hetzner-k3s 0.4.9 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Dockerfile +1 -1
- data/README.md +8 -1
- data/bin/build.sh +3 -3
- data/lib/hetzner/infra/server.rb +11 -6
- data/lib/hetzner/k3s/cli.rb +6 -0
- data/lib/hetzner/k3s/cluster.rb +14 -4
- data/lib/hetzner/k3s/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 21205ebaea746e26fa42437afe5feca2c9fb856861e6eebedd0608b023d0addf
|
|
4
|
+
data.tar.gz: e67f315b4b96e98fab4fc514e1a01ab88e79b701c83177e0c53863150e508d10
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b2bf2e628f2326e63c10ebe076882979913f260a80c8b01b54944ef226341bf5cbe091283b168af566e6eda13ad84ad9742832284b28973ceb96ea87d75c911b
|
|
7
|
+
data.tar.gz: d5c21906a5eb59772d7613a821bb76a451e95e6f3b4f5b39321c1c431c27de5451c6fc890e37e8622077aab8c54669132227fbfd4622c85cc9838c5bd616c2b1
|
data/Dockerfile
CHANGED
data/README.md
CHANGED
|
@@ -38,7 +38,7 @@ This will install the `hetzner-k3s` executable in your PATH.
|
|
|
38
38
|
Alternatively, if you don't want to set up a Ruby runtime but have Docker installed, you can use a container. Run the following from inside the directory where you have the config file for the cluster (described in the next section):
|
|
39
39
|
|
|
40
40
|
```bash
|
|
41
|
-
docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.
|
|
41
|
+
docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.5.0 create-cluster --config-file /cluster/test.yaml
|
|
42
42
|
```
|
|
43
43
|
|
|
44
44
|
Replace `test.yaml` with the name of your config file.
|
|
@@ -70,6 +70,9 @@ worker_node_pools:
|
|
|
70
70
|
- name: big
|
|
71
71
|
instance_type: cpx31
|
|
72
72
|
instance_count: 2
|
|
73
|
+
additional_packages:
|
|
74
|
+
- somepackage
|
|
75
|
+
enable_ipsec_encryption: true
|
|
73
76
|
```
|
|
74
77
|
|
|
75
78
|
It should hopefully be self explanatory; you can run `hetzner-k3s releases` to see a list of the available releases from the most recent to the oldest available.
|
|
@@ -254,6 +257,10 @@ I recommend that you create a separate Hetzner project for each cluster, because
|
|
|
254
257
|
|
|
255
258
|
## changelog
|
|
256
259
|
|
|
260
|
+
- 0.5.0
|
|
261
|
+
- Allow installing additional packages when creating the servers
|
|
262
|
+
- Allow enabling ipsec encryption
|
|
263
|
+
|
|
257
264
|
- 0.4.9
|
|
258
265
|
- Ensure the program always exits with exit code 1 if the config file fails validation
|
|
259
266
|
- Upgrade System Upgrade Controller to 0.8.1
|
data/bin/build.sh
CHANGED
|
@@ -6,9 +6,9 @@ set -e
|
|
|
6
6
|
|
|
7
7
|
IMAGE="vitobotta/hetzner-k3s"
|
|
8
8
|
|
|
9
|
-
docker build -t ${IMAGE}:
|
|
9
|
+
docker build -t ${IMAGE}:v0.5.0 \
|
|
10
10
|
--platform=linux/amd64 \
|
|
11
|
-
--cache-from ${IMAGE}:v0.4.
|
|
11
|
+
--cache-from ${IMAGE}:v0.4.9 \
|
|
12
12
|
--build-arg BUILDKIT_INLINE_CACHE=1 .
|
|
13
13
|
|
|
14
|
-
docker push vitobotta/hetzner-k3s:v0.
