Remove deprecated provider, fix flatcar configs, enable CI tests and refactor hetzner terraform (#10002)
* Remove deprecated provider and fix flatcar configs * Refactor for DRYness * Add missing line endings * Enable tests for hetzner terraform in CI * Add missing inventory for CI testspull/10025/head
parent
426b8913c0
commit
ab6d204641
|
@ -80,6 +80,12 @@ tf-validate-exoscale:
|
||||||
TF_VERSION: $TERRAFORM_VERSION
|
TF_VERSION: $TERRAFORM_VERSION
|
||||||
PROVIDER: exoscale
|
PROVIDER: exoscale
|
||||||
|
|
||||||
|
tf-validate-hetzner:
|
||||||
|
extends: .terraform_validate
|
||||||
|
variables:
|
||||||
|
TF_VERSION: $TERRAFORM_VERSION
|
||||||
|
PROVIDER: hetzner
|
||||||
|
|
||||||
tf-validate-vsphere:
|
tf-validate-vsphere:
|
||||||
extends: .terraform_validate
|
extends: .terraform_validate
|
||||||
variables:
|
variables:
|
||||||
|
|
|
@ -15,17 +15,17 @@ machines = {
|
||||||
"master-0" : {
|
"master-0" : {
|
||||||
"node_type" : "master",
|
"node_type" : "master",
|
||||||
"size" : "cx21",
|
"size" : "cx21",
|
||||||
"image" : "ubuntu-20.04",
|
"image" : "ubuntu-22.04",
|
||||||
},
|
},
|
||||||
"worker-0" : {
|
"worker-0" : {
|
||||||
"node_type" : "worker",
|
"node_type" : "worker",
|
||||||
"size" : "cx21",
|
"size" : "cx21",
|
||||||
"image" : "ubuntu-20.04",
|
"image" : "ubuntu-22.04",
|
||||||
},
|
},
|
||||||
"worker-1" : {
|
"worker-1" : {
|
||||||
"node_type" : "worker",
|
"node_type" : "worker",
|
||||||
"size" : "cx21",
|
"size" : "cx21",
|
||||||
"image" : "ubuntu-20.04",
|
"image" : "ubuntu-22.04",
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -26,10 +26,10 @@ module "kubernetes" {
|
||||||
# Generate ansible inventory
|
# Generate ansible inventory
|
||||||
#
|
#
|
||||||
|
|
||||||
data "template_file" "inventory" {
|
locals {
|
||||||
template = file("${path.module}/templates/inventory.tpl")
|
inventory = templatefile(
|
||||||
|
"${path.module}/templates/inventory.tpl",
|
||||||
vars = {
|
{
|
||||||
connection_strings_master = join("\n", formatlist("%s ansible_user=ubuntu ansible_host=%s ip=%s etcd_member_name=etcd%d",
|
connection_strings_master = join("\n", formatlist("%s ansible_user=ubuntu ansible_host=%s ip=%s etcd_member_name=etcd%d",
|
||||||
keys(module.kubernetes.master_ip_addresses),
|
keys(module.kubernetes.master_ip_addresses),
|
||||||
values(module.kubernetes.master_ip_addresses).*.public_ip,
|
values(module.kubernetes.master_ip_addresses).*.public_ip,
|
||||||
|
@ -43,14 +43,15 @@ data "template_file" "inventory" {
|
||||||
list_worker = join("\n", keys(module.kubernetes.worker_ip_addresses))
|
list_worker = join("\n", keys(module.kubernetes.worker_ip_addresses))
|
||||||
network_id = module.kubernetes.network_id
|
network_id = module.kubernetes.network_id
|
||||||
}
|
}
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "null_resource" "inventories" {
|
resource "null_resource" "inventories" {
|
||||||
provisioner "local-exec" {
|
provisioner "local-exec" {
|
||||||
command = "echo '${data.template_file.inventory.rendered}' > ${var.inventory_file}"
|
command = "echo '${local.inventory}' > ${var.inventory_file}"
|
||||||
}
|
}
|
||||||
|
|
||||||
triggers = {
|
triggers = {
|
||||||
template = data.template_file.inventory.rendered
|
template = local.inventory
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,12 +15,12 @@ resource "hcloud_ssh_key" "first" {
|
||||||
public_key = var.ssh_public_keys.0
|
