From 59d68d391990c028bc9b7ef996fa4af52e43cba7 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Wed, 20 Nov 2024 19:41:16 +0100 Subject: [PATCH 01/10] feat: add health check status codes --- loadbalancer.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/loadbalancer.tf b/loadbalancer.tf index d6be46a..9dcbc87 100644 --- a/loadbalancer.tf +++ b/loadbalancer.tf @@ -34,6 +34,8 @@ resource "hcloud_load_balancer_service" "ingress_workers_tcp_80" { http { path = "/healthz" + + status_codes = ["2??", "3??"] } } } @@ -54,6 +56,8 @@ resource "hcloud_load_balancer_service" "ingress_workers_tcp_443" { http { path = "/healthz" + + status_codes = ["2??", "3??"] } } } From 3c84915228296b93c31d03f1ba1793cde0ef8d58 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Wed, 20 Nov 2024 19:41:38 +0100 Subject: [PATCH 02/10] style: format with `terraform fmt` --- loadbalancer.tf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/loadbalancer.tf b/loadbalancer.tf index 9dcbc87..f47524f 100644 --- a/loadbalancer.tf +++ b/loadbalancer.tf @@ -3,8 +3,8 @@ resource "hcloud_load_balancer" "ingress" { load_balancer_type = "lb11" location = "fsn1" labels = { - "env" = "production" - "k8s.cluster.name" = "cthulhu" + "env" = "production" + "k8s.cluster.name" = "cthulhu" } } @@ -29,8 +29,8 @@ resource "hcloud_load_balancer_service" "ingress_workers_tcp_80" { protocol = "http" port = 32080 interval = 5 - timeout = 3 - retries = 1 + timeout = 3 + retries = 1 http { path = "/healthz" @@ -51,8 +51,8 @@ resource "hcloud_load_balancer_service" "ingress_workers_tcp_443" { protocol = "http" port = 32080 interval = 5 - timeout = 3 - retries = 1 + timeout = 3 + retries = 1 http { path = "/healthz" From 08fb2ad814f8ee1edf8820f80002473908d2e1dc Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Wed, 20 Nov 2024 19:41:58 +0100 Subject: [PATCH 03/10] chore: free up terraform version constraint --- versions.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versions.tf b/versions.tf index d56660a..0295894 100644 --- a/versions.tf +++ b/versions.tf @@ -10,7 +10,7 @@ terraform { version = ">=1.47.0" } } - required_version = "~> 1.7.0" + required_version = ">= 1.7.0" } provider "cloudflare" { From bf7a3c580eac2a0aabed7bbe6ad9f85b47068b3c Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Wed, 20 Nov 2024 19:42:33 +0100 Subject: [PATCH 04/10] refactor: change cloudflare email --- variables.auto.tfvars | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.auto.tfvars b/variables.auto.tfvars index 3c7f0f4..699dea1 100644 --- a/variables.auto.tfvars +++ b/variables.auto.tfvars @@ -1,4 +1,4 @@ cloudflare_api_key = "9e19ed1d8baf979e7a4eda5c99ac38d59db38" -cloudflare_email = "iam@vojtechmares.com" +cloudflare_email = "vojtech@mares.cz" hcloud_token = "KDwuUtV0gGqdY19HJ718eOBThVJClFLbKyPh2oCQIcORMCnkSwFtgv2KzesEAtBY" From 68a185c114899a1b728b2142b02d436f828ad6de Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Wed, 20 Nov 2024 19:48:18 +0100 Subject: [PATCH 05/10] docs(changelog): refactor format to follow 'Keep a Changelog' and add latest entry --- CHANGELOG.md | 42 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0602e8c..478c28a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,14 +1,48 @@ # CHANGELOG -## Enable automatic updates on control plane / 2024-11-14 +## [0.5.0] - 2024-11-20 -See [os/automated-upgrades](/docs/os/automated-upgrades.md). +### Added -## Update Kubernetes to v1.30.4 / 2024-08-30 +- Added Cilium as CNI + - with kube-proxy replacement mode enabled + +### Changed + +- Disable vanilla Kubernetes network policy +- Change node IP to Hetzner Cloud Network IPs (private) +- Add node external IP - VM public IPv4 + +### Removed + +- Disabled kube-proxy +- Disabled