Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: k3s tf module & spectrum module cleanup && cilium l2 support #19

Merged
merged 12 commits into from
Dec 4, 2024
Merged

chore: k3s tf module & spectrum module cleanup && cilium l2 support #19

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
95c7d0a
init commit
enjenjenje Dec 3, 2024
4120a3c
init
enjenjenje Dec 3, 2024
832a546
mda
enjenjenje Dec 3, 2024
e8d90a1
mda
enjenjenje Dec 3, 2024
9550d2e
hmm
enjenjenje Dec 3, 2024
9f99172
hmm
enjenjenje Dec 3, 2024
bed45d5
kek
enjenjenje Dec 3, 2024
0e1650a
example points to github repo
enjenjenje Dec 3, 2024
67a5080
fmt && readme
enjenjenje Dec 3, 2024
ce97b59
added temp flavour
enjenjenje Dec 3, 2024
6bfaa54
typo fix
enjenjenje Dec 3, 2024
4f9891a
Update spectrum module
nahsi Dec 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,4 @@
.direnv
kubeconfig
talosconfig
provider_project/*
27 changes: 27 additions & 0 deletions examples/k3s/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# Kubernetes cluster based on k3s

This example deploys *k3s based* Kubernetes cluster on a specific host.

### Requirements
- installed [**Terraform**](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli) on your laptop
- installed [**autok3s**](https://github.com/cnrancher/autok3s?tab=readme-ov-file#quick-start-tldr) on your laptop
- target server accessible via `ssh`

### Instruction
- Copy files in this directory to your Fluence related *provider* directory
- Update values with your own in `config.tf` file
```
locals {
server_name = "example"
server_ip_address = "1.1.1.1.1"
ssh_key = "~/.ssh/key"
ssh_user = "root"
ssh_port = "22"
}
```
- deploy using `terraform`
```
terraform init
terraform apply
```
- you can check your freshly installed cluster in [**autok3s UI**](https://github.com/cnrancher/autok3s?tab=readme-ov-file#quick-start-tldr)
7 changes: 7 additions & 0 deletions examples/k3s/config.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
locals {
server_name = "example"
server_ip_address = "1.1.1.1.1"
ssh_key = "~/.ssh/key"
ssh_user = "root"
ssh_port = "22"
}
21 changes: 21 additions & 0 deletions examples/k3s/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
module "k3s" {
source = "github.com/fluencelabs/spectrum//terraform-modules/k3s"
kubeconfigs_location = "${path.root}/secrets"
server_name = local.server_name
server_ip_address = local.server_ip_address
ssh_key = local.ssh_key
ssh_user = local.ssh_user
ssh_port = local.ssh_port
}

provider "helm" {
kubernetes {
config_path = module.k3s.kubeconfig_file
}
}

module "spectrum" {
depends_on = [module.k3s]
source = "github.com/fluencelabs/spectrum//terraform-modules/spectrum"
cluster_flavour = "k3s"
}
4 changes: 4 additions & 0 deletions flux/components/cilium-l2/kustomization.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./manifests.yaml
23 changes: 23 additions & 0 deletions flux/components/cilium-l2/manifests.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
---
apiVersion: "cilium.io/v2alpha1"
kind: CiliumL2AnnouncementPolicy
metadata:
name: fluence-l2
namespace: kube-system
spec:
serviceSelector:
matchLabels:
fluence: cloudless.dev
externalIPs: true
loadBalancerIPs: true
---
apiVersion: "cilium.io/v2alpha1"
kind: CiliumLoadBalancerIPPool
metadata:
name: fluence-l2
namespace: kube-system
spec:
serviceSelector:
matchLabels:
fluence: cloudless.dev

60 changes: 60 additions & 0 deletions terraform-modules/k3s/autok3s.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
resource "terraform_data" "k3s-init" {

input = var.server_name
provisioner "local-exec" {
command = <<EOT
autok3s create --provider native --docker-script https://get.docker.com --k3s-channel stable --k3s-install-script https://get.k3s.io \
--master-extra-args '--disable servicelb,traefik --flannel-backend none --disable-kube-proxy --disable-network-policy' \
--name ${var.server_name} --rollback --ssh-key-path ${var.ssh_key} --ssh-port ${var.ssh_port} --ssh-user ${var.ssh_user} --master-ips ${var.server_ip_address} \
--enable explorer
EOT

}

provisioner "local-exec" {
when = destroy
command = <<EOT
autok3s delete -p native --name ${self.input} -f
EOT

}
}

resource "terraform_data" "k3s-gen-kubeconfig" {
depends_on = [
terraform_data.k3s-init
]
input = "${var.kubeconfigs_location}/kubeconfig.yaml"
provisioner "local-exec" {
command = <<EOT
mkdir -p ${var.kubeconfigs_location} && \
autok3s kubectl config use-context ${var.server_name} && \
autok3s kubectl config view --minify=true --raw > ${var.kubeconfigs_location}/kubeconfig.yaml
EOT

}

provisioner "local-exec" {
when = destroy
command = <<EOT
rm -rf ${self.input}.yaml
EOT
}
}

resource "terraform_data" "os-init" {

connection {
type = "ssh"
user = var.ssh_user
port = var.ssh_port
private_key = file(var.ssh_key)
host = var.server_ip_address
}

provisioner "remote-exec" {
inline = [
"curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash"
]
}
}
4 changes: 4 additions & 0 deletions terraform-modules/k3s/output.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
output "kubeconfig_file" {
description = "kubeconfig file location"
value = "${terraform_data.k3s-gen-kubeconfig.input}"
}
20 changes: 20 additions & 0 deletions terraform-modules/k3s/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
variable "kubeconfigs_location" {
default = "./secrets"
}

variable "server_name" {
}

variable "server_ip_address" {
}

variable "ssh_key" {
}

variable "ssh_port" {
default = "22"
}

variable "ssh_user" {
default = "root"
}
8 changes: 0 additions & 8 deletions terraform-modules/spectrum/backend.tf
View file
Open in desktop

This file was deleted.

15 changes: 1 addition & 14 deletions terraform-modules/spectrum/cilium.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,15 +1,3 @@
locals {
invalid_l2_configuration = var.cilium_l2_enabled && length(var.cilium_devices) == 0
}

resource "null_resource" "validate_l2_config" {
count = local.invalid_l2_configuration ? 1 : 0

provisioner "local-exec" {
command = "echo 'Validation failed: If cilium_l2_enabled is true, cilium_devices must not be empty.'; exit 1"
}
}

resource "helm_release" "cilium" {
name = "cilium"
chart = "cilium"
Expand All @@ -20,9 +8,8 @@ resource "helm_release" "cilium" {

values = [
templatefile("${path.module}/templates/cilium.yml", {
l2_enabled = var.cilium_l2_enabled,
devices = var.cilium_devices
hubble_enabled = var.cilium_hubble_enabled
cluster_flavour = var.cluster_flavour
})
]
}
13 changes: 6 additions & 7 deletions terraform-modules/spectrum/templates/cilium.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,11 @@ rollOutCiliumPods: true
envoy.rollOutPods: true

k8sServiceHost: localhost
%{ if cluster_flavour == "talos" }
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nahsi pls note this. As discussed maybe we should move talos to 6443 as well

k8sServicePort: 7445
%{ else }
k8sServicePort: 6443
%{ endif }

ipam:
mode: kubernetes
Expand Down Expand Up @@ -37,6 +41,7 @@ cgroup:
enabled: false
hostRoot: /sys/fs/cgroup

%{ if hubble_enabled }
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

had to do it, otherwise it fails if hubble disabled

hubble:
enabled: ${hubble_enabled}
relay:
Expand All @@ -45,16 +50,10 @@ hubble:
ui:
enabled: true
rollOutPods: true
%{ endif }

%{ if l2_enabled }
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed, will always add this features

l2announcements:
enabled: true

externalIPs:
enabled: true

devices:
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

removed, devices not required. But if we decide to have it - will be managed at fcli manifests

%{ for device in devices }
- ${device}
%{ endfor }
%{ endif }
11 changes: 3 additions & 8 deletions terraform-modules/spectrum/variables.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,9 @@ variable "cluster" {
default = "default"
}

variable "cilium_l2_enabled" {
type = bool
default = false
}

variable "cilium_devices" {
type = list(string)
default = []
variable "cluster_flavour" {
type = string
default = "talos"
}

variable "cilium_hubble_enabled" {
Expand Down