RubyGems - hetzner-k3s - Versions diffs - 0.6.2 → 0.6.3 - Mend

hetzner-k3s 0.6.2 → 0.6.3

Files changed (12) hide show

checksums.yaml +4 -4
data/Gemfile.lock +1 -1
data/README.md +5 -5
data/lib/hetzner/infra/client.rb +4 -4
data/lib/hetzner/infra/firewall.rb +1 -2
data/lib/hetzner/infra/load_balancer.rb +1 -1
data/lib/hetzner/infra/server.rb +28 -24
data/lib/hetzner/k3s/cluster.rb +62 -526
data/lib/hetzner/k3s/version.rb +1 -1
data/lib/hetzner/kubernetes/client.rb +475 -0
data/lib/hetzner/utils.rb +4 -4
metadata +2 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 873c76ec7a993a8c890f72c8158daa82597eb994e3f5e70c9b53d98604903f38
-  data.tar.gz: d0b1f622ff21728d1bb6b41b2a373eca693121a0eb619776adf9590ef926f80a
+  metadata.gz: 2bbaf7bd5387cc92f0725308a42f982df7b47596d5d1a3d50693cf3b6a741359
+  data.tar.gz: 0617b66a6ca8299c5c5ada69c586a532e915657c857c6f6821cd81d29c17a774
 SHA512:
-  metadata.gz: 4bdc7f2fa5f6ef40bcd1e089d89b26c228b77fe3c06fb4af884910e4fe69fb6ad67951160a4ecdbcb6f076adbc16521bfd45b661644e7f6b927ba002e5a3ba67
-  data.tar.gz: 94a8f6b3df49db94d7412d5f350ce3f996980f0741e694a8b91a7ff0c71783cdaa12b4263cab31395288497dd3c790be45ca62e00f844d9df863a13b3623de79
+  metadata.gz: a457da09e05ac40da2d0b40de65193f16ecd42ae926f6d59271ca9fedc77587faf2bb90b4c4a62e326e509076b0f44e84062fb6c72536e5e8c1ce4b716d56813
+  data.tar.gz: '0628cf98daa772f50251257b626ca148420d1a8853618652c9fd7dd6750694393d9902ea684c786029e0db3bcf8d01729aa217e9fc3c070067fbbe6afb395dd8'

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    hetzner-k3s (0.6.1)
+    hetzner-k3s (0.6.2)
       bcrypt_pbkdf
       childprocess
       ed25519

data/README.md CHANGED Viewed

@@ -58,13 +58,13 @@ Before using the tool, be sure to have kubectl installed as it's required to ins
 #### With Homebrew
 ```bash
-brew install vitobotta/tap/hetzner-k3s
+brew install vitobotta/tap/hetzner_k3s
 ```
 #### Binary installation (Intel)
 ```bash
-wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.1/hetzner-k3s-mac-amd64
+wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.3/hetzner-k3s-mac-amd64
 chmod +x hetzner-k3s-mac-x64
 sudo mv hetzner-k3s-mac-x64 /usr/local/bin/hetzner-k3s
 ```
@@ -72,7 +72,7 @@ sudo mv hetzner-k3s-mac-x64 /usr/local/bin/hetzner-k3s
 #### Binary installation (Apple Silicon/M1)
 ```bash
-wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.1/hetzner-k3s-mac-arm64
+wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.3/hetzner-k3s-mac-arm64
 chmod +x hetzner-k3s-mac-arm
 sudo mv hetzner-k3s-mac-arm /usr/local/bin/hetzner-k3s
 ```
@@ -82,7 +82,7 @@ NOTE: currently the ARM version still requires [Rosetta](https://support.apple.c
 ### Linux
 ```bash
-wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.1/hetzner-k3s-linux-x86_64
+wget https://github.com/vitobotta/hetzner-k3s/releases/download/v0.6.3/hetzner-k3s-linux-x86_64
 chmod +x hetzner-k3s-linux-x86_64
 sudo mv hetzner-k3s-linux-x86_64 /usr/local/bin/hetzner-k3s
 ```
@@ -107,7 +107,7 @@ Alternatively, if you don't want to set up a Ruby runtime but have Docker instal
 docker run --rm -it \
   -v ${PWD}:/cluster \
   -v ${HOME}/.ssh:/tmp/.ssh \
-  vitobotta/hetzner-k3s:v0.6.1 \
+  vitobotta/hetzner-k3s:v0.6.3 \
   create-cluster \
   --config-file /cluster/test.yaml
 ```

data/lib/hetzner/infra/client.rb CHANGED Viewed

@@ -6,10 +6,6 @@ module Hetzner
     attr_reader :token
-    def initialize(token:)
-      @token = token
-    end
     def get(path)
       make_request do
         JSON.parse HTTParty.get(BASE_URI + path, headers: headers).body
@@ -30,6 +26,10 @@ module Hetzner
     private
+    def initialize(token:)
+      @token = token
+    end
     def headers
       {
         'Authorization' => "Bearer #{@token}",

data/lib/hetzner/infra/firewall.rb CHANGED Viewed

@@ -33,8 +33,7 @@ module Hetzner
         puts 'Deleting firewall...'
         servers.each do |server|
-          hetzner_client.post("/firewalls/#{firewall['id']}/actions/remove_from_resources",
-                              remove_targets_config(server['id']))
+          hetzner_client.post("/firewalls/#{firewall['id']}/actions/remove_from_resources", remove_targets_config(server['id']))
         end
         hetzner_client.delete('/firewalls', firewall['id'])

data/lib/hetzner/infra/load_balancer.rb CHANGED Viewed

@@ -33,8 +33,8 @@ module Hetzner
         puts 'Deleting API load balancer...' unless high_availability
         hetzner_client.post("/load_balancers/#{load_balancer['id']}/actions/remove_target", remove_targets_config)
         hetzner_client.delete('/load_balancers', load_balancer['id'])
         puts '...API load balancer deleted.' unless high_availability
       elsif high_availability
         puts 'API load balancer no longer exists, skipping.'

