Add cluster module

.github/workflows/lint.yaml

@@ -0,0 +1,41 @@
+name: Lint
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  tflint:
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+
+    steps:
+    - uses: actions/checkout@v4
+      name: Checkout source code
+
+    - uses: actions/cache@v4
+      name: Cache plugin dir
+      with:
+        path: ~/.tflint.d/plugins
+        key: ${{ matrix.os }}-tflint-${{ hashFiles('.tflint.hcl') }}
+
+    - uses: terraform-linters/setup-tflint@v4
+      name: Setup TFLint
+      with:
+        tflint_version: v0.52.0
+
+    - name: Show version
+      run: tflint --version
+
+    - name: Init TFLint
+      run: tflint --init
+      env:
+        # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+        GITHUB_TOKEN: ${{ github.token }}
+
+    - name: Run TFLint
+      run: tflint -f compact

.gitignore

@@ -0,0 +1,29 @@
+# Local .terraform directories
+**/.terraform/*
+
+# Terraform lockfile
+.terraform.lock.hcl
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

Makefile

@@ -0,0 +1,2 @@
+docs:
+	terraform-docs markdown table --output-file README.md --output-mode inject .

README.md

@@ -1 +1,76 @@
-# terraform-devzero-modules
+# Terraform module for adding a cluster to your devzero account
+
+[Website](https://devzero.io/dashboard)
+
+[Docs](https://docs.devzero.io)
+
+## Using the module
+
+A module to add a cluster to your devzero account
+
+Requires `devzero-inc/devzero` and `hashicorp/helm`
+
+```hcl
+provider "devzero" {
+    team_id = "YOUR_TEAM_ID"
+    token = "YOUR_PAT"
+}
+
+module "devzero-cluster" {
+    source = "devzero-inc/cluster"
+
+    cluster_name = "example-cluster"
+}
+```
+
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.1.0 |
+| <a name="requirement_devzero"></a> [devzero](#requirement\_devzero) | >= 0.1.1 |
+| <a name="requirement_helm"></a> [helm](#requirement\_helm) | >= 3.0.2 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_devzero"></a> [devzero](#provider\_devzero) | 0.1.1 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | 3.0.2 |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [devzero_cluster.cluster](https://registry.terraform.io/providers/devzero-inc/devzero/latest/docs/resources/cluster) | resource |
+| [helm_release.devzero_operator](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+| [helm_release.zxporter](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_cloud_provider"></a> [cloud\_provider](#input\_cloud\_provider) | The cloud provider of the cluster. Supported values: aws, azure, gcp, "". Empty string will be treated as no cloud credentials are required. | `string` | `""` | no |
+| <a name="input_cluster_name"></a> [cluster\_name](#input\_cluster\_name) | The name of the cluster | `string` | n/a | yes |
+| <a name="input_containerd_config_path"></a> [containerd\_config\_path](#input\_containerd\_config\_path) | The path to the containerd config | `string` | `null` | no |
+| <a name="input_containerd_socket_path"></a> [containerd\_socket\_path](#input\_containerd\_socket\_path) | The path to the containerd socket | `string` | `null` | no |
+| <a name="input_enable_live_migration_agent"></a> [enable\_live\_migration\_agent](#input\_enable\_live\_migration\_agent) | Whether to enable the live migration agent | `bool` | `false` | no |
+| <a name="input_enable_scheduler"></a> [enable\_scheduler](#input\_enable\_scheduler) | Whether to enable the scheduler | `bool` | `true` | no |
+| <a name="input_endpoint"></a> [endpoint](#input\_endpoint) | The endpoint of the control plane | `string` | `"https://dakr.devzero.io"` | no |
+| <a name="input_operator_extra_values"></a> [operator\_extra\_values](#input\_operator\_extra\_values) | Additional Helm values for the devzero-operator chart (as name->value). | <pre>list(object({<br/>    name  = string<br/>    value = string<br/>  }))</pre> | `[]` | no |
+| <a name="input_provision_prometheus"></a> [provision\_prometheus](#input\_provision\_prometheus) | Whether to provision prometheus | `bool` | `true` | no |
+| <a name="input_runtime"></a> [runtime](#input\_runtime) | The runtime of the cluster. Supported values: containerd, rke2, k3s. | `string` | `"containerd"` | no |
+| <a name="input_zxporter_extra_values"></a> [zxporter\_extra\_values](#input\_zxporter\_extra\_values) | Additional Helm values for the zxporter chart (as name->value). | <pre>list(object({<br/>    name  = string<br/>    value = string<br/>  }))</pre> | `[]` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_cluster_id"></a> [cluster\_id](#output\_cluster\_id) | n/a |
+| <a name="output_cluster_token"></a> [cluster\_token](#output\_cluster\_token) | n/a |
+<!-- END_TF_DOCS -->

