HomeInfra/HetznerTerra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
239 Commits 1 Branch 1 Tag
f2c506b350d4f6dbfafc6b5f760db1749ae88111
Commit Graph

239 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
MichaelFisher1997
f2c506b350 refactor: Replace CNPG external DB with rancher-backup operator
All checks were successful
Deploy Cluster / Terraform (push) Successful in 48s
Details
Deploy Cluster / Ansible (push) Successful in 6m5s
Details 
Rancher 2.x uses embedded etcd, not an external PostgreSQL database.
The CATTLE_DB_CATTLE_* env vars are Rancher v1 only and were ignored.

- Remove all CNPG (CloudNativePG) cluster, operator, and related configs
- Remove external DB env vars from Rancher HelmRelease
- Remove rancher-db-password ExternalSecret
- Add rancher-backup operator HelmRelease (v106.0.2+up8.1.0)
- Add B2 credentials ExternalSecret for backup storage
- Add recurring Backup CR (daily at 03:00, 7 day retention)
- Add commented-out Restore CR for rebuild recovery
- Update Flux dependency graph accordingly
 2026-03-29 21:53:16 +00:00
MichaelFisher1997
efdf13976a fix: Handle missing 'online' field in Tailscale API response
All checks were successful
Deploy Cluster / Terraform (push) Successful in 2m12s
Details
Deploy Cluster / Ansible (push) Successful in 9m19s
Details
2026-03-29 13:52:23 +00:00
MichaelFisher1997
5269884408 feat: Auto-cleanup stale Tailscale devices before cluster boot
Some checks failed
Deploy Cluster / Terraform (push) Successful in 2m17s
Details
Deploy Cluster / Ansible (push) Failing after 6m35s
Details 
Adds tailscale-cleanup Ansible role that uses the Tailscale API to
delete offline devices matching reserved hostnames (e.g. rancher).
Runs during site.yml before Finalize to prevent hostname collisions
like rancher-1 on rebuild.

Requires TAILSCALE_API_KEY (API access token) passed as extra var.
 2026-03-29 11:47:53 +00:00
MichaelFisher1997
6e5b0518be feat: Add kubeconfig refresh script and fix Ansible Finalize to use public IP
All checks were successful
Deploy Cluster / Terraform (push) Successful in 53s
Details
Deploy Cluster / Ansible (push) Successful in 5m25s
Details 
- scripts/refresh-kubeconfig.sh fetches a fresh kubeconfig from CP1
- Ansible site.yml Finalize step now uses public IP instead of Tailscale
  hostname for the kubeconfig server address
- Updated AGENTS.md with kubeconfig refresh instructions
 2026-03-29 03:31:36 +00:00
MichaelFisher1997
905d069e91 fix: Add serverName to CNPG externalClusters for B2 recovery
All checks were successful
Deploy Cluster / Terraform (push) Successful in 49s
Details
Deploy Cluster / Ansible (push) Successful in 5m22s
Details 
CNPG uses the external cluster name (b2-backup) as the barman server
name by default, but the backups were stored under server name rancher-db.
