✨ Add hetzner baremetal cluster stack (#125)

* Add hetzner baremetal cluster stack

Signed-off-by: Roman Hros <[email protected]>

* Add etcd encryption via variable

Signed-off-by: Roman Hros <[email protected]>

* Add clusterLoadBalancerName and clusterLoadBalancerAlgorithm variables

Signed-off-by: Roman Hros <[email protected]>

* Add certSANs and OIDC config

Signed-off-by: Roman Hros <[email protected]>

* Update containerd

Signed-off-by: Roman Hros <[email protected]>

* Replace syself's hccm with Hetzner's one

Signed-off-by: Roman Hros <[email protected]>

* Update rook-ceph

Signed-off-by: Roman Hros <[email protected]>

* Bump k8s, containerd and cilium versions

Signed-off-by: Roman Hros <[email protected]>

* Add rook-ceph production ready default helm values

Signed-off-by: Roman Hros <[email protected]>

* Add quick start guide

Signed-off-by: Roman Hros <[email protected]>

* Update rook-ceph cluster-addon

Signed-off-by: Roman Hros <[email protected]>

---------

Signed-off-by: Roman Hros <[email protected]>

Author: chess-knight

providers/hetzner/baremetal/1-30/cluster-addon-values.yaml

@@ -0,0 +1,12 @@
+values: |
+  metrics-server:
+    commonLabels:
+      domain: "{{ .Cluster.spec.controlPlaneEndpoint.host }}"
+      clusterAddonVersion: "v1"
+  {{- range .Cluster.spec.topology.variables }}
+  {{- if and (eq .name "rook_ceph_values") .value }}
+  rook-ceph:{{ .value | nindent 4 }}
+  {{- else if and (eq .name "rook_ceph_cluster_values") .value }}
+  rook-ceph-cluster:{{ .value | nindent 4 }}
+  {{- end }}
+  {{- end }}

providers/hetzner/baremetal/1-30/cluster-addon/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

providers/hetzner/baremetal/1-30/cluster-addon/Chart.lock

@@ -0,0 +1,18 @@
+dependencies:
+- name: metrics-server
+  repository: https://kubernetes-sigs.github.io/metrics-server/
+  version: 3.12.1
+- name: cilium
+  repository: https://helm.cilium.io/
+  version: 1.15.7
+- name: hcloud-cloud-controller-manager
+  repository: https://charts.hetzner.cloud
+  version: 1.20.0
+- name: rook-ceph
+  repository: https://charts.rook.io/release
+  version: v1.14.9
+- name: rook-ceph-cluster
+  repository: https://charts.rook.io/release
+  version: v1.14.9
+digest: sha256:225dd45233da2ae9fe8c52f1908167ffab3e7ca6df86996e21a5abe233756711
+generated: "2024-08-08T15:38:15.791040283+02:00"

providers/hetzner/baremetal/1-30/cluster-addon/Chart.yaml

@@ -0,0 +1,27 @@
+apiVersion: v2
+dependencies:
+- alias: metrics-server
+  name: metrics-server
+  repository: https://kubernetes-sigs.github.io/metrics-server/
+  version: 3.12.1
+- alias: cilium
+  name: cilium
+  repository: https://helm.cilium.io/
+  version: 1.15.7
+- alias: hcloud-cloud-controller-manager
+  name: hcloud-cloud-controller-manager
+  repository: https://charts.hetzner.cloud
+  version: 1.20.0
+- alias: rook-ceph
+  name: rook-ceph
+  repository: https://charts.rook.io/release
+  version: v1.14.9
+  condition: rook-ceph.enabled,rook-ceph-cluster.enabled
+- alias: rook-ceph-cluster
+  name: rook-ceph-cluster
+  repository: https://charts.rook.io/release
+  version: v1.14.9
+  condition: rook-ceph-cluster.enabled
+name: hetzner-baremetal-1-30-cluster-addon
+type: application
+version: v1

providers/hetzner/baremetal/1-30/cluster-addon/charts/cilium-1.15.7.tgz

@@ -0,0 +1,73 @@
+metrics-server:
+  fullnameOverride: metrics-server
+
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 0
+      maxUnavailable: 1
+
+  service:
+    labels:
+      kubernetes.io/cluster-service: "true"
+      kubernetes.io/name: "Metrics-server"
+
+cilium:
+  rollOutCiliumPods: true
+  priorityClassName: "system-node-critical"
+
+  hubble:
+    metrics:
+      enabled:
+      - dns:query;ignoreAAAA
+      - drop
+      - tcp
+      - flow
+      - icmp
+      - http
+    relay:
+      enabled: true
+      rollOutPods: true
+    ui:
+      enabled: true
+      rollOutPods: true
+  ipam:
+    mode: "kubernetes"
+
+  kubeProxyReplacement: "partial"
+
+  operator:
+    rollOutPods: true
+    priorityClassName: "system-node-critical"
+
+hcloud-cloud-controller-manager:
+  robot:
+    enabled: true
+  env:
+    HCLOUD_TOKEN:
+      valueFrom:
+        secretKeyRef:
+          name: hetzner
+          key: hcloud
+    ROBOT_USER:
+      valueFrom:
+        secretKeyRef:
+          name: hetzner
+          key: robot-user
+    ROBOT_PASSWORD:
+      valueFrom:
+        secretKeyRef:
+          name: hetzner
+          key: robot-password
+
+rook-ceph:
+  enableDiscoveryDaemon: true
+rook-ceph-cluster:
+  operatorNamespace: kube-system
+  toolbox:
+    enabled: true
+  cephClusterSpec:
+    mgr:
+      modules:
+      - name: rook
+        enabled: true