hetzner-k3s 0.6.1 → 0.6.2.pre1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +3 -3
- data/README.md +62 -22
- data/cluster_config.yaml.example +29 -0
- data/hetzner-k3s.gemspec +1 -1
- data/lib/hetzner/k3s/version.rb +1 -1
- data/lib/hetzner/utils.rb +0 -6
- metadata +7 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a97992a61bdf146f57c09744881d926bde5c808b6a82bd330ff244c4e27e3f8e
|
4
|
+
data.tar.gz: b03fbb20e031b39169aab50875581eeebc9ccd038587687b0df603e6bde81d6e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8f9f1267f70b726032d950f77304525e23d8fbc64104786eb90d14f2f961f5e41305b73703489b73e0363b67b58031a2f28d60f50a6a93d2c40070fe8ec9ea09
|
7
|
+
data.tar.gz: 96bd346cdc5a14f7794d23d2e043612b70b1d329a883c25a6eef09e926cf549a37725b8878dfb85ee71a5cea870739da9f7d21d3a21fa2077ba2e78f7c99007a
|
data/Gemfile.lock
CHANGED
@@ -1,12 +1,12 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
hetzner-k3s (0.6.
|
4
|
+
hetzner-k3s (0.6.2.pre1)
|
5
5
|
bcrypt_pbkdf
|
6
6
|
childprocess
|
7
7
|
ed25519
|
8
8
|
httparty
|
9
|
-
net-ssh
|
9
|
+
net-ssh (= 6.0.2)
|
10
10
|
sshkey
|
11
11
|
thor
|
12
12
|
|
@@ -25,7 +25,7 @@ GEM
|
|
25
25
|
mime-types-data (~> 3.2015)
|
26
26
|
mime-types-data (3.2022.0105)
|
27
27
|
multi_xml (0.6.0)
|
28
|
-
net-ssh (
|
28
|
+
net-ssh (6.0.2)
|
29
29
|
parallel (1.20.1)
|
30
30
|
parser (3.1.2.1)
|
31
31
|
ast (~> 2.4.1)
|
data/README.md
CHANGED
@@ -1,6 +1,20 @@
|
|
1
1
|
# Create production grade Kubernetes clusters in Hetzner Cloud in a couple of minutes or less
|
2
2
|
|
3
|
-
|
3
|
+
![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/vitobotta/hetzner-k3s)
|
4
|
+
![GitHub Release Date](https://img.shields.io/github/release-date/vitobotta/hetzner-k3s)
|
5
|
+
![GitHub last commit](https://img.shields.io/github/last-commit/vitobotta/hetzner-k3s)
|
6
|
+
![GitHub Workflow Status](https://img.shields.io/github/workflow/status/vitobotta/hetzner-k3s/Create%20Release)
|
7
|
+
![GitHub issues](https://img.shields.io/github/issues-raw/vitobotta/hetzner-k3s)
|
8
|
+
![GitHub pull requests](https://img.shields.io/github/issues-pr-raw/vitobotta/hetzner-k3s)
|
9
|
+
![GitHub](https://img.shields.io/github/license/vitobotta/hetzner-k3s)
|
10
|
+
![GitHub Discussions](https://img.shields.io/github/discussions/vitobotta/hetzner-k3s)
|
11
|
+
![GitHub top language](https://img.shields.io/github/languages/top/vitobotta/hetzner-k3s)
|
12
|
+
|
13
|
+
![GitHub forks](https://img.shields.io/github/forks/vitobotta/hetzner-k3s?style=social)
|
14
|
+
![GitHub Repo stars](https://img.shields.io/github/stars/vitobotta/hetzner-k3s?style=social)
|
15
|
+
## What is this?
|
16
|
+
|
17
|
+
This is a CLI tool to quickly create and manage Kubernetes clusters in [Hetzner Cloud](https://www.hetzner.com/cloud) using the lightweight Kubernetes distribution [k3s](https://k3s.io/) from [Rancher](https://rancher.com/).
|
4
18
|
|
5
19
|
Hetzner Cloud is an awesome cloud provider which offers a truly great service with the best performance/cost ratio in the market. With Hetzner's Cloud Controller Manager and CSI driver you can provision load balancers and persistent volumes very easily.
|
6
20
|
|
@@ -8,7 +22,7 @@ k3s is my favorite Kubernetes distribution now because it uses much less memory
|
|
8
22
|
|
9
23
|
Using this tool, creating a highly available k3s cluster with 3 masters for the control plane and 3 worker nodes takes about **a couple of minutes** only. This includes
|
10
24
|
|
11
|
-
- creating the
|
25
|
+
- creating the infrastructure resources (servers, private network, firewall, load balancer for the API server for HA clusters)
|
12
26
|
- deploying k3s to the nodes
|
13
27
|
- installing the [Hetzner Cloud Controller Manager](https://github.com/hetznercloud/hcloud-cloud-controller-manager) to provision load balancers right away
|
14
28
|
- installing the [Hetzner CSI Driver](https://github.com/hetznercloud/csi-driver) to provision persistent volumes using Hetzner's block storage
|
@@ -18,19 +32,36 @@ See roadmap [here](https://github.com/vitobotta/hetzner-k3s/projects/1) for the
|
|
18
32
|
|
19
33
|
Also see this [wiki page](https://github.com/vitobotta/hetzner-k3s/wiki/Tutorial:---Setting-up-a-cluster) for a tutorial on how to set up a cluster with the most common setup to get you started.
|
20
34
|
|
21
|
-
|
35
|
+
___
|
36
|
+
## Who am I?
|
37
|
+
|
38
|
+
I'm a Senior Backend Engineer and DevOps based in Finland and working for event management platform [Brella](https://www.brella.io/).
|
39
|
+
|
40
|
+
I also write a [technical blog](https://vitobotta.com/) on programming, DevOps and related technologies.
|
41
|
+
|
42
|
+
___
|
43
|
+
## Prerequisites
|
22
44
|
|
23
45
|
All that is needed to use this tool is
|
24
46
|
|
25
47
|
- an Hetzner Cloud account
|
26
|
-
- an Hetzner Cloud token: for this you need to create a project from the cloud console, and then an API token with **both read and write permissions** (sidebar > Security > API Tokens); you will see the token only once, so
|
27
|
-
- a recent Ruby runtime installed (see [this page](https://www.ruby-lang.org/en/documentation/installation/) for instructions if you are not familiar with Ruby). I
|
48
|
+
- an Hetzner Cloud token: for this you need to create a project from the cloud console, and then an API token with **both read and write permissions** (sidebar > Security > API Tokens); you will see the token only once, so be sure to take note of it somewhere safe
|
49
|
+
- a recent Ruby runtime installed if you install the tool as Ruby gem (see [this page](https://www.ruby-lang.org/en/documentation/installation/) for instructions if you are not familiar with Ruby). I recommend you use the standalone binaries either downloaded directly or installed with Homebrew though, since it's easier and you don't have to set up Ruby.
|
50
|
+
|
51
|
+
___
|
52
|
+
## Getting Started - Installation
|
28
53
|
|
29
|
-
|
54
|
+
Before using the tool, be sure to have kubectl installed as it's required to install some software in the cluster to provision load balancers/persistent volumes and perform k3s upgrades.
|
30
55
|
|
31
|
-
|
56
|
+
### macOS
|
57
|
+
|
58
|
+
#### With Homebrew
|
59
|
+
|
60
|
+
```bash
|
61
|
+
brew install vitobotta/tap/hetzner-k3s
|
62
|
+
```
|
32
63
|
|
33
|
-
|
64
|
+
#### Binary installation (Intel)
|
34
65
|
|
35
66
|
```bash
|
36
67
|
wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.1/hetzner-k3s-mac-amd64
|
@@ -38,7 +69,7 @@ chmod +x hetzner-k3s-mac-x64
|
|
38
69
|
sudo mv hetzner-k3s-mac-x64 /usr/local/bin/hetzner-k3s
|
39
70
|
```
|
40
71
|
|
41
|
-
|
72
|
+
#### Binary installation (Apple Silicon/M1)
|
42
73
|
|
43
74
|
```bash
|
44
75
|
wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.1/hetzner-k3s-mac-arm64
|
@@ -52,11 +83,13 @@ NOTE: currently the ARM version still requires [Rosetta](https://support.apple.c
|
|
52
83
|
|
53
84
|
```bash
|
54
85
|
wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.1/hetzner-k3s-linux-x86_64
|
55
|
-
chmod +x hetzner-k3s-linux-
|
56
|
-
sudo mv hetzner-k3s-linux-
|
86
|
+
chmod +x hetzner-k3s-linux-x86_64
|
87
|
+
sudo mv hetzner-k3s-linux-x86_64 /usr/local/bin/hetzner-k3s
|
57
88
|
```
|
58
89
|
|
59
|
-
###
|
90
|
+
### macOS, Linux, Windows
|
91
|
+
|
92
|
+
#### As Ruby gem executable
|
60
93
|
|
61
94
|
Once you have the Ruby runtime up and running (2.7.1 required), you just need to install the gem:
|
62
95
|
|
@@ -66,7 +99,7 @@ gem install hetzner-k3s
|
|
66
99
|
|
67
100
|
This will install the `hetzner-k3s` executable in your PATH.