 2026-03-29 03:22:19 +00:00
MichaelFisher1997
25ba4b7115 fix: Add skipEmptyWalArchiveCheck annotation and B2 secret healthcheck to CNPG
All checks were successful
Deploy Cluster / Terraform (push) Successful in 49s
Details
Deploy Cluster / Ansible (push) Successful in 5m22s
Details 
- Skip WAL archive emptiness check so recovery works when restoring over
  an existing backup archive in B2
- Add healthCheck for b2-credentials secret in CNPG kustomization to
  prevent recovery from starting before ExternalSecret has synced
 2026-03-29 03:15:23 +00:00
MichaelFisher1997
6a593fd559 feat: Add B2 recovery bootstrap to CNPG cluster
All checks were successful
Deploy Cluster / Terraform (push) Successful in 2m6s
Details
Deploy Cluster / Ansible (push) Successful in 8m16s
Details
2026-03-29 00:22:24 +00:00
MichaelFisher1997
936f54a1b5 fix: Restore canonical Rancher tailnet hostname
All checks were successful
Deploy Cluster / Terraform (push) Successful in 48s
Details
Deploy Cluster / Ansible (push) Successful in 6m1s
Details
2026-03-29 00:00:39 +00:00
MichaelFisher1997
c9df11e65f fix: Align Rancher tailnet hostname with live proxy
All checks were successful
Deploy Cluster / Terraform (push) Successful in 49s
Details
Deploy Cluster / Ansible (push) Successful in 6m1s
Details
2026-03-28 23:47:09 +00:00
MichaelFisher1997
a3c238fda9 fix: Apply Rancher server URL after chart install
All checks were successful
Deploy Cluster / Terraform (push) Successful in 2m43s
Details
Deploy Cluster / Ansible (push) Successful in 10m39s
Details
2026-03-28 23:12:59 +00:00
MichaelFisher1997
a15fa50302 fix: Use Doppler-backed Rancher bootstrap password
All checks were successful
Deploy Cluster / Terraform (push) Successful in 49s
Details
Deploy Cluster / Ansible (push) Successful in 5m43s
Details
2026-03-28 22:51:38 +00:00
MichaelFisher1997
0f4f0b09fb fix: Add Rancher DB password ExternalSecret
All checks were successful
Deploy Cluster / Terraform (push) Successful in 49s
Details
Deploy Cluster / Ansible (push) Successful in 5m42s
Details
2026-03-28 22:42:05 +00:00
MichaelFisher1997
4c002a870c fix: Remove invalid Rancher server-url manifest
Some checks failed
Deploy Cluster / Terraform (push) Successful in 51s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-28 22:39:31 +00:00
MichaelFisher1997
43d11ac7e6 docs: Add agent guidance and sync Rancher docs
All checks were successful
Deploy Cluster / Terraform (push) Successful in 2m33s
Details
Deploy Cluster / Ansible (push) Successful in 9m44s
Details
2026-03-28 22:13:37 +00:00
MichaelFisher1997
8c5edcf0a1 fix: Set Rancher server URL to tailnet hostname
All checks were successful
Deploy Cluster / Terraform (push) Successful in 1m0s
Details
Deploy Cluster / Ansible (push) Successful in 6m27s
Details
2026-03-28 04:07:44 +00:00
MichaelFisher1997
a81da0d178 feat: Expose Rancher via Tailscale hostname
All checks were successful
Deploy Cluster / Terraform (push) Successful in 52s
Details
Deploy Cluster / Ansible (push) Successful in 6m42s
Details
2026-03-28 03:59:02 +00:00
MichaelFisher1997
2a72527c79 fix: Switch Traefik from LoadBalancer to NodePort, remove unused Hetzner LB
All checks were successful
Deploy Cluster / Terraform (push) Successful in 49s
Details
Deploy Cluster / Ansible (push) Successful in 6m25s
Details
2026-03-28 03:21:19 +00:00
MichaelFisher1997
7cb3b84ecb feat: Replace custom pgdump job with CNPG ScheduledBackup
Some checks failed
Deploy Cluster / Terraform (push) Successful in 1m30s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-28 03:15:39 +00:00
MichaelFisher1997
d4930235fa fix: Point CNPG backups at the existing B2 bucket
All checks were successful
Deploy Cluster / Terraform (push) Successful in 48s
Details
Deploy Cluster / Ansible (push) Successful in 6m17s
Details
2026-03-26 23:35:19 +00:00
MichaelFisher1997
ee8dc4b451 fix: Add Role for B2 credentials access
All checks were successful
Deploy Cluster / Terraform (push) Successful in 49s
Details
Deploy Cluster / Ansible (push) Successful in 6m29s
Details
2026-03-26 23:04:40 +00:00
MichaelFisher1997
144d40e7ac feat: Add RBAC for CNP to read B2 credentials secret