public_key = var.ssh_public_keys.0
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "hcloud_server" "master" {
|
resource "hcloud_server" "machine" {
|
||||||
for_each = {
|
for_each = {
|
||||||
for name, machine in var.machines :
|
for name, machine in var.machines :
|
||||||
name => machine
|
name => machine
|
||||||
if machine.node_type == "master"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
name = "${var.prefix}-${each.key}"
|
name = "${var.prefix}-${each.key}"
|
||||||
ssh_keys = [hcloud_ssh_key.first.id]
|
ssh_keys = [hcloud_ssh_key.first.id]
|
||||||
# boot into rescue OS
|
# boot into rescue OS
|
||||||
|
@ -34,7 +34,7 @@ resource "hcloud_server" "master" {
|
||||||
timeout = "5m"
|
timeout = "5m"
|
||||||
private_key = file(var.ssh_private_key_path)
|
private_key = file(var.ssh_private_key_path)
|
||||||
}
|
}
|
||||||
firewall_ids = [hcloud_firewall.machine.id]
|
firewall_ids = each.value.node_type == "master" ? [hcloud_firewall.master.id] : [hcloud_firewall.worker.id]
|
||||||
provisioner "file" {
|
provisioner "file" {
|
||||||
content = data.ct_config.machine-ignitions[each.key].rendered
|
content = data.ct_config.machine-ignitions[each.key].rendered
|
||||||
destination = "/root/ignition.json"
|
destination = "/root/ignition.json"
|
||||||
|
@ -45,9 +45,9 @@ resource "hcloud_server" "master" {
|
||||||
"set -ex",
|
"set -ex",
|
||||||
"apt update",
|
"apt update",
|
||||||
"apt install -y gawk",
|
"apt install -y gawk",
|
||||||
"curl -fsSLO --retry-delay 1 --retry 60 --retry-connrefused --retry-max-time 60 --connect-timeout 20 https://raw.githubusercontent.com/kinvolk/init/flatcar-master/bin/flatcar-install",
|
"curl -fsSLO --retry-delay 1 --retry 60 --retry-connrefused --retry-max-time 60 --connect-timeout 20 https://raw.githubusercontent.com/flatcar/init/flatcar-master/bin/flatcar-install",
|
||||||
"chmod +x flatcar-install",
|
"chmod +x flatcar-install",
|
||||||
"./flatcar-install -s -i /root/ignition.json",
|
"./flatcar-install -s -i /root/ignition.json -C stable",
|
||||||
"shutdown -r +1",
|
"shutdown -r +1",
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
@ -56,6 +56,7 @@ resource "hcloud_server" "master" {
|
||||||
provisioner "remote-exec" {
|
provisioner "remote-exec" {
|
||||||
connection {
|
connection {
|
||||||
host = self.ipv4_address
|
host = self.ipv4_address
|
||||||
|
private_key = file(var.ssh_private_key_path)
|
||||||
timeout = "3m"
|
timeout = "3m"
|
||||||
user = var.user_flatcar
|
user = var.user_flatcar
|
||||||
}
|
}
|
||||||
|
@ -66,65 +67,11 @@ resource "hcloud_server" "master" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "hcloud_server_network" "master" {
|
resource "hcloud_server_network" "machine" {
|
||||||
for_each = hcloud_server.master
|
|
||||||
server_id = each.value.id
|
|
||||||
subnet_id = hcloud_network_subnet.kubernetes.id
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "hcloud_server" "worker" {
|
|
||||||
for_each = {
|
for_each = {
|
||||||
for name, machine in var.machines :
|
for name, machine in var.machines :
|
||||||
name => machine
|
name => hcloud_server.machine[name]
|
||||||
if machine.node_type == "worker"
|
|
||||||
}
|
}
|
||||||
name = "${var.prefix}-${each.key}"
|
|
||||||
ssh_keys = [hcloud_ssh_key.first.id]
|
|
||||||
# boot into rescue OS
|
|
||||||
rescue = "linux64"
|
|
||||||
# dummy value for the OS because Flatcar is not available
|
|
||||||
image = each.value.image
|
|
||||||
server_type = each.value.size
|
|
||||||
location = var.zone
|
|
||||||
connection {
|
|
||||||
host = self.ipv4_address
|
|
||||||
timeout = "5m"
|
|
||||||
private_key = file(var.ssh_private_key_path)
|
|
||||||
}
|
|
||||||
firewall_ids = [hcloud_firewall.machine.id]
|
|
||||||
provisioner "file" {
|
|
||||||
content = data.ct_config.machine-ignitions[each.key].rendered
|
|
||||||
destination = "/root/ignition.json"
|
|
||||||
}
|
|
||||||
|
|
||||||
provisioner "remote-exec" {
|
|
||||||
inline = [
|
|
||||||
"set -ex",
|
|
||||||
"apt update",
|
|
||||||
"apt install -y gawk",
|
|
||||||
"curl -fsSLO --retry-delay 1 --retry 60 --retry-connrefused --retry-max-time 60 --connect-timeout 20 https://raw.githubusercontent.com/kinvolk/init/flatcar-master/bin/flatcar-install",
|
|
||||||
"chmod +x flatcar-install",
|
|
||||||
"./flatcar-install -s -i /root/ignition.json",
|
|
||||||
"shutdown -r +1",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
|
|
||||||
# optional:
|
|
||||||
provisioner "remote-exec" {
|
|
||||||
connection {
|
|
||||||
host = self.ipv4_address
|
|
||||||
timeout = "3m"
|
|
||||||
user = var.user_flatcar
|
|
||||||
}
|
|
||||||
|
|
||||||
inline = [
|
|
||||||
"sudo hostnamectl set-hostname ${self.name}",
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "hcloud_server_network" "worker" {
|
|
||||||
for_each = hcloud_server.worker
|
|
||||||
server_id = each.value.id
|
server_id = each.value.id
|
||||||
subnet_id = hcloud_network_subnet.kubernetes.id
|
subnet_id = hcloud_network_subnet.kubernetes.id
|
||||||
}
|
}
|
||||||
|
@ -134,25 +81,20 @@ data "ct_config" "machine-ignitions" {
|
||||||
for name, machine in var.machines :
|
for name, machine in var.machines :
|
||||||
name => machine
|
name => machine
|
||||||
}
|
}
|
||||||
content = data.template_file.machine-configs[each.key].rendered
|
|
||||||
}
|
|
||||||
|
|
||||||
data "template_file" "machine-configs" {
|
strict = false
|
||||||
for_each = {
|
content = templatefile(
|
||||||
for name, machine in var.machines :
|
"${path.module}/templates/machine.yaml.tmpl",
|
||||||
name => machine
|
{
|
||||||
}
|
|
||||||
template = file("${path.module}/templates/machine.yaml.tmpl")
|
|
||||||
|
|
||||||
vars = {
|
|
||||||
ssh_keys = jsonencode(var.ssh_public_keys)
|
ssh_keys = jsonencode(var.ssh_public_keys)
|
||||||
user_flatcar = jsonencode(var.user_flatcar)
|
user_flatcar = var.user_flatcar
|
||||||
name = each.key
|
name = each.key
|
||||||
}
|
}
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "hcloud_firewall" "machine" {
|
resource "hcloud_firewall" "master" {
|
||||||
name = "${var.prefix}-machine-firewall"
|
name = "${var.prefix}-master-firewall"
|
||||||
|
|
||||||
rule {
|
rule {
|
||||||
direction = "in"
|
direction = "in"
|
||||||
|
|
|
@ -1,20 +1,22 @@
|
||||||
output "master_ip_addresses" {
|
output "master_ip_addresses" {
|
||||||
value = {
|
value = {
|
||||||
for key, instance in hcloud_server.master :
|
for name, machine in var.machines :
|
||||||
instance.name => {
|
name => {
|
||||||
"private_ip" = hcloud_server_network.master[key].ip
|
"private_ip" = hcloud_server_network.machine[name].ip
|
||||||
"public_ip" = hcloud_server.master[key].ipv4_address
|
"public_ip" = hcloud_server.machine[name].ipv4_address
|
||||||
}
|
}
|
||||||
|
if machine.node_type == "master"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
output "worker_ip_addresses" {
|
output "worker_ip_addresses" {
|
||||||
value = {
|
value = {
|
||||||
for key, instance in hcloud_server.worker :
|
for name, machine in var.machines :
|
||||||
instance.name => {
|
name => {
|
||||||
"private_ip" = hcloud_server_network.worker[key].ip
|
"private_ip" = hcloud_server_network.machine[name].ip
|
||||||
"public_ip" = hcloud_server.worker[key].ipv4_address
|
"public_ip" = hcloud_server.machine[name].ipv4_address
|
||||||
}
|
}
|
||||||
|
if machine.node_type == "worker"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,11 @@
|
||||||
---
|
variant: flatcar
|
||||||
|
version: 1.0.0
|
||||||
|
|
||||||
passwd:
|
passwd:
|
||||||
users:
|
users:
|
||||||
- name: ${user_flatcar}
|
- name: ${user_flatcar}
|
||||||
ssh_authorized_keys: ${ssh_keys}
|
ssh_authorized_keys: ${ssh_keys}
|
||||||
|
|
||||||
storage:
|
storage:
|
||||||
files:
|
files:
|
||||||
- path: /home/core/works
|
- path: /home/core/works
|
||||||
|
|
|
@ -5,6 +5,7 @@ terraform {
|
||||||
}
|
}
|
||||||
ct = {
|
ct = {
|
||||||
source = "poseidon/ct"
|
source = "poseidon/ct"
|
||||||
|
version = "0.11.0"
|
||||||
}
|
}
|
||||||
null = {
|
null = {
|
||||||
source = "hashicorp/null"
|
source = "hashicorp/null"
|
||||||
|
|
|
@ -2,7 +2,7 @@ terraform {
|
||||||
required_providers {
|
required_providers {
|
||||||
hcloud = {
|
hcloud = {
|
||||||
source = "hetznercloud/hcloud"
|
source = "hetznercloud/hcloud"
|
||||||
version = "1.31.1"
|
version = "1.38.2"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
required_version = ">= 0.14"
|
required_version = ">= 0.14"
|
||||||
|
|
|
@ -0,0 +1,46 @@
|
||||||
|
prefix = "default"
|
||||||
|
zone = "hel1"
|
||||||
|
network_zone = "eu-central"
|
||||||
|
inventory_file = "inventory.ini"
|
||||||
|
|
||||||
|
ssh_public_keys = [
|
||||||
|
# Put your public SSH key here
|
||||||
|
"ssh-rsa I-did-not-read-the-docs",
|
||||||
|
"ssh-rsa I-did-not-read-the-docs 2",
|
||||||
|
]
|
||||||
|
|
||||||
|
ssh_private_key_path = "~/.ssh/id_rsa"
|
||||||
|
|
||||||
|
machines = {
|
||||||
|
"master-0" : {
|
||||||
|
"node_type" : "master",
|
||||||
|
"size" : "cx21",
|
||||||
|
"image" : "ubuntu-22.04",
|
||||||
|
},
|
||||||
|
"worker-0" : {
|
||||||
|
"node_type" : "worker",
|
||||||
|
"size" : "cx21",
|
||||||
|
"image" : "ubuntu-22.04",
|
||||||
|
},
|
||||||
|
"worker-1" : {
|
||||||
|
"node_type" : "worker",
|
||||||
|
"size" : "cx21",
|
||||||
|
"image" : "ubuntu-22.04",
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
nodeport_whitelist = [
|
||||||
|
"0.0.0.0/0"
|
||||||
|
]
|
||||||
|
|
||||||
|
ingress_whitelist = [
|
||||||
|
"0.0.0.0/0"
|
||||||
|
]
|
||||||
|
|
||||||
|
ssh_whitelist = [
|
||||||
|
"0.0.0.0/0"
|
||||||
|
]
|
||||||
|
|
||||||
|
api_server_whitelist = [
|
||||||
|
"0.0.0.0/0"
|
||||||
|
]
|
|
@ -0,0 +1 @@
|
||||||
|
../../../../inventory/sample/group_vars
|
|
@ -2,14 +2,11 @@ terraform {
|
||||||
required_providers {
|
required_providers {
|
||||||
hcloud = {
|
hcloud = {
|
||||||
source = "hetznercloud/hcloud"
|
source = "hetznercloud/hcloud"
|
||||||
version = "1.31.1"
|
version = "1.38.2"
|
||||||
}
|
}
|
||||||
null = {
|
null = {
|
||||||
source = "hashicorp/null"
|
source = "hashicorp/null"
|
||||||
}
|
}
|
||||||
template = {
|
|
||||||
source = "hashicorp/template"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
required_version = ">= 0.14"
|
required_version = ">= 0.14"
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue