From 0f08cfb0d245d22a2e89335af7eecf4b3ebb3071 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julian=20T=C3=B6lle?= <julian.toelle97@gmail.com>
Date: Mon, 13 May 2019 01:05:58 +0200
Subject: [PATCH] deploy k8s using rke-provider

---
 dashboard.tf                                 |  32 +++++
 main.tf                                      | 134 ++++++++++++++++---
 provider_hcloud.tf                           |   4 -
 provider_kubernetes.tf                       |   9 ++
 provider_other.tf                            |   4 +
 provider_rke.tf                              |   3 +
 templates/ansible_inventory.cfg              |   8 --
 terraform_provider_test/Makefile             |  14 --
 terraform_provider_test/cluster.tf           |  60 ---------
 terraform_provider_test/nodes.tf             |  19 ---
 terraform_provider_test/provider_hcloud.tf   |  12 --
 terraform_provider_test/provider_rancher2.tf |  17 ---
 terraform_provider_test/terraform.tfvars     |   3 -
 vars.tf                                      |   1 +
 14 files changed, 167 insertions(+), 153 deletions(-)
 create mode 100644 dashboard.tf
 create mode 100644 provider_kubernetes.tf
 create mode 100644 provider_rke.tf
 delete mode 100644 templates/ansible_inventory.cfg
 delete mode 100644 terraform_provider_test/Makefile
 delete mode 100644 terraform_provider_test/cluster.tf
 delete mode 100644 terraform_provider_test/nodes.tf
 delete mode 100644 terraform_provider_test/provider_hcloud.tf
 delete mode 100644 terraform_provider_test/provider_rancher2.tf
 delete mode 100644 terraform_provider_test/terraform.tfvars
 create mode 100644 vars.tf

diff --git a/dashboard.tf b/dashboard.tf
new file mode 100644
index 0000000..25f7d18
--- /dev/null
+++ b/dashboard.tf
@@ -0,0 +1,32 @@
+resource "kubernetes_service_account" "dashboard" {
+  metadata {
+    name      = "dashboard-admin"
+    namespace = "kube-system"
+
+    labels = {
+      app = "dashboard"
+    }
+  }
+}
+
+resource "kubernetes_cluster_role_binding" "dashboard" {
+  metadata {
+    name = "dashboard-admin"
+
+    labels = {
+      app = "dashboard"
+    }
+  }
+
+  role_ref {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "ClusterRole"
+    name      = "cluster-admin"
+  }
+
+  subject {
+    kind      = "ServiceAccount"
+    name      = "dashboard-admin"
+    namespace = "kube-system"
+  }
+}
diff --git a/main.tf b/main.tf
index 07577d9..7f8553d 100755
--- a/main.tf
+++ b/main.tf
@@ -3,6 +3,29 @@ resource hcloud_server control {
   name        = "control${count.index}"
   image       = "ubuntu-18.04"
   server_type = "cx21"
+
+  ssh_keys = ["${hcloud_ssh_key.terraform.id}"]
+
+  connection {
+    private_key = "${file("./keys/id_terraform")}"
+  }
+
+  user_data = <<END
+#cloud-config
+package_upgrade: true
+packages:
+ - docker.io
+END
+
+  provisioner "remote-exec" {
+    inline = [
+      "cloud-init status --wait",
+    ]
+  }
+
+  lifecycle {
+    create_before_destroy = false
+  }
 }
 
 resource hcloud_server compute {
@@ -10,28 +33,107 @@ resource hcloud_server compute {
   name        = "compute${count.index}"
   image       = "ubuntu-18.04"
   server_type = "cx21"
+
+  ssh_keys = ["${hcloud_ssh_key.terraform.id}"]
+
+  connection {
+    private_key = "${file("./keys/id_terraform")}"
+  }
+
+  user_data = <<END
+#cloud-config
+package_upgrade: true
+packages:
+ - docker.io
+END
+
+  provisioner "remote-exec" {
+    inline = [
+      "cloud-init status --wait",
+    ]
+  }
+
+  lifecycle {
+    create_before_destroy = false
+  }
 }
 
-data "template_file" "ansible_inventory" {
-  template = "${file("${path.module}/templates/ansible_inventory.cfg")}"
+resource rke_cluster "cluster" {
+  services_kube_api {
+    extra_args = {
+      feature-gates = "CSINodeInfo=true,CSIDriverRegistry=true"
+    }
+  }
 
-  depends_on = [
-    "hcloud_server.control",
-    "hcloud_server.compute",
+  services_kubelet {
+    extra_args = {
+      feature-gates = "CSINodeInfo=true,CSIDriverRegistry=true"
+    }
+  }
+
+  addons = <<EOL
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: hcloud-csi
+  namespace: kube-system
+stringData:
+  token: ${var.hcloud_csi_token}
+---
+EOL
+
+  addons_include = [
+    "https://raw.githubusercontent.com/kubernetes/csi-api/release-1.13/pkg/crd/manifests/csidriver.yaml",
+    "https://raw.githubusercontent.com/kubernetes/csi-api/release-1.13/pkg/crd/manifests/csinodeinfo.yaml",
+    "https://raw.githubusercontent.com/hetznercloud/csi-driver/master/deploy/kubernetes/hcloud-csi.yml",
+    "https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml",
   ]
 
