RubyGems - hetzner-k3s - Versions diffs - 0.4.0 → 0.4.1 - Mend

hetzner-k3s 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/README.md +11 -2
data/bin/build.sh +12 -0
data/lib/hetzner/infra/ssh_key.rb +15 -15
data/lib/hetzner/k3s/cli.rb +30 -7
data/lib/hetzner/k3s/cluster.rb +43 -10
data/lib/hetzner/k3s/version.rb +1 -1
metadata +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6ee4a4ac2c31ebff805ee20edc3658ffe64be32e50b524ee4af3646e3ffc3a3c
-  data.tar.gz: 8cbc33a2a696b19c8e614932d1daa7fa9beddaf9d69dd8377d909cb382e40f87
+  metadata.gz: cb83104df3f0724108d93046e10e5889be57a54d941549d2b8f2400344448ce6
+  data.tar.gz: 2f3a5069910608a299b611bd7ccfdcae4e82ac1d9d0e98ad4b21542173297662
 SHA512:
-  metadata.gz: ff2ca466abbd198b3bc76c8854113d90033fb606e9f11152ecf6d079564ee4dcbdab359a5b17229770a7dc531a9674b211d079a2204596efe3ec5b67157bf82e
-  data.tar.gz: a6a16c64b0ada5c4d1a740894df09a9f41ed0110b06cfd5629b1971c64836a5fd38bceebb7898432b275cb677779606ecd780b917d4095eb161987d26c0eecc0
+  metadata.gz: 400792543d20abaa5a6b57b26bdabc1ab475d9f5e991ee1808c77c9027e17039036bd1e80b292aeb9982275e05b93ec58b9986bbf7c689cbf568b3f558d23f8c
+  data.tar.gz: 71ef14f3b9d8c86590a11afe260ce68e69bc6bda532328b4d7f3b4064192bf6a2df587ea9107b441102ed564bcb3dcb11f661926185d7ef54f93d3c0a7c90f44

data/README.md CHANGED Viewed

@@ -38,7 +38,7 @@ This will install the `hetzner-k3s` executable in your PATH.
 Alternatively, if you don't want to set up a Ruby runtime but have Docker installed, you can use a container. Run the following from inside the directory where you have the config file for the cluster (described in the next section):
 ```bash
-docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.3.8 create-cluster --config-file /cluster/test.yaml
+docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.4.1 create-cluster --config-file /cluster/test.yaml
 ```
 Replace `test.yaml` with the name of your config file.
@@ -53,7 +53,8 @@ hetzner_token: <your token>
 cluster_name: test
 kubeconfig_path: "./kubeconfig"
 k3s_version: v1.21.3+k3s1
-ssh_key_path: "~/.ssh/id_rsa.pub"
+public_ssh_key_path: "~/.ssh/id_rsa.pub"
+private_ssh_key_path: "~/.ssh/id_rsa"
 ssh_allowed_networks:
   - 0.0.0.0/0
 verify_host_key: false
@@ -239,11 +240,19 @@ I recommend that you create a separate Hetzner project for each cluster, because
 ## changelog
+- 0.4.1
+  - Allow to optionally specify the path of the private SSH key
+  - Set correct permissions for the kubeconfig file
+  - Retry fetching manifests a few times to allow for temporary network issues
+  - Allow to optionally schedule workloads on masters
+  - Allow clusters with no worker node pools if shceduling is enabled for the masters
 - 0.4.0
   - Ensure the masters are removed from the API load balancer before deleting the load balancer
   - Ensure the servers are removed from the firewall before deleting it
   - Allow using an environment variable to specify the Hetzner token
   - Allow restricting SSH access to the nodes to specific networks
+  - Do not open the port 6443 on the nodes if a load balancer is created for an HA cluster
 - 0.3.9
   - Add command "version" to print the version of the tool in use

data/bin/build.sh ADDED Viewed

@@ -0,0 +1,12 @@
+#!/bin/bash
+set -e
+IMAGE="vitobotta/hetzner-k3s"
+docker build -t ${IMAGE}:v0.4.1 \
+  --platform=linux/amd64 \
+  --cache-from ${IMAGE}:v0.4.0 \
+  --build-arg BUILDKIT_INLINE_CACHE=1 .

