hetzner-k3s 0.5.0 → 0.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 21205ebaea746e26fa42437afe5feca2c9fb856861e6eebedd0608b023d0addf
-  data.tar.gz: e67f315b4b96e98fab4fc514e1a01ab88e79b701c83177e0c53863150e508d10
+  metadata.gz: c236d440e3e99f656c62b8ced99ac899199e435ca41e9675c4adeb326a87c5d8
+  data.tar.gz: fd8da58d3c4cc3b54018c1ff261f8606391e8f524b974660fc5984fcd10397f7
 SHA512:
-  metadata.gz: b2bf2e628f2326e63c10ebe076882979913f260a80c8b01b54944ef226341bf5cbe091283b168af566e6eda13ad84ad9742832284b28973ceb96ea87d75c911b
-  data.tar.gz: d5c21906a5eb59772d7613a821bb76a451e95e6f3b4f5b39321c1c431c27de5451c6fc890e37e8622077aab8c54669132227fbfd4622c85cc9838c5bd616c2b1
+  metadata.gz: 8ebe7779e0f79ec500c1e0d230212cd568ef62e94a3dd2d936214f03f48baf8fc937a683b7bf4478b66a3dc0a7b02ee001a6fe3e542ad401f0add4ee27a68b03
+  data.tar.gz: dae117d8d1e3babf392814baf372009d1558113673a4968b7526a0a4e3a06b8eea034edaa11452047286721efc2a37af3e8214f2dbeafde73d864493feae5626

data/.rubocop.yml

@@ -0,0 +1,121 @@
+Gemspec/DateAssignment: # new in 1.10
+  Enabled: true
+Gemspec/RequireMFA: # new in 1.23
+  Enabled: true
+Layout/LineEndStringConcatenationIndentation: # new in 1.18
+  Enabled: true
+Layout/SpaceBeforeBrackets: # new in 1.7
+  Enabled: true
+Lint/AmbiguousAssignment: # new in 1.7
+  Enabled: true
+Lint/AmbiguousOperatorPrecedence: # new in 1.21
+  Enabled: true
+Lint/AmbiguousRange: # new in 1.19
+  Enabled: true
+Lint/DeprecatedConstants: # new in 1.8
+  Enabled: true
+Lint/DuplicateBranch: # new in 1.3
+  Enabled: true
+Lint/DuplicateRegexpCharacterClassElement: # new in 1.1
+  Enabled: true
+Lint/EmptyBlock: # new in 1.1
+  Enabled: true
+Lint/EmptyClass: # new in 1.3
+  Enabled: true
+Lint/EmptyInPattern: # new in 1.16
+  Enabled: true
+Lint/IncompatibleIoSelectWithFiberScheduler: # new in 1.21
+  Enabled: true
+Lint/LambdaWithoutLiteralBlock: # new in 1.8
+  Enabled: true
+Lint/NoReturnInBeginEndBlocks: # new in 1.2
+  Enabled: true
+Lint/NumberedParameterAssignment: # new in 1.9
+  Enabled: true
+Lint/OrAssignmentToConstant: # new in 1.9
+  Enabled: true
+Lint/RedundantDirGlobSort: # new in 1.8
+  Enabled: true
+Lint/RequireRelativeSelfPath: # new in 1.22
+  Enabled: true
+Lint/SymbolConversion: # new in 1.9
+  Enabled: true
+Lint/ToEnumArguments: # new in 1.1
+  Enabled: true
+Lint/TripleQuotes: # new in 1.9
+  Enabled: true
+Lint/UnexpectedBlockArity: # new in 1.5
+  Enabled: true
+Lint/UnmodifiedReduceAccumulator: # new in 1.1
+  Enabled: true
+Lint/UselessRuby2Keywords: # new in 1.23
+  Enabled: true
+Naming/BlockForwarding: # new in 1.24
+  Enabled: true
+Security/IoMethods: # new in 1.22
+  Enabled: true
+Style/ArgumentsForwarding: # new in 1.1
+  Enabled: true
+Style/CollectionCompact: # new in 1.2
+  Enabled: true
+Style/DocumentDynamicEvalDefinition: # new in 1.1
+  Enabled: true
+Style/EndlessMethod: # new in 1.8
+  Enabled: true
+Style/FileRead: # new in 1.24
+  Enabled: true
+Style/FileWrite: # new in 1.24
+  Enabled: true
+Style/HashConversion: # new in 1.10
+  Enabled: true
+Style/HashExcept: # new in 1.7
+  Enabled: true
+Style/IfWithBooleanLiteralBranches: # new in 1.9
+  Enabled: true
+Style/InPatternThen: # new in 1.16
+  Enabled: true
+Style/MapToHash: # new in 1.24
+  Enabled: true
+Style/MultilineInPatternThen: # new in 1.16
+  Enabled: true
+Style/NegatedIfElseCondition: # new in 1.2
+  Enabled: true
+Style/NilLambda: # new in 1.3
+  Enabled: true
+Style/NumberedParameters: # new in 1.22
+  Enabled: true
+Style/NumberedParametersLimit: # new in 1.22
+  Enabled: true
+Style/OpenStructUse: # new in 1.23
+  Enabled: true
+Style/QuotedSymbols: # new in 1.16
+  Enabled: true
+Style/RedundantArgument: # new in 1.4
+  Enabled: true
+Style/RedundantSelfAssignmentBranch: # new in 1.19
+  Enabled: true
+Style/SelectByRegexp: # new in 1.22
+  Enabled: true
+Style/StringChars: # new in 1.12
+  Enabled: true
+Style/SwapValues: # new in 1.1
+  Enabled: true
+Style/Documentation:
+  Enabled: false
+Metrics/MethodLength:
+  Enabled: false
+Metrics/AbcSize:
+  Enabled: false
+Metrics/CyclomaticComplexity:
+  Enabled: false
+Metrics/ClassLength:
+  Enabled: false
+Layout/LineLength:
+  Enabled: false
+Metrics/PerceivedComplexity:
+  Enabled: false
+Metrics/ParameterLists:
+  Max: 10
+Style/FrozenStringLiteralComment:
+  Exclude:
+    - exe/hetzner-k3s

data/Dockerfile

@@ -1,7 +1,10 @@
 FROM ruby:3.1.0-alpine
 
 RUN apk update --no-cache \
-  && apk add build-base git openssh-client
+  && apk add build-base git openssh-client curl bash
+
+RUN curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" \
+  && install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
 
 COPY . .
 

data/Gemfile

@@ -1,7 +1,9 @@
-source "https://rubygems.org"
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
 
 # Specify your gem's dependencies in k3s.gemspec
 gemspec
 
-gem "rake", "~> 12.0"
-gem "rspec", "~> 3.0"
+gem 'rake', '~> 12.0'
+gem 'rspec', '~> 3.0'

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    hetzner-k3s (0.4.8)
+    hetzner-k3s (0.5.0)
       bcrypt_pbkdf
       ed25519
       http
@@ -15,12 +15,13 @@ GEM
   specs:
     addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
+    ast (2.4.2)
     bcrypt_pbkdf (1.1.0)
     diff-lcs (1.4.4)
     domain_name (0.5.20190701)
       unf (>= 0.0.5, < 1.0.0)
-    ed25519 (1.2.4)
-    ffi (1.15.4)
+    ed25519 (1.3.0)
+    ffi (1.15.5)
     ffi-compiler (1.0.1)
       ffi (>= 1.0.0)
       rake
@@ -35,8 +36,14 @@ GEM
     http-parser (1.2.3)
       ffi-compiler (>= 1.0, < 2.0)
     net-ssh (6.1.0)
+    parallel (1.21.0)
+    parser (3.1.0.0)
+      ast (~> 2.4.1)
     public_suffix (4.0.6)
+    rainbow (3.1.1)
     rake (12.3.3)
+    regexp_parser (2.2.0)
+    rexml (3.2.5)
     rspec (3.10.0)
       rspec-core (~> 3.10.0)
       rspec-expectations (~> 3.10.0)
@@ -50,12 +57,25 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.10.0)
     rspec-support (3.10.2)
+    rubocop (1.25.1)
+      parallel (~> 1.10)
+      parser (>= 3.1.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.15.1, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.15.1)
+      parser (>= 3.0.1.1)
+    ruby-progressbar (1.11.0)
     sshkey (2.0.0)
     subprocess (1.5.5)
     thor (1.2.1)
     unf (0.1.4)
       unf_ext
     unf_ext (0.0.8)
+    unicode-display_width (2.1.0)
 
 PLATFORMS
   ruby
@@ -64,6 +84,7 @@ DEPENDENCIES
   hetzner-k3s!
   rake (~> 12.0)
   rspec (~> 3.0)
+  rubocop
 
 BUNDLED WITH
    2.3.4

data/README.md

@@ -25,7 +25,7 @@ All that is needed to use this tool is
 
 ## Installation
 
-Once you have the Ruby runtime up and running (2.7.2 or newer in the 2.7 series is recommended at this stage), you just need to install the gem:
+Once you have the Ruby runtime up and running (2.7.2 or newer), you just need to install the gem:
 
 ```bash
 gem install hetzner-k3s
@@ -38,7 +38,7 @@ This will install the `hetzner-k3s` executable in your PATH.
 Alternatively, if you don't want to set up a Ruby runtime but have Docker installed, you can use a container. Run the following from inside the directory where you have the config file for the cluster (described in the next section):
 
 ```bash
-docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.5.0 create-cluster --config-file /cluster/test.yaml
+docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.5.1 create-cluster --config-file /cluster/test.yaml
 ```
 
 Replace `test.yaml` with the name of your config file.
@@ -77,7 +77,7 @@ enable_ipsec_encryption: true
 
 It should hopefully be self explanatory; you can run `hetzner-k3s releases` to see a list of the available releases from the most recent to the oldest available.
 
-If you are using Docker, then set `kubeconfig_path` to `/cluster/kubeconfig` so that the kubeconfig is created in the same directory where your config file is.
+If you are using Docker, then set `kubeconfig_path` to `/cluster/kubeconfig` so that the kubeconfig is created in the same directory where your config file is. Also set the config file path to `/cluster/<filename>`.
 
 If you don't want to specify the Hetzner token in the config file (for example if you want to use the tool with CI), then you can use the `HCLOUD_TOKEN` environment variable instead, which has predecence.
 
@@ -257,6 +257,9 @@ I recommend that you create a separate Hetzner project for each cluster, because
 
 ## changelog
 
+- 0.5.1
+  - Each node pool gets its own placement group. This is to minimize issues due to the max 10 nodes limitation for a single node group. A validation has also been added to limit pools to 10 nodes each because of this.
+
 - 0.5.0
   - Allow installing additional packages when creating the servers
   - Allow enabling ipsec encryption

data/Rakefile

@@ -1,6 +1,8 @@
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
+# frozen_string_literal: true
+
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
 
 RSpec::Core::RakeTask.new(:spec)
 
-task :default => :spec
+task default: :spec

data/bin/build.sh

@@ -6,9 +6,9 @@ set -e
 
 IMAGE="vitobotta/hetzner-k3s"
 
-docker build -t ${IMAGE}:v0.5.0 \
+docker build -t ${IMAGE}:v0.5.1 \
   --platform=linux/amd64 \
-  --cache-from ${IMAGE}:v0.4.9 \
+  --cache-from ${IMAGE}:v0.5.0 \
   --build-arg BUILDKIT_INLINE_CACHE=1 .
 
-docker push vitobotta/hetzner-k3s:v0.5.0
+docker push vitobotta/hetzner-k3s:v0.5.1

data/bin/{console → console.sh}

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 
-require "bundler/setup"
-require "k3s"
+require 'bundler/setup'
+require 'k3s'
 
 # You can add fixtures and/or initialization code here to make experimenting
 # with your gem easier. You can also use a different console, if you like.
@@ -10,5 +10,5 @@ require "k3s"
 # require "pry"
 # Pry.start
 
-require "irb"
+require 'irb'
 IRB.start(__FILE__)

data/hetzner-k3s.gemspec

@@ -1,37 +1,41 @@
+# frozen_string_literal: true
+
 require_relative 'lib/hetzner/k3s/version'
 
 Gem::Specification.new do |spec|
-  spec.name          = "hetzner-k3s"
+  spec.name          = 'hetzner-k3s'
   spec.version       = Hetzner::K3s::VERSION
-  spec.authors       = ["Vito Botta"]
-  spec.email         = ["vito@botta.me"]
+  spec.authors       = ['Vito Botta']
+  spec.email         = ['vito@botta.me']
 
-  spec.summary       = %q{A CLI to create a Kubernetes cluster in Hetzner Cloud very quickly using k3s.}
-  spec.description   = %q{A CLI to create a Kubernetes cluster in Hetzner Cloud very quickly using k3s.}
-  spec.homepage      = "https://github.com/vitobotta/hetzner-k3s"
-  spec.license       = "MIT"
-  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
+  spec.summary       = 'A CLI to create a Kubernetes cluster in Hetzner Cloud very quickly using k3s.'
+  spec.description   = 'A CLI to create a Kubernetes cluster in Hetzner Cloud very quickly using k3s.'
+  spec.homepage      = 'https://github.com/vitobotta/hetzner-k3s'
+  spec.license       = 'MIT'
+  spec.required_ruby_version = Gem::Requirement.new('>= 3.1.0')
 
   # spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
 
-  spec.metadata["homepage_uri"] = spec.homepage
-  spec.metadata["source_code_uri"] = "https://github.com/vitobotta/hetzner-k3s"
-  spec.metadata["changelog_uri"] = "https://github.com/vitobotta/hetzner-k3s"
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = 'https://github.com/vitobotta/hetzner-k3s'
+  spec.metadata['changelog_uri'] = 'https://github.com/vitobotta/hetzner-k3s'
 
-  spec.add_dependency "thor"
-  spec.add_dependency "http"
-  spec.add_dependency "net-ssh"
-  spec.add_dependency "sshkey"
-  spec.add_dependency "ed25519"
-  spec.add_dependency "bcrypt_pbkdf"
-  spec.add_dependency "subprocess"
+  spec.add_dependency 'bcrypt_pbkdf'
+  spec.add_dependency 'ed25519'
+  spec.add_dependency 'http'
+  spec.add_dependency 'net-ssh'
+  spec.add_dependency 'sshkey'
+  spec.add_dependency 'subprocess'
+  spec.add_dependency 'thor'
+  spec.add_development_dependency 'rubocop'
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
-  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
-  spec.bindir        = "exe"
+  spec.bindir        = 'exe'
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
-  spec.require_paths = ["lib"]
+  spec.require_paths = ['lib']
+  spec.metadata['rubygems_mfa_required'] = 'true'
 end

data/lib/hetzner/infra/client.rb

@@ -1,6 +1,8 @@
+# frozen_string_literal: true
+
 module Hetzner
   class Client
-    BASE_URI = "https://api.hetzner.cloud/v1"
+    BASE_URI = 'https://api.hetzner.cloud/v1'
 
     attr_reader :token
 
@@ -22,27 +24,27 @@ module Hetzner
 
     def delete(path, id)
       make_request do
-        HTTP.headers(headers).delete(BASE_URI + path + "/" + id.to_s)
+        HTTP.headers(headers).delete("#{BASE_URI}#{path}/#{id}")
       end
     end
 
     private
 
-      def headers
-        {
-          "Authorization": "Bearer #{@token}",
-          "Content-Type": "application/json"
-        }
-      end
+    def headers
+      {
+        Authorization: "Bearer #{@token}",
+        'Content-Type': 'application/json'
+      }
+    end
 
-      def make_request &block
-        retries ||= 0
+    def make_request(&block)
+      retries ||= 0
 
-        Timeout::timeout(30) do
-          block.call
-        end
-      rescue Timeout::Error
-        retry if (retries += 1) < 3
+      Timeout.timeout(30) do
+        block.call
       end
+    rescue Timeout::Error
+      retry if (retries += 1) < 3
+    end
   end
 end

data/lib/hetzner/infra/firewall.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Hetzner
   class Firewall
     def initialize(hetzner_client:, cluster_name:)
@@ -5,38 +7,39 @@ module Hetzner
       @cluster_name = cluster_name
     end
 
-    def create(ha:, networks:)
-      @ha = ha
+    def create(high_availability:, networks:)
+      @high_availability = high_availability
       @networks = networks
       puts
 
-      if firewall = find_firewall
-        puts "Firewall already exists, skipping."
+      if (firewall = find_firewall)
+        puts 'Firewall already exists, skipping.'
         puts
-        return firewall["id"]
+        return firewall['id']
       end
 
-      puts "Creating firewall..."
+      puts 'Creating firewall...'
 
-      response = hetzner_client.post("/firewalls", create_firewall_config).body
-      puts "...firewall created."
+      response = hetzner_client.post('/firewalls', create_firewall_config).body
+      puts '...firewall created.'
       puts
 
-      JSON.parse(response)["firewall"]["id"]
+      JSON.parse(response)['firewall']['id']
     end
 
     def delete(servers)
-      if firewall = find_firewall
-        puts "Deleting firewall..."
+      if (firewall = find_firewall)
+        puts 'Deleting firewall...'
 
         servers.each do |server|
-          hetzner_client.post("/firewalls/#{firewall["id"]}/actions/remove_from_resources", remove_targets_config(server["id"]))
+          hetzner_client.post("/firewalls/#{firewall['id']}/actions/remove_from_resources",
+                              remove_targets_config(server['id']))
         end
 
-        hetzner_client.delete("/firewalls", firewall["id"])
-        puts "...firewall deleted."
+        hetzner_client.delete('/firewalls', firewall['id'])
+        puts '...firewall deleted.'
       else
-        puts "Firewall no longer exists, skipping."
+        puts 'Firewall no longer exists, skipping.'
       end
 
       puts
@@ -44,87 +47,86 @@ module Hetzner
 
     private
 
-      attr_reader :hetzner_client, :cluster_name, :firewall, :ha, :networks
-
-      def create_firewall_config
-        rules = [
-          {
-            "description": "Allow port 22 (SSH)",
-            "direction": "in",
-            "protocol": "tcp",
-            "port": "22",
-            "source_ips": networks,
-            "destination_ips": []
-          },
-          {
-            "description": "Allow ICMP (ping)",
-            "direction": "in",
-            "protocol": "icmp",
-            "port": nil,
-            "source_ips": [
-              "0.0.0.0/0",
-              "::/0"
-            ],
-            "destination_ips": []
-          },
-          {
-            "description": "Allow all TCP traffic between nodes on the private network",
-            "direction": "in",
-            "protocol": "tcp",
-            "port": "any",
-            "source_ips": [
-              "10.0.0.0/16"
-            ],
-            "destination_ips": []
-          },
-          {
-            "description": "Allow all UDP traffic between nodes on the private network",
-            "direction": "in",
-            "protocol": "udp",
-            "port": "any",
-            "source_ips": [
-              "10.0.0.0/16"
-            ],
-            "destination_ips": []
-          }
-        ]
-
-        unless ha
-          rules << {
-            "description": "Allow port 6443 (Kubernetes API server)",
-            "direction": "in",
-            "protocol": "tcp",
-            "port": "6443",
-            "source_ips": [
-              "0.0.0.0/0",
-              "::/0"
-            ],
-            "destination_ips": []
-          }
-        end
+    attr_reader :hetzner_client, :cluster_name, :firewall, :high_availability, :networks
 
+    def create_firewall_config
+      rules = [
         {
-          name: cluster_name,
-          rules: rules
-        }
-      end
-
-      def remove_targets_config(server_id)
+          description: 'Allow port 22 (SSH)',
+          direction: 'in',
+          protocol: 'tcp',
+          port: '22',
+          source_ips: networks,
+          destination_ips: []
+        },
+        {
+          description: 'Allow ICMP (ping)',
+          direction: 'in',
+          protocol: 'icmp',
+          port: nil,
+          source_ips: [
+            '0.0.0.0/0',
+            '::/0'
+          ],
+          destination_ips: []
+        },
+        {
+          description: 'Allow all TCP traffic between nodes on the private network',
+          direction: 'in',
+          protocol: 'tcp',
+          port: 'any',
+          source_ips: [
+            '10.0.0.0/16'
+          ],
+          destination_ips: []
+        },
         {
-          "remove_from": [
-            {
-              "server": {
-                "id": server_id
-              },
-              "type": "server"
-            }
-          ]
+          description: 'Allow all UDP traffic between nodes on the private network',
+          direction: 'in',
+          protocol: 'udp',
+          port: 'any',
+          source_ips: [
+            '10.0.0.0/16'
+          ],
+          destination_ips: []
+        }
+      ]
+
+      unless high_availability
+        rules << {
+          description: 'Allow port 6443 (Kubernetes API server)',
+          direction: 'in',
+          protocol: 'tcp',
+          port: '6443',
+          source_ips: [
+            '0.0.0.0/0',
+            '::/0'
+          ],
+          destination_ips: []
         }
       end
 
-      def find_firewall
-        hetzner_client.get("/firewalls")["firewalls"].detect{ |firewall| firewall["name"] == cluster_name }
-      end
+      {
+        name: cluster_name,
+        rules:
+      }
+    end
 
+    def remove_targets_config(server_id)
+      {
+        remove_from: [
+          {
+            server: {
+              id: server_id
+            },
+            type: 'server'
+          }
+        ]
+      }
+    end
+
+    def find_firewall
+      hetzner_client.get('/firewalls')['firewalls'].detect { |firewall| firewall['name'] == cluster_name }
+    end
   end
 end