Merge pull request #1 from edgefarm/initial

Inital Setup

.github/workflows/commitlint.yml

@@ -0,0 +1,13 @@
+name: Lint Commit Messages
+on:
+  pull_request:
+    branches:
+      - "**"
+jobs:
+  commitlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - uses: wagoid/commitlint-github-action@v4

.github/workflows/release.yml

@@ -0,0 +1,20 @@
+name: Release
+on:
+  push:
+    branches:
+      - main
+      - beta
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: npx semantic-release

.gitignore

@@ -8,6 +8,9 @@
 # Crash log files
 crash.log
 
+# Locks
+.terraform.lock.hcl
+
 # Ignore any .tfvars files that are generated automatically for each Terraform run. Most
 # .tfvars files are managed as part of configuration and so should be included in
 # version control.
@@ -27,3 +30,12 @@ override.tf.json
 
 # Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
 # example: *tfplan*
+
+# generated kubeconfig
+kubeconfig.yaml
+
+
+# node
+node_modules
+package-lock.json
+package.json

.mdl_style.rb

@@ -0,0 +1,3 @@
+all
+
+rule 'MD013', :line_length => 120

.mdlrc

@@ -0,0 +1 @@
+style '.mdl_style.rb'

.pre-commit-config.yaml

@@ -0,0 +1,46 @@
+repos:
+  # general stuff
+  - repo: git://github.com/pre-commit/pre-commit-hooks
+    rev: v4.0.1
+    hooks:
+      # Git style
+      - id: check-added-large-files
+      - id: check-merge-conflict
+      - id: check-vcs-permalinks
+      - id: forbid-new-submodules
+      - id: no-commit-to-branch
+
+      # Common errors
+      - id: end-of-file-fixer
+      - id: trailing-whitespace
+        args: [--markdown-linebreak-ext=md]
+      - id: check-yaml
+      - id: check-merge-conflict
+      - id: check-executables-have-shebangs
+
+      # Cross platform
+      - id: check-case-conflict
+      - id: mixed-line-ending
+        args: [--fix=lf]
+
+  # markdown
+  - repo: https://github.com/markdownlint/markdownlint.git
+    rev: master
+    hooks:
+      - id: markdownlint_docker
+        args: [--style=markdownlint.rb]
+
+  # security scans for infrastructure
+  - repo: https://github.com/bridgecrewio/checkov.git
+    rev: "2.0.1037"
+    hooks:
+      - id: checkov
+
+  # scanning for terraform issues
+  - repo: git://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.50.0
+    hooks:
+      - id: terraform_fmt
+      - id: terraform_validate
+      - id: terraform_docs
+      - id: terraform_tfsec

.releaserc.yaml

@@ -0,0 +1,8 @@
+branches:
+  - name: "main"
+  - name: "beta"
+    prerelease: true
+plugins:
+  - "@semantic-release/commit-analyzer"
+  - "@semantic-release/release-notes-generator"
+  - "@semantic-release/github"

