Skip to content

Commit

Permalink
chore: Upgrade dependencies + default to v1.28.3 (#35)
Browse files Browse the repository at this point in the history 
* chore: Upgrade dependencies + default to v1.28.3

* fmt
  • Loading branch information
@tibordp
tibordp authored Oct 28, 2023
1 parent 149e546 commit 6d0044a
Show file tree
Hide file tree
Showing 11 changed files with 347 additions and 320 deletions.
4 changes: 2 additions & 2 deletions .github/workflows/e2e.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,10 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v4

- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
uses: hashicorp/setup-terraform@v2
with:
terraform_wrapper: false

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/lint_terraform.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
uses: actions/checkout@v2

- name: Setup Terraform
uses: hashicorp/setup-terraform@v1
uses: hashicorp/setup-terraform@v2

- name: Terraform Init
run: terraform init
Expand Down
14 changes: 6 additions & 8 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ module "worker_nodes" {
}
output "kubeconfig" {
value = module.k8s.kubeconfig
value = module.cluster.kubeconfig
sensitive = true
}
```
Expand All @@ -69,22 +69,20 @@ and check the access by viewing the created cluster nodes:
```cmd
$ kubectl get nodes --kubeconfig=kubeconfig.conf
NAME STATUS ROLES AGE VERSION
k8s-control-plane-0 Ready control-plane 31m v1.27.1
k8s-worker-0 Ready <none> 31m v1.27.1
k8s-worker-1 Ready <none> 31m v1.27.1
k8s-control-plane-0 Ready control-plane 31m v1.28.3
k8s-worker-0 Ready <none> 31m v1.28.3
k8s-worker-1 Ready <none> 31m v1.28.3
```

## Supported base images

The module should work on most major RPM and DEB distros. It been tested on these base images:

- Ubuntu 22.04 (`ubuntu-22.04`)
- Debian 11 (`debian-11`)
- Centos Stream 8 (`centos-stream-8`)
- Debian 12 (`debian-12`)
- Centos Stream 9 (`centos-stream-9`)
- Rocky Linux 8 (`rocky-8`)
- Rocky Linux 9 (`rocky-9`)
- Fedora 37 (`fedora-37`)
- Fedora 38 (`fedora-38`)

Others may work as well, but have not been tested.

Expand Down
3 changes: 2 additions & 1 deletion joinconfig.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@ locals {
# Bootstrap token valid for 10 years
bootstrap_token_ttl = 10 * 365 * 24
provision_script = templatefile("${path.module}/modules/kubernetes-node/scripts/prepare-node.sh.tpl", {
kubernetes_version = var.kubernetes_version
kubernetes_version = var.kubernetes_version
kubernetes_minor_version = replace(var.kubernetes_version, "/^(\\d+\\.\\d+).*$/", "$1")
})
}

Expand Down
3 changes: 2 additions & 1 deletion modules/kubernetes-node/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,8 @@ terraform {

locals {
provision_script = templatefile("${path.module}/scripts/prepare-node.sh.tpl", {
kubernetes_version = var.kubernetes_version
kubernetes_version = var.kubernetes_version
kubernetes_minor_version = replace(var.kubernetes_version, "/^(\\d+\\.\\d+).*$/", "$1")
})
}

Expand Down
16 changes: 8 additions & 8 deletions modules/kubernetes-node/scripts/prepare-node.sh.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,10 @@ install_prerequisites() {
apt-get -qq upgrade
apt-get -qq install apt-transport-https ca-certificates curl gnupg lsb-release ipvsadm wireguard apparmor
curl -fsSL https://download.docker.com/linux/$os_id/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/kubernetes-archive-keyring.gpg
curl -fsSL https://pkgs.k8s.io/core:/stable:/v${kubernetes_minor_version}/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/$os_id $(lsb_release -cs) stable" \
>/etc/apt/sources.list.d/docker.list
echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" \
echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v${kubernetes_minor_version}/deb/ /" \
>/etc/apt/sources.list.d/kubernetes.list

# Install container runtime
Expand All @@ -38,12 +38,11 @@ install_prerequisites() {
cat <<-EOF > /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-\$basearch
baseurl=https://pkgs.k8s.io/core:/stable:/v${kubernetes_minor_version}/rpm/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
exclude=kubelet kubeadm kubectl
gpgkey=https://pkgs.k8s.io/core:/stable:/v${kubernetes_minor_version}/rpm/repodata/repomd.xml.key
exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
EOF

if [ "$os_id" == "fedora" ]; then
Expand Down Expand Up @@ -109,9 +108,10 @@ configure_containerd() {

install_kubernetes() {
if [ $is_debian_like == 1 ]; then
apt-get -qq install kubelet=${kubernetes_version}-00 kubeadm=${kubernetes_version}-00 kubectl=${kubernetes_version}-00
apt-get -qq install kubelet=${kubernetes_version}-* kubeadm=${kubernetes_version}-* kubectl=${kubernetes_version}-*
apt-mark hold kubelet kubeadm kubectl

mkdir -p /etc/systemd/system/kubelet.service.d
cat <<-EOF > /etc/systemd/system/kubelet.service.d/20-hcloud.conf
[Service]
Environment="KUBELET_EXTRA_ARGS=--cloud-provider=external --node-ip=::"
Expand All @@ -128,7 +128,7 @@ install_kubernetes() {
fi

echo 'KUBELET_EXTRA_ARGS=--cloud-provider=external --node-ip=::' > /etc/sysconfig/kubelet
dnf -qy install kubelet-${kubernetes_version}-0 kubeadm-${kubernetes_version}-0 kubectl-${kubernetes_version}-0 --disableexcludes=kubernetes
dnf -qy install kubelet-${kubernetes_version}-* kubeadm-${kubernetes_version}-* kubectl-${kubernetes_version}-* --disableexcludes=kubernetes
systemctl enable --now containerd kubelet
fi
}
Expand Down
5 changes: 5 additions & 0 deletions modules/kubernetes-node/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,11 @@ variable "image" {
variable "kubernetes_version" {
description = "Kubernetes version"
type = string

validation {
condition = can(regex("^1\\.([0-9]+)\\.([0-9]+)$", var.kubernetes_version))
error_message = "The kubernetes_version value must be a \"1.x.y\"."
}
}

variable "location" {
Expand Down
9 changes: 7 additions & 2 deletions modules/worker-node/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,14 @@ variable "labels" {
}

variable "kubernetes_version" {
description = "Version of Kubernetes to install (default: 1.27.1)"
description = "Kubernetes version"
type = string
default = "1.27.1"
default = "1.28.3"

validation {
condition = can(regex("^1\\.([0-9]+)\\.([0-9]+)$", var.kubernetes_version))
error_message = "The kubernetes_version value must be a \"1.x.y\"."
}
}

variable "use_hcloud_network" {
Expand Down
16 changes: 10 additions & 6 deletions templates/hetzner_ccm.yaml.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,21 +3,21 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: cloud-controller-manager
name: hcloud-cloud-controller-manager
namespace: kube-system
---
# Source: hcloud-cloud-controller-manager/templates/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: system:cloud-controller-manager
name: "system:hcloud-cloud-controller-manager"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: cloud-controller-manager
name: hcloud-cloud-controller-manager
namespace: kube-system
---
# Source: hcloud-cloud-controller-manager/templates/deployment.yaml
Expand All @@ -37,7 +37,7 @@ spec:
labels:
app: hcloud-cloud-controller-manager
spec:
serviceAccountName: cloud-controller-manager
serviceAccountName: hcloud-cloud-controller-manager
dnsPolicy: Default
tolerations:
# Allow HCCM itself to schedule on nodes that have not yet been initialized by HCCM.
Expand All @@ -48,6 +48,9 @@ spec:
operator: "Exists"

# Allow HCCM to schedule on control plane nodes.
- key: "node-role.kubernetes.io/master"
effect: NoSchedule
operator: Exists
- key: "node-role.kubernetes.io/control-plane"
effect: NoSchedule
operator: Exists
Expand All @@ -57,13 +60,13 @@ spec:
hostNetwork: true
containers:
- name: hcloud-cloud-controller-manager
image: hetznercloud/hcloud-cloud-controller-manager:v1.15.0
command:
- "/bin/hcloud-cloud-controller-manager"
- "--allow-untagged-cloud"
- "--cloud-provider=hcloud"
- "--leader-elect=false"
- "--route-reconciliation-period=30s"
- "--webhook-secure-port=0"
- "--leader-elect=false"
%{ if use_hcloud_network ~}
- "--allocate-node-cidrs=true"
- "--cluster-cidr=${pod_cidr_ipv4}"
Expand All @@ -87,6 +90,7 @@ spec:
%{ endif ~}
- name: HCLOUD_INSTANCES_ADDRESS_FAMILY
value: dualstack
image: hetznercloud/hcloud-cloud-controller-manager:v1.18.0 # x-release-please-version
ports:
- name: metrics
containerPort: 8233
Expand Down
Loading

0 comments on commit 6d0044a

Please sign in to comment.