data/lib/hetzner/infra/ssh_key.rb CHANGED Viewed

@@ -5,15 +5,15 @@ module Hetzner
       @cluster_name = cluster_name
     end
-    def create(ssh_key_path:)
-      @ssh_key_path = ssh_key_path
+    def create(public_ssh_key_path:)
+      @public_ssh_key_path = public_ssh_key_path
       puts
-      if ssh_key = find_ssh_key
+      if (public_ssh_key = find_public_ssh_key)
         puts "SSH key already exists, skipping."
         puts
-        return ssh_key["id"]
+        return public_ssh_key["id"]
       end
       puts "Creating SSH key..."
@@ -26,13 +26,13 @@ module Hetzner
       JSON.parse(response)["ssh_key"]["id"]
     end
-    def delete(ssh_key_path:)
-      @ssh_key_path = ssh_key_path
+    def delete(public_ssh_key_path:)
+      @public_ssh_key_path = public_ssh_key_path
-      if ssh_key = find_ssh_key
-        if ssh_key["name"] == cluster_name
+      if (public_ssh_key = find_public_ssh_key)
+        if public_ssh_key["name"] == cluster_name
           puts "Deleting ssh_key..."
-          hetzner_client.delete("/ssh_keys", ssh_key["id"])
+          hetzner_client.delete("/ssh_keys", public_ssh_key["id"])
           puts "...ssh_key deleted."
         else
           puts "The SSH key existed before creating the cluster, so I won't delete it."
@@ -46,24 +46,24 @@ module Hetzner
     private
-      attr_reader :hetzner_client, :cluster_name, :ssh_key_path
+      attr_reader :hetzner_client, :cluster_name, :public_ssh_key_path
-      def public_key
-        @public_key ||= File.read(ssh_key_path).chop
+      def public_ssh_key
+        @public_ssh_key ||= File.read(public_ssh_key_path).chop
       end
       def ssh_key_config
         {
           name: cluster_name,
-          public_key: public_key
+          public_ssh_key: public_ssh_key
         }
       end
       def fingerprint
-        @fingerprint ||= ::SSHKey.fingerprint(public_key)
+        @fingerprint ||= ::SSHKey.fingerprint(public_ssh_key)
       end
-      def find_ssh_key
+      def find_public_ssh_key
         key = hetzner_client.get("/ssh_keys")["ssh_keys"].detect do |ssh_key|
           ssh_key["fingerprint"] == fingerprint
         end

data/lib/hetzner/k3s/cli.rb CHANGED Viewed

@@ -83,7 +83,8 @@ module Hetzner
           case action
           when :create
-            validate_ssh_key
+            validate_public_ssh_key
+            validate_private_ssh_key
             validate_ssh_allowed_networks
             validate_location
             validate_k3s_version
@@ -147,16 +148,25 @@ module Hetzner
           errors << "Invalid path for the kubeconfig"
         end
-        def validate_ssh_key
-          path = File.expand_path(configuration.dig("ssh_key_path"))
+        def validate_public_ssh_key
+          path = File.expand_path(configuration.dig("public_ssh_key_path"))
           errors << "Invalid Public SSH key path" and return unless File.exists? path
           key = File.read(path)
-          errors << "Public SSH key is invalid" unless ::SSHKey.valid_ssh_public_key? key
+          errors << "Public SSH key is invalid" unless ::SSHKey.valid_ssh_public_key?(key)
         rescue
           errors << "Invalid Public SSH key path"
         end
+        def validate_private_ssh_key
+          return unless (private_ssh_key_path = configuration.dig("private_ssh_key_path"))
+          path = File.expand_path(private_ssh_key_path)
+          errors << "Invalid Private SSH key path" and return unless File.exists?(path)
+        rescue
+          errors << "Invalid Private SSH key path"
+        end
         def validate_kubeconfig_path_must_exist
           path = File.expand_path configuration.dig("kubeconfig_path")
           errors << "kubeconfig path is invalid" and return unless File.exists? path
@@ -231,14 +241,22 @@ module Hetzner
           begin
             worker_node_pools = configuration.dig("worker_node_pools")
           rescue
-            errors << "Invalid node pools configuration"
+            unless schedule_workloads_on_masters?
+              errors << "Invalid node pools configuration"
+              return
+            end
+          end
+          if worker_node_pools.nil? && schedule_workloads_on_masters?
             return
           end
           if !worker_node_pools.is_a? Array
             errors << "Invalid node pools configuration"
           elsif worker_node_pools.size == 0
-            errors << "At least one node pool is required in order to schedule workloads"
+            unless schedule_workloads_on_masters?
+              errors << "At least one node pool is required in order to schedule workloads"
+            end
           elsif worker_node_pools.map{ |worker_node_pool| worker_node_pool["name"]}.uniq.size != worker_node_pools.size
             errors << "Each node pool must have an unique name"
           elsif server_types
@@ -248,6 +266,11 @@ module Hetzner
           end
         end
+        def schedule_workloads_on_masters?
+          schedule_workloads_on_masters = configuration.dig("schedule_workloads_on_masters")
+          schedule_workloads_on_masters ? !!schedule_workloads_on_masters : false
+        end
         def validate_new_k3s_version_must_be_more_recent
           return if options[:force] == "true"
           return unless kubernetes_client
@@ -321,7 +344,7 @@ module Hetzner
         end
         def validate_verify_host_key
-          return unless [true, false].include?(configuration.fetch("ssh_key_path", false))
+          return unless [true, false].include?(configuration.fetch("public_ssh_key_path", false))
           errors << "Please set the verify_host_key option to either true or false"
         end

data/lib/hetzner/k3s/cluster.rb CHANGED Viewed

@@ -22,12 +22,15 @@ class Cluster
   end
   def create(configuration:)
+    @configuration = configuration
     @cluster_name = configuration.dig("cluster_name")
     @kubeconfig_path = File.expand_path(configuration.dig("kubeconfig_path"))
-    @ssh_key_path = File.expand_path(configuration.dig("ssh_key_path"))
+    @public_ssh_key_path = File.expand_path(configuration.dig("public_ssh_key_path"))
+    private_ssh_key_path = configuration.dig("private_ssh_key_path")
+    @private_ssh_key_path = File.expand_path(private_ssh_key_path) if private_ssh_key_path
     @k3s_version = configuration.dig("k3s_version")
     @masters_config = configuration.dig("masters")
-    @worker_node_pools = configuration.dig("worker_node_pools")
+    @worker_node_pools = find_worker_node_pools(configuration)
     @location = configuration.dig("location")
     @verify_host_key = configuration.fetch("verify_host_key", false)
     @servers = []
@@ -47,7 +50,7 @@ class Cluster
   def delete(configuration:)
     @cluster_name = configuration.dig("cluster_name")
     @kubeconfig_path = File.expand_path(configuration.dig("kubeconfig_path"))
-    @ssh_key_path = File.expand_path(configuration.dig("ssh_key_path"))
+    @public_ssh_key_path = File.expand_path(configuration.dig("public_ssh_key_path"))
     delete_resources
   end
@@ -64,13 +67,17 @@ class Cluster
   private
+    def find_worker_node_pools(configuration)
+      configuration.fetch("worker_node_pools", [])
+    end
     attr_accessor :servers
     attr_reader :hetzner_client, :cluster_name, :kubeconfig_path, :k3s_version,
                 :masters_config, :worker_node_pools,
-                :location, :ssh_key_path, :kubernetes_client,
+                :location, :public_ssh_key_path, :kubernetes_client,
                 :hetzner_token, :tls_sans, :new_k3s_version, :configuration,
-                :config_file, :verify_host_key, :networks
+                :config_file, :verify_host_key, :networks, :private_ssh_key_path, :configuration
     def latest_k3s_version
@@ -95,7 +102,7 @@ class Cluster
       ssh_key_id = Hetzner::SSHKey.new(
         hetzner_client: hetzner_client,
         cluster_name: cluster_name
-      ).create(ssh_key_path: ssh_key_path)
+      ).create(public_ssh_key_path: public_ssh_key_path)
       server_configs = []
@@ -169,7 +176,7 @@ class Cluster
       Hetzner::SSHKey.new(
         hetzner_client: hetzner_client,
         cluster_name: cluster_name
-      ).delete(ssh_key_path: ssh_key_path)
+      ).delete(public_ssh_key_path: public_ssh_key_path)
       threads = all_servers.map do |server|
         Thread.new do
@@ -207,6 +214,8 @@ class Cluster
       server = master == first_master ? " --cluster-init " : " --server https://#{first_master_private_ip}:6443 "
       flannel_interface = find_flannel_interface(master)
+      taint = schedule_workloads_on_masters? ? " " : " --node-taint CriticalAddonsOnly=true:NoExecute "
       <<~EOF
       curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="#{k3s_version}" K3S_TOKEN="#{k3s_token}" INSTALL_K3S_EXEC="server \
         --disable-cloud-controller \
@@ -223,7 +232,7 @@ class Cluster
         --kube-proxy-arg="metrics-bind-address=0.0.0.0" \
         --kube-scheduler-arg="address=0.0.0.0" \
