commit 817adf98c3835fe3e561341bad2b4ecb67674188
Author: Matthias Hinrichs <matthias.hinrichs@sbb.ch>
Date:   Thu Jul 17 01:11:17 2025 +0200

    added first implementation

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..6816502
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,40 @@
+# Terraform Dateien
+*.tfstate
+*.tfstate.*
+**/.terraform/*
+*.tfvars
+.terraform.lock.hcl
+
+# Ausnahme für Beispiel-Variablendateien im cluster-configs Verzeichnis
+!cluster-configs/*.tfvars
+
+# Kubeconfig Dateien
+*kubeconfig*
+
+# Crash Log Dateien
+crash.log
+crash.*.log
+
+# Lokale Override-Dateien
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# CLI Konfigurationsdateien
+.terraformrc
+terraform.rc
+
+# Secrets und Keys
+*.pem
+*.key
+.env
+*.env
+secrets.yaml
+*secret*
+
+# Systemdateien
+.DS_Store
+.directory
+
+*-kubeconfig
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..474ca07
--- /dev/null
+++ b/README.md
@@ -0,0 +1,162 @@
+# Kubernetes Cluster Management mit Terraform
+
+
+Dieses Modul erstellt und verwaltet Kubernetes Cluster auf Harvester mit den folgenden Features:
+- Cilium CNI (von Rancher)
+- Aktiviertes KubeProxyReplacement
+- Gateway API Support
+
+## Voraussetzungen
+
+
+Folgende Tools werden benötigt:
+- Terraform v1.5.0 oder höher
+- [Infisical CLI](https://infisical.com/docs/cli/overview) (für Secrets Management)
+- Rancher CLI (für Kubeconfig-Erstellung)
+- kubectl (optional)
+
+Vor der ersten Verwendung muss eine kubeconfig-Datei erstellt werden:
+```bash
+./scripts/create_kubeconfig.sh <cluster-name> <umgebung>
+```
+
+## Cluster Management mit Workspaces
+
+Das Modul verwendet Terraform Workspaces für die Verwaltung verschiedener Cluster-Umgebungen. Jeder Workspace hat seinen eigenen State und spezifische Konfigurationen.
+
+### 1. Workspace Verwaltung
+
+Verfügbare Workspace-Befehle:
+```bash
+# Workspace erstellen
+terraform workspace new [dev|test|prod]
+
+# Workspace auswählen
+terraform workspace select [dev|test|prod]
+
+# Alle Workspaces anzeigen
+terraform workspace list
+
+# Aktuellen Workspace anzeigen
+terraform workspace show
+```
+
+### 2. Cluster Deployment
+
+Cluster erstellen oder aktualisieren:
+```bash
+# Workspace auswählen
+terraform workspace select [dev|test|prod]
+
+# Konfiguration prüfen
+terraform plan -var-file="cluster-configs/${terraform.workspace}.tfvars"
+
+# Cluster erstellen/aktualisieren
+terraform apply -var-file="cluster-configs/${terraform.workspace}.tfvars"
+```
+
+### 3. Cluster Entfernen
+
+Zum Löschen eines Clusters:
+```bash
+# Workspace auswählen
+terraform workspace select [dev|test|prod]
+
+# Cluster löschen
+terraform destroy -var-file="cluster-configs/${terraform.workspace}.tfvars"
+```
+
+### 4. State Management
+
+Jeder Workspace verwaltet seinen eigenen State in einem separaten Verzeichnis:
+```
+terraform.tfstate.d/
+├── dev/
+│   └── terraform.tfstate
+├── test/
+│   └── terraform.tfstate
+└── prod/
+    └── terraform.tfstate
+```
+
+
+## Cluster Konfigurationen
+
+Die Cluster werden je nach Workspace unterschiedlich konfiguriert:
+
+| Workspace | Beschreibung         | Nodes                                                        |
+|-----------|----------------------|--------------------------------------------------------------|
+| dev       | Entwicklungsumgebung | 1 All-in-One Node (4 CPU, 16GB RAM)                          |
+| test      | Testumgebung         | 1 Control-Plane (2 CPU, 4GB RAM) + 1 Worker (4 CPU, 8GB RAM) |
+| prod      | Produktionsumgebung  | 3 Control-Plane (2 CPU, 4GB RAM) + 2 Worker (4 CPU, 8GB RAM) |
+
+## Nach dem Deployment
+
+
+Nach erfolgreicher Cluster-Erstellung:
+
+1. Kubeconfig generieren:
+   ```bash
+   ./scripts/create_kubeconfig.sh ${terraform.workspace}
+   ```
+   Die Kubeconfig wird als `hnrx-${terraform.workspace}-kubeconfig` gespeichert.
