mirror of
https://github.com/Luzifer/hetzner-alpine-k8s.git
synced 2024-12-21 02:11:19 +00:00
Multiple improvements
- improve repo handling - improve network configuration - improve tool build Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
9c14dc02e5
commit
a4ef297069
5 changed files with 93 additions and 86 deletions
|
@ -1,40 +1,29 @@
|
||||||
ARG ALPINE_VERSION=3.16.0
|
ARG ALPINE_VERSION=3.17
|
||||||
ARG PACKER_VERSION=1.8.0-r3
|
|
||||||
ARG ANSIBLE_CORE_VERSION=2.13.0-r0
|
|
||||||
ARG JQ_VERSION=1.6-r1
|
|
||||||
ARG UID=1000
|
ARG UID=1000
|
||||||
ARG GID=1000
|
ARG GID=1000
|
||||||
|
|
||||||
FROM alpine:$ALPINE_VERSION
|
FROM alpine:$ALPINE_VERSION
|
||||||
ARG PACKER_VERSION
|
|
||||||
ARG ANSIBLE_CORE_VERSION
|
|
||||||
ARG JQ_VERSION
|
|
||||||
ARG UID
|
ARG UID
|
||||||
ARG GID
|
ARG GID
|
||||||
|
|
||||||
RUN apk add --no-cache \
|
SHELL ["/bin/sh", "-exc"]
|
||||||
ansible-core=$ANSIBLE_CORE_VERSION \
|
|
||||||
packer=$PACKER_VERSION \
|
|
||||||
jq=$JQ_VERSION
|
|
||||||
|
|
||||||
RUN adduser ansible -u "$UID" -D -h /home/ansible "$GID"
|
RUN apk add --no-cache \
|
||||||
|
ansible-core \
|
||||||
RUN mkdir -p /configs /manifests /cache \
|
jq \
|
||||||
&& chown ansible /manifests /configs /cache
|
packer \
|
||||||
|
&& adduser ansible -u "$UID" -D -h /home/ansible "$GID" \
|
||||||
|
&& mkdir -p /configs /manifests /cache \
|
||||||
|
&& chown ansible /manifests /configs /cache
|
||||||
|
|
||||||
USER ansible
|
USER ansible
|
||||||
WORKDIR /home/ansible
|
WORKDIR /home/ansible
|
||||||
COPY default.json default.json
|
COPY default.json default.json
|
||||||
COPY alpine.pkr.hcl alpine.pkr.hcl
|
COPY alpine.pkr.hcl alpine.pkr.hcl
|
||||||
COPY playbook.yml playbook.yml
|
COPY playbook.yml playbook.yml
|
||||||
COPY --chmod=u=rx,og= entrypoint.sh entrypoint.sh
|
COPY --chmod=u=rx,og= entrypoint.sh entrypoint.sh
|
||||||
|
|
||||||
VOLUME /cache
|
VOLUME /cache
|
||||||
|
|
||||||
ENTRYPOINT ["/bin/sh", "entrypoint.sh"]
|
ENTRYPOINT ["/bin/sh", "entrypoint.sh"]
|
||||||
CMD ["default.json"]
|
CMD ["default.json"]
|
||||||
|
|
||||||
LABEL "dev.pius.alpine-on-hetzner.alpine.version"=$ALPINE_VERSION
|
|
||||||
LABEL "dev.pius.alpine-on-hetzner.pkgs.ansible-core.version"=$ANSIBLE_CORE_VERSION
|
|
||||||
LABEL "dev.pius.alpine-on-hetzner.pkgs.packer.version"=$PACKER_VERSION
|
|
||||||
LABEL "dev.pius.alpine-on-hetzner.pkgs.jq.version"=$JQ_VERSION
|
|
|
@ -4,13 +4,14 @@ variable "apk_tools_arch" {}
|
||||||
variable "apk_tools_version" {}
|
variable "apk_tools_version" {}
|
||||||
variable "apk_tools_checksum" {}
|
variable "apk_tools_checksum" {}
|
||||||
|
|
||||||
variable "alpine_version" {}
|
|
||||||
variable "alpine_mirror" {}
|
