RubyGems - hetzner-k3s - Versions diffs - 0.6.2 → 0.6.3 - Mend

hetzner-k3s 0.6.2 → 0.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/Gemfile.lock +1 -1
data/README.md +5 -5
data/lib/hetzner/infra/client.rb +4 -4
data/lib/hetzner/infra/firewall.rb +1 -2
data/lib/hetzner/infra/load_balancer.rb +1 -1
data/lib/hetzner/infra/server.rb +28 -24
data/lib/hetzner/k3s/cluster.rb +62 -526
data/lib/hetzner/k3s/version.rb +1 -1
data/lib/hetzner/kubernetes/client.rb +475 -0
data/lib/hetzner/utils.rb +4 -4
metadata +2 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 873c76ec7a993a8c890f72c8158daa82597eb994e3f5e70c9b53d98604903f38
-  data.tar.gz: d0b1f622ff21728d1bb6b41b2a373eca693121a0eb619776adf9590ef926f80a
+  metadata.gz: 2bbaf7bd5387cc92f0725308a42f982df7b47596d5d1a3d50693cf3b6a741359
+  data.tar.gz: 0617b66a6ca8299c5c5ada69c586a532e915657c857c6f6821cd81d29c17a774
 SHA512:
-  metadata.gz: 4bdc7f2fa5f6ef40bcd1e089d89b26c228b77fe3c06fb4af884910e4fe69fb6ad67951160a4ecdbcb6f076adbc16521bfd45b661644e7f6b927ba002e5a3ba67
-  data.tar.gz: 94a8f6b3df49db94d7412d5f350ce3f996980f0741e694a8b91a7ff0c71783cdaa12b4263cab31395288497dd3c790be45ca62e00f844d9df863a13b3623de79
+  metadata.gz: a457da09e05ac40da2d0b40de65193f16ecd42ae926f6d59271ca9fedc77587faf2bb90b4c4a62e326e509076b0f44e84062fb6c72536e5e8c1ce4b716d56813
+  data.tar.gz: '0628cf98daa772f50251257b626ca148420d1a8853618652c9fd7dd6750694393d9902ea684c786029e0db3bcf8d01729aa217e9fc3c070067fbbe6afb395dd8'

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    hetzner-k3s (0.6.1)
+    hetzner-k3s (0.6.2)
       bcrypt_pbkdf
       childprocess
       ed25519

data/README.md CHANGED Viewed

@@ -58,13 +58,13 @@ Before using the tool, be sure to have kubectl installed as it's required to ins
 #### With Homebrew
 ```bash
-brew install vitobotta/tap/hetzner-k3s
+brew install vitobotta/tap/hetzner_k3s
 ```
 #### Binary installation (Intel)
 ```bash
-wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.1/hetzner-k3s-mac-amd64
+wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.3/hetzner-k3s-mac-amd64
 chmod +x hetzner-k3s-mac-x64
 sudo mv hetzner-k3s-mac-x64 /usr/local/bin/hetzner-k3s
 ```
@@ -72,7 +72,7 @@ sudo mv hetzner-k3s-mac-x64 /usr/local/bin/hetzner-k3s
 #### Binary installation (Apple Silicon/M1)
 ```bash
-wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.1/hetzner-k3s-mac-arm64
+wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.3/hetzner-k3s-mac-arm64
 chmod +x hetzner-k3s-mac-arm
 sudo mv hetzner-k3s-mac-arm /usr/local/bin/hetzner-k3s
 ```
@@ -82,7 +82,7 @@ NOTE: currently the ARM version still requires [Rosetta](https://support.apple.c
 ### Linux
 ```bash
-wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.1/hetzner-k3s-linux-x86_64
+wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.3/hetzner-k3s-linux-x86_64
 chmod +x hetzner-k3s-linux-x86_64
 sudo mv hetzner-k3s-linux-x86_64 /usr/local/bin/hetzner-k3s
 ```
@@ -107,7 +107,7 @@ Alternatively, if you don't want to set up a Ruby runtime but have Docker instal
 docker run --rm -it \
   -v ${PWD}:/cluster \
   -v ${HOME}/.ssh:/tmp/.ssh \
-  vitobotta/hetzner-k3s:v0.6.1 \
+  vitobotta/hetzner-k3s:v0.6.3 \
   create-cluster \
   --config-file /cluster/test.yaml
 ```

data/lib/hetzner/infra/client.rb CHANGED Viewed

@@ -6,10 +6,6 @@ module Hetzner
     attr_reader :token
-    def initialize(token:)
-      @token = token
-    end
     def get(path)
       make_request do
         JSON.parse HTTParty.get(BASE_URI + path, headers: headers).body
@@ -30,6 +26,10 @@ module Hetzner
     private
+    def initialize(token:)
+      @token = token
+    end
     def headers
       {
         'Authorization' => "Bearer #{@token}",

data/lib/hetzner/infra/firewall.rb CHANGED Viewed

@@ -33,8 +33,7 @@ module Hetzner
         puts 'Deleting firewall...'
         servers.each do |server|
-          hetzner_client.post("/firewalls/#{firewall['id']}/actions/remove_from_resources",
-                              remove_targets_config(server['id']))
+          hetzner_client.post("/firewalls/#{firewall['id']}/actions/remove_from_resources", remove_targets_config(server['id']))
         end
         hetzner_client.delete('/firewalls', firewall['id'])

data/lib/hetzner/infra/load_balancer.rb CHANGED Viewed

@@ -33,8 +33,8 @@ module Hetzner
         puts 'Deleting API load balancer...' unless high_availability
         hetzner_client.post("/load_balancers/#{load_balancer['id']}/actions/remove_target", remove_targets_config)
         hetzner_client.delete('/load_balancers', load_balancer['id'])
         puts '...API load balancer deleted.' unless high_availability
       elsif high_availability
         puts 'API load balancer no longer exists, skipping.'

