hetzner-k3s 0.5.2 → 0.5.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/README.md +3 -94
- data/bin/build.sh +3 -3
- data/lib/hetzner/infra/server.rb +1 -1
- data/lib/hetzner/k3s/cluster.rb +4 -4
- data/lib/hetzner/k3s/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 3855e58a70b2b16e6ae421669ad22031bc31a66df36aea8ea31d42b060e7192c
|
4
|
+
data.tar.gz: '09042dc486c0bf330ca9d5df2407ae13fac7f7311c4cb3314651b675ffa8c49c'
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 705761dcb4bd361c3f417f44cb3f44d2ae4a8941ce822cec083537f1b24eeb66d15a1e840290b4432d6bd715ccfc5626bf4aa3d811e47772be4775dc9347618f
|
7
|
+
data.tar.gz: c945bc3428e87c465f05a90d7b3b8b8d2ec3ed9f9da55d471a758a287230bbb33074f783bb96a06d36ecc204a41b5b6793044e86df98e2fd1f7c6be0d5549c56
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -14,6 +14,7 @@ Using this tool, creating a highly available k3s cluster with 3 masters for the
|
|
14
14
|
- installing the [Hetzner CSI Driver](https://github.com/hetznercloud/csi-driver) to provision persistent volumes using Hetzner's block storage
|
15
15
|
- installing the [Rancher System Upgrade Controller](https://github.com/rancher/system-upgrade-controller) to make upgrades to a newer version of k3s easy and quick
|
16
16
|
|
17
|
+
See roadmap [here](https://github.com/vitobotta/hetzner-k3s/projects/1) for the features planned or in progress.
|
17
18
|
|
18
19
|
## Requirements
|
19
20
|
|
@@ -38,7 +39,7 @@ This will install the `hetzner-k3s` executable in your PATH.
|
|
38
39
|
Alternatively, if you don't want to set up a Ruby runtime but have Docker installed, you can use a container. Run the following from inside the directory where you have the config file for the cluster (described in the next section):
|
39
40
|
|
40
41
|
```bash
|
41
|
-
docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.5.
|
42
|
+
docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.5.3 create-cluster --config-file /cluster/test.yaml
|
42
43
|
```
|
43
44
|
|
44
45
|
Replace `test.yaml` with the name of your config file.
|
@@ -72,7 +73,7 @@ worker_node_pools:
|
|
72
73
|
instance_count: 2
|
73
74
|
additional_packages:
|
74
75
|
- somepackage
|
75
|
-
|
76
|
+
enable_encryption: true
|
76
77
|
```
|
77
78
|
|
78
79
|
It should hopefully be self explanatory; you can run `hetzner-k3s releases` to see a list of the available releases from the most recent to the oldest available.
|
@@ -255,98 +256,6 @@ Once the cluster is ready you can create persistent volumes out of the box with
|
|
255
256
|
I recommend that you create a separate Hetzner project for each cluster, because otherwise multiple clusters will attempt to create overlapping routes. I will make the pod cidr configurable in the future to avoid this, but I still recommend keeping clusters separated from each other. This way, if you want to delete a cluster with all the resources created for it, you can just delete the project.
|
256
257
|
|
257
258
|
|
258
|
-
## changelog
|
259
|
-
|
260
|
-
- 0.5.2
|
261
|
-
- Ensure that in a HA cluster the nodes connect to the load balancer for the API server, instead of the first master
|
262
|
-
|
263
|
-
- 0.5.1
|
264
|
-
- Each node pool gets its own placement group. This is to minimize issues due to the max 10 nodes limitation for a single node group. A validation has also been added to limit pools to 10 nodes each because of this.
|
265
|
-
|
266
|
-
- 0.5.0
|
267
|
-
- Allow installing additional packages when creating the servers
|
268
|
-
- Allow enabling ipsec encryption
|
269
|
-
|
270
|
-
- 0.4.9
|
271
|
-
- Ensure the program always exits with exit code 1 if the config file fails validation
|
272
|
-
- Upgrade System Upgrade Controller to 0.8.1
|
273
|
-
- Remove dependency on unmaintained gem k8s-ruby
|
274
|
-
- Make the gem compatible with Ruby 3.1.0
|
275
|
-
|
276
|
-
- 0.4.8
|
277
|
-
- Increase timeout with API requests to 30 seconds
|
278
|
-
- Limit number of retries for API requests to 3
|
279
|
-
- Ensure all version tags are listed for k3s (thanks @janosmiko)
|
280
|
-
|
281
|
-
- 0.4.7
|
282
|
-
- Made it possible to specify a custom image/snapshot for the servers
|
283
|
-
|
284
|
-
- 0.4.6
|
285
|
-
- Added a check to abort gracefully when for some reason one or more servers are not created, for example due to temporary problems with the Hetzner API.
|
286
|
-
|
287
|
-
- 0.4.5
|
288
|
-
- Fix network creation (bug introduced in the previous version)
|
289
|
-
|
290
|
-
- 0.4.4
|
291
|
-
- Add support for the new Ashburn, Virginia (USA) location
|
292
|
-
- Automatically use a placement group so that the instances are all created on different physical hosts for high availability
|
293
|
-
|
294
|
-
- 0.4.3
|
295
|
-
- Fix an issue with SSH key creation
|
296
|
-
|
297
|
-
- 0.4.2
|
298
|
-
- Update Hetzner CSI driver to v1.6.0
|
299
|
-
- Update System Upgrade Controller to v0.8.0
|
300
|
-
|
301
|
-
- 0.4.1
|
302
|
-
- Allow to optionally specify the path of the private SSH key
|
303
|
-
- Set correct permissions for the kubeconfig file
|
304
|
-
- Retry fetching manifests a few times to allow for temporary network issues
|
305
|
-
- Allow to optionally schedule workloads on masters
|
306
|
-
- Allow clusters with no worker node pools if scheduling is enabled for the masters
|
307
|
-
|
308
|
-
- 0.4.0
|
309
|
-
- Ensure the masters are removed from the API load balancer before deleting the load balancer
|
310
|
-
- Ensure the servers are removed from the firewall before deleting it
|
311
|
-
- Allow using an environment variable to specify the Hetzner token
|
312
|
-
- Allow restricting SSH access to the nodes to specific networks
|
313
|
-
- Do not open the port 6443 on the nodes if a load balancer is created for an HA cluster
|
314
|
-
|
315
|
-
- 0.3.9
|
316
|
-
- Add command "version" to print the version of the tool in use
|
317
|
-
|
318
|
-
- 0.3.8
|
319
|
-
- Fix: added a check on a label to ensure that only servers that belong to the cluster are deleted from the project
|
320
|
-
|
321
|
-
- 0.3.7
|
322
|
-
- Ensure that the cluster name only contains lowercase letters, digits and dashes for compatibility with the cloud controller manager
|
323
|
-
|
324
|
-
- 0.3.6
|
325
|
-
- Retry SSH commands when IO errors occur
|
326
|
-
|
327
|
-
- 0.3.5
|
328
|
-
- Add descriptions for firewall rules
|
329
|
-
|
330
|
-
- 0.3.4
|
331
|
-
- Added Docker support
|
332
|
-
|
333
|
-
- 0.3.3
|
334
|
-
- Add some gems required on Linux
|
335
|
-
|
336
|
-
- 0.3.2
|
337
|
-
- Configure DNS to use Cloudflare's resolver instead of Hetzner's, since Hetzner's resolvers are not always reliable
|
338
|
-
|
339
|
-
- 0.3.1
|
340
|
-
- Allow enabling/disabling the host key verification
|
341
|
-
|
342
|
-
- 0.3.0
|
343
|
-
- Handle case when an SSH key with the given fingerprint already exists in the Hetzner project
|
344
|
-
- Handle a timeout of 5 seconds for requests to the Hetzner API
|
345
|
-
- Retry waiting for server to be up when timeouts/host-unreachable errors occur
|
346
|
-
- Ignore known_hosts entry to prevent errors when recreating servers with IPs that have been used previously
|
347
|
-
|
348
|
-
- 0.2.0
|
349
|
-
- Allow mixing servers of different series Intel/AMD
|
350
259
|
## Contributing and support
|
351
260
|
|
352
261
|
Please create a PR if you want to propose any changes, or open an issue if you are having trouble with the tool - I will do my best to help if I can.