|
|
14
|
+
docker push vitobotta/hetzner-k3s:v0.5.0
|
data/lib/hetzner/infra/server.rb
CHANGED
|
@@ -5,7 +5,9 @@ module Hetzner
|
|
|
5
5
|
@cluster_name = cluster_name
|
|
6
6
|
end
|
|
7
7
|
|
|
8
|
-
def create(location:, instance_type:, instance_id:, firewall_id:, network_id:, ssh_key_id:, placement_group_id:, image:)
|
|
8
|
+
def create(location:, instance_type:, instance_id:, firewall_id:, network_id:, ssh_key_id:, placement_group_id:, image:, additional_packages: [])
|
|
9
|
+
@additional_packages = additional_packages
|
|
10
|
+
|
|
9
11
|
puts
|
|
10
12
|
|
|
11
13
|
server_name = "#{cluster_name}-#{instance_type}-#{instance_id}"
|
|
@@ -70,17 +72,20 @@ module Hetzner
|
|
|
70
72
|
|
|
71
73
|
private
|
|
72
74
|
|
|
73
|
-
attr_reader :hetzner_client, :cluster_name
|
|
75
|
+
attr_reader :hetzner_client, :cluster_name, :additional_packages
|
|
74
76
|
|
|
75
77
|
def find_server(server_name)
|
|
76
|
-
hetzner_client.get("/servers")["servers"].detect{ |network| network["name"] == server_name }
|
|
78
|
+
hetzner_client.get("/servers?sort=created:desc")["servers"].detect{ |network| network["name"] == server_name }
|
|
77
79
|
end
|
|
78
80
|
|
|
79
81
|
def user_data
|
|
82
|
+
packages = ["fail2ban"]
|
|
83
|
+
packages += additional_packages if additional_packages
|
|
84
|
+
packages = "'" + packages.join("', '") + "'"
|
|
85
|
+
|
|
80
86
|
<<~EOS
|
|
81
87
|
#cloud-config
|
|
82
|
-
packages:
|
|
83
|
-
- fail2ban
|
|
88
|
+
packages: [#{packages}]
|
|
84
89
|
runcmd:
|
|
85
90
|
- sed -i 's/[#]*PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
|
|
86
91
|
- sed -i 's/[#]*PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
|
|
@@ -90,7 +95,7 @@ module Hetzner
|
|
|
90
95
|
- rm /etc/resolv.conf
|
|
91
96
|
- echo "nameserver 1.1.1.1" > /etc/resolv.conf
|
|
92
97
|
- echo "nameserver 1.0.0.1" >> /etc/resolv.conf
|
|
93
|
-
|
|
98
|
+
EOS
|
|
94
99
|
end
|
|
95
100
|
|
|
96
101
|
end
|
data/lib/hetzner/k3s/cli.rb
CHANGED
|
@@ -95,6 +95,7 @@ module Hetzner
|
|
|
95
95
|
validate_masters
|
|
96
96
|
validate_worker_node_pools
|
|
97
97
|
validate_verify_host_key
|
|
98
|
+
validate_additional_packages
|
|
98
99
|
when :delete
|
|
99
100
|
validate_kubeconfig_path_must_exist
|
|
100
101
|
when :upgrade
|
|
@@ -358,6 +359,11 @@ module Hetzner
|
|
|
358
359
|
end
|
|
359
360
|
end
|
|
360
361
|
|
|
362
|
+
def validate_additional_packages
|
|
363
|
+
additional_packages = configuration.dig("additional_packages")
|
|
364
|
+
errors << "Invalid additional packages configuration - it should be an array" if additional_packages && !additional_packages.is_a?(Array)
|
|
365
|
+
end
|
|
366
|
+
|
|
361
367
|
end
|
|
362
368
|
end
|
|
363
369
|
end
|
data/lib/hetzner/k3s/cluster.rb
CHANGED
|
@@ -38,6 +38,7 @@ class Cluster
|
|
|
38
38
|
@verify_host_key = configuration.fetch("verify_host_key", false)
|
|
39
39
|
@servers = []
|
|
40
40
|
@networks = configuration.dig("ssh_allowed_networks")
|
|
41
|
+