+
+2. Gateway API CRDs installieren:
+   ```bash
+   # Kubeconfig verwenden
+   export KUBECONFIG=hnrx-${terraform.workspace}-kubeconfig
+   
+   # Gateway API CRDs installieren
+   kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.0.0/standard-install.yaml
+   ```
+
+
+---
+
+# Terraform Module Description
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name                                                                      | Version  |
+|---------------------------------------------------------------------------|----------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.0.0 |
+| <a name="requirement_infisical"></a> [infisical](#requirement\_infisical) | 0.15.21  |
+| <a name="requirement_rancher2"></a> [rancher2](#requirement\_rancher2)    | 7.3.2    |
+
+## Providers
+
+No providers.
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_rancher_cluster"></a> [rancher\_cluster](#module\_rancher\_cluster) | git::https://git.hnrx.net/terraform-modules/rancher-cluster.git | main |
+
+## Resources
+
+No resources.
+
+## Inputs
+
+| Name                                                                                                                 | Description                                       | Type     | Default                       | Required |
+|----------------------------------------------------------------------------------------------------------------------|---------------------------------------------------|----------|-------------------------------|:--------:|
+| <a name="input_cluster_kubernetes_version"></a> [cluster\_kubernetes\_version](#input\_cluster\_kubernetes\_version) | Kubernetes Version für die Cluster                | `string` | `"v1.32.5+rke2r1"`            |    no    |
+| <a name="input_cluster_vm_image"></a> [cluster\_vm\_image](#input\_cluster\_vm\_image)                               | Image für die VMs                                 | `string` | `"default/image-62xch"`       |    no    |
+| <a name="input_cluster_vm_network"></a> [cluster\_vm\_network](#input\_cluster\_vm\_network)                         | Netzwerk für die VMs                              | `string` | `"default/vmnetwork"`         |    no    |
+| <a name="input_harvester_cluster_name"></a> [harvester\_cluster\_name](#input\_harvester\_cluster\_name)             | Name des Harvester Clusters                       | `string` | `"c-g8zlv"`                   |    no    |
+| <a name="input_infisical_api_url"></a> [infisical\_api\_url](#input\_infisical\_api\_url)                            | Infisical API URL                                 | `string` | `"https://app.infisical.com"` |    no    |
+| <a name="input_infisical_client_id"></a> [infisical\_client\_id](#input\_infisical\_client\_id)                      | Infisical Client ID für die Authentifizierung     | `string` | n/a                           |   yes    |
+| <a name="input_infisical_client_secret"></a> [infisical\_client\_secret](#input\_infisical\_client\_secret)          | Infisical Client Secret für die Authentifizierung | `string` | n/a                           |   yes    |
+| <a name="input_infisical_environment"></a> [infisical\_environment](#input\_infisical\_environment)                  | Infisical Umgebung (z.B. dev, test, prod)         | `string` | `"dev"`                       |    no    |
+| <a name="input_infisical_project_id"></a> [infisical\_project\_id](#input\_infisical\_project\_id)                   | Infisical Projekt ID                              | `string` | n/a                           |   yes    |
+| <a name="input_rancher2_api_url"></a> [rancher2\_api\_url](#input\_rancher2\_api\_url)                               | Rancher API URL                                   | `string` | n/a                           |   yes    |
+| <a name="input_rancher2_insecure"></a> [rancher2\_insecure](#input\_rancher2\_insecure)                              | SSL-Verifizierung für Rancher API überspringen    | `bool`   | `false`                       |    no    |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_cluster"></a> [cluster](#output\_cluster) | Details des Clusters |
+
+<!-- END_TF_DOCS -->
\ No newline at end of file
diff --git a/cluster-configs/dev.tfvars b/cluster-configs/dev.tfvars
new file mode 100644
index 0000000..9e46ee1
--- /dev/null
+++ b/cluster-configs/dev.tfvars
@@ -0,0 +1,7 @@
+# Dev Cluster Konfiguration
+cluster_name = "hnrx"
+cluster_environment = "dev"
+cluster_kubernetes_version = "v1.32.5+rke2r1"
+cluster_vm_network = "default/vmnetwork"
+cluster_vm_image = "default/image-62xch"
+harvester_cluster_name = "c-g8zlv"
diff --git a/cluster-configs/prod.tfvars b/cluster-configs/prod.tfvars
new file mode 100644
index 0000000..9db7b67
--- /dev/null
+++ b/cluster-configs/prod.tfvars
@@ -0,0 +1,8 @@
+# Prod Cluster Konfiguration
+cluster_name = "hnrx"
+cluster_environment = "prod"
+cluster_kubernetes_version = "v1.32.5+rke2r1"
+cluster_vm_namespace = "hnrx-prod-cluster"
+cluster_vm_network = "default/vmnetwork"
