prskr/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

chore: upgrade k8s cluster

Browse source
This commit is contained in:
Peter 2023-07-11 20:56:33 +02:00
parent f50528f81e
commit 72fab36d11
Signed by: prskr
GPG key ID: C1DB5D2E8DB512F9
7 changed files with 37 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
infrastructure/k8s_flatcar_machines.tf
View file

@ -26,7 +26,7 @@ resource "hcloud_server" "machine" {
for_each = var.k3os_workers for_each = var.k3os_workers
name = each.key name = each.key
server_type = each.value.server_type server_type = each.value.server_type
datacenter = "hel1-dc2" location = each.value.location
image = "ubuntu-22.04" image = "ubuntu-22.04"
backups = each.value.backups backups = each.value.backups
@ -59,7 +59,7 @@ resource "hcloud_server" "machine" {
private_key = tls_private_key.provisioning.private_key_pem private_key = tls_private_key.provisioning.private_key_pem
timeout = "2m" timeout = "2m"
} }
provisioner "file" { provisioner "file" {
content = data.ct_config.machine-ignitions[each.key].rendered content = data.ct_config.machine-ignitions[each.key].rendered
destination = "/root/ignition.json" destination = "/root/ignition.json"
@ -113,4 +113,4 @@ data "template_file" "core_user" {
vars = { vars = {
ssh_keys = jsonencode(concat(var.ssh_keys, [tls_private_key.provisioning.public_key_openssh])) ssh_keys = jsonencode(concat(var.ssh_keys, [tls_private_key.provisioning.public_key_openssh]))
} }
} }

3
infrastructure/vars.tf
View file

@ -21,6 +21,7 @@ variable "k3os_workers" {
server_type = string server_type = string
backups = bool backups = bool
private_ip = string private_ip = string
location = string
})) }))
} }
@ -39,4 +40,4 @@ variable "release_channel" {
condition = contains(["lts", "stable", "beta", "alpha"], var.release_channel) condition = contains(["lts", "stable", "beta", "alpha"], var.release_channel)
error_message = "release_channel must be lts, stable, beta, or alpha." error_message = "release_channel must be lts, stable, beta, or alpha."
} }
} }

2
infrastructure/versions.tf
View file

@ -8,7 +8,7 @@ terraform {
} }
ct = { ct = {
source = "poseidon/ct" source = "poseidon/ct"
version = "0.13.0" version = "0.11.0"
} }
template = { template = {
source = "hashicorp/template" source = "hashicorp/template"

18
infrastructure/vms.auto.tfvars
View file

@ -1,24 +1,18 @@
k3os_workers = { k3os_workers = {
"worker1-gen3" = {
backups = false
node_type = "worker"
server_type = "cx31"
private_ip = "172.23.2.24"
}
"worker1-gen4" = { "worker1-gen4" = {
backups = false backups = false
node_type = "worker" node_type = "worker"
server_type = "cx31" server_type = "cx31"
private_ip = "172.23.2.20" private_ip = "172.23.2.20"
location = "hel1"
} }
"worker2-gen4" = {
"worker2-gen3" = {
backups = false backups = false
node_type = "worker" node_type = "worker"
server_type = "cx31" server_type = "cax21"
private_ip = "172.23.2.25" private_ip = "172.23.2.21"
location = "fsn1"
} }
} }
@ -33,4 +27,4 @@ vms = {
ssh_keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKfHZaI0F5GjAcrM8hjWqwMfULDkAZ2TOIBTQtRocg1F id_ed25519"] ssh_keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKfHZaI0F5GjAcrM8hjWqwMfULDkAZ2TOIBTQtRocg1F id_ed25519"]
release_channel = "stable" release_channel = "stable"

12
k8s/roles/fider/files/resources/deployment.yaml
View file

@ -32,3 +32,15 @@ spec:
requests: requests:
cpu: 50m cpu: 50m
memory: 50Mi memory: 50Mi
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- fider
topologyKey: topology.kubernetes.io/zone

2
k8s/roles/fider/tasks/main.yml
View file

@ -40,6 +40,6 @@
BLOB_STORAGE_S3_ACCESS_KEY_ID: "{{ minio.rootUser | b64encode }}" BLOB_STORAGE_S3_ACCESS_KEY_ID: "{{ minio.rootUser | b64encode }}"
BLOB_STORAGE_S3_SECRET_ACCESS_KEY: "{{ minio.rootPassword | b64encode }}" BLOB_STORAGE_S3_SECRET_ACCESS_KEY: "{{ minio.rootPassword | b64encode }}"
- name: Create kubernetes resources for lookup output - name: Deploy Fider kustomization
k8s: k8s:
definition: "{{ lookup('kubernetes.core.kustomize', dir=([role_path, 'files'] | path_join)) }}" definition: "{{ lookup('kubernetes.core.kustomize', dir=([role_path, 'files'] | path_join)) }}"

