hetzner-k3s 0.5.5 → 0.5.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 54bad08b660435283978314edf5d2823fd98a72958051615efc8ec5b24ce0b88
-  data.tar.gz: 653edb24301d237515b4abfae4538893f40f4707d462c3344f083a082d0fe0e8
+  metadata.gz: c0d855f62ab9e222986d220edcdde203f7eb363ab725c8aa4e1f1389f2b251e2
+  data.tar.gz: 19d6a1ff6769cbec2207539d615d6a873eaede07aec9b15a43e6ef9d79101731
 SHA512:
-  metadata.gz: 93536c6ddf9091ed6c148388e4f29dd2630fd5daf03dd7feafe218cc1dad97ebc3bf3db01799126a9fed70003b2b57db1eb73a81ad807362459c95190527684e
-  data.tar.gz: 6bf703828e75363b7ba03ec413b4eff9ab97ca06c2cd8d4f82baca05fc2c32e43d86f0137f1f8f5af0dc4455b7edf157f74bda1621869beb89432058a78b0dcd
+  metadata.gz: d8fdc127e71f790e530d3abf97ca30d22b28d75eff687e436d1351336595ae7ba912c0c947c8b1738ab9d50447e577c4be753db3c20a2bfbcca195fcc6a0d193
+  data.tar.gz: 5cb4203c6270f0e82b66049fefd7244aaeb42e1dd89e257a0e1ba4b126db04ed8adf27b715b10874248f6661b6fed3126e562913ec2342f086bbff4c717c329b

data/.rubocop.yml

@@ -119,3 +119,17 @@ Metrics/ParameterLists:
 Style/FrozenStringLiteralComment:
   Exclude:
     - exe/hetzner-k3s
+Lint/RefinementImportMethods: # new in 1.27
+  Enabled: true
+Security/CompoundHash: # new in 1.28
+  Enabled: true
+Style/EnvHome: # new in 1.29
+  Enabled: true
+Style/FetchEnvVar: # new in 1.28
+  Enabled: true
+Style/NestedFileDirname: # new in 1.26
+  Enabled: true
+Style/ObjectThen: # new in 1.28
+  Enabled: true
+Style/RedundantInitialize: # new in 1.27
+  Enabled: true

data/.ruby-version

@@ -1 +1 @@
-3.1.0
+ruby-3.1.2

data/Dockerfile

@@ -1,4 +1,4 @@
-FROM ruby:3.1.0-alpine
+FROM ruby:3.1.2-alpine
 
 RUN apk update --no-cache \
   && apk add build-base git openssh-client curl bash

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    hetzner-k3s (0.5.5)
+    hetzner-k3s (0.5.7)
       bcrypt_pbkdf
       ed25519
       http
@@ -30,7 +30,7 @@ GEM
       http-cookie (~> 1.0)
       http-form_data (~> 2.2)
       http-parser (~> 1.2.0)
-    http-cookie (1.0.4)
+    http-cookie (1.0.5)
       domain_name (~> 0.5)
     http-form_data (2.3.0)
     http-parser (1.2.3)
@@ -39,7 +39,7 @@ GEM
     parallel (1.21.0)
     parser (3.1.0.0)
       ast (~> 2.4.1)
-    public_suffix (4.0.6)
+    public_suffix (4.0.7)
     rainbow (3.1.1)
     rake (12.3.3)
     regexp_parser (2.2.0)
@@ -74,7 +74,7 @@ GEM
     thor (1.2.1)
     unf (0.1.4)
       unf_ext
-    unf_ext (0.0.8)
+    unf_ext (0.0.8.2)
     unicode-display_width (2.1.0)
 
 PLATFORMS
@@ -87,4 +87,4 @@ DEPENDENCIES
   rubocop
 
 BUNDLED WITH
-   2.3.4
+   2.3.14

data/README.md

@@ -16,6 +16,8 @@ Using this tool, creating a highly available k3s cluster with 3 masters for the
 
 See roadmap [here](https://github.com/vitobotta/hetzner-k3s/projects/1) for the features planned or in progress.
 
