hetzner-k3s 0.5.7 → 0.6.0.rc1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/release.yml +32 -0
- data/.gitignore +2 -0
- data/.rubocop.yml +1 -1
- data/.ruby-version +1 -1
- data/Gemfile +13 -2
- data/Gemfile.lock +22 -53
- data/README.md +33 -15
- data/bin/build.sh +12 -6
- data/config/warble.rb +182 -0
- data/exe/hetzner-k3s +3 -0
- data/hetzner-k3s.gemspec +4 -4
- data/lib/hetzner/infra/client.rb +5 -5
- data/lib/hetzner/infra/firewall.rb +7 -9
- data/lib/hetzner/infra/load_balancer.rb +1 -1
- data/lib/hetzner/infra/network.rb +19 -9
- data/lib/hetzner/infra/server.rb +49 -37
- data/lib/hetzner/k3s/cli.rb +16 -393
- data/lib/hetzner/k3s/cluster.rb +71 -53
- data/lib/hetzner/k3s/configuration.rb +486 -0
- data/lib/hetzner/k3s/version.rb +1 -1
- data/lib/hetzner/utils.rb +19 -10
- metadata +26 -23
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4d8a90e68ae6fb3b434fb4f65ed00a9508fa405d5d8cf87c8cc45e86c655ec56
|
4
|
+
data.tar.gz: f35647f4e10202a483aa73b79d9c4d7728904978d72943cd7f51ccdb8ff739fe
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 41ecc26d3b5aaa22b363ff425ef7d0d47a3510aecdc8a8389fd16d2889a77ce278152a20a885a1ba460b19bc07224e1a61c6d3cb8e9f0ee554692f90564a8553
|
7
|
+
data.tar.gz: 37860df2822b9316876814bb8a33df5fbbc087f3c21ef53faf8be35ec56cfbd584bc62db1d1f98558e32d75985fe6d6e0836934838b23d0bb89ffc135a336d08
|
@@ -0,0 +1,32 @@
|
|
1
|
+
name: Release
|
2
|
+
|
3
|
+
on:
|
4
|
+
push:
|
5
|
+
tags:
|
6
|
+
- '*'
|
7
|
+
|
8
|
+
jobs:
|
9
|
+
mcos:
|
10
|
+
runs-on: macos-12
|
11
|
+
steps:
|
12
|
+
- uses: actions/checkout@v3
|
13
|
+
|
14
|
+
- uses: ruby/setup-ruby@v1
|
15
|
+
with:
|
16
|
+
ruby-version: '2.7.1'
|
17
|
+
|
18
|
+
- name: Get ruby-packer
|
19
|
+
run: |
|
20
|
+
curl -o rubyc-macos https://github.com/pmq20/ruby-packer/releases/download/darwin-x64/rubyc
|
21
|
+
chmod +x rubyc-macos
|
22
|
+
|
23
|
+
- name: Build for macOS
|
24
|
+
run: |
|
25
|
+
env CC="xcrun clang -mmacosx-version-min=10.10 -Wno-implicit-function-declaration" time ./rubyc-macos -r ./ -o ./hetzner-k3s-macos exe/hetzner-k3s
|
26
|
+
chmod +x hetzner-k3s-macos
|
27
|
+
|
28
|
+
- uses: ncipollo/release-action@v1
|
29
|
+
with:
|
30
|
+
tag: v$(ruby -r ./lib/hetzner/k3s/version -e 'puts Hetzner::K3s::VERSION')
|
31
|
+
artifacts: "hetzner-k3s-macos"
|
32
|
+
token: ${{ secrets.GITHUB_TOKEN }}
|
data/.gitignore
CHANGED
data/.rubocop.yml
CHANGED
data/.ruby-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
ruby-
|
1
|
+
ruby-2.7.1
|
data/Gemfile
CHANGED
@@ -5,5 +5,16 @@ source 'https://rubygems.org'
|
|
5
5
|
# Specify your gem's dependencies in k3s.gemspec
|
6
6
|
gemspec
|
7
7
|
|
8
|
-
|
9
|
-
gem '
|
8
|
+
# platforms :jruby do
|
9
|
+
# gem 'rake', '~> 12.0'
|
10
|
+
# gem 'rspec', '~> 3.0'
|
11
|
+
|
12
|
+
# gem 'childprocess'
|
13
|
+
# gem 'ed25519'
|
14
|
+
# gem 'http'
|
15
|
+
# gem 'jruby-openssl'
|
16
|
+
# gem 'net-ssh'
|
17
|
+
# gem 'sshkey'
|
18
|
+
# gem 'thor'
|
19
|
+
# gem 'http-parser'
|
20
|
+
# end
|
data/Gemfile.lock
CHANGED
@@ -1,90 +1,59 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
hetzner-k3s (0.5.
