Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Big refactoring #348

Merged
merged 187 commits into from
Aug 18, 2024
Merged

Big refactoring #348

merged 187 commits into from
Aug 18, 2024

Conversation

vitobotta
Copy link
Owner

No description provided.

darthmaim
darthmaim reviewed Apr 17, 2024
View reviewed changes
README.md Outdated Show resolved Hide resolved
vitobotta and others added 21 commits April 17, 2024 18:40
@vitobotta
Change Crystal extension
8000e41
@vitobotta
Limit concurrency
0c9ec19
@vitobotta
Change max instances per placement group limit
8eb9d1c
@vitobotta
Print API response when server cannot be created
9355466
@vitobotta
Raise concurrency to 10
7ff530d
@vitobotta @darthmaim
Update README.md
c099511 
Co-authored-by: darthmaim <github@darthmaim.de>
@vitobotta
Merge branch 'more-refactoring' of github.com:vitobotta/hetzner-k3s i…
5cf5afa 
…nto more-refactoring
@vitobotta
Raise concurrency
5745984
@vitobotta
Cluster creation working fine
65f4c3b
@vitobotta
Cleanup
77e970a
@vitobotta
Fix DNS issue
a2a052c
@vitobotta
Fix kubelet args
5581c25
@vitobotta
Add script to delete unscheduled pods
0f3903a
@vitobotta
Use a mutex to synchronise attaching instances to the network
d150ea4
@vitobotta
Change formatting of extra args
37d2e97
@vitobotta
Do not sleep after attaching instance to netwrk
2b66d2d
@vitobotta
Replace single subnet setting with private network settings
88d10e5
@vitobotta
Handle configuration when private network is disabled
8bcb77f
@vitobotta
Refactor configuration
bf4910e
@vitobotta
Refactor configuration of manifests
09bad78
@vitobotta
Fix CNI validation
b449c05
@Sheldan
Copy link

Sheldan commented Aug 6, 2024

You had your hetzner token visible, even if you edited it now. Its still visible in the history, I would reset it now.

@vitobotta
Copy link
Owner Author

  • working config.yaml
hetzner_token: token
cluster_name: k3s
kubeconfig_path: "~/.kube/config"
k3s_version: v1.30.2+k3s2

public_ssh_key_path: "~/.ssh/id_rsa.pub"
private_ssh_key_path: "~/.ssh/id_rsa"


ssh_allowed_networks:
  - 0.0.0.0/0
api_allowed_networks:
  - 0.0.0.0/0

networking:
  ssh:
    port: 22
    use_agent: false # set to true if your key has a passphrase
    public_key_path: "~/.ssh/id_rsa.pub"
    private_key_path: "~/.ssh/id_rsa"
  allowed_networks:
    ssh:
      - 0.0.0.0/0
    api: # this will firewall port 6443 on the nodes; it will NOT firewall the API load balancer
      - 0.0.0.0/0
  public_network:
    ipv4: true
    ipv6: true
  private_network:
    enabled : true
    subnet: 10.0.0.0/16
    existing_network_name: ""
  cni:
    enabled: true
    encryption: false
    mode: flannel

schedule_workloads_on_masters: false
masters_pool:
  instance_type: cpx21
  instance_count: 1
  location: nbg1
worker_node_pools:
- name: small-static
  instance_type: cpx21
  instance_count: 1
  location: hel1
- name: small-autoscaled
  instance_type: cpx21
  instance_count: 1
  location: fsn1
  autoscaling:
    enabled: true
    min_instances: 0
    max_instances: 1

embedded_registry_mirror:
  enabled: true

datastore:
  mode: etcd # etcd (default) or external
  external_datastore_endpoint: postgresql://username:dbname@host:port/postgres
  • add ipv4 and ipv6 along with port any in your latest created k3s firewall inbound rules

Without any context whatsoever it's really hard to guess what this comment is all about. Care to elaborate?

@ajinkyajawale14499
Copy link

This worked for me...

hetzner_token: api_token
cluster_name: k3s
kubeconfig_path: "~/.kube/config"
k3s_version: v1.26.4+k3s1

public_ssh_key_path: "~/.ssh/id_rsa.pub"
private_ssh_key_path: "~/.ssh/id_rsa"


ssh_allowed_networks:
  - 0.0.0.0/0
api_allowed_networks:
  - 0.0.0.0/0

additional_packages:
- haproxy
post_create_commands: ## Downloads an HAProxy configuration file for port 80/443
- curl -o /etc/haproxy/haproxy.cfg https://gist.githubusercontent.com/laszlocph/61642778fb61e3d7c1766d31e676c0f7/raw/bf836c73ce24b07b2423251316e6f030ada6b3c9/haproxy.cfg
- service haproxy reload

schedule_workloads_on_masters: false
masters_pool:
  instance_type: cpx21
  instance_count: 1
  location: nbg1
worker_node_pools:
- name: small-static
  instance_type: cpx21
  instance_count: 1
  location: hel1
- name: small-autoscaled
  instance_type: cpx21
  instance_count: 1
  location: fsn1
  autoscaling:
    enabled: true
    min_instances: 0
    max_instances: 1

embedded_registry_mirror:
  enabled: true

datastore:
  mode: etcd # etcd (default) or external
  external_datastore_endpoint: postgresql://username:password@host:port/postgres

don't forget to add ipv4 and ipv6 under rules along with port any for your latest created k3s firewall

@vitobotta
Copy link
Owner Author

This worked for me...

hetzner_token: api_token
cluster_name: k3s
kubeconfig_path: "~/.kube/config"
k3s_version: v1.26.4+k3s1

public_ssh_key_path: "~/.ssh/id_rsa.pub"
private_ssh_key_path: "~/.ssh/id_rsa"


ssh_allowed_networks:
  - 0.0.0.0/0
api_allowed_networks:
  - 0.0.0.0/0

additional_packages:
- haproxy
post_create_commands: ## Downloads an HAProxy configuration file for port 80/443
- curl -o /etc/haproxy/haproxy.cfg https://gist.githubusercontent.com/laszlocph/61642778fb61e3d7c1766d31e676c0f7/raw/bf836c73ce24b07b2423251316e6f030ada6b3c9/haproxy.cfg
- service haproxy reload

schedule_workloads_on_masters: false
masters_pool:
  instance_type: cpx21
  instance_count: 1
  location: nbg1
worker_node_pools:
- name: small-static
  instance_type: cpx21
  instance_count: 1
  location: hel1
- name: small-autoscaled
  instance_type: cpx21
  instance_count: 1
  location: fsn1
  autoscaling:
    enabled: true
    min_instances: 0
    max_instances: 1

embedded_registry_mirror:
  enabled: true

datastore:
  mode: etcd # etcd (default) or external
  external_datastore_endpoint: postgresql://username:password@host:port/postgres

don't forget to add ipv4 and ipv6 under rules along with port any for your latest created k3s firewall

This is a PR about the upcoming v2 of the tool, please see the discussion at #385 for details on some changes that you need to make to the configuration to make it compatible with the new version. Also please open an issue (rather than commenting in this PR) if you run into a problem with the new version. Thanks!

Gunther Klessinger and others added 20 commits August 7, 2024 14:14
fix: solve timeout when api server hostname is given
b867654 
docs say # api_server_hostname: k8s.example.com # optional: DNS for the k8s API LoadBalancer. After the script has run, create a DNS record with the address of the API LoadBalancer.

And indeed, the user can't do this BEFORE running the script, not knowing the IP of the API LB created.

But since we set that hostname into the kubeconfig, when we do save_kubeconfig(master_count) and in the next command do kubectl cluster-info, this can't work - since at that time the DNS is not configured to point to that api loadbalancer.

My suggested fix is to set the IP of the LB into the kubeconfig. Then all will work and the user can, at his pace, configure his DNS to point to the api lb for that hostname - and only then adapt the kubeconfig, if wanted. SSL will work since we configure tls-sans for that hostname anyway.
But kubeconfig, we can't do this for the user, having no control over if and when he configures his DNS.

`
@jpetazzo
Fix SSH when using non-default port + add test harness
cfd3673 
Since Ubuntu 22.10, SSH uses socket activation. This means that the
SSH server isn't running by default, and gets started automatically
the first time there is a connection on port 22.

Upside: it saves 3 MB of RAM.

Downside: if you're customizing the SSH port number with a drop-in
configuration file at cloud-init time, it breaks SSH. SSH then needs
to be restarted (or the machine needs to be rebooted) for the port
number to be picked up by the systemd generator. The net result for
hetzner-k3s is that if we use a non-default SSH port, provisioning
breaks.

This manifests itself by the following log message:

  systemd[1]: ssh.socket: Socket unit configuration has changed while
  unit has been running, no open socket file descriptor left. The
  socket unit is not functional until restarted.

One possible fix is to disable socket activation and revert to the
default mode (start SSH at boot). This can be done by disabling
ssh.socket and enabling ssh.service.

This patch does exactly that, adding the corresponding commands to
the cloud-init template. This has been tested with Ubuntu 24.04
and 22.04 as well.

The following link has more details on the Ubuntu change:

https://discourse.ubuntu.com/t/sshd-now-uses-socket-based-activation-ubuntu-22-10-and-later/30189/14

This patch also adds a test harness to automatically create a
bunch of clusters with different configurations and verify that
they work correctly. It was helpful to confirm that this patch
worked correctly with all the distros available on Hetzner; or
rather, that the only ones that didn't work (alma-8, centos-8...)
weren't working in the first place anyway.
@vitobotta
Attach instance to network automatically
b8b721e
@vitobotta
Merge pull request #391 from jpetazzo/fix-ssh-port-customization
ae4230c 
Fix SSH when using non-default port
@vitobotta
Merge pull request #407 from axiros/api-server
b02f9d7 
fix: solve timeout when api server hostname is given
@vitobotta
Restore change removed by mistake
7f1442a
@vitobotta
Fix handling of custom SSH port when openssh server is configured for…
60e1126 
… socket activation
@vitobotta
Improve handling of the script to wait for cloud init to finish
b000a04
@vitobotta
Improve log message to tell user to delete autoscaled nodes if firewa…
d0cd104 
…ll is blocked for deletion
@vitobotta
Attach instance to network if it doesn't happen automatically as expe…
a1e0fff 
…cted
@vitobotta
WIP
6fa526b
@vitobotta
User multiple contexts instead of load balancer
7eade3c
@vitobotta
Upgrade CSI
e3d5e44
@vitobotta
Update CSI manifest url
37f2016
@vitobotta
Automatically delete autoscaled nodes
0007caf
@vitobotta
Update version
6e4fcc6
@vitobotta
Update log message
173f4d1
@vitobotta
Update version in docs
cc03f6a
@vitobotta
Update version in docs
674cc9f
@vitobotta
Update README
b822ad8
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Aug 18, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@vitobotta vitobotta merged commit 97cb521 into main Aug 18, 2024
5 checks passed
@vitobotta vitobotta deleted the more-refactoring branch August 18, 2024 19:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@darthmaim darthmaim darthmaim left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@vitobotta @jpetazzo @psavva @Sheldan @ajinkyajawale14499 @darthmaim