+Also see this [wiki page](https://github.com/vitobotta/hetzner-k3s/wiki/Tutorial:---Setting-up-a-cluster) for a tutorial on how to set up a cluster with the most common setup to get you started.
+
 ## Requirements
 
 All that is needed to use this tool is
@@ -26,7 +28,7 @@ All that is needed to use this tool is
 
 ## Installation
 
-Once you have the Ruby runtime up and running (3.1.0 or newer), you just need to install the gem:
+Once you have the Ruby runtime up and running (3.1.2 or newer), you just need to install the gem:
 
 ```bash
 gem install hetzner-k3s
@@ -39,7 +41,12 @@ This will install the `hetzner-k3s` executable in your PATH.
 Alternatively, if you don't want to set up a Ruby runtime but have Docker installed, you can use a container. Run the following from inside the directory where you have the config file for the cluster (described in the next section):
 
 ```bash
-docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.5.5 create-cluster --config-file /cluster/test.yaml
+docker run --rm -it \
+  -v ${PWD}:/cluster \
+  -v ${HOME}/.ssh:/tmp/.ssh \
+  vitobotta/hetzner-k3s:v0.5.8 \
+  create-cluster \
+  --config-file /cluster/test.yaml
 ```
 
 Replace `test.yaml` with the name of your config file.
@@ -73,6 +80,11 @@ worker_node_pools:
   instance_count: 2
 additional_packages:
 - somepackage
+post_create_commands:
+- apt update
+- apt upgrade -y
+- apt autoremove -y
+- shutdown -r now
 enable_encryption: true
 # kube_api_server_args:
 # - arg1
@@ -109,7 +121,7 @@ If you set `masters.instance_count` to 1 then the tool will create a non highly
 
 You can specify any number of worker node pools for example to have mixed nodes with different specs for different workloads.
 
-At the moment Hetzner Cloud has four locations: two in Germany (`nbg1`, Nuremberg and `fsn1`, Falkensteing), one in Finland (`hel1`, Helsinki) and one in the USA (`ash`, Ashburn, Virginia). Please note that the Ashburn, Virginia location has just
+At the moment Hetzner Cloud has four locations: two in Germany (`nbg1`, Nuremberg and `fsn1`, Falkenstein), one in Finland (`hel1`, Helsinki) and one in the USA (`ash`, Ashburn, Virginia). Please note that the Ashburn, Virginia location has just
 been announced and it's limited to AMD instances for now.
 
 For the available instance types and their specs, either check from inside a project when adding a server manually or run the following with your Hetzner token:
@@ -159,6 +171,8 @@ The `create-cluster` command can be run any number of times with the same config
 
 To add one or more nodes to a node pool, just change the instance count in the configuration file for that node pool and re-run the create command.
 
+**Important**: if you are increasing the size of a node pool created prior to v0.5.7, please see [this thread](https://github.com/vitobotta/hetzner-k3s/issues/80).
+
 ### Scaling down a node pool
 
 To make a node pool smaller:
@@ -194,7 +208,6 @@ Note that the API server will briefly be unavailable during the upgrade of the c
 
 To check the upgrade progress, run `watch kubectl get nodes -owide`. You will see the masters being upgraded one per time, followed by the worker nodes.
 
-
 ### What to do if the upgrade doesn't go smoothly
 
 If the upgrade gets stuck for some reason, or it doesn't upgrade all the nodes:
@@ -220,7 +233,8 @@ I have noticed that sometimes I need to re-run the upgrade command a couple of t
 You can also check the logs of the system upgrade controller's pod:
 
 ```bash
-kubectl -n system-upgrade logs -f $(kubectl -n system-upgrade get pod -l pod-template-hash -o jsonpath="{.items[0].metadata.name}")
+kubectl -n system-upgrade \
+  logs -f $(kubectl -n system-upgrade get pod -l pod-template-hash -o jsonpath="{.items[0].metadata.name}")
 ```
 
 A final note about upgrades is that if for some reason the upgrade gets stuck after upgrading the masters and before upgrading the worker nodes, just cleaning up the resources as described above might not be enough. In that case also try running the following to tell the upgrade job for the workers that the masters have already been upgraded, so the upgrade can continue for the workers:
@@ -229,6 +243,15 @@ A final note about upgrades is that if for some reason the upgrade gets stuck af
 kubectl label node <master1> <master2> <master2> plan.upgrade.cattle.io/k3s-server=upgraded
 ```
 