variable "alpine_mirror" {}
|
||||||
variable "alpine_repositories" {}
|
variable "alpine_repositories" {}
|
||||||
|
variable "alpine_repository_keys" {}
|
||||||
|
|
||||||
variable "boot_size" {}
|
variable "boot_size" {}
|
||||||
variable "root_size" {}
|
variable "root_size" {}
|
||||||
variable "hostname" {}
|
variable "hostname" {}
|
||||||
|
variable "dhcp_interfaces" {}
|
||||||
|
|
||||||
variable "packages" {}
|
variable "packages" {}
|
||||||
variable "services" {}
|
variable "services" {}
|
||||||
|
@ -23,45 +24,31 @@ variable "sysctl" {}
|
||||||
variable "chroot_commands" {}
|
variable "chroot_commands" {}
|
||||||
|
|
||||||
locals {
|
locals {
|
||||||
timestamp = formatdate("DD-MM-YY.hh-mm-ss", timestamp())
|
timestamp = formatdate("YYYYMMDD-hhmmss", timestamp())
|
||||||
snapshot_id = sha1(uuidv4())
|
snapshot_id = sha1(uuidv4())
|
||||||
}
|
}
|
||||||
|
|
||||||
source "hcloud" "alpine" {
|
source "hcloud" "alpine" {
|
||||||
location = "fsn1"
|
location = "fsn1"
|
||||||
server_type = "cx11"
|
server_type = "cx11"
|
||||||
image = "ubuntu-20.04"
|
image = "ubuntu-20.04"
|
||||||
rescue = "linux64"
|
rescue = "linux64"
|
||||||
ssh_username = "root"
|
ssh_username = "root"
|
||||||
}
|
}
|
||||||
|
|
||||||
build {
|
build {
|
||||||
name = "alpine"
|
name = "alpine"
|
||||||
|
|
||||||
source "source.hcloud.alpine" {
|
source "source.hcloud.alpine" {
|
||||||
snapshot_name = var.hostname
|
snapshot_name = "${var.hostname}-${local.timestamp}"
|
||||||
snapshot_labels = {
|
snapshot_labels = {
|
||||||
"alpine.pius.dev/timestamp" = local.timestamp
|
"alpine.pius.dev/timestamp" = local.timestamp
|
||||||
"alpine.pius.dev/alpine-version" = var.alpine_version
|
"alpine.pius.dev/snapshot-id" = local.snapshot_id
|
||||||
"alpine.pius.dev/snapshot-id" = local.snapshot_id
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
provisioner "ansible" {
|
provisioner "ansible" {
|
||||||
playbook_file = "playbook.yml"
|
playbook_file = "playbook.yml"
|
||||||
extra_arguments = ["--extra-vars", "@config.json"]
|
extra_arguments = ["--extra-vars", "@config.json"]
|
||||||
}
|
}
|
||||||
|
|
||||||
post-processor "manifest" {
|
|
||||||
output = "/manifests/${build.PackerRunUUID}.json"
|
|
||||||
strip_path = true
|
|
||||||
custom_data = merge({
|
|
||||||
"alpine.pius.dev/alpine-version": var.alpine_version,
|
|
||||||
"alpine.pius.dev/packer-run-id": build.PackerRunUUID,
|
|
||||||
"alpine.pius.dev/snapshot-id": local.snapshot_id
|
|
||||||
}, zipmap(
|
|
||||||
formatlist("alpine.pius.dev/%s-version", keys(var.packages)),
|
|
||||||
values(var.packages)
|
|
||||||
))
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,15 +4,19 @@
|
||||||
