Revert "private_key expl (#33)"

This reverts commit 268ac84.

README.md

@@ -31,14 +31,13 @@ Create a Kubernetes cluster:
 
 ```hcl
 module "hcloud_kubernetes_cluster" {
-  source             = "JWDobken/kubernetes/hcloud"
-  cluster_name       = "demo-cluster"
-  hcloud_token       = var.hcloud_token
-  hcloud_ssh_keys    = [hcloud_ssh_key.demo_cluster.id]
-  private_key        = file("~/.ssh/hcloud")
-  control_plane_type = "cx11" # optional
-  worker_type        = "cx21" # optional
-  worker_count       = 3
+  source          = "JWDobken/kubernetes/hcloud"
+  cluster_name    = "demo-cluster"
+  hcloud_token    = var.hcloud_token
+  hcloud_ssh_keys = [hcloud_ssh_key.demo_cluster.id]
+  control_plane_type     = "cx11" # optional
+  worker_type     = "cx21" # optional
+  worker_count    = 3
 }
 
 output "kubeconfig" {
@@ -123,7 +122,7 @@ provider "kubernetes" {
 
 ## Acknowledgements
 
-This module came about when I was looking for an affordable Kubernetes cluster. There are a couple of Terraform projects on which the current is heavily based:
+This module came about when I was looking for an affordable Kubernetes cluster. There is an [article from Christian Beneke](https://community.hetzner.com/tutorials/install-kubernetes-cluster) and there are a couple of Terraform projects on which the current is heavily based:
 
 - Patrick Stadler's [hobby-kube provisioning](https://github.com/hobby-kube/provisioning)
 - Niclas Mietz's [terraform-k8s-hcloud](https://github.com/solidnerd/terraform-k8s-hcloud)

main.tf

@@ -2,7 +2,6 @@ module "cluster" {
   source                    = "./modules/cluster"
   hcloud_token              = var.hcloud_token
   hcloud_ssh_keys           = var.hcloud_ssh_keys
-  private_key               = var.private_key
   cluster_name              = var.cluster_name
   location                  = var.location
   image                     = var.image
@@ -21,7 +20,6 @@ module "firewall" {
   source          = "./modules/firewall"
   connections     = module.cluster.all_nodes.*.ipv4_address
   subnet_ip_range = var.subnet_ip_range
-  private_key     = var.private_key
 }
 
 module "kubernetes" {
@@ -33,5 +31,4 @@ module "kubernetes" {
   worker_nodes        = module.cluster.worker_nodes
   private_ips         = module.cluster.private_ips
   kubernetes_version  = var.kubernetes_version
-  private_key         = var.private_key
 }

modules/cluster/main.tf

@@ -18,9 +18,10 @@ resource "hcloud_server" "control_plane_node" {
   }
 
   connection {
-    host        = self.ipv4_address
-    type        = "ssh"
-    private_key = var.private_key
+    user    = "root"
+    type    = "ssh"
+    timeout = "2m"
+    host    = self.ipv4_address
   }
 
   provisioner "file" {
@@ -50,9 +51,10 @@ resource "hcloud_server" "worker_node" {
   }
 
   connection {
-    host        = self.ipv4_address
-    type        = "ssh"
-    private_key = var.private_key
+    user    = "root"
+    type    = "ssh"
+    timeout = "2m"
+    host    = self.ipv4_address
   }
 
   provisioner "file" {

modules/cluster/variables.tf

@@ -9,11 +9,6 @@ variable "hcloud_ssh_keys" {
   type = list(any)
 }
 
-variable "private_key" {
-  type      = string
-  sensitive = true
-}
-
 variable "cluster_name" {
   type = string
 }

modules/firewall/main.tf

@@ -8,11 +8,6 @@ variable "subnet_ip_range" {
   type = string
 }
 
-variable "private_key" {
-  type      = string
-  sensitive = true
-}
-
 resource "null_resource" "firewall" {
   count = length(var.connections)
 
@@ -21,9 +16,9 @@ resource "null_resource" "firewall" {
   }
 
   connection {
-    host        = element(var.connections, count.index)
-    type        = "ssh"
-    private_key = var.private_key
+    host  = element(var.connections, count.index)
+    user  = "root"
+    agent = true
   }
 
   provisioner "remote-exec" {

modules/kubernetes/kubeadm_join.tf

@@ -5,24 +5,20 @@ resource "null_resource" "kubeadm_join" {
   depends_on = [null_resource.install]
 
   connection {
-    host        = element(var.worker_nodes.*.ipv4_address, count.index)
-    type        = "ssh"
-    private_key = var.private_key
+    host  = element(var.worker_nodes.*.ipv4_address, count.index)
+    user  = "root"
+    agent = true
   }
 
   provisioner "local-exec" {
     command = <<EOT
-      eval "$(ssh-agent -s)"
-      echo "${var.private_key}" | tr -d '\r' | ssh-add -
       ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
         root@${local.control_plane_ip} 'echo $(kubeadm token create) > /tmp/kubeadm_token'
     EOT
   }
 
   provisioner "local-exec" {
     command = <<EOT
-      eval "$(ssh-agent -s)"
-      echo "${var.private_key}" | tr -d '\r' | ssh-add -
       scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
         root@${local.control_plane_ip}:/tmp/kubeadm_token \
         /tmp/kubeadm_token

modules/kubernetes/main.tf

@@ -10,9 +10,10 @@ resource "null_resource" "install" {
   count = length(local.connections)
 
   connection {
-    host        = element(local.connections, count.index)
-    type        = "ssh"
-    private_key = var.private_key
+    type  = "ssh"
+    host  = element(local.connections, count.index)
+    user  = "root"
+    agent = true
   }
 
   provisioner "remote-exec" {
@@ -110,8 +111,6 @@ module "kubeconfig" {
   trigger = element(var.control_plane_nodes.*.ipv4_address, 0)
 
   command = <<EOT
-    eval "$(ssh-agent -s)" > /dev/null
-    echo "${var.private_key}" | tr -d '\r' | ssh-add - > /dev/null
     ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
       root@${local.control_plane_ip} 'cat /root/.kube/config'
   EOT
@@ -124,8 +123,6 @@ module "endpoint" {
   trigger = element(var.control_plane_nodes.*.ipv4_address, 0)
 
   command = <<EOT
-    eval "$(ssh-agent -s)" > /dev/null
-    echo "${var.private_key}" | tr -d '\r' | ssh-add - > /dev/null
     ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
       root@${local.control_plane_ip} 'kubectl config --kubeconfig /root/.kube/config view -o jsonpath='{.clusters[0].cluster.server}''
   EOT
@@ -138,8 +135,6 @@ module "certificate_authority_data" {
   trigger = element(var.control_plane_nodes.*.ipv4_address, 0)
 
   command = <<EOT
-    eval "$(ssh-agent -s)" > /dev/null
-    echo "${var.private_key}" | tr -d '\r' | ssh-add - > /dev/null
     ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
       root@${local.control_plane_ip} 'kubectl config --kubeconfig /root/.kube/config view --flatten -o jsonpath='{.clusters[0].cluster.certificate-authority-data}''
   EOT
@@ -152,8 +147,6 @@ module "client_certificate_data" {
   trigger = element(var.control_plane_nodes.*.ipv4_address, 0)
 
   command = <<EOT
-    eval "$(ssh-agent -s)" > /dev/null
-    echo "${var.private_key}" | tr -d '\r' | ssh-add - > /dev/null
     ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
       root@${local.control_plane_ip} 'kubectl config --kubeconfig /root/.kube/config view --flatten -o jsonpath='{.users[0].user.client-certificate-data}''
   EOT
@@ -166,8 +159,6 @@ module "client_key_data" {
   trigger = element(var.control_plane_nodes.*.ipv4_address, 0)
 
   command = <<EOT
-    eval "$(ssh-agent -s)" > /dev/null
-    echo "${var.private_key}" | tr -d '\r' | ssh-add - > /dev/null
     ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
       root@${local.control_plane_ip} 'kubectl config --kubeconfig /root/.kube/config view --flatten -o jsonpath='{.users[0].user.client-key-data}''
   EOT

modules/kubernetes/variables.tf

@@ -14,11 +14,6 @@ variable "private_ips" {
   type = list(any)
 }
 
-variable "private_key" {
-  type      = string
-  sensitive = true
-}
-
 # CONTROL-PLANE NODES
 variable "control_plane_nodes" {
   type = list(any)

variables.tf

@@ -14,12 +14,6 @@ variable "hcloud_ssh_keys" {
   type        = list(any)
 }
 
-variable "private_key" {
-  description = "(Required) - content of an SSH key to use for the connection. These can be loaded from a file on disk using the `file` function."
-  type        = string
-  sensitive   = true
-}
-
 variable "location" {
   description = "(Optional) - Location, e.g. 'nbg1' (Neurenberg)."
   type        = string