diff --git a/.gitignore b/.gitignore index 16bc502..458f192 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ kubeconfig.yaml-e terraform.tfvars plans.yaml traefik_config.yaml +kured.yaml diff --git a/agents.tf b/agents.tf index da4c4f5..10912ec 100644 --- a/agents.tf +++ b/agents.tf @@ -44,11 +44,11 @@ resource "null_resource" "agents" { provisioner "file" { content = yamlencode({ node-name = module.agents[each.key].name - server = "https://${local.first_control_plane_network_ipv4}:6443" + server = "https://${module.control_planes[0].private_ipv4_address}:6443" token = random_password.k3s_token.result kubelet-arg = "cloud-provider=external" flannel-iface = "eth1" - node-ip = module.agents[each.key].ipv4_address + node-ip = module.agents[each.key].private_ipv4_address node-label = var.automatically_upgrade_k3s ? ["k3s_upgrade=true"] : [] }) destination = "/tmp/config.yaml" diff --git a/control_planes.tf b/control_planes.tf index 7c31d4b..34cf4bf 100644 --- a/control_planes.tf +++ b/control_planes.tf @@ -53,7 +53,6 @@ resource "null_resource" "control_planes" { kubelet-arg = "cloud-provider=external" node-ip = module.control_planes[count.index].private_ipv4_address advertise-address = module.control_planes[count.index].private_ipv4_address - tls-san = module.control_planes[count.index].private_ipv4_address node-taint = var.allow_scheduling_on_control_plane ? [] : ["node-role.kubernetes.io/master:NoSchedule"] node-label = var.automatically_upgrade_k3s ? ["k3s_upgrade=true"] : [] }) diff --git a/init.tf b/init.tf index 787550d..36e85a3 100644 --- a/init.tf +++ b/init.tf @@ -18,7 +18,6 @@ resource "null_resource" "first_control_plane" { kubelet-arg = "cloud-provider=external" node-ip = module.control_planes[0].private_ipv4_address advertise-address = module.control_planes[0].private_ipv4_address - tls-san = module.control_planes[0].private_ipv4_address node-taint = var.allow_scheduling_on_control_plane ? [] : ["node-role.kubernetes.io/master:NoSchedule"] node-label = var.automatically_upgrade_k3s ? ["k3s_upgrade=true"] : [] }) diff --git a/locals.tf b/locals.tf index 1c9fe5d..4530a94 100644 --- a/locals.tf +++ b/locals.tf @@ -1,8 +1,7 @@ locals { - first_control_plane_network_ipv4 = module.control_planes[0].private_ipv4_address - is_single_node_cluster = var.control_plane_count + length(keys(var.agent_nodepools)) == 1 - - ssh_public_key = trimspace(file(var.public_key)) + # if we are in a single cluster config, we use the default klipper lb instead of traefik + is_single_node_cluster = var.control_plane_count + length(keys(var.agent_nodepools)) == 1 + ssh_public_key = trimspace(file(var.public_key)) # ssh_private_key is either the contents of var.private_key or null to use a ssh agent. ssh_private_key = var.private_key == null ? null : trimspace(file(var.private_key)) # ssh_identity is not set if the private key is passed directly, but if ssh agent is used, the public key tells ssh agent which private key to use. diff --git a/modules/host/templates/userdata.yaml.tpl b/modules/host/templates/userdata.yaml.tpl index b704130..6720ca5 100644 --- a/modules/host/templates/userdata.yaml.tpl +++ b/modules/host/templates/userdata.yaml.tpl @@ -43,6 +43,10 @@ runcmd: # We set Google DNS servers - [ sed, -i, 's#NETCONFIG_DNS_STATIC_SERVERS=""#NETCONFIG_DNS_STATIC_SERVERS="8.8.8.8 8.8.4.4"#g', /etc/sysconfig/network/config] +# Bound the amount of logs that can survive on the system +- [ sed, -i, 's/#SystemMaxUse=/SystemMaxUse=3G/g', /etc/systemd/journald.conf] +- [ sed, -i, 's/#MaxRetentionSec=/MaxRetentionSec=1week/g', /etc/systemd/journald.conf] + # Activate the private network - systemctl reload network