Make it possible to optionally create the load balancer for the kuber…

…netes API
vitobotta · Jan 28, 2025 · 08cf872 · 08cf872
1 parent ed49123
commit 08cf872
Show file tree

Hide file tree

Showing 6 changed files with 41 additions and 15 deletions.
diff --git a/docs/Creating_a_cluster.md b/docs/Creating_a_cluster.md
@@ -86,6 +86,8 @@ embedded_registry_mirror:
 
 protect_against_deletion: true
 
+create_load_balancer_for_the_kubernetes_api: false # NOTE: it is currently not possible to restrict access to the load balancer by IP in the firewall since this hasn't been implemented by Hetzner yet.
+
 # additional_packages:
 # - somepackage
 

diff --git a/src/cluster/create.cr b/src/cluster/create.cr
@@ -50,7 +50,12 @@ class Cluster::Create
     create_instances_concurrently(master_instances, kubernetes_masters_installation_queue_channel, wait: true)
 
     configure_firewall
-    create_load_balancer if master_instances.size > 1
+
+    if settings.create_load_balancer_for_the_kubernetes_api && master_instances.size > 1
+      create_load_balancer
+    else
+      delete_load_balancer
+    end
 
     initiate_k3s_setup
 
@@ -308,6 +313,16 @@ class Cluster::Create
       location: configuration.masters_location,
       network_id: network.try(&.id)
     ).run
+
+    sleep 5.seconds
+  end
+
+  private def delete_load_balancer
+    Hetzner::LoadBalancer::Delete.new(
+      hetzner_client: hetzner_client,
+      cluster_name: settings.cluster_name,
+      print_log: false
+    ).run
   end
 
   ## Private network

diff --git a/src/cluster/delete.cr b/src/cluster/delete.cr
@@ -48,8 +48,11 @@ class Cluster::Delete
   end
 
   private def delete_resources
-    delete_load_balancer
-    sleep 5.seconds
+    if settings.create_load_balancer_for_the_kubernetes_api
+      delete_load_balancer
+      sleep 5.seconds
+    end
+
     delete_instances
     delete_placement_groups
     delete_network
@@ -60,7 +63,8 @@ class Cluster::Delete
   private def delete_load_balancer
     Hetzner::LoadBalancer::Delete.new(
       hetzner_client: hetzner_client,
-      cluster_name: settings.cluster_name
+      cluster_name: settings.cluster_name,
+      print_log: true
     ).run
   end
 

diff --git a/src/configuration/main.cr b/src/configuration/main.cr
@@ -35,6 +35,7 @@ class Configuration::Main
   getter local_path_storage_class : Configuration::LocalPathStorageClass = Configuration::LocalPathStorageClass.new
   getter include_instance_type_in_instance_name : Bool = false
   getter protect_against_deletion : Bool = true
+  getter create_load_balancer_for_the_kubernetes_api : Bool = false
 
   def all_kubelet_args
     ["cloud-provider=external", "resolv-conf=/etc/k8s-resolv.conf"] + kubelet_args

diff --git a/src/hetzner/load_balancer/delete.cr b/src/hetzner/load_balancer/delete.cr
@@ -11,20 +11,19 @@ class Hetzner::LoadBalancer::Delete
     "#{cluster_name}-api"
   end
   getter load_balancer_finder : Hetzner::LoadBalancer::Find
+  getter print_log : Bool = true
 
-  def initialize(@hetzner_client, @cluster_name)
+  def initialize(@hetzner_client, @cluster_name, @print_log)
     @load_balancer_finder = Hetzner::LoadBalancer::Find.new(@hetzner_client, load_balancer_name)
   end
 
   def run
     load_balancer = load_balancer_finder.run
 
     if load_balancer
-      log_line "Deleting load balancer for API server..."
+      log_line "Deleting load balancer for API server..." if print_log
       delete_load_balancer(load_balancer.id)
-      log_line "...load balancer for API server deleted"
-    else
-      log_line "Load balancer for API server does not exist, skipping delete"
+      log_line "...load balancer for API server deleted" if print_log
     end
 
     load_balancer_name

diff --git a/src/kubernetes/installer.cr b/src/kubernetes/installer.cr
@@ -289,10 +289,12 @@ class Kubernetes::Installer
 
     File.write(kubeconfig_path, kubeconfig)
 
-    load_balancer_kubeconfig_path = "#{kubeconfig_path}-#{settings.cluster_name}"
-    load_balancer_kubeconfig = kubeconfig.gsub("server: https://127.0.0.1:6443", "server: https://#{load_balancer_ip_address}:6443")
+    if settings.create_load_balancer_for_the_kubernetes_api
+      load_balancer_kubeconfig_path = "#{kubeconfig_path}-#{settings.cluster_name}"
+      load_balancer_kubeconfig = kubeconfig.gsub("server: https://127.0.0.1:6443", "server: https://#{load_balancer_ip_address}:6443")
 
-    File.write(load_balancer_kubeconfig_path, load_balancer_kubeconfig)
+      File.write(load_balancer_kubeconfig_path, load_balancer_kubeconfig)
+    end
 
     masters.each_with_index do |master, index|
       master_ip_address = settings.networking.public_network.ipv4 ? master.public_ip_address : master.private_ip_address
@@ -307,7 +309,9 @@ class Kubernetes::Installer
       File.write(master_kubeconfig_path, master_kubeconfig)
     end
 
-    paths = ([load_balancer_kubeconfig_path] + masters.map { |master| "#{kubeconfig_path}-#{master.name}" }).join(":")
+    paths = settings.create_load_balancer_for_the_kubernetes_api ? [load_balancer_kubeconfig_path] : [] of String
+
+    paths = (paths + masters.map { |master| "#{kubeconfig_path}-#{master.name}" }).join(":")
 
     default_context = load_balancer.nil? ? first_master.name : settings.cluster_name
 
@@ -350,7 +354,8 @@ class Kubernetes::Installer
   end
 
   private def generate_tls_sans(master_count)
-    sans = ["--tls-san=#{load_balancer_ip_address}", "--tls-san=#{api_server_ip_address}", "--tls-san=127.0.0.1"]
+    sans = ["--tls-san=#{api_server_ip_address}", "--tls-san=127.0.0.1"]
+    sans << "--tls-san=#{load_balancer_ip_address}" if settings.create_load_balancer_for_the_kubernetes_api
     sans << "--tls-san=#{settings.api_server_hostname}" if settings.api_server_hostname
 
     masters.each do |master|
@@ -370,6 +375,6 @@ class Kubernetes::Installer
   end
 
   private def load_balancer_ip_address
-    load_balancer.not_nil!.public_ip_address
+    load_balancer.try(&.public_ip_address)
   end
 end