main.tf

@@ -0,0 +1,122 @@
+locals {
+  containerd_config_path = {
+    containerd = "/etc/containerd/config.toml"
+    rke2       = "/var/lib/rancher/rke2/agent/etc/containerd/config.toml"
+    k3s        = "/var/lib/rancher/k3s/agent/etc/containerd/config.toml"
+  }
+  containerd_socket_path = {
+    containerd = "/run/containerd/containerd.sock"
+    rke2       = "/var/lib/rancher/rke2/agent/containerd/containerd.sock"
+    k3s        = "/var/lib/rancher/k3s/agent/containerd/containerd.sock"
+  }
+}
+
+resource "devzero_cluster" "cluster" {
+  name = var.cluster_name
+}
+
+resource "helm_release" "zxporter" {
+  name             = "zxporter"
+  chart            = "zxporter"
+  repository       = "oci://registry-1.docker.io/devzeroinc"
+  namespace        = "devzero"
+  create_namespace = true
+  atomic           = true
+  wait             = true
+  version          = "0.0.14"
+
+  set = concat([
+    {
+      name  = "zxporter.kubeContextName"
+      value = var.cluster_name
+    },
+    {
+      name  = "zxporter.k8sProvider"
+      value = var.cloud_provider
+    },
+    {
+      name  = "monitoring.prometheus.enabled"
+      value = tostring(var.provision_prometheus)
+    },
+    {
+      name  = "zxporter.dakrUrl"
+      value = var.endpoint
+    }
+  ], var.zxporter_extra_values)
+
+  set_sensitive = [
+    {
+      name  = "zxporter.clusterToken"
+      value = devzero_cluster.cluster.token
+    }
+  ]
+
+  depends_on = [devzero_cluster.cluster]
+}
+
+resource "helm_release" "devzero_operator" {
+  name             = "devzero-operator"
+  chart            = "dakr-operator"
+  repository       = "oci://registry-1.docker.io/devzeroinc"
+  namespace        = "devzero"
+  create_namespace = true
+  atomic           = true
+  wait             = true
+  version          = "0.1.3"
+
+  set = concat([
+    {
+      name  = "cloud"
+      value = var.cloud_provider
+    },
+    {
+      name  = "operator.clusterName"
+      value = var.cluster_name
+    },
+    {
+      name  = "operator.noCloudCreds"
+      value = tostring(var.cloud_provider == "")
+    },
+    {
+      name  = "operator.endpoint"
+      value = var.endpoint
+    },
+    {
+      name  = "scheduler.enabled"
+      value = tostring(var.enable_scheduler)
+    },
+    {
+      name  = "scheduler.controlPlaneAddress"
+      value = var.endpoint
+    },
+    {
+      name  = "agent.enabled"
+      value = tostring(var.enable_live_migration_agent)
+    },
+    {
+      name  = "agent.runtime"
+      value = var.runtime
+    },
+    {
+      name  = "agent.containerdConfigPath"
+      value = coalesce(var.containerd_config_path, lookup(local.containerd_config_path, var.runtime, "/etc/containerd/config.toml"))
+    },
+    {
+      name  = "agent.containerdSock"
+      value = coalesce(var.containerd_socket_path, lookup(local.containerd_socket_path, var.runtime, "/run/containerd/containerd.sock"))
+    },
+  ], var.operator_extra_values)
+
+  set_sensitive = [
+    {
+      name  = "operator.clusterToken"
+      value = devzero_cluster.cluster.token
+    },
+    {
+      name  = "scheduler.controlPlaneToken"
+      value = devzero_cluster.cluster.token
+    }
+  ]
+
+  depends_on = [devzero_cluster.cluster]
+}

outputs.tf

@@ -0,0 +1,8 @@
+output "cluster_id" {
+  value = devzero_cluster.cluster.id
+}
+
+output "cluster_token" {
+  value     = devzero_cluster.cluster.token
+  sensitive = true
+}

providers.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.1.0"
+  required_providers {
+    devzero = {
+      source  = "devzero-inc/devzero"
+      version = ">= 0.1.1"
+    }
+
+    helm = {
+      source  = "hashicorp/helm"
+      version = ">= 3.0.2"
+    }
+  }
+}

variables.tf

@@ -0,0 +1,80 @@
+variable "cluster_name" {
+  type        = string
+  description = "The name of the cluster"
+}
+
+variable "endpoint" {
+  type        = string
+  description = "The endpoint of the control plane"
+  default     = "https://dakr.devzero.io"
+}
+
+variable "cloud_provider" {
+  type        = string
+  description = "The cloud provider of the cluster. Supported values: aws, azure, gcp, \"\". Empty string will be treated as no cloud credentials are required."
+  default     = ""
+
+  validation {
+    condition     = contains(["aws", "azure", "gcp", ""], var.cloud_provider)
+    error_message = "cloud_provider must be one of: aws, azure, gcp, or empty string (\"\")."
+  }
+}
+
+variable "provision_prometheus" {
+  type        = bool
+  description = "Whether to provision prometheus"
+  default     = true
+}
+
+variable "enable_scheduler" {
+  type        = bool
+  description = "Whether to enable the scheduler"
+  default     = true
+}
+
+variable "enable_live_migration_agent" {
+  type        = bool
+  description = "Whether to enable the live migration agent"
+  default     = false
+}
+
+variable "runtime" {
+  type        = string
+  description = "The runtime of the cluster. Supported values: containerd, rke2, k3s."
+  default     = "containerd"
+
+  validation {
+    condition     = contains(["containerd", "rke2", "k3s"], var.runtime)
+    error_message = "runtime must be one of: containerd, rke2, k3s."
+  }
+}
+
+variable "containerd_config_path" {
+  type        = string
+  description = "The path to the containerd config"
+  default     = null
+}
+
+variable "containerd_socket_path" {
+  type        = string
+  description = "The path to the containerd socket"
+  default     = null
+}
+
+variable "zxporter_extra_values" {
+  type = list(object({
+    name  = string
+    value = string
+  }))
+  description = "Additional Helm values for the zxporter chart (as name->value)."
+  default     = []
+}
+
+variable "operator_extra_values" {
+  type = list(object({
+    name  = string
+    value = string
+  }))
+  description = "Additional Helm values for the devzero-operator chart (as name->value)."
+  default     = []
+}