introduce k3s_addons to provide additional start options

README.md

@@ -86,6 +86,7 @@ registry                = <registry for Rancher images> # e.g. "mtr.external.otc
 system-default-registry = <system default registry for K3S> # e.g. "mtr.external.otc.telekomcloud.com"
 repo_certmanager        = <overwrite the repo for cert-manager> # e.g. "quay.io/jetstack"
 image_traefik           = <overwrite the image for Traefik> # e.g. "rancher/mirrored-library-traefik"
+k3s_addon               = <additional k3s start option> # e.g. "--kube-apiserver-arg=\"enable-admission-plugins=NodeRestriction,PodSecurityPolicy,ServiceAccount\""
 ```
 
 * Adapt `bucket` name in `backend.tf` with the bucket name which you created before

files/k3s_server

@@ -73,9 +73,9 @@ fi
 # install k3s with MySQL backend
 ################################
 if [ "${k3s_version}" == "latest" ] || [ "${k3s_version}" == "stable" ]; then
-  curl -svfL4 --retry 100 https://get.k3s.io | INSTALL_K3S_CHANNEL=${k3s_version} sh -s - server --datastore-endpoint="mysql://root:${rds_root_password}@tcp(${rds_host}:${rds_port})/${rds_db}" --token=${token} --system-default-registry=${system-default-registry}
+  curl -svfL4 --retry 100 https://get.k3s.io | INSTALL_K3S_CHANNEL=${k3s_version} sh -s - server --datastore-endpoint="mysql://root:${rds_root_password}@tcp(${rds_host}:${rds_port})/${rds_db}" --token=${token} --system-default-registry=${system-default-registry} ${k3s_addon}
 else
-  curl -svfL4 --retry 100 https://get.k3s.io | INSTALL_K3S_VERSION=${k3s_version} sh -s - server --datastore-endpoint="mysql://root:${rds_root_password}@tcp(${rds_host}:${rds_port})/${rds_db}" --token=${token} --system-default-registry=${system-default-registry}
+  curl -svfL4 --retry 100 https://get.k3s.io | INSTALL_K3S_VERSION=${k3s_version} sh -s - server --datastore-endpoint="mysql://root:${rds_root_password}@tcp(${rds_host}:${rds_port})/${rds_db}" --token=${token} --system-default-registry=${system-default-registry} ${k3s_addon}
 fi
 
 #################################################

main.tf

@@ -278,6 +278,7 @@ locals {
     repo_certmanager        = var.repo_certmanager
     k3s_version             = var.k3s_version
     k3s_registry            = var.k3s_registry
+    k3s_addon               = var.k3s_addon
     token                   = var.token
     cert-manager_version    = var.cert-manager_version
   })

variables.tf

@@ -260,6 +260,11 @@ variable "k3s_version" {
   default     = "stable"
 }
 
+variable "k3s_addon" {
+  description = "Additional K3S start parameter" # e.g. --kube-apiserver-arg="enable-admission-plugins=NodeRestriction,PodSecurityPolicy,ServiceAccount"
+  default     = ""
+}
+
 variable "token" {
   description = "Access Token for K3S Nodes (required since v1.20.9+k3s1"
   default     = ""