diff --git a/infrastructure/k8s_flatcar_machines.tf b/infrastructure/k8s_flatcar_machines.tf index 90e9c9f..52821bd 100644 --- a/infrastructure/k8s_flatcar_machines.tf +++ b/infrastructure/k8s_flatcar_machines.tf @@ -26,7 +26,7 @@ resource "hcloud_server" "machine" { for_each = var.k3os_workers name = each.key server_type = each.value.server_type - datacenter = "hel1-dc2" + location = each.value.location image = "ubuntu-22.04" backups = each.value.backups @@ -59,7 +59,7 @@ resource "hcloud_server" "machine" { private_key = tls_private_key.provisioning.private_key_pem timeout = "2m" } - + provisioner "file" { content = data.ct_config.machine-ignitions[each.key].rendered destination = "/root/ignition.json" @@ -113,4 +113,4 @@ data "template_file" "core_user" { vars = { ssh_keys = jsonencode(concat(var.ssh_keys, [tls_private_key.provisioning.public_key_openssh])) } -} \ No newline at end of file +} diff --git a/infrastructure/vars.tf b/infrastructure/vars.tf index b5a36b3..07d6961 100644 --- a/infrastructure/vars.tf +++ b/infrastructure/vars.tf @@ -21,6 +21,7 @@ variable "k3os_workers" { server_type = string backups = bool private_ip = string + location = string })) } @@ -39,4 +40,4 @@ variable "release_channel" { condition = contains(["lts", "stable", "beta", "alpha"], var.release_channel) error_message = "release_channel must be lts, stable, beta, or alpha." } -} \ No newline at end of file +} diff --git a/infrastructure/versions.tf b/infrastructure/versions.tf index ec8952b..f32bdb8 100644 --- a/infrastructure/versions.tf +++ b/infrastructure/versions.tf @@ -8,7 +8,7 @@ terraform { } ct = { source = "poseidon/ct" - version = "0.13.0" + version = "0.11.0" } template = { source = "hashicorp/template" diff --git a/infrastructure/vms.auto.tfvars b/infrastructure/vms.auto.tfvars index 50eab5b..7b4bfae 100644 --- a/infrastructure/vms.auto.tfvars +++ b/infrastructure/vms.auto.tfvars @@ -1,24 +1,18 @@ k3os_workers = { - "worker1-gen3" = { - backups = false - node_type = "worker" - server_type = "cx31" - private_ip = "172.23.2.24" - } - "worker1-gen4" = { backups = false node_type = "worker" server_type = "cx31" private_ip = "172.23.2.20" + location = "hel1" } - - "worker2-gen3" = { + "worker2-gen4" = { backups = false node_type = "worker" - server_type = "cx31" - private_ip = "172.23.2.25" + server_type = "cax21" + private_ip = "172.23.2.21" + location = "fsn1" } } @@ -33,4 +27,4 @@ vms = { ssh_keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKfHZaI0F5GjAcrM8hjWqwMfULDkAZ2TOIBTQtRocg1F id_ed25519"] -release_channel = "stable" \ No newline at end of file +release_channel = "stable" diff --git a/k8s/roles/fider/files/resources/deployment.yaml b/k8s/roles/fider/files/resources/deployment.yaml index d48b6d1..c7096a9 100644 --- a/k8s/roles/fider/files/resources/deployment.yaml +++ b/k8s/roles/fider/files/resources/deployment.yaml @@ -32,3 +32,15 @@ spec: requests: cpu: 50m memory: 50Mi + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - fider + topologyKey: topology.kubernetes.io/zone \ No newline at end of file diff --git a/k8s/roles/fider/tasks/main.yml b/k8s/roles/fider/tasks/main.yml index d718f21..66788b2 100644 --- a/k8s/roles/fider/tasks/main.yml +++ b/k8s/roles/fider/tasks/main.yml @@ -40,6 +40,6 @@ BLOB_STORAGE_S3_ACCESS_KEY_ID: "{{ minio.rootUser | b64encode }}" BLOB_STORAGE_S3_SECRET_ACCESS_KEY: "{{ minio.rootPassword | b64encode }}" -- name: Create kubernetes resources for lookup output +- name: Deploy Fider kustomization k8s: definition: "{{ lookup('kubernetes.core.kustomize', dir=([role_path, 'files'] | path_join)) }}" \ No newline at end of file diff --git a/k8s/roles/hcloud/templates/hcloud-csi.yml.j2 b/k8s/roles/hcloud/templates/hcloud-csi.yml.j2 index cfe0307..bd06800 100644 --- a/k8s/roles/hcloud/templates/hcloud-csi.yml.j2 +++ b/k8s/roles/hcloud/templates/hcloud-csi.yml.j2 @@ -168,7 +168,7 @@ apiVersion: v1 kind: Service metadata: labels: - app: hcloud-csi + app: hcloud-csi-controller name: hcloud-csi-controller-metrics namespace: kube-system spec: @@ -210,12 +210,14 @@ spec: app: hcloud-csi-controller spec: containers: - - image: k8s.gcr.io/sig-storage/csi-attacher:v3.2.1 + - args: + - --default-fstype=ext4 + image: registry.k8s.io/sig-storage/csi-attacher:v4.1.0 name: csi-attacher volumeMounts: - mountPath: /run/csi name: socket-dir - - image: k8s.gcr.io/sig-storage/csi-resizer:v1.2.0 + - image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0 name: csi-resizer volumeMounts: - mountPath: /run/csi @@ -223,7 +225,7 @@ spec: - args: - --feature-gates=Topology=true - --default-fstype=ext4 - image: k8s.gcr.io/sig-storage/csi-provisioner:v2.2.2 + image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0 name: csi-provisioner volumeMounts: - mountPath: /run/csi @@ -247,7 +249,7 @@ spec: secretKeyRef: key: token name: hcloud - image: hetznercloud/hcloud-csi-driver:2.1.0 + image: hetznercloud/hcloud-csi-driver:v2.3.2 imagePullPolicy: Always livenessProbe: failureThreshold: 5 @@ -267,7 +269,7 @@ spec: volumeMounts: - mountPath: /run/csi name: socket-dir - - image: k8s.gcr.io/sig-storage/livenessprobe:v2.3.0 + - image: registry.k8s.io/sig-storage/livenessprobe:v2.10.0 imagePullPolicy: Always name: liveness-probe volumeMounts: @@ -306,7 +308,7 @@ spec: containers: - args: - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/socket - image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.2.0 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0 name: csi-node-driver-registrar volumeMounts: - mountPath: /run/csi @@ -322,7 +324,7 @@ spec: value: 0.0.0.0:9189 - name: ENABLE_METRICS value: "true" - image: hetznercloud/hcloud-csi-driver:2.1.0 + image: hetznercloud/hcloud-csi-driver:v2.3.2 imagePullPolicy: Always livenessProbe: failureThreshold: 5 @@ -349,7 +351,7 @@ spec: name: plugin-dir - mountPath: /dev name: device-dir - - image: k8s.gcr.io/sig-storage/livenessprobe:v2.3.0 + - image: registry.k8s.io/sig-storage/livenessprobe:v2.10.0 imagePullPolicy: Always name: liveness-probe volumeMounts: @@ -386,7 +388,7 @@ metadata: name: csi.hetzner.cloud spec: attachRequired: true + fsGroupPolicy: File podInfoOnMount: true volumeLifecycleModes: - Persistent - fsGroupPolicy: File