mirror of
https://github.com/Luzifer/hetzner-alpine-k8s.git
synced 2024-12-21 02:11:19 +00:00
Multiple improvements
- improve repo handling - improve network configuration - improve tool build Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
9c14dc02e5
commit
a4ef297069
5 changed files with 93 additions and 86 deletions
|
@ -1,40 +1,29 @@
|
|||
ARG ALPINE_VERSION=3.16.0
|
||||
ARG PACKER_VERSION=1.8.0-r3
|
||||
ARG ANSIBLE_CORE_VERSION=2.13.0-r0
|
||||
ARG JQ_VERSION=1.6-r1
|
||||
ARG ALPINE_VERSION=3.17
|
||||
ARG UID=1000
|
||||
ARG GID=1000
|
||||
|
||||
FROM alpine:$ALPINE_VERSION
|
||||
ARG PACKER_VERSION
|
||||
ARG ANSIBLE_CORE_VERSION
|
||||
ARG JQ_VERSION
|
||||
ARG UID
|
||||
ARG GID
|
||||
|
||||
RUN apk add --no-cache \
|
||||
ansible-core=$ANSIBLE_CORE_VERSION \
|
||||
packer=$PACKER_VERSION \
|
||||
jq=$JQ_VERSION
|
||||
SHELL ["/bin/sh", "-exc"]
|
||||
|
||||
RUN adduser ansible -u "$UID" -D -h /home/ansible "$GID"
|
||||
|
||||
RUN mkdir -p /configs /manifests /cache \
|
||||
&& chown ansible /manifests /configs /cache
|
||||
RUN apk add --no-cache \
|
||||
ansible-core \
|
||||
jq \
|
||||
packer \
|
||||
&& adduser ansible -u "$UID" -D -h /home/ansible "$GID" \
|
||||
&& mkdir -p /configs /manifests /cache \
|
||||
&& chown ansible /manifests /configs /cache
|
||||
|
||||
USER ansible
|
||||
WORKDIR /home/ansible
|
||||
COPY default.json default.json
|
||||
COPY alpine.pkr.hcl alpine.pkr.hcl
|
||||
COPY playbook.yml playbook.yml
|
||||
COPY --chmod=u=rx,og= entrypoint.sh entrypoint.sh
|
||||
COPY default.json default.json
|
||||
COPY alpine.pkr.hcl alpine.pkr.hcl
|
||||
COPY playbook.yml playbook.yml
|
||||
COPY --chmod=u=rx,og= entrypoint.sh entrypoint.sh
|
||||
|
||||
VOLUME /cache
|
||||
|
||||
ENTRYPOINT ["/bin/sh", "entrypoint.sh"]
|
||||
CMD ["default.json"]
|
||||
|
||||
LABEL "dev.pius.alpine-on-hetzner.alpine.version"=$ALPINE_VERSION
|
||||
LABEL "dev.pius.alpine-on-hetzner.pkgs.ansible-core.version"=$ANSIBLE_CORE_VERSION
|
||||
LABEL "dev.pius.alpine-on-hetzner.pkgs.packer.version"=$PACKER_VERSION
|
||||
LABEL "dev.pius.alpine-on-hetzner.pkgs.jq.version"=$JQ_VERSION
|
|
@ -4,13 +4,14 @@ variable "apk_tools_arch" {}
|
|||
variable "apk_tools_version" {}
|
||||
variable "apk_tools_checksum" {}
|
||||
|
||||
variable "alpine_version" {}
|
||||
variable "alpine_mirror" {}
|
||||
variable "alpine_repositories" {}
|
||||
variable "alpine_repository_keys" {}
|
||||
|
||||
variable "boot_size" {}
|
||||
variable "root_size" {}
|
||||
variable "hostname" {}
|
||||
variable "dhcp_interfaces" {}
|
||||
|
||||
variable "packages" {}
|
||||
variable "services" {}
|
||||
|
@ -23,45 +24,31 @@ variable "sysctl" {}
|
|||
variable "chroot_commands" {}
|
||||
|
||||
locals {
|
||||
timestamp = formatdate("DD-MM-YY.hh-mm-ss", timestamp())
|
||||
timestamp = formatdate("YYYYMMDD-hhmmss", timestamp())
|
||||
snapshot_id = sha1(uuidv4())
|
||||
}
|
||||
|
||||
source "hcloud" "alpine" {
|
||||
location = "fsn1"
|
||||
server_type = "cx11"
|
||||
image = "ubuntu-20.04"
|
||||
rescue = "linux64"
|
||||
ssh_username = "root"
|
||||
location = "fsn1"
|
||||
server_type = "cx11"
|
||||
image = "ubuntu-20.04"
|
||||
rescue = "linux64"
|
||||
ssh_username = "root"
|
||||
}
|
||||
|
||||
build {
|
||||
name = "alpine"
|
||||
|
||||
source "source.hcloud.alpine" {
|
||||
snapshot_name = var.hostname
|
||||
snapshot_name = "${var.hostname}-${local.timestamp}"
|
||||
snapshot_labels = {
|
||||
"alpine.pius.dev/timestamp" = local.timestamp
|
||||
"alpine.pius.dev/alpine-version" = var.alpine_version
|
||||
"alpine.pius.dev/snapshot-id" = local.snapshot_id
|
||||
"alpine.pius.dev/timestamp" = local.timestamp
|
||||
"alpine.pius.dev/snapshot-id" = local.snapshot_id
|
||||
}
|
||||
}
|
||||
|
||||
provisioner "ansible" {
|
||||
playbook_file = "playbook.yml"
|
||||
playbook_file = "playbook.yml"
|
||||
extra_arguments = ["--extra-vars", "@config.json"]
|
||||
}
|
||||
|
||||
post-processor "manifest" {
|
||||
output = "/manifests/${build.PackerRunUUID}.json"
|
||||
strip_path = true
|
||||
custom_data = merge({
|
||||
"alpine.pius.dev/alpine-version": var.alpine_version,
|
||||
"alpine.pius.dev/packer-run-id": build.PackerRunUUID,
|
||||
"alpine.pius.dev/snapshot-id": local.snapshot_id
|
||||
}, zipmap(
|
||||
formatlist("alpine.pius.dev/%s-version", keys(var.packages)),
|
||||
values(var.packages)
|
||||
))
|
||||
}
|
||||
}
|
||||
|
|
|
@ -4,15 +4,19 @@
|
|||
"apk_tools_url": "https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic//{{ apk_tools_version }}/{{ apk_tools_arch }}/apk.static",
|
||||
"apk_tools_checksum": "sha256:5176da3d4c41f12a08b82809aca8e7e2e383b7930979651b8958eca219815af5",
|
||||
|
||||
"alpine_version": "v3.15",
|
||||
"alpine_mirror": "http://dl-cdn.alpinelinux.org/alpine",
|
||||
"alpine_repositories": ["main", "community"],
|
||||
"alpine_repositories": [
|
||||
{"tag":"", "url": "http://dl-cdn.alpinelinux.org/alpine/edge/main"},
|
||||
{"tag":"", "url": "http://dl-cdn.alpinelinux.org/alpine/edge/community"},
|
||||
],
|
||||
"alpine_repository_keys": [],
|
||||
|
||||
"boot_size": "+100m",
|
||||
"root_size": "0",
|
||||
|
||||
"hostname": "alpine",
|
||||
|
||||
"dhcp_interfaces": ["eth0"],
|
||||
|
||||
"packages": {
|
||||
"openssh": "=8.8_p1-r1",
|
||||
"syslinux": "=6.04_pre1-r9",
|
||||
|
@ -40,7 +44,7 @@
|
|||
|
||||
"sshd": "default"
|
||||
},
|
||||
|
||||
|
||||
"nameservers": [
|
||||
"185.12.64.1",
|
||||
"185.12.64.2",
|
||||
|
@ -54,4 +58,4 @@
|
|||
"kernel_modules": ["ipv6", "af_packet"],
|
||||
"default_kernel_opts": ["quiet"],
|
||||
"chroot_commands": []
|
||||
}
|
||||
}
|
||||
|
|
|
@ -42,13 +42,13 @@
|
|||
|
||||
- name: initialize alpine-base in directory
|
||||
shell: >-
|
||||
./apk -X {{ alpine_mirror }}/{{ alpine_version }}/{{ alpine_repositories[0] }}
|
||||
-u
|
||||
--allow-untrusted
|
||||
--root /{{ chroot_directory }}
|
||||
--initdb
|
||||
./apk -X {{ alpine_repositories[0].url }}
|
||||
-u
|
||||
--allow-untrusted
|
||||
--root /{{ chroot_directory }}
|
||||
--initdb
|
||||
add alpine-base
|
||||
|
||||
|
||||
- name: prepare chroot
|
||||
shell: |
|
||||
mount --bind /dev {{ chroot_directory }}/dev
|
||||
|
@ -68,9 +68,11 @@
|
|||
content: |
|
||||
auto lo
|
||||
iface lo inet loopback
|
||||
auto eth0
|
||||
iface eth0 inet dhcp
|
||||
iface eth0 inet6 auto
|
||||
{% for dif in dhcp_interfaces %}
|
||||
auto {{ dif }}
|
||||
iface {{ dif }} inet dhcp
|
||||
iface {{ dif }} inet6 auto
|
||||
{% endfor %}
|
||||
dest: "{{ chroot_directory }}/etc/network/interfaces"
|
||||
|
||||
- name: write out hostname file
|
||||
|
@ -82,8 +84,8 @@
|
|||
copy:
|
||||
dest: "{{ chroot_directory }}/etc/hosts"
|
||||
content: |
|
||||
127.0.0.1 {{ hostname }} localhost localhost.localdomain
|
||||
::1 {{ hostname }} localhost localhost.localdomain
|
||||
127.0.0.1 {{ hostname }} localhost localhost.localdomain
|
||||
::1 {{ hostname }} localhost localhost.localdomain
|
||||
::1 {{ hostname }} localhost ipv6-localhost ipv6-loopback
|
||||
fe00::0 ipv6-localnet
|
||||
ff00::0 ipv6-mcastprefix
|
||||
|
@ -91,16 +93,18 @@
|
|||
ff02::2 ipv6-allrouters
|
||||
ff02::3 ipv6-allhosts
|
||||
|
||||
- name: install custom repository keys
|
||||
copy:
|
||||
dest: "{{ chroot_directory }}/etc/apk/keys/{{ item.name }}"
|
||||
content: "{{ item.public_key }}"
|
||||
loop: "{{ alpine_repository_keys }}"
|
||||
|
||||
- name: define alpine repositories
|
||||
copy:
|
||||
dest: "{{ chroot_directory }}/etc/apk/repositories"
|
||||
content: |
|
||||
{% for repository in alpine_repositories %}
|
||||
{% if loop.first %}
|
||||
{{ alpine_mirror }}/{{ alpine_version }}/{{ repository }}
|
||||
{% else %}
|
||||
@{{ repository }} {{ alpine_mirror }}/{{ alpine_version }}/{{ repository }}
|
||||
{% endif %}
|
||||
{% if repository.tag | d(false) %}@{{ repository.tag }} {% endif %}{{ repository.url }}
|
||||
{% endfor %}
|
||||
|
||||
- name: install requisite packages
|
||||
|
@ -132,7 +136,7 @@
|
|||
{% for setting in sysctl | dict2items %}
|
||||
{{ setting.key }} = {{ setting.value }}
|
||||
{% endfor %}
|
||||
|
||||
|
||||
- name: configure kernel modules
|
||||
copy:
|
||||
dest: "{{ chroot_directory }}/etc/modules"
|
||||
|
|
53
config.yaml
53
config.yaml
|
@ -1,18 +1,44 @@
|
|||
---
|
||||
|
||||
apk_tools_version: v2.12.10
|
||||
apk_tools_version: v2.12.11
|
||||
apk_tools_arch: x86_64
|
||||
apk_tools_url: https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic//{{ apk_tools_version }}/{{ apk_tools_arch }}/apk.static
|
||||
apk_tools_checksum: sha256:d7506bb11327b337960910daffed75aa289d8bb350feab624c52965be82ceae8
|
||||
apk_tools_checksum: sha256:a77621da3475ae0ed92daa2d05b9c2bb671639af8c17cce44098192dfbe1b80b
|
||||
|
||||
alpine_version: edge
|
||||
alpine_mirror: http://dl-cdn.alpinelinux.org/alpine
|
||||
alpine_repositories: [ main, community, testing ]
|
||||
alpine_mirror: https://dl-cdn.alpinelinux.org/alpine
|
||||
alpine_repositories:
|
||||
- url: '{{ alpine_mirror }}/edge/main'
|
||||
- tag: 'community'
|
||||
url: '{{ alpine_mirror }}/edge/community'
|
||||
- tag: 'testing'
|
||||
url: '{{ alpine_mirror }}/edge/testing'
|
||||
- tag: 'luzifer'
|
||||
url: 'http://alpine-luzifer-io.s3-website-eu-west-1.amazonaws.com/repo'
|
||||
|
||||
