Felix Nehrke
9c19a21273
The navigation through a bunch of config files, all with just a few lines in it is cumbersome. This change moves all the configuration into a centralized `config.ini` that way it's easier for me to get a quick overview of the setup. The `config.ini` acts as another inventory and is therefore references as such by the ansible.cfg. The `inventory.ini` (which is generated by terraform in the provisioning-step) is not affected by this change.
Hetzer Infra
This repository is meant to setup my kubernetes-cluster on Hetzner Cloud. The setup is split into 2 dedicated parts:
-
Create necessary machines in Hetzner Cloud via terraform.
-
Install/Upgrade kubernetes-cluster and other software via ansible.
TL;DR
cd infra
terraform init
terraform apply
sleep 300 # Wait 5 minutes since the machines start _slow_ sometimes
cd ../k3s
ansible-galaxy install -r requirements.yml
ansible-playbook site.yml
cd ../k8s
terraform init
terraform applyPreparation
-
Ensure
terraformis installed -
Ensure
ansibleis installed
Setup
The project is split into different directories, each responsible for another task. For the initial setup it is mandatory to follow the instructions of each directory in the following order. Subsequent changes may only require a subset of these instructions. Though, it should be safe to run each step multiple times, they should all be indempotent.
infra
Run this setup in the infra/ directory.
Make sure config.auto.tfvars with all the needed configuration-secrets is present otherwise the module cannot be applied!
The file is savely stored in the password-manager.
|
terraform init (1)
terraform apply (2)| 1 | Init the terraform modules if necessary |
| 2 | Setup infrastructure and create/update inventory.ini |
The setup will take longer than just the terraform apply, since it will install some.
As a rule of thumb wait ca. 5 minutes after the apply to do other work.
|
k3s
Run this setup in the k3s/ directory.
The k3s-setup requires a inventory.ini which is automatically created by the infra.
So, make sure to apply the infra at least once, before running these playbooks.
|
ansible-galaxy install -r requirements.yml (1)
ansible-playbook site.yml (2)| 1 | Install required ansible collections to create a k3s-cluster (can be omitted in subsequent runs) |
| 2 | Install k3s and download kube-config to .kube/config |
| The second step will override any existing kube config, this might destroy any existing settings! |
k8s
Run this setup in the k8s/ directory.
Make sure config.auto.tfvars with all the needed configuration-secrets is present otherwise the module cannot be applied!
The file is savely stored in the password-manager.
|
terraform init (1)
terraform apply (2)| 1 | Init the terraform modules if necessary |
| 2 | Create services in the cluster |
Enlarge / Reduce size of cluster
- Increase
-
Simply adjust the number of agents/servers in your
infra/config.auto.tfvars. -
Run steps 3 & 4 of the setup again
- Decrease
If you want shrink the cluster DO NOT reduce the agent-amount directly! Instead proceed as the following:
-
Open k9s and go to
:nodes -
Select the highest agent and press
rto drain it -
Afterward that succeeded delete it with
Ctrl-d -
Finally reduce the amount of agents in terraform and apply the change
Responsibilities
infra/-
-
Creation of network for the kubernetes-cluster
-
A public subnet exposed to the internet for the kubernetes-servers
-
A private subnet for the kubernetes-agents
-
-
Routing between the networks
-
Firewall rules to block everything from the servers except of:
-
ping (protocol:
icmp) -
kubernetes api (Usually port
6443) -
ssh (I prefer to use a non-standard port since I want to provide a git-server on port
22) -
public services, e.g. http and https (port
80and443)
-
-
Creating the kubernetes-servers in the public subnet
-
Creating the kubernetes-agents in the private subnet
-
Setting up routing on all servers
-
Setup SSH-connections
-
Creating DNS-records in Hetzer Cloud
-
k3s/-
-
Installing k3s
-
Keep the software up-to-date
-