Merge pull request #1 from edgefarm/initial

Inital Setup
edgefarm · Apr 16, 2022 · 0a4cdfd · 0a4cdfd
2 parents 9b9c71f + 68e60f8
commit 0a4cdfd
Show file tree

Hide file tree

Showing 13 changed files with 313 additions and 1 deletion.
diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml
@@ -0,0 +1,13 @@
+name: Lint Commit Messages
+on:
+  pull_request:
+    branches:
+      - "**"
+jobs:
+  commitlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - uses: wagoid/commitlint-github-action@v4
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,20 @@
+name: Release
+on:
+  push:
+    branches:
+      - main
+      - beta
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: npx semantic-release
diff --git a/.gitignore b/.gitignore
@@ -27,3 +27,10 @@ override.tf.json
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
+
+.terraform.lock.hcl
+
+# node
+node_modules
+package-lock.json
+package.json
diff --git a/.mdl_style.rb b/.mdl_style.rb
@@ -0,0 +1,3 @@
+all
+
+rule 'MD013', :line_length => 120
diff --git a/.mdlrc b/.mdlrc
@@ -0,0 +1 @@
+style '.mdl_style.rb'
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,46 @@
+repos:
+  # general stuff
+  - repo: git://github.com/pre-commit/pre-commit-hooks
+    rev: v4.0.1
+    hooks:
+      # Git style
+      - id: check-added-large-files
+      - id: check-merge-conflict
+      - id: check-vcs-permalinks
+      - id: forbid-new-submodules
+      - id: no-commit-to-branch
+
+      # Common errors
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+        args: [--markdown-linebreak-ext=md]
+      - id: check-yaml
+      - id: check-merge-conflict
+      - id: check-executables-have-shebangs
+
+      # Cross platform
+      - id: check-case-conflict
+      - id: mixed-line-ending
+        args: [--fix=lf]
+
+  # markdown
+  - repo: https://github.com/markdownlint/markdownlint.git
+    rev: master
+    hooks:
+      - id: markdownlint_docker
+        args: [--style=markdownlint.rb]
+
+  # security scans for infrastructure
+  - repo: https://github.com/bridgecrewio/checkov.git
+    rev: "2.0.1037"
+    hooks:
+      - id: checkov
+
+  # scanning for terraform issues
+  - repo: git://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.50.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_validate
+      - id: terraform_docs
+      - id: terraform_tfsec
diff --git a/.releaserc.yaml b/.releaserc.yaml
@@ -0,0 +1,8 @@
+branches:
+  - name: "main"
+  - name: "beta"
+    prerelease: true
+plugins:
+  - "@semantic-release/commit-analyzer"
+  - "@semantic-release/release-notes-generator"
+  - "@semantic-release/github"
diff --git a/README.md b/README.md
@@ -1,2 +1,26 @@
 # terraform-rancher-hcloud
-terraform module to setup rancher on hetzner hcloud
+
+terraform module to setup rancher(ha) on hetzner hcloud.
+
+This project is highly inspired by [alexzimmer96/rancher-hcloud](https://github.com/alexzimmer96/rancher-hcloud),
+but separates the setup of the rke cluster from the helm based rancher setup, because of flexibility and k8s best practices.
+
+The rke-hcloud terraform module can be found [here](https://github.com/edgefarm/terraform-rke-hcloud).
+
+## example
+
+Go to example folder, adjust main.tf and run:
+
+```bash
+terraform init
+terraform apply
+```
+
+After the commands have been executed (takes a view minutes),
+
+Test your cluster:
+
+```bash
+export KUBECONFIG=$(realpath ./kubeconfig.yaml)
+kubectl get po --all-namespaces
+```
diff --git a/example/main.tf b/example/main.tf
@@ -0,0 +1,11 @@
+module "rancher_init" {
+  source                    = "../"
+  letsencrypt_issuer        = "youremail@address.com"
+  rancher_admin_password    = "" # INSERT YOUR SUPER SECRET PASS HERE
+  rancher_hostname          = "INSERT YOUR HOSTNAME HERE"
+  lb_address                = "INSERT YOUR HCLOUD LB ADDRESS HERE"
+  kubernetes_api_server_url = "INSERT YOUR API SERVER URL HERE "
+  kubernetes_client_cert    = "INSERT YOUR CLIENT CERT HERE"
+  kubernetes_client_key     = "INSERT YOUR CLIENT KEY HERE"
+  kubernetes_ca_crt         = "INSERT YOUR CA CERT HERE"
+}
diff --git a/main.tf b/main.tf
@@ -0,0 +1,118 @@
+terraform {
+  required_providers {
+    helm = {
+      source  = "hashicorp/helm"
+      version = "2.3.0"
+    }
+    rancher2 = {
+      source  = "rancher/rancher2"
+      version = "1.17.2"
+    }
+  }
+}
+
+provider "helm" {
+  kubernetes {
+    host                   = var.kubernetes_api_server_url