|
4
|
+
hetzner-k3s (0.5.9)
|
5
5
|
bcrypt_pbkdf
|
6
|
+
childprocess
|
6
7
|
ed25519
|
7
|
-
|
8
|
+
httparty
|
8
9
|
net-ssh
|
9
10
|
sshkey
|
10
|
-
subprocess
|
11
11
|
thor
|
12
12
|
|
13
13
|
GEM
|
14
14
|
remote: https://rubygems.org/
|
15
15
|
specs:
|
16
|
-
addressable (2.8.0)
|
17
|
-
public_suffix (>= 2.0.2, < 5.0)
|
18
16
|
ast (2.4.2)
|
19
17
|
bcrypt_pbkdf (1.1.0)
|
20
|
-
|
21
|
-
domain_name (0.5.20190701)
|
22
|
-
unf (>= 0.0.5, < 1.0.0)
|
18
|
+
childprocess (4.1.0)
|
23
19
|
ed25519 (1.3.0)
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
http-form_data (~> 2.2)
|
32
|
-
http-parser (~> 1.2.0)
|
33
|
-
http-cookie (1.0.4)
|
34
|
-
domain_name (~> 0.5)
|
35
|
-
http-form_data (2.3.0)
|
36
|
-
http-parser (1.2.3)
|
37
|
-
ffi-compiler (>= 1.0, < 2.0)
|
20
|
+
httparty (0.20.0)
|
21
|
+
mime-types (~> 3.0)
|
22
|
+
multi_xml (>= 0.5.2)
|
23
|
+
mime-types (3.4.1)
|
24
|
+
mime-types-data (~> 3.2015)
|
25
|
+
mime-types-data (3.2022.0105)
|
26
|
+
multi_xml (0.6.0)
|
38
27
|
net-ssh (6.1.0)
|
39
|
-
parallel (1.
|
40
|
-
parser (3.1.
|
28
|
+
parallel (1.20.1)
|
29
|
+
parser (3.1.2.1)
|
41
30
|
ast (~> 2.4.1)
|
42
|
-
public_suffix (4.0.6)
|
43
31
|
rainbow (3.1.1)
|
44
|
-
|
45
|
-
regexp_parser (2.2.0)
|
32
|
+
regexp_parser (2.5.0)
|
46
33
|
rexml (3.2.5)
|
47
|
-
|
48
|
-
rspec-core (~> 3.10.0)
|
49
|
-
rspec-expectations (~> 3.10.0)
|
50
|
-
rspec-mocks (~> 3.10.0)
|
51
|
-
rspec-core (3.10.1)
|
52
|
-
rspec-support (~> 3.10.0)
|
53
|
-
rspec-expectations (3.10.1)
|
54
|
-
diff-lcs (>= 1.2.0, < 2.0)
|
55
|
-
rspec-support (~> 3.10.0)
|
56
|
-
rspec-mocks (3.10.2)
|
57
|
-
diff-lcs (>= 1.2.0, < 2.0)
|
58
|
-
rspec-support (~> 3.10.0)
|
59
|
-
rspec-support (3.10.2)
|
60
|
-
rubocop (1.25.1)
|
34
|
+
rubocop (1.12.1)
|
61
35
|
parallel (~> 1.10)
|
62
|
-
parser (>= 3.
|
36
|
+
parser (>= 3.0.0.0)
|
63
37
|
rainbow (>= 2.2.2, < 4.0)
|
64
38
|
regexp_parser (>= 1.8, < 3.0)
|
65
39
|
rexml
|
66
|
-
rubocop-ast (>= 1.
|
40
|
+
rubocop-ast (>= 1.2.0, < 2.0)
|
67
41
|
ruby-progressbar (~> 1.7)
|
68
42
|
unicode-display_width (>= 1.4.0, < 3.0)
|
69
|
-
rubocop-ast (1.
