diff --git a/infrastructure/configs/core-user.yaml.tmpl b/infrastructure/configs/core-user.yaml.tmpl new file mode 100644 index 0000000..ee5e0f0 --- /dev/null +++ b/infrastructure/configs/core-user.yaml.tmpl @@ -0,0 +1,7 @@ +variant: flatcar +version: 1.0.0 + +passwd: + users: + - name: core + ssh_authorized_keys: ${ssh_keys} \ No newline at end of file diff --git a/infrastructure/configs/k3s-flatcar.yaml b/infrastructure/configs/k3s-flatcar.yaml new file mode 100644 index 0000000..0e9e4cf --- /dev/null +++ b/infrastructure/configs/k3s-flatcar.yaml @@ -0,0 +1,37 @@ +variant: flatcar +version: 1.0.0 + +systemd: + units: + - name: k3s-install.service + enabled: true + contents: | + [Unit] + Description=Run K3s script + Wants = network-online.target + After = network.target network-online.target + ConditionPathExists=/opt/k3s-install.sh + ConditionPathExists=!/opt/bin/k3s + [Service] + Type=forking + TimeoutStartSec=180 + RemainAfterExit=yes + KillMode=process + Environment="K3S_URL=https://172.23.2.10:6443" + Environment="K3S_TOKEN=${k3s_token}" + Environment="INSTALL_K3S_EXEC='agent' '--node-ip' '${node_ip}' '--kubelet-arg' '--cloud-provider=external'" + ExecStart=/usr/bin/sh -c "/opt/k3s-install.sh" + [Install] + WantedBy=multi-user.target + +storage: + files: + - path: /etc/hostname + mode: 0644 + contents: + inline: ${host} + - path: /opt/k3s-install.sh + mode: 0777 + contents: + remote: + url: https://get.k3s.io diff --git a/infrastructure/k8s_k3os_machines.tf b/infrastructure/k8s_flatcar_machines.tf similarity index 59% rename from infrastructure/k8s_k3os_machines.tf rename to infrastructure/k8s_flatcar_machines.tf index 0168244..6beb6d4 100644 --- a/infrastructure/k8s_k3os_machines.tf +++ b/infrastructure/k8s_flatcar_machines.tf @@ -70,17 +70,55 @@ resource "hcloud_server" "machine" { "node_ip" = "${each.value.private_ip}" } ) - destination = "/tmp/k3os-config.yaml" + destination = "/root/ignition.json" } provisioner "remote-exec" { inline = [ "set -ex", - "apt-get install -y grub-pc", - "cat /tmp/k3os-config.yaml", - "curl -fsSL --retry-delay 1 --retry 60 --retry-connrefused --retry-max-time 60 --connect-timeout 20 https://raw.githubusercontent.com/rancher/k3os/master/install.sh | bash -s -- --config /tmp/k3os-config.yaml /dev/sda https://github.com/rancher/k3os/releases/download/v0.21.5-k3s2r1/k3os-amd64.iso", - "reboot" + "apt-get install -y gawk", + "curl -fsSLO --retry-delay 1 --retry 60 --retry-connrefused --retry-max-time 60 --connect-timeout 20 https://raw.githubusercontent.com/flatcar/init/flatcar-master/bin/flatcar-install", + "chmod +x flatcar-install", + "./flatcar-install -s -i /root/ignition.json -C ${var.release_channel}", + "shutdown -r +1", ] on_failure = continue } + + provisioner "remote-exec" { + connection { + host = self.ipv4_address + private_key = tls_private_key.provisioning.private_key_pem + timeout = "3m" + user = "core" + } + + inline = [ + "sudo hostnamectl set-hostname ${self.name}", + ] + } +} + +data "ct_config" "machine-ignitions" { + for_each = var.k3os_workers + strict = true + content = templatefile( + "${path.module}/configs/k3s-flatcar.yaml", + { + "host" = "${each.key}" + "k3s_token" = "${var.k3s_token}" + "datacenter" = "hel1-dc2" + "node_ip" = "${each.value.private_ip}" + } + ) + snippets = [ + data.template_file.core_user.rendered + ] +} + +data "template_file" "core_user" { + template = file("${path.module}/configs/core-user.yaml.tmpl") + vars = { + ssh_keys = jsonencode(concat(var.ssh_keys, [tls_private_key.provisioning.public_key_openssh])) + } } \ No newline at end of file diff --git a/infrastructure/main.tf b/infrastructure/main.tf index 72a5ced..706ed68 100644 --- a/infrastructure/main.tf +++ b/infrastructure/main.tf @@ -1,12 +1,3 @@ -terraform { - required_providers { - hcloud = { - source = "hetznercloud/hcloud" - version = "1.35.1" - } - } -} - provider "hcloud" { token = var.hcloud_token } diff --git a/infrastructure/vars.tf b/infrastructure/vars.tf index c06b853..d980cd9 100644 --- a/infrastructure/vars.tf +++ b/infrastructure/vars.tf @@ -30,4 +30,21 @@ variable "ci_workers" { server_type = string private_ip = string })) +} + +variable "ssh_keys" { + type = list(string) + default = [] + description = "Additional SSH public keys for user 'core'." +} + +variable "release_channel" { + type = string + description = "Release channel" + default = "stable" + + validation { + condition = contains(["lts", "stable", "beta", "alpha"], var.release_channel) + error_message = "release_channel must be lts, stable, beta, or alpha." + } } \ No newline at end of file diff --git a/infrastructure/versions.tf b/infrastructure/versions.tf new file mode 100644 index 0000000..28ec042 --- /dev/null +++ b/infrastructure/versions.tf @@ -0,0 +1,22 @@ + +terraform { + required_version = ">= 0.14" + required_providers { + hcloud = { + source = "hetznercloud/hcloud" + version = "1.36.2" + } + ct = { + source = "poseidon/ct" + version = "0.11.0" + } + template = { + source = "hashicorp/template" + version = "~> 2.2.0" + } + null = { + source = "hashicorp/null" + version = "~> 3.2.1" + } + } +} \ No newline at end of file diff --git a/infrastructure/vms.auto.tfvars b/infrastructure/vms.auto.tfvars index 9541c29..9aea45e 100644 --- a/infrastructure/vms.auto.tfvars +++ b/infrastructure/vms.auto.tfvars @@ -34,4 +34,6 @@ ci_workers = { server_type = "cpx21" private_ip = "172.23.2.31" } -} \ No newline at end of file +} + +ssh_keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKfHZaI0F5GjAcrM8hjWqwMfULDkAZ2TOIBTQtRocg1F id_ed25519"] \ No newline at end of file