Merge pull request #809 from aleksasiriski/master

A lot of QoL changes to Traefik - nothing breaking
kube-hetzner · May 24, 2023 · 7ff7046 · 7ff7046
2 parents 928fb1c + 29ab301
commit 7ff7046
Show file tree

Hide file tree

Showing 7 changed files with 89 additions and 21 deletions.
diff --git a/kube.tf.example b/kube.tf.example
@@ -660,7 +660,7 @@ terraform {
   required_providers {
     hcloud = {
       source  = "hetznercloud/hcloud"
-      version = ">= 1.38.2"
+      version = ">= 1.39.0"
     }
   }
 }

diff --git a/locals.tf b/locals.tf
@@ -100,7 +100,8 @@ locals {
 
   has_external_load_balancer = local.using_klipper_lb || local.ingress_controller == "none"
 
-  ingress_replica_count = (var.ingress_replica_count > 0) ? var.ingress_replica_count : (local.agent_count > 2) ? 3 : (local.agent_count == 2) ? 2 : 1
+  ingress_replica_count     = (var.ingress_replica_count > 0) ? var.ingress_replica_count : (local.agent_count > 2) ? 3 : (local.agent_count == 2) ? 2 : 1
+  ingress_max_replica_count = (var.ingress_max_replica_count > local.ingress_replica_count) ? var.ingress_max_replica_count : local.ingress_replica_count
 
   # disable k3s extras
   disable_extras = concat(["local-storage"], local.using_klipper_lb ? [] : ["servicelb"], ["traefik"], var.enable_metrics_server ? [] : ["metrics-server"])
@@ -462,11 +463,51 @@ ports:
         - 127.0.0.1/32
         - 10.0.0.0/8
 %{endif~}
-%{if var.traefik_additional_options != ""~}
+%{if var.traefik_additional_ports != ""~}
+%{for option in var.traefik_additional_ports~}
+  ${option.name}:
+    port: ${option.port}
+    expose: true
+    exposedPort: ${option.exposedPort}
+    protocol: TCP
+%{if !local.using_klipper_lb~}
+    proxyProtocol:
+      trustedIPs:
+        - 127.0.0.1/32
+        - 10.0.0.0/8
+    forwardedHeaders:
+      trustedIPs:
+        - 127.0.0.1/32
+        - 10.0.0.0/8
+%{endif~}
+%{endfor~}
+%{endif~}
+%{if var.traefik_pod_disruption_budget~}
+podDisruptionBudget:
+  enabled: true
+  maxUnavailable: 33%
+%{endif~}
 additionalArguments:
+  - "--entrypoints.tcp=true"
+%{if var.traefik_additional_options != ""~}
 %{for option in var.traefik_additional_options~}
-- "${option}"
+  - "${option}"
 %{endfor~}
+%{endif~}
+%{if var.traefik_resource_limits~}
+resources:
+  requests:
+    cpu: "100m"
+    memory: "50Mi"
+  limits:
+    cpu: "300m"
+    memory: "150Mi"
+%{endif~}
+%{if var.traefik_autoscaling~}
+autoscaling:
+  enabled: true
+  minReplicas: ${local.ingress_replica_count}
+  maxReplicas: ${local.ingress_max_replica_count}
 %{endif~}
   EOT
 

diff --git a/modules/host/versions.tf b/modules/host/versions.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     hcloud = {
       source  = "hetznercloud/hcloud"
-      version = ">= 1.38.2"
+      version = ">= 1.39.0"
     }
   }
 }
diff --git a/packer-template/hcloud-microos-snapshots.pkr.hcl b/packer-template/hcloud-microos-snapshots.pkr.hcl
@@ -52,6 +52,8 @@ locals {
     transactional-update --continue shell <<< "zypper --no-gpg-checks --non-interactive install https://github.com/k3s-io/k3s-selinux/releases/download/v1.3.testing.4/k3s-selinux-1.3-4.sle.noarch.rpm"
     transactional-update --continue shell <<< "zypper addlock k3s-selinux"
     transactional-update --continue shell <<< "restorecon -Rv /etc/selinux/targeted/policy && restorecon -Rv /var/lib && setenforce 1"
+    echo "Make sure to use NetworkManager"
+    touch /etc/NetworkManager/NetworkManager.conf
     sleep 1 && udevadm settle && reboot
   EOT
 
@@ -61,11 +63,6 @@ locals {
     rm -rf /etc/ssh/ssh_host_*
     sleep 1 && udevadm settle
   EOT
-
-  cloud_init_network = <<-EOT
-    echo 'Make sure to use NetworkManager'
-    touch /etc/NetworkManager/NetworkManager.conf
-  EOT
 }
 
 # Source for the MicroOS x86 snapshot
@@ -125,11 +122,6 @@ build {
     pause_before = "5s"
     inline       = [local.clean_up]
   }
-
-  # Create an empty config file, so cloud-init will generate NetworkManager system-connection files properly
-  provisioner "shell" {
-    inline = [local.cloud_init_network]
-  }
 }
 
 # Build the MicroOS ARM snapshot
@@ -159,9 +151,4 @@ build {
     pause_before = "5s"
     inline       = [local.clean_up]
   }
-
-  # Create an empty config file, so cloud-init will generate NetworkManager system-connection files properly
-  provisioner "shell" {
-    inline = [local.cloud_init_network]
-  }
 }
diff --git a/scripts/create.sh b/scripts/create.sh
@@ -1,6 +1,7 @@
 #!/usr/bin/env bash
 
 # Check if terraform, packer and hcloud CLIs are present
+command -v ssh >/dev/null 2>&1 || { echo "openssh is not installed. Install it with 'brew install openssh'."; exit 1; }
 command -v terraform >/dev/null 2>&1 || { echo "terraform is not installed. Install it with 'brew install terraform'."; exit 1; }
 command -v packer >/dev/null 2>&1 || { echo "packer is not installed. Install it with 'brew install packer'."; exit 1; }
 command -v hcloud >/dev/null 2>&1 || { echo "hcloud (Hetzner CLI) is not installed. Install it with 'brew install hcloud'."; exit 1; }

diff --git a/variables.tf b/variables.tf
@@ -206,12 +206,51 @@ variable "ingress_replica_count" {
   }
 }
 
+variable "ingress_max_replica_count" {
+  type        = number
+  default     = 10
+  description = "Number of maximum replicas per ingress controller. Used for ingress HPA. Must be higher than number of replicas."
+
+  validation {
+    condition     = var.ingress_max_replica_count >= 0
+    error_message = "Number of ingress maximum replicas can't be below 0."
+  }
+}
+
+variable "traefik_autoscaling" {
+  type        = bool
+  default     = true
+  description = "Should traefik enable Horizontal Pod Autoscaler."
+}
+
 variable "traefik_redirect_to_https" {
   type        = bool
   default     = true
   description = "Should traefik redirect http traffic to https."
 }
 
+variable "traefik_pod_disruption_budget" {
+  type        = bool
+  default     = true
+  description = "Should traefik enable pod disruption budget. Default values are maxUnavailable: 33% and minAvailable: 1."
+}
+
+variable "traefik_resource_limits" {
+  type        = bool
+  default     = true
+  description = "Should traefik enable default resource requests and limits. Default values are requests: 100m & 50Mi and limits: 300m & 150Mi."
+}
+
+variable "traefik_additional_ports" {
+  type = list(object({
+    name        = string
+    port        = number
+    exposedPort = number
+  }))
+  default     = []
+  description = "Additional ports to pass to Traefik. These are the ones that go into the ports section of the Traefik helm values file."
+}
+
 variable "traefik_additional_options" {
   type        = list(string)
   default     = []

diff --git a/versions.tf b/versions.tf
@@ -7,7 +7,7 @@ terraform {
     }
     hcloud = {
       source  = "hetznercloud/hcloud"
-      version = ">= 1.38.2"
+      version = ">= 1.39.0"
     }
     local = {
       source  = "hashicorp/local"