+## Upgrading the OS on nodes
+
+- consider adding a temporary node during the process if you don't have enough spare capacity in the cluster
+- drain one node
+- update etc
+- reboot
+- uncordon
+- proceed with the next node
+
 ## Deleting a cluster
 
 To delete a cluster, running
@@ -263,7 +286,7 @@ I set `load-balancer.hetzner.cloud/hostname` to a valid hostname that I configur
 
 The annotation `load-balancer.hetzner.cloud/use-private-ip: "true"` ensures that the communication between the load balancer and the nodes happens through the private network, so we don't have to open any ports on the nodes (other than the port 6443 for the Kubernetes API server).
 
-The other annotations should be self explanatory. You can find a list of the available annotations here.
+The other annotations should be self explanatory. You can find a list of the available annotations [here](https://pkg.go.dev/github.com/hetznercloud/hcloud-cloud-controller-manager/internal/annotation).
 
 ## Persistent volumes
 
@@ -279,6 +302,10 @@ I recommend that you create a separate Hetzner project for each cluster, because
 
 Please create a PR if you want to propose any changes, or open an issue if you are having trouble with the tool - I will do my best to help if I can.
 
+Contributors:
+
+- [TitanFighter](https://github.com/TitanFighter) for [this awesome tutorial](https://github.com/vitobotta/hetzner-k3s/wiki/Tutorial:---Setting-up-a-cluster)
+
 ## License
 
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/bin/build.sh

@@ -2,13 +2,11 @@
 
 set -e
 
-
-
 IMAGE="vitobotta/hetzner-k3s"
 
-docker build -t ${IMAGE}:v0.5.5 \
+docker build -t ${IMAGE}:v0.5.8 \
   --platform=linux/amd64 \
-  --cache-from ${IMAGE}:v0.5.4 \
+  --cache-from ${IMAGE}:v0.5.7 \
   --build-arg BUILDKIT_INLINE_CACHE=1 .
 
-docker push vitobotta/hetzner-k3s:v0.5.5
+docker push vitobotta/hetzner-k3s:v0.5.8

data/hetzner-k3s.gemspec

@@ -12,7 +12,7 @@ Gem::Specification.new do |spec|
   spec.description   = 'A CLI to create a Kubernetes cluster in Hetzner Cloud very quickly using k3s.'
   spec.homepage      = 'https://github.com/vitobotta/hetzner-k3s'
   spec.license       = 'MIT'
-  spec.required_ruby_version = Gem::Requirement.new('>= 3.1.0')
+  spec.required_ruby_version = Gem::Requirement.new('>= 3.1.2')
 
   # spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
 

data/lib/hetzner/infra/server.rb

@@ -7,13 +7,20 @@ module Hetzner
       @cluster_name = cluster_name
     end
 
-    def create(location:, instance_type:, instance_id:, firewall_id:, network_id:, ssh_key_id:, placement_group_id:, image:, additional_packages: [])
+    def create(location:, instance_type:, instance_id:, firewall_id:, network_id:, ssh_key_id:, placement_group_id:, image:, additional_packages: [], additional_post_create_commands: [])
+      @location = location
+      @instance_type = instance_type
+      @instance_id = instance_id
+      @firewall_id = firewall_id
+      @network_id = network_id
+      @ssh_key_id = ssh_key_id
+      @placement_group_id = placement_group_id
+      @image = image
       @additional_packages = additional_packages
+      @additional_post_create_commands = additional_post_create_commands
 
       puts
 
-      server_name = "#{cluster_name}-#{instance_type}-#{instance_id}"
-
       if (server = find_server(server_name))
         puts "Server #{server_name} already exists, skipping."
         puts
@@ -22,44 +29,16 @@ module Hetzner
 
       puts "Creating server #{server_name}..."
 