README.md

@@ -1,2 +1,94 @@
 # terraform-rke-hcloud
-terraform module to setup rke on hetzner hcloud
+
+terraform module to setup rke(ha) on hetzner hcloud.
+
+This project is highly inspired by [alexzimmer96/rancher-hcloud](https://github.com/alexzimmer96/rancher-hcloud),
+but separates the setup of the rke cluster from the helm based rancher setup,
+because of flexibility and k8s best practices.
+
+The rancher-hcloud terraform module can be found
+[here](https://github.com/edgefarm/terraform-rancher-hcloud).
+
+## example
+
+Go to example folder, adjust main.tf and run:
+
+```bash
+terraform init
+terraform apply
+```
+
+After the commands have been executed (takes a few minutes), there should be
+a `kubeconfig.yaml` in the local directory, which can be used to access the
+cluster.
+
+Test your cluster:
+
+```bash
+export KUBECONFIG=$(realpath ./kubeconfig.yaml)
+kubectl get po --all-namespaces
+```
+
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_hcloud"></a> [hcloud](#requirement\_hcloud) | 1.31.0 |
+| <a name="requirement_rke"></a> [rke](#requirement\_rke) | 1.2.3 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_hcloud"></a> [hcloud](#provider\_hcloud) | 1.31.0 |
+| <a name="provider_local"></a> [local](#provider\_local) | 2.1.0 |
+| <a name="provider_rke"></a> [rke](#provider\_rke) | 1.2.3 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [hcloud_load_balancer.rke_lb](https://registry.terraform.io/providers/hetznercloud/hcloud/1.31.0/docs/resources/load_balancer) | resource |
+| [hcloud_load_balancer_network.rke_lb_network_registration](https://registry.terraform.io/providers/hetznercloud/hcloud/1.31.0/docs/resources/load_balancer_network) | resource |
+| [hcloud_load_balancer_service.rke_lb_http_service](https://registry.terraform.io/providers/hetznercloud/hcloud/1.31.0/docs/resources/load_balancer_service) | resource |
+| [hcloud_load_balancer_service.rke_lb_https_service](https://registry.terraform.io/providers/hetznercloud/hcloud/1.31.0/docs/resources/load_balancer_service) | resource |
+| [hcloud_load_balancer_service.rke_lb_k8s_service](https://registry.terraform.io/providers/hetznercloud/hcloud/1.31.0/docs/resources/load_balancer_service) | resource |
+| [hcloud_load_balancer_target.rke_lb_targets](https://registry.terraform.io/providers/hetznercloud/hcloud/1.31.0/docs/resources/load_balancer_target) | resource |
+| [hcloud_network.kubernetes_internal_network](https://registry.terraform.io/providers/hetznercloud/hcloud/1.31.0/docs/resources/network) | resource |
+| [hcloud_network_subnet.rke_subnet](https://registry.terraform.io/providers/hetznercloud/hcloud/1.31.0/docs/resources/network_subnet) | resource |
+| [hcloud_server.rke_nodes](https://registry.terraform.io/providers/hetznercloud/hcloud/1.31.0/docs/resources/server) | resource |
+| [hcloud_server_network.rancher_node_subnet_registration](https://registry.terraform.io/providers/hetznercloud/hcloud/1.31.0/docs/resources/server_network) | resource |
+| [hcloud_ssh_key.rke_ssh_key](https://registry.terraform.io/providers/hetznercloud/hcloud/1.31.0/docs/resources/ssh_key) | resource |
+| [local_file.kube_config_server_yaml](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource |
+| [rke_cluster.rke_cluster](https://registry.terraform.io/providers/rancher/rke/1.2.3/docs/resources/cluster) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_hcloud_secret"></a> [hcloud\_secret](#input\_hcloud\_secret) | The token that is used to interact with the Hetzner Cloud API. | `string` | n/a | yes |
+| <a name="input_hcloud_ssh_key_private"></a> [hcloud\_ssh\_key\_private](#input\_hcloud\_ssh\_key\_private) | ssh private key you want to use register on your Hetzner Cloud machines. | `string` | n/a | yes |
+| <a name="input_hcloud_ssh_key_public"></a> [hcloud\_ssh\_key\_public](#input\_hcloud\_ssh\_key\_public) | ssh public key you want to use register on your Hetzner Cloud machines. | `string` | n/a | yes |
+| <a name="input_instance_count"></a> [instance\_count](#input\_instance\_count) | Number of instances that will be deployed. Should be a odd number (1, 3, 5, etc.). | `number` | `3` | no |
+| <a name="input_instance_prefix"></a> [instance\_prefix](#input\_instance\_prefix) | The prefix that comes before the index-value to form the name of the machine. | `string` | `"rke"` | no |
+| <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | Hetzner instance type that is used for the machines. You can use the Hetzner Cloud CLI or browse their website to get a list of valid instance types. | `string` | `"cx11"` | no |
+| <a name="input_instance_zones"></a> [instance\_zones](#input\_instance\_zones) | All zones over which the nodes are distributed. | `list(string)` | <pre>[<br>  "nbg1",<br>  "fsn1",<br>  "hel1"<br>]</pre> | no |
+| <a name="input_lb_location"></a> [lb\_location](#input\_lb\_location) | Location of the Load Balancer. | `string` | `"nbg1"` | no |
+| <a name="input_lb_name"></a> [lb\_name](#input\_lb\_name) | Name of the Load Balancer that is placed in front of your instaces. | `string` | `"rke-lb"` | no |
+| <a name="input_lb_type"></a> [lb\_type](#input\_lb\_type) | Hetzner Load Balancer type. You can use the Hetzner Cloud CLI or browse their website to get a list of valid instance types. | `string` | `"lb11"` | no |
+| <a name="input_private_network_name"></a> [private\_network\_name](#input\_private\_network\_name) | Name of the private network that is created for your nodes. | `string` | `"kubernetes-internal"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_kube_config_yaml"></a> [kube\_config\_yaml](#output\_kube\_config\_yaml) | RKE k8s cluster kube config yaml |
+| <a name="output_kubernetes_api_server_url"></a> [kubernetes\_api\_server\_url](#output\_kubernetes\_api\_server\_url) | RKE k8s cluster api server url |
+| <a name="output_kubernetes_ca_crt"></a> [kubernetes\_ca\_crt](#output\_kubernetes\_ca\_crt) | RKE k8s cluster CA certificate |
+| <a name="output_kubernetes_client_cert"></a> [kubernetes\_client\_cert](#output\_kubernetes\_client\_cert) | RKE k8s cluster client certificate |
+| <a name="output_kubernetes_client_key"></a> [kubernetes\_client\_key](#output\_kubernetes\_client\_key) | RKE k8s cluster client key |
+| <a name="output_lb_address"></a> [lb\_address](#output\_lb\_address) | HCloud loadbalancer address |

example/main.tf

@@ -0,0 +1,49 @@
+module "cluster_init" {
+  source                 = "../"
+  hcloud_secret          = "" # INSERT YOUR TOKEN HERE
+  hcloud_ssh_key_public  = "" # INSERT YOUR PUBLIC SSH KEY HERE
+  hcloud_ssh_key_private = "" # INSERT YOUR PRIVATE SHH KEY HERE
+  instance_count         = 2
+  instance_prefix        = "rke-cluster"
+  instance_type          = "cx31"
+  instance_zones         = ["nbg1", "hel1"]
+  lb_location            = "nbg1"
+  lb_name                = "rke-cluster-lb"
+  lb_type                = "lb11"
+  private_network_name   = "kubernetes-internal"
+}
+
+output "kubeconfig" {
+  value       = module.cluster_init.kube_config_yaml
+  sensitive   = true
+  description = "rke cluster kubeconfig"
+}
+
+output "kubernetes_api_server_url" {
+  description = "RKE k8s cluster api server url"
+  value       = module.cluster_init.kubernetes_api_server_url
+}
+
+output "kubernetes_client_cert" {
+  description = "RKE k8s cluster client certificate"
+  value       = module.cluster_init.kubernetes_client_cert
+  sensitive   = true
+}
+
+output "kubernetes_client_key" {
+  description = "RKE k8s cluster client key"
+  value       = module.cluster_init.kubernetes_client_key
+  sensitive   = true
+}
+
+output "kubernetes_ca_crt" {
+  description = "RKE k8s cluster CA certificate"
+  value       = module.cluster_init.kubernetes_ca_crt
+  sensitive   = true
+}
+
+
+output "lb_address" {
+  description = "HCloud loadbalancer address"
+  value       = module.cluster_init.lb_address
+}

main.tf

@@ -0,0 +1,16 @@
+terraform {
+  required_providers {
+    hcloud = {
+      source  = "hetznercloud/hcloud"
+      version = "1.33.1"
+    }
+    rke = {
+      source  = "rancher/rke"
+      version = "1.3.0"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = "3.3.0"
+    }
+  }
+}

markdownlint.rb

@@ -0,0 +1,3 @@
+all
+exclude_rule  'MD013'
+exclude_rule  'MD033'

outputs.tf

@@ -0,0 +1,43 @@
+output "kubernetes_api_server_url" {
+  description = "RKE k8s cluster api server url"
+  value       = rke_cluster.rke_cluster.api_server_url
+}
+
+output "kubernetes_client_cert" {
+  description = "RKE k8s cluster client certificate"
+  value       = rke_cluster.rke_cluster.client_cert
+  sensitive   = true
+}
+
+output "kubernetes_client_key" {
+  description = "RKE k8s cluster client key"
+  value       = rke_cluster.rke_cluster.client_key
+  sensitive   = true
+}
+
+output "kubernetes_ca_crt" {
+  description = "RKE k8s cluster CA certificate"
+  value       = rke_cluster.rke_cluster.ca_crt
+  sensitive   = true
+}
+
+output "kube_config_yaml" {
+  description = "RKE k8s cluster kube config yaml"
+  value       = rke_cluster.rke_cluster.kube_config_yaml
+  sensitive   = true
+}
+
+output "lb_address" {
+  description = "HCloud loadbalancer address"
+  value       = hcloud_load_balancer.rke_lb.ipv4
+}
+
+output "hcloud_ssh_key_public" {
+  description = "registered ssh public key on your Hetzner Cloud machines."
+  value       = local.public_key
+}
+
+output "hcloud_ssh_key_private" {
+  description = "registered ssh private key on your Hetzner Cloud machines."
+  value       = local.private_key
+}