|
data/bin/build.sh
CHANGED
@@ -6,9 +6,9 @@ set -e
|
|
6
6
|
|
7
7
|
IMAGE="vitobotta/hetzner-k3s"
|
8
8
|
|
9
|
-
docker build -t ${IMAGE}:v0.5.
|
9
|
+
docker build -t ${IMAGE}:v0.5.3 \
|
10
10
|
--platform=linux/amd64 \
|
11
|
-
--cache-from ${IMAGE}:v0.5.
|
11
|
+
--cache-from ${IMAGE}:v0.5.2 \
|
12
12
|
--build-arg BUILDKIT_INLINE_CACHE=1 .
|
13
13
|
|
14
|
-
docker push vitobotta/hetzner-k3s:v0.5.
|
14
|
+
docker push vitobotta/hetzner-k3s:v0.5.3
|
data/lib/hetzner/infra/server.rb
CHANGED
data/lib/hetzner/k3s/cluster.rb
CHANGED
@@ -38,7 +38,7 @@ class Cluster
|
|
38
38
|
@verify_host_key = configuration.fetch('verify_host_key', false)
|
39
39
|
@servers = []
|
40
40
|
@networks = configuration['ssh_allowed_networks']
|
41
|
-
@
|
41
|
+
@enable_encryption = configuration.fetch('enable_encryption', false)
|
42
42
|
|
43
43
|
create_resources
|
44
44
|
|
@@ -81,7 +81,7 @@ class Cluster
|
|
81
81
|
:location, :public_ssh_key_path,
|
82
82
|
:hetzner_token, :new_k3s_version, :configuration,
|
83
83
|
:config_file, :verify_host_key, :networks, :private_ssh_key_path,
|
84
|
-
:
|
84
|
+
:enable_encryption
|
85
85
|
|
86
86
|
def find_worker_node_pools(configuration)
|
87
87
|
configuration.fetch('worker_node_pools', [])
|
@@ -190,7 +190,7 @@ class Cluster
|
|
190
190
|
def master_script(master)
|
191
191
|
server = master == first_master ? ' --cluster-init ' : " --server https://#{api_server_ip}:6443 "
|
192
192
|
flannel_interface = find_flannel_interface(master)
|
193
|
-
|
193
|
+
flannel_wireguard = enable_encryption ? ' --flannel-backend=wireguard ' : ' '
|
194
194
|
|
195
195
|
taint = schedule_workloads_on_masters? ? ' ' : ' --node-taint CriticalAddonsOnly=true:NoExecute '
|
196
196
|
|
@@ -205,7 +205,7 @@ class Cluster
|
|
205
205
|
--node-name="$(hostname -f)" \
|
206
206
|
--cluster-cidr=10.244.0.0/16 \
|
207
207
|
--etcd-expose-metrics=true \
|
208
|
-
#{
|
208
|
+
#{flannel_wireguard} \
|
209
209
|
--kube-controller-manager-arg="address=0.0.0.0" \
|
210
210
|
--kube-controller-manager-arg="bind-address=0.0.0.0" \
|
211
211
|
--kube-proxy-arg="metrics-bind-address=0.0.0.0" \
|
data/lib/hetzner/k3s/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hetzner-k3s
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Vito Botta
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-02-
|
11
|
+
date: 2022-02-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bcrypt_pbkdf
|