freezer/mareshq-cthulhunetes-infrastructure-v2
Archived
1
0
Fork 0
Code Activity

Compare commits

base: freezer:c5c5ab6cf2abcbc032803ab9663088501b892707
Branches Tags
freezer:main
..
compare: freezer:f73fdc5d1cd11aaf0e9506b1a03813082c6bd043
Branches Tags
freezer:main

No commits in common. "c5c5ab6cf2abcbc032803ab9663088501b892707" and "f73fdc5d1cd11aaf0e9506b1a03813082c6bd043" have entirely different histories.
c5c5ab6cf2 ... f73fdc5d1c

9 changed files with 92 additions and 193 deletions
Download patch file Download diff file Expand all files Collapse all files

65
CHANGELOG.md
View file

@ -1,69 +1,14 @@
# Changelog # CHANGELOG
## [0.5.1] - 2024-11-23 ## Enable automatic updates on control plane / 2024-11-14
### Removed See [os/automated-upgrades](/docs/os/automated-upgrades.md).
- Remove old node pool ## Update Kubernetes to v1.30.4 / 2024-08-30
- Clean up DNS records for machines
## [0.5.0] - 2024-11-23
### Added
- Add node pool module
- Add new node pool using the new module
- Using Intel-based instead of ARM-based CPUs
## [0.4.1] - 2024-11-23
### Changed
- Use standalone resource for control plane primary IP
## [0.4.0] - 2024-11-20
### Added
- Added Cilium as CNI
- with kube-proxy replacement mode enabled
### Changed
- Disable vanilla Kubernetes network policy
- Change node IP to Hetzner Cloud Network IPs (private)
- Add node external IP - VM public IPv4
### Removed
- Disabled kube-proxy
- Disabled flannel CNI
## [0.3.0] - 2024-11-15
### Added
- Enable automatic updates on all worker nodes
See [os/automated-upgrades](/docs/os/automated-upgrades.md).
## [0.2.0] - 2024-11-14
### Added
- Enable automatic updates on control plane
See [os/automated-upgrades](/docs/os/automated-upgrades.md).
## [0.1.1] - 2024-08-30
### Changed
- Upgrade the cluster to Kubernetes (k3s) version v1.30 (`v1.30.4`) - Upgrade the cluster to Kubernetes (k3s) version v1.30 (`v1.30.4`)
## [0.1.0] - 2024-08-30 ## Update Kubernetes to v1.29.8 / 2024-08-30
### Changed
- Upgrade the cluster to Kubernetes (k3s) version v1.29 (`v1.29.8`) - Upgrade the cluster to Kubernetes (k3s) version v1.29 (`v1.29.8`)
- Upgrade the node OS (Rocky Linux 9, `dnf update -y`) - Upgrade the node OS (Rocky Linux 9, `dnf update -y`)

