Enable Built-in k3s Features (Traefik, Helm-Chart-Controller) #39
Conversation
gthieleb
changed the title
gthieleb
force-pushed
the
feature/k3s-features
branch
from
e5f3c16 to
9a42289
Compare
gthieleb
changed the title
|
Thank you for the PR. I want to review the PR in more detail. In general, you are able to adjust k3s parameters via the additional parameters variable. However, I do see its limitations and am happy to consider a different configuration mechanism. |
|
@jceb Thank you for your response. I am happy to discuss the feature and improvements. If its fine lets schedule a short call. |
jceb
left a comment
jceb
left a comment
There was a problem hiding this comment.
Thank you for the effort and please excuse the delay in getting back to you! The PR is on a good track. We do need to simplify it more so that the user is presented with a clean interface for managing a super custom configuration of the cluster. I made a number of commits below. Please have a look.
I was thinking in a similar but slightly different direction when it comes to a super custom configuration of the cluster. My idea was to allow the user to just specify a completely custom configuration, turn it into YAML and store it here: https://docs.k3s.io/installation/configuration#configuration-file.
We store the default config in /etc/rancher/k3s/config.yaml.d/00-default.yaml, use flags only for the most crucial settings that must be defined, and place the user's configuration in /etc/rancher/k3s/config.yaml.d/10-user.yaml. We could also provide additional configurations per node pool, that are placed in /etc/rancher/k3s/config.yaml.d/20-nodepool.yaml with variable replacement in values, e.g. NODE is replaced by the actual node name.
What do you think about this idea? This would simplify the interface and allow the user to completely customize the cluster at the cost of accidentally building a foot-gun.
| default = "" | ||
| } | ||
|
|
||
| variable "k3s_features" { |
There was a problem hiding this comment.
Can we combine the two lists? I'd prefer to only have one list that lists all the features that the user wants to enable, including the custom configuration.
We could mark the custom_config as optional(string) to reduce the noise.
We should also include a validation of the supported feature names so that users are warned when they're trying to configure an unsupported feature.
Is it a good idea to let users configure the cloud-controller feature? I'm not 100% sure about network-policy but isn't this taken care of by cilium and it wouldn't make sense to enable this feature?
There was a problem hiding this comment.
Will we keep the k3s_features variable together with the config file approach? If yes I would remove the custom_config here.
variables.tf
Outdated
| } | ||
|
|
||
| variable "k3s_features" { | ||
| description = "Configurable k3s features that can be enabled or disabled. Each feature can have enabled flag and optional custom configuration content that will be written to /etc/rancher/k3s/{feature}-config.yaml" |
There was a problem hiding this comment.
| description = "Configurable k3s features that can be enabled or disabled. Each feature can have enabled flag and optional custom configuration content that will be written to /etc/rancher/k3s/{feature}-config.yaml" | |
| description = "Configurable k3s features that can be enabled or disabled. Each feature has an enabled flag and optional custom configuration content" |
README.md
Outdated
|
|
||
| ## Configuration | ||
|
|
||
| ### Enabling k3s Features |
There was a problem hiding this comment.
| ### Enabling k3s Features | |
| ### Enabling additional k3s Features |
README.md
Outdated
|
|
||
| ### Enabling k3s Features | ||
|
|
||
| k3s comes with various features by default, which are **disabled by default** in this Terraform module to ensure maximum control and flexibility. These features can be enabled as needed using the `k3s_features` variable: |
There was a problem hiding this comment.
| k3s comes with various features by default, which are **disabled by default** in this Terraform module to ensure maximum control and flexibility. These features can be enabled as needed using the `k3s_features` variable: | |
| terraform-hcloud-k3s provides a fully functional default configuration. Enabling additional features requires a comprehensive understanding of how k3s is configured and is an advanced use case! Features can be enabled as needed using the `k3s_features` variable: |
README.md
Outdated
| k3s comes with various features by default, which are **disabled by default** in this Terraform module to ensure maximum control and flexibility. These features can be enabled as needed using the `k3s_features` variable: | ||
|
|
||
| **Available Features:** | ||
| - **Traefik Ingress Controller**: Can be enabled for ingress management |
There was a problem hiding this comment.
| - **Traefik Ingress Controller**: Can be enabled for ingress management | |
| - **traefik**: Enable to use the built-in Traefik ingress controller |
README.md
Outdated
| - **ServiceLB Load Balancer**: Can be enabled for simple load balancing | ||
| - **Local Storage Provider**: Can be enabled for local storage provisioning | ||
| - **Metrics Server**: Installed separately as Helm Chart for better control | ||
| - **Network Policy Controller**: Cilium is used as network plugin |
There was a problem hiding this comment.
| - **Network Policy Controller**: Cilium is used as network plugin |
README.md
Outdated
| - **Local Storage Provider**: Can be enabled for local storage provisioning | ||
| - **Metrics Server**: Installed separately as Helm Chart for better control | ||
| - **Network Policy Controller**: Cilium is used as network plugin | ||
| - **Kube-proxy**, **Helm Controller**, **Cloud Controller**: Additional configurable features |
There was a problem hiding this comment.
| - **Kube-proxy**, **Helm Controller**, **Cloud Controller**: Additional configurable features | |
| - **kube-proxy**: Is enabled by default, a custom configuration can be provided | |
| - **helm-controller**: Enable to install the built-in helm controller |
README.md
Outdated
| 4. [Persistent Volume Encryption](#persistent-volume-encryption) | ||
| 5. [Adjust Sysctl Parameters](#adjust-sysctl-parameters) | ||
| 6. [Private Registry Access](#private-registry-access) | ||
| 1. [Enabling k3s Features](#enabling-k3s-features) |
There was a problem hiding this comment.
Please move this section to the bottom of the configuration chapter since it's a very advanced topic.
README.md
Outdated
|
|
||
| ## Variables | ||
|
|
||
| ### `k3s_feature_list` and `k3s_disable_flags` |
There was a problem hiding this comment.
Let's have just one feature list. Everything happens in there: enabling, disabling.
README.md
Outdated
|
|
||
| The variable `k3s_feature_list` defines which features are evaluated for enabling or disabling within the cluster. | ||
|
|
||
| Terraform generates `k3s_disable_flags` automatically from this list combined with the `local.k3s_features` map: |
There was a problem hiding this comment.
Too much detail, the user should not be force to know how the internals of the module work, e.g. local.k3s_features.
|
@jceb I agree with the file-based approach. Will implement:
GitOps users will handle HelmChartConfig separately anyway. Will rework the PR accordingly. |
gthieleb
force-pushed
the
feature/k3s-features
branch
from
450a510 to
a95ceaa
Compare
… into feature/k3s-features
2 participants
Because we want to use argocd to bootstrap clusters and rely on some existing functionality of k3s we want to extend this by enabling built-in k3s features.
This change should carefully extend the core functionality of this module without breaking its guiding principles.