flannel CNI + + +## [0.4.0] - 2024-11-15 + +### Added + +- Enable automatic updates on all worker nodes + See [os/automated-upgrades](/docs/os/automated-upgrades.md). + + +## [0.3.0] - 2024-11-14 + +### Added + +- Enable automatic updates on control plane + See [os/automated-upgrades](/docs/os/automated-upgrades.md). + +## [0.2.0] - 2024-08-30 + +### Changed - Upgrade the cluster to Kubernetes (k3s) version v1.30 (`v1.30.4`) -## Update Kubernetes to v1.29.8 / 2024-08-30 +## [0.1.0] - 2024-08-30 + +### Changed - Upgrade the cluster to Kubernetes (k3s) version v1.29 (`v1.29.8`) - Upgrade the node OS (Rocky Linux 9, `dnf update -y`) From a6d00bd4c597ded9e285e7e72bcc057deb121284 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Wed, 20 Nov 2024 20:10:59 +0100 Subject: [PATCH 06/10] docs(changelog): reformat title to follow 'Keep a Changelog' --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 478c28a..74f95b4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -# CHANGELOG +# Changelog ## [0.5.0] - 2024-11-20 From f916e715e50f01f191ce599172b5fc6456da0173 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Sat, 23 Nov 2024 09:29:55 +0100 Subject: [PATCH 07/10] refactor: use standalone hcloud_primary_ip resource for control plane node ip --- CHANGELOG.md | 6 ++++++ machines.tf | 20 ++++++++++++++++++-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 74f95b4..3abaed0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## [0.6.0] - 2024-11-23 + +### Changed + +- Use standalone resource for control plane primary IP + ## [0.5.0] - 2024-11-20 ### Added diff --git a/machines.tf b/machines.tf index 125c5d7..18e2676 100644 --- a/machines.tf +++ b/machines.tf @@ -1,5 +1,21 @@ +locals { + control_plane_nodes = 1 +} + +# 58639934 +resource "hcloud_primary_ip" "cthulhu_control_plane" { + count = local.control_plane_nodes + + name = "control-plane-${count.index}" + type = "ipv4" + assignee_type = "server" + assignee_id = hcloud_server.cthulhu_control_plane[count.index].id + auto_delete = false + delete_protection = true +} + resource "hcloud_server" "cthulhu_control_plane" { - count = 1 + count = local.control_plane_nodes name = "control-plane-${count.index}" image = "rocky-9" @@ -26,7 +42,7 @@ resource "hcloud_server" "cthulhu_control_plane" { public_net { ipv4_enabled = true - ipv6_enabled = true + ipv6_enabled = false } network { From b8b0a7ce22f6ab88fba059d584926656b910e1bb Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Sat, 23 Nov 2024 09:32:12 +0100 Subject: [PATCH 08/10] feat: add node pool module and use it for new node pool --- CHANGELOG.md | 8 ++++++ machines.tf | 17 ++++++++++++ modules/node-pool/v1/main.tf | 45 +++++++++++++++++++++++++++++++ modules/node-pool/v1/variables.tf | 40 +++++++++++++++++++++++++++ modules/node-pool/v1/versions.tf | 8 ++++++ 5 files changed, 118 insertions(+) create mode 100644 modules/node-pool/v1/main.tf create mode 100644 modules/node-pool/v1/variables.tf create mode 100644 modules/node-pool/v1/versions.tf diff --git a/CHANGELOG.md b/CHANGELOG.md index 3abaed0..6ec6e22 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## [0.7.0] - 2024-11-23 + +### Added + +- Add node pool module +- Add new node pool using the new module + - Using Intel-based instead of ARM-based CPUs + ## [0.6.0] - 2024-11-23 ### Changed diff --git a/machines.tf b/machines.tf index 18e2676..c6a56e6 100644 --- a/machines.tf +++ b/machines.tf @@ -94,3 +94,20 @@ resource "hcloud_server" "cthulhu_workers" { ip = cidrhost(hcloud_network_subnet.workers.ip_range, count.index + 1) } } + +module "workers_v2" { + source = "./modules/node-pool/v1" + + network_id = hcloud_network.cthulhu.id + placement_group_id = hcloud_placement_group.cthulhu_workers.id + ssh_key_ids = [data.hcloud_ssh_key.vojtechmares.id] + + size = 3 + server_type = "cx32" + image = "rocky-9" + location = "fsn1" + + subnet_cidr = "172.16.11.0/24" + + cluster_name = "cthulhu" +} diff --git a/modules/node-pool/v1/main.tf b/modules/node-pool/v1/main.tf new file mode 100644 index 0000000..e7e80c5 --- /dev/null +++ b/modules/node-pool/v1/main.tf @@ -0,0 +1,45 @@ +resource "random_string" "suffix" { + length = 4 + special = false + upper = false +} + +resource "hcloud_network_subnet" "pool" { + network_id = var.network_id + type = "cloud" + network_zone = "eu-central" + ip_range = var.subnet_cidr +} + +resource "hcloud_server" "pool" { + count = var.size + + name = "pool-${random_string.suffix.result}-${count.index + 1}" + image = var.image + server_type = var.server_type + location = var.location + + backups = false + shutdown_before_deletion = true + + placement_group_id = var.placement_group_id + + ssh_keys = var.ssh_key_ids + + labels = { + "k8s.node.role" = "worker" + "k8s.node.name" = "pool-${random_string.suffix.result}-${count.index}" + "k8s.cluster.name" = var.cluster_name + "k8s.node.pool" = random_string.suffix.result + } + + public_net { + ipv4_enabled = true + ipv6_enabled = false + } + + network { + network_id = var.network_id + ip = cidrhost(hcloud_network_subnet.pool.ip_range, count.index + 1) + } +} diff --git a/modules/node-pool/v1/variables.tf b/modules/node-pool/v1/variables.tf new file mode 100644 index 0000000..46a0c8f --- /dev/null +++ b/modules/node-pool/v1/variables.tf @@ -0,0 +1,40 @@ +variable "network_id" { + type = string +} + +variable "placement_group_id" { + type = string +} + +variable "size" { + type = number +} + +variable "server_type" { + type = string +} + +variable "location" { + type = string +} + +variable "image" { + type = string +} + +variable "cluster_name" { + type = string +} + +variable "ssh_key_ids" { + type = list(string) +} + +variable "subnet_cidr" { + type = string +} + +variable "primary_ip_auto_delete" { + type = bool + default = true +} diff --git a/modules/node-pool/v1/versions.tf b/modules/node-pool/v1/versions.tf new file mode 100644 index 0000000..4d6fc64 --- /dev/null +++ b/modules/node-pool/v1/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + hcloud = { + source = "hetznercloud/hcloud" + version = ">=1.47.0, <2.0.0" + } + } +} From 0523a8907b838fab9436bb923265e540ec6c2c21 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Sat, 23 Nov 2024 09:35:03 +0100 Subject: [PATCH 09/10] refactor: remove old node pool and cleanup dns records --- CHANGELOG.md | 7 +++++++ dns.tf | 42 +----------------------------------------- machines.tf | 44 -------------------------------------------- 3 files changed, 8 insertions(+), 85 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ec6e22..6cafadb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## [0.8.0] - 2024-11-23 + +### Removed + +- Remove old node pool +- Clean up DNS records for machines + ## [0.7.0] - 2024-11-23 ### Added diff --git a/dns.tf b/dns.tf index 01edec2..8197fe9 100644 --- a/dns.tf +++ b/dns.tf @@ -30,16 +30,6 @@ resource "cloudflare_record" "cthulhu_control_plane" { proxied = false } -resource "cloudflare_record" "cthulhu_control_plane_ipv6" { - count = length(hcloud_server.cthulhu_control_plane) - - zone_id = data.cloudflare_zone.vxm_cz.id - name = "control-plane-${count.index}.cthulhu.k8s" - value = hcloud_server.cthulhu_control_plane[count.index].ipv6_address - type = "AAAA" - proxied = false -} - resource "cloudflare_record" "cthulhu_kubeapi_singlenode" { count = length(hcloud_server.cthulhu_control_plane) == 1 ? 1 : 0 @@ -50,40 +40,10 @@ resource "cloudflare_record" "cthulhu_kubeapi_singlenode" { proxied = false } -resource "cloudflare_record" "cthulhu_kubeapi_singlenode_ipv6" { - count = length(hcloud_server.cthulhu_control_plane) == 1 ? 1 : 0 - - zone_id = data.cloudflare_zone.vxm_cz.id - name = "api.cthulhu.k8s" - value = hcloud_server.cthulhu_control_plane[0].ipv6_address - type = "AAAA" - proxied = false -} - -resource "cloudflare_record" "cthulhu_workers" { - count = length(hcloud_server.cthulhu_workers) - - zone_id = data.cloudflare_zone.vxm_cz.id - name = "worker-${random_string.workers_suffix.result}-${count.index}.cthulhu.k8s" - value = hcloud_server.cthulhu_workers[count.index].ipv4_address - type = "A" - proxied = false -} - -resource "cloudflare_record" "cthulhu_workers_ipv6" { - count = length(hcloud_server.cthulhu_workers) - - zone_id = data.cloudflare_zone.vxm_cz.id - name = "worker-${random_string.workers_suffix.result}-${count.index}.cthulhu.k8s" - value = hcloud_server.cthulhu_workers[count.index].ipv6_address - type = "AAAA" - proxied = false -} - resource "cloudflare_record" "cthulhu_wildcard" { zone_id = data.cloudflare_zone.vxm_cz.id name = "*.cthulhu.k8s" value = cloudflare_record.ingress_cthulhu_k8s_vxm_cz.hostname type = "CNAME" proxied = false -} \ No newline at end of file +} diff --git a/machines.tf b/machines.tf index c6a56e6..c582b8f 100644 --- a/machines.tf +++ b/machines.tf @@ -51,50 +51,6 @@ resource "hcloud_server" "cthulhu_control_plane" { } } -resource "random_string" "workers_suffix" { - length = 4 - special = false - upper = false -} - -resource "hcloud_server" "cthulhu_workers" { - count = 3 - - name = "worker-${random_string.workers_suffix.result}-${count.index}" - image = "rocky-9" - server_type = "cax21" - location = "fsn1" - - backups = false - shutdown_before_deletion = true - - placement_group_id = hcloud_placement_group.cthulhu_workers.id - - # firewall_ids = [ - # hcloud_firewall.cthulhu_nodes_public.id, - # hcloud_firewall.cthulhu_nodes_private.id, - # ] - - ssh_keys = [data.hcloud_ssh_key.vojtechmares.id] - - labels = { - "k8s.node.role" = "worker" - "k8s.node.name" = "worker-${random_string.workers_suffix.result}-${count.index}" - "k8s.cluster.name" = "cthulhu" - "k8s.node.pool" = random_string.workers_suffix.result - } - - public_net { - ipv4_enabled = true - ipv6_enabled = true - } - - network { - network_id = hcloud_network.cthulhu.id - ip = cidrhost(hcloud_network_subnet.workers.ip_range, count.index + 1) - } -} - module "workers_v2" { source = "./modules/node-pool/v1" From c5c5ab6cf2abcbc032803ab9663088501b892707 Mon Sep 17 00:00:00 2001 From: Vojtech Mares Date: Sat, 23 Nov 2024 09:38:11 +0100 Subject: [PATCH 10/10] docs(CHANGELOG.md): change versions and how changes are versioned --- CHANGELOG.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6cafadb..d95e73d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,13 +1,13 @@ # Changelog -## [0.8.0] - 2024-11-23 +## [0.5.1] - 2024-11-23 ### Removed - Remove old node pool - Clean up DNS records for machines -## [0.7.0] - 2024-11-23 +## [0.5.0] - 2024-11-23 ### Added @@ -15,13 +15,13 @@ - Add new node pool using the new module - Using Intel-based instead of ARM-based CPUs -## [0.6.0] - 2024-11-23 +## [0.4.1] - 2024-11-23 ### Changed - Use standalone resource for control plane primary IP -## [0.5.0] - 2024-11-20 +## [0.4.0] - 2024-11-20 ### Added @@ -40,7 +40,7 @@ - Disabled flannel CNI -## [0.4.0] - 2024-11-15 +## [0.3.0] - 2024-11-15 ### Added @@ -48,14 +48,14 @@ See [os/automated-upgrades](/docs/os/automated-upgrades.md). -## [0.3.0] - 2024-11-14 +## [0.2.0] - 2024-11-14 ### Added - Enable automatic updates on control plane See [os/automated-upgrades](/docs/os/automated-upgrades.md). -## [0.2.0] - 2024-08-30 +## [0.1.1] - 2024-08-30 ### Changed