commit cf7ab67255b1af975d90d2592fd2c016a013ea87
Author: Matthias Hinrichs <matthias.hinrichs@sbb.ch>
Date:   Wed Jul 16 23:49:03 2025 +0200

    initial commit

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..278f033
--- /dev/null
+++ b/README.md
@@ -0,0 +1,71 @@
+# Rancher Kubernetes Cluster Module
+
+Dieses Terraform-Modul erstellt einen verwalteten Kubernetes-Cluster in Rancher mit Harvester als Infrastrukturprovider.
+
+## Features
+
+- Unterstützt drei Umgebungen (dev, test, prod) mit unterschiedlichen Node-Konfigurationen
+- Automatische Konfiguration von Cilium als CNI
+- Gateway API Integration
+- Flexible VM-Größen (large, xlarge, xxlarge)
+
+## Verwendung
+
+```hcl
+module "rancher_cluster" {
+  source = "./modules/rancher-cluster"
+
+  # Rancher Konfiguration
+  rancher2_api_url    = "https://rancher.example.com"
+  rancher2_access_key = "access-key"
+  rancher2_secret_key = "secret-key"
+  
+  # Cluster Konfiguration
+  cluster_name              = "mein-cluster"
+  cluster_environment       = "dev"  # Mögliche Werte: dev, test, prod
+  cluster_kubernetes_version = "v1.32.5+rke2r1"
+  
+  # Harvester Konfiguration
+  harvester_cluster_name = "c-xxxxx"
+  cluster_vm_namespace   = "default"
+  cluster_vm_network    = "default/vmnetwork"
+  cluster_vm_image      = "default/image-xxxxx"
+}
+```
+
+## Inputs
+
+| Name | Beschreibung | Typ | Erforderlich |
+|------|-------------|-----|-------------|
+| rancher2_api_url | Rancher API URL | string | ja |
+| rancher2_access_key | Rancher Access Key | string | ja |
+| rancher2_secret_key | Rancher Secret Key | string | ja |
+| rancher2_insecure | TLS-Verifizierung überspringen | bool | nein (default: false) |
+| cluster_name | Name des zu erstellenden Clusters | string | ja |
+| cluster_environment | Umgebung (dev/test/prod) | string | ja |
+| cluster_kubernetes_version | Kubernetes Version | string | ja |
+| harvester_cluster_name | Name des Harvester Clusters | string | ja |
+| cluster_vm_namespace | Namespace für VMs | string | ja |
+| cluster_vm_network | Netzwerk für VMs | string | ja |
+| cluster_vm_image | VM Image | string | ja |
+
+## Outputs
+
+| Name | Beschreibung |
+|------|-------------|
+| cluster_id | ID des erstellten Clusters |
+| cluster_name | Name des erstellten Clusters |
+| kube_config | Kubeconfig für den Cluster (sensitiv) |
+
+## Node-Konfigurationen nach Umgebung
+
+### Dev
+- 1 All-in-One Node (xxlarge)
+
+### Test
+- 1 Control-Plane Node (large)
+- 1 Worker Node (xlarge)
+
+### Prod
+- 3 Control-Plane Nodes (large)
+- 2 Worker Nodes (xlarge)
diff --git a/main.tf b/main.tf
new file mode 100644
index 0000000..d4e5415
--- /dev/null
+++ b/main.tf
@@ -0,0 +1,183 @@
+terraform {
+  required_providers {
+    rancher2 = {
+      source  = "rancher/rancher2"
+      version = ">= 7.3.2"
+    }
+  }
+}
+
+locals {
+  env_config = {
+    dev = {
+      cluster_control_node_count = 0
+      cluster_worker_node_count  = 0
+      cluster_all-in-one_node_count = 1
+    }
+    test = {
+      cluster_control_node_count = 1
+      cluster_worker_node_count  = 1
+      cluster_all-in-one_node_count = 0
+    }
+    prod = {
+      cluster_control_node_count = 3
+      cluster_worker_node_count  = 2
+      cluster_all-in-one_node_count = 0
+    }
+  }
+}
+
+data "rancher2_cluster_v2" "harvester" {
+  name = var.harvester_cluster_name
+}
+
+resource "rancher2_cloud_credential" "harvester" {
+  name = "${var.cluster_name}-${var.cluster_environment}-harvester"
+  harvester_credential_config {
+    cluster_id = data.rancher2_cluster_v2.harvester.cluster_v1_id
+    cluster_type = "imported"
+    kubeconfig_content = data.rancher2_cluster_v2.harvester.kube_config
+  }
+}
+
+resource "rancher2_machine_config_v2" "vm-large" {
+  generate_name = "${var.cluster_name}-large"
+  harvester_config {
+    vm_namespace = "hnrx-${var.cluster_environment}-cluster" 
+    cpu_count = 2
+    memory_size = 4
+    disk_info =  jsonencode({
+      disks = [{
+        imageName = var.cluster_vm_image
+        size = 75
+        bootOrder = 1
+      }]
+    })
+    network_info = jsonencode({
+      interfaces = [{
+        networkName = var.cluster_vm_network
+      }]
+    })
+    ssh_user = "opensuse"
+  }
+}
+
+resource "rancher2_machine_config_v2" "vm-xlarge" {
+  generate_name = "${var.cluster_name}-xlarge"
+  harvester_config {
+    vm_namespace = "hnrx-${var.cluster_environment}-cluster" 
+    cpu_count = 4
+    memory_size = 8
+    disk_info = jsonencode({
+      disks = [{
+        imageName = var.cluster_vm_image
+        size = 100
+        bootOrder = 1
+      }]
+    })
+    network_info = jsonencode({
+      interfaces = [{
+        networkName = var.cluster_vm_network
+      }]
+    })
+    ssh_user = "opensuse"
+  }
+}
+
+resource "rancher2_machine_config_v2" "vm-xxlarge" {
