diff --git a/init.tf b/init.tf index d49b7d2..414c377 100644 --- a/init.tf +++ b/init.tf @@ -88,9 +88,11 @@ resource "null_resource" "kustomization" { "https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml", ], var.disable_hetzner_csi ? [] : ["https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml"], - var.enable_longhorn ? ["longhorn.yaml"] : [], local.is_single_node_cluster ? [] : var.traefik_enabled ? ["traefik_config.yaml"] : [], - var.cni_plugin == "calico" ? ["https://projectcalico.docs.tigera.io/manifests/calico.yaml"] : [] + var.cni_plugin == "calico" ? ["https://projectcalico.docs.tigera.io/manifests/calico.yaml"] : [], + var.enable_longhorn ? ["longhorn.yaml"] : [], + var.enable_cert_manager || var.enable_rancher ? ["cert-manager.yaml"] : [], + var.enable_rancher ? ["rancher.yaml"] : [], ), patchesStrategicMerge = concat( [ @@ -160,6 +162,26 @@ resource "null_resource" "kustomization" { destination = "/var/post_install/longhorn.yaml" } + # Upload the cert-manager config + provisioner "file" { + content = templatefile( + "${path.module}/templates/cert-manager.yaml.tpl", + {}) + destination = "/var/post_install/cert-manager.yaml" + } + + # Upload the rancher config + provisioner "file" { + content = templatefile( + "${path.module}/templates/rancher.yaml.tpl", + { + rancher_install_channel = var.rancher_install_channel + rancher_hostname = var.rancher_hostname + number_control_plane_nodes = length(local.control_plane_nodes) + }) + destination = "/var/post_install/rancher.yaml" + } + # Deploy secrets, logging is automatically disabled due to sensitive variables provisioner "remote-exec" { inline = [ diff --git a/templates/cert-manager.yaml.tpl b/templates/cert-manager.yaml.tpl new file mode 100644 index 0000000..bcaa0c8 --- /dev/null +++ b/templates/cert-manager.yaml.tpl @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: cert-manager +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: cert-manager + namespace: kube-system +spec: + chart: cert-manager + repo: https://charts.jetstack.io + targetNamespace: cert-manager + valuesContent: |- + installCRDs: true \ No newline at end of file diff --git a/templates/rancher.yaml.tpl b/templates/rancher.yaml.tpl new file mode 100644 index 0000000..8d48e6b --- /dev/null +++ b/templates/rancher.yaml.tpl @@ -0,0 +1,21 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: cattle-system +--- +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: rancher + namespace: kube-system +spec: + chart: rancher + repo: https://releases.rancher.com/server-charts/${rancher_install_channel} + targetNamespace: cattle-system + valuesContent: |- + ingress: + tls: + source: rancher + hostname: ${rancher_hostname} + replicas: ${number_control_plane_nodes} \ No newline at end of file diff --git a/terraform.tfvars.example b/terraform.tfvars.example index 40bec6d..946e232 100644 --- a/terraform.tfvars.example +++ b/terraform.tfvars.example @@ -183,3 +183,23 @@ load_balancer_location = "fsn1" # If you want to disable the automatic use of placement group "spread". See https://docs.hetzner.com/cloud/placement-groups/overview/ # That may be useful if you need to deploy more than 500 nodes! The default is "false". # placement_group_disable = true + +# You can enable cert-manager (installed by Helm behind the scenes) with the following flag, the default is "false". +# enable_cert_manager = true + +# You can enable rancher (installed by Helm behind the scenes) with the following flag, the default is "false". +# When rancher is enabled, it automatically installs cert-manager too, and it uses rancher's own certificates. +# As for the number of replicas, it is set to the numbe of control plane nodes. +# You can customized all of the above by creating and applying a HelmChartConfig to pass the helm chart values of your choice. +# See https://rancher.com/docs/k3s/latest/en/helm/ +# and https://rancher.com/docs/rancher/v2.6/en/installation/install-rancher-on-k8s/chart-options/ +# enable_rancher = true + +# When rancher is deployed, by default is uses the "stable" channel. But this can be customized. +# The allowed values are "stable", "latest", and "alpha". +# rancher_install_channel = "latest" + +# Set your rancher hostname, the default is "rancher.example.com". +# It is a required value when using rancher, but up to you to point the DNS to it or not. +# You can also not point the DNS, and just port-forward locally via kubectl to get access to the dashboard. +# rancher_hostname = "rancher.xyz.dev" \ No newline at end of file diff --git a/variables.tf b/variables.tf index 4994180..049c593 100644 --- a/variables.tf +++ b/variables.tf @@ -107,7 +107,7 @@ variable "initial_k3s_channel" { description = "Allows you to specify an initial k3s channel" validation { - condition = contains(["stable", "latest", "testing", "v1.16", "v1.17", "v1.18", "v1.19", "v1.20", "v1.21", "v1.22", "v1.23"], var.initial_k3s_channel) + condition = contains(["stable", "latest", "testing", "v1.16", "v1.17", "v1.18", "v1.19", "v1.20", "v1.21", "v1.22", "v1.23", "v1.24"], var.initial_k3s_channel) error_message = "The initial k3s channel must be one of stable, latest or testing." } } @@ -175,3 +175,32 @@ variable "disable_hetzner_csi" { default = false description = "Disable hetzner csi driver" } + +variable "enable_cert_manager" { + type = bool + default = false + description = "Enable cert manager" +} + +variable "enable_rancher" { + type = bool + default = false + description = "Enable rancher" +} + +variable "rancher_install_channel" { + type = string + default = "stable" + description = "Rancher install channel" + + validation { + condition = contains(["stable", "latest", "alpha"], var.rancher_install_channel) + error_message = "The allowed values for the rancher install channel are stable, latest, or alpha." + } +} + +variable "rancher_hostname" { + type = string + default = "rancher.example.com" + description = "Enable rancher" +}