chore: k3s tf module & spectrum module cleanup && cilium l2 support

.gitignore

@@ -5,3 +5,4 @@
 .direnv
 kubeconfig
 talosconfig
+provider_project/*

ephemeral/main.tf

@@ -30,7 +30,6 @@ module "spectrum" {
     local_sensitive_file.kubeconfig,
   ]
   source     = "../terraform-modules/spectrum"
-  components = ["kubevirt"]
   network    = var.github_branch
   cluster    = "ephemeral"
 

examples/k3s/README.md

@@ -0,0 +1,27 @@
+# Kubernetes cluster based on k3s
+
+This example deploys *k3s based* Kubernetes cluster on a specific host.
+
+### Requirements
+- installed [**Terraform**](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli) on your laptop
+- installed [**autok3s**](https://github.com/cnrancher/autok3s?tab=readme-ov-file#quick-start-tldr) on your laptop
+- target server accessible via `ssh`
+
+### Instruction
+- Copy files in this directory to your Fluence related *provider* directory
+- Update values with your own in `config.tf` file
+```
+locals {
+server_name  =  "example"
+server_ip_address  =  "1.1.1.1.1"
+ssh_key  =  "~/.ssh/key"
+ssh_user  =  "root"
+ssh_port  =  "22"
+}
+```
+- deploy using `terraform`
+```
+terraform init
+terraform apply
+```
+- you can check your freshly installed cluster in [**autok3s UI**](https://github.com/cnrancher/autok3s?tab=readme-ov-file#quick-start-tldr) 

examples/k3s/config.tf

@@ -0,0 +1,7 @@
+locals {
+  server_name       = "example"
+  server_ip_address = "1.1.1.1.1"
+  ssh_key           = "~/.ssh/key"
+  ssh_user          = "root"
+  ssh_port          = "22"
+}

examples/k3s/main.tf

@@ -0,0 +1,21 @@
+module "k3s" {
+  source               = "github.com/fluencelabs/spectrum//terraform-modules/k3s"
+  kubeconfigs_location = "${path.root}/secrets"
+  server_name          = local.server_name
+  server_ip_address    = local.server_ip_address
+  ssh_key              = local.ssh_key
+  ssh_user             = local.ssh_user
+  ssh_port             = local.ssh_port
+}
+
+provider "helm" {
+  kubernetes {
+    config_path = module.k3s.kubeconfig_file
+  }
+}
+
+module "spectrum" {
+  depends_on      = [module.k3s]
+  source          = "github.com/fluencelabs/spectrum//terraform-modules/spectrum"
+  cluster_flavour = "k3s"
+}

flux/components/cilium-l2/kustomization.yaml

@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+ - ./manifests.yaml

flux/components/cilium-l2/manifests.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumL2AnnouncementPolicy
+metadata:
+  name: fluence-l2
+  namespace: kube-system
+spec:
+  serviceSelector:
+    matchLabels:
+      fluence: cloudless.dev  
+  externalIPs: true
+  loadBalancerIPs: true
+---
+apiVersion: "cilium.io/v2alpha1"
+kind: CiliumLoadBalancerIPPool
+metadata:
+  name: fluence-l2
+  namespace: kube-system
+spec:
+  serviceSelector:
+    matchLabels:
+      fluence: cloudless.dev     
+

terraform-modules/k3s/autok3s.tf

@@ -0,0 +1,60 @@
+resource "terraform_data" "k3s-init" {
+
+  input = var.server_name
+  provisioner "local-exec" {
+    command = <<EOT
+        autok3s create --provider  native --docker-script  https://get.docker.com --k3s-channel  stable --k3s-install-script  https://get.k3s.io \
+        --master-extra-args '--disable servicelb,traefik --flannel-backend none --disable-kube-proxy --disable-network-policy' \
+        --name ${var.server_name} --rollback --ssh-key-path ${var.ssh_key} --ssh-port ${var.ssh_port} --ssh-user ${var.ssh_user} --master-ips ${var.server_ip_address} \
+        --enable explorer
+    EOT
+
+  }
+
+  provisioner "local-exec" {
+    when    = destroy
+    command = <<EOT
+        autok3s delete -p native --name ${self.input} -f
+    EOT
+
+  }
+}
+
+resource "terraform_data" "k3s-gen-kubeconfig" {
+  depends_on = [
+    terraform_data.k3s-init
+  ]
+  input = "${var.kubeconfigs_location}/kubeconfig.yaml"
+  provisioner "local-exec" {
+    command = <<EOT
+        mkdir -p ${var.kubeconfigs_location} && \
+        autok3s kubectl config use-context ${var.server_name} && \
+        autok3s kubectl config view --minify=true --raw > ${var.kubeconfigs_location}/kubeconfig.yaml
+    EOT
+
+  }
+
+  provisioner "local-exec" {
+    when    = destroy
+    command = <<EOT
+        rm -rf ${self.input}.yaml
+    EOT
+  }
+}
+
+resource "terraform_data" "os-init" {
+
+  connection {
+    type        = "ssh"
+    user        = var.ssh_user
+    port        = var.ssh_port
+    private_key = file(var.ssh_key)
+    host        = var.server_ip_address
+  }
+
+  provisioner "remote-exec" {
+    inline = [
+      "curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash"
+    ]
+  }
+}

terraform-modules/k3s/output.tf

@@ -0,0 +1,4 @@
+output "kubeconfig_file" {
+  description = "kubeconfig file location"
+  value       = "${terraform_data.k3s-gen-kubeconfig.input}"
+}

terraform-modules/k3s/variables.tf

@@ -0,0 +1,20 @@
+variable "kubeconfigs_location" {
+  default = "./secrets"
+}
+
+variable "server_name" {
+}
+
+variable "server_ip_address" {
+}
+
+variable "ssh_key" {
+}
+
+variable "ssh_port" {
+  default = "22"
+}
+
+variable "ssh_user" {
+  default = "root"
+}

terraform-modules/spectrum/cilium.tf

@@ -1,15 +1,3 @@
-locals {
-  invalid_l2_configuration = var.cilium_l2_enabled && length(var.cilium_devices) == 0
-}
-
-resource "null_resource" "validate_l2_config" {
-  count = local.invalid_l2_configuration ? 1 : 0
-
-  provisioner "local-exec" {
-    command = "echo 'Validation failed: If cilium_l2_enabled is true, cilium_devices must not be empty.'; exit 1"
-  }
-}
-
 resource "helm_release" "cilium" {
   name       = "cilium"
   chart      = "cilium"
@@ -20,9 +8,8 @@ resource "helm_release" "cilium" {
 
   values = [
     templatefile("${path.module}/templates/cilium.yml", {
-      l2_enabled     = var.cilium_l2_enabled,
-      devices        = var.cilium_devices
       hubble_enabled = var.cilium_hubble_enabled
+      cluster_flavour = var.cluster_flavour
     })
   ]
 }

terraform-modules/spectrum/flux.tf

@@ -36,7 +36,6 @@ resource "helm_release" "flux-sync" {
       network    = var.network
       cluster    = var.cluster
       variables  = var.flux_variables
-      components = var.components
     })
   ]
 }

terraform-modules/spectrum/templates/cilium.yml

@@ -6,7 +6,11 @@ rollOutCiliumPods: true
 envoy.rollOutPods: true
 
 k8sServiceHost: localhost
+%{ if cluster_flavour == "talos" }
 k8sServicePort: 7445
+%{ else }
+k8sServicePort: 6443
+%{ endif }
 
 ipam:
   mode: kubernetes
@@ -37,6 +41,7 @@ cgroup:
     enabled: false
   hostRoot: /sys/fs/cgroup
 
+%{ if hubble_enabled }
 hubble:
   enabled: ${hubble_enabled}
   relay:
@@ -45,16 +50,10 @@ hubble:
   ui:
     enabled: true
     rollOutPods: true
+%{ endif }
 
-%{ if l2_enabled }
 l2announcements:
   enabled: true
 
 externalIPs:
   enabled: true
-
-devices:
-  %{ for device in devices }
-  - ${device}
-  %{ endfor }
-%{ endif }

terraform-modules/spectrum/templates/flux-sync.yml

@@ -24,10 +24,3 @@ kustomizationlist:
       interval: 1m0s
       path: "./flux/components/lightmare/app"
       prune: true
-
-  %{ for component in components }
-  - spec:
-      interval: 1m0s
-      path: "./flux/components/${component}/app"
-      prune: true
-  %{ endfor }

terraform-modules/spectrum/variables.tf

@@ -8,14 +8,9 @@ variable "cluster" {
   default = "default"
 }
 
-variable "cilium_l2_enabled" {
-  type    = bool
-  default = false
-}
-
-variable "cilium_devices" {
-  type    = list(string)
-  default = []
+variable "cluster_flavour" {
+  type = string
+  default = "talos"
 }
 
 variable "cilium_hubble_enabled" {
@@ -27,8 +22,3 @@ variable "flux_variables" {
   type    = map(string)
   default = {}
 }
-
-variable "components" {
-  type    = list(string)
-  default = []
-}