data/lib/hetzner/infra/server.rb CHANGED Viewed

@@ -59,30 +59,6 @@ module Hetzner
     end
     def user_data
-      packages = %w[fail2ban wireguard]
-      packages += additional_packages if additional_packages
-      packages = "'#{packages.join("', '")}'"
-      post_create_commands = [
-        'crontab -l > /etc/cron_bkp',
-        'echo "@reboot echo true > /etc/ready" >> /etc/cron_bkp',
-        'crontab /etc/cron_bkp',
-        'sed -i \'s/[#]*PermitRootLogin yes/PermitRootLogin prohibit-password/g\' /etc/ssh/sshd_config',
-        'sed -i \'s/[#]*PasswordAuthentication yes/PasswordAuthentication no/g\' /etc/ssh/sshd_config',
-        'systemctl restart sshd',
-        'systemctl stop systemd-resolved',
-        'systemctl disable systemd-resolved',
-        'rm /etc/resolv.conf',
-        'echo \'nameserver 1.1.1.1\' > /etc/resolv.conf',
-        'echo \'nameserver 1.0.0.1\' >> /etc/resolv.conf'
-      ]
-      post_create_commands += additional_post_create_commands if additional_post_create_commands
-      post_create_commands += ['shutdown -r now'] if post_create_commands.grep(/shutdown|reboot/).grep_v(/@reboot/).empty?
-      post_create_commands = "  - #{post_create_commands.join("\n  - ")}"
       <<~YAML
         #cloud-config
         packages: [#{packages}]
@@ -125,5 +101,33 @@ module Hetzner
       JSON.parse(response_body)['server']
     end
+    def post_create_commands
+      commands = [
+        'crontab -l > /etc/cron_bkp',
+        'echo "@reboot echo true > /etc/ready" >> /etc/cron_bkp',
+        'crontab /etc/cron_bkp',
+        'sed -i \'s/[#]*PermitRootLogin yes/PermitRootLogin prohibit-password/g\' /etc/ssh/sshd_config',
+        'sed -i \'s/[#]*PasswordAuthentication yes/PasswordAuthentication no/g\' /etc/ssh/sshd_config',
+        'systemctl restart sshd',
+        'systemctl stop systemd-resolved',
+        'systemctl disable systemd-resolved',
+        'rm /etc/resolv.conf',
+        'echo \'nameserver 1.1.1.1\' > /etc/resolv.conf',
+        'echo \'nameserver 1.0.0.1\' >> /etc/resolv.conf'
+      ]
+      commands += additional_post_create_commands if additional_post_create_commands
+      commands << 'shutdown -r now' if commands.grep(/shutdown|reboot/).grep_v(/@reboot/).empty?
+      "  - #{commands.join("\n  - ")}"
+    end
+    def packages
+      packages = %w[fail2ban wireguard]
+      packages += additional_packages if additional_packages
+      "'#{packages.join("', '")}'"
+    end
   end
 end

data/lib/hetzner/k3s/cluster.rb CHANGED Viewed

@@ -14,6 +14,8 @@ require_relative '../infra/server'
 require_relative '../infra/load_balancer'
 require_relative '../infra/placement_group'
+require_relative '../kubernetes/client'
 require_relative '../utils'
 class Cluster
@@ -25,38 +27,18 @@ class Cluster
   def create
     @cluster_name = configuration['cluster_name']
-    @kubeconfig_path = File.expand_path(configuration['kubeconfig_path'])
-    @public_ssh_key_path = File.expand_path(configuration['public_ssh_key_path'])
-    private_ssh_key_path = configuration['private_ssh_key_path']
-    @private_ssh_key_path = private_ssh_key_path && File.expand_path(private_ssh_key_path)
-    @k3s_version = configuration['k3s_version']
     @masters_config = configuration['masters']
     @worker_node_pools = find_worker_node_pools(configuration)
     @masters_location = configuration['location']
-    @verify_host_key = configuration.fetch('verify_host_key', false)
     @servers = []
     @ssh_networks = configuration['ssh_allowed_networks']
     @api_networks = configuration['api_allowed_networks']
-    @enable_encryption = configuration.fetch('enable_encryption', false)
-    @kube_api_server_args = configuration.fetch('kube_api_server_args', [])
-    @kube_scheduler_args = configuration.fetch('kube_scheduler_args', [])
-    @kube_controller_manager_args = configuration.fetch('kube_controller_manager_args', [])
-    @kube_cloud_controller_manager_args = configuration.fetch('kube_cloud_controller_manager_args', [])
-    @kubelet_args = configuration.fetch('kubelet_args', [])
-    @kube_proxy_args = configuration.fetch('kube_proxy_args', [])
+    @private_ssh_key_path = File.expand_path(configuration['private_ssh_key_path'])
+    @public_ssh_key_path = File.expand_path(configuration['public_ssh_key_path'])
     create_resources
-    deploy_kubernetes
-    sleep 10
-    label_nodes
-    taint_nodes
-    deploy_cloud_controller_manager
-    deploy_csi_driver
-    deploy_system_upgrade_controller
+    kubernetes_client.deploy(masters: masters, workers: workers, master_definitions: master_definitions_for_create, worker_definitions: workers_definitions_for_marking)
   end
   def delete
@@ -75,378 +57,26 @@ class Cluster
     @new_k3s_version = new_k3s_version
     @config_file = config_file
-    upgrade_cluster
+    kubernetes_client.upgrade
   end
   private
   attr_accessor :servers
-  attr_reader :configuration, :cluster_name, :kubeconfig_path, :k3s_version,
+  attr_reader :configuration, :cluster_name, :kubeconfig_path,
               :masters_config, :worker_node_pools,
-              :masters_location, :public_ssh_key_path,
+              :masters_location, :private_ssh_key_path, :public_ssh_key_path,
               :hetzner_token, :new_k3s_version,
-              :config_file, :verify_host_key, :ssh_networks, :private_ssh_key_path,
-              :enable_encryption, :kube_api_server_args, :kube_scheduler_args,
-              :kube_controller_manager_args, :kube_cloud_controller_manager_args,
-              :kubelet_args, :kube_proxy_args, :api_networks
+              :config_file, :ssh_networks,
+              :api_networks
   def find_worker_node_pools(configuration)
     configuration.fetch('worker_node_pools', [])
   end
-  def latest_k3s_version
-    response = HTTParty.get('https://api.github.com/repos/k3s-io/k3s/tags').body
-    JSON.parse(response).first['name']
-  end
-  def create_resources
-    create_servers
-    create_load_balancer if masters.size > 1
-  end
-  def delete_placement_groups
-    Hetzner::PlacementGroup.new(hetzner_client: hetzner_client, cluster_name: cluster_name).delete
-    worker_node_pools.each do |pool|
-      pool_name = pool['name']
-      Hetzner::PlacementGroup.new(hetzner_client: hetzner_client, cluster_name: cluster_name, pool_name: pool_name).delete
-    end
-  end
-  def delete_resources
-    Hetzner::LoadBalancer.new(hetzner_client: hetzner_client, cluster_name: cluster_name).delete(high_availability: (masters.size > 1))
-    Hetzner::Firewall.new(hetzner_client: hetzner_client, cluster_name: cluster_name).delete(all_servers)
-    Hetzner::Network.new(hetzner_client: hetzner_client, cluster_name: cluster_name, existing_network: existing_network).delete
-    Hetzner::SSHKey.new(hetzner_client: hetzner_client, cluster_name: cluster_name).delete(public_ssh_key_path: public_ssh_key_path)
-    delete_placement_groups
-    delete_servers
-  end
-  def upgrade_cluster
-    worker_upgrade_concurrency = workers.size - 1
-    worker_upgrade_concurrency = 1 if worker_upgrade_concurrency.zero?