         --kube-scheduler-arg="bind-address=0.0.0.0" \
-        --node-taint CriticalAddonsOnly=true:NoExecute \
+        #{taint} \
         --kubelet-arg="cloud-provider=external" \
         --advertise-address=$(hostname -I | awk '{print $2}') \
         --node-ip=$(hostname -I | awk '{print $2}') \
@@ -313,7 +322,7 @@ class Cluster
       end
-      manifest = HTTP.follow.get("https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/latest/download/ccm-networks.yaml").body
+      manifest = fetch_manifest("https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/latest/download/ccm-networks.yaml")
       File.write("/tmp/cloud-controller-manager.yaml", manifest)
@@ -338,6 +347,13 @@ class Cluster
       retry
     end
+    def fetch_manifest(url)
+      retries ||= 1
+      HTTP.follow.get(url).body
+    rescue
+      retry if (retries += 1) <= 10
+    end
     def deploy_system_upgrade_controller
       puts
       puts "Deploying k3s System Upgrade Controller..."
@@ -442,7 +458,13 @@ class Cluster
       public_ip = server.dig("public_net", "ipv4", "ip")
       output = ""
-      Net::SSH.start(public_ip, "root", verify_host_key: (verify_host_key ? :always : :never)) do |session|
+      params = { verify_host_key: (verify_host_key ? :always : :never) }
+      if private_ssh_key_path
+        params[:keys] = [private_ssh_key_path]
+      end
+      Net::SSH.start(public_ip, "root", params) do |session|
         session.exec!(command) do |channel, stream, data|
           output << data
           puts data if print_output
@@ -453,6 +475,10 @@ class Cluster
       retry unless e.message =~ /Too many authentication failures/
     rescue Net::SSH::ConnectionTimeout, Errno::ECONNREFUSED, Errno::ENETUNREACH, Errno::EHOSTUNREACH
       retry
+    rescue Net::SSH::AuthenticationFailed
+      puts
+      puts "Cannot continue: SSH authentication failed. Please ensure that the private SSH key is correct."
+      exit 1
     rescue Net::SSH::HostKeyMismatch
       puts
       puts "Cannot continue: Unable to SSH into server with IP #{public_ip} because the existing fingerprint in the known_hosts file does not match that of the actual host key."
@@ -542,6 +568,8 @@ class Cluster
         gsub("default", cluster_name)
       File.write(kubeconfig_path, kubeconfig)
+      FileUtils.chmod "go-r", kubeconfig_path
     end
     def ugrade_plan_manifest_path
@@ -605,4 +633,9 @@ class Cluster
       server.dig("labels", "cluster") == cluster_name
     end
+    def schedule_workloads_on_masters?
+      schedule_workloads_on_masters = configuration.dig("schedule_workloads_on_masters")
+      schedule_workloads_on_masters ? !!schedule_workloads_on_masters : false
+    end
 end

data/lib/hetzner/k3s/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Hetzner
   module K3s
-    VERSION = "0.4.0"
+    VERSION = "0.4.1"
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hetzner-k3s
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.1
 platform: ruby
 authors:
 - Vito Botta
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-08-24 00:00:00.000000000 Z
+date: 2021-10-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -127,6 +127,7 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- bin/build.sh
 - bin/console
 - bin/setup
 - cluster_config.yaml.example