hetzner-k3s 0.4.9 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Dockerfile +1 -1
- data/README.md +8 -1
- data/bin/build.sh +3 -3
- data/lib/hetzner/infra/server.rb +11 -6
- data/lib/hetzner/k3s/cli.rb +6 -0
- data/lib/hetzner/k3s/cluster.rb +14 -4
- data/lib/hetzner/k3s/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 21205ebaea746e26fa42437afe5feca2c9fb856861e6eebedd0608b023d0addf
|
|
4
|
+
data.tar.gz: e67f315b4b96e98fab4fc514e1a01ab88e79b701c83177e0c53863150e508d10
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b2bf2e628f2326e63c10ebe076882979913f260a80c8b01b54944ef226341bf5cbe091283b168af566e6eda13ad84ad9742832284b28973ceb96ea87d75c911b
|
|
7
|
+
data.tar.gz: d5c21906a5eb59772d7613a821bb76a451e95e6f3b4f5b39321c1c431c27de5451c6fc890e37e8622077aab8c54669132227fbfd4622c85cc9838c5bd616c2b1
|
data/Dockerfile
CHANGED
data/README.md
CHANGED
|
@@ -38,7 +38,7 @@ This will install the `hetzner-k3s` executable in your PATH.
|
|
|
38
38
|
Alternatively, if you don't want to set up a Ruby runtime but have Docker installed, you can use a container. Run the following from inside the directory where you have the config file for the cluster (described in the next section):
|
|
39
39
|
|
|
40
40
|
```bash
|
|
41
|
-
docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.
|
|
41
|
+
docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.5.0 create-cluster --config-file /cluster/test.yaml
|
|
42
42
|
```
|
|
43
43
|
|
|
44
44
|
Replace `test.yaml` with the name of your config file.
|
|
@@ -70,6 +70,9 @@ worker_node_pools:
|
|
|
70
70
|
- name: big
|
|
71
71
|
instance_type: cpx31
|
|
72
72
|
instance_count: 2
|
|
73
|
+
additional_packages:
|
|
74
|
+
- somepackage
|
|
75
|
+
enable_ipsec_encryption: true
|
|
73
76
|
```
|
|
74
77
|
|
|
75
78
|
It should hopefully be self explanatory; you can run `hetzner-k3s releases` to see a list of the available releases from the most recent to the oldest available.
|
|
@@ -254,6 +257,10 @@ I recommend that you create a separate Hetzner project for each cluster, because
|
|
|
254
257
|
|
|
255
258
|
## changelog
|
|
256
259
|
|
|
260
|
+
- 0.5.0
|
|
261
|
+
- Allow installing additional packages when creating the servers
|
|
262
|
+
- Allow enabling ipsec encryption
|
|
263
|
+
|
|
257
264
|
- 0.4.9
|
|
258
265
|
- Ensure the program always exits with exit code 1 if the config file fails validation
|
|
259
266
|
- Upgrade System Upgrade Controller to 0.8.1
|
data/bin/build.sh
CHANGED
|
@@ -6,9 +6,9 @@ set -e
|
|
|
6
6
|
|
|
7
7
|
IMAGE="vitobotta/hetzner-k3s"
|
|
8
8
|
|
|
9
|
-
docker build -t ${IMAGE}:
|
|
9
|
+
docker build -t ${IMAGE}:v0.5.0 \
|
|
10
10
|
--platform=linux/amd64 \
|
|
11
|
-
--cache-from ${IMAGE}:v0.4.
|
|
11
|
+
--cache-from ${IMAGE}:v0.4.9 \
|
|
12
12
|
--build-arg BUILDKIT_INLINE_CACHE=1 .
|
|
13
13
|
|
|
14
|
-
docker push vitobotta/hetzner-k3s:v0.
