(*namespace_part, @resource, name)
-        else namespaced?
-          @api_client.path(*namespace_part, @resource)
-        end
-      elsif name
-        @api_client.path(@resource, name)
-      else
-        @api_client.path(@resource)
-      end
-    end
-  end
-end