feat: build helm chart, update modules (#86)

Signed-off-by: matttrach <matt.trachier@suse.com>

Author: matttrach

.gitignore

@@ -27,3 +27,4 @@ examples/*/kubeconfig
 test/tests/data/*
 examples/basic/rancher_bootstrap
 .terraform.lock.hcl
+run.sh

README.md

@@ -16,19 +16,30 @@ We recommend setting the following environment variables for quick personal use:
 
 ```shell
 GITHUB_TOKEN
+GITHUB_OWNER
 AWS_REGION
 AWS_SECRET_ACCESS_KEY
 AWS_ACCESS_KEY_ID
 ZONE
 ```
 
+This module now supports the use of AWS temporary credentials to deploy cert manager.
+At the moment it uses the same credentials supplied to generate the infrastructure,
+ but in the future we intend to add the ability to supply cert manager specific credentials.
+Make sure to set the AWS_SESSION_TOKEN environment variable when using this.
+
 #### Tools
 
 These tools will need to be installed on the machine running Terraform:
 - curl
 - jq
 - kubectl
 - terraform
+- yq
+- helm (v3)
+- git
+
+Check out the flake.nix file for a list of packages that we use when developing and testing (lines 50-80).
 
 #### Local Filesystem Write Access
 
@@ -74,9 +85,8 @@ These tools are not necessary, but they can make it much simpler to collaborate.
 
 #### Automated Tests
 
-Our continuous integration tests using the GitHub [ubuntu-latest runner](https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md), we then rely on Nix to deploy the additional dependencies.
-
-It also has special integrations with AWS to allow secure authentication, see https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services for more information.
+Our continuous integration tests using the GitHub [ubuntu-latest runner](https://github.com/actions/runner-images/blob/main/images/linux/Ubuntu2204-Readme.md),
+ we then rely on Nix to deploy the additional dependencies.
 
-With this tool it is possible to retrieve the aws access key and aws secret key to the temporarily defined access to the AWS account.
-We send these to Rancher when building our tests, this allows us to temporarily and securely setup certmanger and Rancher provisioning.
+It also has special integrations with AWS to allow secure authentication,
+ see https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services for more information.

examples/check_for_vpc_dependencies.sh

@@ -39,29 +39,28 @@ provider "rancher2" {
 }
 
 locals {
-  identifier              = var.identifier
-  example                 = "basic"
-  project_name            = "tf-${substr(md5(join("-", [local.example, local.identifier])), 0, 5)}"
-  username                = local.project_name
-  domain                  = local.project_name
-  zone                    = var.zone
-  key_name                = var.key_name
-  key                     = var.key
-  owner                   = var.owner
-  rke2_version            = var.rke2_version
-  local_file_path         = var.file_path
-  runner_ip               = chomp(data.http.myip.response_body) # "runner" is the server running Terraform
-  rancher_version         = var.rancher_version
-  rancher_helm_repository = "https://releases.rancher.com/server-charts/stable"
-  cert_manager_version    = "1.16.3" #"1.13.1"
-  os                      = "sle-micro-60"
-  aws_access_key_id       = var.aws_access_key_id
-  aws_secret_access_key   = var.aws_secret_access_key
-  aws_session_token       = var.aws_session_token
-  aws_region              = var.aws_region
-  email                   = (var.email != "" ? var.email : "${local.identifier}@${local.zone}")
-  acme_server_url         = "https://acme-v02.api.letsencrypt.org"
-  private_ip              = replace(module.rancher.private_endpoint, "http://", "")
+  identifier            = var.identifier
+  example               = "basic"
+  project_name          = "tf-${substr(md5(join("-", [local.example, local.identifier])), 0, 5)}"
+  username              = local.project_name
+  domain                = local.project_name
+  zone                  = var.zone
+  key_name              = var.key_name
+  key                   = var.key
+  owner                 = var.owner
+  rke2_version          = var.rke2_version
+  local_file_path       = var.file_path
+  runner_ip             = chomp(data.http.myip.response_body) # "runner" is the server running Terraform
+  rancher_version       = var.rancher_version
+  cert_manager_version  = "1.16.3" #"1.13.1"
+  os                    = "sle-micro-61"
+  aws_access_key_id     = var.aws_access_key_id
+  aws_secret_access_key = var.aws_secret_access_key
+  aws_session_token     = var.aws_session_token
+  aws_region            = var.aws_region
+  email                 = (var.email != "" ? var.email : "${local.identifier}@${local.zone}")
+  acme_server_url       = "https://acme-v02.api.letsencrypt.org"
+  private_ip            = replace(module.rancher.private_endpoint, "http://", "")
 }
 