|
68
101
|
|
69
|
-
|
102
|
+
#### With Docker
|
70
103
|
|
71
104
|
Alternatively, if you don't want to set up a Ruby runtime but have Docker installed, you can use a container. Run the following from inside the directory where you have the config file for the cluster (described in the next section):
|
72
105
|
|
@@ -81,6 +114,8 @@ docker run --rm -it \
|
|
81
114
|
|
82
115
|
Replace `test.yaml` with the name of your config file.
|
83
116
|
|
117
|
+
___
|
118
|
+
|
84
119
|
## Creating a cluster
|
85
120
|
|
86
121
|
The tool requires a simple configuration file in order to create/upgrade/delete clusters, in the YAML format like in the example below:
|
@@ -137,10 +172,9 @@ enable_encryption: true
|
|
137
172
|
# - arg1
|
138
173
|
# - ...
|
139
174
|
# existing_network: <specify if you want to use an existing network, otherwise one will be created for this cluster>
|
140
|
-
|
141
175
|
```
|
142
176
|
|
143
|
-
It should hopefully be self explanatory; you can run `hetzner-k3s releases` to see a list of the available releases
|
177
|
+
It should hopefully be self explanatory; you can run `hetzner-k3s releases` to see a list of the available k3s releases.
|
144
178
|
|
145
179
|
If you are using Docker, then set `kubeconfig_path` to `/cluster/kubeconfig` so that the kubeconfig is created in the same directory where your config file is. Also set the config file path to `/cluster/<filename>`.
|
146
180
|
|
@@ -149,7 +183,6 @@ If you don't want to specify the Hetzner token in the config file (for example i
|
|
149
183
|
**Important**: The tool assignes the label `cluster` to each server it creates, with the cluster name you specify in the config file, as the value. So please ensure you don't create unrelated servers in the same project having
|
150
184
|
the label `cluster=<cluster name>`, because otherwise they will be deleted if you delete the cluster. I recommend you create a separate Hetzner project for each cluster, see note at the end of this README for more details.
|
151
185
|
|
152
|
-
|
153
186
|
If you set `masters.instance_count` to 1 then the tool will create a non highly available control plane; for production clusters you may want to set it to a number greater than 1. This number must be odd to avoid split brain issues with etcd and the recommended number is 3.
|
154
187
|
|
155
188
|
You can specify any number of worker node pools for example to have mixed nodes with different specs for different workloads.
|
@@ -188,7 +221,7 @@ Finally, to create the cluster run:
|
|
188
221
|
hetzner-k3s create-cluster --config-file cluster_config.yaml
|
189
222
|
```
|
190
223
|
|
191
|
-
This will take a
|
224
|
+
This will take a few minutes depending on the number of masters and worker nodes.
|
192
225
|
|
193
226
|
If you are creating an HA cluster and see the following in the output you can safely ignore it - it happens when additional masters are joining the first one:
|
194
227
|
|
@@ -229,6 +262,7 @@ In a future relese I will add some automation for the cleanup.
|
|
229
262
|
|
230
263
|
It's easy to convert a non-HA with a single master cluster to HA with multiple masters. Just change the masters instance count and re-run the create command. This will create a load balancer for the API server and update the kubeconfig so that all the API requests go through the load balancer.
|
231
264
|
|
265
|
+
___
|
232
266
|
## Upgrading to a new version of k3s
|
233
267
|
|
234
268
|
If it's the first time you upgrade the cluster, all you need to do to upgrade it to a newer version of k3s is run the following command:
|
@@ -277,7 +311,7 @@ A final note about upgrades is that if for some reason the upgrade gets stuck af
|
|
277
311
|
```bash
|
278
312
|
kubectl label node <master1> <master2> <master2> plan.upgrade.cattle.io/k3s-server=upgraded
|
279
313
|
```
|
280
|
-
|
314
|
+
___
|
281
315
|
## Upgrading the OS on nodes
|
282
316
|
|
283
317
|
- consider adding a temporary node during the process if you don't have enough spare capacity in the cluster
|
@@ -287,6 +321,7 @@ kubectl label node <master1> <master2> <master2> plan.upgrade.cattle.io/k3s-serv
|
|
287
321
|
- uncordon
|
288
322
|
- proceed with the next node
|
289
323
|
|
324
|
+
___
|
290
325
|
## Deleting a cluster
|
291
326
|
|
292
327
|
To delete a cluster, running
|
@@ -297,7 +332,11 @@ hetzner-k3s delete-cluster --config-file cluster_config.yaml
|
|
297
332
|
|
298
333
|
This will delete all the resources in the Hetzner Cloud project for the cluster being deleted.
|
299
334
|
|
335
|
+
## Troubleshooting
|
336
|
+
|
337
|
+
See [this page](https://github.com/vitobotta/hetzner-k3s/wiki/Troubleshooting) for solutions to common issues.
|
300
338
|
|
339
|
+
___
|
301
340
|
## Additional info
|
302
341
|
|
303
342
|
### Load balancers
|
@@ -323,16 +362,15 @@ The annotation `load-balancer.hetzner.cloud/use-private-ip: "true"` ensures that
|
|
323
362
|
|
324
363
|
The other annotations should be self explanatory. You can find a list of the available annotations [here](https://pkg.go.dev/github.com/hetznercloud/hcloud-cloud-controller-manager/internal/annotation).
|
325
364
|
|
326
|
-
|
365
|
+
### Persistent volumes
|
327
366
|
|
328
367
|
Once the cluster is ready you can create persistent volumes out of the box with the default storage class `hcloud-volumes`, since the Hetzner CSI driver is installed automatically. This will use Hetzner's block storage (based on Ceph so it's replicated and highly available) for your persistent volumes. Note that the minimum size of a volume is 10Gi. If you specify a smaller size for a volume, the volume will be created with a capacity of 10Gi anyway.
|
329
368
|
|
330
|
-
|
331
|
-
## Keeping a project per cluster
|
369
|
+
### Keeping a project per cluster
|
332
370
|
|
333
371
|
I recommend that you create a separate Hetzner project for each cluster, because otherwise multiple clusters will attempt to create overlapping routes. I will make the pod cidr configurable in the future to avoid this, but I still recommend keeping clusters separated from each other. This way, if you want to delete a cluster with all the resources created for it, you can just delete the project.
|
334
372
|
|
335
|
-
|
373
|
+
___
|
336
374
|
## Contributing and support
|
337
375
|
|
338
376
|
Please create a PR if you want to propose any changes, or open an issue if you are having trouble with the tool - I will do my best to help if I can.
|
@@ -341,10 +379,12 @@ Contributors:
|
|
341
379
|
|
342
380
|
- [TitanFighter](https://github.com/TitanFighter) for [this awesome tutorial](https://github.com/vitobotta/hetzner-k3s/wiki/Tutorial:---Setting-up-a-cluster)
|
343
381
|
|
382
|
+
___
|
344
383
|
## License
|
345
384
|
|
346
385
|
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
347
386
|
|
387
|
+
___
|
348
388
|
## Code of Conduct
|
349
389
|
|
350
390
|
Everyone interacting in the hetzner-k3s project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/vitobotta/hetzner-k3s/blob/main/CODE_OF_CONDUCT.md).
