hetzner-k3s 0.6.2.pre1 → 0.6.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +3 -3
- data/README.md +15 -5
- data/cluster_config.yaml.example +10 -0
- data/hetzner-k3s.gemspec +1 -1
- data/lib/hetzner/infra/client.rb +4 -4
- data/lib/hetzner/infra/firewall.rb +1 -2
- data/lib/hetzner/infra/load_balancer.rb +1 -1
- data/lib/hetzner/infra/server.rb +28 -24
- data/lib/hetzner/k3s/cluster.rb +71 -440
- data/lib/hetzner/k3s/configuration.rb +12 -13
- data/lib/hetzner/k3s/version.rb +1 -1
- data/lib/hetzner/kubernetes/client.rb +475 -0
- data/lib/hetzner/utils.rb +17 -7
- metadata +9 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 17e2373497278dc7f975158e93d2f0041e2e7b248fc31ba90f9088ad5a0c8b35
|
|
4
|
+
data.tar.gz: 35ff6dee9d6a84dbf7d1265ac4646da142c6ea030815dca4dbe6727528dec6de
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3a23e73a53b5cb205609c5b6cdaa17ef70bafcbf0c5783c0fa988fccac9cdae8da20fd12c3f644e47d2ff6d66bf914bcb2b0540ff83ef7a79943e970bd36bc18
|
|
7
|
+
data.tar.gz: 565b8e15b98dba8a0fbd0ef4699b0890fb5536e0f80d99f2dcab19352a26b50389c2923c4658a685a60569fa054b777fbe9d0111f9f9b1b78cd24070dceab96c
|
data/Gemfile.lock
CHANGED
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
hetzner-k3s (0.6.
|
|
4
|
+
hetzner-k3s (0.6.4)
|
|
5
5
|
bcrypt_pbkdf
|
|
6
6
|
childprocess
|
|
7
7
|
ed25519
|
|
8
8
|
httparty
|
|
9
|
-
net-ssh
|
|
9
|
+
net-ssh
|
|
10
10
|
sshkey
|
|
11
11
|
thor
|
|
12
12
|
|
|
@@ -25,7 +25,7 @@ GEM
|
|
|
25
25
|
mime-types-data (~> 3.2015)
|
|
26
26
|
mime-types-data (3.2022.0105)
|
|
27
27
|
multi_xml (0.6.0)
|
|
28
|
-
net-ssh (
|
|
28
|
+
net-ssh (7.0.1)
|
|
29
29
|
parallel (1.20.1)
|
|
30
30
|
parser (3.1.2.1)
|
|
31
31
|
ast (~> 2.4.1)
|
data/README.md
CHANGED
|
@@ -58,13 +58,13 @@ Before using the tool, be sure to have kubectl installed as it's required to ins
|
|
|
58
58
|
#### With Homebrew
|
|
59
59
|
|
|
60
60
|
```bash
|
|
61
|
-
brew install vitobotta/tap/
|
|
61
|
+
brew install vitobotta/tap/hetzner_k3s
|
|
62
62
|
```
|
|
63
63
|
|
|
64
64
|
#### Binary installation (Intel)
|
|
65
65
|
|
|
66
66
|
```bash
|
|
67
|
-
wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.
|
|
67
|
+
wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.4/hetzner-k3s-mac-amd64
|
|
68
68
|
chmod +x hetzner-k3s-mac-x64
|
|
69
69
|
sudo mv hetzner-k3s-mac-x64 /usr/local/bin/hetzner-k3s
|
|
70
70
|
```
|
|
@@ -72,7 +72,7 @@ sudo mv hetzner-k3s-mac-x64 /usr/local/bin/hetzner-k3s
|
|
|
72
72
|
#### Binary installation (Apple Silicon/M1)
|
|
73
73
|
|
|
74
74
|
```bash
|
|
75
|
-
wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.
|
|
75
|
+
wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.4/hetzner-k3s-mac-arm64
|
|
76
76
|
chmod +x hetzner-k3s-mac-arm
|
|
77
77
|
sudo mv hetzner-k3s-mac-arm /usr/local/bin/hetzner-k3s
|
|
78
78
|
```
|
|
@@ -82,7 +82,7 @@ NOTE: currently the ARM version still requires [Rosetta](https://support.apple.c
|
|
|
82
82
|
### Linux
|
|
83
83
|
|
|
84
84
|
```bash
|
|
85
|
-
wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.
|
|
85
|
+
wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.4/hetzner-k3s-linux-x86_64
|
|
86
86
|
chmod +x hetzner-k3s-linux-x86_64
|
|
87
87
|
sudo mv hetzner-k3s-linux-x86_64 /usr/local/bin/hetzner-k3s
|
|
88
88
|
```
|
|
@@ -107,7 +107,7 @@ Alternatively, if you don't want to set up a Ruby runtime but have Docker instal
|
|
|
107
107
|
docker run --rm -it \
|
|
108
108
|
-v ${PWD}:/cluster \
|
|
109
109
|
-v ${HOME}/.ssh:/tmp/.ssh \
|
|
110
|
-
vitobotta/hetzner-k3s:v0.6.