"apk_tools_url": "https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic//{{ apk_tools_version }}/{{ apk_tools_arch }}/apk.static",
|
"apk_tools_url": "https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic//{{ apk_tools_version }}/{{ apk_tools_arch }}/apk.static",
|
||||||
"apk_tools_checksum": "sha256:5176da3d4c41f12a08b82809aca8e7e2e383b7930979651b8958eca219815af5",
|
"apk_tools_checksum": "sha256:5176da3d4c41f12a08b82809aca8e7e2e383b7930979651b8958eca219815af5",
|
||||||
|
|
||||||
"alpine_version": "v3.15",
|
"alpine_repositories": [
|
||||||
"alpine_mirror": "http://dl-cdn.alpinelinux.org/alpine",
|
{"tag":"", "url": "http://dl-cdn.alpinelinux.org/alpine/edge/main"},
|
||||||
"alpine_repositories": ["main", "community"],
|
{"tag":"", "url": "http://dl-cdn.alpinelinux.org/alpine/edge/community"},
|
||||||
|
],
|
||||||
|
"alpine_repository_keys": [],
|
||||||
|
|
||||||
"boot_size": "+100m",
|
"boot_size": "+100m",
|
||||||
"root_size": "0",
|
"root_size": "0",
|
||||||
|
|
||||||
"hostname": "alpine",
|
"hostname": "alpine",
|
||||||
|
|
||||||
|
"dhcp_interfaces": ["eth0"],
|
||||||
|
|
||||||
"packages": {
|
"packages": {
|
||||||
"openssh": "=8.8_p1-r1",
|
"openssh": "=8.8_p1-r1",
|
||||||
"syslinux": "=6.04_pre1-r9",
|
"syslinux": "=6.04_pre1-r9",
|
||||||
|
@ -40,7 +44,7 @@
|
||||||
|
|
||||||
"sshd": "default"
|
"sshd": "default"
|
||||||
},
|
},
|
||||||
|
|
||||||
"nameservers": [
|
"nameservers": [
|
||||||
"185.12.64.1",
|
"185.12.64.1",
|
||||||
"185.12.64.2",
|
"185.12.64.2",
|
||||||
|
@ -54,4 +58,4 @@
|
||||||
"kernel_modules": ["ipv6", "af_packet"],
|
"kernel_modules": ["ipv6", "af_packet"],
|
||||||
"default_kernel_opts": ["quiet"],
|
"default_kernel_opts": ["quiet"],
|
||||||
"chroot_commands": []
|
"chroot_commands": []
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,13 +42,13 @@
|
||||||
|
|
||||||
- name: initialize alpine-base in directory
|
- name: initialize alpine-base in directory
|
||||||
shell: >-
|
shell: >-
|
||||||
./apk -X {{ alpine_mirror }}/{{ alpine_version }}/{{ alpine_repositories[0] }}
|
./apk -X {{ alpine_repositories[0].url }}
|
||||||
-u
|
-u
|
||||||
--allow-untrusted
|
--allow-untrusted
|
||||||
--root /{{ chroot_directory }}
|
--root /{{ chroot_directory }}
|
||||||
--initdb
|
--initdb
|
||||||
add alpine-base
|
add alpine-base
|
||||||
|
|
||||||
- name: prepare chroot
|
- name: prepare chroot
|
||||||
shell: |
|
shell: |
|
||||||
mount --bind /dev {{ chroot_directory }}/dev
|
mount --bind /dev {{ chroot_directory }}/dev
|
||||||
|
@ -68,9 +68,11 @@
|
||||||
content: |
|
content: |
|
||||||
auto lo
|
auto lo
|
||||||
iface lo inet loopback
|
iface lo inet loopback
|
||||||
auto eth0
|
{% for dif in dhcp_interfaces %}
|
||||||