-    cmd = <<~BASH
-      kubectl apply -f - <<-EOF
-        apiVersion: upgrade.cattle.io/v1
-        kind: Plan
-        metadata:
-          name: k3s-server
-          namespace: system-upgrade
-          labels:
-            k3s-upgrade: server
-        spec:
-          concurrency: 1
-          version: #{new_k3s_version}
-          nodeSelector:
-            matchExpressions:
-              - {key: node-role.kubernetes.io/master, operator: In, values: ["true"]}
-          serviceAccountName: system-upgrade
-          tolerations:
-          - key: "CriticalAddonsOnly"
-            operator: "Equal"
-            value: "true"
-            effect: "NoExecute"
-          cordon: true
-          upgrade:
-            image: rancher/k3s-upgrade
-      EOF
-    BASH
-    run cmd, kubeconfig_path: kubeconfig_path
-    cmd = <<~BASH
-      kubectl apply -f - <<-EOF
-        apiVersion: upgrade.cattle.io/v1
-        kind: Plan
-        metadata:
-          name: k3s-agent
-          namespace: system-upgrade
-          labels:
-            k3s-upgrade: agent
-        spec:
-          concurrency: #{worker_upgrade_concurrency}
-          version: #{new_k3s_version}
-          nodeSelector:
-            matchExpressions:
-              - {key: node-role.kubernetes.io/master, operator: NotIn, values: ["true"]}
-          serviceAccountName: system-upgrade
-          prepare:
-            image: rancher/k3s-upgrade
-            args: ["prepare", "k3s-server"]
-          cordon: true
-          upgrade:
-            image: rancher/k3s-upgrade
-      EOF
-    BASH
-    run cmd, kubeconfig_path: kubeconfig_path
-    puts 'Upgrade will now start. Run `watch kubectl get nodes` to see the nodes being upgraded. This should take a few minutes for a small cluster.'
-    puts 'The API server may be briefly unavailable during the upgrade of the controlplane.'
-    updated_configuration = configuration.raw
-    updated_configuration['k3s_version'] = new_k3s_version
-    File.write(config_file, updated_configuration.to_yaml)
-  end
-  def master_script(master)
-    server = master == first_master ? ' --cluster-init ' : " --server https://#{api_server_ip}:6443 "
-    flannel_interface = find_flannel_interface(master)
-    available_k3s_releases = Hetzner::Configuration.available_releases
-    wireguard_native_min_version_index = available_k3s_releases.find_index('v1.23.6+k3s1')
-    selected_version_index = available_k3s_releases.find_index(k3s_version)
-    flannel_wireguard = if enable_encryption
-                          if selected_version_index >= wireguard_native_min_version_index
-                            ' --flannel-backend=wireguard-native '
-                          else
-                            ' --flannel-backend=wireguard '
-                          end
-                        else
-                          ' '
-                        end
-    extra_args = "#{kube_api_server_args_list} #{kube_scheduler_args_list} #{kube_controller_manager_args_list} #{kube_cloud_controller_manager_args_list} #{kubelet_args_list} #{kube_proxy_args_list}"
-    taint = schedule_workloads_on_masters? ? ' ' : ' --node-taint CriticalAddonsOnly=true:NoExecute '
-    <<~SCRIPT
-      curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="#{k3s_version}" K3S_TOKEN="#{k3s_token}" INSTALL_K3S_EXEC="server \
-        --disable-cloud-controller \
-        --disable servicelb \
-        --disable traefik \
-        --disable local-storage \
-        --disable metrics-server \
-        --write-kubeconfig-mode=644 \
-        --node-name="$(hostname -f)" \
-        --cluster-cidr=10.244.0.0/16 \
-        --etcd-expose-metrics=true \
-        #{flannel_wireguard} \
-        --kube-controller-manager-arg="bind-address=0.0.0.0" \
-        --kube-proxy-arg="metrics-bind-address=0.0.0.0" \
-        --kube-scheduler-arg="bind-address=0.0.0.0" \
-        #{taint} #{extra_args} \
-        --kubelet-arg="cloud-provider=external" \
-        --advertise-address=$(hostname -I | awk '{print $2}') \
-        --node-ip=$(hostname -I | awk '{print $2}') \
-        --node-external-ip=$(hostname -I | awk '{print $1}') \
-        --flannel-iface=#{flannel_interface} \
-        #{server} #{tls_sans}" sh -
-    SCRIPT
-  end
-  def worker_script(worker)
-    flannel_interface = find_flannel_interface(worker)
-    <<~BASH
-      curl -sfL https://get.k3s.io | K3S_TOKEN="#{k3s_token}" INSTALL_K3S_VERSION="#{k3s_version}" K3S_URL=https://#{first_master_private_ip}:6443 INSTALL_K3S_EXEC="agent \
-        --node-name="$(hostname -f)" \
-        --kubelet-arg="cloud-provider=external" \
-        --node-ip=$(hostname -I | awk '{print $2}') \
-        --node-external-ip=$(hostname -I | awk '{print $1}') \
-        --flannel-iface=#{flannel_interface}" sh -
-    BASH
-  end
-  def deploy_kubernetes
-    puts
-    puts "Deploying k3s to first master (#{first_master['name']})..."
-    ssh first_master, master_script(first_master), print_output: true
-    puts
-    puts '...k3s has been deployed to first master.'
-    save_kubeconfig
-    if masters.size > 1
-      threads = masters[1..].map do |master|
-        Thread.new do
-          puts
-          puts "Deploying k3s to master #{master['name']}..."
-          ssh master, master_script(master), print_output: true
-          puts
-          puts "...k3s has been deployed to master #{master['name']}."
-        end
-      end
-      threads.each(&:join) unless threads.empty?
-    end
-    threads = workers.map do |worker|
-      Thread.new do
-        puts
-        puts "Deploying k3s to worker (#{worker['name']})..."
-        ssh worker, worker_script(worker), print_output: true
-        puts
-        puts "...k3s has been deployed to worker (#{worker['name']})."
-      end
-    end
-    threads.each(&:join) unless threads.empty?
-  end
-  def label_nodes
-    check_kubectl
-    if master_definitions_for_create.first[:labels]
-      master_labels = master_definitions_for_create.first[:labels].map{ |k, v| "#{k}=#{v}" }.join(' ')
-      master_node_names = []
-      master_definitions_for_create.each do |master|
-        master_node_names << "#{configuration['cluster_name']}-#{master[:instance_type]}-#{master[:instance_id]}"
-      end
-      master_node_names = master_node_names.join(' ')
-      cmd = "kubectl label --overwrite nodes #{master_node_names} #{master_labels}"
-      run cmd, kubeconfig_path: kubeconfig_path
-    end
-    workers = []
-    worker_node_pools.each do |worker_node_pool|
-      workers += worker_node_pool_definitions(worker_node_pool)
-    end
-    return unless workers.any?
-    workers.each do |worker|
-      next unless worker[:labels]
-      worker_labels = worker[:labels].map{ |k, v| "#{k}=#{v}" }.join(' ')
-      worker_node_name = "#{configuration['cluster_name']}-#{worker[:instance_type]}-#{worker[:instance_id]}"
-      cmd = "kubectl label --overwrite nodes #{worker_node_name} #{worker_labels}"
-      run cmd, kubeconfig_path: kubeconfig_path
-    end
-  end
-  def taint_nodes
-    check_kubectl
-    if master_definitions_for_create.first[:taints]
-      master_taints = master_definitions_for_create.first[:taints].map{ |k, v| "#{k}=#{v}" }.join(' ')
-      master_node_names = []
-      master_definitions_for_create.each do |master|
-        master_node_names << "#{configuration['cluster_name']}-#{master[:instance_type]}-#{master[:instance_id]}"
-      end
-      master_node_names = master_node_names.join(' ')
-      cmd = "kubectl taint --overwrite nodes #{master_node_names} #{master_taints}"
-      run cmd, kubeconfig_path: kubeconfig_path
-    end
-    workers = []
-    worker_node_pools.each do |worker_node_pool|
-      workers += worker_node_pool_definitions(worker_node_pool)
-    end
-    return unless workers.any?
-    workers.each do |worker|
-      next unless worker[:taints]
-      worker_taints = worker[:taints].map{ |k, v| "#{k}=#{v}" }.join(' ')
-      worker_node_name = "#{configuration['cluster_name']}-#{worker[:instance_type]}-#{worker[:instance_id]}"
-      cmd = "kubectl taint --overwrite nodes #{worker_node_name} #{worker_taints}"
-      run cmd, kubeconfig_path: kubeconfig_path
-    end
-  end
-  def deploy_cloud_controller_manager
-    check_kubectl
-    puts
-    puts 'Deploying Hetzner Cloud Controller Manager...'
-    cmd = <<~BASH
-      kubectl apply -f - <<-EOF
-        apiVersion: "v1"
-        kind: "Secret"
-        metadata:
-          namespace: 'kube-system'
-          name: 'hcloud'
-        stringData:
-          network: "#{existing_network || cluster_name}"
-          token: "#{configuration.hetzner_token}"
-      EOF
-    BASH
-    run cmd, kubeconfig_path: kubeconfig_path
-    cmd = 'kubectl apply -f https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/latest/download/ccm-networks.yaml'
-    run cmd, kubeconfig_path: kubeconfig_path
-    puts '...Cloud Controller Manager deployed'
-  end
-  def deploy_system_upgrade_controller
-    check_kubectl
-    puts
-    puts 'Deploying k3s System Upgrade Controller...'
-    cmd = 'kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/download/v0.9.1/system-upgrade-controller.yaml'
-    run cmd, kubeconfig_path: kubeconfig_path
-    puts '...k3s System Upgrade Controller deployed'
-  end
-  def deploy_csi_driver
-    check_kubectl
-    puts
-    puts 'Deploying Hetzner CSI Driver...'
-    cmd = <<~BASH
-      kubectl apply -f - <<-EOF
-        apiVersion: "v1"
-        kind: "Secret"
-        metadata:
-          namespace: 'kube-system'
-          name: 'hcloud-csi'
-        stringData:
-          token: "#{configuration.hetzner_token}"
-      EOF
-    BASH
-    run cmd, kubeconfig_path: kubeconfig_path
-    cmd = 'kubectl apply -f https://raw.githubusercontent.com/hetznercloud/csi-driver/master/deploy/kubernetes/hcloud-csi.yml'
-    run cmd, kubeconfig_path: kubeconfig_path
-    puts '...CSI Driver deployed'
-  end
-  def find_flannel_interface(server)
-    if ssh(server, 'lscpu | grep Vendor') =~ /Intel/
-      'ens10'
-    else
-      'enp7s0'
-    end
+  def belongs_to_cluster?(server)
+    server.dig('labels', 'cluster') == cluster_name
   end
   def all_servers
@@ -463,74 +93,6 @@ class Cluster
     @workers = all_servers.select { |server| server['name'] =~ /worker\d+\Z/ }.sort { |a, b| a['name'] <=> b['name'] }
   end
-  def k3s_token
-    @k3s_token ||= begin
-      token = ssh(first_master, '{ TOKEN=$(< /var/lib/rancher/k3s/server/node-token); } 2> /dev/null; echo $TOKEN')
-      if token.empty?
-        SecureRandom.hex
-      else
-        token.split(':').last
-      end
-    end
-  end
-  def first_master_private_ip
-    @first_master_private_ip ||= first_master['private_net'][0]['ip']
-  end
-  def first_master
-    masters.first
-  end
-  def api_server_ip
-    return @api_server_ip if @api_server_ip
-    @api_server_ip = if masters.size > 1
-                       load_balancer_name = "#{cluster_name}-api"
-                       load_balancer = hetzner_client.get('/load_balancers')['load_balancers'].detect do |lb|
-                         lb['name'] == load_balancer_name
-                       end
-                       load_balancer['public_net']['ipv4']['ip']
-                     else
-                       first_master_public_ip
-                     end
-  end
-  def tls_sans
-    sans = " --tls-san=#{api_server_ip} "
-    masters.each do |master|
-      master_private_ip = master['private_net'][0]['ip']
-      sans += " --tls-san=#{master_private_ip} "
-    end
-    sans
-  end
-  def first_master_public_ip
-    @first_master_public_ip ||= first_master.dig('public_net', 'ipv4', 'ip')
-  end
-  def save_kubeconfig
-    kubeconfig = ssh(first_master, 'cat /etc/rancher/k3s/k3s.yaml')
-                 .gsub('127.0.0.1', api_server_ip)
-                 .gsub('default', cluster_name)
-    File.write(kubeconfig_path, kubeconfig)
-    FileUtils.chmod 'go-r', kubeconfig_path
-  end
-  def belongs_to_cluster?(server)
-    server.dig('labels', 'cluster') == cluster_name
-  end
-  def schedule_workloads_on_masters?
-    schedule_workloads_on_masters = configuration['schedule_workloads_on_masters']
-    schedule_workloads_on_masters ? !!schedule_workloads_on_masters : false
-  end
   def image
     configuration['image'] || 'ubuntu-20.04'
   end
@@ -543,34 +105,19 @@ class Cluster
     configuration['post_create_commands'] || []
   end
-  def check_kubectl
-    return if which('kubectl')
-    puts 'Please ensure kubectl is installed and in your PATH.'
-    exit 1
-  end
-  def placement_group_id(pool_name = nil)
-    @placement_groups ||= {}
-    @placement_groups[pool_name || '__masters__'] ||= Hetzner::PlacementGroup.new(hetzner_client: hetzner_client, cluster_name: cluster_name, pool_name: pool_name).create
-  end
   def master_instance_type
     @master_instance_type ||= masters_config['instance_type']
   end
-  def master_labels
-    @master_labels ||= masters_config['labels']
-  end
-  def master_taints
-    @master_taints ||= masters_config['taints']
-  end
   def masters_count
     @masters_count ||= masters_config['instance_count']
   end
+  def placement_group_id(pool_name = nil)
+    @placement_groups ||= {}
+    @placement_groups[pool_name || '__masters__'] ||= Hetzner::PlacementGroup.new(hetzner_client: hetzner_client, cluster_name: cluster_name, pool_name: pool_name).create
+  end
   def firewall_id
     @firewall_id ||= Hetzner::Firewall.new(hetzner_client: hetzner_client, cluster_name: cluster_name).create(high_availability: (masters_count > 1), ssh_networks: ssh_networks, api_networks: api_networks)
   end
@@ -598,8 +145,8 @@ class Cluster
         image: image,
         additional_packages: additional_packages,
         additional_post_create_commands: additional_post_create_commands,
-        labels: master_labels,
-        taints: master_taints
+        labels: masters_config['labels'],
+        taints: masters_config['taints']
       }
     end
@@ -649,10 +196,6 @@ class Cluster
     definitions
   end
-  def create_load_balancer
-    Hetzner::LoadBalancer.new(hetzner_client: hetzner_client, cluster_name: cluster_name).create(location: masters_location, network_id: network_id)
-  end
   def server_configs
     return @server_configs if @server_configs
@@ -665,6 +208,47 @@ class Cluster
     @server_configs
   end
+  def hetzner_client
+    configuration.hetzner_client
+  end
+  def kubernetes_client
+    @kubernetes_client ||= Kubernetes::Client.new(configuration: configuration)
+  end
+  def workers_definitions_for_marking
+    worker_node_pools.map do |worker_node_pool|
+      worker_node_pool_definitions(worker_node_pool)
+    end.flatten
+  end
+  def create_resources
+    create_servers
+    create_load_balancer if masters.size > 1
+  end
+  def delete_placement_groups
+    Hetzner::PlacementGroup.new(hetzner_client: hetzner_client, cluster_name: cluster_name).delete
+    worker_node_pools.each do |pool|
+      pool_name = pool['name']
+      Hetzner::PlacementGroup.new(hetzner_client: hetzner_client, cluster_name: cluster_name, pool_name: pool_name).delete
+    end
+  end
+  def delete_resources
+    Hetzner::LoadBalancer.new(hetzner_client: hetzner_client, cluster_name: cluster_name).delete(high_availability: (masters.size > 1))
+    Hetzner::Firewall.new(hetzner_client: hetzner_client, cluster_name: cluster_name).delete(all_servers)
+    Hetzner::Network.new(hetzner_client: hetzner_client, cluster_name: cluster_name, existing_network: existing_network).delete
+    Hetzner::SSHKey.new(hetzner_client: hetzner_client, cluster_name: cluster_name).delete(public_ssh_key_path: public_ssh_key_path)
+    delete_placement_groups
+    delete_servers
+  end
   def create_servers
     servers = []
@@ -701,56 +285,8 @@ class Cluster
     threads.each(&:join) unless threads.empty?
   end
-  def kube_api_server_args_list
-    return '' if kube_api_server_args.empty?
