cloud-init template updates for kubernetes nodes

2022-12-17 19:22:47 +00:00 · 2022-12-17 19:22:47 +00:00 · 1443395084
parent 7f87798f08
commit 1443395084
4 changed files with 144 additions and 28 deletions
--- a/terraform/hcloud-kubernetes-cluster.tf
+++ b/terraform/hcloud-kubernetes-cluster.tf
@ -1,6 +1,6 @@
 resource "hcloud_network" "kube-network" {
  name     = "kube-network"
-  ip_range = "10.0.0.0/8"
+  ip_range = "10.0.0.0/16"
 }

 resource "hcloud_network_subnet" "kube-subnet" {
@ -10,22 +10,53 @@ resource "hcloud_network_subnet" "kube-subnet" {
  ip_range = "10.0.1.0/24"
 }

-# resource "hcloud_server" "server" {
-#   name        = "control-plane"
-#   server_type = "cx21"
-#   image       = "ubuntu-22.04"
-#   location    = "nbg1"
+resource "hcloud_ssh_key" "default" {
+  name       = "YubiKey"
+  public_key = file("~/.ssh/id_ed25519_sk.pub")
+}

-#   network {
-#     network_id = hcloud_network.kube-network.id
-#     ip         = "10.0.1.1"
-#   }
+resource "hcloud_server" "control-plane" {
+  count       = 0
+  name        = "control-plane"
+  server_type = "cx21"
+  image       = "ubuntu-22.04"
+  location    = "nbg1"

-#   depends_on = [
-#     hcloud_network_subnet.kube-subnet
-#   ]
+  network {
+    network_id = hcloud_network.kube-network.id
+    ip         = "10.0.1.1"
+  }

-#   user_data = templatefile("${path.module}/templates/cloud-init-tailscale.tpl", {
-# 	tailscale_key = var.tailscale_key
-#   })
-# }
+  depends_on = [
+    hcloud_network_subnet.kube-subnet
+  ]
+
+  user_data = templatefile("${path.module}/templates/tailscale-kube-control-plane.yaml.tpl", {
+	tailscale_key = var.tailscale_key
+  })
+
+  ssh_keys = [hcloud_ssh_key.default.id]
+}
+
+resource "hcloud_server" "worker-node" {
+  count       = 0
+  name        = "worker-node-${count.index+1}"
+  server_type = "cx21"
+  image       = "ubuntu-22.04"
+  location    = "nbg1"
+
+  network {
+	network_id = hcloud_network.kube-network.id
+	ip         = "10.0.1.${count.index+2}"
+  }
+
+  depends_on = [
+    hcloud_network_subnet.kube-subnet
+  ]
+
+  user_data = templatefile("${path.module}/templates/tailscale-kube-worker.yaml.tpl", {
+	tailscale_key = var.tailscale_key
+  })
+
+  ssh_keys = [hcloud_ssh_key.default.id]
+}
--- a/terraform/templates/cloud-init-tailscale.tpl
+++ b/terraform/templates/cloud-init-tailscale.tpl
@ -1,11 +0,0 @@
-#cloud-config
---
-apt:
-  sources:
-    tailscale.list:
-      source: deb https://pkgs.tailscale.com/stable/ubuntu jammy main
-      keyid: 2596A99EAAB33821893C0A79458CA832957F5868
-packages:
-  - tailscale
-runcmd:
-  - [ tailscale, up, -auth-key, ${tailscale_key}, -ssh ]
--- a/terraform/templates/tailscale-kube-control-plane.yaml.tpl
+++ b/terraform/templates/tailscale-kube-control-plane.yaml.tpl
@ -0,0 +1,48 @@
+#cloud-config
+---
+apt:
+  sources:
+    tailscale.list:
+      source: deb https://pkgs.tailscale.com/stable/ubuntu jammy main
+      keyid: 2596A99EAAB33821893C0A79458CA832957F5868
+    kubernetes.list:
+      source: deb https://apt.kubernetes.io/ kubernetes-xenial main
+      keyid: A362B822F6DEDC652817EA46B53DC80D13EDEF05
+    docker.list:
+      source: deb https://download.docker.com/linux/ubuntu jammy stable
+      keyid: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+write_files:
+  - path: /etc/sysctl.d/k8s.conf
+    content: |
+      net.bridge.bridge-nf-call-iptables  = 1
+      net.bridge.bridge-nf-call-ip6tables = 1
+      net.ipv4.ip_forward                 = 1
+  - path: /etc/modules-load.d/k8s.conf
+    content: |
+      overlay
+      br_netfilter
+  - path: /etc/containerd/config.toml
+    content: |
+      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+          SystemdCgroup = true
+      disabled_plugins = []
+  - path: /root/k8s.yaml
+    content: |
+      apiVersion: kubelet.config.k8s.io/v1beta1
+      kind: KubeletConfiguration
+      cgroupDriver: systemd
+packages:
+  - tailscale
+  - apt-transport-https
+  - ca-certificates
+  - curl
+  - kubelet
+  - kubeadm
+  - kubectl
+  - containerd.io
+runcmd:
+  - [ modprobe, overlay ]
+  - [ modprobe, br_netfilter ]
+  - [ sysctl, --system ] 
+  - [ tailscale, up, -auth-key, ${tailscale_key}, -ssh ]
+  - [ apt-mark, hold, kubelet, kubeadm, kubectl ]
--- a/terraform/templates/tailscale-kube-worker.yaml.tpl
+++ b/terraform/templates/tailscale-kube-worker.yaml.tpl
@ -0,0 +1,48 @@
+#cloud-config
+---
+apt:
+  sources:
+    tailscale.list:
+      source: deb https://pkgs.tailscale.com/stable/ubuntu jammy main
+      keyid: 2596A99EAAB33821893C0A79458CA832957F5868
+    kubernetes.list:
+      source: deb https://apt.kubernetes.io/ kubernetes-xenial main
+      keyid: A362B822F6DEDC652817EA46B53DC80D13EDEF05
+    docker.list:
+      source: deb https://download.docker.com/linux/ubuntu jammy stable
+      keyid: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+write_files:
+  - path: /etc/sysctl.d/k8s.conf
+    content: |
+      net.bridge.bridge-nf-call-iptables  = 1
+      net.bridge.bridge-nf-call-ip6tables = 1
+      net.ipv4.ip_forward                 = 1
+  - path: /etc/modules-load.d/k8s.conf
+    content: |
+      overlay
+      br_netfilter
+  - path: /etc/containerd/config.toml
+    content: |
+      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+          SystemdCgroup = true
+      disabled_plugins = []
+  - path: /root/k8s.yaml
+    content: |
+      apiVersion: kubelet.config.k8s.io/v1beta1
+      kind: KubeletConfiguration
+      cgroupDriver: systemd
+packages:
+  - tailscale
+  - apt-transport-https
+  - ca-certificates
+  - curl
+  - kubelet
+  - kubeadm
+  - kubectl
+  - containerd.io
+runcmd:
+  - [ modprobe, overlay ]
+  - [ modprobe, br_netfilter ]
+  - [ sysctl, --system ] 
+  - [ tailscale, up, -auth-key, ${tailscale_key}, -ssh ]
+  - [ apt-mark, hold, kubelet, kubeadm, kubectl ]