iface eth0 inet dhcp
|
auto {{ dif }}
|
||||||
iface eth0 inet6 auto
|
iface {{ dif }} inet dhcp
|
||||||
|
iface {{ dif }} inet6 auto
|
||||||
|
{% endfor %}
|
||||||
dest: "{{ chroot_directory }}/etc/network/interfaces"
|
dest: "{{ chroot_directory }}/etc/network/interfaces"
|
||||||
|
|
||||||
- name: write out hostname file
|
- name: write out hostname file
|
||||||
|
@ -82,8 +84,8 @@
|
||||||
copy:
|
copy:
|
||||||
dest: "{{ chroot_directory }}/etc/hosts"
|
dest: "{{ chroot_directory }}/etc/hosts"
|
||||||
content: |
|
content: |
|
||||||
127.0.0.1 {{ hostname }} localhost localhost.localdomain
|
127.0.0.1 {{ hostname }} localhost localhost.localdomain
|
||||||
::1 {{ hostname }} localhost localhost.localdomain
|
::1 {{ hostname }} localhost localhost.localdomain
|
||||||
::1 {{ hostname }} localhost ipv6-localhost ipv6-loopback
|
::1 {{ hostname }} localhost ipv6-localhost ipv6-loopback
|
||||||
fe00::0 ipv6-localnet
|
fe00::0 ipv6-localnet
|
||||||
ff00::0 ipv6-mcastprefix
|
ff00::0 ipv6-mcastprefix
|
||||||
|
@ -91,16 +93,18 @@
|
||||||
ff02::2 ipv6-allrouters
|
ff02::2 ipv6-allrouters
|
||||||
ff02::3 ipv6-allhosts
|
ff02::3 ipv6-allhosts
|
||||||
|
|
||||||
|
- name: install custom repository keys
|
||||||
|
copy:
|
||||||
|
dest: "{{ chroot_directory }}/etc/apk/keys/{{ item.name }}"
|
||||||
|
content: "{{ item.public_key }}"
|
||||||
|
loop: "{{ alpine_repository_keys }}"
|
||||||
|
|
||||||
- name: define alpine repositories
|
- name: define alpine repositories
|
||||||
copy:
|
copy:
|
||||||
dest: "{{ chroot_directory }}/etc/apk/repositories"
|
dest: "{{ chroot_directory }}/etc/apk/repositories"
|
||||||
content: |
|
content: |
|
||||||
{% for repository in alpine_repositories %}
|
{% for repository in alpine_repositories %}
|
||||||
{% if loop.first %}
|
{% if repository.tag | d(false) %}@{{ repository.tag }} {% endif %}{{ repository.url }}
|
||||||
{{ alpine_mirror }}/{{ alpine_version }}/{{ repository }}
|
|
||||||
{% else %}
|
|
||||||
@{{ repository }} {{ alpine_mirror }}/{{ alpine_version }}/{{ repository }}
|
|
||||||
{% endif %}
|
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
- name: install requisite packages
|
- name: install requisite packages
|
||||||
|
@ -132,7 +136,7 @@
|
||||||
{% for setting in sysctl | dict2items %}
|
{% for setting in sysctl | dict2items %}
|
||||||
{{ setting.key }} = {{ setting.value }}
|
{{ setting.key }} = {{ setting.value }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
- name: configure kernel modules
|
- name: configure kernel modules
|
||||||
copy:
|
copy:
|
||||||
dest: "{{ chroot_directory }}/etc/modules"
|
dest: "{{ chroot_directory }}/etc/modules"
|
||||||
|
|
53
config.yaml
53
config.yaml
|
@ -1,18 +1,44 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
apk_tools_version: v2.12.10
|
apk_tools_version: v2.12.11
|
||||||
apk_tools_arch: x86_64
|
apk_tools_arch: x86_64
|
||||||
apk_tools_url: https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic//{{ apk_tools_version }}/{{ apk_tools_arch }}/apk.static
|
apk_tools_url: https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic//{{ apk_tools_version }}/{{ apk_tools_arch }}/apk.static
|
||||||
apk_tools_checksum: sha256:d7506bb11327b337960910daffed75aa289d8bb350feab624c52965be82ceae8
|
apk_tools_checksum: sha256:a77621da3475ae0ed92daa2d05b9c2bb671639af8c17cce44098192dfbe1b80b
|
||||||
|
|
||||||
alpine_version: edge
|
alpine_mirror: https://dl-cdn.alpinelinux.org/alpine
|
||||||
alpine_mirror: http://dl-cdn.alpinelinux.org/alpine
|
alpine_repositories:
|
||||||
alpine_repositories: [ main, community, testing ]
|
- url: '{{ alpine_mirror }}/edge/main'
|
||||||
|
- tag: 'community'
|
||||||
|
url: '{{ alpine_mirror }}/edge/community'
|
||||||
|
- tag: 'testing'
|
||||||
|
url: '{{ alpine_mirror }}/edge/testing'
|
||||||
|
- tag: 'luzifer'
|
||||||
|
url: 'http://alpine-luzifer-io.s3-website-eu-west-1.amazonaws.com/repo'
|
||||||
|
|
||||||
|
alpine_repository_keys:
|
||||||
|
- name: 'alpine@ahlers.me-64562ea3.rsa.pub'
|
||||||
|
public_key: |
|
||||||
|
-----BEGIN PUBLIC KEY-----
|
||||||
|
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArxxCxVKukbb/zGHBv1ks
|
||||||
|
Gu+eRHNCf7aPyUZVEwMdBSO3GYaVC5np1wtzCZzG+1BVQEdgyomxzB2dU0hTSBIZ
|
||||||
|
myu+u7344+4/XzbcIwNOfGyduYhlIDvQ4UMzFZfq0oXU9QTmsVl0iqi1CT8J4LWr
|
||||||
|
X5i6h/zkmURCvTkK9SoZ3S+LcnCS8becUdiJpQksMQ8nFr6MtwN92W4fzyHTJYI9
|
||||||
|
p+tuWr9j71xHLujWQU7aio+qGpvIS9y3R4eIkJ+YRRpTiZi7x+Aixn3JaGF0zk2h
|
||||||
|
tsApoPQbVqomgDPYX6JrMx1T5amkONz1vwhg9QTYISafQg0sbrQYBrjKDZBM0zZw
|
||||||
|
vUpVKHjr0S1rMJhzNXvoYBFwDv/d15B8B8QDyTKRJkhcfKpjN2UPinB0DNozJ8L5
|
||||||
|
l8VmxKdiA0zbbvWuhRMo9Svkhn/N55M+cH4Xmkf+3Z8frqmQf5b02mDfh4kMLRKT
|
||||||
|
SBwkqgx/Kqceiw8ZIDprPY3tr6ThQ9oJOzI8NomNmvmanWHJtm6oBNiyvH3G9cfe
|
||||||
|
+CeXkOhwwug+xrnNsA8bedFLfm2XB5Y6k/xs88604igHxfjbAWXjIyHhrNAD885s
|
||||||
|
cbZ7WJTWYHuoltHwFvmq5Z8ZFuFpqbWH7B618rLR92AmHGaaje8m4vVeUcTq2TeN
|
||||||
|
Ld4erUMnkwbBDYOIlAc/vzMCAwEAAQ==
|
||||||
|
-----END PUBLIC KEY-----
|
||||||
|
|
||||||
boot_size: +100m
|
boot_size: +100m
|
||||||
root_size: '0'
|
root_size: '0'
|
||||||
hostname: alpine-k8s
|
hostname: alpine-k8s
|
||||||
|
|
||||||
|
dhcp_interfaces: [eth0, eth1]
|
||||||
|
|
||||||
packages:
|
packages:
|
||||||
# Alpine base system
|
# Alpine base system
|
||||||
openssh: ''
|
openssh: ''
|
||||||
|
@ -29,13 +55,13 @@ packages:
|
||||||
wireguard-tools: ''
|
wireguard-tools: ''
