Matthias Hinrichs
184 lines
4.9 KiB
Terraform
184 lines
4.9 KiB
Terraform
terraform {
|
|
required_providers {
|
|
rancher2 = {
|
|
source = "rancher/rancher2"
|
|
version = ">= 7.3.2"
|
|
}
|
|
}
|
|
}
|
|
|
|
locals {
|
|
env_config = {
|
|
dev = {
|
|
cluster_control_node_count = 0
|
|
cluster_worker_node_count = 0
|
|
cluster_all-in-one_node_count = 1
|
|
}
|
|
test = {
|
|
cluster_control_node_count = 1
|
|
cluster_worker_node_count = 1
|
|
cluster_all-in-one_node_count = 0
|
|
}
|
|
prod = {
|
|
cluster_control_node_count = 3
|
|
cluster_worker_node_count = 2
|
|
cluster_all-in-one_node_count = 0
|
|
}
|
|
}
|
|
}
|
|
|
|
data "rancher2_cluster_v2" "harvester" {
|
|
name = var.harvester_cluster_name
|
|
}
|
|
|
|
resource "rancher2_cloud_credential" "harvester" {
|
|
name = "${var.cluster_name}-${var.cluster_environment}-harvester"
|
|
harvester_credential_config {
|
|
cluster_id = data.rancher2_cluster_v2.harvester.cluster_v1_id
|
|
cluster_type = "imported"
|
|
kubeconfig_content = data.rancher2_cluster_v2.harvester.kube_config
|
|
}
|
|
}
|
|
|
|
resource "rancher2_machine_config_v2" "vm-large" {
|
|
generate_name = "${var.cluster_name}-large"
|
|
harvester_config {
|
|
vm_namespace = "hnrx-${var.cluster_environment}-cluster"
|
|
cpu_count = 2
|
|
memory_size = 4
|
|
disk_info = jsonencode({
|
|
disks = [{
|
|
imageName = var.cluster_vm_image
|
|
size = 75
|
|
bootOrder = 1
|
|
}]
|
|
})
|
|
network_info = jsonencode({
|
|
interfaces = [{
|
|
networkName = var.cluster_vm_network
|
|
}]
|
|
})
|
|
ssh_user = "opensuse"
|
|
}
|
|
}
|
|
|
|
resource "rancher2_machine_config_v2" "vm-xlarge" {
|
|
generate_name = "${var.cluster_name}-xlarge"
|
|
harvester_config {
|
|
vm_namespace = "hnrx-${var.cluster_environment}-cluster"
|
|
cpu_count = 4
|
|
memory_size = 8
|
|
disk_info = jsonencode({
|
|
disks = [{
|
|
imageName = var.cluster_vm_image
|
|
size = 100
|
|
bootOrder = 1
|
|
}]
|
|
})
|
|
network_info = jsonencode({
|
|
interfaces = [{
|
|
networkName = var.cluster_vm_network
|
|
}]
|
|
})
|
|
ssh_user = "opensuse"
|
|
}
|
|
}
|
|
|
|
resource "rancher2_machine_config_v2" "vm-xxlarge" {
|
|
generate_name = "${var.cluster_name}-xxlarge"
|
|
harvester_config {
|
|
vm_namespace = "hnrx-${var.cluster_environment}-cluster"
|
|
cpu_count = 4
|
|
memory_size = 16
|
|
disk_info = jsonencode({
|
|
disks = [{
|
|
imageName = var.cluster_vm_image
|
|
size = 100
|
|
bootOrder = 1
|
|
}]
|
|
})
|
|
network_info = jsonencode({
|
|
interfaces = [{
|
|
networkName = var.cluster_vm_network
|
|
}]
|
|
})
|
|
ssh_user = "opensuse"
|
|
}
|
|
}
|
|
|
|
resource "rancher2_cluster_v2" "cluster" {
|
|
name = "${var.cluster_name}-${var.cluster_environment}"
|
|
labels = {
|
|
"cluster-environment" = var.cluster_environment
|
|
"cluster-features/cni" = "cilium"
|
|
"cluster-features/gateway-api" = "true"
|
|
}
|
|
kubernetes_version = var.cluster_kubernetes_version
|
|
enable_network_policy = false
|
|
|
|
rke_config {
|
|
machine_pools {
|
|
name = "all-in-one"
|
|
cloud_credential_secret_name = rancher2_cloud_credential.harvester.id
|
|
control_plane_role = true
|
|
etcd_role = true
|
|
worker_role = true
|
|
quantity = local.env_config[var.cluster_environment].cluster_all-in-one_node_count
|
|
machine_config {
|
|
kind = rancher2_machine_config_v2.vm-xxlarge.kind
|
|
name = rancher2_machine_config_v2.vm-xxlarge.name
|
|
}
|
|
}
|
|
machine_pools {
|
|
name = "control-plane"
|
|
cloud_credential_secret_name = rancher2_cloud_credential.harvester.id
|
|
control_plane_role = true
|
|
etcd_role = true
|
|
worker_role = false
|
|
quantity = local.env_config[var.cluster_environment].cluster_control_node_count
|
|
machine_config {
|
|
kind = rancher2_machine_config_v2.vm-large.kind
|
|
name = rancher2_machine_config_v2.vm-large.name
|
|
}
|
|
}
|
|
machine_pools {
|
|
name = "worker"
|
|
cloud_credential_secret_name = rancher2_cloud_credential.harvester.id
|
|
control_plane_role = false
|
|
etcd_role = false
|
|
worker_role = true
|
|
quantity = local.env_config[var.cluster_environment].cluster_worker_node_count
|
|
machine_config {
|
|
kind = rancher2_machine_config_v2.vm-xlarge.kind
|
|
name = rancher2_machine_config_v2.vm-xlarge.name
|
|
}
|
|
}
|
|
|
|
machine_selector_config {
|
|
config = yamlencode({
|
|
cloud-provider-name = "harvester"
|
|
cloud-provider-config = file("${path.root}/${var.cluster_name}-${var.cluster_environment}-kubeconfig")
|
|
})
|
|
}
|
|
|
|
machine_global_config = yamlencode({
|
|
cni = "cilium"
|
|
disable-kube-proxy = true
|
|
})
|
|
|
|
chart_values = <<EOF
|
|
rke2-cilium:
|
|
kubeProxyReplacement: true
|
|
k8sServiceHost: 127.0.0.1
|
|
k8sServicePort: '6443'
|
|
gatewayAPI:
|
|
enabled: true
|
|
operator:
|
|
replicas: ${local.env_config[var.cluster_environment].cluster_all-in-one_node_count + local.env_config[var.cluster_environment].cluster_control_node_count}
|
|
harvester-cloud-provider:
|
|
clusterName: ${var.cluster_name}-${var.cluster_environment}
|
|
cloudConfigPath: /var/lib/rancher/rke2/etc/config-files/cloud-provider-config
|
|
EOF
|
|
}
|
|
}
|