data/lib/hetzner/infra/server.rb CHANGED Viewed

@@ -59,30 +59,6 @@ module Hetzner
     end
     def user_data
-      packages = %w[fail2ban wireguard]
-      packages += additional_packages if additional_packages
-      packages = "'#{packages.join("', '")}'"
-      post_create_commands = [
-        'crontab -l > /etc/cron_bkp',
-        'echo "@reboot echo true > /etc/ready" >> /etc/cron_bkp',
-        'crontab /etc/cron_bkp',
-        'sed -i \'s/[#]*PermitRootLogin yes/PermitRootLogin prohibit-password/g\' /etc/ssh/sshd_config',
-        'sed -i \'s/[#]*PasswordAuthentication yes/PasswordAuthentication no/g\' /etc/ssh/sshd_config',
-        'systemctl restart sshd',
-        'systemctl stop systemd-resolved',
-        'systemctl disable systemd-resolved',
-        'rm /etc/resolv.conf',
-        'echo \'nameserver 1.1.1.1\' > /etc/resolv.conf',
-        'echo \'nameserver 1.0.0.1\' >> /etc/resolv.conf'
-      ]
-      post_create_commands += additional_post_create_commands if additional_post_create_commands
-      post_create_commands += ['shutdown -r now'] if post_create_commands.grep(/shutdown|reboot/).grep_v(/@reboot/).empty?
-      post_create_commands = "  - #{post_create_commands.join("\n  - ")}"
       <<~YAML
         #cloud-config
         packages: [#{packages}]
@@ -125,5 +101,33 @@ module Hetzner
       JSON.parse(response_body)['server']
     end
+    def post_create_commands
+      commands = [
+        'crontab -l > /etc/cron_bkp',
+        'echo "@reboot echo true > /etc/ready" >> /etc/cron_bkp',
+        'crontab /etc/cron_bkp',
+        'sed -i \'s/[#]*PermitRootLogin yes/PermitRootLogin prohibit-password/g\' /etc/ssh/sshd_config',
+        'sed -i \'s/[#]*PasswordAuthentication yes/PasswordAuthentication no/g\' /etc/ssh/sshd_config',
+        'systemctl restart sshd',
+        'systemctl stop systemd-resolved',
+        'systemctl disable systemd-resolved',
+        'rm /etc/resolv.conf',
+        'echo \'nameserver 1.1.1.1\' > /etc/resolv.conf',
+        'echo \'nameserver 1.0.0.1\' >> /etc/resolv.conf'
+      ]
+      commands += additional_post_create_commands if additional_post_create_commands
+      commands << 'shutdown -r now' if commands.grep(/shutdown|reboot/).grep_v(/@reboot/).empty?
+      "  - #{commands.join("\n  - ")}"
+    end
+    def packages
+      packages = %w[fail2ban wireguard]
+      packages += additional_packages if additional_packages
+      "'#{packages.join("', '")}'"
+    end
   end
 end

data/lib/hetzner/k3s/cluster.rb CHANGED Viewed

@@ -14,6 +14,8 @@ require_relative '../infra/server'
 require_relative '../infra/load_balancer'
 require_relative '../infra/placement_group'
+require_relative '../kubernetes/client'
 require_relative '../utils'
 class Cluster
@@ -25,38 +27,18 @@ class Cluster
   def create
     @cluster_name = configuration['cluster_name']
-    @kubeconfig_path = File.expand_path(configuration['kubeconfig_path'])
-    @public_ssh_key_path = File.expand_path(configuration['public_ssh_key_path'])
-    private_ssh_key_path = configuration['private_ssh_key_path']
-    @private_ssh_key_path = private_ssh_key_path && File.expand_path(private_ssh_key_path)
-    @k3s_version = configuration['k3s_version']
     @masters_config = configuration['masters']
     @worker_node_pools = find_worker_node_pools(configuration)
     @masters_location = configuration['location']
-    @verify_host_key = configuration.fetch('verify_host_key', false)
     @servers = []
     @ssh_networks = configuration['ssh_allowed_networks']
     @api_networks = configuration['api_allowed_networks']
-    @enable_encryption = configuration.fetch('enable_encryption', false)
-    @kube_api_server_args = configuration.fetch('kube_api_server_args', [])
-    @kube_scheduler_args = configuration.fetch('kube_scheduler_args', [])
-    @kube_controller_manager_args = configuration.fetch('kube_controller_manager_args', [])
-    @kube_cloud_controller_manager_args = configuration.fetch('kube_cloud_controller_manager_args', [])
-    @kubelet_args = configuration.fetch('kubelet_args', [])
-    @kube_proxy_args = configuration.fetch('kube_proxy_args', [])
+    @private_ssh_key_path = File.expand_path(configuration['private_ssh_key_path'])
+    @public_ssh_key_path = File.expand_path(configuration['public_ssh_key_path'])
     create_resources
-    deploy_kubernetes
-    sleep 10
-    label_nodes
-    taint_nodes
-    deploy_cloud_controller_manager
-    deploy_csi_driver
-    deploy_system_upgrade_controller
+    kubernetes_client.deploy(masters: masters, workers: workers, master_definitions: master_definitions_for_create, worker_definitions: workers_definitions_for_marking)
   end
   def delete
@@ -75,378 +57,26 @@ class Cluster
     @new_k3s_version = new_k3s_version
     @config_file = config_file
-    upgrade_cluster
+    kubernetes_client.upgrade
   end
   private
   attr_accessor :servers
-  attr_reader :configuration, :cluster_name, :kubeconfig_path, :k3s_version,
+  attr_reader :configuration, :cluster_name, :kubeconfig_path,
               :masters_config, :worker_node_pools,
-              :masters_location, :public_ssh_key_path,
+              :masters_location, :private_ssh_key_path, :public_ssh_key_path,
               :hetzner_token, :new_k3s_version,
-              :config_file, :verify_host_key, :ssh_networks, :private_ssh_key_path,
-              :enable_encryption, :kube_api_server_args, :kube_scheduler_args,
-              :kube_controller_manager_args, :kube_cloud_controller_manager_args,
-              :kubelet_args, :kube_proxy_args, :api_networks
+              :config_file, :ssh_networks,
+              :api_networks
   def find_worker_node_pools(configuration)
     configuration.fetch('worker_node_pools', [])
   end
-  def latest_k3s_version
-    response = HTTParty.get('https://api.github.com/repos/k3s-io/k3s/tags').body
-    JSON.parse(response).first['name']
-  end
-  def create_resources
-    create_servers
-    create_load_balancer if masters.size > 1
-  end
-  def delete_placement_groups
-    Hetzner::PlacementGroup.new(hetzner_client: hetzner_client, cluster_name: cluster_name).delete
-    worker_node_pools.each do |pool|
-      pool_name = pool['name']
-      Hetzner::PlacementGroup.new(hetzner_client: hetzner_client, cluster_name: cluster_name, pool_name: pool_name).delete
-    end
-  end
-  def delete_resources
-    Hetzner::LoadBalancer.new(hetzner_client: hetzner_client, cluster_name: cluster_name).delete(high_availability: (masters.size > 1))
-    Hetzner::Firewall.new(hetzner_client: hetzner_client, cluster_name: cluster_name).delete(all_servers)
-    Hetzner::Network.new(hetzner_client: hetzner_client, cluster_name: cluster_name, existing_network: existing_network).delete
-    Hetzner::SSHKey.new(hetzner_client: hetzner_client, cluster_name: cluster_name).delete(public_ssh_key_path: public_ssh_key_path)
-    delete_placement_groups
-    delete_servers
-  end
-  def upgrade_cluster
-    worker_upgrade_concurrency = workers.size - 1
-    worker_upgrade_concurrency = 1 if worker_upgrade_concurrency.zero?