All checks were successful
Deploy Cluster / Terraform (push) Successful in 48s
Details
Deploy Cluster / Ansible (push) Successful in 6m38s
Details
2026-03-26 22:56:00 +00:00
MichaelFisher1997
cc14e32572 fix: Use gzip instead of lzop for backup compression
Some checks failed
Deploy Cluster / Terraform (push) Successful in 49s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-26 22:51:10 +00:00
MichaelFisher1997
a207a5a7fd fix: Remove invalid encryption field from CNP backup config
Some checks failed
Deploy Cluster / Terraform (push) Successful in 40s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-26 22:49:29 +00:00
MichaelFisher1997
4e1772c175 feat: Add B2 backup configuration to CNP Cluster
Some checks failed
Deploy Cluster / Terraform (push) Successful in 1m38s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-26 22:47:31 +00:00
MichaelFisher1997
ff70b12084 chore: Add HTTP/HTTPS firewall rules for Load Balancer
All checks were successful
Deploy Cluster / Terraform (push) Successful in 52s
Details
Deploy Cluster / Ansible (push) Successful in 6m56s
Details
2026-03-26 22:36:13 +00:00
MichaelFisher1997
a3963c56e6 cleanup: Remove traefik-config, simplify traefik helmrelease
All checks were successful
Deploy Cluster / Terraform (push) Successful in 50s
Details
Deploy Cluster / Ansible (push) Successful in 6m20s
Details
2026-03-26 03:16:56 +00:00
MichaelFisher1997
612435c42c fix: Add Hetzner LB health check config to Traefik
Some checks failed
Deploy Cluster / Terraform (push) Successful in 47s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-26 03:11:10 +00:00
MichaelFisher1997
ac42f671a2 fix: Remove addon-traefik-config dependency from flux-ui
Some checks failed
Deploy Cluster / Terraform (push) Successful in 50s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-26 03:05:58 +00:00
MichaelFisher1997
dbe7ec0468 fix: Remove expose boolean from traefik ports config
Some checks failed
Deploy Cluster / Terraform (push) Successful in 49s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-26 03:01:13 +00:00
MichaelFisher1997
816ac8b3c0 fix: Use official Traefik helm repo instead of rancher-stable
Some checks failed
Deploy Cluster / Terraform (push) Successful in 48s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-26 02:59:00 +00:00
MichaelFisher1997
6f7998639f fix: Use standard kustomize API in traefik addon
Some checks failed
Deploy Cluster / Terraform (push) Successful in 48s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-26 02:56:52 +00:00
MichaelFisher1997
7a14f89ad1 fix: Correct traefik kustomization path and sourceRef
Some checks failed
Deploy Cluster / Terraform (push) Successful in 48s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-26 02:55:37 +00:00
MichaelFisher1997
786901c5d7 fix: Correct traefik kustomization reference (directory not file)
Some checks failed
Deploy Cluster / Terraform (push) Successful in 47s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-26 02:54:29 +00:00
MichaelFisher1997
46f3d1130b feat: Add Flux-managed Traefik HelmRelease with Hetzner LB config
Some checks failed
Deploy Cluster / Terraform (push) Successful in 48s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-26 02:52:49 +00:00
MichaelFisher1997
2fe5a626d4 fix: Add Hetzner network zone annotation to Traefik LoadBalancer
All checks were successful
Deploy Cluster / Terraform (push) Successful in 52s
Details
Deploy Cluster / Ansible (push) Successful in 6m20s
Details
2026-03-26 02:30:43 +00:00
MichaelFisher1997
2ef68c8087 fix: Remove deprecated enablePodMonitor field in CNP Cluster
All checks were successful
Deploy Cluster / Terraform (push) Successful in 2m13s
Details
Deploy Cluster / Ansible (push) Successful in 10m15s
Details
2026-03-26 01:01:53 +00:00
MichaelFisher1997
e2cae18f5f fix: Remove backup config for initial deployment - add backup after DB is running
All checks were successful
Deploy Cluster / Terraform (push) Successful in 36s
Details
Deploy Cluster / Ansible (push) Successful in 4m56s
Details
2026-03-26 00:46:50 +00:00
MichaelFisher1997
e0c1e41ee9 fix: Remove bootstrap recovery - create fresh DB (recovery only needed after first backup)
Some checks failed
Deploy Cluster / Terraform (push) Successful in 35s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-26 00:43:49 +00:00
MichaelFisher1997
63533de901 fix: Fix retentionPolicy format (14d not keep14)
Some checks failed
Deploy Cluster / Terraform (push) Successful in 47s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-26 00:41:44 +00:00
MichaelFisher1997
1b39710f63 fix: Move retentionPolicy to correct location in backup spec
Some checks failed
Deploy Cluster / Terraform (push) Successful in 37s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-26 00:39:25 +00:00
MichaelFisher1997
8c034323dc fix: Fix Cluster CR with correct barmanObjectStore schema
Some checks failed
Deploy Cluster / Terraform (push) Successful in 35s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-26 00:35:23 +00:00
MichaelFisher1997
5fa2b411ee fix: Fix Cluster CR schema - use barmanObjectStore instead of b2
Some checks failed
Deploy Cluster / Terraform (push) Successful in 35s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-26 00:33:04 +00:00
MichaelFisher1997
3ea28e525f fix: Fix CNP operator image repository (cloudnative-pg not postgresql)
All checks were successful
Deploy Cluster / Terraform (push) Successful in 43s
Details
Deploy Cluster / Ansible (push) Successful in 4m55s
Details
2026-03-26 00:21:09 +00:00
MichaelFisher1997
4b95ba113d fix: Remove LPP helm (already installed by k3s), fix CNP chart version to 0.27.1
All checks were successful
Deploy Cluster / Terraform (push) Successful in 36s
Details
Deploy Cluster / Ansible (push) Successful in 5m7s
Details
2026-03-26 00:13:22 +00:00
MichaelFisher1997
13627bf81f fix: Split CNP operator from CNP cluster to fix CRD dependency
All checks were successful
Deploy Cluster / Terraform (push) Successful in 35s
Details
Deploy Cluster / Ansible (push) Successful in 5m0s
Details 
- Move CNP operator HelmRelease to cnpg-operator folder
- Create addon-cnpg-operator kustomization (deploys operator first)
- Update addon-cnpg to dependOn addon-cnpg-operator
- Add addon-cnpg as dependency for addon-rancher (needs database)
 2026-03-26 00:06:34 +00:00
MichaelFisher1997
ef3fb2489a fix: Convert kustomization-lpp and kustomization-cnpg to Flux Kustomization CRs
Some checks failed
Deploy Cluster / Terraform (push) Successful in 37s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-26 00:03:53 +00:00
MichaelFisher1997
7097495d72 fix: Add missing metadata.name to kustomization-lpp and kustomization-cnpg
Some checks failed
Deploy Cluster / Terraform (push) Successful in 1m7s
Details
Deploy Cluster / Ansible (push) Has been cancelled
Details
2026-03-25 23:39:45 +00:00
MichaelFisher1997
9d601dc77c feat: Add CloudNativePG with B2 backups for persistent Rancher database
Some checks failed
Deploy Cluster / Terraform (push) Successful in 4m16s
Details
Deploy Cluster / Ansible (push) Failing after 12m27s
Details 
- Add Local Path Provisioner for storage
- Add CloudNativePG operator (v1.27.0) via Flux
- Create PostgreSQL cluster with B2 (Backblaze) auto-backup/restore
- Update Rancher to use external PostgreSQL via CATTLE_DB_CATTLE_* env vars
- Add weekly pg_dump CronJob to B2 (Sundays 2AM)
- Add pre-destroy backup hook to destroy workflow
- Add B2 credentials to Doppler (B2_ACCOUNT_ID, B2_APPLICATION_KEY)
- Generate RANCHER_DB_PASSWORD in Doppler

Backup location: HetznerTerra/rancher-backups/
Retention: 14 backups
 2026-03-25 23:06:45 +00:00
MichaelFisher1997
f36445d99a Fix CNI: configure flannel to use private network interface (enp7s0) instead of public
All checks were successful
Deploy Cluster / Terraform (push) Successful in 34s
Details
Deploy Cluster / Ansible (push) Successful in 8m42s
Details
2026-03-25 01:44:33 +00:00
MichaelFisher1997
89c2c99963 Fix Rancher: remove conflicting LoadBalancer, add HTTPS port-forward, use tailscale serve only
All checks were successful
Deploy Cluster / Terraform (push) Successful in 2m21s
Details
Deploy Cluster / Ansible (push) Successful in 9m2s
Details
2026-03-25 00:59:16 +00:00