feat(core): first version

Signed-off-by: 90DY <forward@90dy.ltd>

Author: 90dy

.github/workflows/apply.yml

@@ -19,20 +19,16 @@ jobs:
         DOMAIN_NAME: ${{ vars.DOMAIN_NAME }}
     permissions: 
       contents: write
-    # strategy:
-    #   matrix:
-    #     envionment:
-    #       - 0.eu.cntb.hacl.${{ vars.DOMAIN_NAME }}
-    #       - 1.eu.cntb.hacl.${{ vars.DOMAIN_NAME }}
-    #       - 2.eu.cntb.hacl.${{ vars.DOMAIN_NAME }}
-    #   max-parallel: 1
-    #   fail-fast: false
     steps:
       - name: Checkout
         uses: actions/checkout@v2
 
-      - name: Get private key from secrets
-        run: echo "${{ secrets.PRIVATE_KEY }}" > ${{ vars.DOMAIN_NAME }}-private.key
+      - name: Set up SSH key
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.PRIVATE_KEY }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
 
       - name: Get Contabo YAML from secrets && install cntb
         run: |
@@ -44,9 +40,9 @@ jobs:
         with:
           deno-version: v2.x
 
-      - name: Apply changes
+      - name: Create or update cluster
         # Hide logs for public repositories
-        run: make apply # 1>/dev/null
+        run: make create-cluster # 1>/dev/null
 
       - name: Tests changes
         run: make test # 1>/dev/null
@@ -61,4 +57,4 @@ jobs:
         with:
           tag: ${{ steps.tag_version.outputs.new_tag }}
           name: Release ${{ steps.tag_version.outputs.new_tag }}
-          body: ${{ steps.tag_version.outputs.changelog }}
+          body: ${{ steps.tag_version.outputs.changelog }}

Dockerfile

@@ -1,9 +1,36 @@
-FROM quay.io/kubespray/kubespray:v2.27.0
+FROM ubuntu:22.04
 
+# Install dependencies
+RUN apt-get update && apt-get install -y \
+    apt-transport-https \
+    ca-certificates \
+    curl \
+    gnupg \
+    lsb-release \
+    openssh-client \
+    jq \
+    vim \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install kubectl
+RUN curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/kubernetes-archive-keyring.gpg \
+    && echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list \
+    && apt-get update \
+    && apt-get install -y kubectl \
+    && rm -rf /var/lib/apt/lists/*
+
+# Set environment variables
 ENV DOMAIN_NAME=
+ENV KUBECONFIG=/config/kubeconfig.yml
+
+# Create directories
+RUN mkdir -p /config
 
-VOLUME /inventory
+# Set working directory
+WORKDIR /config
 
-ENTRYPOINT [ "ansible-playbook", "--private-key=/inventory/${DOMAIN_NAME}-private.key", "-i=/inventory/inventory.ini", "--forks=50" ] 
+# Volume for configuration files
+VOLUME /config
 
-CMD [ "cluster.yml" ]
+# Default command
+CMD ["bash"]

Makefile

@@ -3,25 +3,112 @@ get-secret = $(shell read -s -p "$(1): " secret; echo $$secret; echo 1>&0)
 
 export DOMAIN_NAME ?= ${domain}
 
-docker-run := docker run $(shell [ -t 0 ] && echo -it || echo -i) -e DOMAIN_NAME=${DOMAIN_NAME}
+SSH_OPTS := -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null
 
-.PHONY: build
-build:
-	docker build -t kubespray -f Dockerfile .
+# Default Kubernetes version
+K8S_VERSION ?= 1.31.4
 
-.PHONY: apply 
-apply: ## Apply the kubernetes cluster
-apply: generate ${DOMAIN_NAME}-private.key build
-	${docker-run} -v .:/inventory kubespray cluster.yml
+# Default CNI
+CNI ?= calico
 
-.PHONY: reset
-reset: ## Reset the kubernetes cluster
-reset: generate ${DOMAIN_NAME}-private.key build
-	${docker-run} -v .:/inventory kubespray reset.yml
+# Default pod CIDR
+POD_CIDR ?= 10.244.0.0/16
 
-.PHONY: ${DOMAIN_NAME}-private.key
-${DOMAIN_NAME}-private.key: .FORCE
-	@chmod 400 $@
+# Default service CIDR
+SERVICE_CIDR ?= 10.96.0.0/12
+
+# Default control plane endpoint
+CONTROL_PLANE_ENDPOINT ?= $(shell cat .cntb/instances.json | jq -r '.[] | select(.displayName | startswith("$(DOMAIN_NAME)_control-plane-0")) | .ipv4')
+
+.PHONY: create-cluster
+create-cluster: ## Create a new Kubernetes cluster based on available Contabo nodes
+create-cluster: generate
+	@echo "Creating Kubernetes cluster with kubeadm..."
+	@echo "Initializing control plane on $(CONTROL_PLANE_ENDPOINT)..."
+	@ssh $(SSH_OPTS) root@$(CONTROL_PLANE_ENDPOINT) "kubeadm init --kubernetes-version=$(K8S_VERSION) \
+		--pod-network-cidr=$(POD_CIDR) \
+		--service-cidr=$(SERVICE_CIDR) \
+		--control-plane-endpoint=$(CONTROL_PLANE_ENDPOINT):6443 \
+		--upload-certs"
+	@echo "Installing CNI ($(CNI))..."
+	@if [ "$(CNI)" = "calico" ]; then \
+		ssh $(SSH_OPTS) root@$(CONTROL_PLANE_ENDPOINT) "kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f https://docs.projectcalico.org/manifests/calico.yaml"; \
+	elif [ "$(CNI)" = "flannel" ]; then \
+		ssh $(SSH_OPTS) root@$(CONTROL_PLANE_ENDPOINT) "kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml"; \
+	fi
+	@echo "Fetching kubeconfig..."
+	@ssh $(SSH_OPTS) root@$(CONTROL_PLANE_ENDPOINT) "cat /etc/kubernetes/admin.conf" > kubeconfig.yml
+	@echo "Cluster created successfully! Kubeconfig saved to kubeconfig.yml"
+
+.PHONY: add-control-plane
+add-control-plane: ## Add a control plane node to the cluster
+add-control-plane: node ?= $(call get-input,Node name (e.g. $(DOMAIN_NAME)_control-plane-1))
+add-control-plane: generate
+	@echo "Adding control plane node $(node)..."
+	@NODE_IP=$(shell cat .cntb/instances.json | jq -r '.[] | select(.displayName == "$(node)") | .ipv4') && \
+	JOIN_CMD=$$(ssh $(SSH_OPTS) root@$(CONTROL_PLANE_ENDPOINT) "kubeadm token create --print-join-command") && \
+	CERTIFICATE_KEY=$$(ssh $(SSH_OPTS) root@$(CONTROL_PLANE_ENDPOINT) "kubeadm init phase upload-certs --upload-certs | tail -1") && \
+	ssh $(SSH_OPTS) root@$$NODE_IP "$$JOIN_CMD --control-plane --certificate-key $$CERTIFICATE_KEY"
+	@echo "Control plane node $(node) added successfully!"
+
+.PHONY: add-worker
+add-worker: ## Add a worker node to the cluster
+add-worker: node ?= $(call get-input,Node name (e.g. $(DOMAIN_NAME)_worker-0))
+add-worker: generate
+	@echo "Adding worker node $(node)..."
+	@NODE_IP=$(shell cat .cntb/instances.json | jq -r '.[] | select(.displayName == "$(node)") | .ipv4') && \
+	JOIN_CMD=$$(ssh $(SSH_OPTS) root@$(CONTROL_PLANE_ENDPOINT) "kubeadm token create --print-join-command") && \
+	ssh $(SSH_OPTS) root@$$NODE_IP "$$JOIN_CMD"
+	@echo "Worker node $(node) added successfully!"
+
+.PHONY: add-etcd
+add-etcd: ## Add an etcd node to the cluster (requires manual configuration)
+add-etcd: node ?= $(call get-input,Node name (e.g. $(DOMAIN_NAME)_etcd-0))
+add-etcd: generate
+	@echo "Adding etcd node $(node)..."
+	@echo "Note: Adding external etcd nodes requires manual configuration."
+	@echo "Please follow the kubeadm documentation for setting up an external etcd cluster."
+	@NODE_IP=$(shell cat .cntb/instances.json | jq -r '.[] | select(.displayName == "$(node)") | .ipv4')
+	@echo "Node IP: $$NODE_IP"
+
+.PHONY: remove-node
+remove-node: ## Remove a node from the cluster
+remove-node: node ?= $(call get-input,Node name to remove)
+remove-node: generate
+	@echo "Removing node $(node)..."
+	@NODE_IP=$(shell cat .cntb/instances.json | jq -r '.[] | select(.displayName == "$(node)") | .ipv4') && \
+	ssh $(SSH_OPTS) root@$(CONTROL_PLANE_ENDPOINT) "kubectl --kubeconfig=/etc/kubernetes/admin.conf drain $(node) --ignore-daemonsets --delete-emptydir-data" && \
+	ssh $(SSH_OPTS) root@$(CONTROL_PLANE_ENDPOINT) "kubectl --kubeconfig=/etc/kubernetes/admin.conf delete node $(node)" && \
+	ssh $(SSH_OPTS) root@$$NODE_IP "kubeadm reset -f"
+	@echo "Node $(node) removed successfully!"
+
+.PHONY: upgrade-cluster
+upgrade-cluster: ## Upgrade the Kubernetes cluster
+upgrade-cluster: version ?= $(call get-input,Kubernetes version to upgrade to)
+upgrade-cluster: generate
+	@echo "Upgrading control plane nodes to version $(version)..."
+	@for node in $$(cat .cntb/instances.json | jq -r '.[] | select(.displayName | contains("control-plane")) | .ipv4'); do \
+		echo "Upgrading control plane node $$node..."; \
+		ssh $(SSH_OPTS) root@$$node "apt-get update && apt-get install -y kubeadm=$(version)-00 && kubeadm upgrade apply $(version) -y && apt-get install -y kubelet=$(version)-00 kubectl=$(version)-00 && systemctl restart kubelet"; \
+	done
+	@echo "Upgrading worker nodes to version $(version)..."
+	@for node in $$(cat .cntb/instances.json | jq -r '.[] | select(.displayName | contains("worker")) | .ipv4'); do \
+		echo "Upgrading worker node $$node..."; \
+		ssh $(SSH_OPTS) root@$$node "apt-get update && apt-get install -y kubeadm=$(version)-00 && kubeadm upgrade node && apt-get install -y kubelet=$(version)-00 kubectl=$(version)-00 && systemctl restart kubelet"; \
+	done
+	@echo "Cluster upgraded to version $(version) successfully!"
+
+.PHONY: reset-cluster
+reset-cluster: ## Reset the entire Kubernetes cluster
+reset-cluster: generate
+	@echo "Resetting the entire Kubernetes cluster..."
+	@echo "This will remove all nodes from the cluster and reset kubeadm on each node."
+	@read -p "Are you sure you want to continue? [y/N] " confirm && [ "$$confirm" = "y" ] || exit 1
+	@for node in $$(cat .cntb/instances.json | jq -r '.[] | select(.displayName | startswith("$(DOMAIN_NAME)_")) | .ipv4'); do \
+		echo "Resetting node $$node..."; \
+		ssh $(SSH_OPTS) root@$$node "kubeadm reset -f"; \
+	done
+	@echo "Cluster reset successfully!"
 
 .PHONY: .FORCE
 .FORCE:
@@ -42,21 +129,42 @@ ${HOME}/.cntb.yaml:
 		--oauth2-password='${oauth2-password}'
 
 .PHONY: generate
-generate: ## Generate the ansible inventory
+generate: ## Generate the node information
 generate: .cntb .cntb/private-networks.json .cntb/instances.json
 	@deno -A ./generate.ts
-.cntb:
+.cntb: .FORCE
 	@mkdir -p .cntb
-.cntb/private-networks.json:
+.cntb/private-networks.json: .FORCE
 	@cntb get privateNetworks --output json > .cntb/private-networks.json
-.cntb/instances.json:
+.cntb/instances.json: .FORCE
 	@cntb get instances --output json > .cntb/instances.json
 
 .PHONY: list-nodes
 list-nodes: ## List all nodes in the cluster
 list-nodes: generate
 	@echo "Nodes:"
-	@cat .cntb/instances.json | jq -r '.[] | .displayName' | grep '^${DOMAIN_NAME}-'
+	@cat .cntb/instances.json | jq -r '.[] | .displayName' | grep '^${DOMAIN_NAME}_'
+
+.PHONY: get-join-command
+get-join-command: ## Get the kubeadm join command for adding new nodes
+get-join-command: generate
+	@ssh $(SSH_OPTS) root@$(CONTROL_PLANE_ENDPOINT) "kubeadm token create --print-join-command"
+
+.PHONY: install-metallb
+install-metallb: ## Install MetalLB for load balancing
+install-metallb: generate
+	@echo "Installing MetalLB..."
+	@ssh $(SSH_OPTS) root@$(CONTROL_PLANE_ENDPOINT) "kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f https://raw.githubusercontent.com/metallb/metallb/v0.13.7/config/manifests/metallb-native.yaml"
+	@echo "Waiting for MetalLB to be ready..."
+	@ssh $(SSH_OPTS) root@$(CONTROL_PLANE_ENDPOINT) "kubectl --kubeconfig=/etc/kubernetes/admin.conf wait --namespace metallb-system --for=condition=ready pod --selector=app=metallb --timeout=90s"
+	@echo "MetalLB installed successfully!"
+
+.PHONY: install-kube-vip
+install-kube-vip: ## Install Kube-VIP for control plane high availability
+install-kube-vip: generate
+	@echo "Installing Kube-VIP..."
+	@ssh $(SSH_OPTS) root@$(CONTROL_PLANE_ENDPOINT) "kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f https://kube-vip.io/manifests/kube-vip-rbac.yaml"
+	@echo "Kube-VIP installed successfully!"
 
 .PHONY: test
 test: ## Test basic cluster functionalities

README.md

@@ -1,6 +1,6 @@
 # High Availability but Lean Kubernetes Cluster
 
-A High Availability, frugal Kubernetes cluster using [Kubespray](https://github.com/kubernetes-sigs/kubespray) optimized for Contabo VPS. Deploy enterprise-grade Kubernetes at 1/10th the cost of managed solutions.
+A High Availability, frugal Kubernetes cluster using [kubeadm](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/) optimized for Contabo VPS. Deploy enterprise-grade Kubernetes at 1/10th the cost of managed solutions.
 
 ## Key Features
 
@@ -98,32 +98,70 @@ graph TD
 ```bash
 git clone https://github.com/ctnr.io/ha-lean-cluster.git
 cd ha-lean-cluster
-make login
-make generate
-make apply 
+deno run -A api/cli.ts createCluster --domainName=ctnr.io
 ```
 
+## API-Based Cluster Management
+
+This project uses a tRPC-based API for managing your Kubernetes cluster. You can interact with the API using the provided CLI tool:
+
+```bash
+# Create a new cluster based on available Contabo nodes
+deno run -A api/cli.ts createCluster --domainName=ctnr.io --k8sVersion=1.31.4 --cni=calico
+
+# Add a control plane node to the cluster
+deno run -A api/cli.ts addControlPlane --domainName=ctnr.io --nodeName=ctnr.io_control-plane-1
+
+# Add a worker node to the cluster
+deno run -A api/cli.ts addWorker --domainName=ctnr.io --nodeName=ctnr.io_worker-0
+
+# Add an etcd node to the cluster (requires manual configuration)
+deno run -A api/cli.ts addEtcd --domainName=ctnr.io --nodeName=ctnr.io_etcd-0
+
+# Remove a node from the cluster
+deno run -A api/cli.ts removeNode --domainName=ctnr.io --nodeName=ctnr.io_worker-0
+
+# Upgrade the Kubernetes cluster
+deno run -A api/cli.ts upgradeCluster --domainName=ctnr.io --version=1.32.0 --packageRevision=00
+
+# Reset the entire Kubernetes cluster
+deno run -A api/cli.ts resetCluster --domainName=ctnr.io --confirm=true
+
+# List all nodes in the cluster
+deno run -A api/cli.ts listNodes --domainName=ctnr.io
+
+# Get the kubeadm join command for adding new nodes
+deno run -A api/cli.ts getJoinCommand --domainName=ctnr.io
+```
+
+### API Features
+
+- **Automatic Node Provisioning**: When creating a cluster, the API checks for existing clusters with the same domain name and automatically claims available VPS instances.
+- **Type-Safe Operations**: All API operations are fully typed with input validation.
+- **Flexible Configuration**: Customize Kubernetes version, CNI, network CIDRs, and more.
+- **Error Handling**: Comprehensive error handling with detailed error messages.
+
 ## Hardware Requirements
 
 - **Minimal**: 1 Contabo VPS S (4 vCPU, 8GB RAM) - €4.99/month
 - **Recommended**: 3 Contabo VPS S instances - €14.97/month
 
 ## Configuration & Node Naming
 
-- **Core Files**: `inventory.ini.ts`, `kubeconfig.yml.ts`, `group_vars/k8s_cluster/k8s-cluster.yml.ts`, `group_vars/k8s_cluster/addons.yml.ts`
-- **Node Naming**: Each node name must start with the domain name prefix (`ctnr.io-`) followed by the role:
-  - Control Plane: `<domain-name>-control-plane-X[-etcd][-worker]`
-  - ETCD: `<domain-name>-etcd-X`
-  - Worker: `<domain-name>-worker-X[-etcd]`
-  - Examples: `<domain-name>-control-plane-0-etcd`, `<domain-name>-worker-0`, `<domain-name>-etcd-0`
+- **Core Files**: `kubeconfig.yml.ts`, `helpers.ts`
+- **Node Naming**: Each node name must start with the domain name prefix (`ctnr.io_`) followed by the role:
+  - Control Plane: `<domain-name>_control-plane-X[_etcd][_worker]`
+  - ETCD: `<domain-name>_etcd-X`
+  - Worker: `<domain-name>_worker-X[_etcd]`
+  - Examples: `<domain-name>_control-plane-0_etcd`, `<domain-name>_worker-0`, `<domain-name>_etcd-0`
 
 ### ⚠️ Important Warning
 
-**DO NOT change the first control plane node (<domain-name>-control-plane-0) without understanding the implications!**
+**DO NOT change the first control plane node (<domain-name>_control-plane-0) without understanding the implications!**
 
 The first control plane node is critical for cluster stability. Modifying or removing it incorrectly can cause the entire cluster to fail. If you need to replace the first control plane node, follow these steps:
 
-1. Rename your current nodes so that `<domain-name>-control-plane-1` becomes `<domain-name>-control-plane-0` and vice versa
+1. Rename your current nodes so that `<domain-name>_control-plane-1` becomes `<domain-name>_control-plane-0` and vice versa
 2. Apply the configuration
 3. Only then remove the original control plane node
 
@@ -132,11 +170,15 @@ The first control plane node is critical for cluster stability. Modifying or rem
 The project includes automated tests to verify that key components are working correctly:
 
 - **Ingress Testing**: Tests that the Nginx ingress controller is properly configured and can route traffic to services
-  - Run with: `make test-ingress` or `deno test -A tests/ingress_test.ts`
+  - Run with: `deno test -A tests/ingress_test.ts`
   - The test creates a test namespace, deployment, service, and ingress with a custom domain name
   - It verifies connectivity using host-based routing with the domain name from your configuration
   - Test fixtures are located in `tests/fixtures/` directory
 
+- **ETCD Testing**: Tests that the etcd cluster is healthy and functioning correctly
+  - Run with: `deno test -A tests/etcd_test.ts`
+  - Verifies etcd cluster health, member list, alarms, and response time
+
 ## Next Steps & Roadmap
 
 - **Next**: Implement volume provisioning, configure auto-scaling, deploy workloads, add monitoring

api/caller.ts

@@ -0,0 +1,5 @@
+import { appRouter } from "./router/index.ts";
+import { trpc } from "./trpc.ts";
+
+// Create a tRPC caller for direct procedure calls
+export const caller = trpc.createCallerFactory(appRouter)({});

api/cli.ts

@@ -0,0 +1,10 @@
+import { trpc } from "./trpc.ts";
+import { appRouter } from "./router/index.ts";
+import { createCli } from "trpc-cli";
+
+export const cli = createCli({
+  router: appRouter,
+  createCallerFactory: trpc.createCallerFactory,
+});
+
+cli.run();