-    cmd = <<~BASH
-      kubectl apply -f - <<-EOF
-        apiVersion: upgrade.cattle.io/v1
-        kind: Plan
-        metadata:
-          name: k3s-server
-          namespace: system-upgrade
-          labels:
-            k3s-upgrade: server
-        spec:
-          concurrency: 1
-          version: #{new_k3s_version}
-          nodeSelector:
-            matchExpressions:
-              - {key: node-role.kubernetes.io/master, operator: In, values: ["true"]}
-          serviceAccountName: system-upgrade
-          tolerations:
-          - key: "CriticalAddonsOnly"
-            operator: "Equal"
-            value: "true"
-            effect: "NoExecute"
-          cordon: true
-          upgrade:
-            image: rancher/k3s-upgrade
-      EOF
-    BASH
-    run cmd, kubeconfig_path: kubeconfig_path
-    cmd = <<~BASH
-      kubectl apply -f - <<-EOF
-        apiVersion: upgrade.cattle.io/v1
-        kind: Plan
-        metadata:
-          name: k3s-agent
-          namespace: system-upgrade
-          labels:
-            k3s-upgrade: agent
-        spec:
-          concurrency: #{worker_upgrade_concurrency}
-          version: #{new_k3s_version}
-          nodeSelector:
-            matchExpressions:
-              - {key: node-role.kubernetes.io/master, operator: NotIn, values: ["true"]}
-          serviceAccountName: system-upgrade
-          prepare:
-            image: rancher/k3s-upgrade
-            args: ["prepare", "k3s-server"]
-          cordon: true
-          upgrade:
-            image: rancher/k3s-upgrade
-      EOF
-    BASH
-    run cmd, kubeconfig_path: kubeconfig_path
-    puts 'Upgrade will now start. Run `watch kubectl get nodes` to see the nodes being upgraded. This should take a few minutes for a small cluster.'
-    puts 'The API server may be briefly unavailable during the upgrade of the controlplane.'
-    updated_configuration = configuration.raw
-    updated_configuration['k3s_version'] = new_k3s_version
-    File.write(config_file, updated_configuration.to_yaml)
-  end
-  def master_script(master)
-    server = master == first_master ? ' --cluster-init ' : " --server https://#{api_server_ip}:6443 "
-    flannel_interface = find_flannel_interface(master)
-    available_k3s_releases = Hetzner::Configuration.available_releases
-    wireguard_native_min_version_index = available_k3s_releases.find_index('v1.23.6+k3s1')
-    selected_version_index = available_k3s_releases.find_index(k3s_version)
-    flannel_wireguard = if enable_encryption
-                          if selected_version_index >= wireguard_native_min_version_index
-                            ' --flannel-backend=wireguard-native '
-                          else
-                            ' --flannel-backend=wireguard '
-                          end
-                        else
-                          ' '
-                        end
-    extra_args = "#{kube_api_server_args_list} #{kube_scheduler_args_list} #{kube_controller_manager_args_list} #{kube_cloud_controller_manager_args_list} #{kubelet_args_list} #{kube_proxy_args_list}"
-    taint = schedule_workloads_on_masters? ? ' ' : ' --node-taint CriticalAddonsOnly=true:NoExecute '
-    <<~SCRIPT
-      curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="#{k3s_version}" K3S_TOKEN="#{k3s_token}" INSTALL_K3S_EXEC="server \
-        --disable-cloud-controller \
-        --disable servicelb \
-        --disable traefik \
-        --disable local-storage \
-        --disable metrics-server \
-        --write-kubeconfig-mode=644 \
-        --node-name="$(hostname -f)" \
-        --cluster-cidr=10.244.0.0/16 \
-        --etcd-expose-metrics=true \
-        #{flannel_wireguard} \
-        --kube-controller-manager-arg="bind-address=0.0.0.0" \
-        --kube-proxy-arg="metrics-bind-address=0.0.0.0" \
-        --kube-scheduler-arg="bind-address=0.0.0.0" \
-        #{taint} #{extra_args} \
-        --kubelet-arg="cloud-provider=external" \
-        --advertise-address=$(hostname -I | awk '{print $2}') \
-        --node-ip=$(hostname -I | awk '{print $2}') \
-        --node-external-ip=$(hostname -I | awk '{print $1}') \
-        --flannel-iface=#{flannel_interface} \
-        #{server} #{tls_sans}" sh -
-    SCRIPT
-  end
-  def worker_script(worker)
-    flannel_interface = find_flannel_interface(worker)
-    <<~BASH
-      curl -sfL https://get.k3s.io | K3S_TOKEN="#{k3s_token}" INSTALL_K3S_VERSION="#{k3s_version}" K3S_URL=https://#{first_master_private_ip}:6443 INSTALL_K3S_EXEC="agent \
-        --node-name="$(hostname -f)" \
-        --kubelet-arg="cloud-provider=external" \
-        --node-ip=$(hostname -I | awk '{print $2}') \
-        --node-external-ip=$(hostname -I | awk '{print $1}') \
-        --flannel-iface=#{flannel_interface}" sh -
-    BASH
-  end
-  def deploy_kubernetes
-    puts
-    puts "Deploying k3s to first master (#{first_master['name']})..."
