Skip to content
Snippets Groups Projects
Commit 3e0aa897 authored by Rob Kooper's avatar Rob Kooper
Browse files

allow to specify more entrypoints

parent 8dbd6e4d
No related branches found
No related tags found
No related merge requests found
...@@ -44,6 +44,9 @@ spec: ...@@ -44,6 +44,9 @@ spec:
tls: tls:
enabled: true enabled: true
certResolver: letsencrypt certResolver: letsencrypt
{{- if .Values.ingresscontroller.traefik2.ports }}
{{- .Values.ingresscontroller.traefik2.ports | toYaml | nindent 10 }}
{{- end }}
additionalArguments: additionalArguments:
- --providers.kubernetesingress.ingressendpoint.ip={{ .Values.ingresscontroller.publicIP }} - --providers.kubernetesingress.ingressendpoint.ip={{ .Values.ingresscontroller.publicIP }}
{{- if .Values.ingresscontroller.acme }} {{- if .Values.ingresscontroller.acme }}
......
...@@ -26,6 +26,7 @@ healthmonitor: ...@@ -26,6 +26,7 @@ healthmonitor:
ingresscontroller: ingresscontroller:
enabled: false enabled: false
class: traefik2
publicIP: 1.1.1.1 publicIP: 1.1.1.1
#privateIP: 1.1.1.2 #privateIP: 1.1.1.2
#acme: #acme:
...@@ -35,6 +36,12 @@ ingresscontroller: ...@@ -35,6 +36,12 @@ ingresscontroller:
version: "1.*" version: "1.*"
traefik2: traefik2:
version: "10.*" version: "10.*"
ports: {}
# postgres:
# port: 5432
# expose: true
# exposedPort: 5432
# protocol: TCP
sealedsecrets: sealedsecrets:
enabled: false enabled: false
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
# unique key. # unique key.
resource "openstack_compute_keypair_v2" "key" { resource "openstack_compute_keypair_v2" "key" {
#count = 1 #var.openstack_ssh_key == "" ? 0 : 1 #count = 1 #var.openstack_ssh_key == "" ? 0 : 1
name = var.cluster_name name = var.cluster_name
} }
# set local variable to hold final key, either created or # set local variable to hold final key, either created or
......
...@@ -70,18 +70,18 @@ resource "openstack_networking_port_v2" "controlplane_ip_public" { ...@@ -70,18 +70,18 @@ resource "openstack_networking_port_v2" "controlplane_ip_public" {
# create a port that will be used with the floating ip, this will be associated # create a port that will be used with the floating ip, this will be associated
# with all of the VMs. # with all of the VMs.
resource "openstack_networking_port_v2" "floating_ip" { resource "openstack_networking_port_v2" "floating_ip" {
count = var.floating_ip count = var.floating_ip
depends_on = [ openstack_networking_subnet_v2.cluster_subnet ] depends_on = [openstack_networking_subnet_v2.cluster_subnet]
name = format("%s-floating-ip-%02d", var.cluster_name, count.index + 1) name = format("%s-floating-ip-%02d", var.cluster_name, count.index + 1)
network_id = openstack_networking_network_v2.cluster_net.id network_id = openstack_networking_network_v2.cluster_net.id
} }
# create floating ip that is associated with a fixed ip # create floating ip that is associated with a fixed ip
resource "openstack_networking_floatingip_v2" "floating_ip" { resource "openstack_networking_floatingip_v2" "floating_ip" {
count = var.floating_ip count = var.floating_ip
description = format("%s-floating-ip-%02d", var.cluster_name, count.index + 1) description = format("%s-floating-ip-%02d", var.cluster_name, count.index + 1)
pool = data.openstack_networking_network_v2.ext_net.name pool = data.openstack_networking_network_v2.ext_net.name
port_id = element(openstack_networking_port_v2.floating_ip.*.id, count.index) port_id = element(openstack_networking_port_v2.floating_ip.*.id, count.index)
} }
# create worker ip, this can route the ports for the floating ip as # create worker ip, this can route the ports for the floating ip as
......
...@@ -2,20 +2,20 @@ ...@@ -2,20 +2,20 @@
# control-plane nodes # control-plane nodes
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
resource "openstack_compute_instance_v2" "controlplane" { resource "openstack_compute_instance_v2" "controlplane" {
count = var.controlplane_count count = var.controlplane_count
depends_on = [ depends_on = [
openstack_networking_secgroup_rule_v2.same_security_group_ingress_tcp, openstack_networking_secgroup_rule_v2.same_security_group_ingress_tcp,
] ]
name = format("%s-controlplane-%d", var.cluster_name, count.index + 1) name = format("%s-controlplane-%d", var.cluster_name, count.index + 1)
image_name = var.os image_name = var.os
flavor_name = var.controlplane_flavor flavor_name = var.controlplane_flavor
key_pair = local.key key_pair = local.key
security_groups = [ security_groups = [
openstack_networking_secgroup_v2.cluster_security_group.name openstack_networking_secgroup_v2.cluster_security_group.name
] ]
config_drive = false config_drive = false
user_data = base64encode(templatefile("${path.module}/templates/user_data.tmpl", { user_data = base64encode(templatefile("${path.module}/templates/user_data.tmpl", {
private_key = openstack_compute_keypair_v2.key.private_key private_key = openstack_compute_keypair_v2.key.private_key
project_name = data.openstack_identity_auth_scope_v3.scope.project_name project_name = data.openstack_identity_auth_scope_v3.scope.project_name
cluster_name = var.cluster_name cluster_name = var.cluster_name
...@@ -54,8 +54,8 @@ resource "openstack_compute_instance_v2" "controlplane" { ...@@ -54,8 +54,8 @@ resource "openstack_compute_instance_v2" "controlplane" {
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
resource "openstack_compute_instance_v2" "worker" { resource "openstack_compute_instance_v2" "worker" {
count = var.worker_count count = var.worker_count
depends_on = [ depends_on = [
openstack_networking_secgroup_rule_v2.same_security_group_ingress_tcp, openstack_networking_secgroup_rule_v2.same_security_group_ingress_tcp,
openstack_networking_port_v2.controlplane_ip openstack_networking_port_v2.controlplane_ip
] ]
...@@ -63,9 +63,11 @@ resource "openstack_compute_instance_v2" "worker" { ...@@ -63,9 +63,11 @@ resource "openstack_compute_instance_v2" "worker" {
flavor_name = var.worker_flavor flavor_name = var.worker_flavor
key_pair = local.key key_pair = local.key
config_drive = false config_drive = false
security_groups = [ openstack_networking_secgroup_v2.cluster_security_group.name ] security_groups = [
openstack_networking_secgroup_v2.cluster_security_group.name
]
user_data = base64encode(templatefile("${path.module}/templates/user_data.tmpl", { user_data = base64encode(templatefile("${path.module}/templates/user_data.tmpl", {
private_key = openstack_compute_keypair_v2.key.private_key private_key = openstack_compute_keypair_v2.key.private_key
project_name = data.openstack_identity_auth_scope_v3.scope.project_name project_name = data.openstack_identity_auth_scope_v3.scope.project_name
cluster_name = var.cluster_name cluster_name = var.cluster_name
......
