Merge pull request #112 from xunleii/fix/110-111

Update providers and fix #110

agent_nodes.tf

@@ -35,7 +35,7 @@ locals {
   ])
   agent_taints = local.managed_taint_enabled ? { for o in local.agent_taints_list : o.key => o.value if o.key != "" } : {}
 
-  // Generate a map of all calculed agent fields, used during k3s installation.
+  // Generate a map of all calculated agent fields, used during k3s installation.
   agents_metadata = {
     for key, agent in var.agents :
     key => {
@@ -106,7 +106,7 @@ resource "null_resource" "agents_install" {
 
   // Upload k3s install script
   provisioner "file" {
-    content     = data.http.k3s_installer.body
+    content     = data.http.k3s_installer.response_body
     destination = "/tmp/k3s-installer"
   }
 

examples/hcloud-k3s/k3s.tf

@@ -21,7 +21,8 @@ module "k3s" {
     hcloud_server.control_planes[i].name => {
       ip = hcloud_server_network.control_planes[i].ip
       connection = {
-        host = hcloud_server.control_planes[i].ipv4_address
+        host        = hcloud_server.control_planes[i].ipv4_address
+        private_key = trimspace(tls_private_key.ed25519-provisioning.private_key_pem)
       }
       flags       = ["--disable-cloud-controller"]
       annotations = { "server_id" : i } // theses annotations will not be managed by this module
@@ -34,54 +35,12 @@ module "k3s" {
       name = hcloud_server.agents[i].name
       ip   = hcloud_server_network.agents_network[i].ip
       connection = {
-        host = hcloud_server.agents[i].ipv4_address
+        host        = hcloud_server.agents[i].ipv4_address
+        private_key = trimspace(tls_private_key.ed25519-provisioning.private_key_pem)
       }
 
       labels = { "node.kubernetes.io/pool" = hcloud_server.agents[i].labels.nodepool }
       taints = { "dedicated" : hcloud_server.agents[i].labels.nodepool == "gpu" ? "gpu:NoSchedule" : null }
     }
   }
 }
-
-provider "kubernetes" {
-  host                   = module.k3s.kubernetes.api_endpoint
-  cluster_ca_certificate = module.k3s.kubernetes.cluster_ca_certificate
-  client_certificate     = module.k3s.kubernetes.client_certificate
-  client_key             = module.k3s.kubernetes.client_key
-}
-
-resource "kubernetes_service_account" "bootstrap" {
-  depends_on = [module.k3s.kubernetes_ready]
-
-  metadata {
-    name      = "bootstrap"
-    namespace = "default"
-  }
-}
-
-resource "kubernetes_cluster_role_binding" "boostrap" {
-  depends_on = [module.k3s.kubernetes_ready]
-
-  metadata {
-    name = "bootstrap"
-  }
-
-  subject {
-    kind      = "ServiceAccount"
-    name      = "bootstrap"
-    namespace = "default"
-  }
-
-  role_ref {
-    api_group = "rbac.authorization.k8s.io"
-    kind      = "ClusterRole"
-    name      = "admin"
-  }
-}
-
-data "kubernetes_secret" "sa_credentials" {
-  metadata {
-    name      = kubernetes_service_account.bootstrap.default_secret_name
-    namespace = "default"
-  }
-}

examples/hcloud-k3s/main.tf

@@ -1,8 +1,16 @@
 provider "hcloud" {}
 
+data "hcloud_image" "ubuntu" {
+  name = "ubuntu-20.04"
+}
+
+resource "tls_private_key" "ed25519-provisioning" {
+  algorithm = "ED25519"
+}
+
 resource "hcloud_ssh_key" "default" {
   name       = "K3S terraform module - Provisionning SSH key"
-  public_key = var.ssh_key
+  public_key = trimspace(tls_private_key.ed25519-provisioning.public_key_openssh)
 }
 
 resource "hcloud_network" "k3s" {
@@ -16,7 +24,3 @@ resource "hcloud_network_subnet" "k3s_nodes" {
   network_zone = "eu-central"
   ip_range     = "10.254.1.0/24"
 }
-
-data "hcloud_image" "ubuntu" {
-  name = "ubuntu-20.04"
-}

examples/hcloud-k3s/outputs.tf

@@ -2,8 +2,8 @@ output "summary" {
   value = module.k3s.summary
 }
 
-output "bootstrap_sa" {
-  description = "Bootstrap ServiceAccount. Can be used by Terraform to provision this cluster."
-  value       = data.kubernetes_secret.sa_credentials.data
+output "ssh_private_key" {
+  description = "Generated SSH private key."
+  value       = tls_private_key.ed25519-provisioning.private_key_openssh
   sensitive   = true
-}
+}

examples/hcloud-k3s/variables.tf

@@ -1,8 +1,3 @@
-variable "ssh_key" {
-  description = "SSH public Key content needed to provision the instances."
-  type        = string
-}
-
 variable "servers_num" {
   description = "Number of control plane nodes."
   default     = 3

k3s_version.tf

@@ -5,10 +5,10 @@ data "http" "k3s_version" {
 
 // Fetch the k3s installation script
 data "http" "k3s_installer" {
-  url = "https://raw.githubusercontent.com/rancher/k3s/${jsondecode(data.http.k3s_version.body).data[1].latest}/install.sh"
+  url = "https://raw.githubusercontent.com/rancher/k3s/${jsondecode(data.http.k3s_version.response_body).data[1].latest}/install.sh"
 }
 
 locals {
   // Use the fetched version if 'lastest' is specified
-  k3s_version = var.k3s_version == "latest" ? jsondecode(data.http.k3s_version.body).data[1].latest : var.k3s_version
+  k3s_version = var.k3s_version == "latest" ? jsondecode(data.http.k3s_version.response_body).data[1].latest : var.k3s_version
 }

server_nodes.tf

@@ -75,7 +75,7 @@ locals {
   ])
   server_taints = local.managed_taint_enabled ? { for o in local.server_taints_list : o.key => o.value if o.key != "" } : {}
 
-  // Generate a map of all calculed server fields, used during k3s installation.
+  // Generate a map of all calculated server fields, used during k3s installation.
   servers_metadata = {
     for key, server in var.servers :
     key => {
@@ -206,7 +206,7 @@ resource "null_resource" "servers_install" {
 
   // Upload k3s file
   provisioner "file" {
-    content     = data.http.k3s_installer.body
+    content     = data.http.k3s_installer.response_body
     destination = "/tmp/k3s-installer"
   }
 

versions.tf

@@ -17,5 +17,6 @@ terraform {
       version = "~> 4.0"
     }
   }
+
   required_version = "~> 1.0"
 }