-    ssh first_master, master_script(first_master), print_output: true
-    puts
-    puts '...k3s has been deployed to first master.'
-    save_kubeconfig
-    if masters.size > 1
-      threads = masters[1..].map do |master|
-        Thread.new do
-          puts
-          puts "Deploying k3s to master #{master['name']}..."
-          ssh master, master_script(master), print_output: true
-          puts
-          puts "...k3s has been deployed to master #{master['name']}."
-        end
-      end
-      threads.each(&:join) unless threads.empty?
-    end
-    threads = workers.map do |worker|
-      Thread.new do
-        puts
-        puts "Deploying k3s to worker (#{worker['name']})..."
-        ssh worker, worker_script(worker), print_output: true
-        puts
-        puts "...k3s has been deployed to worker (#{worker['name']})."
-      end
-    end
-    threads.each(&:join) unless threads.empty?
-  end
-  def label_nodes
-    check_kubectl
-    if master_definitions_for_create.first[:labels]
-      master_labels = master_definitions_for_create.first[:labels].map{ |k, v| "#{k}=#{v}" }.join(' ')
-      master_node_names = []
-      master_definitions_for_create.each do |master|
-        master_node_names << "#{configuration['cluster_name']}-#{master[:instance_type]}-#{master[:instance_id]}"
-      end
-      master_node_names = master_node_names.join(' ')
-      cmd = "kubectl label --overwrite nodes #{master_node_names} #{master_labels}"
-      run cmd, kubeconfig_path: kubeconfig_path
-    end
-    workers = []
-    worker_node_pools.each do |worker_node_pool|
-      workers += worker_node_pool_definitions(worker_node_pool)
-    end
-    return unless workers.any?
-    workers.each do |worker|
-      next unless worker[:labels]
-      worker_labels = worker[:labels].map{ |k, v| "#{k}=#{v}" }.join(' ')
-      worker_node_name = "#{configuration['cluster_name']}-#{worker[:instance_type]}-#{worker[:instance_id]}"
-      cmd = "kubectl label --overwrite nodes #{worker_node_name} #{worker_labels}"
-      run cmd, kubeconfig_path: kubeconfig_path
-    end
-  end
-  def taint_nodes
-    check_kubectl
-    if master_definitions_for_create.first[:taints]
-      master_taints = master_definitions_for_create.first[:taints].map{ |k, v| "#{k}=#{v}" }.join(' ')
-      master_node_names = []
-      master_definitions_for_create.each do |master|
-        master_node_names << "#{configuration['cluster_name']}-#{master[:instance_type]}-#{master[:instance_id]}"
-      end
-      master_node_names = master_node_names.join(' ')
-      cmd = "kubectl taint --overwrite nodes #{master_node_names} #{master_taints}"
-      run cmd, kubeconfig_path: kubeconfig_path
-    end
-    workers = []
-    worker_node_pools.each do |worker_node_pool|
-      workers += worker_node_pool_definitions(worker_node_pool)
-    end
-    return unless workers.any?
-    workers.each do |worker|
-      next unless worker[:taints]
-      worker_taints = worker[:taints].map{ |k, v| "#{k}=#{v}" }.join(' ')
-      worker_node_name = "#{configuration['cluster_name']}-#{worker[:instance_type]}-#{worker[:instance_id]}"
-      cmd = "kubectl taint --overwrite nodes #{worker_node_name} #{worker_taints}"
-      run cmd, kubeconfig_path: kubeconfig_path
-    end
-  end
-  def deploy_cloud_controller_manager
-    check_kubectl
-    puts
-    puts 'Deploying Hetzner Cloud Controller Manager...'
-    cmd = <<~BASH
-      kubectl apply -f - <<-EOF
-        apiVersion: "v1"
-        kind: "Secret"
-        metadata:
-          namespace: 'kube-system'
-          name: 'hcloud'
-        stringData:
-          network: "#{existing_network || cluster_name}"
-          token: "#{configuration.hetzner_token}"
-      EOF
-    BASH
-    run cmd, kubeconfig_path: kubeconfig_path
-    cmd = 'kubectl apply -f https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/latest/download/ccm-networks.yaml'
-    run cmd, kubeconfig_path: kubeconfig_path
-    puts '...Cloud Controller Manager deployed'
-  end
-  def deploy_system_upgrade_controller
-    check_kubectl
-    puts
-    puts 'Deploying k3s System Upgrade Controller...'
-    cmd = 'kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/download/v0.9.1/system-upgrade-controller.yaml'
-    run cmd, kubeconfig_path: kubeconfig_path
-    puts '...k3s System Upgrade Controller deployed'
-  end
-  def deploy_csi_driver
-    check_kubectl
-    puts
-    puts 'Deploying Hetzner CSI Driver...'
-    cmd = <<~BASH
-      kubectl apply -f - <<-EOF
-        apiVersion: "v1"
-        kind: "Secret"
-        metadata:
-          namespace: 'kube-system'
-          name: 'hcloud-csi'
-        stringData:
-          token: "#{configuration.hetzner_token}"
-      EOF
-    BASH
-    run cmd, kubeconfig_path: kubeconfig_path
-    cmd = 'kubectl apply -f https://raw.githubusercontent.com/hetznercloud/csi-driver/master/deploy/kubernetes/hcloud-csi.yml'
-    run cmd, kubeconfig_path: kubeconfig_path
-    puts '...CSI Driver deployed'
-  end
-  def find_flannel_interface(server)
-    if ssh(server, 'lscpu | grep Vendor') =~ /Intel/
-      'ens10'
-    else
-      'enp7s0'
-    end
+  def belongs_to_cluster?(server)
+    server.dig('labels', 'cluster') == cluster_name
   end
   def all_servers
@@ -463,74 +93,6 @@ class Cluster
     @workers = all_servers.select { |server| server['name'] =~ /worker\d+\Z/ }.sort { |a, b| a['name'] <=> b['name'] }
   end
-  def k3s_token
-    @k3s_token ||= begin
-      token = ssh(first_master, '{ TOKEN=$(< /var/lib/rancher/k3s/server/node-token); } 2> /dev/null; echo $TOKEN')
-      if token.empty?
-        SecureRandom.hex
-      else
-        token.split(':').last
-      end
-    end
-  end
-  def first_master_private_ip
-    @first_master_private_ip ||= first_master['private_net'][0]['ip']
-  end
-  def first_master
-    masters.first
-  end
-  def api_server_ip
-    return @api_server_ip if @api_server_ip
-    @api_server_ip = if masters.size > 1
-                       load_balancer_name = "#{cluster_name}-api"
-                       load_balancer = hetzner_client.get('/load_balancers')['load_balancers'].detect do |lb|
-                         lb['name'] == load_balancer_name
-                       end
-                       load_balancer['public_net']['ipv4']['ip']
-                     else
-                       first_master_public_ip
-                     end
-  end
-  def tls_sans
-    sans = " --tls-san=#{api_server_ip} "
-    masters.each do |master|
-      master_private_ip = master['private_net'][0]['ip']
-      sans += " --tls-san=#{master_private_ip} "
-    end
-    sans
-  end
-  def first_master_public_ip
-    @first_master_public_ip ||= first_master.dig('public_net', 'ipv4', 'ip')
-  end
-  def save_kubeconfig
-    kubeconfig = ssh(first_master, 'cat /etc/rancher/k3s/k3s.yaml')
-                 .gsub('127.0.0.1', api_server_ip)
-                 .gsub('default', cluster_name)
-    File.write(kubeconfig_path, kubeconfig)
-    FileUtils.chmod 'go-r', kubeconfig_path
-  end
-  def belongs_to_cluster?(server)
-    server.dig('labels', 'cluster') == cluster_name
-  end
-  def schedule_workloads_on_masters?
-    schedule_workloads_on_masters = configuration['schedule_workloads_on_masters']
-    schedule_workloads_on_masters ? !!schedule_workloads_on_masters : false
-  end
   def image
     configuration['image'] || 'ubuntu-20.04'
   end
@@ -543,34 +105,19 @@ class Cluster
     configuration['post_create_commands'] || []
   end
-  def check_kubectl
-    return if which('kubectl')
-    puts 'Please ensure kubectl is installed and in your PATH.'
-    exit 1
-  end
-  def placement_group_id(pool_name = nil)
-    @placement_groups ||= {}
-    @placement_groups[pool_name || '__masters__'] ||= Hetzner::PlacementGroup.new(hetzner_client: hetzner_client, cluster_name: cluster_name, pool_name: pool_name).create
-  end
   def master_instance_type
     @master_instance_type ||= masters_config['instance_type']
   end
-  def master_labels
-    @master_labels ||= masters_config['labels']
-  end
-  def master_taints
-    @master_taints ||= masters_config['taints']
-  end
   def masters_count
     @masters_count ||= masters_config['instance_count']
   end
+  def placement_group_id(pool_name = nil)
+    @placement_groups ||= {}
+    @placement_groups[pool_name || '__masters__'] ||= Hetzner::PlacementGroup.new(hetzner_client: hetzner_client, cluster_name: cluster_name, pool_name: pool_name).create
+  end
   def firewall_id
     @firewall_id ||= Hetzner::Firewall.new(hetzner_client: hetzner_client, cluster_name: cluster_name).create(high_availability: (masters_count > 1), ssh_networks: ssh_networks, api_networks: api_networks)
   end
@@ -598,8 +145,8 @@ class Cluster
         image: image,
         additional_packages: additional_packages,
         additional_post_create_commands: additional_post_create_commands,
-        labels: master_labels,
-        taints: master_taints
+        labels: masters_config['labels'],
+        taints: masters_config['taints']
       }
     end
@@ -649,10 +196,6 @@ class Cluster
     definitions
   end
-  def create_load_balancer
-    Hetzner::LoadBalancer.new(hetzner_client: hetzner_client, cluster_name: cluster_name).create(location: masters_location, network_id: network_id)
-  end
   def server_configs
     return @server_configs if @server_configs
@@ -665,6 +208,47 @@ class Cluster
     @server_configs
   end
+  def hetzner_client
+    configuration.hetzner_client
+  end
+  def kubernetes_client
+    @kubernetes_client ||= Kubernetes::Client.new(configuration: configuration)
+  end
+  def workers_definitions_for_marking
+    worker_node_pools.map do |worker_node_pool|
+      worker_node_pool_definitions(worker_node_pool)
+    end.flatten
+  end
+  def create_resources
+    create_servers
+    create_load_balancer if masters.size > 1
+  end
+  def delete_placement_groups
+    Hetzner::PlacementGroup.new(hetzner_client: hetzner_client, cluster_name: cluster_name).delete
+    worker_node_pools.each do |pool|
+      pool_name = pool['name']
+      Hetzner::PlacementGroup.new(hetzner_client: hetzner_client, cluster_name: cluster_name, pool_name: pool_name).delete
+    end
+  end
+  def delete_resources
+    Hetzner::LoadBalancer.new(hetzner_client: hetzner_client, cluster_name: cluster_name).delete(high_availability: (masters.size > 1))
+    Hetzner::Firewall.new(hetzner_client: hetzner_client, cluster_name: cluster_name).delete(all_servers)
+    Hetzner::Network.new(hetzner_client: hetzner_client, cluster_name: cluster_name, existing_network: existing_network).delete
+    Hetzner::SSHKey.new(hetzner_client: hetzner_client, cluster_name: cluster_name).delete(public_ssh_key_path: public_ssh_key_path)
+    delete_placement_groups
+    delete_servers
+  end
   def create_servers
     servers = []
@@ -701,56 +285,8 @@ class Cluster
     threads.each(&:join) unless threads.empty?
   end
-  def kube_api_server_args_list
-    return '' if kube_api_server_args.empty?
-    kube_api_server_args.map do |arg|
-      " --kube-apiserver-arg=\"#{arg}\" "
-    end.join
-  end
-  def kube_scheduler_args_list
-    return '' if kube_scheduler_args.empty?
-    kube_scheduler_args.map do |arg|
-      " --kube-scheduler-arg=\"#{arg}\" "
-    end.join
-  end
-  def kube_controller_manager_args_list
-    return '' if kube_controller_manager_args.empty?
-    kube_controller_manager_args.map do |arg|
-      " --kube-controller-manager-arg=\"#{arg}\" "
-    end.join
-  end
-  def kube_cloud_controller_manager_args_list
-    return '' if kube_cloud_controller_manager_args.empty?
-    kube_cloud_controller_manager_args.map do |arg|
-      " --kube-cloud-controller-manager-arg=\"#{arg}\" "
-    end.join
-  end
-  def kubelet_args_list
-    return '' if kubelet_args.empty?
-    kubelet_args.map do |arg|
-      " --kubelet-arg=\"#{arg}\" "
-    end.join
-  end
-  def kube_proxy_args_list
-    return '' if kube_proxy_args.empty?
-    kube_api_server_args.map do |arg|
-      " --kube-proxy-arg=\"#{arg}\" "
-    end.join
-  end
-  def hetzner_client
-    configuration.hetzner_client
+  def create_load_balancer
+    Hetzner::LoadBalancer.new(hetzner_client: hetzner_client, cluster_name: cluster_name).create(location: masters_location, network_id: network_id)
   end
   def existing_network

data/lib/hetzner/k3s/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Hetzner
   module K3s
-    VERSION = '0.6.2'
+    VERSION = '0.6.3'
   end
 end

data/lib/hetzner/kubernetes/client.rb ADDED Viewed

@@ -0,0 +1,475 @@
+# frozen_string_literal: true
+require_relative '../utils'
+module Kubernetes
+  class Client
+    include Utils
+    def initialize(configuration:)
+      @configuration = configuration
+    end
+    def deploy(masters:, workers:, master_definitions:, worker_definitions:)
+      @masters = masters
+      @workers = workers
+      @master_definitions = master_definitions
+      @worker_definitions = worker_definitions
+      @kube_api_server_args = configuration.fetch('kube_api_server_args', [])
+      @kube_scheduler_args = configuration.fetch('kube_scheduler_args', [])
+      @kube_controller_manager_args = configuration.fetch('kube_controller_manager_args', [])
+      @kube_cloud_controller_manager_args = configuration.fetch('kube_cloud_controller_manager_args', [])
+      @kubelet_args = configuration.fetch('kubelet_args', [])
+      @kube_proxy_args = configuration.fetch('kube_proxy_args', [])
+      @private_ssh_key_path = File.expand_path(configuration['private_ssh_key_path'])
+      @public_ssh_key_path = File.expand_path(configuration['public_ssh_key_path'])
+      @cluster_name = configuration['cluster_name']
+      set_up_k3s
+      update_nodes
+      post_setup_deployments
+    end
+    def upgrade
+      worker_upgrade_concurrency = workers.size - 1
+      worker_upgrade_concurrency = 1 if worker_upgrade_concurrency.zero?
+      cmd = <<~BASH
+        kubectl apply -f - <<-EOF
+          apiVersion: upgrade.cattle.io/v1
+          kind: Plan
+          metadata:
+            name: k3s-server
+            namespace: system-upgrade
+            labels:
+              k3s-upgrade: server
+          spec:
+            concurrency: 1
+            version: #{new_k3s_version}
+            nodeSelector:
+              matchExpressions:
+                - {key: node-role.kubernetes.io/master, operator: In, values: ["true"]}
+            serviceAccountName: system-upgrade
+            tolerations:
+            - key: "CriticalAddonsOnly"
+              operator: "Equal"
+              value: "true"
+              effect: "NoExecute"
+            cordon: true
+            upgrade:
+              image: rancher/k3s-upgrade
+        EOF
+      BASH
+      run cmd, kubeconfig_path: kubeconfig_path
+      cmd = <<~BASH
+        kubectl apply -f - <<-EOF
+          apiVersion: upgrade.cattle.io/v1
+          kind: Plan
+          metadata:
+            name: k3s-agent
+            namespace: system-upgrade
+            labels:
+              k3s-upgrade: agent
+          spec:
+            concurrency: #{worker_upgrade_concurrency}
+            version: #{new_k3s_version}
+            nodeSelector:
+              matchExpressions:
+                - {key: node-role.kubernetes.io/master, operator: NotIn, values: ["true"]}
+            serviceAccountName: system-upgrade
+            prepare:
+              image: rancher/k3s-upgrade
+              args: ["prepare", "k3s-server"]
+            cordon: true
+            upgrade:
+              image: rancher/k3s-upgrade
+        EOF
+      BASH
+      run cmd, kubeconfig_path: kubeconfig_path
+      puts 'Upgrade will now start. Run `watch kubectl get nodes` to see the nodes being upgraded. This should take a few minutes for a small cluster.'
+      puts 'The API server may be briefly unavailable during the upgrade of the controlplane.'
+      updated_configuration = configuration.raw
+      updated_configuration['k3s_version'] = new_k3s_version
+      File.write(config_file, updated_configuration.to_yaml)
+    end
+    private
+    attr_reader :configuration, :masters, :workers, :kube_api_server_args, :kube_scheduler_args,
+                :kube_controller_manager_args, :kube_cloud_controller_manager_args, :kubelet_args, :kube_proxy_args,
+                :private_ssh_key_path, :public_ssh_key_path, :master_definitions, :worker_definitions, :cluster_name
+    def set_up_k3s
+      set_up_first_master
+      set_up_additional_masters
+      set_up_workers
+    end
+    def set_up_first_master
+      puts
+      puts "Deploying k3s to first master (#{first_master['name']})..."
+      ssh first_master, master_install_script(first_master), print_output: true
+      puts
+      puts 'Waiting for the control plane to be ready...'
+      sleep 10
+      puts
+      puts '...k3s has been deployed to first master.'
+      save_kubeconfig
+    end
+    def set_up_additional_masters
+      return unless masters.size > 1
+      threads = masters[1..].map do |master|
+        Thread.new do
+          puts
+          puts "Deploying k3s to master #{master['name']}..."
+          ssh master, master_install_script(master), print_output: true
+          puts
+          puts "...k3s has been deployed to master #{master['name']}."
+        end
+      end
+      threads.each(&:join) unless threads.empty?
+    end
+    def set_up_workers
+      threads = workers.map do |worker|
+        Thread.new do
+          puts
+          puts "Deploying k3s to worker (#{worker['name']})..."
+          ssh worker, worker_install_script(worker), print_output: true
+          puts
+          puts "...k3s has been deployed to worker (#{worker['name']})."
+        end
+      end
+      threads.each(&:join) unless threads.empty?
+    end
+    def post_setup_deployments
+      deploy_cloud_controller_manager
+      deploy_csi_driver
+      deploy_system_upgrade_controller
+    end
+    def update_nodes
+      mark_nodes mark_type: :labels
+      mark_nodes mark_type: :taints
+    end
+    def first_master
+      masters.first
+    end
+    def kube_api_server_args_list
+      return '' if kube_api_server_args.empty?
+      kube_api_server_args.map do |arg|
+        " --kube-apiserver-arg=\"#{arg}\" "
+      end.join
+    end
+    def kube_scheduler_args_list
+      return '' if kube_scheduler_args.empty?
+      kube_scheduler_args.map do |arg|
+        " --kube-scheduler-arg=\"#{arg}\" "
+      end.join
+    end
+    def kube_controller_manager_args_list
+      return '' if kube_controller_manager_args.empty?
+      kube_controller_manager_args.map do |arg|
+        " --kube-controller-manager-arg=\"#{arg}\" "
+      end.join
+    end
+    def kube_cloud_controller_manager_args_list
+      return '' if kube_cloud_controller_manager_args.empty?
+      kube_cloud_controller_manager_args.map do |arg|
+        " --kube-cloud-controller-manager-arg=\"#{arg}\" "
+      end.join
+    end
+    def kubelet_args_list
+      return '' if kubelet_args.empty?
+      kubelet_args.map do |arg|
+        " --kubelet-arg=\"#{arg}\" "
+      end.join
+    end
+    def kube_proxy_args_list
+      return '' if kube_proxy_args.empty?
+      kube_api_server_args.map do |arg|
+        " --kube-proxy-arg=\"#{arg}\" "
+      end.join
+    end
+    def api_server_ip
+      return @api_server_ip if @api_server_ip
+      @api_server_ip = if masters.size > 1
+                         load_balancer_name = "#{cluster_name}-api"
+                         load_balancer = hetzner_client.get('/load_balancers')['load_balancers'].detect do |lb|
+                           lb['name'] == load_balancer_name
+                         end
+                         load_balancer['public_net']['ipv4']['ip']
+                       else
+                         first_master_public_ip
+                       end
+    end
+    def master_install_script(master)
+      server = master == first_master ? ' --cluster-init ' : " --server https://#{api_server_ip}:6443 "
+      flannel_interface = find_flannel_interface(master)
+      enable_encryption = configuration.fetch('enable_encryption', false)
+      flannel_wireguard = if enable_encryption
+                            if Gem::Version.new(k3s_version.scan(/\Av(.*)\+.*\Z/).flatten.first) >= Gem::Version.new('1.23.6')
+                              ' --flannel-backend=wireguard-native '
+                            else
+                              ' --flannel-backend=wireguard '
+                            end
+                          else
+                            ' '
+                          end
+      extra_args = "#{kube_api_server_args_list} #{kube_scheduler_args_list} #{kube_controller_manager_args_list} #{kube_cloud_controller_manager_args_list} #{kubelet_args_list} #{kube_proxy_args_list}"
+      taint = schedule_workloads_on_masters? ? ' ' : ' --node-taint CriticalAddonsOnly=true:NoExecute '
+      <<~SCRIPT
+        curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="#{k3s_version}" K3S_TOKEN="#{k3s_token}" INSTALL_K3S_EXEC="server \
+          --disable-cloud-controller \
+          --disable servicelb \
+          --disable traefik \
+          --disable local-storage \
+          --disable metrics-server \
+          --write-kubeconfig-mode=644 \
+          --node-name="$(hostname -f)" \
+          --cluster-cidr=10.244.0.0/16 \
+          --etcd-expose-metrics=true \
+          #{flannel_wireguard} \
+          --kube-controller-manager-arg="bind-address=0.0.0.0" \
+          --kube-proxy-arg="metrics-bind-address=0.0.0.0" \
+          --kube-scheduler-arg="bind-address=0.0.0.0" \
+          #{taint} #{extra_args} \
+          --kubelet-arg="cloud-provider=external" \
+          --advertise-address=$(hostname -I | awk '{print $2}') \
+          --node-ip=$(hostname -I | awk '{print $2}') \
+          --node-external-ip=$(hostname -I | awk '{print $1}') \
+          --flannel-iface=#{flannel_interface} \
+          #{server} #{tls_sans}" sh -
+      SCRIPT
+    end
+    def worker_install_script(worker)
+      flannel_interface = find_flannel_interface(worker)
+      <<~BASH
+        curl -sfL https://get.k3s.io | K3S_TOKEN="#{k3s_token}" INSTALL_K3S_VERSION="#{k3s_version}" K3S_URL=https://#{first_master_private_ip}:6443 INSTALL_K3S_EXEC="agent \
+          --node-name="$(hostname -f)" \
+          --kubelet-arg="cloud-provider=external" \
+          --node-ip=$(hostname -I | awk '{print $2}') \
+          --node-external-ip=$(hostname -I | awk '{print $1}') \
+          --flannel-iface=#{flannel_interface}" sh -
+      BASH
+    end
+    def find_flannel_interface(server)
+      if ssh(server, 'lscpu | grep Vendor') =~ /Intel/
+        'ens10'
+      else
+        'enp7s0'
+      end
+    end
+    def hetzner_client
+      configuration.hetzner_client
+    end
+    def first_master_public_ip
+      @first_master_public_ip ||= first_master.dig('public_net', 'ipv4', 'ip')
+    end
+    def save_kubeconfig
+      kubeconfig = ssh(first_master, 'cat /etc/rancher/k3s/k3s.yaml')
+                   .gsub('127.0.0.1', api_server_ip)
+                   .gsub('default', configuration['cluster_name'])
+      File.write(kubeconfig_path, kubeconfig)
+      FileUtils.chmod 'go-r', kubeconfig_path
+    end
+    def kubeconfig_path
+      @kubeconfig_path ||= File.expand_path(configuration['kubeconfig_path'])
+    end
+    def schedule_workloads_on_masters?
+      schedule_workloads_on_masters = configuration['schedule_workloads_on_masters']
+      schedule_workloads_on_masters ? !!schedule_workloads_on_masters : false
+    end
+    def k3s_version
+      @k3s_version ||= configuration['k3s_version']
+    end
+    def k3s_token
+      @k3s_token ||= begin
+        token = ssh(first_master, '{ TOKEN=$(< /var/lib/rancher/k3s/server/node-token); } 2> /dev/null; echo $TOKEN')
+        if token.empty?
+          SecureRandom.hex
+        else
+          token.split(':').last
+        end
+      end
+    end
+    def tls_sans
+      sans = " --tls-san=#{api_server_ip} "
+      masters.each do |master|
+        master_private_ip = master['private_net'][0]['ip']
+        sans += " --tls-san=#{master_private_ip} "
+      end
+      sans
+    end
+    def mark_nodes(mark_type:)
+      check_kubectl
+      action = mark_type == :labels ? 'label' : 'taint'
+      if master_definitions.first[mark_type]
+        master_labels = master_definitions.first[mark_type].map { |k, v| "#{k}=#{v}" }.join(' ')
+        master_node_names = []
+        master_definitions.each do |master|
+          master_node_names << "#{configuration['cluster_name']}-#{master[:instance_type]}-#{master[:instance_id]}"
+        end
+        master_node_names = master_node_names.join(' ')
+        cmd = "kubectl #{action} --overwrite nodes #{master_node_names} #{master_labels}"
+        run cmd, kubeconfig_path: kubeconfig_path
+      end
+      return unless worker_definitions.any?
+      worker_definitions.each do |worker|
+        next unless worker[mark_type]
+        worker_labels = worker[mark_type].map { |k, v| "#{k}=#{v}" }.join(' ')
+        worker_node_name = "#{configuration['cluster_name']}-#{worker[:instance_type]}-#{worker[:instance_id]}"
+        cmd = "kubectl #{action} --overwrite nodes #{worker_node_name} #{worker_labels}"
+        run cmd, kubeconfig_path: kubeconfig_path
+      end
+    end
+    def deploy_cloud_controller_manager
+      check_kubectl
+      puts
+      puts 'Deploying Hetzner Cloud Controller Manager...'
+      cmd = <<~BASH
+        kubectl apply -f - <<-EOF
+          apiVersion: "v1"
+          kind: "Secret"
+          metadata:
+            namespace: 'kube-system'
+            name: 'hcloud'
+          stringData:
+            network: "#{configuration['existing_network'] || cluster_name}"
+            token: "#{configuration.hetzner_token}"
+        EOF
+      BASH
+      run cmd, kubeconfig_path: kubeconfig_path
+      cmd = 'kubectl apply -f https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/latest/download/ccm-networks.yaml'
+      run cmd, kubeconfig_path: kubeconfig_path
+      puts '...Cloud Controller Manager deployed'
+    end
+    def deploy_system_upgrade_controller
+      check_kubectl
+      puts
+      puts 'Deploying k3s System Upgrade Controller...'
+      cmd = 'kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/download/v0.9.1/system-upgrade-controller.yaml'
+      run cmd, kubeconfig_path: kubeconfig_path
+      puts '...k3s System Upgrade Controller deployed'
+    end
+    def deploy_csi_driver
+      check_kubectl
+      puts
+      puts 'Deploying Hetzner CSI Driver...'
+      cmd = <<~BASH
+        kubectl apply -f - <<-EOF
+          apiVersion: "v1"
+          kind: "Secret"
+          metadata:
+            namespace: 'kube-system'
+            name: 'hcloud-csi'
+          stringData:
+            token: "#{configuration.hetzner_token}"
+        EOF
+      BASH
+      run cmd, kubeconfig_path: kubeconfig_path
+      cmd = 'kubectl apply -f https://raw.githubusercontent.com/hetznercloud/csi-driver/master/deploy/kubernetes/hcloud-csi.yml'
+      run cmd, kubeconfig_path: kubeconfig_path
+      puts '...CSI Driver deployed'
+    end
+    def check_kubectl
+      return if which('kubectl')
+      puts 'Please ensure kubectl is installed and in your PATH.'
+      exit 1
+    end
+    def first_master_private_ip
+      @first_master_private_ip ||= first_master['private_net'][0]['ip']
+    end
+  end
+end

data/lib/hetzner/utils.rb CHANGED Viewed

@@ -85,10 +85,6 @@ module Utils
       end
     end
     output.chop
-  # rescue StandardError => e
-  #   p [e.class, e.message]
-  #   retries += 1
-  #   retry unless retries > 15 || e.message =~ /Bad file descriptor/
   rescue Timeout::Error, IOError, Errno::EBADF
     retries += 1
     retry unless retries > 15
@@ -109,4 +105,8 @@ module Utils
     MESSAGE
     exit 1
   end
+  def verify_host_key
+    @verify_host_key ||= configuration.fetch('verify_host_key', false)
+  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hetzner-k3s
 version: !ruby/object:Gem::Version
-  version: 0.6.2
+  version: 0.6.3
 platform: ruby
 authors:
 - Vito Botta
@@ -155,6 +155,7 @@ files:
 - lib/hetzner/k3s/cluster.rb
 - lib/hetzner/k3s/configuration.rb
 - lib/hetzner/k3s/version.rb
+- lib/hetzner/kubernetes/client.rb
 - lib/hetzner/utils.rb
 - spec/k3s_spec.rb
 - spec/spec_helper.rb