+    client_certificate     = var.kubernetes_client_cert
+    client_key             = var.kubernetes_client_key
+    cluster_ca_certificate = var.kubernetes_ca_crt
+  }
+}
+
+provider "rancher2" {
+  alias     = "bootstrap"
+  api_url   = local.rancher_hosturl
+  bootstrap = true
+  insecure  = true
+}
+
+provider "rancher2" {
+  alias     = "admin"
+  api_url   = local.rancher_hosturl
+  token_key = rancher2_bootstrap.setup_admin.token
+  insecure  = true
+}
+
+locals {
+  rancher_hosturl  = var.rancher_hostname != null ? "https://${var.rancher_hostname}" : "https://rancher.${var.lb_address}.nip.io"
+  rancher_hostname = var.rancher_hostname != null ? "${var.rancher_hostname}" : "rancher.${var.lb_address}.nip.io"
+}
+
+resource "helm_release" "cert_manager" {
+  name       = "cert-manager"
+  namespace  = "cert-manager"
+  repository = "https://charts.jetstack.io"
+  chart      = "cert-manager"
+  version    = var.cert_manager_version
+
+  wait             = true
+  create_namespace = true
+  force_update     = true
+  replace          = true
+
+  set {
+    name  = "installCRDs"
+    value = true
+  }
+}
+
+resource "helm_release" "rancher" {
+  name       = "rancher"
+  namespace  = "cattle-system"
+  chart      = "rancher"
+  repository = "https://releases.rancher.com/server-charts/stable"
+  version    = var.rancher_version
+  depends_on = [helm_release.cert_manager]
+
+  wait             = true
+  create_namespace = true
+  force_update     = true
+  replace          = true
+
+  set {
+    name  = "hostname"
+    value = local.rancher_hostname
+  }
+
+  set {
+    name  = "ingress.tls.source"
+    value = "letsEncrypt"
+  }
+
+  set {
+    name  = "letsEncrypt.email"
+    value = var.letsencrypt_issuer
+  }
+
+  set {
+    name  = "bootstrapPassword"
+    value = var.rancher_admin_password
+  }
+}
+
+resource "rancher2_bootstrap" "setup_admin" {
+  provider         = rancher2.bootstrap
+  password         = var.rancher_admin_password
+  current_password = var.rancher_admin_password
+  telemetry        = true
+  depends_on       = [helm_release.rancher]
+}
+
+resource "rancher2_node_driver" "hetzner_node_driver" {
+  provider          = rancher2.admin
+  active            = true
+  builtin           = false
+  name              = "Hetzner"
+  ui_url            = "https://storage.googleapis.com/hcloud-rancher-v2-ui-driver/component.js"
+  url               = "https://github.com/JonasProgrammer/docker-machine-driver-hetzner/releases/download/3.3.1/docker-machine-driver-hetzner_3.3.1_linux_amd64.tar.gz"
+  whitelist_domains = ["storage.googleapis.com"]
+}
+
+output "rancher_admin_token" {
+  value = rancher2_bootstrap.setup_admin.token
+}
+
+output "hetzner_driver_id" {
+  value = rancher2_node_driver.hetzner_node_driver.id
+}
diff --git a/markdownlint.rb b/markdownlint.rb
@@ -0,0 +1,3 @@
+all
+exclude_rule  'MD013'
+exclude_rule  'MD033'
diff --git a/outputs.tf b/outputs.tf
@@ -0,0 +1,4 @@
+output "rancher_url" {
+  description = "url via which rancher can be accessed."
+  value       = local.rancher_hosturl
+}
diff --git a/variables.tf b/variables.tf
@@ -0,0 +1,54 @@
+variable "cert_manager_version" {
+  type        = string
+  description = "cert-manager version."
+  default     = "1.5.3"
+}
+
+variable "rancher_version" {
+  type        = string
+  description = "rancher version."
+  default     = "latest"
+}
+
+variable "letsencrypt_issuer" {
+  type = string
+}
+
+variable "rancher_hostname" {
+  type        = string
+  description = "Rancher hostname, defaults to 'https://rancher.YOUR_LB_ADDRESS.nip.io"
+}
+
+variable "rancher_admin_password" {
+  type        = string
+  description = "Rancher password to set for admin user."
+  sensitive   = true
+}
+
+variable "lb_address" {
+  type        = string
+  description = "Hetzner loadbalancer address."
+}
+
+variable "kubernetes_api_server_url" {
+  type        = string
+  description = "Kubernetes cluster api server url where rancher will be installed."
+}
+
+variable "kubernetes_client_cert" {
+  type        = string
+  description = "Kubernets cluster client certificate."
+  sensitive   = true
+}
+
+variable "kubernetes_client_key" {
+  type        = string
+  description = "Kubernets cluster client key."
+  sensitive   = true
+}
+
+variable "kubernetes_ca_crt" {
+  type        = string
+  description = "Kubernets cluster ca certificate."
+  sensitive   = true
+}