+  generate_name = "${var.cluster_name}-xxlarge"
+  harvester_config {
+    vm_namespace = "hnrx-${var.cluster_environment}-cluster" 
+    cpu_count = 4
+    memory_size = 16
+    disk_info = jsonencode({
+      disks = [{
+        imageName = var.cluster_vm_image
+        size = 100
+        bootOrder = 1
+      }]
+    })
+    network_info = jsonencode({
+      interfaces = [{
+        networkName = var.cluster_vm_network
+      }]
+    })
+    ssh_user = "opensuse"
+  }
+}
+
+resource "rancher2_cluster_v2" "cluster" {
+  name = "${var.cluster_name}-${var.cluster_environment}"
+  labels = {
+    "cluster-environment" = var.cluster_environment
+    "cluster-features/cni" = "cilium"
+    "cluster-features/gateway-api" = "true"
+  }
+  kubernetes_version = var.cluster_kubernetes_version
+  enable_network_policy = false
+  
+  rke_config {
+    machine_pools {
+      name = "all-in-one"
+      cloud_credential_secret_name = rancher2_cloud_credential.harvester.id
+      control_plane_role = true
+      etcd_role = true
+      worker_role = true
+      quantity = local.env_config[var.cluster_environment].cluster_all-in-one_node_count
+      machine_config {
+        kind = rancher2_machine_config_v2.vm-xxlarge.kind
+        name = rancher2_machine_config_v2.vm-xxlarge.name
+      }
+    }
+    machine_pools {
+      name = "control-plane"
+      cloud_credential_secret_name = rancher2_cloud_credential.harvester.id
+      control_plane_role = true
+      etcd_role = true
+      worker_role = false
+      quantity = local.env_config[var.cluster_environment].cluster_control_node_count
+      machine_config {
+        kind = rancher2_machine_config_v2.vm-large.kind
+        name = rancher2_machine_config_v2.vm-large.name
+      }
+    }
+    machine_pools {
+      name = "worker"
+      cloud_credential_secret_name = rancher2_cloud_credential.harvester.id
+      control_plane_role = false
+      etcd_role = false
+      worker_role = true
+      quantity = local.env_config[var.cluster_environment].cluster_worker_node_count
+      machine_config {
+        kind = rancher2_machine_config_v2.vm-xlarge.kind
+        name = rancher2_machine_config_v2.vm-xlarge.name
+      }
+    }
+
+    machine_selector_config {
+      config = yamlencode({
+        cloud-provider-name = "harvester"
+        cloud-provider-config = "${var.cluster_name}-${var.cluster_environment}-kubeconfig"
+      })
+    }
+
+    machine_global_config = yamlencode({
+      cni = "cilium"
+      disable-kube-proxy = true
+    })
+
+    chart_values = <<EOF
+rke2-cilium:
+  kubeProxyReplacement: true
+  k8sServiceHost: 127.0.0.1
+  k8sServicePort: '6443'
+  gatewayAPI:
+    enabled: true
+  operator:
+    replicas: ${local.env_config[var.cluster_environment].cluster_all-in-one_node_count + local.env_config[var.cluster_environment].cluster_control_node_count}
+harvester-cloud-provider:
+  clusterName: ${var.cluster_name}-${var.cluster_environment}
+  cloudConfigPath: /var/lib/rancher/rke2/etc/config-files/cloud-provider-config
+EOF
+  }
+}
diff --git a/outputs.tf b/outputs.tf
new file mode 100644
index 0000000..102e4ff
--- /dev/null
+++ b/outputs.tf
@@ -0,0 +1,15 @@
+output "cluster_id" {
+  description = "The ID of the created cluster"
+  value       = rancher2_cluster_v2.cluster.id
+}
+
+output "cluster_name" {
+  description = "The name of the created cluster"
+  value       = rancher2_cluster_v2.cluster.name
+}
+
+output "kube_config" {
+  description = "Kubeconfig for the created cluster"
+  value       = rancher2_cluster_v2.cluster.kube_config
+  sensitive   = true
+}
diff --git a/variables.tf b/variables.tf
new file mode 100644
index 0000000..c1e9e67
--- /dev/null
+++ b/variables.tf
@@ -0,0 +1,40 @@
+# Cluster Basis-Konfiguration
+variable "cluster_name" {
+  description = "Name des zu erstellenden Clusters"
+  type        = string
+}
+
+variable "cluster_environment" {
+  description = "Umgebung des Clusters (dev/test/prod)"
+  type        = string
+  validation {
+    condition     = contains(["dev", "test", "prod"], var.cluster_environment)
+    error_message = "Erlaubte Werte für cluster_environment sind: dev, test, prod"
+  }
+}
+
+variable "cluster_kubernetes_version" {
+  description = "Kubernetes Version für den Cluster"
+  type        = string
+}
+
+# Harvester-spezifische Konfiguration
+variable "harvester_cluster_name" {
+  description = "Name des Harvester Clusters (z.B. 'c-bhq26')"
+  type        = string
+}
+
+variable "cluster_vm_namespace" {
+  description = "Namespace für die VMs im Cluster"
+  type        = string
+}
+
+variable "cluster_vm_network" {
+  description = "Netzwerk für die VMs"
+  type        = string
+}
+
+variable "cluster_vm_image" {
+  description = "Image für die VMs"
+  type        = string
+}