alpine_repository_keys:
|
||||
- name: 'alpine@ahlers.me-64562ea3.rsa.pub'
|
||||
public_key: |
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArxxCxVKukbb/zGHBv1ks
|
||||
Gu+eRHNCf7aPyUZVEwMdBSO3GYaVC5np1wtzCZzG+1BVQEdgyomxzB2dU0hTSBIZ
|
||||
myu+u7344+4/XzbcIwNOfGyduYhlIDvQ4UMzFZfq0oXU9QTmsVl0iqi1CT8J4LWr
|
||||
X5i6h/zkmURCvTkK9SoZ3S+LcnCS8becUdiJpQksMQ8nFr6MtwN92W4fzyHTJYI9
|
||||
p+tuWr9j71xHLujWQU7aio+qGpvIS9y3R4eIkJ+YRRpTiZi7x+Aixn3JaGF0zk2h
|
||||
tsApoPQbVqomgDPYX6JrMx1T5amkONz1vwhg9QTYISafQg0sbrQYBrjKDZBM0zZw
|
||||
vUpVKHjr0S1rMJhzNXvoYBFwDv/d15B8B8QDyTKRJkhcfKpjN2UPinB0DNozJ8L5
|
||||
l8VmxKdiA0zbbvWuhRMo9Svkhn/N55M+cH4Xmkf+3Z8frqmQf5b02mDfh4kMLRKT
|
||||
SBwkqgx/Kqceiw8ZIDprPY3tr6ThQ9oJOzI8NomNmvmanWHJtm6oBNiyvH3G9cfe
|
||||
+CeXkOhwwug+xrnNsA8bedFLfm2XB5Y6k/xs88604igHxfjbAWXjIyHhrNAD885s
|
||||
cbZ7WJTWYHuoltHwFvmq5Z8ZFuFpqbWH7B618rLR92AmHGaaje8m4vVeUcTq2TeN
|
||||
Ld4erUMnkwbBDYOIlAc/vzMCAwEAAQ==
|
||||
-----END PUBLIC KEY-----
|
||||
|
||||
boot_size: +100m
|
||||
root_size: '0'
|
||||
hostname: alpine-k8s
|
||||
|
||||
dhcp_interfaces: [eth0, eth1]
|
||||
|
||||
packages:
|
||||
# Alpine base system
|
||||
openssh: ''
|
||||
|
@ -29,13 +55,13 @@ packages:
|
|||
wireguard-tools: ''
|
||||
|
||||
# K8s requirements
|
||||
# OpenEBS
|
||||
open-iscsi: ''
|
||||
open-iscsi-openrc: ''
|
||||
udev: ''
|
||||
|
||||
cni-plugin-flannel: '@community'
|
||||
cni-plugins: '@community'
|
||||
cri-tools: '@testing'
|
||||
containerd: '@community'
|
||||
containerd-openrc: '@community'
|
||||
flannel-contrib-cni: '@testing'
|
||||
|
@ -43,9 +69,9 @@ packages:
|
|||
nfs-utils: ''
|
||||
uuidgen: ''
|
||||
|
||||
kubelet: '@testing=1.26.1-r2'
|
||||
kubeadm: '@testing=1.26.1-r2'
|
||||
kubectl: '@testing=1.26.1-r2'
|
||||
kubelet: '@luzifer=1.27.1-r0'
|
||||
kubeadm: '@luzifer=1.27.1-r0'
|
||||
kubectl: '@luzifer=1.27.1-r0'
|
||||
|
||||
services:
|
||||
devfs: sysinit
|
||||
|
@ -103,17 +129,14 @@ chroot_commands:
|
|||
- 'echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf'
|
||||
- 'echo "net.bridge.bridge-nf-call-iptables=1" >>/etc/sysctl.conf'
|
||||
|
||||
# Disable overwriting network config
|
||||
- 'echo "network: {config: disabled}" >/etc/cloud/cloud.cfg.d/99-disable-network-config.cfg'
|
||||
|
||||
# Fix prometheus errors
|
||||
- 'echo -e "#!/bin/sh\nmount --make-rshared /" >/etc/local.d/sharemetrics.start'
|
||||
- 'chmod +x /etc/local.d/sharemetrics.start'
|
||||
- 'rc-update add local'
|
||||
|
||||
# Enable private interface
|
||||
- 'echo "network: {config: disabled}" >/etc/cloud/cloud.cfg.d/99-disable-network-config.cfg'
|
||||
- 'echo -e "auto lo\niface lo inet loopback\n" >/etc/network/interfaces'
|
||||
- 'echo -e "auto eth0\niface eth0 inet dhcp\niface eth0 inet6 auto\n" >>/etc/network/interfaces'
|
||||
- 'echo -e "auto eth1\niface eth1 inet dhcp\niface eth1 inet6 auto\n" >>/etc/network/interfaces'
|
||||
|
||||
# Force --cloud-provider=external
|
||||
- "sed -i 's/command_args=\"/command_args=\"--cloud-provider=external /' /etc/init.d/kubelet"
|
||||
|
||||
|
|
Loading…
Reference in a new issue