-  vars {
-    control = "${join("\n", hcloud_server.control.*.ipv4_address)}"
-    compute = "${join("\n", hcloud_server.compute.*.ipv4_address)}"
+  nodes {
+    address = "${hcloud_server.control.0.ipv4_address}"
+    user    = "root"
+    role    = ["controlplane", "etcd"]
+    ssh_key = "${file("keys/id_terraform")}"
+  }
+
+  nodes {
+    address = "${hcloud_server.control.1.ipv4_address}"
+    user    = "root"
+    role    = ["controlplane", "etcd"]
+    ssh_key = "${file("keys/id_terraform")}"
+  }
+
+  nodes {
+    address = "${hcloud_server.control.2.ipv4_address}"
+    user    = "root"
+    role    = ["controlplane", "etcd"]
+    ssh_key = "${file("keys/id_terraform")}"
+  }
+
+  nodes {
+    address = "${hcloud_server.compute.0.ipv4_address}"
+    user    = "root"
+    role    = ["worker"]
+    ssh_key = "${file("keys/id_terraform")}"
+  }
+
+  nodes {
+    address = "${hcloud_server.compute.1.ipv4_address}"
+    user    = "root"
+    role    = ["worker"]
+    ssh_key = "${file("keys/id_terraform")}"
+  }
+
+  nodes {
+    address = "${hcloud_server.compute.2.ipv4_address}"
+    user    = "root"
+    role    = ["worker"]
+    ssh_key = "${file("keys/id_terraform")}"
   }
 }
 
-resource "null_resource" "ansible_inventory" {
-  triggers {
-    template_rendered = "${data.template_file.ansible_inventory.rendered}"
-  }
-
-  provisioner "local-exec" {
-    command = "echo '${data.template_file.ansible_inventory.rendered}' > ansible_inventory"
-  }
+resource local_file kube_cluster_yaml {
+  filename = "${path.root}/kube_config_cluster.yml"
+  content  = "${rke_cluster.cluster.kube_config_yaml}"
 }
diff --git a/provider_hcloud.tf b/provider_hcloud.tf
index 00cd3bc..5e605df 100755
--- a/provider_hcloud.tf
+++ b/provider_hcloud.tf
@@ -18,8 +18,4 @@ provider "hcloud" {
 resource "hcloud_ssh_key" "terraform" {
   name       = "terraform"
   public_key = "${file("./keys/id_terraform.pub")}"
-
-  labels = {
-    "description" = "Used by terraform to provision nodes"
-  }
 }
diff --git a/provider_kubernetes.tf b/provider_kubernetes.tf
new file mode 100644
index 0000000..40de9b3
--- /dev/null
+++ b/provider_kubernetes.tf
@@ -0,0 +1,9 @@
+provider "kubernetes" {
+  version = "~> 1.6"
+
+  host = "${rke_cluster.cluster.api_server_url}"
+
+  client_certificate     = "${rke_cluster.cluster.client_cert}"
+  client_key             = "${rke_cluster.cluster.client_key}"
+  cluster_ca_certificate = "${rke_cluster.cluster.ca_crt}"
+}
diff --git a/provider_other.tf b/provider_other.tf
index 83575b4..ffff249 100755
--- a/provider_other.tf
+++ b/provider_other.tf
@@ -2,6 +2,10 @@ provider "null" {
   version = "~> 1.0"
 }
 
+provider "local" {
+  version = "~> 1.2"
+}
+
 provider "template" {
   version = "~> 1.0"
 }
diff --git a/provider_rke.tf b/provider_rke.tf
new file mode 100644
index 0000000..5f63927
--- /dev/null
+++ b/provider_rke.tf
@@ -0,0 +1,3 @@
+provider "rke" {
+  version = "~> 0.11"
+}
diff --git a/templates/ansible_inventory.cfg b/templates/ansible_inventory.cfg
deleted file mode 100644
index d53f869..0000000
--- a/templates/ansible_inventory.cfg
+++ /dev/null
@@ -1,8 +0,0 @@
-[kube-master]
-${control}
-
-[etcd]
-${control}
-
-[kube-node]
-${compute}
\ No newline at end of file
diff --git a/terraform_provider_test/Makefile b/terraform_provider_test/Makefile
deleted file mode 100644
index 2516f40..0000000
--- a/terraform_provider_test/Makefile
+++ /dev/null
@@ -1,14 +0,0 @@
-TF=terraform
-TFFLAGS=-var-file=credentials.tfvars
-
-apply: init
-	$(TF) apply $(TFFLAGS) 
-
-plan: init
-	$(TF) plan $(TFFLAGS)
-
-destroy: init
-	$(TF) destroy $(TFFLAGS)
-
-init:
-	$(TF) init
diff --git a/terraform_provider_test/cluster.tf b/terraform_provider_test/cluster.tf
deleted file mode 100644
index 8de3c51..0000000
--- a/terraform_provider_test/cluster.tf
+++ /dev/null
@@ -1,60 +0,0 @@
-resource "rancher2_cluster" "sandbox" {
-  name        = "sandbox"
-  description = "home-cloud sandbox cluster"
-  kind        = "rke"
-
-  rke_config {
-    network {
-      plugin = "canal"
-    }
-
-    kubernetes_version = "v1.13.4-rancher1-1"
-
-    addons = <<ADDONS
-apiVersion: v1
-kind: Secret
-metadata:
-  name: hcloud-csi
-  namespace: kube-system
-stringData:
-  token: ${var.hcloud_token}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: hcloud
-  namespace: kube-system
-stringData:
-  token: ${var.hcloud_token}
-ADDONS
-
-    addons_include = [
-      "https://raw.githubusercontent.com/kubernetes/csi-api/release-1.13/pkg/crd/manifests/csidriver.yaml",
-      "https://raw.githubusercontent.com/kubernetes/csi-api/release-1.13/pkg/crd/manifests/csinodeinfo.yaml",
-      "https://raw.githubusercontent.com/hetznercloud/csi-driver/master/deploy/kubernetes/hcloud-csi.yml",
-      "https://raw.githubusercontent.com/hetznercloud/hcloud-cloud-controller-manager/master/deploy/v1.2.0.yaml",
-    ]
-  }
-}
-
-resource "rancher2_node_pool" "control" {
-  cluster_id       = "${rancher2_cluster.sandbox.id}"
-  name             = "control"
-  hostname_prefix  = "control"
-  node_template_id = "user-x5qrl:nt-mdfr7"
-  quantity         = 1
-  control_plane    = true
-  etcd             = true
-  worker           = false
-}
-
-resource "rancher2_node_pool" "compute" {
-  cluster_id       = "${rancher2_cluster.sandbox.id}"
-  name             = "compute"
-  hostname_prefix  = "compute"
-  node_template_id = "user-x5qrl:nt-mdfr7"
-  quantity         = 1
-  control_plane    = false
-  etcd             = false
-  worker           = true
-}
diff --git a/terraform_provider_test/nodes.tf b/terraform_provider_test/nodes.tf
deleted file mode 100644
index d939467..0000000
--- a/terraform_provider_test/nodes.tf
+++ /dev/null
@@ -1,19 +0,0 @@
-resource rancher2_node_driver hcloud {
-  active            = true
-  builtin           = false
-  description       = "Hetzner Cloud"
-  external_id       = "hcloud"
-  name              = "hetzner"
-  ui_url            = "https://storage.googleapis.com/hcloud-rancher-v2-ui-driver/component.js"
-  url               = "https://github.com/JonasProgrammer/docker-machine-driver-hetzner/releases/download/1.2.2/docker-machine-driver-hetzner_1.2.2_linux_amd64.tar.gz"
-  whitelist_domains = ["storage.googleapis.com"]
-}
-
-resource hcloud_floating_ip cluster {
-  type          = "ipv4"
-  home_location = "${var.hcloud_location}"
-}
-
-output cluster_ip {
-  value = "${hcloud_floating_ip.cluster.ip_address}"
-}
diff --git a/terraform_provider_test/provider_hcloud.tf b/terraform_provider_test/provider_hcloud.tf
deleted file mode 100644
index 983cf4b..0000000
--- a/terraform_provider_test/provider_hcloud.tf
+++ /dev/null
@@ -1,12 +0,0 @@
-# Set the variable value in *.tfvars file
-# or using -var="hcloud_token=..." CLI option
-variable "hcloud_token" {}
-
-variable "hcloud_location" {}
-
-# Configure the Hetzner Cloud Provider
-provider "hcloud" {
-  version = "~> 1.7.0"
-
-  token = "${var.hcloud_token}"
-}
diff --git a/terraform_provider_test/provider_rancher2.tf b/terraform_provider_test/provider_rancher2.tf
deleted file mode 100644
index 57721ca..0000000
--- a/terraform_provider_test/provider_rancher2.tf
+++ /dev/null
@@ -1,17 +0,0 @@
-variable "rancher2_api_url" {
-  type = "string"
-}
-
-variable "rancher2_access_key" {
-  type = "string"
-}
-
-variable "rancher2_secret_key" {
-  type = "string"
-}
-
-provider "rancher2" {
-  api_url    = "${var.rancher2_api_url}"
-  access_key = "${var.rancher2_access_key}"
-  secret_key = "${var.rancher2_secret_key}"
-}
diff --git a/terraform_provider_test/terraform.tfvars b/terraform_provider_test/terraform.tfvars
deleted file mode 100644
index c3c070d..0000000
--- a/terraform_provider_test/terraform.tfvars
+++ /dev/null
@@ -1,3 +0,0 @@
-rancher2_api_url = "https://rancher.apricote.de/v3"
-
-hcloud_location = "nbg1"
diff --git a/vars.tf b/vars.tf
new file mode 100644
index 0000000..b31abb2
--- /dev/null
+++ b/vars.tf
@@ -0,0 +1 @@
+variable hcloud_csi_token {}