RubyGems - hetzner-k3s - Versions diffs - 0.5.2 → 0.5.3 - Mend

hetzner-k3s 0.5.2 → 0.5.3

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 45de69f63ea8c675489cc385a2860c798923f42af6e9fa4af791042ae57aa7dd
-  data.tar.gz: 778c30870784ee1d0f9bcb4b102639bc8f295faa60eca8bb9d0ef7ff56905c9a
+  metadata.gz: 3855e58a70b2b16e6ae421669ad22031bc31a66df36aea8ea31d42b060e7192c
+  data.tar.gz: '09042dc486c0bf330ca9d5df2407ae13fac7f7311c4cb3314651b675ffa8c49c'
 SHA512:
-  metadata.gz: 301590287388f2c512e66504558d88fe7e31237c0525a37f96ca5f090190421a2841c66a59f1be2b5a45c632f5ad6799ecab4894058335387fbdce6927b3c7a3
-  data.tar.gz: 3715433adfe0f43889f33962844d54d30017b1a85c5c9ff0a6c21b70980e3b01dbdb431020441404654845d46044643725b8558dc6c0fff49992ab6297ebed71
+  metadata.gz: 705761dcb4bd361c3f417f44cb3f44d2ae4a8941ce822cec083537f1b24eeb66d15a1e840290b4432d6bd715ccfc5626bf4aa3d811e47772be4775dc9347618f
+  data.tar.gz: c945bc3428e87c465f05a90d7b3b8b8d2ec3ed9f9da55d471a758a287230bbb33074f783bb96a06d36ecc204a41b5b6793044e86df98e2fd1f7c6be0d5549c56

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    hetzner-k3s (0.5.0)
+    hetzner-k3s (0.5.3)
       bcrypt_pbkdf
       ed25519
       http

