docs(CHANGELOG.md): change versions and how changes are versioned

CHANGELOG.md

@@ -1,14 +1,69 @@
-# CHANGELOG
+# Changelog
 
-## Enable automatic updates on control plane / 2024-11-14
+## [0.5.1] - 2024-11-23
 
-See [os/automated-upgrades](/docs/os/automated-upgrades.md).
+### Removed
 
-## Update Kubernetes to v1.30.4 / 2024-08-30
+- Remove old node pool
+- Clean up DNS records for machines
+
+## [0.5.0] - 2024-11-23
+
+### Added
+
+- Add node pool module
+- Add new node pool using the new module
+  - Using Intel-based instead of ARM-based CPUs
+
+## [0.4.1] - 2024-11-23
+
+### Changed
+
+- Use standalone resource for control plane primary IP
+
+## [0.4.0] - 2024-11-20
+
+### Added
+
+- Added Cilium as CNI
+  - with kube-proxy replacement mode enabled
+
+### Changed
+
+- Disable vanilla Kubernetes network policy
+- Change node IP to Hetzner Cloud Network IPs (private)
+- Add node external IP - VM public IPv4
+
+### Removed
+
+- Disabled kube-proxy
+- Disabled flannel CNI
+
+
+## [0.3.0] - 2024-11-15
+
+### Added
+
+- Enable automatic updates on all worker nodes
+  See [os/automated-upgrades](/docs/os/automated-upgrades.md).
+
+
+## [0.2.0] - 2024-11-14
+
+### Added
+
+- Enable automatic updates on control plane
+  See [os/automated-upgrades](/docs/os/automated-upgrades.md).
+
+## [0.1.1] - 2024-08-30
+
+### Changed
 
 - Upgrade the cluster to Kubernetes (k3s) version v1.30 (`v1.30.4`)
 
-## Update Kubernetes to v1.29.8 / 2024-08-30
+## [0.1.0] - 2024-08-30
+
+### Changed
 
 - Upgrade the cluster to Kubernetes (k3s) version v1.29 (`v1.29.8`)
 - Upgrade the node OS (Rocky Linux 9, `dnf update -y`)

dns.tf

@@ -30,16 +30,6 @@ resource "cloudflare_record" "cthulhu_control_plane" {
   proxied = false
 }
 
-resource "cloudflare_record" "cthulhu_control_plane_ipv6" {
-  count = length(hcloud_server.cthulhu_control_plane)
-
-  zone_id = data.cloudflare_zone.vxm_cz.id
-  name    = "control-plane-${count.index}.cthulhu.k8s"
-  value   = hcloud_server.cthulhu_control_plane[count.index].ipv6_address
-  type    = "AAAA"
-  proxied = false
-}
-
 resource "cloudflare_record" "cthulhu_kubeapi_singlenode" {
   count = length(hcloud_server.cthulhu_control_plane) == 1 ? 1 : 0
 
@@ -50,40 +40,10 @@ resource "cloudflare_record" "cthulhu_kubeapi_singlenode" {
   proxied = false
 }
 
-resource "cloudflare_record" "cthulhu_kubeapi_singlenode_ipv6" {
-  count = length(hcloud_server.cthulhu_control_plane) == 1 ? 1 : 0
-
-  zone_id = data.cloudflare_zone.vxm_cz.id
-  name    = "api.cthulhu.k8s"
-  value   = hcloud_server.cthulhu_control_plane[0].ipv6_address
-  type    = "AAAA"
-  proxied = false
-}
-
-resource "cloudflare_record" "cthulhu_workers" {
-  count = length(hcloud_server.cthulhu_workers)
-
-  zone_id = data.cloudflare_zone.vxm_cz.id
-  name    = "worker-${random_string.workers_suffix.result}-${count.index}.cthulhu.k8s"
-  value   = hcloud_server.cthulhu_workers[count.index].ipv4_address
-  type    = "A"
-  proxied = false
-}
-
-resource "cloudflare_record" "cthulhu_workers_ipv6" {
-  count = length(hcloud_server.cthulhu_workers)
-
-  zone_id = data.cloudflare_zone.vxm_cz.id
-  name    = "worker-${random_string.workers_suffix.result}-${count.index}.cthulhu.k8s"
-  value   = hcloud_server.cthulhu_workers[count.index].ipv6_address
-  type    = "AAAA"
-  proxied = false
-}
-
 resource "cloudflare_record" "cthulhu_wildcard" {
   zone_id = data.cloudflare_zone.vxm_cz.id
   name    = "*.cthulhu.k8s"
   value   = cloudflare_record.ingress_cthulhu_k8s_vxm_cz.hostname
   type    = "CNAME"
   proxied = false
-}
+}

loadbalancer.tf

@@ -3,8 +3,8 @@ resource "hcloud_load_balancer" "ingress" {
   load_balancer_type = "lb11"
   location           = "fsn1"
   labels = {
-    "env"                     = "production"
-    "k8s.cluster.name"        = "cthulhu"
+    "env"              = "production"
+    "k8s.cluster.name" = "cthulhu"
   }
 }
 
@@ -29,11 +29,13 @@ resource "hcloud_load_balancer_service" "ingress_workers_tcp_80" {
     protocol = "http"
     port     = 32080
     interval = 5
-    timeout = 3
-    retries = 1
+    timeout  = 3
+    retries  = 1
 
     http {
       path = "/healthz"
+
+      status_codes = ["2??", "3??"]
     }
   }
 }
@@ -49,11 +51,13 @@ resource "hcloud_load_balancer_service" "ingress_workers_tcp_443" {
     protocol = "http"
     port     = 32080
     interval = 5
-    timeout = 3
-    retries = 1
+    timeout  = 3
+    retries  = 1
 
     http {
       path = "/healthz"
+
+      status_codes = ["2??", "3??"]
     }
   }
 }

machines.tf

@@ -1,5 +1,21 @@
+locals {
+  control_plane_nodes = 1
+}
+
+# 58639934
+resource "hcloud_primary_ip" "cthulhu_control_plane" {
+  count = local.control_plane_nodes
+
+  name              = "control-plane-${count.index}"
+  type              = "ipv4"
+  assignee_type     = "server"
+  assignee_id       = hcloud_server.cthulhu_control_plane[count.index].id
+  auto_delete       = false
+  delete_protection = true
+}
+
 resource "hcloud_server" "cthulhu_control_plane" {
-  count = 1
+  count = local.control_plane_nodes
 
   name        = "control-plane-${count.index}"
   image       = "rocky-9"
@@ -26,7 +42,7 @@ resource "hcloud_server" "cthulhu_control_plane" {
 
   public_net {
     ipv4_enabled = true
-    ipv6_enabled = true
+    ipv6_enabled = false
   }
 
   network {
@@ -35,46 +51,19 @@ resource "hcloud_server" "cthulhu_control_plane" {
   }
 }
 
-resource "random_string" "workers_suffix" {
-  length  = 4
-  special = false
-  upper   = false
-}
+module "workers_v2" {
+  source = "./modules/node-pool/v1"
 
-resource "hcloud_server" "cthulhu_workers" {
-  count = 3
+  network_id         = hcloud_network.cthulhu.id
+  placement_group_id = hcloud_placement_group.cthulhu_workers.id
+  ssh_key_ids        = [data.hcloud_ssh_key.vojtechmares.id]
 
-  name        = "worker-${random_string.workers_suffix.result}-${count.index}"
+  size        = 3
+  server_type = "cx32"
   image       = "rocky-9"
-  server_type = "cax21"
   location    = "fsn1"
 
-  backups                  = false
-  shutdown_before_deletion = true
+  subnet_cidr = "172.16.11.0/24"
 
-  placement_group_id = hcloud_placement_group.cthulhu_workers.id
-
-  # firewall_ids = [
-  #   hcloud_firewall.cthulhu_nodes_public.id,
-  #   hcloud_firewall.cthulhu_nodes_private.id,
-  # ]
-
-  ssh_keys = [data.hcloud_ssh_key.vojtechmares.id]
-
-  labels = {
-    "k8s.node.role"    = "worker"
-    "k8s.node.name"    = "worker-${random_string.workers_suffix.result}-${count.index}"
-    "k8s.cluster.name" = "cthulhu"
-    "k8s.node.pool"    = random_string.workers_suffix.result
-  }
-
-  public_net {
-    ipv4_enabled = true
-    ipv6_enabled = true
-  }
-
-  network {
-    network_id = hcloud_network.cthulhu.id
-    ip         = cidrhost(hcloud_network_subnet.workers.ip_range, count.index + 1)
-  }
+  cluster_name = "cthulhu"
 }

modules/node-pool/v1/main.tf

@@ -0,0 +1,45 @@
+resource "random_string" "suffix" {
+  length  = 4
+  special = false
+  upper   = false
+}
+
+resource "hcloud_network_subnet" "pool" {
+  network_id   = var.network_id
+  type         = "cloud"
+  network_zone = "eu-central"
+  ip_range     = var.subnet_cidr
+}
+
+resource "hcloud_server" "pool" {
+  count = var.size
+
+  name        = "pool-${random_string.suffix.result}-${count.index + 1}"
+  image       = var.image
+  server_type = var.server_type
+  location    = var.location
+
+  backups                  = false
+  shutdown_before_deletion = true
+
+  placement_group_id = var.placement_group_id
+
+  ssh_keys = var.ssh_key_ids
+
+  labels = {
+    "k8s.node.role"    = "worker"
+    "k8s.node.name"    = "pool-${random_string.suffix.result}-${count.index}"
+    "k8s.cluster.name" = var.cluster_name
+    "k8s.node.pool"    = random_string.suffix.result
+  }
+
+  public_net {
+    ipv4_enabled = true
+    ipv6_enabled = false
+  }
+
+  network {
+    network_id = var.network_id
+    ip         = cidrhost(hcloud_network_subnet.pool.ip_range, count.index + 1)
+  }
+}

modules/node-pool/v1/variables.tf

@@ -0,0 +1,40 @@
+variable "network_id" {
+  type = string
+}
+
+variable "placement_group_id" {
+  type = string
+}
+
+variable "size" {
+  type = number
+}
+
+variable "server_type" {
+  type = string
+}
+
+variable "location" {
+  type = string
+}
+
+variable "image" {
+  type = string
+}
+
+variable "cluster_name" {
+  type = string
+}
+
+variable "ssh_key_ids" {
+  type = list(string)
+}
+
+variable "subnet_cidr" {
+  type = string
+}
+
+variable "primary_ip_auto_delete" {
+  type    = bool
+  default = true
+}

modules/node-pool/v1/versions.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    hcloud = {
+      source  = "hetznercloud/hcloud"
+      version = ">=1.47.0, <2.0.0"
+    }
+  }
+}

variables.auto.tfvars

@@ -1,4 +1,4 @@
 cloudflare_api_key = "9e19ed1d8baf979e7a4eda5c99ac38d59db38"
-cloudflare_email   = "iam@vojtechmares.com"
+cloudflare_email   = "vojtech@mares.cz"
 
 hcloud_token = "KDwuUtV0gGqdY19HJ718eOBThVJClFLbKyPh2oCQIcORMCnkSwFtgv2KzesEAtBY"

versions.tf

@@ -10,7 +10,7 @@ terraform {
       version = ">=1.47.0"
     }
   }
-  required_version = "~> 1.7.0"
+  required_version = ">= 1.7.0"
 }
 
 provider "cloudflare" {