-    kube_api_server_args.map do |arg|
-      " --kube-apiserver-arg=\"#{arg}\" "
-    end.join
-  end
-  def kube_scheduler_args_list
-    return '' if kube_scheduler_args.empty?
-    kube_scheduler_args.map do |arg|
-      " --kube-scheduler-arg=\"#{arg}\" "
-    end.join
-  end
-  def kube_controller_manager_args_list
-    return '' if kube_controller_manager_args.empty?
-    kube_controller_manager_args.map do |arg|
-      " --kube-controller-manager-arg=\"#{arg}\" "
-    end.join
-  end
-  def kube_cloud_controller_manager_args_list
-    return '' if kube_cloud_controller_manager_args.empty?
-    kube_cloud_controller_manager_args.map do |arg|
-      " --kube-cloud-controller-manager-arg=\"#{arg}\" "
-    end.join
-  end
-  def kubelet_args_list
-    return '' if kubelet_args.empty?
-    kubelet_args.map do |arg|
-      " --kubelet-arg=\"#{arg}\" "
-    end.join
-  end
-  def kube_proxy_args_list
-    return '' if kube_proxy_args.empty?
-    kube_api_server_args.map do |arg|
-      " --kube-proxy-arg=\"#{arg}\" "
-    end.join
-  end
-  def hetzner_client
-    configuration.hetzner_client
+  def create_load_balancer
+    Hetzner::LoadBalancer.new(hetzner_client: hetzner_client, cluster_name: cluster_name).create(location: masters_location, network_id: network_id)
   end
   def existing_network

data/lib/hetzner/k3s/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Hetzner
   module K3s
-    VERSION = '0.6.2'
+    VERSION = '0.6.3'
   end
 end

data/lib/hetzner/kubernetes/client.rb ADDED Viewed

@@ -0,0 +1,475 @@
+# frozen_string_literal: true
+require_relative '../utils'
+module Kubernetes
+  class Client
+    include Utils
+    def initialize(configuration:)
+      @configuration = configuration
+    end
+    def deploy(masters:, workers:, master_definitions:, worker_definitions:)
+      @masters = masters
+      @workers = workers
+      @master_definitions = master_definitions
+      @worker_definitions = worker_definitions
+      @kube_api_server_args = configuration.fetch('kube_api_server_args', [])
+      @kube_scheduler_args = configuration.fetch('kube_scheduler_args', [])
+      @kube_controller_manager_args = configuration.fetch('kube_controller_manager_args', [])
+      @kube_cloud_controller_manager_args = configuration.fetch('kube_cloud_controller_manager_args', [])
+      @kubelet_args = configuration.fetch('kubelet_args', [])
+      @kube_proxy_args = configuration.fetch('kube_proxy_args', [])
+      @private_ssh_key_path = File.expand_path(configuration['private_ssh_key_path'])
+      @public_ssh_key_path = File.expand_path(configuration['public_ssh_key_path'])
+      @cluster_name = configuration['cluster_name']
+      set_up_k3s
+      update_nodes
+      post_setup_deployments
+    end
+    def upgrade
+      worker_upgrade_concurrency = workers.size - 1
+      worker_upgrade_concurrency = 1 if worker_upgrade_concurrency.zero?
+      cmd = <<~BASH
+        kubectl apply -f - <<-EOF
+          apiVersion: upgrade.cattle.io/v1
+          kind: Plan
+          metadata:
+            name: k3s-server
+            namespace: system-upgrade
+            labels:
+              k3s-upgrade: server
+          spec:
+            concurrency: 1
+            version: #{new_k3s_version}
+            nodeSelector:
+              matchExpressions:
+                - {key: node-role.kubernetes.io/master, operator: In, values: ["true"]}
+            serviceAccountName: system-upgrade
+            tolerations:
+            - key: "CriticalAddonsOnly"
+              operator: "Equal"
+              value: "true"
+              effect: "NoExecute"
+            cordon: true
+            upgrade:
+              image: rancher/k3s-upgrade
+        EOF
+      BASH
+      run cmd, kubeconfig_path: kubeconfig_path
+      cmd = <<~BASH
+        kubectl apply -f - <<-EOF
+          apiVersion: upgrade.cattle.io/v1
+          kind: Plan
+          metadata:
+            name: k3s-agent
+            namespace: system-upgrade
+            labels:
+              k3s-upgrade: agent
+          spec:
+            concurrency: #{worker_upgrade_concurrency}
+            version: #{new_k3s_version}
+            nodeSelector:
+              matchExpressions:
+                - {key: node-role.kubernetes.io/master, operator: NotIn, values: ["true"]}
+            serviceAccountName: system-upgrade
+            prepare:
+              image: rancher/k3s-upgrade
+              args: ["prepare", "k3s-server"]
+            cordon: true
+            upgrade:
+              image: rancher/k3s-upgrade
+        EOF
+      BASH
+      run cmd, kubeconfig_path: kubeconfig_path
+      puts 'Upgrade will now start. Run `watch kubectl get nodes` to see the nodes being upgraded. This should take a few minutes for a small cluster.'
+      puts 'The API server may be briefly unavailable during the upgrade of the controlplane.'
+      updated_configuration = configuration.raw
+      updated_configuration['k3s_version'] = new_k3s_version
+      File.write(config_file, updated_configuration.to_yaml)
+    end
+    private
+    attr_reader :configuration, :masters, :workers, :kube_api_server_args, :kube_scheduler_args,
+                :kube_controller_manager_args, :kube_cloud_controller_manager_args, :kubelet_args, :kube_proxy_args,
+                :private_ssh_key_path, :public_ssh_key_path, :master_definitions, :worker_definitions, :cluster_name
+    def set_up_k3s
+      set_up_first_master
+      set_up_additional_masters
+      set_up_workers
+    end
+    def set_up_first_master
+      puts
+      puts "Deploying k3s to first master (#{first_master['name']})..."
+      ssh first_master, master_install_script(first_master), print_output: true
+      puts
+      puts 'Waiting for the control plane to be ready...'
+      sleep 10
+      puts
+      puts '...k3s has been deployed to first master.'
+      save_kubeconfig
+    end
+    def set_up_additional_masters
+      return unless masters.size > 1
+      threads = masters[1..].map do |master|
+        Thread.new do
+          puts
+          puts "Deploying k3s to master #{master['name']}..."
+          ssh master, master_install_script(master), print_output: true
+          puts
+          puts "...k3s has been deployed to master #{master['name']}."
+        end
+      end
+      threads.each(&:join) unless threads.empty?
+    end
+    def set_up_workers
+      threads = workers.map do |worker|
+        Thread.new do
+          puts
+          puts "Deploying k3s to worker (#{worker['name']})..."
+          ssh worker, worker_install_script(worker), print_output: true
+          puts
+          puts "...k3s has been deployed to worker (#{worker['name']})."
+        end
+      end
+      threads.each(&:join) unless threads.empty?
+    end
+    def post_setup_deployments
+      deploy_cloud_controller_manager
+      deploy_csi_driver
+      deploy_system_upgrade_controller
+    end
+    def update_nodes
+      mark_nodes mark_type: :labels
+      mark_nodes mark_type: :taints
+    end
+    def first_master
+      masters.first
+    end
+    def kube_api_server_args_list
+      return '' if kube_api_server_args.empty?
+      kube_api_server_args.map do |arg|
+        " --kube-apiserver-arg=\"#{arg}\" "
+      end.join
+    end
+    def kube_scheduler_args_list
+      return '' if kube_scheduler_args.empty?
+      kube_scheduler_args.map do |arg|
+        " --kube-scheduler-arg=\"#{arg}\" "
+      end.join
+    end
+    def kube_controller_manager_args_list
+      return '' if kube_controller_manager_args.empty?
+      kube_controller_manager_args.map do |arg|
+        " --kube-controller-manager-arg=\"#{arg}\" "
+      end.join
+    end
+    def kube_cloud_controller_manager_args_list
+      return '' if kube_cloud_controller_manager_args.empty?
+      kube_cloud_controller_manager_args.map do |arg|
+        " --kube-cloud-controller-manager-arg=\"#{arg}\" "
+      end.join
+    end
+    def kubelet_args_list
+      return '' if kubelet_args.empty?
+      kubelet_args.map do |arg|
+        " --kubelet-arg=\"#{arg}\" "
+      end.join
+    end
+    def kube_proxy_args_list
+      return '' if kube_proxy_args.empty?
+      kube_api_server_args.map do |arg|
+        " --kube-proxy-arg=\"#{arg}\" "
+      end.join
+    end
+    def api_server_ip
+      return @api_server_ip if @api_server_ip
+      @api_server_ip = if masters.size > 1
+                         load_balancer_name = "#{cluster_name}-api"
+                         load_balancer = hetzner_client.get('/load_balancers')['load_balancers'].detect do |lb|
+                           lb['name'] == load_balancer_name
+                         end
+                         load_balancer['public_net']['ipv4']['ip']
+                       else
+                         first_master_public_ip
+                       end
+    end
+    def master_install_script(master)
+      server = master == first_master ? ' --cluster-init ' : " --server https://#{api_server_ip}:6443 "
+      flannel_interface = find_flannel_interface(master)
+      enable_encryption = configuration.fetch('enable_encryption', false)
+      flannel_wireguard = if enable_encryption
+                            if Gem::Version.new(k3s_version.scan(/\Av(.*)\+.*\Z/).flatten.first) >= Gem::Version.new('1.23.6')
+                              ' --flannel-backend=wireguard-native '
+                            else
+                              ' --flannel-backend=wireguard '
+                            end
+                          else
+                            ' '
+                          end
+      extra_args = "#{kube_api_server_args_list} #{kube_scheduler_args_list} #{kube_controller_manager_args_list} #{kube_cloud_controller_manager_args_list} #{kubelet_args_list} #{kube_proxy_args_list}"
+      taint = schedule_workloads_on_masters? ? ' ' : ' --node-taint CriticalAddonsOnly=true:NoExecute '
+      <<~SCRIPT
+        curl -sfL https://get.k3s.io | INSTALL_K3S_VERSION="#{k3s_version}" K3S_TOKEN="#{k3s_token}" INSTALL_K3S_EXEC="server \
+          --disable-cloud-controller \
+          --disable servicelb \
+          --disable traefik \
+          --disable local-storage \
+          --disable metrics-server \
+          --write-kubeconfig-mode=644 \
+          --node-name="$(hostname -f)" \
+          --cluster-cidr=10.244.0.0/16 \
+          --etcd-expose-metrics=true \
+          #{flannel_wireguard} \
+          --kube-controller-manager-arg="bind-address=0.0.0.0" \
+          --kube-proxy-arg="metrics-bind-address=0.0.0.0" \
+          --kube-scheduler-arg="bind-address=0.0.0.0" \
+          #{taint} #{extra_args} \
+          --kubelet-arg="cloud-provider=external" \
+          --advertise-address=$(hostname -I | awk '{print $2}') \
+          --node-ip=$(hostname -I | awk '{print $2}') \
+          --node-external-ip=$(hostname -I | awk '{print $1}') \
+          --flannel-iface=#{flannel_interface} \
+          #{server} #{tls_sans}" sh -
+      SCRIPT
+    end
+    def worker_install_script(worker)
+      flannel_interface = find_flannel_interface(worker)
+      <<~BASH
+        curl -sfL https://get.k3s.io | K3S_TOKEN="#{k3s_token}" INSTALL_K3S_VERSION="#{k3s_version}" K3S_URL=https://#{first_master_private_ip}:6443 INSTALL_K3S_EXEC="agent \
+          --node-name="$(hostname -f)" \
+          --kubelet-arg="cloud-provider=external" \
+          --node-ip=$(hostname -I | awk '{print $2}') \
+          --node-external-ip=$(hostname -I | awk '{print $1}') \
+          --flannel-iface=#{flannel_interface}" sh -
+      BASH
+    end
+    def find_flannel_interface(server)
+      if ssh(server, 'lscpu | grep Vendor') =~ /Intel/
+        'ens10'
+      else
+        'enp7s0'
+      end
+    end
+    def hetzner_client
+      configuration.hetzner_client
+    end
+    def first_master_public_ip
+      @first_master_public_ip ||= first_master.dig('public_net', 'ipv4', 'ip')
+    end
+    def save_kubeconfig
+      kubeconfig = ssh(first_master, 'cat /etc/rancher/k3s/k3s.yaml')
+                   .gsub('127.0.0.1', api_server_ip)
+                   .gsub('default', configuration['cluster_name'])
+      File.write(kubeconfig_path, kubeconfig)
+      FileUtils.chmod 'go-r', kubeconfig_path
+    end
+    def kubeconfig_path
+      @kubeconfig_path ||= File.expand_path(configuration['kubeconfig_path'])
+    end
+    def schedule_workloads_on_masters?
+      schedule_workloads_on_masters = configuration['schedule_workloads_on_masters']
+      schedule_workloads_on_masters ? !!schedule_workloads_on_masters : false
+    end
+    def k3s_version
+      @k3s_version ||= configuration['k3s_version']
+    end
+    def k3s_token
+      @k3s_token ||= begin
+        token = ssh(first_master, '{ TOKEN=$(< /var/lib/rancher/k3s/server/node-token); } 2> /dev/null; echo $TOKEN')
+        if token.empty?
+          SecureRandom.hex
+        else
+          token.split(':').last
+        end
+      end
+    end
+    def tls_sans
+      sans = " --tls-san=#{api_server_ip} "
+      masters.each do |master|
+        master_private_ip = master['private_net'][0]['ip']
+        sans += " --tls-san=#{master_private_ip} "
+      end
+      sans
+    end
+    def mark_nodes(mark_type:)
+      check_kubectl
+      action = mark_type == :labels ? 'label' : 'taint'
+      if master_definitions.first[mark_type]
+        master_labels = master_definitions.first[mark_type].map { |k, v| "#{k}=#{v}" }.join(' ')
+        master_node_names = []
+        master_definitions.each do |master|
+          master_node_names << "#{configuration['cluster_name']}-#{master[:instance_type]}-#{master[:instance_id]}"
+        end
+        master_node_names = master_node_names.join(' ')
+        cmd = "kubectl #{action} --overwrite nodes #{master_node_names} #{master_labels}"
+        run cmd, kubeconfig_path: kubeconfig_path
+      end
+      return unless worker_definitions.any?
+      worker_definitions.each do |worker|
+        next unless worker[mark_type]
+        worker_labels = worker[mark_type].map { |k, v| "#{k}=#{v}" }.join(' ')
+        worker_node_name = "#{configuration['cluster_name']}-#{worker[:instance_type]}-#{worker[:instance_id]}"
+        cmd = "kubectl #{action} --overwrite nodes #{worker_node_name} #{worker_labels}"
+        run cmd, kubeconfig_path: kubeconfig_path
+      end
+    end
+    def deploy_cloud_controller_manager
+      check_kubectl
+      puts
+      puts 'Deploying Hetzner Cloud Controller Manager...'
+      cmd = <<~BASH
+        kubectl apply -f - <<-EOF
+          apiVersion: "v1"
+          kind: "Secret"
+          metadata:
+            namespace: 'kube-system'
+            name: 'hcloud'
+          stringData:
+            network: "#{configuration['existing_network'] || cluster_name}"
+            token: "#{configuration.hetzner_token}"
+        EOF
+      BASH
+      run cmd, kubeconfig_path: kubeconfig_path
+      cmd = 'kubectl apply -f https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/latest/download/ccm-networks.yaml'
+      run cmd, kubeconfig_path: kubeconfig_path
+      puts '...Cloud Controller Manager deployed'
+    end
+    def deploy_system_upgrade_controller
+      check_kubectl
+      puts
+      puts 'Deploying k3s System Upgrade Controller...'
+      cmd = 'kubectl apply -f https://github.com/rancher/system-upgrade-controller/releases/download/v0.9.1/system-upgrade-controller.yaml'
+      run cmd, kubeconfig_path: kubeconfig_path
+      puts '...k3s System Upgrade Controller deployed'
+    end
+    def deploy_csi_driver
+      check_kubectl
+      puts
+      puts 'Deploying Hetzner CSI Driver...'
+      cmd = <<~BASH
+        kubectl apply -f - <<-EOF
+          apiVersion: "v1"
+          kind: "Secret"
+          metadata:
+            namespace: 'kube-system'
+            name: 'hcloud-csi'
+          stringData:
+            token: "#{configuration.hetzner_token}"
+        EOF
+      BASH
+      run cmd, kubeconfig_path: kubeconfig_path
+      cmd = 'kubectl apply -f https://raw.githubusercontent.com/hetznercloud/csi-driver/master/deploy/kubernetes/hcloud-csi.yml'
+      run cmd, kubeconfig_path: kubeconfig_path
+      puts '...CSI Driver deployed'
+    end
+    def check_kubectl
+      return if which('kubectl')
+      puts 'Please ensure kubectl is installed and in your PATH.'
+      exit 1
+    end
+    def first_master_private_ip
+      @first_master_private_ip ||= first_master['private_net'][0]['ip']
+    end
+  end
+end

data/lib/hetzner/utils.rb CHANGED Viewed

@@ -85,10 +85,6 @@ module Utils
       end
     end
     output.chop
-  # rescue StandardError => e
-  #   p [e.class, e.message]
-  #   retries += 1
-  #   retry unless retries > 15 || e.message =~ /Bad file descriptor/
   rescue Timeout::Error, IOError, Errno::EBADF
     retries += 1
     retry unless retries > 15
@@ -109,4 +105,8 @@ module Utils
     MESSAGE
     exit 1
   end
+  def verify_host_key
+    @verify_host_key ||= configuration.fetch('verify_host_key', false)
+  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hetzner-k3s
 version: !ruby/object:Gem::Version
-  version: 0.6.2
+  version: 0.6.3
 platform: ruby
 authors:
 - Vito Botta
@@ -155,6 +155,7 @@ files:
 - lib/hetzner/k3s/cluster.rb
 - lib/hetzner/k3s/configuration.rb
 - lib/hetzner/k3s/version.rb
+- lib/hetzner/kubernetes/client.rb
 - lib/hetzner/utils.rb
 - spec/k3s_spec.rb
 - spec/spec_helper.rb