+cluster_vm_image = "default/image-62xch"
+harvester_cluster_name = "c-g8zlv"
diff --git a/cluster-configs/test.tfvars b/cluster-configs/test.tfvars
new file mode 100644
index 0000000..b18e155
--- /dev/null
+++ b/cluster-configs/test.tfvars
@@ -0,0 +1,7 @@
+# Test Cluster Konfiguration
+cluster_name = "hnrx"
+cluster_environment = "test"
+cluster_kubernetes_version = "v1.32.5+rke2r1"
+cluster_vm_network = "default/vmnetwork"
+cluster_vm_image = "default/image-62xch"
+harvester_cluster_name = "c-g8zlv"
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..346fb92
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,64 @@
+# Gemeinsame Variablen
+variable "cluster_kubernetes_version" {
+  description = "Kubernetes Version für die Cluster"
+  type        = string
+  default     = "v1.32.5+rke2r1"
+}
+
+variable "harvester_cluster_name" {
+  description = "Name des Harvester Clusters"
+  type        = string
+  default     = "c-g8zlv"
+}
+
+variable "cluster_vm_network" {
+  description = "Netzwerk für die VMs"
+  type        = string
+  default     = "default/vmnetwork"
+}
+
+variable "cluster_vm_image" {
+  description = "Image für die VMs"
+  type        = string
+  default     = "default/image-62xch"
+}
+
+variable "cluster_name" {
+  description = "Name des zu erstellenden Clusters"
+  type        = string
+  default     = "hnrx"
+}
+
+variable "cluster_environment" {
+  description = "Umgebung des zu erstellenden Clusters"
+  type        = string
+  default     = "hnrx"
+}
+
+# Rancher Cluster Modul
+module "rancher_cluster" {
+  source = "git::https://git.hnrx.net/terraform-modules/rancher-cluster.git?ref=main"
+
+  # Cluster Konfiguration aus Workspace
+  cluster_name               = var.cluster_name
+  cluster_environment        = terraform.workspace
+  cluster_kubernetes_version = var.cluster_kubernetes_version
+  
+  # Harvester Konfiguration
+  harvester_cluster_name = var.harvester_cluster_name
+  cluster_vm_namespace   = "hnrx-${var.cluster_environment}-cluster"
+  cluster_vm_network     = var.cluster_vm_network
+  cluster_vm_image       = var.cluster_vm_image
+}
+
+# Outputs
+output "cluster" {
+  description = "Details des Clusters"
+  value = {
+    id         = module.rancher_cluster.cluster_id
+    name       = module.rancher_cluster.cluster_name
+    kube_config = module.rancher_cluster.kube_config
+  }
+  sensitive = true
+}
+
diff --git a/providers.tf b/providers.tf
new file mode 100644
index 0000000..228da62
--- /dev/null
+++ b/providers.tf
@@ -0,0 +1,50 @@
+terraform {
+  required_providers {
+    infisical = {
+      source  = "infisical/infisical"
+      version = "0.15.21"
+    }
+    rancher2 = {
+      source  = "rancher/rancher2"
+      version = "7.3.2"
+    }
+  }
+}
+
+# Infisical Provider & Secrets
+provider "infisical" {
+  host = var.infisical_api_url
+  auth = {
+    universal = {
+      client_id     = var.infisical_client_id
+      client_secret = var.infisical_client_secret
+    }
+  }
+}
+
+ephemeral "infisical_secret" "rancher2_access_key" {
+  name         = "RANCHER2_ACCESS_KEY"
+  env_slug     = var.infisical_environment
+  workspace_id = var.infisical_project_id
+  folder_path  = "/"
+}
+
+ephemeral "infisical_secret" "rancher2_secret_key" {
+  name         = "RANCHER2_SECRET_KEY"
+  env_slug     = var.infisical_environment
+  workspace_id = var.infisical_project_id
+  folder_path  = "/"
+}
+
+# Rancher Provider
+provider "rancher2" {
+  api_url    = var.rancher2_api_url
+  access_key = ephemeral.infisical_secret.rancher2_access_key.value
+  secret_key = ephemeral.infisical_secret.rancher2_secret_key.value
+  insecure   = var.rancher2_insecure
+}
+
+
+
+
+
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..8b46e33
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,40 @@
+# Infisical Konfiguration
+variable "infisical_api_url" {
+  description = "Infisical API URL"
+  type        = string
+  default     = "https://app.infisical.com"
+}
+
+variable "infisical_client_id" {
+  description = "Infisical Client ID für die Authentifizierung"
+  type        = string
+}
+
+variable "infisical_client_secret" {
+  description = "Infisical Client Secret für die Authentifizierung"
+  type        = string
+  sensitive   = true
+}
+
+variable "infisical_project_id" {
+  description = "Infisical Projekt ID"
+  type        = string
+}
+
+variable "infisical_environment" {
+  description = "Infisical Umgebung (z.B. dev, test, prod)"
+  type        = string
+  default     = "dev"
+}
+
+# Rancher Provider Konfiguration
+variable "rancher2_api_url" {
+  description = "Rancher API URL"
+  type        = string
+}
+
+variable "rancher2_insecure" {
+  description = "SSL-Verifizierung für Rancher API überspringen"
+  type        = bool
+  default     = false
+}
diff --git a/versions.tf b/versions.tf
new file mode 100644
index 0000000..089a73f
--- /dev/null
+++ b/versions.tf
@@ -0,0 +1,7 @@
+terraform {
+  required_version = ">= 1.0.0"
+
+  backend "local" {
+    workspace_dir = "terraform.tfstate.d"
+  }
+}