|
|
110
|
+
vitobotta/hetzner-k3s:v0.6.4 \
|
|
111
111
|
create-cluster \
|
|
112
112
|
--config-file /cluster/test.yaml
|
|
113
113
|
```
|
|
@@ -138,10 +138,20 @@ schedule_workloads_on_masters: false
|
|
|
138
138
|
masters:
|
|
139
139
|
instance_type: cpx21
|
|
140
140
|
instance_count: 3
|
|
141
|
+
# labels:
|
|
142
|
+
# purpose: master
|
|
143
|
+
# size: cpx21
|
|
144
|
+
# taints:
|
|
145
|
+
# something: value1:NoSchedule
|
|
141
146
|
worker_node_pools:
|
|
142
147
|
- name: small
|
|
143
148
|
instance_type: cpx21
|
|
144
149
|
instance_count: 4
|
|
150
|
+
# labels:
|
|
151
|
+
# purpose: worker
|
|
152
|
+
# size: cpx21
|
|
153
|
+
# taints:
|
|
154
|
+
# something: GpuWorkloadsOnly:NoSchedule
|
|
145
155
|
- name: big
|
|
146
156
|
instance_type: cpx31
|
|
147
157
|
instance_count: 2
|
data/cluster_config.yaml.example
CHANGED
|
@@ -15,10 +15,20 @@ schedule_workloads_on_masters: false
|
|
|
15
15
|
masters:
|
|
16
16
|
instance_type: cpx21
|
|
17
17
|
instance_count: 3
|
|
18
|
+
# labels:
|
|
19
|
+
# purpose: master
|
|
20
|
+
# size: cpx21
|
|
21
|
+
# taints:
|
|
22
|
+
# something: value1:NoSchedule
|
|
18
23
|
worker_node_pools:
|
|
19
24
|
- name: small
|
|
20
25
|
instance_type: cpx21
|
|
21
26
|
instance_count: 4
|
|
27
|
+
# labels:
|
|
28
|
+
# purpose: worker
|
|
29
|
+
# size: cpx21
|
|
30
|
+
# taints:
|
|
31
|
+
# something: GpuWorkloadsOnly:NoSchedule
|
|
22
32
|
- name: big
|
|
23
33
|
instance_type: cpx31
|
|
24
34
|
instance_count: 2
|
data/hetzner-k3s.gemspec
CHANGED
|
@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
|
|
|
24
24
|
spec.add_dependency 'childprocess'
|
|
25
25
|
spec.add_dependency 'ed25519'
|
|
26
26
|
spec.add_dependency 'httparty'
|
|
27
|
-
spec.add_dependency 'net-ssh'
|
|
27
|
+
spec.add_dependency 'net-ssh'
|
|
28
28
|
spec.add_dependency 'sshkey'
|
|
29
29
|
spec.add_dependency 'thor'
|
|
30
30
|
spec.add_development_dependency 'rubocop'
|
data/lib/hetzner/infra/client.rb
CHANGED
|
@@ -6,10 +6,6 @@ module Hetzner
|
|
|
6
6
|
|
|
7
7
|
attr_reader :token
|
|
8
8
|
|
|
9
|
-
def initialize(token:)
|
|
10
|
-
@token = token
|
|
11
|
-
end
|
|
12
|
-
|
|
13
9
|
def get(path)
|
|
14
10
|
make_request do
|
|
15
11
|
JSON.parse HTTParty.get(BASE_URI + path, headers: headers).body
|
|
@@ -30,6 +26,10 @@ module Hetzner
|
|
|
30
26
|
|
|
31
27
|
private
|
|
32
28
|
|
|
29
|
+
def initialize(token:)
|
|
30
|
+
@token = token
|
|
31
|
+
end
|
|
32
|
+
|
|
33
33
|
def headers
|
|
34
34
|
{
|
|
35
35
|
'Authorization' => "Bearer #{@token}",
|
|
@@ -33,8 +33,7 @@ module Hetzner
|
|
|
33
33
|
puts 'Deleting firewall...'