|
||||||
|
|
||||||
# K8s requirements
|
# K8s requirements
|
||||||
# OpenEBS
|
|
||||||
open-iscsi: ''
|
open-iscsi: ''
|
||||||
open-iscsi-openrc: ''
|
open-iscsi-openrc: ''
|
||||||
udev: ''
|
udev: ''
|
||||||
|
|
||||||
cni-plugin-flannel: '@community'
|
cni-plugin-flannel: '@community'
|
||||||
cni-plugins: '@community'
|
cni-plugins: '@community'
|
||||||
|
cri-tools: '@testing'
|
||||||
containerd: '@community'
|
containerd: '@community'
|
||||||
containerd-openrc: '@community'
|
containerd-openrc: '@community'
|
||||||
flannel-contrib-cni: '@testing'
|
flannel-contrib-cni: '@testing'
|
||||||
|
@ -43,9 +69,9 @@ packages:
|
||||||
nfs-utils: ''
|
nfs-utils: ''
|
||||||
uuidgen: ''
|
uuidgen: ''
|
||||||
|
|
||||||
kubelet: '@testing=1.26.1-r2'
|
kubelet: '@luzifer=1.27.1-r0'
|
||||||
kubeadm: '@testing=1.26.1-r2'
|
kubeadm: '@luzifer=1.27.1-r0'
|
||||||
kubectl: '@testing=1.26.1-r2'
|
kubectl: '@luzifer=1.27.1-r0'
|
||||||
|
|
||||||
services:
|
services:
|
||||||
devfs: sysinit
|
devfs: sysinit
|
||||||
|
@ -103,17 +129,14 @@ chroot_commands:
|
||||||
- 'echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf'
|
- 'echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf'
|
||||||
- 'echo "net.bridge.bridge-nf-call-iptables=1" >>/etc/sysctl.conf'
|
- 'echo "net.bridge.bridge-nf-call-iptables=1" >>/etc/sysctl.conf'
|
||||||
|
|
||||||
|
# Disable overwriting network config
|
||||||
|
- 'echo "network: {config: disabled}" >/etc/cloud/cloud.cfg.d/99-disable-network-config.cfg'
|
||||||
|
|
||||||
# Fix prometheus errors
|
# Fix prometheus errors
|
||||||
- 'echo -e "#!/bin/sh\nmount --make-rshared /" >/etc/local.d/sharemetrics.start'
|
- 'echo -e "#!/bin/sh\nmount --make-rshared /" >/etc/local.d/sharemetrics.start'
|
||||||
- 'chmod +x /etc/local.d/sharemetrics.start'
|
- 'chmod +x /etc/local.d/sharemetrics.start'
|
||||||
- 'rc-update add local'
|
- 'rc-update add local'
|
||||||
|
|
||||||
# Enable private interface
|
|
||||||
- 'echo "network: {config: disabled}" >/etc/cloud/cloud.cfg.d/99-disable-network-config.cfg'
|
|
||||||
- 'echo -e "auto lo\niface lo inet loopback\n" >/etc/network/interfaces'
|
|
||||||
- 'echo -e "auto eth0\niface eth0 inet dhcp\niface eth0 inet6 auto\n" >>/etc/network/interfaces'
|
|
||||||
- 'echo -e "auto eth1\niface eth1 inet dhcp\niface eth1 inet6 auto\n" >>/etc/network/interfaces'
|
|
||||||
|
|
||||||
# Force --cloud-provider=external
|
# Force --cloud-provider=external
|
||||||
- "sed -i 's/command_args=\"/command_args=\"--cloud-provider=external /' /etc/init.d/kubelet"
|
- "sed -i 's/command_args=\"/command_args=\"--cloud-provider=external /' /etc/init.d/kubelet"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue