The Open Cloud Data Center initiative is focused on providing a standardized, scalable, and customizable cloud datacenter infrastructure.
The Open Cloud Data Center simplifies the deployment and management of cloud infrastructure through a modular, open-source architecture.
Why choose Open Cloud Data Center?
- Sovereignty: Complete control over your data and infrastructure.
- Portability: Move workloads across cloud providers or on-premises hardware.
- Cost-Efficiency: Optimize resource usage and avoid vendor lock-in.
- Community-Driven: Built on open standards and collaborative development.
git clone https://github.com/wso2/open-cloud-datacenter.git
cd open-cloud-datacenterReference any module directly from GitHub in your Terraform configuration:
module "bootstrap" {
source = "github.com/wso2/open-cloud-datacenter//modules/bootstrap?ref=v0.4.5"
ubuntu_image_id = "default/ubuntu-22-04"
vm_password = var.vm_password
rancher_hostname = "rancher.example.internal"
rancher_admin_password = var.rancher_admin_password
ippool_subnet = "192.168.10.0/24"
ippool_gateway = "192.168.10.1"
ippool_start = "192.168.10.10"
ippool_end = "192.168.10.10"
}The following reusable Terraform modules are available under modules/. See the architecture overview in docs/architecture.md for how they relate to each other.
| Module | Description |
|---|---|
| modules/bootstrap | Provisions an RKE2-based Rancher server on Harvester HCI via cloud-init, with a Load Balancer and IP pool for external access. |
| Module | Description |
|---|---|
| modules/identity/rancher-oidc | Configures Rancher to use a generic OIDC provider for user authentication. |
| modules/identity/providers/asgardeo | Presets for integrating WSO2 Asgardeo as the identity provider. |
| Module | Description |
|---|---|
| modules/management/networking | Creates and manages VLAN-backed Harvester networks for tenant and management workloads. |
| modules/management/storage | Downloads and registers OS images into Harvester HCI, making them available for VM provisioning. |
| modules/management/cluster-roles | Defines custom Rancher role templates (e.g. vm-metrics-observer) shared across tenant projects. |
| modules/management/tenant-space | Full team onboarding: creates a Rancher project, namespace, resource quotas, and role bindings. |
| modules/management/rbac | Lightweight module for bulk creating projects and namespaces without advanced role bindings. |
| modules/management/harvester-integration | Registers the Harvester HCI cluster into Rancher, enabling the UI extension and cloud credential. |
| Module | Description |
|---|---|
| modules/monitoring | Deploys a full monitoring stack (Prometheus / Alertmanager / Calert) with Google Chat notification support. |
| Module | Description |
|---|---|
| modules/workloads/k8s-cluster | Provisions a tenant RKE2 Kubernetes cluster on Harvester HCI via Rancher's machine provisioning API. |
| modules/workloads/vm | Provisions standalone virtual machines on Harvester HCI with support for multiple disks and cloud-init. |
The modules are designed to be applied in sequence across five phases:
- Phase 0 — Bootstrap (
modules/bootstrap): Deploy RKE2 + Rancher inside Harvester. - Phase 1 — Rancher Auth: Connect the Rancher provider using the bootstrapped endpoint and password.
- Phase 2 — Management (
modules/management/*): Register Harvester into Rancher and configure shared resources (networks, images, roles). - Phase 3 — Identity & Monitoring (
modules/identity/*,modules/monitoring): Configure OIDC authentication and observability. - Phase 4 — Workloads (
modules/workloads/*): Provision tenant Kubernetes clusters or standalone VMs on demand.
See docs/architecture.md for a detailed breakdown.
- GitHub Issues: Report bugs or request features
We welcome contributions! Please see CONTRIBUTING.md for details on our code of conduct and the process for submitting pull requests.
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.