|
|
34
34
|
|
|
35
35
|
servers.each do |server|
|
|
36
|
-
hetzner_client.post("/firewalls/#{firewall['id']}/actions/remove_from_resources",
|
|
37
|
-
remove_targets_config(server['id']))
|
|
36
|
+
hetzner_client.post("/firewalls/#{firewall['id']}/actions/remove_from_resources", remove_targets_config(server['id']))
|
|
38
37
|
end
|
|
39
38
|
|
|
40
39
|
hetzner_client.delete('/firewalls', firewall['id'])
|
|
@@ -33,8 +33,8 @@ module Hetzner
|
|
|
33
33
|
puts 'Deleting API load balancer...' unless high_availability
|
|
34
34
|
|
|
35
35
|
hetzner_client.post("/load_balancers/#{load_balancer['id']}/actions/remove_target", remove_targets_config)
|
|
36
|
-
|
|
37
36
|
hetzner_client.delete('/load_balancers', load_balancer['id'])
|
|
37
|
+
|
|
38
38
|
puts '...API load balancer deleted.' unless high_availability
|
|
39
39
|
elsif high_availability
|
|
40
40
|
puts 'API load balancer no longer exists, skipping.'
|
data/lib/hetzner/infra/server.rb
CHANGED
|
@@ -59,30 +59,6 @@ module Hetzner
|
|
|
59
59
|
end
|
|
60
60
|
|
|
61
61
|
def user_data
|
|
62
|
-
packages = %w[fail2ban wireguard]
|
|
63
|
-
packages += additional_packages if additional_packages
|
|
64
|
-
packages = "'#{packages.join("', '")}'"
|
|
65
|
-
|
|
66
|
-
post_create_commands = [
|
|
67
|
-
'crontab -l > /etc/cron_bkp',
|
|
68
|
-
'echo "@reboot echo true > /etc/ready" >> /etc/cron_bkp',
|
|
69
|
-
'crontab /etc/cron_bkp',
|
|
70
|
-
'sed -i \'s/[#]*PermitRootLogin yes/PermitRootLogin prohibit-password/g\' /etc/ssh/sshd_config',
|
|
71
|
-
'sed -i \'s/[#]*PasswordAuthentication yes/PasswordAuthentication no/g\' /etc/ssh/sshd_config',
|
|
72
|
-
'systemctl restart sshd',
|
|
73
|
-
'systemctl stop systemd-resolved',
|
|
74
|
-
'systemctl disable systemd-resolved',
|
|
75
|
-
'rm /etc/resolv.conf',
|
|
76
|
-
'echo \'nameserver 1.1.1.1\' > /etc/resolv.conf',
|
|
77
|
-
'echo \'nameserver 1.0.0.1\' >> /etc/resolv.conf'
|
|
78
|
-
]
|
|
79
|
-
|
|
80
|
-
post_create_commands += additional_post_create_commands if additional_post_create_commands
|
|
81
|
-
|
|
82
|
-
post_create_commands += ['shutdown -r now'] if post_create_commands.grep(/shutdown|reboot/).grep_v(/@reboot/).empty?
|
|
83
|
-
|
|
84
|
-
post_create_commands = " - #{post_create_commands.join("\n - ")}"
|
|
85
|
-
|
|
86
62
|
<<~YAML
|
|
87
63
|
#cloud-config
|
|
88
64
|
packages: [#{packages}]
|
|
@@ -125,5 +101,33 @@ module Hetzner
|
|
|
125
101
|
|
|
126
102
|
JSON.parse(response_body)['server']
|
|
127
103
|
end
|
|
104
|
+
|
|
105
|
+
def post_create_commands
|
|
106
|
+
commands = [
|
|
107
|
+
'crontab -l > /etc/cron_bkp',
|
|
108
|
+
'echo "@reboot echo true > /etc/ready" >> /etc/cron_bkp',
|
|
109
|
+
'crontab /etc/cron_bkp',
|
|
110
|
+
'sed -i \'s/[#]*PermitRootLogin yes/PermitRootLogin prohibit-password/g\' /etc/ssh/sshd_config',
|
|
111
|
+
'sed -i \'s/[#]*PasswordAuthentication yes/PasswordAuthentication no/g\' /etc/ssh/sshd_config',
|
|
112
|
+
'systemctl restart sshd',
|
|
113
|
+
'systemctl stop systemd-resolved',
|
|
114
|
+
'systemctl disable systemd-resolved',
|
|
115
|
+
'rm /etc/resolv.conf',
|
|
116
|
+
'echo \'nameserver 1.1.1.1\' > /etc/resolv.conf',
|
|
117
|
+
'echo \'nameserver 1.0.0.1\' >> /etc/resolv.conf'
|
|
118
|
+
]
|
|
119
|
+
|
|
120
|
+
commands += additional_post_create_commands if additional_post_create_commands
|
|
121
|
+
|
|
122
|
+
commands << 'shutdown -r now' if commands.grep(/shutdown|reboot/).grep_v(/@reboot/).empty?
|
|
123
|
+
|
|
124
|
+
" - #{commands.join("\n - ")}"
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
def packages
|
|
128
|
+
packages = %w[fail2ban wireguard]
|
|
129
|
+
packages += additional_packages if additional_packages
|
|
130
|
+
"'#{packages.join("', '")}'"
|
|
131
|
+
end
|
|
128
132
|
end
|
|
129
133
|
end
|