fix!: rewrite the deployment system

.github/workflows/validate.yaml

@@ -87,7 +87,7 @@ jobs:
           # This format enables automatic generation of changelogs and versioning
           filter() {
             COMMIT="$1"
-            ouput="$(echo "$COMMIT" | grep -e '^fix: ' -e '^feature: ' -e '^feat: ' -e 'refactor!: ' -e 'feature!: ' -e 'feat!: ' -e '^chore(main): ')"
+            output="$(echo "$COMMIT" | grep -e '^fix: ' -e '^feature: ' -e '^feat: ' -e 'refactor!: ' -e 'feature!: ' -e 'feat!: ' -e '^chore(main): ')"
             echo "$output"
           }
           prefix_check() {

.gitignore

@@ -29,3 +29,5 @@ examples/basic/rancher_bootstrap
 .terraform.lock.hcl
 run.sh
 *.test
+static_files.txt
+* copy

aspell_custom.txt

@@ -0,0 +1,4 @@
+kubernetes
+config
+git
+variablize

examples/deploy_rke2/versions.tf → examples/downstream/versions.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     local = {
       source  = "hashicorp/local"
-      version = ">= 2.4"
+      version = ">= 2.5"
     }
     random = {
       source  = "hashicorp/random"
@@ -39,7 +39,7 @@ terraform {
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.14"
+      version = "2.14"
     }
     rancher2 = {
       source  = "rancher/rancher2"

examples/deploy_rke2_multiple_pools/versions.tf → examples/downstream_splitrole/versions.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     local = {
       source  = "hashicorp/local"
-      version = ">= 2.4"
+      version = ">= 2.5"
     }
     random = {
       source  = "hashicorp/random"
@@ -39,7 +39,7 @@ terraform {
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.14"
+      version = "2.14"
     }
     rancher2 = {
       source  = "rancher/rancher2"

examples/one/versions.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     local = {
       source  = "hashicorp/local"
-      version = ">= 2.4"
+      version = ">= 2.5"
     }
     random = {
       source  = "hashicorp/random"
@@ -39,7 +39,7 @@ terraform {
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.14"
+      version = "2.14"
     }
     rancher2 = {
       source  = "rancher/rancher2"

examples/prod/README.md

@@ -0,0 +1,36 @@
+# Production
+
+This example shows what the RKE2 team considers an ideal production infrastructure configuration with Rancher deployed.
+
+## Note
+
+While this is what we consider the ideal technical configuration we are not working with the constraints that many users have.
+
+- Not every team is worried about scaling their cluster
+- Not every team can afford to deploy 9 nodes
+- Not every team is worried about availability
+
+The name of this example is "production" because it is what we believe will cause the least amount of trouble for the user in the long run.
+After years of troubleshooting RKE2 deployments we feel that most problems that users encounter can be avoided with this configuration.
+
+You know the constraints or goals of your team better than we do, so while this example is titled "production"
+it isn't meant to be a judgement of the other examples, do what works best for your team, there is no
+"one size fits all" infrastructure configuration.
+
+# Split Role
+
+This configuration includes three node roles: `database`, `API`, and `worker`.
+Each role is considered critical to scaling your cluster:
+
+- the `database` role is RKE2 focused on etcd
+- the `API` role is RKE2 focused on the Kubernetes API components
+- the `worker` role is RKE2 focused on user workloads
+
+# Scaling
+
+As the number of total nodes increases, you should scale your `database` nodes accordingly.
+  - monitor disk pressure
+As the number of requests to kubernetes increases you should scale your `API` nodes.
+  - monitor network traffic, both ingress from outside of your cluster and between nodes
+As the amount of user workloads increases you should increase the `worker` nodes.
+  - monitor CPU and RAM usage of your workers

examples/prod/versions.tf

@@ -3,7 +3,7 @@ terraform {
   required_providers {
     local = {
       source  = "hashicorp/local"
-      version = ">= 2.4"
+      version = ">= 2.5"
     }
     random = {
       source  = "hashicorp/random"
@@ -39,7 +39,7 @@ terraform {
     }
     helm = {
       source  = "hashicorp/helm"
-      version = ">= 2.14"
+      version = "2.14"
     }
     rancher2 = {
       source  = "rancher/rancher2"

examples/three/main.tf

@@ -0,0 +1,119 @@
+provider "aws" {
+  default_tags {
+    tags = {
+      Id    = local.identifier
+      Owner = local.owner
+    }
+  }
+}
+
+provider "acme" {
+  server_url = "${local.acme_server_url}/directory"
+}
+
+provider "github" {}
+provider "kubernetes" {} # make sure you set the env variable KUBE_CONFIG_PATH to local_file_path (file_path variable)
+provider "helm" {}       # make sure you set the env variable KUBE_CONFIG_PATH to local_file_path (file_path variable)
+
+provider "rancher2" {
+  alias     = "authenticate"
+  bootstrap = true
+  api_url   = "https://${local.domain}.${local.zone}"
+  timeout   = "300s"
+}
+
+resource "rancher2_bootstrap" "authenticate" {
+  depends_on = [
+    module.rancher,
+  ]
+  provider         = rancher2.authenticate
+  initial_password = module.rancher.admin_password
+  password         = module.rancher.admin_password
+  token_update     = true
+  token_ttl        = 7200 # 2 hours
+}
+
+provider "rancher2" {
+  alias     = "default"
+  api_url   = "https://${local.domain}.${local.zone}"
+  token_key = rancher2_bootstrap.authenticate.token
+  timeout   = "300s"
+}
+
+locals {
+  identifier           = var.identifier
+  example              = "basic"
+  project_name         = "tf-${substr(md5(join("-", [local.example, local.identifier])), 0, 5)}"
+  username             = local.project_name
+  domain               = local.project_name
+  zone                 = var.zone
+  key_name             = var.key_name
+  key                  = var.key
+  acme_server_url      = "https://acme-v02.api.letsencrypt.org"
+  owner                = var.owner
+  rke2_version         = var.rke2_version
+  local_file_path      = var.file_path
+  runner_ip            = chomp(data.http.myip.response_body) # "runner" is the server running Terraform
+  rancher_version      = var.rancher_version
+  cert_manager_version = "1.16.3" # "1.13.1"
+  os                   = "sle-micro-61"
+}
+
+data "http" "myip" {
+  url = "https://ipinfo.io/ip"
+}
+
+module "rancher" {
+  source = "../../"
+  # project
+  identifier   = local.identifier
+  owner        = local.owner
+  project_name = local.project_name
+  domain       = local.domain
+  zone         = local.zone
+  # access
+  key_name = local.key_name
+  key      = local.key
+  username = local.username
+  admin_ip = local.runner_ip
+  # rke2
+  rke2_version    = local.rke2_version
+  local_file_path = local.local_file_path
+  install_method  = "rpm" # rpm only for now, need to figure out local helm chart installs otherwise
+  cni             = "canal"
+  node_configuration = {
+    "rancherA" = {
+      type            = "all-in-one"
+      size            = "xxl"
+      os              = local.os
+      indirect_access = true
+      initial         = true
+    }
+    "rancherB" = {
+      type            = "all-in-one"
+      size            = "xxl"
+      os              = local.os
+      indirect_access = true
+      initial         = false
+    }
+    "rancherC" = {
+      type            = "all-in-one"
+      size            = "xxl"
+      os              = local.os
+      indirect_access = true
+      initial         = false
+    }
+  }
+  # rancher
+  cert_manager_version = local.cert_manager_version
+  rancher_version      = local.rancher_version
+}
+
+data "rancher2_cluster" "local" {
+  depends_on = [
+    module.rancher,
+    rancher2_bootstrap.authenticate,
+  ]
+  provider = rancher2.default
+  name     = "local"
+}

examples/three/outputs.tf

@@ -0,0 +1,22 @@
+output "kubeconfig" {
+  value       = module.rancher.kubeconfig
+  description = <<-EOT
+    The kubeconfig for the server.
+  EOT
+  sensitive   = true
+}
+output "address" {
+  value = module.rancher.address
+}
+output "admin_token" {
+  value     = module.rancher.admin_token
+  sensitive = true
+}
+output "admin_password" {
+  value     = module.rancher.admin_password
+  sensitive = true
+}
+output "cluster_data" {
+  value     = jsonencode(data.rancher2_cluster.local)
+  sensitive = true
+}

examples/three/variables.tf

@@ -0,0 +1,54 @@
+variable "key_name" {
+  type        = string
+  description = <<-EOT
+    The name of an AWS key pair to use for SSH access to the instance.
+    This key should already be added to your ssh agent for server authentication.
+  EOT
+}
+variable "key" {
+  type        = string
+  description = <<-EOT
+    The contents of an AWS key pair to use for SSH access to the instance.
+    This is necessary for installing rke2 on the nodes and will be removed after installation.
+  EOT
+}
+variable "identifier" {
+  type        = string
+  description = <<-EOT
+    A unique identifier for the project, this helps when generating names for infrastructure items."
+  EOT
+}
+variable "owner" {
+  type        = string
+  description = <<-EOT
+    The owner of the project, this helps when generating names for infrastructure items."
+  EOT
+}
+variable "zone" {
+  type        = string
+  description = <<-EOT
+    The Route53 DNS zone to deploy the cluster into.
+    This is used to generate the DNS name for the cluster.
+    The zone must already exist.
+  EOT
+}
+variable "rke2_version" {
+  type        = string
+  description = <<-EOT
+    The version of rke2 to install on the nodes.
+  EOT
+}
+variable "rancher_version" {
+  type        = string
+  description = <<-EOT
+    The version of rancher to install on the rke2 cluster.
+  EOT
+  default     = "2.9.1"
+}
+variable "file_path" {
+  type        = string
+  description = <<-EOT
+    The path to the file containing the rke2 install script.
+  EOT
+  default     = "./rke2"
+}

examples/three/versions.tf

@@ -0,0 +1,53 @@
+terraform {
+  required_version = ">= 1.5.0"
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = ">= 2.5"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = ">= 3.5.1"
+    }
+    github = {
+      source  = "integrations/github"
+      version = ">= 5.44"
+    }
+    aws = {
+      source  = "hashicorp/aws"
+      version = ">= 5.11"
+    }
+    http = {
+      source  = "hashicorp/http"
+      version = ">= 3.4"
+    }
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 3"
+    }
+    tls = {
+      source  = "hashicorp/tls"
+      version = ">= 4.0"
+    }
+    acme = {
+      source  = "vancluever/acme"
+      version = ">= 2.0"
+    }
+    cloudinit = {
+      source  = "hashicorp/cloudinit"
+      version = ">= 2.3.3"
+    }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "2.14"
+    }
+    rancher2 = {
+      source  = "rancher/rancher2"
+      version = ">= 5.0.0"
+    }
+    kubernetes = {
+      source  = "hashicorp/kubernetes"
+      version = ">= 2.31.0"
+    }
+  }
+}