Initial commit

Signed-off-by: solidnerd <[email protected]>

Author: solidnerd

.gitignore

@@ -0,0 +1,7 @@
+.terraform.*
+.terraform/
+terraform.tfstate*
+terraform.tfvars
+.auto.tfvars
+.DS_Store
+secrets/

README.md

@@ -0,0 +1,82 @@
+# Terraform Kubernetes on Hetzner Cloud
+
+This repository will help to setup an opionated Kubernetes Cluster with [kubeadm](https://kubernetes.io/docs/setup/independent/create-cluster-kubeadm/) on [Hetzner Cloud](https://www.hetzner.com/cloud?country=us).
+
+## Usage
+
+```
+$ git clone https://github.com/solidnerd/terraform-k8s-hcloud.git
+$ ./install-plugin.sh
+$ terraform init
+$ terraform apply
+```
+
+## Example
+
+```
+$ ./install-plugin.sh
+$ terraform init
+$ terraform apply
+$ KUBECONFIG=secrets/admin.conf kubectl get nodes
+$ KUBECONFIG=secrets/admin.conf kubectl apply -f https://docs.projectcalico.org/v3.0/getting-started/kubernetes/installation/hosted/kubeadm/1.7/calico.yaml
+$ KUBECONFIG=secrets/admin.conf kubectl get pods --namespace=kube-system -o wide
+$ KUBECONFIG=secrets/admin.conf kubectl run nginx --image=nginx
+$ KUBECONFIG=secrets/admin.conf kubectl expose deploy nginx --port=80 --type NodePort
+```
+
+## Variables
+
+|  Name                    |  Default     |  Description                                                                      | Required |
+|:-------------------------|:-------------|:----------------------------------------------------------------------------------|:--------:|
+| `hcloud_token`              | ``           |API Token that will be generated through your hetzner cloud project https://console.hetzner.cloud/projects      | Yes      |
+| `master_count`                  | `1`           | Amount of masters that will be created                                         | No      |
+| `master_image`                 | `ubuntu-16.04`  | Predefined Image that will be used to spin up the machines (Currently supported: ubuntu-16.04, debian-9,centos-7,fedora-27)                                     | No      |
+| `master_type`                   | `cx11`  | Machine type for more types have a look at https://www.hetzner.de/cloud                                   | No       |
+| `node_count`             | `1`  | Amount of nodes that will be created                                 | No       |
+| `node_image`                   | `ubuntu-16.04`         | Predefined Image that will be used to spin up the machines (Currently supported: ubuntu-16.04, debian-9,centos-7,fedora-27)       |
+| `node_type`              | `cx11`          | Machine type for more types have a look at https://www.hetzner.de/cloud | No       |
+| `ssh_private_key`                    | `~/.ssh/id_ed25519`    | Private Key to access the machines       |
+| `ssh_public_key`          | `~/.ssh/id_ed25519.pub`          | Public Key to authorized the access for the machines                                                     | No       |
+| `docker_version`         | `17.03`          | Docker CE version that will be installed                                                     | No       |
+| `kubernetes_version`         | `1.10.0`          | Kubernetes version that will be installed                                                     | No       |
+| `core_dns`         | `false`          | Enables CoreDNS as Service Discovery                                                     | No       |
+
+All variables cloud be passed through `environment variables` or a `tfvars` file.
+
+An example for a `tfvars` file would be the following `terraform.tfvars`
+
+```toml
+# terraform.tfvars
+hcloud_token = "<yourgeneratedtoken>"
+master_type = "cx21"
+master_count = 1
+node_type = "cx31"
+node_count = 2
+kubernetes_version = "1.9.6"
+docker_version = "17.03"
+```
+
+Or passing directly via Arguments
+
+```console
+$ terraform apply \
+  -var hcloud_token="<yourgeneratedtoken>"
+  -var docker_version=17.03
+  -var kubernetes_version=1.9.6
+  -var master_type=cx21
+  -var master_count=1
+  -var node_type=cx31
+  -var node_count=2
+```
+
+
+## Contributing
+
+### Bug Reports & Feature Requests
+
+Please use the [issue tracker](https://github.com/solidnerd/terraform-k8s-hcloud/issues) to report any bugs or file feature requests.
+
+
+**Tested with**
+- Terraform [v0.11.5](https://github.com/hashicorp/terraform/tree/v0.11.5)
+- provider.hcloud [v1.1.0](https://github.com/hetznercloud/terraform-provider-hcloud/tree/v1.1.0)

files/10-kubeadm.conf

@@ -0,0 +1,10 @@
+[Service]
+Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --cgroup-driver=cgroupfs"
+Environment="KUBELET_SYSTEM_PODS_ARGS=--pod-manifest-path=/etc/kubernetes/manifests --allow-privileged=true"
+Environment="KUBELET_NETWORK_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
+Environment="KUBELET_DNS_ARGS=--cluster-dns=10.96.0.10 --cluster-domain=cluster.local"
+Environment="KUBELET_AUTHZ_ARGS=--authorization-mode=Webhook --client-ca-file=/etc/kubernetes/pki/ca.crt"
+Environment="KUBELET_CADVISOR_ARGS=--cadvisor-port=0"
+Environment="KUBELET_CERTIFICATE_ARGS=--rotate-certificates=true --cert-dir=/var/lib/kubelet/pki"
+ExecStart=
+ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_SYSTEM_PODS_ARGS $KUBELET_NETWORK_ARGS $KUBELET_DNS_ARGS $KUBELET_AUTHZ_ARGS $KUBELET_CADVISOR_ARGS $KUBELET_CERTIFICATE_ARGS $KUBELET_EXTRA_ARGS

install-plugin.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+set -eu
+OS=${OS:-darwin}
+HCLOUD_VERSION=${HCLOUD_VERSION:-1.1.0}
+HCLOUD_TERRAFORM_URL=${HCLOUD_TERRAFORM_URL:-"https://github.com/hetznercloud/terraform-provider-hcloud/releases/download/v${HCLOUD_VERSION}/terraform-provider-hcloud_v${HCLOUD_VERSION}_${OS}_amd64.zip"}
+echo "Install Terraform plugin from:"
+echo "$HCLOUD_TERRAFORM_URL"
+curl -sSL $HCLOUD_TERRAFORM_URL -o terraform-provider-hcloud_v${HCLOUD_VERSION}_${OS}_amd64.zip
+
+unzip -d /tmp/terraform-provider-hcloud_v${HCLOUD_VERSION}_${OS}_amd64 terraform-provider-hcloud_v${HCLOUD_VERSION}_${OS}_amd64.zip
+
+mkdir -p ~/.terraform.d/plugins/
+
+mv -v /tmp/terraform-provider-hcloud_v${HCLOUD_VERSION}_${OS}_amd64/terraform-provider-hcloud ~/.terraform.d/plugins/terraform-provider-hcloud

main.tf

@@ -0,0 +1,101 @@
+provider "hcloud" {
+  token = "${var.hcloud_token}"
+}
+
+resource "hcloud_ssh_key" "k8s_admin" {
+  name       = "k8s_admin"
+  public_key = "${file(var.ssh_public_key)}"
+}
+
+resource "hcloud_server" "master" {
+  count       = "${var.master_count}"
+  name        = "master-${count.index + 1}"
+  server_type = "${var.master_type}"
+  image       = "${var.master_image}"
+  ssh_keys    = ["${hcloud_ssh_key.k8s_admin.id}"]
+
+  connection {
+    private_key = "${file(var.ssh_private_key)}"
+  }
+
+  provisioner "file" {
+    source      = "files/10-kubeadm.conf"
+    destination = "/root/10-kubeadm.conf"
+  }
+
+  provisioner "file" {
+    source      = "scripts/bootstrap.sh"
+    destination = "/root/bootstrap.sh"
+  }
+
+  provisioner "remote-exec" {
+    inline = "DOCKER_VERSION=${var.docker_version} KUBERNETES_VERSION=${var.kubernetes_version} bash /root/bootstrap.sh"
+  }
+
+  provisioner "file" {
+    source      = "scripts/master.sh"
+    destination = "/root/master.sh"
+  }
+
+  provisioner "remote-exec" {
+    inline = "CORE_DNS=${var.core_dns} bash /root/master.sh"
+  }
+
+  provisioner "local-exec" {
+    command = "bash scripts/copy-kubeadm-token.sh"
+
+    environment {
+      SSH_PRIVATE_KEY = "${var.ssh_private_key}"
+      SSH_USERNAME    = "root"
+      SSH_HOST        = "${hcloud_server.master.ipv4_address}"
+      TARGET          = "${path.module}/secrets/"
+    }
+  }
+}
+
+resource "hcloud_server" "node" {
+  count       = "${var.node_count}"
+  name        = "node-${count.index + 1}"
+  server_type = "${var.node_type}"
+  image       = "${var.node_image}"
+  depends_on  = ["hcloud_server.master"]
+  ssh_keys    = ["${hcloud_ssh_key.k8s_admin.id}"]
+
+  connection {
+    private_key = "${file(var.ssh_private_key)}"
+  }
+
+  provisioner "file" {
+    source      = "files/10-kubeadm.conf"
+    destination = "/root/10-kubeadm.conf"
+  }
+
+  provisioner "file" {
+    source      = "scripts/bootstrap.sh"
+    destination = "/root/bootstrap.sh"
+  }
+
+  provisioner "remote-exec" {
+    inline = "DOCKER_VERSION=${var.docker_version} KUBERNETES_VERSION=${var.kubernetes_version} bash /root/bootstrap.sh"
+  }
+
+  provisioner "file" {
+    source      = "${path.module}/secrets/kubeadm_join"
+    destination = "/tmp/kubeadm_join"
+
+    connection {
+      type        = "ssh"
+      user        = "root"
+      private_key = "${file(var.ssh_private_key)}"
+    }
+  }
+
+  provisioner "file" {
+    source      = "scripts/node.sh"
+    destination = "/root/node.sh"
+  }
+
+  provisioner "remote-exec" {
+    inline = "bash /root/node.sh"
+  }
+}

outputs.tf

@@ -0,0 +1,8 @@
+output "node_ips" {
+  value = ["${hcloud_server.node.*.ipv4_address}"]
+}
+
+output "master_ips" {
+  value = ["${hcloud_server.master.*.ipv4_address}"]
+}
+

scripts/bootstrap.sh

@@ -0,0 +1,57 @@
+#!/bin/bash
+set -eu
+DOCKER_VERSION=${DOCKER_VERSION:-}
+KUBERNETES_VERSION=${KUBERNETES_VERSION:-}
+
+echo "
+Package: docker-ce
+Pin: version ${DOCKER_VERSION}.*
+Pin-Priority: 1000
+" > /etc/apt/preferences.d/docker-ce
+sleep 30
+apt-get -qq update
+apt-get -qq install -y \
+    apt-transport-https \
+    ca-certificates \
+    curl \
+    software-properties-common
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
+add-apt-repository \
+   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
+   $(lsb_release -cs) \
+   stable"
+apt-get -qq update && apt-get -qq install -y docker-ce
+
+cat > /etc/docker/daemon.json <<EOF
+{
+  "storage-driver":"overlay2" 
+}
+EOF
+
+systemctl restart docker.service
+
+curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
+cat <<EOF >/etc/apt/sources.list.d/kubernetes.list
+deb http://apt.kubernetes.io/ kubernetes-xenial main
+EOF
+
+echo "
+Package: kubelet
+Pin: version ${KUBERNETES_VERSION}-*
+Pin-Priority: 1000
+" > /etc/apt/preferences.d/kubelet
+
+echo "
+Package: kubeadm
+Pin: version ${KUBERNETES_VERSION}-*
+Pin-Priority: 1000
+" > /etc/apt/preferences.d/kubeadm
+
+apt-get -qq update
+apt-get -qq install -y kubelet kubeadm
+
+mv -v /root/10-kubeadm.conf /etc/systemd/system/kubelet.service.d/10-kubeadm.conf 
+
+
+systemctl daemon-reload
+systemctl restart kubelet

scripts/copy-kubeadm-token.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+set -eu
+SSH_PRIVATE_KEY=${SSH_PRIVATE_KEY:-}
+SSH_USERNAME=${SSH_USERNAME:-}
+SSH_HOST=${SSH_HOST:-}
+
+TARGET=${TARGET:-}
+
+mkdir -p ${TARGET}
+
+scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
+    -i ${SSH_PRIVATE_KEY} \
+    ${SSH_USERNAME}@${SSH_HOST}:"/tmp/kubeadm_join" \
+    ${TARGET}
+
+scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
+    -i ${SSH_PRIVATE_KEY} \
+    ${SSH_USERNAME}@${SSH_HOST}:"/etc/kubernetes/admin.conf" \
+    ${TARGET}

scripts/master.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/bash
+set -eu
+
+KUBERNETES_VERSION=${KUBERNETES_VERSION:-}
+CORE_DNS=${CORE_DNS:-}
+
+echo "
+Package: kubectl
+Pin: version ${KUBERNETES_VERSION}-*
+Pin-Priority: 1000
+" > /etc/apt/preferences.d/kubectl
+
+apt-get install -qq -y kubectl
+
+# Initialize Cluster
+kubeadm init --feature-gates CoreDNS=$CORE_DNS
+
+systemctl enable docker kubelet
+
+# used to join nodes to the cluster
+kubeadm token create --print-join-command > /tmp/kubeadm_join

scripts/node.sh

@@ -0,0 +1,5 @@
+#!/usr/bin/bash
+set -eu
+
+eval $(cat /tmp/kubeadm_join)
+systemctl enable docker kubelet