42
dns.tf
View file

@ -30,6 +30,16 @@ resource "cloudflare_record" "cthulhu_control_plane" {
proxied = false proxied = false
} }
resource "cloudflare_record" "cthulhu_control_plane_ipv6" {
count = length(hcloud_server.cthulhu_control_plane)
zone_id = data.cloudflare_zone.vxm_cz.id
name = "control-plane-${count.index}.cthulhu.k8s"
value = hcloud_server.cthulhu_control_plane[count.index].ipv6_address
type = "AAAA"
proxied = false
}
resource "cloudflare_record" "cthulhu_kubeapi_singlenode" { resource "cloudflare_record" "cthulhu_kubeapi_singlenode" {
count = length(hcloud_server.cthulhu_control_plane) == 1 ? 1 : 0 count = length(hcloud_server.cthulhu_control_plane) == 1 ? 1 : 0
@ -40,10 +50,40 @@ resource "cloudflare_record" "cthulhu_kubeapi_singlenode" {
proxied = false proxied = false
} }
resource "cloudflare_record" "cthulhu_kubeapi_singlenode_ipv6" {
count = length(hcloud_server.cthulhu_control_plane) == 1 ? 1 : 0
zone_id = data.cloudflare_zone.vxm_cz.id
name = "api.cthulhu.k8s"
value = hcloud_server.cthulhu_control_plane[0].ipv6_address
type = "AAAA"
proxied = false
}
resource "cloudflare_record" "cthulhu_workers" {
count = length(hcloud_server.cthulhu_workers)
zone_id = data.cloudflare_zone.vxm_cz.id
name = "worker-${random_string.workers_suffix.result}-${count.index}.cthulhu.k8s"
value = hcloud_server.cthulhu_workers[count.index].ipv4_address
type = "A"
proxied = false
}
resource "cloudflare_record" "cthulhu_workers_ipv6" {
count = length(hcloud_server.cthulhu_workers)
zone_id = data.cloudflare_zone.vxm_cz.id
name = "worker-${random_string.workers_suffix.result}-${count.index}.cthulhu.k8s"
value = hcloud_server.cthulhu_workers[count.index].ipv6_address
type = "AAAA"
proxied = false
}
resource "cloudflare_record" "cthulhu_wildcard" { resource "cloudflare_record" "cthulhu_wildcard" {
zone_id = data.cloudflare_zone.vxm_cz.id zone_id = data.cloudflare_zone.vxm_cz.id
name = "*.cthulhu.k8s" name = "*.cthulhu.k8s"
value = cloudflare_record.ingress_cthulhu_k8s_vxm_cz.hostname value = cloudflare_record.ingress_cthulhu_k8s_vxm_cz.hostname
type = "CNAME" type = "CNAME"
proxied = false proxied = false
} }

16
loadbalancer.tf
View file

@ -3,8 +3,8 @@ resource "hcloud_load_balancer" "ingress" {
load_balancer_type = "lb11" load_balancer_type = "lb11"
location = "fsn1" location = "fsn1"
labels = { labels = {
"env" = "production" "env" = "production"
"k8s.cluster.name" = "cthulhu" "k8s.cluster.name" = "cthulhu"
} }
} }
@ -29,13 +29,11 @@ resource "hcloud_load_balancer_service" "ingress_workers_tcp_80" {
protocol = "http" protocol = "http"
port = 32080 port = 32080
interval = 5 interval = 5
timeout = 3 timeout = 3
retries = 1 retries = 1
http { http {
path = "/healthz" path = "/healthz"
status_codes = ["2??", "3??"]
} }
} }
} }
@ -51,13 +49,11 @@ resource "hcloud_load_balancer_service" "ingress_workers_tcp_443" {
protocol = "http" protocol = "http"
port = 32080 port = 32080
interval = 5 interval = 5
timeout = 3 timeout = 3
retries = 1 retries = 1
http { http {
path = "/healthz" path = "/healthz"
status_codes = ["2??", "3??"]
} }
} }
} }

65
machines.tf
View file

@ -1,21 +1,5 @@
locals {
control_plane_nodes = 1
}
# 58639934
resource "hcloud_primary_ip" "cthulhu_control_plane" {
count = local.control_plane_nodes
name = "control-plane-${count.index}"
type = "ipv4"
assignee_type = "server"
assignee_id = hcloud_server.cthulhu_control_plane[count.index].id
auto_delete = false
delete_protection = true
}
resource "hcloud_server" "cthulhu_control_plane" { resource "hcloud_server" "cthulhu_control_plane" {
count = local.control_plane_nodes count = 1
name = "control-plane-${count.index}" name = "control-plane-${count.index}"
image = "rocky-9" image = "rocky-9"
@ -42,7 +26,7 @@ resource "hcloud_server" "cthulhu_control_plane" {
public_net { public_net {
ipv4_enabled = true ipv4_enabled = true
ipv6_enabled = false ipv6_enabled = true
} }
network { network {
@ -51,19 +35,46 @@ resource "hcloud_server" "cthulhu_control_plane" {
} }
} }
module "workers_v2" { resource "random_string" "workers_suffix" {
source = "./modules/node-pool/v1" length = 4
special = false
upper = false
}
network_id = hcloud_network.cthulhu.id resource "hcloud_server" "cthulhu_workers" {
placement_group_id = hcloud_placement_group.cthulhu_workers.id count = 3
ssh_key_ids = [data.hcloud_ssh_key.vojtechmares.id]
size = 3 name = "worker-${random_string.workers_suffix.result}-${count.index}"
server_type = "cx32"
image = "rocky-9" image = "rocky-9"
server_type = "cax21"
location = "fsn1" location = "fsn1"
subnet_cidr = "172.16.11.0/24" backups = false
shutdown_before_deletion = true
cluster_name = "cthulhu" placement_group_id = hcloud_placement_group.cthulhu_workers.id
# firewall_ids = [
# hcloud_firewall.cthulhu_nodes_public.id,
# hcloud_firewall.cthulhu_nodes_private.id,
# ]
ssh_keys = [data.hcloud_ssh_key.vojtechmares.id]
labels = {
"k8s.node.role" = "worker"
"k8s.node.name" = "worker-${random_string.workers_suffix.result}-${count.index}"
"k8s.cluster.name" = "cthulhu"
"k8s.node.pool" = random_string.workers_suffix.result
}
public_net {
ipv4_enabled = true
ipv6_enabled = true
}
network {
network_id = hcloud_network.cthulhu.id
ip = cidrhost(hcloud_network_subnet.workers.ip_range, count.index + 1)
}
} }

45
modules/node-pool/v1/main.tf
View file

@ -1,45 +0,0 @@
resource "random_string" "suffix" {
length = 4
special = false
upper = false
}
resource "hcloud_network_subnet" "pool" {
network_id = var.network_id
type = "cloud"
network_zone = "eu-central"
ip_range = var.subnet_cidr
}
resource "hcloud_server" "pool" {
count = var.size
name = "pool-${random_string.suffix.result}-${count.index + 1}"
image = var.image
server_type = var.server_type
location = var.location
backups = false
shutdown_before_deletion = true
placement_group_id = var.placement_group_id
ssh_keys = var.ssh_key_ids
labels = {
"k8s.node.role" = "worker"
"k8s.node.name" = "pool-${random_string.suffix.result}-${count.index}"
"k8s.cluster.name" = var.cluster_name
"k8s.node.pool" = random_string.suffix.result
}
public_net {
ipv4_enabled = true
ipv6_enabled = false
}
network {
network_id = var.network_id
ip = cidrhost(hcloud_network_subnet.pool.ip_range, count.index + 1)
}
}

40
modules/node-pool/v1/variables.tf
View file

@ -1,40 +0,0 @@
variable "network_id" {
type = string
}
variable "placement_group_id" {
type = string
}
variable "size" {
type = number
}
variable "server_type" {
type = string
}
variable "location" {
type = string
}
variable "image" {
type = string
}
variable "cluster_name" {
type = string
}
variable "ssh_key_ids" {
type = list(string)
}
variable "subnet_cidr" {
type = string
}
variable "primary_ip_auto_delete" {
type = bool
default = true
}

8
modules/node-pool/v1/versions.tf
View file

@ -1,8 +0,0 @@
terraform {
required_providers {
hcloud = {
source = "hetznercloud/hcloud"
version = ">=1.47.0, <2.0.0"
}
}
}

2
variables.auto.tfvars
View file

@ -1,4 +1,4 @@
cloudflare_api_key = "9e19ed1d8baf979e7a4eda5c99ac38d59db38" cloudflare_api_key = "9e19ed1d8baf979e7a4eda5c99ac38d59db38"
cloudflare_email = "vojtech@mares.cz" cloudflare_email = "iam@vojtechmares.com"
hcloud_token = "KDwuUtV0gGqdY19HJ718eOBThVJClFLbKyPh2oCQIcORMCnkSwFtgv2KzesEAtBY" hcloud_token = "KDwuUtV0gGqdY19HJ718eOBThVJClFLbKyPh2oCQIcORMCnkSwFtgv2KzesEAtBY"

2
versions.tf
View file

@ -10,7 +10,7 @@ terraform {
version = ">=1.47.0" version = ">=1.47.0"
} }
} }
required_version = ">= 1.7.0" required_version = "~> 1.7.0"
} }
provider "cloudflare" { provider "cloudflare" {