...@@ -19,7 +19,7 @@ output "ssh_config" { ...@@ -19,7 +19,7 @@ output "ssh_config" {
value = <<-EOT value = <<-EOT
# Automatically created by terraform # Automatically created by terraform
%{~ for i, x in openstack_compute_instance_v2.controlplane.* } %{~for i, x in openstack_compute_instance_v2.controlplane.*}
Host ${x.name} Host ${x.name}
HostName ${openstack_networking_floatingip_v2.controlplane_ip[i].address} HostName ${openstack_networking_floatingip_v2.controlplane_ip[i].address}
StrictHostKeyChecking no StrictHostKeyChecking no
...@@ -27,8 +27,8 @@ Host ${x.name} ...@@ -27,8 +27,8 @@ Host ${x.name}
IdentityFile ${pathexpand("~/.ssh/${var.cluster_name}.pem")} IdentityFile ${pathexpand("~/.ssh/${var.cluster_name}.pem")}
User centos User centos
%{~ endfor } %{~endfor}
%{~ for x in openstack_compute_instance_v2.worker.* } %{~for x in openstack_compute_instance_v2.worker.*}
Host ${x.name} Host ${x.name}
HostName ${x.network[0].fixed_ip_v4} HostName ${x.network[0].fixed_ip_v4}
StrictHostKeyChecking no StrictHostKeyChecking no
...@@ -37,7 +37,7 @@ Host ${x.name} ...@@ -37,7 +37,7 @@ Host ${x.name}
IdentityFile ${pathexpand("~/.ssh/${var.cluster_name}.pem")} IdentityFile ${pathexpand("~/.ssh/${var.cluster_name}.pem")}
User centos User centos
%{~ endfor } %{~endfor}
EOT EOT
} }
...@@ -54,7 +54,7 @@ output "kube_id" { ...@@ -54,7 +54,7 @@ output "kube_id" {
output "floating_ip" { output "floating_ip" {
description = "Map for floating ips and associated private ips" description = "Map for floating ips and associated private ips"
value = [ value = [
for i, ip in openstack_networking_floatingip_v2.floating_ip.*.address : { for i, ip in openstack_networking_floatingip_v2.floating_ip.*.address : {
private_ip = element(flatten(openstack_networking_port_v2.floating_ip.*.all_fixed_ips), i) private_ip = element(flatten(openstack_networking_port_v2.floating_ip.*.all_fixed_ips), i)
public_ip = ip public_ip = ip
......
...@@ -3,12 +3,17 @@ ...@@ -3,12 +3,17 @@
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
resource "rancher2_cluster_v2" "kube" { resource "rancher2_cluster_v2" "kube" {
name = var.cluster_name name = var.cluster_name
kubernetes_version = var.rke2_version
default_cluster_role_for_project_members = "user" default_cluster_role_for_project_members = "user"
kubernetes_version = var.rke2_version
agent_env_vars {
name = "CATTLE_AGENT_LOGLEVEL"
value = "info"
}
rke_config { rke_config {
local_auth_endpoint { local_auth_endpoint {
enabled = var.cluster_direct_access enabled = var.cluster_direct_access
} }
machine_global_config = <<EOF machine_global_config = <<EOF
disable: disable:
...@@ -17,20 +22,75 @@ EOF ...@@ -17,20 +22,75 @@ EOF
upgrade_strategy { upgrade_strategy {
control_plane_concurrency = 1 control_plane_concurrency = 1
control_plane_drain_options { control_plane_drain_options {
ignore_daemon_sets = true ignore_daemon_sets = true
delete_empty_dir_data = true delete_empty_dir_data = true
grace_period = 120 grace_period = 120
} }
worker_concurrency = 1 worker_concurrency = 1
worker_drain_options { worker_drain_options {
ignore_daemon_sets = true ignore_daemon_sets = true
delete_empty_dir_data = true delete_empty_dir_data = true
grace_period = 120 grace_period = 120
} }
} }
} }
} }
# Create a new rancher2 Cluster Sync for cluster
resource "rancher2_cluster_sync" "kube" {
depends_on = [ openstack_compute_instance_v2.controlplane[0] ]
cluster_id = rancher2_cluster_v2.kube.cluster_v1_id
wait_catalogs = false
}
# ----------------------------------------------------------------------
# applications
# ----------------------------------------------------------------------
resource "rancher2_app_v2" "monitoring" {
count = var.monitoring_enabled ? 1 : 0
cluster_id = rancher2_cluster_sync.kube.id
name = "rancher-monitoring"
namespace = "cattle-monitoring-system"
repo_name = "rancher-charts"
chart_name = "rancher-monitoring"
// values = <<EOF
//prometheus:
// resources:
// core:
// limits:
// cpu: "4000m"
// memory: "6144Mi"
//EOF
lifecycle {
ignore_changes = [
values
]
}
}
resource "rancher2_app_v2" "longhorn" {
count = var.longhorn_enabled ? 1 : 0
cluster_id = rancher2_cluster_v2.kube.cluster_v1_id
name = "longhorn"
namespace = "longhorn-system"
repo_name = "rancher-charts"
chart_name = "longhorn"
values = <<EOF
defaultSettings:
backupTarget: nfs://radiant-nfs.ncsa.illinois.edu:/radiant/projects/${data.openstack_identity_auth_scope_v3.scope.project_name}/${var.cluster_name}/backup
defaultReplicaCount: ${var.longhorn_replicas}
persistence:
defaultClass: false
defaultClassReplicaCount: ${var.longhorn_replicas}
EOF
lifecycle {
ignore_changes = [
values
]
}
}
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# cluster access # cluster access
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
......
...@@ -6,8 +6,8 @@ ssh: ...@@ -6,8 +6,8 @@ ssh:
emit_keys_to_console: false emit_keys_to_console: false
# update and upgrade instance # update and upgrade instance
#package_update: true package_update: true
#package_upgrade: true package_upgrade: true
# files to be created on the system # files to be created on the system
write_files: write_files:
...@@ -32,6 +32,5 @@ write_files: ...@@ -32,6 +32,5 @@ write_files:
# run this command once the system is booted # run this command once the system is booted
runcmd: runcmd:
- echo "${node_command} ${node_options} --node-name ${node_name}" > /kube.sh
- ${node_command} ${node_options} --node-name ${node_name} - ${node_command} ${node_options} --node-name ${node_name}
- mount -av - mount -av
...@@ -34,6 +34,36 @@ variable "rancher_token" { ...@@ -34,6 +34,36 @@ variable "rancher_token" {
description = "Access token for rancher, clusters are created as this user" description = "Access token for rancher, clusters are created as this user"
} }
# get latest version from rancher using:
# curl https://releases.rancher.com/kontainer-driver-metadata/release-v2.6/data.json | jq '.rke2.releases | .[].version' | sort
variable "rke2_version" {
type = string
description = "Version of rke2 to install."
default = ""
}
# ----------------------------------------------------------------------
# APPLICATIONS
# ----------------------------------------------------------------------
variable "monitoring_enabled" {
type = bool
description = "Enable monitoring in rancher"
default = true
}
variable "longhorn_enabled" {
type = bool
description = "Enable longhorn storage"
default = true
}
variable "longhorn_replicas" {
type = string
description = "Number of replicas"
default = 3
}
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
# USERS # USERS
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
...@@ -41,44 +71,25 @@ variable "rancher_token" { ...@@ -41,44 +71,25 @@ variable "rancher_token" {
variable "admin_users" { variable "admin_users" {
type = set(string) type = set(string)
description = "List of LDAP users with admin access to cluster." description = "List of LDAP users with admin access to cluster."
default = [ ] default = []
} }
variable "admin_groups" { variable "admin_groups" {
type = set(string) type = set(string)
description = "List of LDAP groups with admin access to cluster." description = "List of LDAP groups with admin access to cluster."
default = [ ] default = []
} }
variable "member_users" { variable "member_users" {
type = set(string) type = set(string)
description = "List of LDAP users with access to cluster." description = "List of LDAP users with access to cluster."
default = [ ] default = []
} }
variable "member_groups" { variable "member_groups" {
type = set(string) type = set(string)
description = "List of LDAP groups with access to cluster." description = "List of LDAP groups with access to cluster."
default = [ ] default = []
}
# ----------------------------------------------------------------------
# RKE2
# ----------------------------------------------------------------------
variable "rke2_secret" {
type = string
sensitive = true
description = "default token to be used, if empty random one is used"
default = ""
}
# get latest version from rancher using:
# curl https://releases.rancher.com/kontainer-driver-metadata/release-v2.6/data.json | jq '.rke2.releases | .[].version' | sort
variable "rke2_version" {
type = string
description = "Version of rke2 to install."
default = "v1.21.6+rke2r1"
} }
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
......
...@@ -5,11 +5,11 @@ terraform { ...@@ -5,11 +5,11 @@ terraform {
version = ">= 1.43.0" version = ">= 1.43.0"
} }
rancher2 = { rancher2 = {
source = "rancher/rancher2" source = "rancher/rancher2"
version = ">= 1.21.0" version = ">= 1.21.0"
} }
random = { random = {
source = "hashicorp/random" source = "hashicorp/random"
version = ">= 3.1.0" version = ">= 3.1.0"
} }
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment