From 960d5131af94248f227f6af2f48e216ac251cbac Mon Sep 17 00:00:00 2001 From: Vito Botta Date: Thu, 17 Feb 2022 22:29:02 +0200 Subject: [PATCH] Replace ipsec with wireguard --- Gemfile.lock | 2 +- README.md | 7 ++----- bin/build.sh | 6 +++--- bin/console.sh | 0 bin/setup.sh | 0 entrypoint.sh | 0 exe/hetzner-k3s | 0 lib/hetzner/infra/server.rb | 2 +- lib/hetzner/k3s/cluster.rb | 8 ++++---- lib/hetzner/k3s/version.rb | 2 +- 10 files changed, 12 insertions(+), 15 deletions(-) mode change 100644 => 100755 bin/build.sh mode change 100644 => 100755 bin/console.sh mode change 100644 => 100755 bin/setup.sh mode change 100644 => 100755 entrypoint.sh mode change 100644 => 100755 exe/hetzner-k3s diff --git a/Gemfile.lock b/Gemfile.lock index 280d7da..715b4fd 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ PATH remote: . specs: - hetzner-k3s (0.5.0) + hetzner-k3s (0.5.3) bcrypt_pbkdf ed25519 http diff --git a/README.md b/README.md index 1b744c4..2d09d8d 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ This will install the `hetzner-k3s` executable in your PATH. Alternatively, if you don't want to set up a Ruby runtime but have Docker installed, you can use a container. Run the following from inside the directory where you have the config file for the cluster (described in the next section): ```bash -docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.5.2 create-cluster --config-file /cluster/test.yaml +docker run --rm -it -v ${PWD}:/cluster -v ${HOME}/.ssh:/tmp/.ssh vitobotta/hetzner-k3s:v0.5.3 create-cluster --config-file /cluster/test.yaml ``` Replace `test.yaml` with the name of your config file. @@ -73,7 +73,7 @@ worker_node_pools: instance_count: 2 additional_packages: - somepackage -enable_ipsec_encryption: true +enable_encryption: true ``` It should hopefully be self explanatory; you can run `hetzner-k3s releases` to see a list of the available releases from the most recent to the oldest available. @@ -256,9 +256,6 @@ Once the cluster is ready you can create persistent volumes out of the box with I recommend that you create a separate Hetzner project for each cluster, because otherwise multiple clusters will attempt to create overlapping routes. I will make the pod cidr configurable in the future to avoid this, but I still recommend keeping clusters separated from each other. This way, if you want to delete a cluster with all the resources created for it, you can just delete the project. -## changelog - -See changelog [here](https://github.com/vitobotta/hetzner-k3s/wiki/Changelog). ## Contributing and support Please create a PR if you want to propose any changes, or open an issue if you are having trouble with the tool - I will do my best to help if I can. diff --git a/bin/build.sh b/bin/build.sh old mode 100644 new mode 100755 index 6d0ba38..881909d --- a/bin/build.sh +++ b/bin/build.sh @@ -6,9 +6,9 @@ set -e IMAGE="vitobotta/hetzner-k3s" -docker build -t ${IMAGE}:v0.5.2 \ +docker build -t ${IMAGE}:v0.5.3 \ --platform=linux/amd64 \ - --cache-from ${IMAGE}:v0.5.1 \ + --cache-from ${IMAGE}:v0.5.2 \ --build-arg BUILDKIT_INLINE_CACHE=1 . -docker push vitobotta/hetzner-k3s:v0.5.2 +docker push vitobotta/hetzner-k3s:v0.5.3 diff --git a/bin/console.sh b/bin/console.sh old mode 100644 new mode 100755 diff --git a/bin/setup.sh b/bin/setup.sh old mode 100644 new mode 100755 diff --git a/entrypoint.sh b/entrypoint.sh old mode 100644 new mode 100755 diff --git a/exe/hetzner-k3s b/exe/hetzner-k3s old mode 100644 new mode 100755 diff --git a/lib/hetzner/infra/server.rb b/lib/hetzner/infra/server.rb index f144423..3ea5465 100644 --- a/lib/hetzner/infra/server.rb +++ b/lib/hetzner/infra/server.rb @@ -81,7 +81,7 @@ def find_server(server_name) end def user_data - packages = ['fail2ban'] + packages = ['fail2ban', 'wireguard'] packages += additional_packages if additional_packages packages = "'#{packages.join("', '")}'" diff --git a/lib/hetzner/k3s/cluster.rb b/lib/hetzner/k3s/cluster.rb index b54d990..8de6319 100644 --- a/lib/hetzner/k3s/cluster.rb +++ b/lib/hetzner/k3s/cluster.rb @@ -38,7 +38,7 @@ def create(configuration:) @verify_host_key = configuration.fetch('verify_host_key', false) @servers = [] @networks = configuration['ssh_allowed_networks'] - @enable_ipsec_encryption = configuration.fetch('enable_ipsec_encryption', false) + @enable_encryption = configuration.fetch('enable_encryption', false) create_resources @@ -81,7 +81,7 @@ def upgrade(configuration:, new_k3s_version:, config_file:) :location, :public_ssh_key_path, :hetzner_token, :new_k3s_version, :configuration, :config_file, :verify_host_key, :networks, :private_ssh_key_path, - :enable_ipsec_encryption + :enable_encryption def find_worker_node_pools(configuration) configuration.fetch('worker_node_pools', []) @@ -190,7 +190,7 @@ def upgrade_cluster def master_script(master) server = master == first_master ? ' --cluster-init ' : " --server https://#{api_server_ip}:6443 " flannel_interface = find_flannel_interface(master) - flannel_ipsec = enable_ipsec_encryption ? ' --flannel-backend=ipsec ' : ' ' + flannel_wireguard = enable_encryption ? ' --flannel-backend=wireguard ' : ' ' taint = schedule_workloads_on_masters? ? ' ' : ' --node-taint CriticalAddonsOnly=true:NoExecute ' @@ -205,7 +205,7 @@ def master_script(master) --node-name="$(hostname -f)" \ --cluster-cidr=10.244.0.0/16 \ --etcd-expose-metrics=true \ - #{flannel_ipsec} \ + #{flannel_wireguard} \ --kube-controller-manager-arg="address=0.0.0.0" \ --kube-controller-manager-arg="bind-address=0.0.0.0" \ --kube-proxy-arg="metrics-bind-address=0.0.0.0" \ diff --git a/lib/hetzner/k3s/version.rb b/lib/hetzner/k3s/version.rb index 0a96171..b833fde 100644 --- a/lib/hetzner/k3s/version.rb +++ b/lib/hetzner/k3s/version.rb @@ -2,6 +2,6 @@ module Hetzner module K3s - VERSION = '0.5.2' + VERSION = '0.5.3' end end