data/README.md CHANGED Viewed

@@ -14,6 +14,7 @@ Using this tool, creating a highly available k3s cluster with 3 masters for the
 - installing the [Hetzner CSI Driver](https://github.com/hetznercloud/csi-driver) to provision persistent volumes using Hetzner's block storage
 - installing the [Rancher System Upgrade Controller](https://github.com/rancher/system-upgrade-controller) to make upgrades to a newer version of k3s easy and quick
+See roadmap [here](https://github.com/vitobotta/hetzner-k3s/projects/1) for the features planned or in progress.
 ## Requirements
@@ -38,7 +39,7 @@ This will install the `hetzner-k3s` executable in your PATH.
 Alternatively, if you don't want to set up a Ruby runtime but have Docker installed, you can use a container. Run the following from inside the directory where you have the config file for the cluster (described in the next section):
 ```bash
-docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.5.1 create-cluster --config-file /cluster/test.yaml
+docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.5.3 create-cluster --config-file /cluster/test.yaml
 ```
 Replace `test.yaml` with the name of your config file.
@@ -72,7 +73,7 @@ worker_node_pools:
   instance_count: 2
 additional_packages:
 - somepackage
-enable_ipsec_encryption: true
+enable_encryption: true
 ```
 It should hopefully be self explanatory; you can run `hetzner-k3s releases` to see a list of the available releases from the most recent to the oldest available.
@@ -255,98 +256,6 @@ Once the cluster is ready you can create persistent volumes out of the box with
 I recommend that you create a separate Hetzner project for each cluster, because otherwise multiple clusters will attempt to create overlapping routes. I will make the pod cidr configurable in the future to avoid this, but I still recommend keeping clusters separated from each other. This way, if you want to delete a cluster with all the resources created for it, you can just delete the project.
-## changelog
-- 0.5.2
-  - Ensure that in a HA cluster the nodes connect to the load balancer for the API server, instead of the first master
-- 0.5.1
-  - Each node pool gets its own placement group. This is to minimize issues due to the max 10 nodes limitation for a single node group. A validation has also been added to limit pools to 10 nodes each because of this.
-- 0.5.0
-  - Allow installing additional packages when creating the servers
-  - Allow enabling ipsec encryption
-- 0.4.9
-  - Ensure the program always exits with exit code 1 if the config file fails validation
-  - Upgrade System Upgrade Controller to 0.8.1
-  - Remove dependency on unmaintained gem k8s-ruby
-  - Make the gem compatible with Ruby 3.1.0
-- 0.4.8
-  - Increase timeout with API requests to 30 seconds
-  - Limit number of retries for API requests to 3
-  - Ensure all version tags are listed for k3s (thanks @janosmiko)
-- 0.4.7
-  - Made it possible to specify a custom image/snapshot for the servers
-- 0.4.6
-  - Added a check to abort gracefully when for some reason one or more servers are not created, for example due to temporary problems with the Hetzner API.
-- 0.4.5
-  - Fix network creation (bug introduced in the previous version)
-- 0.4.4
-  - Add support for the new Ashburn, Virginia (USA) location
-  - Automatically use a placement group so that the instances are all created on different physical hosts for high availability
-- 0.4.3
-  - Fix an issue with SSH key creation
-- 0.4.2
-  - Update Hetzner CSI driver to v1.6.0
-  - Update System Upgrade Controller to v0.8.0
-- 0.4.1
-  - Allow to optionally specify the path of the private SSH key
-  - Set correct permissions for the kubeconfig file
-  - Retry fetching manifests a few times to allow for temporary network issues
-  - Allow to optionally schedule workloads on masters
-  - Allow clusters with no worker node pools if scheduling is enabled for the masters
-- 0.4.0
-  - Ensure the masters are removed from the API load balancer before deleting the load balancer
-  - Ensure the servers are removed from the firewall before deleting it
-  - Allow using an environment variable to specify the Hetzner token
-  - Allow restricting SSH access to the nodes to specific networks
-  - Do not open the port 6443 on the nodes if a load balancer is created for an HA cluster
-- 0.3.9
-  - Add command "version" to print the version of the tool in use
-- 0.3.8
-  - Fix: added a check on a label to ensure that only servers that belong to the cluster are deleted from the project
-- 0.3.7
-  - Ensure that the cluster name only contains lowercase letters, digits and dashes for compatibility with the cloud controller manager
-- 0.3.6
-  - Retry SSH commands when IO errors occur
-- 0.3.5
-  - Add descriptions for firewall rules
-- 0.3.4
-  - Added Docker support
-- 0.3.3
-  - Add some gems required on Linux
-- 0.3.2
-  - Configure DNS to use Cloudflare's resolver instead of Hetzner's, since Hetzner's resolvers are not always reliable
-- 0.3.1
-  - Allow enabling/disabling the host key verification
-- 0.3.0
-  - Handle case when an SSH key with the given fingerprint already exists in the Hetzner project
-  - Handle a timeout of 5 seconds for requests to the Hetzner API
-  - Retry waiting for server to be up when timeouts/host-unreachable errors occur
-  - Ignore known_hosts entry to prevent errors when recreating servers with IPs that have been used previously
-- 0.2.0
-  - Allow mixing servers of different series Intel/AMD
 ## Contributing and support
 Please create a PR if you want to propose any changes, or open an issue if you are having trouble with the tool - I will do my best to help if I can.

data/bin/build.sh CHANGED Viewed

@@ -6,9 +6,9 @@ set -e
 IMAGE="vitobotta/hetzner-k3s"
-docker build -t ${IMAGE}:v0.5.2 \
+docker build -t ${IMAGE}:v0.5.3 \
   --platform=linux/amd64 \
-  --cache-from ${IMAGE}:v0.5.1 \
+  --cache-from ${IMAGE}:v0.5.2 \
   --build-arg BUILDKIT_INLINE_CACHE=1 .
-docker push vitobotta/hetzner-k3s:v0.5.2
+docker push vitobotta/hetzner-k3s:v0.5.3

data/lib/hetzner/infra/server.rb CHANGED Viewed

@@ -81,7 +81,7 @@ module Hetzner
     end
     def user_data
-      packages = ['fail2ban']
+      packages = ['fail2ban', 'wireguard']
       packages += additional_packages if additional_packages
       packages = "'#{packages.join("', '")}'"

data/lib/hetzner/k3s/cluster.rb CHANGED Viewed

@@ -38,7 +38,7 @@ class Cluster
     @verify_host_key = configuration.fetch('verify_host_key', false)
     @servers = []
     @networks = configuration['ssh_allowed_networks']
-    @enable_ipsec_encryption = configuration.fetch('enable_ipsec_encryption', false)
+    @enable_encryption = configuration.fetch('enable_encryption', false)
     create_resources
@@ -81,7 +81,7 @@ class Cluster
               :location, :public_ssh_key_path,
               :hetzner_token, :new_k3s_version, :configuration,
               :config_file, :verify_host_key, :networks, :private_ssh_key_path,
-              :enable_ipsec_encryption
+              :enable_encryption
   def find_worker_node_pools(configuration)
     configuration.fetch('worker_node_pools', [])
@@ -190,7 +190,7 @@ class Cluster
   def master_script(master)
     server = master == first_master ? ' --cluster-init ' : " --server https://#{api_server_ip}:6443 "
     flannel_interface = find_flannel_interface(master)
-    flannel_ipsec = enable_ipsec_encryption ? ' --flannel-backend=ipsec ' : ' '
+    flannel_wireguard = enable_encryption ? ' --flannel-backend=wireguard ' : ' '
     taint = schedule_workloads_on_masters? ? ' ' : ' --node-taint CriticalAddonsOnly=true:NoExecute '
@@ -205,7 +205,7 @@ class Cluster
         --node-name="$(hostname -f)" \
         --cluster-cidr=10.244.0.0/16 \
         --etcd-expose-metrics=true \
-        #{flannel_ipsec} \
+        #{flannel_wireguard} \
         --kube-controller-manager-arg="address=0.0.0.0" \
         --kube-controller-manager-arg="bind-address=0.0.0.0" \
         --kube-proxy-arg="metrics-bind-address=0.0.0.0" \

data/lib/hetzner/k3s/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Hetzner
   module K3s
-    VERSION = '0.5.2'
+    VERSION = '0.5.3'
   end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hetzner-k3s
 version: !ruby/object:Gem::Version
-  version: 0.5.2
+  version: 0.5.3
 platform: ruby
 authors:
 - Vito Botta
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2022-02-08 00:00:00.000000000 Z
+date: 2022-02-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt_pbkdf