|
70
|
-
parser (>=
|
43
|
+
rubocop-ast (1.4.1)
|
44
|
+
parser (>= 2.7.1.5)
|
71
45
|
ruby-progressbar (1.11.0)
|
72
46
|
sshkey (2.0.0)
|
73
|
-
subprocess (1.5.5)
|
74
47
|
thor (1.2.1)
|
75
|
-
|
76
|
-
unf_ext
|
77
|
-
unf_ext (0.0.8)
|
78
|
-
unicode-display_width (2.1.0)
|
48
|
+
unicode-display_width (2.2.0)
|
79
49
|
|
80
50
|
PLATFORMS
|
81
51
|
ruby
|
52
|
+
x86_64-darwin-21
|
82
53
|
|
83
54
|
DEPENDENCIES
|
84
55
|
hetzner-k3s!
|
85
|
-
rake (~> 12.0)
|
86
|
-
rspec (~> 3.0)
|
87
56
|
rubocop
|
88
57
|
|
89
58
|
BUNDLED WITH
|
90
|
-
2.3.
|
59
|
+
2.3.21
|
data/README.md
CHANGED
@@ -16,6 +16,8 @@ Using this tool, creating a highly available k3s cluster with 3 masters for the
|
|
16
16
|
|
17
17
|
See roadmap [here](https://github.com/vitobotta/hetzner-k3s/projects/1) for the features planned or in progress.
|
18
18
|
|
19
|
+
Also see this [wiki page](https://github.com/vitobotta/hetzner-k3s/wiki/Tutorial:---Setting-up-a-cluster) for a tutorial on how to set up a cluster with the most common setup to get you started.
|
20
|
+
|
19
21
|
## Requirements
|
20
22
|
|
21
23
|
All that is needed to use this tool is
|
@@ -39,7 +41,12 @@ This will install the `hetzner-k3s` executable in your PATH.
|
|
39
41
|
Alternatively, if you don't want to set up a Ruby runtime but have Docker installed, you can use a container. Run the following from inside the directory where you have the config file for the cluster (described in the next section):
|
40
42
|
|
41
43
|
```bash
|
42
|
-
docker run --rm -it
|
44
|
+
docker run --rm -it \
|
45
|
+
-v ${PWD}:/cluster \
|
46
|
+
-v ${HOME}/.ssh:/tmp/.ssh \
|
47
|
+
vitobotta/hetzner-k3s:v0.5.9 \
|
48
|
+
create-cluster \
|
49
|
+
--config-file /cluster/test.yaml
|
43
50
|
```
|
44
51
|
|
45
52
|
Replace `test.yaml` with the name of your config file.
|
@@ -58,6 +65,8 @@ public_ssh_key_path: "~/.ssh/id_rsa.pub"
|
|
58
65
|
private_ssh_key_path: "~/.ssh/id_rsa"
|
59
66
|
ssh_allowed_networks:
|
60
67
|
- 0.0.0.0/0
|
68
|
+
api_allowed_networks:
|
69
|
+
- 0.0.0.0/0
|
61
70
|
verify_host_key: false
|
62
71
|
location: nbg1
|
63
72
|
schedule_workloads_on_masters: false
|
@@ -97,6 +106,7 @@ enable_encryption: true
|
|
97
106
|
# kube_proxy_args:
|
98
107
|
# - arg1
|
99
108
|
# - ...
|
109
|
+
# existing_network: <specify if you want to use an existing network, otherwise one will be created for this cluster>
|
100
110
|
|
101
111
|
```
|
102
112
|
|
@@ -136,9 +146,11 @@ curl \
|
|
136
146
|
'https://api.hetzner.cloud/v1/images'
|
137
147
|
```
|
138
148
|
|
139
|
-
|
149
|
+
Notes:
|
140
150
|
|
141
|
-
|
151
|
+
- if you use a custom image, the creation of the servers may take longer than when using the default image
|
152
|
+
- the option `verify_host_key` is by default set to `false` to disable host key verification. This is because sometimes when creating new servers, Hetzner may assign IP addresses that were previously used by other servers you owned in the past. Therefore the host key verification would fail. If you set this option to `true` and this happens, the tool won't be able to continue creating the cluster until you resolve the issue with one of the suggestions it will give you
|
153
|
+
- the setting `api_allowed_networks` allows specifying which networks can access the Kubernetes API, but this only works with single master clusters currently. Multi-master HA clusters require a load balancer for the API, but load balancers are not yet covered by Hetzner's firewalls.
|
142
154
|
|
143
155
|
Finally, to create the cluster run:
|
144
156
|
|
@@ -164,6 +176,8 @@ The `create-cluster` command can be run any number of times with the same config
|
|
164
176
|
|
165
177
|
To add one or more nodes to a node pool, just change the instance count in the configuration file for that node pool and re-run the create command.
