Create an RKE2 cluster with Harvester
This will create an RKE2 downstream cluster under Rancher using Harvester as the cloud provider.
- Access to a Rancher server with at minimum a project_member role to a Harvester cluster project
- A user created API token to operate on Rancher
- Let's encrypt/ACME setup using DNS with Cloudflare
- Proxy with private CA
- Container registry mirrors
- When the cluster is created, RKE2 Nginx service will request a Harvester VIP Load Balancer, but the deletion of the Terraform/Cluster would not delete that LB, it need to be deleted manually in Harvester.
- Please submit the form sent to you with an official invite
- Wait for the account and networking setup to be done
- Update your own tfvars (rename or replace test.auto.tfvars)
- Make sure your dynamic DNS is fresh
- Deploy!
Name | Version |
---|---|
terraform | >= 1.6.2 |
helm | = 2.12.0 |
http | = 3.4.0 |
kubectl | = 1.14.0 |
rancher2 | = 3.2.0 |
Name | Version |
---|---|
helm | 2.12.0 |
http | 3.4.0 |
kubectl | 1.14.0 |
rancher2 | 3.2.0 |
No modules.
Name | Type |
---|---|
helm_release.cert-manager | resource |
kubectl_manifest.cloudflare_secret | resource |
kubectl_manifest.ingress_test_deploy | resource |
kubectl_manifest.ingress_test_ingress | resource |
kubectl_manifest.ingress_test_svc | resource |
kubectl_manifest.issuer | resource |
kubectl_manifest.wildcard_cert | resource |
rancher2_cloud_credential.harvester | resource |
rancher2_cluster_sync.this | resource |
rancher2_cluster_v2.this | resource |
rancher2_machine_config_v2.this | resource |
http_http.harvester-kubeconfig | data source |
rancher2_cluster_v2.harvester | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
acme_email | ACME email | string |
"" |
no |
acme_prod | Should a ACME production env cert be requested | bool |
false |
no |
acme_wildcard | Should we create an ACME Let's encrypt wildcard certificate | bool |
false |
no |
cert_manager_version | Cert-Manager chart version | string |
"v1.13.2" |
no |
cloudflare_api_token | Cloudflare API Token for let's encrypt | string |
"" |
no |
cluster_name | Cluster name to create | string |
n/a | yes |
container_registries | Container registries that need to be pulled from mirror | map(string) |
{} |
no |
container_registry_mirror | Container registry mirror | string |
"" |
no |
harvester_api | Harvester API endpoint URL | string |
n/a | yes |
harvester_cluster_name | Harvester cluster name | string |
n/a | yes |
harvester_image_name | Harvester cloud image name | string |
"ubuntu18.04" |
no |
harvester_image_namespace | Where the VM cloud image would be get from | string |
"harvester-public" |
no |
harvester_namespace | Harvester operating namespace | string |
n/a | yes |
harvester_network_name | Harvester network name to use for VM | string |
n/a | yes |
harvester_network_namespace | Harvester VM network namespace | string |
n/a | yes |
ingress_subdomain | Ingress subdomain before the root domain | string |
"" |
no |
ingress_top_domain | Ingress top level Domain Name | string |
"" |
no |
kubernetes_version | Cluster's Kubernetes version | string |
"v1.26.11+rke2r1" |
no |
node_pools | Node pools attributes | map |
{} |
no |
prov_user | VM user to create for ssh Rancher operations | string |
"ubuntu" |
no |
prov_user_ssh_pub_key | VM user ssh public key file path to inject under prov_user account | string |
"~/.ssh/id_rsa.pub" |
no |
proxy_host | Proxy host with port | string |
"" |
no |
rancher_internal_fqdn | Rancher self-aware FQDN - for dual ingress | string |
"" |
no |
rancher_token | Rancher Token | string |
n/a | yes |
rancher_url | Rancher URL | string |
n/a | yes |
root_ca_cert_path | Extra CA root certificate file path to add to the VM | string |
"" |
no |
vm_network_data | Cloud init network-data | string |
null |
no |
vm_user_data_tmpl_file | Cloud init user-data template file | string |
"cloud-inits/ubuntu.tftpl" |
no |
No outputs.