22
k8s/roles/hcloud/templates/hcloud-csi.yml.j2
View file

@ -168,7 +168,7 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
labels: labels:
app: hcloud-csi app: hcloud-csi-controller
name: hcloud-csi-controller-metrics name: hcloud-csi-controller-metrics
namespace: kube-system namespace: kube-system
spec: spec:
@ -210,12 +210,14 @@ spec:
app: hcloud-csi-controller app: hcloud-csi-controller
spec: spec:
containers: containers:
- image: k8s.gcr.io/sig-storage/csi-attacher:v3.2.1 - args:
- --default-fstype=ext4
image: registry.k8s.io/sig-storage/csi-attacher:v4.1.0
name: csi-attacher name: csi-attacher
volumeMounts: volumeMounts:
- mountPath: /run/csi - mountPath: /run/csi
name: socket-dir name: socket-dir
- image: k8s.gcr.io/sig-storage/csi-resizer:v1.2.0 - image: registry.k8s.io/sig-storage/csi-resizer:v1.7.0
name: csi-resizer name: csi-resizer
volumeMounts: volumeMounts:
- mountPath: /run/csi - mountPath: /run/csi
@ -223,7 +225,7 @@ spec:
- args: - args:
- --feature-gates=Topology=true - --feature-gates=Topology=true
- --default-fstype=ext4 - --default-fstype=ext4
image: k8s.gcr.io/sig-storage/csi-provisioner:v2.2.2 image: registry.k8s.io/sig-storage/csi-provisioner:v3.4.0
name: csi-provisioner name: csi-provisioner
volumeMounts: volumeMounts:
- mountPath: /run/csi - mountPath: /run/csi
@ -247,7 +249,7 @@ spec:
secretKeyRef: secretKeyRef:
key: token key: token
name: hcloud name: hcloud
image: hetznercloud/hcloud-csi-driver:2.1.0 image: hetznercloud/hcloud-csi-driver:v2.3.2
imagePullPolicy: Always imagePullPolicy: Always
livenessProbe: livenessProbe:
failureThreshold: 5 failureThreshold: 5
@ -267,7 +269,7 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /run/csi - mountPath: /run/csi
name: socket-dir name: socket-dir
- image: k8s.gcr.io/sig-storage/livenessprobe:v2.3.0 - image: registry.k8s.io/sig-storage/livenessprobe:v2.10.0
imagePullPolicy: Always imagePullPolicy: Always
name: liveness-probe name: liveness-probe
volumeMounts: volumeMounts:
@ -306,7 +308,7 @@ spec:
containers: containers:
- args: - args:
- --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/socket - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.hetzner.cloud/socket
image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.2.0 image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.7.0
name: csi-node-driver-registrar name: csi-node-driver-registrar
volumeMounts: volumeMounts:
- mountPath: /run/csi - mountPath: /run/csi
@ -322,7 +324,7 @@ spec:
value: 0.0.0.0:9189 value: 0.0.0.0:9189
- name: ENABLE_METRICS - name: ENABLE_METRICS
value: "true" value: "true"
image: hetznercloud/hcloud-csi-driver:2.1.0 image: hetznercloud/hcloud-csi-driver:v2.3.2
imagePullPolicy: Always imagePullPolicy: Always
livenessProbe: livenessProbe:
failureThreshold: 5 failureThreshold: 5
@ -349,7 +351,7 @@ spec:
name: plugin-dir name: plugin-dir
- mountPath: /dev - mountPath: /dev
name: device-dir name: device-dir
- image: k8s.gcr.io/sig-storage/livenessprobe:v2.3.0 - image: registry.k8s.io/sig-storage/livenessprobe:v2.10.0
imagePullPolicy: Always imagePullPolicy: Always
name: liveness-probe name: liveness-probe
volumeMounts: volumeMounts:
@ -386,7 +388,7 @@ metadata:
name: csi.hetzner.cloud name: csi.hetzner.cloud
spec: spec:
attachRequired: true attachRequired: true
fsGroupPolicy: File
podInfoOnMount: true podInfoOnMount: true
volumeLifecycleModes: volumeLifecycleModes:
- Persistent - Persistent
fsGroupPolicy: File