jaggar/iac-cljs-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Split master script and add firewall portforwarding

Browse Source
This commit is contained in:
GigiaJ
2025-09-26 00:35:55 -05:00
parent 10205dc8f7
commit 574202eb3c
1 changed files with 48 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
iac/src/main/infra/init.cljs
View File

@@ -3,10 +3,9 @@
["@pulumi/hcloud" :as hcloud] ["@pulumi/hcloud" :as hcloud]
["@pulumi/command/remote" :as remote] ["@pulumi/command/remote" :as remote]
["@pulumi/command/local" :as local] ["@pulumi/command/local" :as local]
["@pulumi/kubernetes" :as k8s]
["fs" :as fs])) ["fs" :as fs]))
(defn- install-master-script [public-ip] (defn- setup-master-script []
(str "# Create manifests dir\n" (str "# Create manifests dir\n"
"mkdir -p /var/lib/rancher/k3s/server/manifests\n\n" "mkdir -p /var/lib/rancher/k3s/server/manifests\n\n"
"# Traefik NodePort config\n" "# Traefik NodePort config\n"
@@ -26,10 +25,12 @@
" nodePort: 30080\n" " nodePort: 30080\n"
" websecure:\n" " websecure:\n"
" nodePort: 30443\n" " nodePort: 30443\n"
"EOF\n\n" "EOF\n\n"))
"# Install k3s if not present\n"
(defn- install-master-script [public-ip]
(str "# Install k3s if not present\n"
"if ! command -v k3s >/dev/null; then\n" "if ! command -v k3s >/dev/null; then\n"
" curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC=\"--flannel-backend=wireguard-native --node-external-ip=" public-ip "\" sh -\n" " curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC=\"--disable=traefik --flannel-backend=wireguard-native --node-external-ip=" public-ip "\" sh -\n"
"fi\n\n" "fi\n\n"
"# Wait for node readiness\n" "# Wait for node readiness\n"
"until sudo k3s kubectl get node >/dev/null 2>&1; do\n" "until sudo k3s kubectl get node >/dev/null 2>&1; do\n"
@@ -67,6 +68,8 @@
(clj->js {:rules [{:direction "in" :protocol "tcp" :port "22" :sourceIps ["0.0.0.0/0" "::/0"]} (clj->js {:rules [{:direction "in" :protocol "tcp" :port "22" :sourceIps ["0.0.0.0/0" "::/0"]}
{:direction "in" :protocol "tcp" :port "6443" :sourceIps ["0.0.0.0/0" "::/0"]} {:direction "in" :protocol "tcp" :port "6443" :sourceIps ["0.0.0.0/0" "::/0"]}
{:direction "in" :protocol "udp" :port "51820" :sourceIps ["0.0.0.0/0" "::/0"]} {:direction "in" :protocol "udp" :port "51820" :sourceIps ["0.0.0.0/0" "::/0"]}
{:direction "in" :protocol "tcp" :port "80" :sourceIps ["0.0.0.0/0" "::/0"]}
{:direction "in" :protocol "tcp" :port "443" :sourceIps ["0.0.0.0/0" "::/0"]}
{:direction "in" :protocol "icmp" :sourceIps ["0.0.0.0/0" "::/0"]}]})) {:direction "in" :protocol "icmp" :sourceIps ["0.0.0.0/0" "::/0"]}]}))
master (hcloud/Server. master (hcloud/Server.
@@ -83,12 +86,19 @@
:user "root" :user "root"
:privateKey priv-key}) :privateKey priv-key})
setup-master
(remote/Command.
"setup-master"
(clj->js {:connection master-conn
:create (.apply setup-master-script)})
(clj->js {:dependsOn [master]}))
install-master install-master
(remote/Command. (remote/Command.
"install-master" "install-master"
(clj->js {:connection master-conn (clj->js {:connection master-conn
:create (.apply master-ip install-master-script)}) :create (.apply master-ip install-master-script)})
(clj->js {:dependsOn [master]})) (clj->js {:dependsOn [setup-master]}))
token-cmd token-cmd
(remote/Command. (remote/Command.
@@ -97,12 +107,12 @@
:create "sudo cat /var/lib/rancher/k3s/server/node-token"}) :create "sudo cat /var/lib/rancher/k3s/server/node-token"})
(clj->js {:dependsOn [install-master]})) (clj->js {:dependsOn [install-master]}))
worker-script worker-script
(.apply master-ip (.apply master-ip
(fn [ip] (fn [ip]
(.apply (.-stdout token-cmd) (.apply (.-stdout token-cmd)
(fn [token] (fn [token]
(install-worker-script ip (.trim token)))))) (install-worker-script ip (.trim token))))))
worker-de (hcloud/Server. worker-de (hcloud/Server.
"k3s-worker-de" "k3s-worker-de"
@@ -132,32 +142,31 @@
(clj->js {:dependsOn [install-master worker-de worker-us]})) (clj->js {:dependsOn [install-master worker-de worker-us]}))
label-node label-node
(local/Command. (local/Command.
"label-german-node-alt" "label-german-node-alt"
(clj->js (clj->js
{:create (.apply (.-stdout kubeconfig-cmd) {:create (.apply (.-stdout kubeconfig-cmd)
(fn [kubeconfig] (fn [kubeconfig]
(.apply (.-name worker-de) (.apply (.-name worker-de)
(fn [worker-name] (fn [worker-name]
(let [path "./kubeconfig.yaml"] (let [path "./kubeconfig.yaml"]
(.writeFileSync fs path kubeconfig) (.writeFileSync fs path kubeconfig)
(str (str
"for i in {1..30}; do " "for i in {1..30}; do "
" if kubectl --kubeconfig=" path " get node " worker-name " > /dev/null 2>&1; then " " if kubectl --kubeconfig=" path " get node " worker-name " > /dev/null 2>&1; then "
" echo 'Node " worker-name " found, proceeding with label.' && " " echo 'Node " worker-name " found, proceeding with label.' && "
" kubectl --kubeconfig=" path " label node " worker-name " location=de --overwrite && " " kubectl --kubeconfig=" path " label node " worker-name " location=de --overwrite && "
" exit 0; " " exit 0; "
" else " " else "
" echo 'Node " worker-name " not ready yet. Waiting 10s... (Attempt: '\"$i\"'/30)'; " " echo 'Node " worker-name " not ready yet. Waiting 10s... (Attempt: '\"$i\"'/30)'; "
" sleep 10; " " sleep 10; "
" fi; " " fi; "
"done; " "done; "
"echo 'Error: Timed out waiting for node " worker-name ".' >&2 && " "echo 'Error: Timed out waiting for node " worker-name ".' >&2 && "
"exit 1;"))))))}) "exit 1;"))))))})
(clj->js {:dependsOn [kubeconfig-cmd worker-de]})) (clj->js {:dependsOn [kubeconfig-cmd worker-de]}))]
]
{:masterIp master-ip {:masterIp master-ip
:workerDeIp (.-ipv4Address worker-de) :workerDeIp (.-ipv4Address worker-de)
:workerUsIp (.-ipv4Address worker-us) :workerUsIp (.-ipv4Address worker-us)
:kubeconfig (pulumi/secret (.-stdout kubeconfig-cmd))})) :kubeconfig (pulumi/secret (.-stdout kubeconfig-cmd))}))