Move configuration of servers completely to ansible

With this change we no longer use user-data scripts on the provided
machines. That makes it way easier for me to handle all the
configuration, since I only have to run ansible. Furthermore this the
burdon to think what may went wrong, since ansible is easier to debug
than some arbitrary scripts which run at provisioning-time on the
machines.

With this change I should also think about restructuring the code a bit
as well. Since it's actually easier to provide the initial
software-stack for the cluster via ansible than via terraform, at least
as far as I can tell right now.

infra/inventory.ini.tftpl

@@ -11,3 +11,7 @@ ${ip}
 [k3s_cluster:children]
 server
 agent
+
+[k3s_cluster:vars]
+network_cidr=${network_cidr}
+private_nat=${private_nat}

infra/main.tf

@@ -59,8 +59,10 @@ module "k8s" {
 resource "local_file" "ansible_inventory" {
   filename = "${path.module}/../k3s/inventory.ini"
   content = templatefile("./inventory.ini.tftpl", {
-    server_ips  = module.k8s.server_ips_v4,
-    agent_ips   = module.k8s.agent_ips_v4,
+    server_ips   = module.k8s.server_ips_v4,
+    agent_ips    = module.k8s.agent_ips_v4,
+    network_cidr = module.k8s.private_network_cidr,
+    private_nat  = module.k8s.private_network_nat,
   })
 }
 

infra/modules/hetzner/kubernetes/agent-init.yaml.tftpl

@@ -1,17 +0,0 @@
-#cloud-config
-packages:
-- curl
-users:
-- name: cluster
-  shell: /bin/bash
-runcmd:
-# configure correct routing via NAT
-- ip route add default via ${network_gateway}
-- NIC=$(ifconfig | grep -q enp7s0 && echo enp7s0 || echo ens10)
-- echo "[Match]" > /etc/systemd/network/10-$NIC.network
-- echo "Name=$NIC" >> /etc/systemd/network/10-$NIC.network
-- echo "[Network]" >> /etc/systemd/network/10-$NIC.network
-- echo "DHCP=yes" >> /etc/systemd/network/10-$NIC.network
-- echo "Gateway=${network_gateway}" >> /etc/systemd/network/10-$NIC.network
-- sed -e "s/#DNS=/DNS=${dns_servers}/" -i /etc/systemd/resolved.conf
-- systemctl restart systemd-resolved

infra/modules/hetzner/kubernetes/main.tf

@@ -89,14 +89,6 @@ resource "hcloud_server" "server" {
     network_id = hcloud_network.this.id
     ip         = each.value.ip
   }
-  user_data = templatefile(
-    "${path.module}/server-init.yaml.tftpl",
-    {
-      network_ip_range = local.network
-      k3s_token        = random_string.k3s_token.result
-      first_ip         = each.value.first_ip
-    }
-  )
   firewall_ids = [for firewall in hcloud_firewall.this : firewall.id]
 }
 
@@ -121,13 +113,4 @@ resource "hcloud_server" "agent" {
     network_id = hcloud_network.this.id
     ip         = each.value.ip
   }
-  user_data = templatefile(
-    "${path.module}/agent-init.yaml.tftpl",
-    {
-      server_ip       = cidrhost(local.subnet_eu_central, 2)
-      network_gateway = cidrhost(local.subnet_eu_central, 1)
-      dns_servers     = "8.8.8.8 8.8.4.4"
-      k3s_token       = random_string.k3s_token.result
-    }
-  )
 }

infra/modules/hetzner/kubernetes/outputs.tf

@@ -9,3 +9,11 @@ output "server_ips_v6" {
 output "agent_ips_v4" {
   value = flatten([for key, value in hcloud_server.agent : value.network.*.ip])
 }
+
+output "private_network_cidr" {
+  value = local.network
+}
+
+output "private_network_nat" {
+  value = cidrhost(local.subnet_eu_central, 1)
+}

infra/modules/hetzner/kubernetes/server-init.yaml.tftpl

@@ -1,17 +0,0 @@
-#cloud-config
-packages:
-- curl
-users:
-- name: cluster
-  shell: /bin/bash
-runcmd:
-# setup ssh over port 1022 instead of 22
-- sed -i /etc/ssh/sshd_config -e 's/^#\{,1\}\( *Port\) [0-9]\+$/\1 1022/'
-- systemctl daemon-reload
-- systemctl restart ssh.socket
-# configure NAT
-- echo '#!/bin/bash' > /etc/networkd-dispatcher/routable.d/10-eth0-post-up
-- echo 'echo 1 > /proc/sys/net/ipv4/ip_forward' >> /etc/networkd-dispatcher/routable.d/10-eth0-post-up
-- echo 'iptables -t nat -A POSTROUTING -s ${network_ip_range} -o eth0 -j MASQUERADE' >> /etc/networkd-dispatcher/routable.d/10-eth0-post-up
-- chmod +x /etc/networkd-dispatcher/routable.d/10-eth0-post-up
-- /etc/networkd-dispatcher/routable.d/10-eth0-post-up