|
|
14
|
+
docker push vitobotta/hetzner-k3s:v0.5.0
|
data/lib/hetzner/infra/server.rb
CHANGED
|
@@ -5,7 +5,9 @@ module Hetzner
|
|
|
5
5
|
@cluster_name = cluster_name
|
|
6
6
|
end
|
|
7
7
|
|
|
8
|
-
def create(location:, instance_type:, instance_id:, firewall_id:, network_id:, ssh_key_id:, placement_group_id:, image:)
|
|
8
|
+
def create(location:, instance_type:, instance_id:, firewall_id:, network_id:, ssh_key_id:, placement_group_id:, image:, additional_packages: [])
|
|
9
|
+
@additional_packages = additional_packages
|
|
10
|
+
|
|
9
11
|
puts
|
|
10
12
|
|
|
11
13
|
server_name = "#{cluster_name}-#{instance_type}-#{instance_id}"
|
|
@@ -70,17 +72,20 @@ module Hetzner
|
|
|
70
72
|
|
|
71
73
|
private
|
|
72
74
|
|
|
73
|
-
attr_reader :hetzner_client, :cluster_name
|
|
75
|
+
attr_reader :hetzner_client, :cluster_name, :additional_packages
|
|
74
76
|
|
|
75
77
|
def find_server(server_name)
|
|
76
|
-
hetzner_client.get("/servers")["servers"].detect{ |network| network["name"] == server_name }
|
|
78
|
+
hetzner_client.get("/servers?sort=created:desc")["servers"].detect{ |network| network["name"] == server_name }
|
|
77
79
|
end
|
|
78
80
|
|
|
79
81
|
def user_data
|
|
82
|
+
packages = ["fail2ban"]
|
|
83
|
+
packages += additional_packages if additional_packages
|
|
84
|
+
packages = "'" + packages.join("', '") + "'"
|
|
85
|
+
|
|
80
86
|
<<~EOS
|
|
81
87
|
#cloud-config
|
|
82
|
-
packages:
|
|
83
|
-
- fail2ban
|
|
88
|
+
packages: [#{packages}]
|
|
84
89
|
runcmd:
|
|
85
90
|
- sed -i 's/[#]*PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
|
|
86
91
|
- sed -i 's/[#]*PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
|
|
@@ -90,7 +95,7 @@ module Hetzner
|
|
|
90
95
|
- rm /etc/resolv.conf
|
|
91
96
|
- echo "nameserver 1.1.1.1" > /etc/resolv.conf
|
|
92
97
|
- echo "nameserver 1.0.0.1" >> /etc/resolv.conf
|
|
93
|
-
|
|
98
|
+
EOS
|
|
94
99
|
end
|
|
95
100
|
|
|
96
101
|
end
|
data/lib/hetzner/k3s/cli.rb
CHANGED
|
@@ -95,6 +95,7 @@ module Hetzner
|
|
|
95
95
|
validate_masters
|
|
96
96
|
validate_worker_node_pools
|
|
97
97
|
validate_verify_host_key
|
|
98
|
+
validate_additional_packages
|
|
98
99
|
when :delete
|
|
99
100
|
validate_kubeconfig_path_must_exist
|
|
100
101
|
when :upgrade
|
|
@@ -358,6 +359,11 @@ module Hetzner
|
|
|
358
359
|
end
|
|
359
360
|
end
|
|
360
361
|
|
|
362
|
+
def validate_additional_packages
|
|
363
|
+
additional_packages = configuration.dig("additional_packages")
|
|
364
|
+
errors << "Invalid additional packages configuration - it should be an array" if additional_packages && !additional_packages.is_a?(Array)
|
|
365
|
+
end
|
|
366
|
+
|
|
361
367
|
end
|
|
362
368
|
end
|
|
363
369
|
end
|
data/lib/hetzner/k3s/cluster.rb
CHANGED
|
@@ -38,6 +38,7 @@ class Cluster
|
|
|
38
38
|
@verify_host_key = configuration.fetch("verify_host_key", false)
|
|
39
39
|
@servers = []
|
|
40
40
|
@networks = configuration.dig("ssh_allowed_networks")
|
|
41
|
+
@enable_ipsec_encryption = configuration.fetch("enable_ipsec_encryption", false)
|
|
41
42
|
|
|
42
43
|
create_resources
|
|
43
44
|
|
|
@@ -80,7 +81,8 @@ class Cluster
|
|
|
80
81
|
:masters_config, :worker_node_pools,
|
|
81
82
|
:location, :public_ssh_key_path,
|
|
82
83
|
:hetzner_token, :tls_sans, :new_k3s_version, :configuration,
|
|
83
|
-
:config_file, :verify_host_key, :networks, :private_ssh_key_path,
|
|
84
|
+
:config_file, :verify_host_key, :networks, :private_ssh_key_path,
|
|
85
|
+
:configuration, :enable_ipsec_encryption
|
|
84
86
|
|
|
85
87
|
|
|
86
88
|
def latest_k3s_version
|
|
@@ -123,7 +125,8 @@ class Cluster
|
|
|
123
125
|
network_id: network_id,
|
|
124
126
|
ssh_key_id: ssh_key_id,
|
|
125
127
|
placement_group_id: placement_group_id,
|
|
126
|
-
image: image
|
|
128
|
+
image: image,
|
|
129
|
+
additional_packages: additional_packages,
|
|
127
130
|
}
|
|
128
131
|
end
|
|
129
132
|
|
|
@@ -148,7 +151,8 @@ class Cluster
|
|
|
148
151
|
network_id: network_id,
|
|
149
152
|
ssh_key_id: ssh_key_id,
|
|
150
153
|
placement_group_id: placement_group_id,
|
|
151
|
-
image: image
|
|
154
|
+
image: image,
|
|
155
|
+
additional_packages: additional_packages,
|
|
152
156
|
}
|
|
153
157
|
end
|
|
154
158
|
end
|
|
@@ -280,6 +284,7 @@ class Cluster
|
|
|
280
284
|
def master_script(master)
|
|
281
285
|
server = master == first_master ? " --cluster-init " : " --server https://#{first_master_private_ip}:6443 "
|
|
282
286
|
flannel_interface = find_flannel_interface(master)
|
|
287
|
+
flannel_ipsec = enable_ipsec_encryption ? " --flannel-backend=ipsec " : " "
|
|
283
288
|
|
|
284
289
|
taint = schedule_workloads_on_masters? ? " " : " --node-taint CriticalAddonsOnly=true:NoExecute "
|
|
285
290
|
|
|
@@ -294,6 +299,7 @@ class Cluster
|
|
|
294
299
|
--node-name="$(hostname -f)" \
|
|
295
300
|
--cluster-cidr=10.244.0.0/16 \
|
|
296
301
|
--etcd-expose-metrics=true \
|
|
302
|
+
#{flannel_ipsec} \
|
|
297
303
|
--kube-controller-manager-arg="address=0.0.0.0" \
|
|
298
304
|
--kube-controller-manager-arg="bind-address=0.0.0.0" \
|
|
299
305
|
--kube-proxy-arg="metrics-bind-address=0.0.0.0" \
|
|
@@ -441,7 +447,7 @@ class Cluster
|
|
|
441
447
|
end
|
|
442
448
|
|
|
443
449
|
def all_servers
|
|
444
|
-
@all_servers ||= hetzner_client.get("/servers")["servers"].select{ |server| belongs_to_cluster?(server) == true }
|
|
450
|
+
@all_servers ||= hetzner_client.get("/servers?sort=created:desc")["servers"].select{ |server| belongs_to_cluster?(server) == true }
|
|
445
451
|
end
|
|
446
452
|
|
|
447
453
|
def masters
|
|
@@ -522,6 +528,10 @@ class Cluster
|
|
|
522
528
|
configuration.dig("image") || "ubuntu-20.04"
|
|
523
529
|
end
|
|
524
530
|
|
|
531
|
+
def additional_packages
|
|
532
|
+
configuration.dig("additional_packages") || []
|
|
533
|
+
end
|
|
534
|
+
|
|
525
535
|
def check_kubectl
|
|
526
536
|
unless which("kubectl")
|
|
527
537
|
puts "Please ensure kubectl is installed and in your PATH."
|
data/lib/hetzner/k3s/version.rb
CHANGED