-      server_config = {
-        name: server_name,
-        location:,
-        image:,
-        firewalls: [
-          { firewall: firewall_id }
-        ],
-        networks: [
-          network_id
-        ],
-        server_type: instance_type,
-        ssh_keys: [
-          ssh_key_id
-        ],
-        user_data:,
-        labels: {
-          cluster: cluster_name,
-          role: (server_name =~ /master/ ? 'master' : 'worker')
-        },
-        placement_group: placement_group_id
-      }
-
-      response = hetzner_client.post('/servers', server_config)
-      response_body = response.body
-
-      server = JSON.parse(response_body)['server']
+      if (server = make_request)
+        puts "...server #{server_name} created."
+        puts
 
-      unless server
+        server
+      else
         puts "Error creating server #{server_name}. Response details below:"
         puts
         p response
-        return
       end
-
-      puts "...server #{server_name} created."
-      puts
-
-      server
     end
 
     def delete(server_name:)
@@ -74,30 +53,78 @@ module Hetzner
 
     private
 
-    attr_reader :hetzner_client, :cluster_name, :additional_packages
+    attr_reader :hetzner_client, :cluster_name, :location, :instance_type, :instance_id, :firewall_id, :network_id, :ssh_key_id, :placement_group_id, :image, :additional_packages, :additional_post_create_commands
 
     def find_server(server_name)
       hetzner_client.get('/servers?sort=created:desc')['servers'].detect { |network| network['name'] == server_name }
     end
 
     def user_data
-      packages = ['fail2ban', 'wireguard']
+      packages = %w[fail2ban wireguard]
       packages += additional_packages if additional_packages
       packages = "'#{packages.join("', '")}'"
 
+      post_create_commands = [
+        'crontab -l > /etc/cron_bkp',
+        'echo "@reboot echo true > /etc/ready" >> /etc/cron_bkp',
+        'crontab /etc/cron_bkp',
+        'sed -i \'s/[#]*PermitRootLogin yes/PermitRootLogin prohibit-password/g\' /etc/ssh/sshd_config',
+        'sed -i \'s/[#]*PasswordAuthentication yes/PasswordAuthentication no/g\' /etc/ssh/sshd_config',
+        'systemctl restart sshd',
+        'systemctl stop systemd-resolved',
+        'systemctl disable systemd-resolved',
+        'rm /etc/resolv.conf',
+        'echo \'nameserver 1.1.1.1\' > /etc/resolv.conf',
+        'echo \'nameserver 1.0.0.1\' >> /etc/resolv.conf'
+      ]
+
+      post_create_commands += additional_post_create_commands if additional_post_create_commands
+
+      post_create_commands += ['shutdown -r now'] if post_create_commands.grep(/shutdown|reboot/).grep_v(/@reboot/).empty?
+
+      post_create_commands = "  - #{post_create_commands.join("\n  - ")}"
+
       <<~YAML
         #cloud-config
         packages: [#{packages}]
         runcmd:
-          - sed -i 's/[#]*PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
-          - sed -i 's/[#]*PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
-          - systemctl restart sshd
-          - systemctl stop systemd-resolved
-          - systemctl disable systemd-resolved
-          - rm /etc/resolv.conf
-          - echo "nameserver 1.1.1.1" > /etc/resolv.conf
-          - echo "nameserver 1.0.0.1" >> /etc/resolv.conf
+        #{post_create_commands}
       YAML
     end
+
+    def server_name
+      @server_name ||= "#{cluster_name}-#{instance_type}-#{instance_id}"
+    end
+
+    def server_config
+      @server_config ||= {
+        name: server_name,
+        location:,
+        image:,
+        firewalls: [
+          { firewall: firewall_id }
+        ],
+        networks: [
+          network_id
+        ],
+        server_type: instance_type,
+        ssh_keys: [
+          ssh_key_id
+        ],
+        user_data:,
+        labels: {
+          cluster: cluster_name,
+          role: (server_name =~ /master/ ? 'master' : 'worker')
+        },
+        placement_group: placement_group_id
+      }
+    end
+
+    def make_request
+      response = hetzner_client.post('/servers', server_config)
+      response_body = response.body
+
+      JSON.parse(response_body)['server']
+    end
   end
 end