|
166
178
|
|
179
|
+
**Important**: if you are increasing the size of a node pool created prior to v0.5.7, please see [this thread](https://github.com/vitobotta/hetzner-k3s/issues/80).
|
180
|
+
|
167
181
|
### Scaling down a node pool
|
168
182
|
|
169
183
|
To make a node pool smaller:
|
@@ -199,16 +213,6 @@ Note that the API server will briefly be unavailable during the upgrade of the c
|
|
199
213
|
|
200
214
|
To check the upgrade progress, run `watch kubectl get nodes -owide`. You will see the masters being upgraded one per time, followed by the worker nodes.
|
201
215
|
|
202
|
-
## Upgrade the OS on nodes
|
203
|
-
|
204
|
-
The easiest way to upgrade the OS on existing nodes is actually to replace them, as it happens with managed Kubernetes service. To do this:
|
205
|
-
|
206
|
-
- drain one node
|
207
|
-
- delete the node from Kubernetes
|
208
|
-
- delete the node from the Hetzner console
|
209
|
-
- re-run the script to recreate the deleted node with an updated OS
|
210
|
-
- proceed with the next node
|
211
|
-
|
212
216
|
### What to do if the upgrade doesn't go smoothly
|
213
217
|
|
214
218
|
If the upgrade gets stuck for some reason, or it doesn't upgrade all the nodes:
|
@@ -234,7 +238,8 @@ I have noticed that sometimes I need to re-run the upgrade command a couple of t
|
|
234
238
|
You can also check the logs of the system upgrade controller's pod:
|
235
239
|
|
236
240
|
```bash
|
237
|
-
kubectl -n system-upgrade
|
241
|
+
kubectl -n system-upgrade \
|
242
|
+
logs -f $(kubectl -n system-upgrade get pod -l pod-template-hash -o jsonpath="{.items[0].metadata.name}")
|
238
243
|
```
|
239
244
|
|
240
245
|
A final note about upgrades is that if for some reason the upgrade gets stuck after upgrading the masters and before upgrading the worker nodes, just cleaning up the resources as described above might not be enough. In that case also try running the following to tell the upgrade job for the workers that the masters have already been upgraded, so the upgrade can continue for the workers:
|
@@ -243,6 +248,15 @@ A final note about upgrades is that if for some reason the upgrade gets stuck af
|
|
243
248
|
kubectl label node <master1> <master2> <master2> plan.upgrade.cattle.io/k3s-server=upgraded
|
244
249
|
```
|
245
250
|
|
251
|
+
## Upgrading the OS on nodes
|
252
|
+
|
253
|
+
- consider adding a temporary node during the process if you don't have enough spare capacity in the cluster
|
254
|
+
- drain one node
|
255
|
+
- update etc
|
256
|
+
- reboot
|
257
|
+
- uncordon
|
258
|
+
- proceed with the next node
|
259
|
+
|
246
260
|
## Deleting a cluster
|
247
261
|
|
248
262
|
To delete a cluster, running
|
@@ -277,7 +291,7 @@ I set `load-balancer.hetzner.cloud/hostname` to a valid hostname that I configur
|
|
277
291
|
|
278
292
|
The annotation `load-balancer.hetzner.cloud/use-private-ip: "true"` ensures that the communication between the load balancer and the nodes happens through the private network, so we don't have to open any ports on the nodes (other than the port 6443 for the Kubernetes API server).
|
279
293
|
|
280
|
-
The other annotations should be self explanatory. You can find a list of the available annotations here.
|
294
|
+
The other annotations should be self explanatory. You can find a list of the available annotations [here](https://pkg.go.dev/github.com/hetznercloud/hcloud-cloud-controller-manager/internal/annotation).
|
281
295
|
|
282
296
|
## Persistent volumes
|
283
297
|
|
@@ -293,6 +307,10 @@ I recommend that you create a separate Hetzner project for each cluster, because
|
|
293
307
|
|
294
308
|
Please create a PR if you want to propose any changes, or open an issue if you are having trouble with the tool - I will do my best to help if I can.