 data "http" "myip" {
@@ -97,10 +96,9 @@ module "rancher" {
     }
   }
   # rancher
-  rancher_version         = local.rancher_version
-  rancher_helm_repository = local.rancher_helm_repository
-  cert_manager_version    = local.cert_manager_version
-  configure_cert_manager  = true
+  rancher_version        = local.rancher_version
+  cert_manager_version   = local.cert_manager_version
+  configure_cert_manager = true
   cert_manager_configuration = {
     aws_access_key_id     = local.aws_access_key_id
     aws_secret_access_key = local.aws_secret_access_key
@@ -113,7 +111,7 @@ module "rancher" {
 
 module "rke2_image" {
   source              = "rancher/server/aws"
-  version             = "v1.3.1"
+  version             = "v1.4.0"
   server_use_strategy = "skip"
   image_use_strategy  = "find"
   image_type          = local.os

examples/deploy_rke2/main.tf

@@ -39,30 +39,29 @@ provider "rancher2" {
 }
 
 locals {
-  identifier              = var.identifier
-  example                 = "basic"
-  project_name            = "tf-${substr(md5(join("-", [local.example, local.identifier])), 0, 5)}"
-  username                = local.project_name
-  domain                  = local.project_name
-  zone                    = var.zone
-  key_name                = var.key_name
-  key                     = var.key
-  owner                   = var.owner
-  rke2_version            = var.rke2_version
-  local_file_path         = var.file_path
-  runner_ip               = chomp(data.http.myip.response_body) # "runner" is the server running Terraform
-  rancher_version         = var.rancher_version
-  rancher_helm_repository = "https://releases.rancher.com/server-charts/stable"
-  cert_manager_version    = "1.16.3" #"1.13.1"
-  os                      = "sle-micro-60"
-  acme_server_url         = "https://acme-v02.api.letsencrypt.org"
-  aws_access_key_id       = var.aws_access_key_id
-  aws_secret_access_key   = var.aws_secret_access_key
-  aws_region              = var.aws_region
-  aws_session_token       = var.aws_session_token
-  email                   = (var.email != "" ? var.email : "${local.identifier}@${local.zone}")
-  private_ip              = replace(module.rancher.private_endpoint, "http://", "")
-  hostname_prefix         = local.project_name
+  identifier            = var.identifier
+  example               = "basic"
+  project_name          = "tf-${substr(md5(join("-", [local.example, local.identifier])), 0, 5)}"
+  username              = local.project_name
+  domain                = local.project_name
+  zone                  = var.zone
+  key_name              = var.key_name
+  key                   = var.key
+  owner                 = var.owner
+  rke2_version          = var.rke2_version
+  local_file_path       = var.file_path
+  runner_ip             = chomp(data.http.myip.response_body) # "runner" is the server running Terraform
+  rancher_version       = var.rancher_version
+  cert_manager_version  = "1.16.3" #"1.13.1"
+  os                    = "sle-micro-61"
+  acme_server_url       = "https://acme-v02.api.letsencrypt.org"
+  aws_access_key_id     = var.aws_access_key_id
+  aws_secret_access_key = var.aws_secret_access_key
+  aws_region            = var.aws_region
+  aws_session_token     = var.aws_session_token
+  email                 = (var.email != "" ? var.email : "${local.identifier}@${local.zone}")
+  private_ip            = replace(module.rancher.private_endpoint, "http://", "")
+  hostname_prefix       = local.project_name
 }
 
 data "http" "myip" {
@@ -98,10 +97,9 @@ module "rancher" {
     }
   }
   # rancher
-  rancher_version         = local.rancher_version
-  rancher_helm_repository = local.rancher_helm_repository
-  cert_manager_version    = local.cert_manager_version
-  configure_cert_manager  = true
+  rancher_version        = local.rancher_version
+  cert_manager_version   = local.cert_manager_version
+  configure_cert_manager = true
   cert_manager_configuration = {
     aws_access_key_id     = local.aws_access_key_id
     aws_secret_access_key = local.aws_secret_access_key
@@ -114,7 +112,7 @@ module "rancher" {
 
 module "rke2_image" {
   source              = "rancher/server/aws"
-  version             = "v1.3.1"
+  version             = "v1.4.0"
   server_use_strategy = "skip"
   image_use_strategy  = "find"
   image_type          = local.os