@enable_ipsec_encryption = configuration.fetch("enable_ipsec_encryption", false)
|
|
41
42
|
|
|
42
43
|
create_resources
|
|
43
44
|
|
|
@@ -80,7 +81,8 @@ class Cluster
|
|
|
80
81
|
:masters_config, :worker_node_pools,
|
|
81
82
|
:location, :public_ssh_key_path,
|
|
82
83
|
:hetzner_token, :tls_sans, :new_k3s_version, :configuration,
|
|
83
|
-
:config_file, :verify_host_key, :networks, :private_ssh_key_path,
|
|
84
|
+
:config_file, :verify_host_key, :networks, :private_ssh_key_path,
|
|
85
|
+
:configuration, :enable_ipsec_encryption
|
|
84
86
|
|
|
85
87
|
|
|
86
88
|
def latest_k3s_version
|
|
@@ -123,7 +125,8 @@ class Cluster
|
|
|
123
125
|
network_id: network_id,
|
|
124
126
|
ssh_key_id: ssh_key_id,
|
|
125
127
|
placement_group_id: placement_group_id,
|
|
126
|
-
image: image
|
|
128
|
+
image: image,
|
|
129
|
+
additional_packages: additional_packages,
|
|
127
130
|
}
|
|
128
131
|
end
|
|
129
132
|
|
|
@@ -148,7 +151,8 @@ class Cluster
|
|
|
148
151
|
network_id: network_id,
|
|
149
152
|
ssh_key_id: ssh_key_id,
|
|
150
153
|
placement_group_id: placement_group_id,
|
|
151
|
-
image: image
|
|
154
|
+
image: image,
|
|
155
|
+
additional_packages: additional_packages,
|
|
152
156
|
}
|
|
153
157
|
end
|
|
154
158
|
end
|
|
@@ -280,6 +284,7 @@ class Cluster
|
|
|
280
284
|
def master_script(master)
|
|
281
285
|
server = master == first_master ? " --cluster-init " : " --server https://#{first_master_private_ip}:6443 "
|
|
282
286
|
flannel_interface = find_flannel_interface(master)
|
|
287
|
+
flannel_ipsec = enable_ipsec_encryption ? " --flannel-backend=ipsec " : " "
|
|
283
288
|
|
|
284
289
|
taint = schedule_workloads_on_masters? ? " " : " --node-taint CriticalAddonsOnly=true:NoExecute "
|
|
285
290
|
|
|
@@ -294,6 +299,7 @@ class Cluster
|
|
|
294
299
|
--node-name="$(hostname -f)" \
|
|
295
300
|
--cluster-cidr=10.244.0.0/16 \
|
|
296
301
|
--etcd-expose-metrics=true \
|
|
302
|
+
#{flannel_ipsec} \
|
|
297
303
|
--kube-controller-manager-arg="address=0.0.0.0" \
|
|
298
304
|
--kube-controller-manager-arg="bind-address=0.0.0.0" \
|
|
299
305
|
--kube-proxy-arg="metrics-bind-address=0.0.0.0" \
|
|
@@ -441,7 +447,7 @@ class Cluster
|
|
|
441
447
|
end
|
|
442
448
|
|
|
443
449
|
def all_servers
|
|
444
|
-
@all_servers ||= hetzner_client.get("/servers")["servers"].select{ |server| belongs_to_cluster?(server) == true }
|
|
450
|
+
@all_servers ||= hetzner_client.get("/servers?sort=created:desc")["servers"].select{ |server| belongs_to_cluster?(server) == true }
|
|
445
451
|
end
|
|
446
452
|
|
|
447
453
|
def masters
|
|
@@ -522,6 +528,10 @@ class Cluster
|
|
|
522
528
|
configuration.dig("image") || "ubuntu-20.04"
|
|
523
529
|
end
|
|
524
530
|
|
|
531
|
+
def additional_packages
|
|
532
|
+
configuration.dig("additional_packages") || []
|
|
533
|
+
end
|
|
534
|
+
|
|
525
535
|
def check_kubectl
|
|
526
536
|
unless which("kubectl")
|
|
527
537
|
puts "Please ensure kubectl is installed and in your PATH."
|
data/lib/hetzner/k3s/version.rb
CHANGED