|
data/cluster_config.yaml.example
CHANGED
@@ -7,6 +7,8 @@ public_ssh_key_path: "~/.ssh/id_rsa.pub"
|
|
7
7
|
private_ssh_key_path: "~/.ssh/id_rsa"
|
8
8
|
ssh_allowed_networks:
|
9
9
|
- 0.0.0.0/0
|
10
|
+
api_allowed_networks:
|
11
|
+
- 0.0.0.0/0
|
10
12
|
verify_host_key: false
|
11
13
|
location: nbg1
|
12
14
|
schedule_workloads_on_masters: false
|
@@ -20,3 +22,30 @@ worker_node_pools:
|
|
20
22
|
- name: big
|
21
23
|
instance_type: cpx31
|
22
24
|
instance_count: 2
|
25
|
+
additional_packages:
|
26
|
+
- somepackage
|
27
|
+
post_create_commands:
|
28
|
+
- apt update
|
29
|
+
- apt upgrade -y
|
30
|
+
- apt autoremove -y
|
31
|
+
- shutdown -r now
|
32
|
+
enable_encryption: true
|
33
|
+
# kube_api_server_args:
|
34
|
+
# - arg1
|
35
|
+
# - ...
|
36
|
+
# kube_scheduler_args:
|
37
|
+
# - arg1
|
38
|
+
# - ...
|
39
|
+
# kube_controller_manager_args:
|
40
|
+
# - arg1
|
41
|
+
# - ...
|
42
|
+
# kube_cloud_controller_manager_args:
|
43
|
+
# - arg1
|
44
|
+
# - ...
|
45
|
+
# kubelet_args:
|
46
|
+
# - arg1
|
47
|
+
# - ...
|
48
|
+
# kube_proxy_args:
|
49
|
+
# - arg1
|
50
|
+
# - ...
|
51
|
+
# existing_network: <specify if you want to use an existing network, otherwise one will be created for this cluster>
|
data/hetzner-k3s.gemspec
CHANGED
@@ -24,7 +24,7 @@ Gem::Specification.new do |spec|
|
|
24
24
|
spec.add_dependency 'childprocess'
|
25
25
|
spec.add_dependency 'ed25519'
|
26
26
|
spec.add_dependency 'httparty'
|
27
|
-
spec.add_dependency 'net-ssh'
|
27
|
+
spec.add_dependency 'net-ssh', '= 6.0.2'
|
28
28
|
spec.add_dependency 'sshkey'
|
29
29
|
spec.add_dependency 'thor'
|
30
30
|
spec.add_development_dependency 'rubocop'
|
data/lib/hetzner/k3s/version.rb
CHANGED
data/lib/hetzner/utils.rb
CHANGED
@@ -1,8 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
Net::SSH::Transport::Algorithms::ALGORITHMS.values.each { |algs| algs.reject! { |a| a =~ /^ecd(sa|h)-sha2/ } }
|
4
|
-
Net::SSH::KnownHosts::SUPPORTED_TYPE.reject! { |t| t =~ /^ecd(sa|h)-sha2/ }
|
5
|
-
|
6
3
|
require 'childprocess'
|
7
4
|
|
8
5
|
module Utils
|
@@ -92,9 +89,6 @@ module Utils
|
|
92
89
|
# p [e.class, e.message]
|
93
90
|
# retries += 1
|
94
91
|
# retry unless retries > 15 || e.message =~ /Bad file descriptor/
|
95
|
-
rescue Timeout::Error, IOError, Errno::EBADF
|
96
|
-
retries += 1
|
97
|
-
retry unless retries > 15
|
98
92
|
rescue Net::SSH::Disconnect => e
|
99
93
|
retries += 1
|
100
94
|
retry unless retries > 15 || e.message =~ /Too many authentication failures/
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: hetzner-k3s
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.6.
|
4
|
+
version: 0.6.2.pre1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Vito Botta
|
@@ -70,16 +70,16 @@ dependencies:
|
|
70
70
|
name: net-ssh
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
|
-
- -
|
73
|
+
- - '='
|
74
74
|
- !ruby/object:Gem::Version
|
75
|
-
version:
|
75
|
+
version: 6.0.2
|
76
76
|
type: :runtime
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
|
-
- -
|
80
|
+
- - '='
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version:
|
82
|
+
version: 6.0.2
|
83
83
|
- !ruby/object:Gem::Dependency
|
84
84
|
name: sshkey
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -177,9 +177,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
177
177
|
version: 2.7.1
|
178
178
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
179
179
|
requirements:
|
180
|
-
- - "
|
180
|
+
- - ">"
|
181
181
|
- !ruby/object:Gem::Version
|
182
|
-
version:
|
182
|
+
version: 1.3.1
|
183
183
|
requirements: []
|
184
184
|
rubygems_version: 3.1.2
|
185
185
|
signing_key:
|