apricote/home-cloud
1
0
Fork 0
mirror of https://github.com/apricote/home-cloud.git synced 2026-01-13 21:11:02 +00:00
Code Issues Projects Releases Packages Wiki Activity

chore: remove shut-down cluster manifests

Browse source
This commit is contained in:
Julian Tölle 2022-12-17 16:44:49 +01:00
parent bafd0778d2
commit ad3ba9d059
15 changed files with 0 additions and 496 deletions
Download patch file Download diff file Expand all files Collapse all files

66
k3s_cluster/cloud_init.tf
View file

@ -1,66 +0,0 @@
locals {
install_k3s_version = var.install_k3s_version
k3s_storage_endpoint = "sqlite"
k3s_cluster_secret = var.k3s_cluster_secret != null ? var.k3s_cluster_secret : random_password.k3s_cluster_secret.result
k3s_tls_san = "--tls-san ${var.domain}"
floating_ip_use_netdata = var.server_image == "ubuntu-20.04"
}
resource "random_password" "k3s_cluster_secret" {
length = 30
special = false
}
data "template_cloudinit_config" "k3s_server" {
gzip = false
base64_encode = false
# Main cloud-config configuration file.
part {
filename = "init.cfg"
content_type = "text/cloud-config"
content = templatefile("${path.module}/files/cloud-config-base.yaml", {})
}
part {
content_type = "text/x-shellscript"
content = templatefile("${path.module}/files/setup-floating-ip.sh", {
floating_ip = hcloud_floating_ip.server.ip_address,
use_netdata = local.floating_ip_use_netdata
})
}
part {
content_type = "text/x-shellscript"
content = templatefile("${path.module}/files/k3s-install.sh", {
is_k3s_server = true,
install_k3s_version = local.install_k3s_version,
k3s_cluster_secret = local.k3s_cluster_secret,
k3s_url = hcloud_floating_ip.server.ip_address,
k3s_tls_san = local.k3s_tls_san,
})
}
}
data "template_cloudinit_config" "k3s_agent" {
gzip = false
base64_encode = false
# Main cloud-config configuration file.
part {
filename = "init.cfg"
content_type = "text/cloud-config"
content = templatefile("${path.module}/files/cloud-config-base.yaml", {})
}
part {
content_type = "text/x-shellscript"
content = templatefile("${path.module}/files/k3s-install.sh", {
is_k3s_server = false,
install_k3s_version = local.install_k3s_version,
k3s_cluster_secret = local.k3s_cluster_secret,
k3s_url = hcloud_floating_ip.server.ip_address,
k3s_tls_san = local.k3s_tls_san,
})
}
}

5
k3s_cluster/files/cloud-config-base.yaml
View file

@ -1,5 +0,0 @@
#cloud-config
runcmd:
- apt-get update
- apt-get install -y software-properties-common
- DEBIAN_FRONTEND=noninteractive apt-get upgrade -y

21
k3s_cluster/files/k3s-install.sh
View file

@ -1,21 +0,0 @@
#!/bin/bash
until ( \
curl -sfL https://get.k3s.io | \
INSTALL_K3S_VERSION='v${install_k3s_version}' \
K3S_CLUSTER_SECRET='${k3s_cluster_secret}' \
INSTALL_K3S_EXEC='%{ if is_k3s_server } ${k3s_tls_san} %{ endif }' \
%{ if !is_k3s_server } K3S_URL='https://${k3s_url}:6443'%{ endif } \
sh - \
); do
echo 'k3s did not install correctly'
sleep 2
done
%{ if is_k3s_server }
until kubectl get pods -A | grep 'Running';
do
echo 'Waiting for k3s startup'
sleep 5
done
%{ endif }

5
k3s_cluster/files/k8s-apps/cert-manager-crds.sh
View file

@ -1,5 +0,0 @@
#!/bin/bash
MANIFEST_FILE=https://github.com/jetstack/cert-manager/releases/download/${version}/cert-manager.crds.yaml
K3S_MANIFEST_FOLDER=${k3s_manifest_folder}
curl -sfL $MANIFEST_FILE > $K3S_MANIFEST_FOLDER/cert-manager-crds.yml

39
k3s_cluster/files/k8s-apps/cert-manager.yaml
View file

@ -1,39 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: cert-manager
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: cert-manager
namespace: kube-system
spec:
chart: cert-manager
repo: https://charts.jetstack.io
version: ${version}
targetNamespace: cert-manager
set:
ingressShim.defaultIssuerName: "letsencrypt-prod"
ingressShim.defaultIssuerKind: "ClusterIssuer"
---
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
# You must replace this email address with your own.
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: ${email}
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Secret resource that will be used to store the account's private key.
name: letsencrypt-prod-cluster-issuer-account
# Add a single challenge solver, HTTP01 using nginx
solvers:
- http01:
ingress: {}

18
k3s_cluster/files/k8s-apps/flux.yaml
View file

@ -1,18 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: flux
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: flux
namespace: flux
spec:
chart: flux
repo: https://charts.fluxcd.io
version: ${version}
targetNamespace: flux
set:
git.url: ${git_url}

16
k3s_cluster/files/k8s-apps/hcloud-csi-driver.sh
View file

@ -1,16 +0,0 @@
#!/bin/bash
MANIFEST_FILE=https://raw.githubusercontent.com/hetznercloud/csi-driver/${version}/deploy/kubernetes/hcloud-csi.yml
K3S_MANIFEST_FOLDER=${k3s_manifest_folder}
curl -sfL $MANIFEST_FILE > $K3S_MANIFEST_FOLDER/hcloud-csi.yml
cat <<EOF > $K3S_MANIFEST_FOLDER/hcloud-csi-token.yml
apiVersion: v1
kind: Secret
metadata:
name: hcloud-csi
namespace: kube-system
stringData:
token: ${token}
EOF

5
k3s_cluster/files/k8s-apps/helm-operator-crds.sh
View file

@ -1,5 +0,0 @@
#!/bin/bash
MANIFEST_FILE=https://raw.githubusercontent.com/fluxcd/helm-operator/${version}/deploy/crds.yaml
K3S_MANIFEST_FOLDER=${k3s_manifest_folder}
curl -sfL $MANIFEST_FILE > $K3S_MANIFEST_FOLDER/helm-operator-crds.yml

13
k3s_cluster/files/k8s-apps/helm-operator.yaml
View file

@ -1,13 +0,0 @@
---
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: helm-operator
namespace: kube-system
spec:
chart: helm-operator
repo: https://charts.fluxcd.io
version: ${version}
targetNamespace: flux
set:
helm.versions: v3

20
k3s_cluster/files/setup-floating-ip.sh
View file

@ -1,20 +0,0 @@
#!/bin/bash
%{ if use_netdata }
cat >> /etc/netplan/60-floating.cfg <<- EOM
network:
version: 2
ethernets:
eth0:
addresses:
- ${floating_ip}/32
EOM
netplan apply
%{ else }
cat >> /etc/network/interfaces.d/99-floating.cfg <<- EOM
auto eth0:1
iface eth0:1 inet static
address ${floating_ip}
netmask 255.255.255.255
EOM
ifdown eth0:1 ; ifup eth0:1
%{ endif }

83
k3s_cluster/k3s.tf
View file

@ -1,83 +0,0 @@
locals {
k3s_manifest_folder = "/var/lib/rancher/k3s/server/manifests"
manifest_hcloud_csi_driver = templatefile("${path.module}/files/k8s-apps/hcloud-csi-driver.sh", {
version = var.hcloud_csi_driver_version
token = var.hcloud_csi_driver_token
k3s_manifest_folder = local.k3s_manifest_folder
})
manifest_cert_manager_crds = templatefile("${path.module}/files/k8s-apps/cert-manager-crds.sh", {
version = var.cert_manager_version
k3s_manifest_folder = local.k3s_manifest_folder
})
manifest_cert_manager = templatefile("${path.module}/files/k8s-apps/cert-manager.yaml", {
version = var.cert_manager_version
email = var.letsencrypt_email
})
manifest_flux = templatefile("${path.module}/files/k8s-apps/flux.yaml", {
version = var.flux_version
git_url = var.flux_git_url
})
manifest_helm_operator_crds = templatefile("${path.module}/files/k8s-apps/helm-operator-crds.sh", {
version = var.helm_operator_version
k3s_manifest_folder = local.k3s_manifest_folder
})
manifest_helm_operator = templatefile("${path.module}/files/k8s-apps/helm-operator.yaml", {
version = var.helm_operator_version
})
}
resource "null_resource" "install_manifests" {
triggers = {
server_id = hcloud_server.server.id
# File hashes to trigger on update
hcloud_csi_driver = sha256(local.manifest_hcloud_csi_driver)
cert_manager_crds = sha256(local.manifest_cert_manager_crds)
cert_manager = sha256(local.manifest_cert_manager)
flux = sha256(local.manifest_flux)
helm_operator_crds = sha256(local.manifest_helm_operator_crds)
helm_operator = sha256(local.manifest_helm_operator)
}
connection {
type = "ssh"
host = hcloud_server.server.ipv4_address
private_key = var.ssh_keys[0]
}
provisioner "remote-exec" {
inline = [local.manifest_hcloud_csi_driver]
}
provisioner "remote-exec" {
inline = [local.manifest_cert_manager_crds]
}
provisioner "remote-exec" {
inline = [local.manifest_helm_operator_crds]
}
provisioner "file" {
content = local.manifest_cert_manager
destination = "${local.k3s_manifest_folder}/cert-manager.yaml"
}
provisioner "file" {
content = local.manifest_flux
destination = "${local.k3s_manifest_folder}/flux.yaml"
}
provisioner "file" {
content = local.manifest_helm_operator
destination = "${local.k3s_manifest_folder}/helm-operator.yaml"
}
}

93
k3s_cluster/main.tf
View file

@ -1,93 +0,0 @@
data tls_public_key default {
count = length(var.ssh_keys)
private_key_pem = var.ssh_keys[count.index]
}
resource hcloud_ssh_key default {
count = length(var.ssh_keys)
name = "${var.name}-${count.index}"
public_key = data.tls_public_key.default[count.index].public_key_openssh
}
resource hcloud_floating_ip server {
name = "${var.name}-server"
home_location = var.server_location
description = "Persistent IP for K3s Server. Used in Domain and for Ingress."
type = "ipv4"
}
resource hcloud_rdns server {
floating_ip_id = hcloud_floating_ip.server.id
ip_address = hcloud_floating_ip.server.ip_address
dns_ptr = var.domain
}
resource hcloud_floating_ip_assignment server {
floating_ip_id = hcloud_floating_ip.server.id
server_id = hcloud_server.server.id
}
resource hcloud_server server {
name = "${var.name}-server"
image = var.server_image
server_type = var.control_server_type
location = var.server_location
ssh_keys = hcloud_ssh_key.default.*.id
connection {
type = "ssh"
host = self.ipv4_address
private_key = var.ssh_keys[0]
}
user_data = data.template_cloudinit_config.k3s_server.rendered
provisioner "remote-exec" {
inline = [
"cloud-init status --wait",
]
}
}
resource "random_id" "agent" {
count = var.compute_count
keepers = {
image = var.server_image
server_type = var.control_server_type
user_data = sha256(data.template_cloudinit_config.k3s_agent.rendered)
}
byte_length = 3
}
resource hcloud_server agent {
count = var.compute_count
name = "${var.name}-agent-${random_id.agent[count.index].hex}"
image = random_id.agent[count.index].keepers.image
server_type = random_id.agent[count.index].keepers.server_type
location = var.server_location
ssh_keys = hcloud_ssh_key.default.*.id
connection {
type = "ssh"
host = self.ipv4_address
private_key = var.ssh_keys[0]
}
user_data = data.template_cloudinit_config.k3s_agent.rendered
provisioner "remote-exec" {
inline = [
"cloud-init status --wait",
]
}
}

3
k3s_cluster/output.tf
View file

@ -1,3 +0,0 @@
output server_public_ip {
value = hcloud_floating_ip.server.ip_address
}

87
k3s_cluster/variables.tf
View file

@ -1,87 +0,0 @@
variable name {
type = string
}
variable server_image {
type = string
# With ubuntu-20.04 k3s crashes on start (v1.17.4+k3s1)
default = "ubuntu-18.04"
}
variable server_location {
type = string
}
variable control_server_type {
type = string
default = "cx11"
}
variable compute_server_type {
type = string
default = "cx21"
}
variable compute_count {
type = number
default = 1
}
variable domain {
type = string
}
variable letsencrypt_email {
type = string
default = "none@none.com"
description = "LetsEncrypt email address to use"
}
variable ssh_keys {
type = list(string)
default = []
sensitive = true
}
variable install_k3s_version {
type = string
default = "1.17.4+k3s1"
}
variable k3s_cluster_secret {
type = string
default = null
sensitive = true
}
variable hcloud_csi_driver_version {
type = string
default = "v1.3.0"
}
variable hcloud_csi_driver_token {
type = string
sensitive = true
}
variable cert_manager_version {
type = string
default = "v0.15.0"
}
variable flux_version {
type = string
default = "v1.3.0"
}
variable flux_git_url {
type = string
}
variable helm_operator_version {
type = string
default = "v1.0.1"
}

22
k3s_cluster/versions.tf
View file

@ -1,22 +0,0 @@
terraform {
required_version = ">= 1.0"
required_providers {
hcloud = {
source = "hetznercloud/hcloud"
}
tls = {
source = "hashicorp/tls"
}
template = {
source = "hashicorp/template"
}
random = {
source = "hashicorp/random"
}
null = {
source = "hashicorp/null"
}
}
}