|
295
309
|
|
310
|
+
Contributors:
|
311
|
+
|
312
|
+
- [TitanFighter](https://github.com/TitanFighter) for [this awesome tutorial](https://github.com/vitobotta/hetzner-k3s/wiki/Tutorial:---Setting-up-a-cluster)
|
313
|
+
|
296
314
|
## License
|
297
315
|
|
298
316
|
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
data/bin/build.sh
CHANGED
@@ -2,11 +2,17 @@
|
|
2
2
|
|
3
3
|
set -e
|
4
4
|
|
5
|
-
IMAGE="vitobotta/hetzner-k3s"
|
5
|
+
# IMAGE="vitobotta/hetzner-k3s"
|
6
6
|
|
7
|
-
docker build -t ${IMAGE}:v0.5.
|
8
|
-
|
9
|
-
|
10
|
-
|
7
|
+
# docker build -t ${IMAGE}:v0.5.9 \
|
8
|
+
# --platform=linux/amd64 \
|
9
|
+
# --cache-from ${IMAGE}:v0.5.8 \
|
10
|
+
# --build-arg BUILDKIT_INLINE_CACHE=1 .
|
11
11
|
|
12
|
-
docker push vitobotta/hetzner-k3s:v0.5.
|
12
|
+
# docker push vitobotta/hetzner-k3s:v0.5.9
|
13
|
+
|
14
|
+
warble
|
15
|
+
|
16
|
+
echo "#!/usr/bin/env java -jar" > dist/hetzner-k3s
|
17
|
+
cat dist/hetzner-k3s.jar >> dist/hetzner-k3s
|
18
|
+
chmod +x dist/hetzner-k3s
|
data/config/warble.rb
ADDED
@@ -0,0 +1,182 @@
|
|
1
|
+
# Disable Rake-environment-task framework detection by uncommenting/setting to false
|
2
|
+
# Warbler.framework_detection = false
|
3
|
+
|
4
|
+
# Warbler web application assembly configuration file
|
5
|
+
Warbler::Config.new do |config|
|
6
|
+
# Features: additional options controlling how the jar is built.
|
7
|
+
# Currently the following features are supported:
|
8
|
+
# - *gemjar*: package the gem repository in a jar file in WEB-INF/lib
|
9
|
+
# - *executable*: embed a web server and make the war executable
|
10
|
+
# - *runnable*: allows to run bin scripts e.g. `java -jar my.war -S rake -T`
|
11
|
+
# - *compiled*: compile .rb files to .class files
|
12
|
+
config.features = %w(executable runnable compiled)
|
13
|
+
|
14
|
+
# Application directories to be included in the webapp.
|
15
|
+
config.dirs = %w(bin config exe lib)
|
16
|
+
|
17
|
+
# Additional files/directories to include, above those in config.dirs
|
18
|
+
# config.includes = FileList["db"]
|
19
|
+
|
20
|
+
# Additional files/directories to exclude
|
21
|
+
# config.excludes = FileList["lib/tasks/*"]
|
22
|
+
|
23
|
+
# Additional Java .jar files to include. Note that if .jar files are placed
|
24
|
+
# in lib (and not otherwise excluded) then they need not be mentioned here.
|
25
|
+
# JRuby and JRuby-Rack are pre-loaded in this list. Be sure to include your
|
26
|
+
# own versions if you directly set the value
|
27
|
+
# config.java_libs += FileList["lib/java/*.jar"]
|
28
|
+
|
29
|
+
# Loose Java classes and miscellaneous files to be included.
|
30
|
+
# config.java_classes = FileList["target/classes/**.*"]
|
31
|
+
|
32
|
+
# One or more pathmaps defining how the java classes should be copied into
|
33
|
+
# the archive. The example pathmap below accompanies the java_classes
|
34
|
+
# configuration above. See http://rake.rubyforge.org/classes/String.html#M000017
|
35
|
+
# for details of how to specify a pathmap.
|
36
|
+
# config.pathmaps.java_classes << "%{target/classes/,}p"
|
37
|
+
|
38
|
+
# Bundler support is built-in. If Warbler finds a Gemfile in the
|
39
|
+
# project directory, it will be used to collect the gems to bundle
|
40
|
+
# in your application. If you wish to explicitly disable this
|
41
|
+
# functionality, uncomment here.
|
42
|
+
config.bundler = true
|
43
|
+
|
44
|
+
# An array of Bundler groups to avoid including in the war file.
|
45
|
+
# Defaults to ["development", "test", "assets"].
|
46
|
+
# config.bundle_without = []
|
47
|
+
|
48
|
+
# Other gems to be included. If you don't use Bundler or a gemspec
|
49
|
+
# file, you need to tell Warbler which gems your application needs
|
50
|
+
# so that they can be packaged in the archive.
|
51
|
+
# For Rails applications, the Rails gems are included by default
|
52
|
+
# unless the vendor/rails directory is present.
|
53
|
+
# config.gems += ["activerecord-jdbcmysql-adapter", "jruby-openssl"]
|
54
|
+
# config.gems << "tzinfo"
|
55
|
+
|
56
|
+
# Uncomment this if you don't want to package rails gem.
|
57
|
+
# config.gems -= ["rails"]
|
58
|
+
|
59
|
+
# The most recent versions of gems are used.
|
60
|
+
# You can specify versions of gems by using a hash assignment:
|
61
|
+
# config.gems["rails"] = "4.2.5"
|
62
|
+
|
63
|
+
# You can also use regexps or Gem::Dependency objects for flexibility or
|
64
|
+
# finer-grained control.
|
65
|
+
# config.gems << /^sinatra-/
|
66
|
+
# config.gems << Gem::Dependency.new("sinatra", "= 1.4.7")
|
67
|
+
|
68
|
+
# Include gem dependencies not mentioned specifically. Default is
|
69
|
+
# true, uncomment to turn off.
|
70
|
+
# config.gem_dependencies = false
|
71
|
+
|
72
|
+
# Array of regular expressions matching relative paths in gems to be
|
73
|
+
# excluded from the war. Defaults to empty, but you can set it like
|
74
|
+
# below, which excludes test files.
|
75
|
+
# config.gem_excludes = [/^(test|spec)\//]
|
76
|
+
|
77
|
+
# Pathmaps for controlling how application files are copied into the archive
|
78
|
+
# config.pathmaps.application = ["WEB-INF/%p"]
|
79
|
+
|
80
|
+
# Name of the archive (without the extension). Defaults to the basename
|
81
|
+
# of the project directory.
|
82
|
+
config.jar_name = "hetzner-k3s"
|
83
|
+
|
84
|
+
# File extension for the archive. Defaults to either 'jar' or 'war'.
|
85
|
+
config.jar_extension = "jar"
|
86
|
+
|
87
|
+
# Destionation for the created archive. Defaults to project's root directory.
|
88
|
+
config.autodeploy_dir = "dist/"
|
89
|
+
|
90
|
+
# Name of the MANIFEST.MF template for the war file. Defaults to a simple
|
91
|
+
# MANIFEST.MF that contains the version of Warbler used to create the war file.
|
92
|
+
# config.manifest_file = "config/MANIFEST.MF"
|
93
|
+
|
94
|
+
# When using the 'compiled' feature and specified, only these Ruby
|
95
|
+
# files will be compiled. Default is to compile all \.rb files in
|
96
|
+
# the application.
|
97
|
+
# config.compiled_ruby_files = FileList['app/**/*.rb']
|
98
|
+
|
99
|
+
# Determines if ruby files in supporting gems will be compiled.
|
100
|
+
# Ignored unless compile feature is used.
|
101
|
+
config.compile_gems = true
|
102
|
+
|
103
|
+
# When set it specify the bytecode version for compiled class files
|
104
|
+
# config.bytecode_version = "1.6"
|
105
|
+
|
106
|
+
# When set to true, Warbler will override the value of ENV['GEM_HOME'] even it
|
107
|
+
# has already been set. When set to false it will use any existing value of
|
108
|
+
# GEM_HOME if it is set.
|
109
|
+
# config.override_gem_home = true
|
110
|
+
|
111
|
+
# Allows for specifing custom executables
|
112
|
+
# config.executable = ["exe/hetzner-k3s"]
|
113
|
+
|
114
|
+
# Sets default (prefixed) parameters for the executables
|
115
|
+
# config.executable_params = "do:something"
|
116
|
+
|
117
|
+
# If set to true, moves jar files into WEB-INF/lib. Prior to version 1.4.2 of Warbler this was done
|
118
|
+
# by default. But since 1.4.2 this config defaults to false. It may need to be set to true for
|
119
|
+
# web servers that do not explode the WAR file.
|
120
|
+
# Alternatively, this option can be set to a regular expression, which will
|
121
|
+
# act as a jar selector -- only jar files that match the pattern will be
|
122
|
+
# included in the archive.
|
123
|
+
# config.move_jars_to_webinf_lib = false
|
124
|
+
|
125
|
+
# === War files only below here ===
|
126
|
+
|
127
|
+
# Embedded webserver to use with the 'executable' feature. Currently supported
|
128
|
+
# webservers are:
|
129
|
+
# - *jetty* - Embedded Jetty from Eclipse
|
130
|
+
# config.webserver = 'jetty'
|
131
|
+
|
132
|
+
# Path to the pre-bundled gem directory inside the war file. Default
|
133
|
+
# is 'WEB-INF/gems'. Specify path if gems are already bundled
|
134
|
+
# before running Warbler. This also sets 'gem.path' inside web.xml.
|
135
|
+
# config.gem_path = "WEB-INF/vendor/bundler_gems"
|
136
|
+
|
137
|
+
# Files for WEB-INF directory (next to web.xml). This contains
|
138
|
+
# web.xml by default. If there is an .erb-File it will be processed
|
139
|
+
# with webxml-config. You may want to exclude this file via
|
140
|
+
# config.excludes.
|
141
|
+
# config.webinf_files += FileList["jboss-web.xml"]
|
142
|
+
|
143
|
+
# Files to be included in the root of the webapp. Note that files in public
|
144
|
+
# will have the leading 'public/' part of the path stripped during staging.
|
145
|
+
# config.public_html = FileList["public/**/*", "doc/**/*"]
|
146
|
+
|
147
|
+
# Pathmaps for controlling how public HTML files are copied into the .war
|
148
|
+
# config.pathmaps.public_html = ["%{public/,}p"]
|
149
|
+
|
150
|
+
# Value of RAILS_ENV for the webapp -- default as shown below
|
151
|
+
# config.webxml.rails.env = ENV['RAILS_ENV'] || 'production'
|
152
|
+
|
153
|
+
# Public ROOT mapping, by default assets are copied into .war ROOT directory.
|
154
|
+
# config.public.root = ''
|
155
|
+
|
156
|
+
# Application booter to use, either :rack or :rails (autodetected by default)
|
157
|
+
# config.webxml.booter = :rails
|
158
|
+
|
159
|
+
# When using the :rack booter, "Rackup" script to use.
|
160
|
+
# - For 'rackup.path', the value points to the location of the rackup
|
161
|
+
# script in the web archive file. You need to make sure this file
|
162
|
+
# gets included in the war, possibly by adding it to config.includes
|
163
|
+
# or config.webinf_files above.
|
164
|
+
# - For 'rackup', the rackup script you provide as an inline string
|
165
|
+
# is simply embedded in web.xml.
|
166
|
+
# The script is evaluated in a Rack::Builder to load the application.
|
167
|
+
# Examples:
|
168
|
+
# config.webxml.rackup.path = 'WEB-INF/hello.ru'
|
169
|
+
# config.webxml.rackup = %{require './lib/demo'; run Rack::Adapter::Camping.new(Demo)}
|
170
|
+
# config.webxml.rackup = require 'cgi' && CGI::escapeHTML(File.read("config.ru"))
|
171
|
+
|
172
|
+
# Control the pool of Rails runtimes. Leaving unspecified means
|
173
|
+
# the pool will grow as needed to service requests. It is recommended
|
174
|
+
# that you fix these values when running a production server!
|
175
|
+
# If you're using threadsafe! mode, you probably don't want to set these values,
|
176
|
+
# since 1 runtime(default for threadsafe mode) will be enough.
|
177
|
+
# config.webxml.jruby.min.runtimes = 2
|
178
|
+
# config.webxml.jruby.max.runtimes = 4
|
179
|
+
|
180
|
+
# JNDI data source name
|
181
|
+
# config.webxml.jndi = 'jdbc/rails'
|
182
|
+
end
|
data/exe/hetzner-k3s
CHANGED
data/hetzner-k3s.gemspec
CHANGED
@@ -12,7 +12,7 @@ Gem::Specification.new do |spec|
|
|
12
12
|
spec.description = 'A CLI to create a Kubernetes cluster in Hetzner Cloud very quickly using k3s.'
|
13
13
|
spec.homepage = 'https://github.com/vitobotta/hetzner-k3s'
|
14
14
|
spec.license = 'MIT'
|
15
|
-
spec.required_ruby_version = Gem::Requirement.new('
|
15
|
+
spec.required_ruby_version = Gem::Requirement.new('~> 2.7.1')
|
16
16
|
|
17
17
|
# spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
|
18
18
|
|
@@ -20,12 +20,12 @@ Gem::Specification.new do |spec|
|
|
20
20
|
spec.metadata['source_code_uri'] = 'https://github.com/vitobotta/hetzner-k3s'
|
21
21
|
spec.metadata['changelog_uri'] = 'https://github.com/vitobotta/hetzner-k3s'
|
22
22
|
|
23
|
-
spec.add_dependency '
|
23
|
+
spec.add_dependency 'childprocess'
|
24
24
|
spec.add_dependency 'ed25519'
|
25
|
-
spec.add_dependency '
|
25
|
+
spec.add_dependency 'httparty'
|
26
|
+
spec.add_dependency 'bcrypt_pbkdf'
|
26
27
|
spec.add_dependency 'net-ssh'
|
27
28
|
spec.add_dependency 'sshkey'
|
28
|
-
spec.add_dependency 'subprocess'
|
29
29
|
spec.add_dependency 'thor'
|
30
30
|
spec.add_development_dependency 'rubocop'
|
31
31
|
|
data/lib/hetzner/infra/client.rb
CHANGED
@@ -12,19 +12,19 @@ module Hetzner
|
|
12
12
|
|
13
13
|
def get(path)
|
14
14
|
make_request do
|
15
|
-
JSON.parse
|
15
|
+
JSON.parse HTTParty.get(BASE_URI + path, headers: headers).body
|
16
16
|
end
|
17
17
|
end
|
18
18
|
|
19
19
|
def post(path, data)
|
20
20
|
make_request do
|
21
|
-
|
21
|
+
HTTParty.post(BASE_URI + path, body: data.to_json, headers: headers)
|
22
22
|
end
|
23
23
|
end
|
24
24
|
|
25
25
|
def delete(path, id)
|
26
26
|
make_request do
|
27
|
-
|
27
|
+
HTTParty.delete("#{BASE_URI}#{path}/#{id}", headers: headers)
|
28
28
|
end
|
29
29
|
end
|
30
30
|
|
@@ -32,8 +32,8 @@ module Hetzner
|
|
32
32
|
|
33
33
|
def headers
|
34
34
|
{
|
35
|
-
Authorization
|
36
|
-
'Content-Type'
|
35
|
+
'Authorization' => "Bearer #{@token}",
|
36
|
+
'Content-Type' => 'application/json'
|
37
37
|
}
|
38
38
|
end
|
39
39
|
|
@@ -7,9 +7,10 @@ module Hetzner
|
|
7
7
|
@cluster_name = cluster_name
|
8
8
|
end
|
9
9
|
|
10
|
-
def create(high_availability:,
|
10
|
+
def create(high_availability:, ssh_networks:, api_networks:)
|
11
11
|
@high_availability = high_availability
|
12
|
-
@
|
12
|
+
@ssh_networks = ssh_networks
|
13
|
+
@api_networks = api_networks
|
13
14
|
puts
|
14
15
|
|
15
16
|
if (firewall = find_firewall)
|
@@ -47,7 +48,7 @@ module Hetzner
|
|
47
48
|
|
48
49
|
private
|
49
50
|
|
50
|
-
attr_reader :hetzner_client, :cluster_name, :firewall, :high_availability, :
|
51
|
+
attr_reader :hetzner_client, :cluster_name, :firewall, :high_availability, :ssh_networks, :api_networks
|
51
52
|
|
52
53
|
def create_firewall_config
|
53
54
|
rules = [
|
@@ -56,7 +57,7 @@ module Hetzner
|
|
56
57
|
direction: 'in',
|
57
58
|
protocol: 'tcp',
|
58
59
|
port: '22',
|
59
|
-
source_ips:
|
60
|
+
source_ips: ssh_networks,
|
60
61
|
destination_ips: []
|
61
62
|
},
|
62
63
|
{
|
@@ -98,17 +99,14 @@ module Hetzner
|
|
98
99
|
direction: 'in',
|
99
100
|
protocol: 'tcp',
|
100
101
|
port: '6443',
|
101
|
-
source_ips:
|
102
|
-
'0.0.0.0/0',
|
103
|
-
'::/0'
|
104
|
-
],
|
102
|
+
source_ips: api_networks,
|
105
103
|
destination_ips: []
|
106
104
|
}
|
107
105
|
end
|
108
106
|
|
109
107
|
{
|
110
108
|
name: cluster_name,
|
111
|
-
rules:
|
109
|
+
rules: rules
|
112
110
|
}
|
113
111
|
end
|
114
112
|
|