New version support

2025-11-01 18:58:39 +00:00 · 2021-08-17 18:28:46 +03:00
parent 728e6f81f4
commit e4b43bab2c
6 changed files with 40 additions and 26 deletions
--- a/hetzner/Makefile
+++ b/hetzner/Makefile
@@ -17,11 +17,11 @@ create-templates:
 	@yq ea -P '. as $$item ireduce ({}; . * $$item )' _cfgs/controlplane.yaml templates/controlplane.yaml.tpl > templates/controlplane.yaml
 	@echo 'podSubnets: "10.32.0.0/12,fd00:10:32::/102"'        >  _cfgs/tfstate.vars
 	@echo 'serviceSubnets: "10.200.0.0/22,fd40:10:200::/112"'  >> _cfgs/tfstate.vars
-	@yq eval '.cluster.network.dnsDomain' _cfgs/init.yaml | awk '{ print "domain: "$$1}'       >> _cfgs/tfstate.vars
-	@yq eval '.cluster.clusterName' _cfgs/init.yaml       | awk '{ print "cluster_name: "$$1}' >> _cfgs/tfstate.vars
-	@yq eval '.machine.token'  _cfgs/init.yaml            | awk '{ print "tokenmachine: "$$1}' >> _cfgs/tfstate.vars
-	@yq eval '.cluster.token'  _cfgs/init.yaml            | awk '{ print "token: "$$1}'        >> _cfgs/tfstate.vars
-	@yq eval '.cluster.ca.crt' _cfgs/init.yaml            | awk '{ print "ca: "$$1}'           >> _cfgs/tfstate.vars
+	@yq eval '.cluster.network.dnsDomain' _cfgs/controlplane.yaml | awk '{ print "domain: "$$1}'       >> _cfgs/tfstate.vars
+	@yq eval '.cluster.clusterName' _cfgs/controlplane.yaml       | awk '{ print "cluster_name: "$$1}' >> _cfgs/tfstate.vars
+	@yq eval '.machine.token'  _cfgs/controlplane.yaml            | awk '{ print "tokenmachine: "$$1}' >> _cfgs/tfstate.vars
+	@yq eval '.cluster.token'  _cfgs/controlplane.yaml            | awk '{ print "token: "$$1}'        >> _cfgs/tfstate.vars
+	@yq eval '.cluster.ca.crt' _cfgs/controlplane.yaml            | awk '{ print "ca: "$$1}'           >> _cfgs/tfstate.vars

 	@yq eval -j '{"kubernetes": .}' _cfgs/tfstate.vars > terraform.tfvars.json

--- a/hetzner/instances-master.tf
+++ b/hetzner/instances-master.tf
@@ -15,6 +15,21 @@ resource "hcloud_server" "controlplane" {
    ip         = cidrhost(hcloud_network_subnet.core.ip_range, 11 + count.index)
  }

+  # user_data = templatefile("${path.module}/templates/controlplane.yaml",
+  #   merge(var.kubernetes, {
+  #     name           = "master-${count.index + 1}"
+  #     type           = count.index == 0 ? "init" : "controlplane"
+  #     ipv4_local     = cidrhost(hcloud_network_subnet.core.ip_range, 11 + count.index)
+  #     # ipv4           = hcloud_server.controlplane[count.index].ipv4_address
+  #     # ipv6           = hcloud_server.controlplane[count.index].ipv6_address
+  #     lbv4_local     = hcloud_load_balancer_network.api.ip
+  #     lbv4           = hcloud_load_balancer.api.ipv4
+  #     lbv6           = hcloud_load_balancer.api.ipv6
+  #     hcloud_network = hcloud_network.main.id
+  #     hcloud_token   = var.hcloud_token
+  #   })
+  # )
+
  lifecycle {
    ignore_changes = [
      image,
--- a/hetzner/inventory.tf
+++ b/hetzner/inventory.tf
@@ -1,11 +1,11 @@

-resource "local_file" "coredns_hosts" {
-  content = templatefile("${path.module}/templates/coredns_hosts.tpl",
-    {
-      masters = hcloud_server.controlplane
-      web     = flatten([for p in sort(keys(module.web)) : module.web[p].vms])
-    }
-  )
-  filename        = "_cfgs/coredns_hosts.yaml"
-  file_permission = "0640"
-}
+# resource "local_file" "coredns_hosts" {
+#   content = templatefile("${path.module}/templates/coredns_hosts.tpl",
+#     {
+#       masters = hcloud_server.controlplane
+#       web     = flatten([for p in sort(keys(module.web)) : module.web[p].vms])
+#     }
+#   )
+#   filename        = "_cfgs/coredns_hosts.yaml"
+#   file_permission = "0640"
+# }
--- a/hetzner/network-secgroup.tf
+++ b/hetzner/network-secgroup.tf
@@ -21,6 +21,12 @@ resource "hcloud_firewall" "controlplane" {
    source_ips = [var.vpc_main_cidr]
  }

+  # rule {
+  #   direction  = "in"
+  #   protocol   = "tcp"
+  #   port       = "22"
+  #   source_ips = var.whitelist_admins
+  # }
  rule {
    direction  = "in"
    protocol   = "tcp"
--- a/hetzner/templates/controlplane.yaml.tpl
+++ b/hetzner/templates/controlplane.yaml.tpl
@@ -7,8 +7,7 @@ machine:
    - "${lbv4}"
    - "${lbv6}"
    - "${lbv4_local}"
-    - "${ipv4}"
-    - "${ipv6}"
+    - "${ipv4_local}"
  kubelet:
    extraArgs:
      node-ip: "${ipv4_local}"
@@ -18,12 +17,6 @@ machine:
    interfaces:
      - interface: eth0
        dhcp: true
-      - interface: eth0
-        cidr: "${ipv6}/64"
-        routes:
-          - network: "::/0"
-            gateway: "fe80::1"
-            metric: 1024
      - interface: eth1
        dhcp: true
      - interface: dummy0
@@ -61,10 +54,10 @@ cluster:
    mode: ipvs
  apiServer:
    certSANs:
-      - "${lbv4_local}"
      - "${lbv4}"
      - "${lbv6}"
-      - "${ipv4}"
+      - "${lbv4_local}"
+      - "${ipv4_local}"
    extraArgs:
        feature-gates: IPv6DualStack=true
  controllerManager:
--- a/system_os/hetzner/hetzner.pkr.hcl
+++ b/system_os/hetzner/hetzner.pkr.hcl
@@ -22,7 +22,7 @@ variable "talos_version" {
 source "hcloud" "talos" {
  token        = var.hcloud_token
  rescue       = "linux64"
-  image        = "debian-10"
+  image        = "debian-11"
  location     = "hel1"
  server_type  = "cx11"
  ssh_username = "root"