jaggar/iac-cljs-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Split master script and add firewall portforwarding

Browse Source
This commit is contained in:
GigiaJ
2025-09-26 00:35:55 -05:00
parent 10205dc8f7
commit 574202eb3c
1 changed files with 48 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
iac/src/main/infra/init.cljs
View File

@@ -3,10 +3,9 @@
["@pulumi/hcloud" :as hcloud] ["@pulumi/hcloud" :as hcloud]
["@pulumi/command/remote" :as remote] ["@pulumi/command/remote" :as remote]
["@pulumi/command/local" :as local] ["@pulumi/command/local" :as local]
["@pulumi/kubernetes" :as k8s]
["fs" :as fs])) ["fs" :as fs]))
(defn- install-master-script [public-ip] (defn- setup-master-script []
(str "# Create manifests dir\n" (str "# Create manifests dir\n"
"mkdir -p /var/lib/rancher/k3s/server/manifests\n\n" "mkdir -p /var/lib/rancher/k3s/server/manifests\n\n"
"# Traefik NodePort config\n" "# Traefik NodePort config\n"
@@ -26,10 +25,12 @@
" nodePort: 30080\n" " nodePort: 30080\n"
" websecure:\n" " websecure:\n"
" nodePort: 30443\n" " nodePort: 30443\n"
"EOF\n\n" "EOF\n\n"))
"# Install k3s if not present\n"
(defn- install-master-script [public-ip]
(str "# Install k3s if not present\n"
"if ! command -v k3s >/dev/null; then\n" "if ! command -v k3s >/dev/null; then\n"
" curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC=\"--flannel-backend=wireguard-native --node-external-ip=" public-ip "\" sh -\n" " curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC=\"--disable=traefik --flannel-backend=wireguard-native --node-external-ip=" public-ip "\" sh -\n"
"fi\n\n" "fi\n\n"
"# Wait for node readiness\n" "# Wait for node readiness\n"
"until sudo k3s kubectl get node >/dev/null 2>&1; do\n" "until sudo k3s kubectl get node >/dev/null 2>&1; do\n"
@@ -67,6 +68,8 @@
(clj->js {:rules [{:direction "in" :protocol "tcp" :port "22" :sourceIps ["0.0.0.0/0" "::/0"]} (clj->js {:rules [{:direction "in" :protocol "tcp" :port "22" :sourceIps ["0.0.0.0/0" "::/0"]}
{:direction "in" :protocol "tcp" :port "6443" :sourceIps ["0.0.0.0/0" "::/0"]} {:direction "in" :protocol "tcp" :port "6443" :sourceIps ["0.0.0.0/0" "::/0"]}
{:direction "in" :protocol "udp" :port "51820" :sourceIps ["0.0.0.0/0" "::/0"]} {:direction "in" :protocol "udp" :port "51820" :sourceIps ["0.0.0.0/0" "::/0"]}
{:direction "in" :protocol "tcp" :port "80" :sourceIps ["0.0.0.0/0" "::/0"]}
{:direction "in" :protocol "tcp" :port "443" :sourceIps ["0.0.0.0/0" "::/0"]}
{:direction "in" :protocol "icmp" :sourceIps ["0.0.0.0/0" "::/0"]}]})) {:direction "in" :protocol "icmp" :sourceIps ["0.0.0.0/0" "::/0"]}]}))
master (hcloud/Server. master (hcloud/Server.
@@ -83,12 +86,19 @@
:user "root" :user "root"
:privateKey priv-key}) :privateKey priv-key})
setup-master
(remote/Command.
"setup-master"
(clj->js {:connection master-conn
:create (.apply setup-master-script)})
(clj->js {:dependsOn [master]}))
install-master install-master
(remote/Command. (remote/Command.
"install-master" "install-master"
(clj->js {:connection master-conn (clj->js {:connection master-conn
:create (.apply master-ip install-master-script)}) :create (.apply master-ip install-master-script)})
(clj->js {:dependsOn [master]})) (clj->js {:dependsOn [setup-master]}))
token-cmd token-cmd
(remote/Command. (remote/Command.
@@ -132,7 +142,7 @@
(clj->js {:dependsOn [install-master worker-de worker-us]})) (clj->js {:dependsOn [install-master worker-de worker-us]}))
label-node label-node
(local/Command. (local/Command.
"label-german-node-alt" "label-german-node-alt"
(clj->js (clj->js
{:create (.apply (.-stdout kubeconfig-cmd) {:create (.apply (.-stdout kubeconfig-cmd)
@@ -154,8 +164,7 @@
"done; " "done; "
"echo 'Error: Timed out waiting for node " worker-name ".' >&2 && " "echo 'Error: Timed out waiting for node " worker-name ".' >&2 && "
"exit 1;"))))))}) "exit 1;"))))))})
(clj->js {:dependsOn [kubeconfig-cmd worker-de]})) (clj->js {:dependsOn [kubeconfig-cmd worker-de]}))]
]
{:masterIp master-ip {:masterIp master-ip
:workerDeIp (.-ipv4Address worker-de) :workerDeIp (.-ipv4Address worker-de)