Allow overriding interface used by Flannel and refactor network creation in example Terraform configs for Hetzner

[xmudrii]

What this PR does / why we need it:

This PR is introducing two distinct changes to improve the Hetzner integration.

Overriding Canal/Flannel interface

For a long time, we had a problem that Hetzner clusters are using the public interface to communicate between nodes. That's a huge problem both from the efficiency side (bandwidth consumption) and from the security side. It can also make problems with some other components, such as CCM and CSI.

The reason why this happens is that Hetzner servers are configured with a default route that uses the public interface. Canal/Flannel are using that default route to determine what network interface should be used for communications between nodes and VXLAN.

This can be mitigated by forcing Flannel to use another interface in two ways:

• by setting the FLANNELD_IFACE environment variable or the --iface flag
• by setting the FLANNELD_IFACE_REGEX environment variable or the --iface-regex flag

KubeOne didn't fully support any of those mechanisms. Even though it is already possible to edit the canal-config ConfigMap and set canal_iface which is used as a value for the FLANNELD_IFACE environment variable, that change would be overridden on the first subsequent kubeone apply run.

This problem is solved by introducing a new parameter for the Canal CNI addon called IFACE which can be used like this:

apiVersion: kubeone.k8c.io/v1beta2
kind: KubeOneCluster
...
addons:
  enable: true
  addons:
    - name: "cni-canal"
      params:
        IFACE: ens10

However, this requires knowing the interface name and this is not always possible. Instead, it might be better to use the regex to match the interface name or the interface's IP address. This is possible thanks to the FLANNELD_IFACE_REGEX option and it's exposed to KubeOne users via the IFACE_REGEX parameter:

apiVersion: kubeone.k8c.io/v1beta2
kind: KubeOneCluster
...
addons:
  enable: true
  addons:
    - name: "cni-canal"
      params:
        IFACE_REGEX: '10\.*\.10\.*'

Note: using apostrophes is required when passing regex via YAML.

Randomly generating network subnet for Hetzner

We have been using the same subnet for all Hetzner clusters (192.168.0.0/16). There are multiple problems:

• Even though networks are different, it seems like different networks with the same subnet can collide and cause conflicts
• /16 subnet is quite large especially if we want to run multiple E2E tests in parallel

To mitigate this, this PR refactors how we handle networks in the example Terraform configs for Hetzner. We are now randomly generating /24 subnets in the 10.100.0.0/16 range, similar to what are we doing for AWS. This is a breaking change and existing users will have to take additional steps if migrating to the new Terraform configs.

What type of PR is this?
/kind feature

Does this PR introduce a user-facing change? Then add your Release Note here:

- Canal CNI: Add `IFACE` and `IFACE_REGEX` parameters to allow explicitly selecting network interface to be used for inter-node communication and VXLAN
- [ACTION REQUIRED] Refactor example Terraform configs for Hetzner to randomly generate the private network subnet in order to support creating multiple KubeOne clusters

Documentation:

TBD

/assign @kron4eg

[kron4eg]

/lgtm
/approve

[kubermatic-bot]

LGTM label has been added.

Git tree hash: 4ca7bcbedd1def415aa15d3f86b46de4ac293593

[kubermatic-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kron4eg

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [kron4eg]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment