diff --git a/README.md b/README.md index 34581ac..6cc23fc 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ _Please note that we are not affiliated to Hetzner, this is just an open source - Proper use of the underlying Hetzner private network to remove the need for encryption and minimize latency. - Automatic HA with the default setting of three control-plane and two agents nodes. - Ability to add or remove as many nodes as you want while the cluster stays running. -- Automatic Traefik ingress controller attached to a Hetzner load balancer with proxy protocol turned on. +- (Optional) Traefik ingress controller attached to a Hetzner load balancer with proxy protocol turned on. - (Optional) Out of the box config of Traefik with SSL certficate auto-generation. _It uses Terraform to deploy as it's easy to use, and Hetzner provides a great [Hetzner Terraform Provider](https://registry.terraform.io/providers/hetznercloud/hcloud/latest/docs)._ diff --git a/init.tf b/init.tf index 4b64e15..92ab81c 100644 --- a/init.tf +++ b/init.tf @@ -13,7 +13,7 @@ resource "null_resource" "first_control_plane" { token = random_password.k3s_token.result cluster-init = true disable-cloud-controller = true - disable = concat(["local-storage"], local.is_single_node_cluster ? [] : ["servicelb"]) + disable = concat(["local-storage"], local.is_single_node_cluster ? [] : ["servicelb"], var.traefik_enabled ? [] : ["traefik"], var.metric_server_enabled ? [] : ["metric-server"]) flannel-iface = "eth1" kubelet-arg = "cloud-provider=external" node-ip = module.control_planes[0].private_ipv4_address @@ -79,7 +79,7 @@ resource "null_resource" "kustomization" { "https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml", "https://github.com/weaveworks/kured/releases/download/${local.kured_version}/kured-${local.kured_version}-dockerhub.yaml", "https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml", - ], local.is_single_node_cluster ? [] : ["traefik.yaml"]), + ], local.is_single_node_cluster ? [] : var.traefik_enabled ? ["traefik.yaml"] : []), patchesStrategicMerge = [ file("${path.module}/kustomize/kured.yaml"), file("${path.module}/kustomize/ccm.yaml"), @@ -91,7 +91,7 @@ resource "null_resource" "kustomization" { # Upload traefik config provisioner "file" { - content = local.is_single_node_cluster ? "" : templatefile( + content = local.is_single_node_cluster ? "" : var.traefik_enabled == false ? "" : templatefile( "${path.module}/templates/traefik_config.yaml.tpl", { name = "${var.cluster_name}-traefik" @@ -142,7 +142,7 @@ resource "null_resource" "kustomization" { "kubectl -n system-upgrade wait --for=condition=available --timeout=120s deployment/system-upgrade-controller", "kubectl -n system-upgrade apply -f /tmp/post_install/plans.yaml" ], - local.is_single_node_cluster ? [] : [<<-EOT + local.is_single_node_cluster ? [] : var.traefik_enabled == false ? [] : [<<-EOT timeout 120 bash < /dev/null)" ]; do echo "Waiting for load-balancer to get an IP..." diff --git a/main.tf b/main.tf index 0652399..3186534 100644 --- a/main.tf +++ b/main.tf @@ -56,7 +56,7 @@ resource "hcloud_placement_group" "k3s" { } data "hcloud_load_balancer" "traefik" { - count = local.is_single_node_cluster ? 0 : 1 + count = local.is_single_node_cluster ? 0 : var.traefik_enabled == false ? 0 : 1 name = "${var.cluster_name}-traefik" depends_on = [null_resource.kustomization] diff --git a/output.tf b/output.tf index e0089fd..b84c324 100644 --- a/output.tf +++ b/output.tf @@ -17,7 +17,7 @@ output "agents_public_ipv4" { output "load_balancer_public_ipv4" { description = "The public IPv4 address of the Hetzner load balancer" - value = local.is_single_node_cluster ? module.control_planes[0].ipv4_address : data.hcloud_load_balancer.traefik[0].ipv4 + value = local.is_single_node_cluster || var.traefik_enabled == false ? module.control_planes[0].ipv4_address : data.hcloud_load_balancer.traefik[0].ipv4 } output "kubeconfig_file" { diff --git a/terraform.tfvars.example b/terraform.tfvars.example index e69c3a4..26d5d70 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -5,7 +5,7 @@ # This is in order to keep terraform from re-provisioning all nodes at once which would loose data. If you want to update, # those, you should instead change the value here and then manually re-provision each node one-by-one. Grep for "lifecycle". -# * Your Hetzner project API token +# * Your Hetzner project API token hcloud_token = "xxxxxxxxxxxxxxxxxxYYYYYYYYYYYYYYYYYYYzzzzzzzzzzzzzzzzzzzzz" # * Your public key public_key = "/home/username/.ssh/id_ed25519.pub" @@ -63,10 +63,15 @@ load_balancer_type = "lb11" # hetzner_ccm_version = "" # hetzner_csi_version = "" +# If you want to use traefik ingress controller with a loadbalancer +# traefik_enabled = true # If you want to use letsencrypt with tls Challenge, the email address is used to send you certificates expiration notices # traefik_acme_tls = true # traefik_acme_email = "mail@example.com" +# If you want to enable k8s metric server or not +# metric_server_enabled = false + # If you want to allow non-control-plane workloads to run on the control-plane nodes set "true" below. The default is "false". # Also good for single node clusters. # allow_scheduling_on_control_plane = true diff --git a/variables.tf b/variables.tf index 787240e..0b0936a 100644 --- a/variables.tf +++ b/variables.tf @@ -80,6 +80,12 @@ variable "hetzner_csi_version" { description = "Version of Container Storage Interface driver for Hetzner Cloud" } +variable "traefik_enabled" { + type = bool + default = false + description = "Whether to enable or disbale k3s traefik installation" +} + variable "traefik_acme_tls" { type = bool default = false @@ -98,6 +104,12 @@ variable "allow_scheduling_on_control_plane" { description = "Whether to allow non-control-plane workloads to run on the control-plane nodes" } +variable "metric_server_enabled" { + type = bool + default = true + description = "Whether to enable or disbale k3s mertric server" +} + variable "initial_k3s_channel" { type = string default = "stable"