deploy with k3s

k3s_cluster/files/cloud-config-base.yaml

@@ -0,0 +1,5 @@
+#cloud-config
+runcmd:
+  - apt-get update
+  - apt-get install -y software-properties-common
+  - DEBIAN_FRONTEND=noninteractive apt-get upgrade -y

k3s_cluster/files/k3s-install.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+until ( \
+  curl -sfL https://get.k3s.io | \
+    INSTALL_K3S_VERSION='v${install_k3s_version}' \
+    K3S_CLUSTER_SECRET='${k3s_cluster_secret}' \
+    INSTALL_K3S_EXEC='%{ if is_k3s_server } ${k3s_tls_san} %{ endif }' \
+    %{ if !is_k3s_server } K3S_URL='https://${k3s_url}:6443'%{ endif } \
+    sh - \
+  ); do
+  echo 'k3s did not install correctly'
+  sleep 2
+done
+
+%{ if is_k3s_server }
+until kubectl get pods -A | grep 'Running';
+do
+  echo 'Waiting for k3s startup'
+  sleep 5
+done
+%{ endif }

k3s_cluster/files/k8s-apps/cert-manager-crds.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+MANIFEST_FILE=https://github.com/jetstack/cert-manager/releases/download/${version}/cert-manager.crds.yaml
+K3S_MANIFEST_FOLDER=${k3s_manifest_folder}
+
+curl -sfL $MANIFEST_FILE > $K3S_MANIFEST_FOLDER/cert-manager-crds.yml

k3s_cluster/files/k8s-apps/cert-manager.yaml

@@ -0,0 +1,39 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
+
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: cert-manager
+  namespace: kube-system
+spec:
+  chart: cert-manager
+  repo: https://charts.jetstack.io
+  version: ${version}
+  targetNamespace: cert-manager
+  set:
+    ingressShim.defaultIssuerName: "letsencrypt-prod"
+    ingressShim.defaultIssuerKind: "ClusterIssuer"
+
+---
+apiVersion: cert-manager.io/v1alpha2
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    # You must replace this email address with your own.
+    # Let's Encrypt will use this to contact you about expiring
+    # certificates, and issues related to your account.
+    email: ${email}
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      # Secret resource that will be used to store the account's private key.
+      name: letsencrypt-prod-cluster-issuer-account
+    # Add a single challenge solver, HTTP01 using nginx
+    solvers:
+      - http01:
+          ingress: {}

k3s_cluster/files/k8s-apps/hcloud-csi-driver.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+MANIFEST_FILE=https://raw.githubusercontent.com/hetznercloud/csi-driver/${version}/deploy/kubernetes/hcloud-csi.yml
+K3S_MANIFEST_FOLDER=${k3s_manifest_folder}
+
+
+curl -sfL $MANIFEST_FILE > $K3S_MANIFEST_FOLDER/hcloud-csi.yml
+
+cat <<EOF > $K3S_MANIFEST_FOLDER/hcloud-csi-token.yml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: hcloud-csi
+  namespace: kube-system
+stringData:
+  token: ${token}
+EOF

k3s_cluster/files/setup-floating-ip.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+%{ if use_netdata }
+cat >> /etc/netplan/60-floating.cfg <<- EOM
+network:
+  version: 2
+  ethernets:
+    eth0:
+      addresses:
+      - ${floating_ip}/32
+EOM
+netplan apply
+%{ else }
+cat >> /etc/network/interfaces.d/99-floating.cfg <<- EOM
+auto eth0:1
+iface eth0:1 inet static
+    address ${floating_ip}
+    netmask 255.255.255.255
+EOM
+ifdown eth0:1 ; ifup eth0:1
+%{ endif }