├── rke1-local-control-plane ├── .gitignore ├── versions.tf ├── files │ └── values │ │ ├── rancher_monitoring_crd_chart_values.yaml │ │ ├── rancher_chart_values.tftpl │ │ ├── rancher_monitoring_chart_values.yaml │ │ └── rke_cluster_yaml.tfpl ├── provider.tf ├── data.tf └── outputs.tf ├── clusters ├── versions.tf ├── data.tf ├── destroy_clusters.sh ├── provision_clusters.sh ├── del_etcdctl_keys.sh ├── check_etcd_perf.sh └── variables.tf ├── control-plane ├── versions.tf ├── modules │ ├── aws-k3s │ │ ├── versions.tf │ │ ├── .pre-commit-config.yaml │ │ ├── files │ │ │ ├── register-to-rancher.sh │ │ │ ├── ingress-install.sh │ │ │ ├── cloud-config-base.tmpl │ │ │ └── k3s-install.sh │ │ └── output.tf │ ├── aws-infra │ │ ├── versions.tf │ │ ├── files │ │ │ ├── cloud-config-base.tmpl │ │ │ ├── base.sh │ │ │ ├── docker-install.sh │ │ │ └── k8s-setup.sh │ │ ├── output.tf │ │ └── data.tf │ ├── generate-kube-config │ │ ├── outputs.tf │ │ ├── variables.tf │ │ ├── main.tf │ │ └── README.md │ ├── rke2 │ │ ├── route53.tf │ │ ├── output.tf │ │ ├── data.tf │ │ └── rancher_lb_components.tf │ └── rke1 │ │ └── output.tf ├── rke1-outputs.tf ├── files │ └── values │ │ ├── rancher_monitoring_crd_chart_values.yaml │ │ ├── rancher.yaml │ │ ├── rancher_chart_values.tftpl │ │ └── rancher_monitoring_chart_values.yaml ├── data.tf ├── provider.tf ├── k3s-outputs.tf ├── common-outputs.tf └── db.tf ├── cluster-with-nodes ├── .gitignore ├── versions.tf ├── terraform.tfvars.example ├── modules │ └── downstream-k3s-nodes │ │ ├── variables.tf │ │ ├── main.tf │ │ ├── README.md │ │ └── files │ │ └── worker_userdata.tmpl ├── destroy_clusters.sh ├── data.tf ├── provision_clusters.sh ├── variables.tf ├── .terraform.lock.hcl └── main.tf ├── rancher-cluster-operations ├── deploy-chart │ ├── output.tf │ ├── provider.tf │ ├── variables.tf │ ├── files │ │ ├── my-pause │ │ │ ├── .helmignore │ │ │ ├── templates │ │ │ │ ├── deployment.yaml │ │ │ │ └── _helpers.tpl │ │ │ ├── Chart.yaml │ │ │ └── values.yaml │ │ ├── crashing-pod │ │ │ ├── .helmignore │ │ │ ├── templates │ │ │ │ ├── deployment.yaml │ │ │ │ └── _helpers.tpl │ │ │ ├── Chart.yaml │ │ │ └── values.yaml │ │ ├── ranchertest-mytestcontainer │ │ │ ├── .helmignore │ │ │ ├── templates │ │ │ │ ├── deployment.yaml │ │ │ │ └── _helpers.tpl │ │ │ ├── Chart.yaml │ │ │ └── values.yaml │ │ └── bulk_deploy_operations.sh │ ├── main.tf │ ├── .terraform.lock.hcl │ └── README.md ├── charts │ └── rancher-monitoring │ │ ├── files │ │ ├── rancher_monitoring_crd_chart_values.yaml │ │ └── rancher_monitoring_chart_values.yaml │ │ ├── .terraform.lock.hcl │ │ ├── variables.tf │ │ └── main.tf ├── install-common │ ├── files │ │ ├── cert-manager.yaml │ │ ├── cattle-system.yaml │ │ ├── uninstall-common.sh │ │ └── rancher_chart_values.tftpl │ └── output.tf ├── rancher-baseline-clusters │ ├── aws │ │ ├── outputs.tf │ │ └── data.tf │ ├── linode │ │ ├── outputs.tf │ │ └── cluster_v1.tf │ ├── aws-dynamic │ │ ├── outputs.tf │ │ └── data.tf │ ├── linode-dynamic │ │ ├── outputs.tf │ │ └── cluster_v2.tf │ ├── destroy_clusters.sh │ ├── del_etcdctl_keys.sh │ ├── provision_clusters.sh │ └── check_etcd_perf.sh ├── rancher-controller-metrics │ ├── variables.tf │ ├── files │ │ ├── example-rancher-service-monitor.yaml │ │ └── rancher-service-monitor.yaml │ ├── .terraform.lock.hcl │ ├── README.md │ └── main.tf ├── rancher-examples │ ├── cluster-linode │ │ ├── providers.tf │ │ ├── variables.tf │ │ └── main.tf │ ├── rancher-setup │ │ ├── 2.6.x │ │ │ ├── variables.tf │ │ │ ├── providers.tf │ │ │ ├── README.md │ │ │ └── main.tf │ │ └── 2.5.x │ │ │ ├── variables.tf │ │ │ ├── .terraform.lock.hcl │ │ │ ├── providers.tf │ │ │ ├── README.md │ │ │ └── main.tf │ └── cluster-aws │ │ ├── data.tf │ │ ├── providers.tf │ │ └── variables.tf ├── bulk-components │ ├── scripts │ │ ├── destroy_components.sh │ │ └── create_components.sh │ ├── variables-users.tf │ └── outputs.tf ├── rancher-secret │ ├── outputs.tf │ ├── .terraform.lock.hcl │ ├── main.tf │ └── variables.tf ├── rancher-cluster │ └── v1 │ │ ├── .terraform.lock.hcl │ │ └── variables.tf ├── rancher-cloud-credential │ ├── variables.tf │ ├── .terraform.lock.hcl │ ├── main.tf │ └── README.md ├── rancher-node-template │ └── .terraform.lock.hcl └── README.md ├── clusters-rke2 ├── outputs.tf ├── destroy_clusters.sh ├── del_etcdctl_keys.sh ├── provision_clusters.sh ├── data.tf └── check_etcd_perf.sh ├── linode-infra ├── firewall │ ├── outputs.tf │ ├── main.tf │ └── variables.tf ├── files │ ├── cloud-config-base.tmpl │ ├── base.sh │ ├── k8s-setup.sh │ └── docker-install.sh ├── outputs.tf ├── instance-disk │ ├── main.tf │ └── variables.tf ├── rancher-nodebalancer │ ├── variables.tf │ └── main.tf ├── instance-config │ └── main.tf └── instance │ └── main.tf ├── testing ├── state.py ├── options.py ├── requirements.txt ├── common.py ├── run.py ├── setup.py ├── tests.py ├── cleanup.py └── README.md ├── .gitignore └── clusters-rke1 ├── destroy_clusters.sh ├── del_etcdctl_keys.sh ├── aws └── data.tf ├── provision_clusters.sh └── check_etcd_perf.sh /rke1-local-control-plane/.gitignore: -------------------------------------------------------------------------------- 1 | files/clusters/**/* 2 | -------------------------------------------------------------------------------- /clusters/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | } 4 | -------------------------------------------------------------------------------- /control-plane/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | } 4 | -------------------------------------------------------------------------------- /cluster-with-nodes/.gitignore: -------------------------------------------------------------------------------- 1 | .terraform 2 | terraform.tfvars 3 | rancher.tfstate* 4 | -------------------------------------------------------------------------------- /rke1-local-control-plane/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | } 4 | -------------------------------------------------------------------------------- /control-plane/modules/aws-k3s/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | } 4 | -------------------------------------------------------------------------------- /control-plane/modules/aws-infra/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.0" 3 | } 4 | -------------------------------------------------------------------------------- /control-plane/modules/generate-kube-config/outputs.tf: -------------------------------------------------------------------------------- 1 | output "kubeconfig_path" { 2 | value = local.kubeconfig_path 3 | } 4 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/output.tf: -------------------------------------------------------------------------------- 1 | output "metadata" { 2 | value = helm_release.local_chart[*].metadata 3 | } 4 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/provider.tf: -------------------------------------------------------------------------------- 1 | provider "helm" { 2 | kubernetes { 3 | config_path = abspath(var.kube_config_path) 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /control-plane/rke1-outputs.tf: -------------------------------------------------------------------------------- 1 | # output "cluster_yaml" { 2 | # value = var.k8s_distribution == "rke1" ? nonsensitive(module.rke1[0].cluster_yaml) : null 3 | # } 4 | -------------------------------------------------------------------------------- /clusters-rke2/outputs.tf: -------------------------------------------------------------------------------- 1 | output "subnet_id" { 2 | value = local.instance_subnet_id 3 | } 4 | 5 | output "cloud_cred" { 6 | value = data.rancher2_cloud_credential.this.id 7 | } 8 | -------------------------------------------------------------------------------- /control-plane/files/values/rancher_monitoring_crd_chart_values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | cattle: 3 | clusterId: local 4 | clusterName: local 5 | systemDefaultRegistry: '' 6 | systemDefaultRegistry: '' -------------------------------------------------------------------------------- /control-plane/modules/aws-k3s/.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | - repo: git://github.com/antonbabenko/pre-commit-terraform 2 | rev: v1.19.0 3 | hooks: 4 | - id: terraform_fmt 5 | - id: terraform_docs 6 | -------------------------------------------------------------------------------- /rke1-local-control-plane/files/values/rancher_monitoring_crd_chart_values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | cattle: 3 | clusterId: local 4 | clusterName: local 5 | systemDefaultRegistry: '' 6 | systemDefaultRegistry: '' -------------------------------------------------------------------------------- /rancher-cluster-operations/charts/rancher-monitoring/files/rancher_monitoring_crd_chart_values.yaml: -------------------------------------------------------------------------------- 1 | global: 2 | cattle: 3 | clusterId: local 4 | clusterName: local 5 | systemDefaultRegistry: '' 6 | systemDefaultRegistry: '' -------------------------------------------------------------------------------- /linode-infra/firewall/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | value = linode_firewall.this.id 3 | } 4 | 5 | output "status" { 6 | value = linode_firewall.this.status 7 | } 8 | 9 | output "devices" { 10 | value = linode_firewall.this.devices 11 | } -------------------------------------------------------------------------------- /control-plane/modules/aws-k3s/files/register-to-rancher.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | %{ if is_k3s_server } 4 | %{ if !install_rancher } 5 | echo "Registration command: \'${registration_command}\'" 6 | ${registration_command} 7 | %{ endif } 8 | %{ endif } 9 | -------------------------------------------------------------------------------- /control-plane/modules/generate-kube-config/variables.tf: -------------------------------------------------------------------------------- 1 | variable "kubeconfig_content" { 2 | type = string 3 | } 4 | 5 | variable "kubeconfig_dir" { 6 | type = string 7 | } 8 | 9 | variable "identifier_prefix" { 10 | type = string 11 | } 12 | -------------------------------------------------------------------------------- /cluster-with-nodes/versions.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | aws = { 4 | source = "hashicorp/aws" 5 | } 6 | rancher2 = { 7 | source = "rancher/rancher2" 8 | } 9 | } 10 | required_version = ">= 1.0" 11 | } 12 | -------------------------------------------------------------------------------- /linode-infra/files/cloud-config-base.tmpl: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | %{ if length(ssh_keys) > 0 } 3 | ssh_authorized_keys: 4 | %{ for ssh_key in ssh_keys } 5 | - ${ssh_key} 6 | %{ endfor } 7 | %{ endif } 8 | package_upgrade: true 9 | package_update: true 10 | -------------------------------------------------------------------------------- /rancher-cluster-operations/install-common/files/cert-manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | finalizers: 5 | - controller.cattle.io/namespace-auth 6 | name: cert-manager 7 | spec: 8 | finalizers: 9 | - kubernetes 10 | -------------------------------------------------------------------------------- /rancher-cluster-operations/install-common/files/cattle-system.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | finalizers: 5 | - controller.cattle.io/namespace-auth 6 | name: cattle-system 7 | spec: 8 | finalizers: 9 | - kubernetes 10 | -------------------------------------------------------------------------------- /testing/state.py: -------------------------------------------------------------------------------- 1 | import pandas 2 | 3 | 4 | class State: 5 | def __init__(self, options): 6 | self.count = options.iterations 7 | self.current_measure = pandas.DataFrame() 8 | 9 | def decrement(self): 10 | self.count -= 1 11 | -------------------------------------------------------------------------------- /control-plane/modules/aws-infra/files/cloud-config-base.tmpl: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | %{ if length(ssh_keys) > 0 } 3 | ssh_authorized_keys: 4 | %{ for ssh_key in ssh_keys } 5 | - ${ssh_key} 6 | %{ endfor } 7 | %{ endif } 8 | package_upgrade: true 9 | package_update: true 10 | -------------------------------------------------------------------------------- /rancher-cluster-operations/install-common/output.tf: -------------------------------------------------------------------------------- 1 | output "rancher_url" { 2 | value = try(rancher2_bootstrap.admin[0].url, null) 3 | } 4 | 5 | output "rancher_token" { 6 | value = try(rancher2_bootstrap.admin[0].token, null) 7 | sensitive = true 8 | } 9 | 10 | output "use_new_bootstrap" { 11 | value = var.use_new_bootstrap 12 | } 13 | -------------------------------------------------------------------------------- /rancher-cluster-operations/charts/rancher-monitoring/files/rancher_monitoring_chart_values.yaml: -------------------------------------------------------------------------------- 1 | prometheus: 2 | prometheusSpec: 3 | evaluationInterval: 1m 4 | retentionSize: 50GiB 5 | scrapeInterval: 1m 6 | global: 7 | cattle: 8 | clusterId: local 9 | clusterName: local 10 | systemDefaultRegistry: "" 11 | systemDefaultRegistry: "" 12 | -------------------------------------------------------------------------------- /control-plane/modules/rke2/route53.tf: -------------------------------------------------------------------------------- 1 | ############################# 2 | ### Create Public DNS 3 | ############################# 4 | resource "aws_route53_record" "public" { 5 | zone_id = data.aws_route53_zone.dns_zone.zone_id 6 | name = "${var.subdomain}.${var.domain}" 7 | type = "CNAME" 8 | ttl = 30 9 | records = [module.aws_infra_rke2.lb_dns] 10 | } 11 | 12 | -------------------------------------------------------------------------------- /control-plane/modules/generate-kube-config/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14" 3 | required_providers { 4 | } 5 | } 6 | 7 | locals { 8 | kubeconfig_path = "${var.kubeconfig_dir}/.${var.identifier_prefix}-tfkubeconfig" 9 | } 10 | 11 | resource "local_file" "kubeconfig" { 12 | content = var.kubeconfig_content 13 | filename = local.kubeconfig_path 14 | } 15 | -------------------------------------------------------------------------------- /cluster-with-nodes/terraform.tfvars.example: -------------------------------------------------------------------------------- 1 | k3s_agents_per_node=20 2 | ec2_instances_per_cluster=1 3 | server_instance_type="t2.medium" 4 | worker_instance_type="t2.medium" 5 | rancher_api_url="" 6 | rancher_token_key="" 7 | k3s_token="" 8 | server_instance_max_price="1.25" 9 | worker_instance_max_price="1.25" 10 | docker_overlay_cidr="10.0.0.0/8" 11 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.swp 2 | *.tfstate* 3 | **/.terraform 4 | **/*.plan 5 | **/secret_files 6 | **/*.tfenvs 7 | **/aws_accounts/iam 8 | .DS_Store 9 | outputs/ 10 | terraform.d/ 11 | **/*.tfvars 12 | *.log 13 | Results/ 14 | kube-config.yaml 15 | .*tfkubeconfig 16 | *.zip 17 | *.log 18 | *logs.txt 19 | .*tf-kubeconfig 20 | *.vscode 21 | *infracost* 22 | *pre-commit* 23 | *.tfrc 24 | **/kube_config/* 25 | **/kubeconfig/* 26 | -------------------------------------------------------------------------------- /control-plane/files/values/rancher.yaml: -------------------------------------------------------------------------------- 1 | hostname: ${rancher_hostname} 2 | ingress: 3 | tls: 4 | source: secret 5 | secretName: tls-rancher-ingress 6 | rancherImage: ${rancher_image} 7 | rancherImageTag: ${rancher_image_tag} 8 | replicas: ${rancher_node_count} 9 | bootstrapPassword: ${rancher_password} 10 | extraEnv: 11 | - name: CATTLE_PROMETHEUS_METRICS 12 | value: '${cattle_prometheus_metrics}' 13 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-baseline-clusters/aws/outputs.tf: -------------------------------------------------------------------------------- 1 | output "create_node_reqs" { 2 | value = var.create_node_reqs 3 | } 4 | 5 | output "cred_name" { 6 | value = module.cloud_credential.name 7 | } 8 | 9 | output "nt_names" { 10 | value = flatten([module.node_template.name, rancher2_machine_config_v2.this[*].name]) 11 | } 12 | 13 | output "cluster_names" { 14 | value = local.cluster_names 15 | } 16 | -------------------------------------------------------------------------------- /control-plane/modules/aws-infra/output.tf: -------------------------------------------------------------------------------- 1 | output "external_lb_dns_name" { 2 | value = local.create_external_nlb > 0 ? aws_lb.lb.0.dns_name : null 3 | } 4 | 5 | output "nodes_ids" { 6 | value = data.aws_instances.nodes.ids 7 | } 8 | 9 | output "nodes_private_ips" { 10 | value = data.aws_instances.nodes.private_ips 11 | } 12 | 13 | output "nodes_public_ips" { 14 | value = data.aws_instances.nodes.public_ips 15 | } 16 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/variables.tf: -------------------------------------------------------------------------------- 1 | variable "kube_config_path" { 2 | default = null 3 | type = string 4 | description = "Path to kubeconfig file on local machine" 5 | } 6 | 7 | variable "release_prefix" { 8 | 9 | } 10 | 11 | variable "num_charts" { 12 | default = 1 13 | } 14 | 15 | variable "local_chart_path" { 16 | default = null 17 | } 18 | 19 | variable "namespace" { 20 | 21 | } 22 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-baseline-clusters/linode/outputs.tf: -------------------------------------------------------------------------------- 1 | output "create_node_reqs" { 2 | value = var.create_node_reqs 3 | } 4 | 5 | output "cred_name" { 6 | value = module.cloud_credential.name 7 | } 8 | 9 | output "nt_names" { 10 | value = flatten([module.node_template.name, rancher2_machine_config_v2.this[*].name]) 11 | } 12 | 13 | output "cluster_names" { 14 | value = local.cluster_names 15 | } 16 | -------------------------------------------------------------------------------- /control-plane/modules/rke2/output.tf: -------------------------------------------------------------------------------- 1 | output "cluster_data" { 2 | description = "Map of cluster data required by agent pools for joining cluster, do not modify this" 3 | value = module.aws_infra_rke2.cluster_data 4 | } 5 | 6 | output "kube_config" { 7 | value = nonsensitive(module.aws_infra_rke2.kubeconfig_content) 8 | sensitive = false 9 | } 10 | 11 | output "templatefile_strings" { 12 | value = module.aws_infra_rke2.templatefile_string 13 | } 14 | -------------------------------------------------------------------------------- /control-plane/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_caller_identity" "current" {} 2 | 3 | data "aws_vpc" "default" { 4 | default = true 5 | } 6 | 7 | data "aws_subnets" "all" { 8 | filter { 9 | name = "vpc-id" 10 | values = [data.aws_vpc.default.id] 11 | } 12 | } 13 | 14 | data "aws_security_group" "default" { 15 | vpc_id = data.aws_vpc.default.id 16 | name = "default" 17 | } 18 | 19 | data "aws_route53_zone" "selected" { 20 | name = "${local.domain}." 21 | private_zone = false 22 | } 23 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/files/my-pause/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/files/crashing-pod/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-controller-metrics/variables.tf: -------------------------------------------------------------------------------- 1 | variable "rancher_token" { 2 | default = null 3 | type = string 4 | description = "Rancher2 API token for authentication" 5 | } 6 | 7 | variable "rancher_version" { 8 | default = "null" 9 | type = string 10 | description = "The Rancher Server's version" 11 | } 12 | 13 | variable "kube_config_path" { 14 | type = string 15 | default = null 16 | description = "Path to kubeconfig file on local machine" 17 | } 18 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/files/ranchertest-mytestcontainer/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /clusters/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_vpc" "default" { 2 | default = true 3 | } 4 | 5 | data "aws_ami" "ubuntu" { 6 | most_recent = true 7 | owners = ["099720109477"] 8 | 9 | filter { 10 | name = "name" 11 | values = ["ubuntu-minimal/images/*/ubuntu-bionic-18.04-*"] 12 | } 13 | 14 | filter { 15 | name = "virtualization-type" 16 | values = ["hvm"] 17 | } 18 | 19 | filter { 20 | name = "root-device-type" 21 | values = ["ebs"] 22 | } 23 | 24 | filter { 25 | name = "architecture" 26 | values = ["x86_64"] 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /cluster-with-nodes/modules/downstream-k3s-nodes/variables.tf: -------------------------------------------------------------------------------- 1 | variable "k3s_agents_per_node" { 2 | type = number 3 | description = "The number of k3s agents on each ec2 instance" 4 | } 5 | 6 | variable "instances" { 7 | type = number 8 | } 9 | 10 | variable "worker_instance_type" { 11 | type = string 12 | description = "Instance type to use for k3s workers" 13 | } 14 | variable "k3s_endpoint" {} 15 | variable "k3s_token" {} 16 | variable "install_k3s_version" {} 17 | variable "prefix" {} 18 | variable "spot_price" {} 19 | variable "ami_id" {} 20 | 21 | variable "consul_store" {} -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-baseline-clusters/aws-dynamic/outputs.tf: -------------------------------------------------------------------------------- 1 | output "create_node_reqs" { 2 | value = var.create_node_reqs 3 | } 4 | 5 | output "cred_name" { 6 | value = module.cloud_credential.name 7 | } 8 | 9 | output "nt_names" { 10 | value = [values(module.cluster_v1)[*].name, values(rancher2_machine_config_v2.this)[*].name] 11 | } 12 | 13 | output "cluster_names" { 14 | value = [values(module.cluster_v1)[*].name, values(rancher2_cluster_v2.cluster_v2)[*].name] 15 | } 16 | 17 | # output "kube_config" { 18 | # value = nonsensitive(module.cluster_v1.kube_config) 19 | # } 20 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-baseline-clusters/linode-dynamic/outputs.tf: -------------------------------------------------------------------------------- 1 | output "create_node_reqs" { 2 | value = var.create_node_reqs 3 | } 4 | 5 | output "cred_name" { 6 | value = module.cloud_credential.name 7 | } 8 | 9 | output "nt_names" { 10 | value = [values(module.cluster_v1)[*].name, values(rancher2_machine_config_v2.this)[*].name] 11 | } 12 | 13 | output "cluster_names" { 14 | value = [values(module.cluster_v1)[*].name, values(rancher2_cluster_v2.cluster_v2)[*].name] 15 | } 16 | 17 | # output "kube_config" { 18 | # value = nonsensitive(module.cluster_v1.kube_config) 19 | # } 20 | -------------------------------------------------------------------------------- /linode-infra/outputs.tf: -------------------------------------------------------------------------------- 1 | output "ips" { 2 | value = data.linode_instances.this.instances[*].ip_address 3 | } 4 | 5 | output "private" { 6 | value = data.linode_instances.this.instances[*].private_ip_address 7 | } 8 | 9 | output "instances" { 10 | value = data.linode_instances.this.instances[*] 11 | } 12 | 13 | output "lb_hostname" { 14 | value = var.nlb ? module.rancher_nodebalancer[0].hostname : null 15 | } 16 | 17 | output "lb_ipv4" { 18 | value = var.nlb ? module.rancher_nodebalancer[0].ipv4 : null 19 | } 20 | 21 | output "lb_ipv6" { 22 | value = var.nlb ? module.rancher_nodebalancer[0].ipv6 : null 23 | } 24 | -------------------------------------------------------------------------------- /cluster-with-nodes/destroy_clusters.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | IFS=$'\n' 3 | 4 | terraform workspace select default 5 | workspace_prefix="workspace" 6 | workspaces=$(terraform workspace list | grep ${workspace_prefix} ) 7 | 8 | for workspace in ${workspaces}; do 9 | workspace="$(echo -e ${workspace} | tr -d '[:space:]')" 10 | if [ ${workspace} == "default" ]; then 11 | continue 12 | fi 13 | echo "destroying workspace: ${workspace}" 14 | terraform workspace select "${workspace}" 15 | terraform destroy --auto-approve 16 | terraform workspace select default 17 | terraform workspace delete "${workspace}" 18 | 19 | done 20 | 21 | terraform workspace select default 22 | -------------------------------------------------------------------------------- /cluster-with-nodes/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_vpc" "default" { 2 | default = true 3 | } 4 | 5 | data "aws_subnet_ids" "available" { 6 | vpc_id = data.aws_vpc.default.id 7 | } 8 | 9 | data "aws_ami" "ubuntu" { 10 | most_recent = true 11 | owners = ["099720109477"] 12 | 13 | filter { 14 | name = "name" 15 | values = ["ubuntu-minimal/images/*/ubuntu-bionic-18.04-*"] 16 | } 17 | 18 | filter { 19 | name = "virtualization-type" 20 | values = ["hvm"] 21 | } 22 | 23 | filter { 24 | name = "root-device-type" 25 | values = ["ebs"] 26 | } 27 | 28 | filter { 29 | name = "architecture" 30 | values = ["x86_64"] 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /rancher-cluster-operations/install-common/files/uninstall-common.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | KUBECONFIG="${1}" 3 | cert_manager_version="${2:1.8.1}" 4 | 5 | export KUBECONFIG="${KUBECONFIG}" 6 | 7 | curl -s https://raw.githubusercontent.com/rancher/rancher-cleanup/main/deploy/rancher-cleanup.yaml | kubectl create -f - && 8 | curl -s https://raw.githubusercontent.com/rancher/rancher-cleanup/main/deploy/verify.yaml | kubectl create -f - 9 | 10 | helm uninstall cert-manager --namespace cert-manager && 11 | kubectl delete namespace cert-manager && 12 | kubectl delete -f "https://github.com/cert-manager/cert-manager/releases/download/v${cert_manager_version}/cert-manager.crds.yaml" 13 | -------------------------------------------------------------------------------- /clusters/destroy_clusters.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | IFS=$'\n' 3 | 4 | terraform workspace select default 5 | workspace_prefix="${1:-workspace}" 6 | workspaces=$(terraform workspace list | grep "workspace" | sed 's/*/ /' | sort -r ) 7 | 8 | for workspace in ${workspaces}; do 9 | workspace="$(echo -e "${workspace}" | tr -d '[:space:]')" 10 | if [ "${workspace}" == "default" ]; then 11 | continue 12 | fi 13 | echo "destroying workspace: ${workspace}" 14 | terraform workspace select "${workspace}" 15 | terraform destroy --auto-approve 16 | terraform workspace select default 17 | terraform workspace delete "${workspace}" 18 | 19 | done 20 | 21 | terraform workspace select default 22 | -------------------------------------------------------------------------------- /clusters-rke2/destroy_clusters.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | IFS=$'\n' 3 | 4 | terraform workspace select default 5 | workspace_prefix="${1:-workspace}" 6 | workspaces=$(terraform workspace list | grep "workspace" | sed 's/*/ /' | sort -r ) 7 | 8 | for workspace in ${workspaces}; do 9 | workspace="$(echo -e "${workspace}" | tr -d '[:space:]')" 10 | if [ "${workspace}" == "default" ]; then 11 | continue 12 | fi 13 | echo "destroying workspace: ${workspace}" 14 | terraform workspace select "${workspace}" 15 | terraform destroy --auto-approve 16 | terraform workspace select default 17 | terraform workspace delete "${workspace}" 18 | 19 | done 20 | 21 | terraform workspace select default 22 | -------------------------------------------------------------------------------- /linode-infra/instance-disk/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.13" 3 | required_providers { 4 | linode = { 5 | source = "linode/linode" 6 | } 7 | } 8 | } 9 | 10 | resource "linode_instance_disk" "boot" { 11 | linode_id = var.linode_id 12 | label = var.label 13 | size = var.size 14 | filesystem = var.filesystem 15 | image = var.image 16 | root_pass = var.root_pass 17 | authorized_keys = var.authorized_keys 18 | authorized_users = var.authorized_users 19 | 20 | # Optional StackScript to run on first boot 21 | stackscript_id = var.state 22 | stackscript_data = var.stackscript_data 23 | } 24 | -------------------------------------------------------------------------------- /rke1-local-control-plane/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = var.infra_provider == "aws" ? local.region : "" 3 | profile = "rancher-eng" 4 | } 5 | 6 | provider "linode" { 7 | token = var.linode_token 8 | } 9 | 10 | provider "rancher2" { 11 | alias = "bootstrap" 12 | api_url = "https://${local.name}.${local.domain}" 13 | insecure = false 14 | bootstrap = true 15 | } 16 | 17 | provider "helm" { 18 | kubernetes { 19 | config_path = abspath(local.kube_config) 20 | } 21 | } 22 | 23 | provider "rancher2" { 24 | alias = "admin" 25 | api_url = local.rancher_url 26 | token_key = local.rancher_token 27 | insecure = false 28 | timeout = "300s" 29 | } 30 | -------------------------------------------------------------------------------- /clusters-rke1/destroy_clusters.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | IFS=$'\n' 3 | 4 | terraform workspace select default 5 | workspace_prefix="${1:-workspace}" 6 | workspaces=$(terraform workspace list | grep "${workspace_prefix}" | sed 's/*/ /' | sort -r ) 7 | 8 | for workspace in ${workspaces}; do 9 | workspace="$(echo -e "${workspace}" | tr -d '[:space:]')" 10 | if [ "${workspace}" == "default" ]; then 11 | continue 12 | fi 13 | echo "destroying workspace: ${workspace}" 14 | terraform workspace select "${workspace}" 15 | terraform destroy --auto-approve 16 | terraform workspace select default 17 | terraform workspace delete "${workspace}" 18 | 19 | done 20 | 21 | terraform workspace select default 22 | -------------------------------------------------------------------------------- /control-plane/modules/rke1/output.tf: -------------------------------------------------------------------------------- 1 | output "kube_config" { 2 | value = rke_cluster.local.kube_config_yaml 3 | } 4 | 5 | output "cluster_yaml" { 6 | value = rke_cluster.local.rke_cluster_yaml 7 | } 8 | 9 | output "api_server_url" { 10 | value = rke_cluster.local.api_server_url 11 | } 12 | 13 | output "client_cert" { 14 | value = rke_cluster.local.client_cert 15 | sensitive = false 16 | } 17 | 18 | output "client_key" { 19 | value = rke_cluster.local.client_key 20 | sensitive = false 21 | } 22 | 23 | output "ca_crt" { 24 | value = rke_cluster.local.ca_crt 25 | sensitive = false 26 | } 27 | 28 | output "rke_cluster" { 29 | value = rke_cluster.local 30 | sensitive = false 31 | } 32 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | helm = { 4 | source = "hashicorp/helm" 5 | } 6 | } 7 | } 8 | 9 | # locals { 10 | # release_name = "${var.release_prefix}${random_id.index}" 11 | # } 12 | 13 | # resource "random_uuid" "index" { 14 | # byte_length = 2 15 | # } 16 | 17 | resource "helm_release" "local_chart" { 18 | count = var.local_chart_path ? var.num_charts : 0 19 | name = "${var.release_prefix}-${count.index}" 20 | chart = var.local_chart_path 21 | namespace = var.namespace 22 | wait = true 23 | wait_for_jobs = true 24 | } 25 | 26 | resource "helm_release" "remote_chart" { 27 | 28 | } 29 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-baseline-clusters/destroy_clusters.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | IFS=$'\n' 3 | 4 | terraform workspace select default 5 | workspace_prefix="workspace" 6 | workspaces=$(terraform workspace list | grep "workspace" | sed 's/*/ /' | sort -r ) 7 | 8 | for workspace in ${workspaces}; do 9 | workspace="$(echo -e ${workspace} | tr -d '[:space:]')" 10 | if [ ${workspace} == "default" ]; then 11 | continue 12 | fi 13 | echo "destroying workspace: ${workspace}" 14 | terraform workspace select "${workspace}" 15 | terraform destroy --auto-approve 16 | terraform workspace select default 17 | terraform workspace delete "${workspace}" 18 | 19 | done 20 | 21 | terraform workspace select default 22 | -------------------------------------------------------------------------------- /cluster-with-nodes/provision_clusters.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | cluster_instances=${1:-1} 4 | workspace_prefix="workspace" 5 | 6 | echo "provisioning ${cluster_instances} clusters" 7 | 8 | terraform init 9 | 10 | # This will not fix a broken terraform run, if the workspace already exists it will 11 | # be skipped 12 | for cluster_instance in $(seq -f "%05g" 1 ${cluster_instances}); do 13 | workspace=${workspace_prefix}-${cluster_instance} 14 | if [ ! -d "$PWD/terraform.tfstate.d/${workspace}" ]; then 15 | # Workspace doesn't exist yet 16 | terraform workspace new "${workspace}" || terraform workspace select "${workspace}" 17 | terraform apply -auto-approve 18 | fi 19 | done 20 | 21 | terraform workspace select default 22 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/files/crashing-pod/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- $mySharedUuid := uuidv4 -}} 2 | 3 | apiVersion: apps/v1 4 | kind: Deployment 5 | metadata: 6 | name: crashing-test-pod-{{ $mySharedUuid }} 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: crashing-test-pod-{{ $mySharedUuid }} 11 | template: 12 | metadata: 13 | labels: 14 | app: crashing-test-pod-{{ $mySharedUuid }} 15 | spec: 16 | containers: 17 | - command: 18 | - bash 19 | - -c 20 | - "echo test; sleep 30; exit 1;" 21 | image: ubuntu 22 | name: crashing-test-container-{{ $mySharedUuid }} 23 | securityContext: 24 | runAsUser: 2000 25 | runAsGroup: 3000 26 | -------------------------------------------------------------------------------- /rke1-local-control-plane/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_caller_identity" "current" { 2 | count = var.infra_provider == "aws" ? 1 : 0 3 | } 4 | 5 | data "aws_vpc" "default" { 6 | count = var.infra_provider == "aws" ? 1 : 0 7 | default = true 8 | } 9 | 10 | data "aws_route53_zone" "linode" { 11 | count = var.infra_provider == "linode" ? 1 : 0 12 | name = local.domain 13 | } 14 | 15 | data "local_file" "kube_config" { 16 | filename = local.kube_config 17 | depends_on = [ 18 | null_resource.rke 19 | ] 20 | } 21 | 22 | data "rancher2_setting" "this" { 23 | for_each = { for setting in var.rancher_settings.* : setting.name => setting.value } 24 | provider = rancher2.admin 25 | 26 | name = each.key 27 | depends_on = [ 28 | rancher2_setting.this 29 | ] 30 | } 31 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-controller-metrics/files/example-rancher-service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | app: rancher 6 | release: rancher 7 | name: rancher 8 | namespace: cattle-system 9 | spec: 10 | endpoints: 11 | - bearerTokenSecret: 12 | key: token 13 | name: secret-token-qtzkl 14 | port: http 15 | tlsConfig: 16 | caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 17 | insecureSkipVerify: true 18 | serverName: rancher 19 | jobLabel: rancher 20 | namespaceSelector: 21 | matchNames: 22 | - cattle-system 23 | selector: 24 | matchLabels: 25 | app: rancher 26 | chart: rancher-2.6.2 27 | release: rancher 28 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-controller-metrics/files/rancher-service-monitor.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: monitoring.coreos.com/v1 2 | kind: ServiceMonitor 3 | metadata: 4 | labels: 5 | app: rancher 6 | release: rancher 7 | name: rancher 8 | namespace: cattle-system 9 | spec: 10 | endpoints: 11 | - bearerTokenSecret: 12 | key: token 13 | name: ${secret_name} 14 | port: http 15 | tlsConfig: 16 | caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt 17 | insecureSkipVerify: true 18 | serverName: rancher 19 | jobLabel: rancher 20 | namespaceSelector: 21 | matchNames: 22 | - cattle-system 23 | selector: 24 | matchLabels: 25 | app: rancher 26 | chart: rancher-${rancher_version} 27 | release: rancher 28 | -------------------------------------------------------------------------------- /testing/options.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | 4 | class Options: 5 | def __init__(self, jitter=.5, iterations=1, pulse=5, save_every=15): 6 | """ 7 | :param jitter: random number within this range will be added to every "pulse" 8 | :param iterations: number of times to run full suite of metrics 9 | :param pulse: time to wait between each iteration 10 | :param save_every: amount of time to wait in between saving results to csv 11 | """ 12 | self.jitter = float(os.getenv("RANCHER_SCALING_JITTER", jitter)) 13 | self.iterations = int(os.getenv("RANCHER_SCALING_ITERATIONS", iterations)) 14 | self.pulse = float(os.getenv("RANCHER_SCALING_PULSE", pulse)) 15 | self.save_every = float(os.getenv("RANCHER_SCALING_SAVE", save_every)) 16 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-examples/cluster-linode/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.1.0" 3 | required_providers { 4 | rancher2 = { 5 | source = "rancher/rancher2" 6 | } 7 | null = { 8 | source = "hashicorp/null" 9 | } 10 | random = { 11 | source = "hashicorp/random" 12 | } 13 | } 14 | } 15 | 16 | terraform { 17 | backend "local" { 18 | path = "rancher.tfstate" 19 | } 20 | } 21 | 22 | provider "rancher2" { 23 | api_url = var.rancher_api_url 24 | token_key = var.rancher_token_key 25 | insecure = var.insecure_flag 26 | } 27 | 28 | locals { 29 | rancher_subdomain = split(".", split("//", "${var.rancher_api_url}")[1])[0] 30 | } 31 | 32 | resource "random_pet" "this" { 33 | keepers = { 34 | } 35 | prefix = "linode" 36 | length = 1 37 | } 38 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/files/my-pause/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | 2 | {{- $mySharedUuid := uuidv4 -}} 3 | 4 | apiVersion: apps/v1 5 | kind: Deployment 6 | metadata: 7 | name: my-pause-{{ $mySharedUuid }} 8 | annotations: 9 | deployment.kubernetes.io/revision: '1' 10 | labels: 11 | workload.user.cattle.io/workloadselector: my-pause-{{ $mySharedUuid }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | app: my-pause-{{ $mySharedUuid }} 16 | template: 17 | metadata: 18 | labels: 19 | app: my-pause-{{ $mySharedUuid }} 20 | spec: 21 | containers: 22 | - image: kubernetes/pause:latest 23 | imagePullPolicy: Always 24 | name: my-pause-{{ $mySharedUuid }}-0 25 | affinity: 26 | imagePullSecrets: 27 | restartPolicy: Always 28 | volumes: 29 | replicas: 1 30 | -------------------------------------------------------------------------------- /rancher-cluster-operations/bulk-components/scripts/destroy_components.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | IFS=$'\n' 3 | 4 | terraform workspace select default 5 | var_file="${1:-terraform.tfvars}" 6 | workspace_prefix="${2:-bulk}" 7 | workspaces=$(terraform workspace list | grep "${workspace_prefix}" | sed 's/*/ /' | sort -r ) 8 | timeout=${3:-30} 9 | 10 | for workspace in ${workspaces}; do 11 | workspace="$(echo -e ${workspace} | tr -d '[:space:]')" 12 | if [ ${workspace} == "default" ]; then 13 | continue 14 | fi 15 | echo "destroying workspace: ${workspace}" 16 | terraform workspace select "${workspace}" 17 | terraform destroy -auto-approve -var-file=${var_file} "${@:4}" 18 | terraform workspace select default 19 | terraform workspace delete "${workspace}" 20 | sleep ${timeout}; 21 | done 22 | 23 | rm -rf terraform.tfstate.d/${workspace_prefix}* 24 | terraform workspace select default 25 | -------------------------------------------------------------------------------- /clusters/provision_clusters.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | cluster_instances=${1:-1} 4 | workspace_prefix="workspace" 5 | 6 | echo "checking if workspaces exist" 7 | # This will not fix a broken terraform run, if the workspace already exists it will 8 | # be skipped 9 | for cluster_instance in $(seq -f "%05g" 1 ${cluster_instances}); do 10 | workspace=${workspace_prefix}-${cluster_instance} 11 | if [ ! -d "$PWD/terraform.tfstate.d/${workspace}" ]; 12 | then 13 | # Workspace doesn't exist yet 14 | echo "provisioning ${cluster_instances} sets of clusters" 15 | terraform workspace new "${workspace}" || terraform workspace select "${workspace}" 16 | terraform apply -auto-approve 17 | elif [ "${cluster_instance}" -eq "${cluster_instances}" ] 18 | then 19 | echo "${workspace} already exists!" 20 | exit 1; 21 | fi 22 | done 23 | 24 | terraform workspace select default 25 | -------------------------------------------------------------------------------- /control-plane/modules/rke2/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_ami" "ubuntu" { 2 | most_recent = true 3 | owners = ["099720109477"] 4 | 5 | filter { 6 | name = "name" 7 | values = ["ubuntu/images/*/ubuntu-bionic-18.04-*"] 8 | } 9 | 10 | filter { 11 | name = "virtualization-type" 12 | values = ["hvm"] 13 | } 14 | 15 | filter { 16 | name = "root-device-type" 17 | values = ["ebs"] 18 | } 19 | 20 | filter { 21 | name = "architecture" 22 | values = ["x86_64"] 23 | } 24 | } 25 | 26 | # data "aws_s3_object" "kube_config" { 27 | # bucket = split("/", split("//", module.aws_infra_rke2.kubeconfig_s3_path)[1])[0] 28 | # key = split("/", split("//", module.aws_infra_rke2.kubeconfig_s3_path)[1])[1] 29 | 30 | # depends_on = [ 31 | # module.aws_infra_rke2 32 | # ] 33 | # } 34 | 35 | data "aws_route53_zone" "dns_zone" { 36 | name = var.domain 37 | } 38 | -------------------------------------------------------------------------------- /control-plane/files/values/rancher_chart_values.tftpl: -------------------------------------------------------------------------------- 1 | hostname: ${rancher_hostname} 2 | ingress: 3 | tls: 4 | %{ if !install_certmanager && install_byo_certs ~} 5 | source: secret 6 | secretName: tls-rancher-ingress 7 | %{ endif ~} 8 | %{ if install_certmanager ~} 9 | source: letsEncrypt 10 | letsEncrypt: 11 | email: ${letsencrypt_email} 12 | ingress: 13 | class: ${ingress_class} 14 | %{ endif ~} 15 | %{ if private_ca ~} 16 | privateCA: ${private_ca_file} 17 | %{ endif ~} 18 | rancherImage: ${rancher_image} 19 | %{ if rancher_image_tag != null } 20 | rancherImageTag: ${rancher_image_tag} 21 | %{ endif ~} 22 | replicas: ${rancher_node_count} 23 | %{ if use_new_bootstrap ~} 24 | bootstrapPassword: ${rancher_password} 25 | %{ endif ~} 26 | extraEnv: 27 | - name: CATTLE_PROMETHEUS_METRICS 28 | value: '${cattle_prometheus_metrics}' 29 | %{ if length(rancher_env_vars) > 0 ~} 30 | ${yamlencode(rancher_env_vars)} 31 | %{ endif ~} 32 | -------------------------------------------------------------------------------- /rke1-local-control-plane/files/values/rancher_chart_values.tftpl: -------------------------------------------------------------------------------- 1 | hostname: ${rancher_hostname} 2 | ingress: 3 | tls: 4 | %{ if !install_certmanager && install_byo_certs ~} 5 | source: secret 6 | secretName: tls-rancher-ingress 7 | %{ endif ~} 8 | %{ if install_certmanager ~} 9 | source: letsEncrypt 10 | letsEncrypt: 11 | email: ${letsencrypt_email} 12 | ingress: 13 | class: ${ingress_class} 14 | %{ endif ~} 15 | %{ if private_ca ~} 16 | privateCA: ${private_ca_file} 17 | %{ endif ~} 18 | rancherImage: ${rancher_image} 19 | %{ if rancher_image_tag != null } 20 | rancherImageTag: ${rancher_image_tag} 21 | %{ endif ~} 22 | replicas: ${rancher_node_count} 23 | %{ if use_new_bootstrap ~} 24 | bootstrapPassword: ${rancher_password} 25 | %{ endif ~} 26 | extraEnv: 27 | - name: CATTLE_PROMETHEUS_METRICS 28 | value: '${cattle_prometheus_metrics}' 29 | %{ if length(rancher_env_vars) > 0 ~} 30 | ${yamlencode(rancher_env_vars)} 31 | %{ endif ~} 32 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/files/bulk_deploy_operations.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | function bulk_create_deployment() { 4 | ### $1 - number of deployments 5 | ### $2 - namespace to deploy to 6 | ### $3 - local chart dir or chart name to deploy 7 | for ((i = 0; i < $1; i++)); do 8 | helm install -n "${2}" --create-namespace --generate-name "${3}" 9 | # helm install -n "${2}" --create-namespace --generate-name "${3}" &>/dev/null 10 | done 11 | } 12 | 13 | function bulk_delete_deployment() { 14 | ### $1 - number of deployments 15 | ### $2 - namespace to reference 16 | ### $3 - name of released chart to uninstall 17 | deployments=$(kubectl get deployments -n "${2}" -o custom-columns=NAME:.metadata.name | grep -iv NAME | grep "${3}") 18 | i=0 19 | while read -r LINE; do 20 | if [ $i -lt $1 ]; then 21 | kubectl delete deployment "$LINE" -n "${2}" 22 | fi 23 | i=$((i + 1)) 24 | done < <(echo "$deployments") 25 | } 26 | -------------------------------------------------------------------------------- /rancher-cluster-operations/install-common/files/rancher_chart_values.tftpl: -------------------------------------------------------------------------------- 1 | hostname: ${rancher_hostname} 2 | ingress: 3 | tls: 4 | %{ if !install_certmanager && install_byo_certs ~} 5 | source: secret 6 | secretName: tls-rancher-ingress 7 | %{ endif ~} 8 | %{ if install_certmanager ~} 9 | source: letsEncrypt 10 | letsEncrypt: 11 | email: ${letsencrypt_email} 12 | ingress: 13 | class: ${ingress_class} 14 | %{ endif ~} 15 | %{ if private_ca ~} 16 | privateCA: ${private_ca_file} 17 | %{ endif ~} 18 | rancherImage: ${rancher_image} 19 | %{ if rancher_image_tag != null } 20 | rancherImageTag: ${rancher_image_tag} 21 | %{ endif ~} 22 | replicas: ${rancher_node_count} 23 | %{ if use_new_bootstrap ~} 24 | bootstrapPassword: ${rancher_password} 25 | %{ endif ~} 26 | extraEnv: 27 | - name: CATTLE_PROMETHEUS_METRICS 28 | value: '${cattle_prometheus_metrics}' 29 | %{ if length(rancher_env_vars) > 0 ~} 30 | ${yamlencode(rancher_env_vars)} 31 | %{ endif ~} 32 | -------------------------------------------------------------------------------- /clusters/del_etcdctl_keys.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ### This script will loop through all generated kubeconfig files in the "./files" directory based from wherever the script was invoked. 4 | ### It will look for kubeconfig files matching the pattern of "workspace-XXXXX_kube_config", where each X = a number. It will then execute the etcdctl del --prefix /etcdctl-check-perf/ command. 5 | ### $1 - ssh key path 6 | ### $2 - ssh user (ex: "root", "ubuntu", etc.) 7 | 8 | while read -r workspace 9 | do 10 | while read -r node 11 | do 12 | printf "Deleting etcdctl keys for $node\n" 13 | ssh -n -o "StrictHostKeyChecking no" -i "${1}" -T "${2}@${node}" "sudo -s sleep 5 && docker exec etcd etcdctl del --prefix /etcdctl-check-perf/" 14 | done < <(kubectl --kubeconfig ./files/kube_config/${workspace}_kube_config get nodes -o wide | grep etcd | tr -s ' ' | cut -d ' ' -f6) 15 | done < <(terraform workspace list | tr -cd '\n[:alnum:]-' | grep "workspace") 16 | -------------------------------------------------------------------------------- /clusters-rke1/del_etcdctl_keys.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ### This script will loop through all generated kubeconfig files in the "./files" directory based from wherever the script was invoked. 4 | ### It will look for kubeconfig files matching the pattern of "workspace-XXXXX_kube_config", where each X = a number. It will then execute the etcdctl del --prefix /etcdctl-check-perf/ command. 5 | ### $1 - ssh key path 6 | ### $2 - ssh user (ex: "root", "ubuntu", etc.) 7 | 8 | while read -r workspace 9 | do 10 | while read -r node 11 | do 12 | printf "Deleting etcdctl keys for $node\n" 13 | ssh -n -o "StrictHostKeyChecking no" -i "${1}" -T "${2}@${node}" "sudo -s sleep 5 && docker exec etcd etcdctl del --prefix /etcdctl-check-perf/" 14 | done < <(kubectl --kubeconfig ./files/kube_config/${workspace}_kube_config get nodes -o wide | grep etcd | tr -s ' ' | cut -d ' ' -f6) 15 | done < <(terraform workspace list | tr -cd '\n[:alnum:]-' | grep "workspace") 16 | -------------------------------------------------------------------------------- /testing/requirements.txt: -------------------------------------------------------------------------------- 1 | git+https://github.com/rancher/client-python.git@1ecfc3e6a300f5f336da4e4416c46c50d544fd77 2 | argcomplete==1.10.3 3 | boto3==1.11.13 4 | botocore==1.14.13 5 | cachetools==3.1.1 6 | certifi==2019.11.28 7 | chardet==3.0.4 8 | docutils==0.15.2 9 | entrypoints==0.3 10 | filelock==3.0.12 11 | flake8==3.7.9 12 | google-auth==1.9.0 13 | idna==2.8 14 | importlib-metadata==1.3.0 15 | jmespath==0.9.4 16 | kubernetes==10.0.1 17 | mccabe==0.6.1 18 | more-itertools==8.0.2 19 | numpy==1.17.4 20 | oauthlib==3.1.0 21 | packaging==19.2 22 | pandas==0.25.3 23 | pluggy==0.13.1 24 | py==1.10.0 25 | pyasn1==0.4.8 26 | pyasn1-modules==0.2.7 27 | pycodestyle==2.5.0 28 | pyflakes==2.1.1 29 | pyparsing==2.4.5 30 | python-dateutil==2.8.1 31 | pytz==2019.3 32 | PyYAML==5.4 33 | requests==2.22.0 34 | requests-oauthlib==1.3.0 35 | rsa==4.7 36 | s3transfer==0.3.3 37 | six==1.13.0 38 | toml==0.10.0 39 | tox==3.14.2 40 | urllib3==1.26.5 41 | virtualenv==16.7.9 42 | websocket-client==0.56.0 43 | zipp==0.6.0 44 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/files/ranchertest-mytestcontainer/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | 2 | {{- $mySharedUuid := uuidv4 -}} 3 | 4 | apiVersion: apps/v1 5 | kind: Deployment 6 | metadata: 7 | name: mytestcontainer-{{ $mySharedUuid }} 8 | annotations: 9 | deployment.kubernetes.io/revision: '1' 10 | labels: 11 | workload.user.cattle.io/workloadselector: mytestcontainer-{{ $mySharedUuid }} 12 | spec: 13 | selector: 14 | matchLabels: 15 | workload.user.cattle.io/workloadselector: mytestcontainer-{{ $mySharedUuid }} 16 | template: 17 | metadata: 18 | labels: 19 | workload.user.cattle.io/workloadselector: mytestcontainer-{{ $mySharedUuid }} 20 | spec: 21 | containers: 22 | - imagePullPolicy: IfNotPresent 23 | name: mytestcontainer-{{ $mySharedUuid }}-0 24 | image: ranchertest/mytestcontainer 25 | affinity: 26 | imagePullSecrets: 27 | restartPolicy: Always 28 | volumes: 29 | replicas: 1 30 | -------------------------------------------------------------------------------- /testing/common.py: -------------------------------------------------------------------------------- 1 | import random 2 | import time 3 | 4 | 5 | def random_str(): 6 | return 'random-{0}-{1}'.format(random_num(), int(time.time())) 7 | 8 | 9 | def random_num(): 10 | return random.randint(0, 1000000) 11 | 12 | 13 | def wait_for(callback, timeout=60, fail_handler=None): 14 | sleep_time = _sleep_time() 15 | start = time.time() 16 | ret = callback() 17 | while ret is None or ret is False: 18 | time.sleep(next(sleep_time)) 19 | if time.time() - start > timeout: 20 | exception_msg = 'Timeout waiting for condition.' 21 | if fail_handler: 22 | exception_msg = exception_msg + ' Fail handler message: ' + \ 23 | fail_handler() 24 | raise Exception(exception_msg) 25 | ret = callback() 26 | return ret 27 | 28 | 29 | def _sleep_time(): 30 | sleep = 0.01 31 | while True: 32 | yield sleep 33 | sleep *= 2 34 | if sleep > 1: 35 | sleep = 1 36 | -------------------------------------------------------------------------------- /control-plane/provider.tf: -------------------------------------------------------------------------------- 1 | provider "aws" { 2 | region = local.aws_region 3 | profile = "rancher-eng" 4 | } 5 | 6 | provider "aws" { 7 | region = local.aws_region 8 | profile = "rancher-eng" 9 | alias = "r53" 10 | } 11 | 12 | provider "rancher2" { 13 | alias = "bootstrap" 14 | api_url = "https://${local.name}.${local.domain}" 15 | insecure = length(var.byo_certs_bucket_path) > 0 ? true : false 16 | bootstrap = true 17 | } 18 | 19 | provider "rke" { 20 | debug = true 21 | # log_file = var.k8s_distribution == "rke1" ? "${path.module}/files/${local.name}_${terraform.workspace}_rke1_logs.txt" : null 22 | } 23 | 24 | provider "helm" { 25 | kubernetes { 26 | config_path = abspath(module.generate_kube_config.kubeconfig_path) 27 | } 28 | } 29 | 30 | provider "rancher2" { 31 | alias = "admin" 32 | api_url = local.rancher_url 33 | token_key = local.rancher_token 34 | insecure = length(var.byo_certs_bucket_path) > 0 ? true : false 35 | timeout = "300s" 36 | } 37 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-baseline-clusters/del_etcdctl_keys.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ### This script will loop through all generated kubeconfig files in the "./files" directory based from wherever the script was invoked. 4 | ### It will look for kubeconfig files matching the pattern of "workspace-XXXXX_kube_config", where each X = a number. It will then execute the etcdctl del --prefix /etcdctl-check-perf/ command. 5 | ### $1 - ssh key path 6 | ### $2 - ssh user (ex: "root", "ubuntu", etc.) 7 | 8 | while read -r workspace 9 | do 10 | while read -r node 11 | do 12 | printf "Deleting etcdctl keys for $node\n" 13 | ssh -n -o "StrictHostKeyChecking no" -i "${1}" -T "${2}@${node}" "sudo -s sleep 5 && docker exec etcd etcdctl del --prefix /etcdctl-check-perf/" 14 | done < <(kubectl --kubeconfig ./files/kube_config/${workspace}_kube_config get nodes -o wide | grep etcd | tr -s ' ' | cut -d ' ' -f6) 15 | done < <(terraform workspace list | tr -cd '\n[:alnum:]-' | grep "workspace") 16 | -------------------------------------------------------------------------------- /clusters-rke1/aws/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_availability_zones" "available" { 2 | state = "available" 3 | } 4 | 5 | data "aws_availability_zone" "selected_az" { 6 | zone_id = local.instance_az_zone_id 7 | } 8 | 9 | data "aws_vpc" "default" { 10 | default = true 11 | } 12 | 13 | data "aws_subnets" "available" { 14 | filter { 15 | name = "vpc-id" 16 | values = [data.aws_vpc.default.id] 17 | } 18 | filter { 19 | name = "availability-zone-id" 20 | values = ["${data.aws_availability_zone.selected_az.zone_id}"] 21 | } 22 | } 23 | 24 | data "aws_ami" "ubuntu" { 25 | most_recent = true 26 | owners = ["099720109477"] 27 | 28 | filter { 29 | name = "name" 30 | values = ["${var.image}"] 31 | } 32 | 33 | filter { 34 | name = "virtualization-type" 35 | values = ["hvm"] 36 | } 37 | 38 | filter { 39 | name = "root-device-type" 40 | values = ["ebs"] 41 | } 42 | 43 | filter { 44 | name = "architecture" 45 | values = ["x86_64"] 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /cluster-with-nodes/modules/downstream-k3s-nodes/main.tf: -------------------------------------------------------------------------------- 1 | resource "aws_spot_instance_request" "k3s-worker" { 2 | //ebs_optimized = true 3 | count = var.instances 4 | instance_type = var.worker_instance_type 5 | ami = var.ami_id 6 | spot_price = var.spot_price 7 | wait_for_fulfillment = true 8 | spot_type = "one-time" 9 | 10 | user_data = templatefile("${path.module}/files/worker_userdata.tmpl", 11 | { 12 | current_instance = count.index, 13 | agents_per_node = var.k3s_agents_per_node, 14 | k3s_endpoint = var.k3s_endpoint, 15 | k3s_token = var.k3s_token, 16 | install_k3s_version = var.install_k3s_version, 17 | consul_store = var.consul_store 18 | } 19 | ) 20 | 21 | tags = { 22 | Name = "${var.prefix}-worker-${count.index}" 23 | RancherScaling = "true" 24 | } 25 | 26 | root_block_device { 27 | volume_size = "32" 28 | volume_type = "gp2" 29 | } 30 | } -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-examples/rancher-setup/2.6.x/variables.tf: -------------------------------------------------------------------------------- 1 | variable "rancher_api_url" { 2 | type = string 3 | nullable = false 4 | description = "API url for Rancher server" 5 | } 6 | 7 | variable "rancher_version" { 8 | type = string 9 | default = "2.6.5" 10 | description = "The version of Rancher to install (must be a 2.6.x version)" 11 | } 12 | 13 | variable "kube_config_path" { 14 | type = string 15 | default = null 16 | description = "Path to kubeconfig file on local machine" 17 | } 18 | 19 | variable "letsencrypt_email" { 20 | type = string 21 | default = null 22 | description = "LetsEncrypt email address to use" 23 | } 24 | 25 | variable "rancher_node_count" { 26 | type = number 27 | default = null 28 | } 29 | 30 | variable "rancher_password" { 31 | type = string 32 | default = "" 33 | description = "Password to set for admin user during bootstrap of Rancher Server, if not set random password will be generated" 34 | } 35 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-secret/outputs.tf: -------------------------------------------------------------------------------- 1 | output "id" { 2 | value = var.use_v2 ? data.rancher2_secret_v2.this[0].id : data.rancher2_secret.this[0].id 3 | } 4 | 5 | output "resource_version" { 6 | value = var.use_v2 ? data.rancher2_secret_v2.this[0].resource_version : null 7 | } 8 | 9 | output "immutable" { 10 | value = var.use_v2 ? data.rancher2_secret_v2.this[0].immutable : null 11 | } 12 | 13 | output "type" { 14 | value = var.use_v2 ? data.rancher2_secret_v2.this[0].type : null 15 | } 16 | 17 | output "annotations" { 18 | value = var.use_v2 ? data.rancher2_secret_v2.this[0].annotations : data.rancher2_secret.this[0].annotations 19 | } 20 | 21 | output "labels" { 22 | value = var.use_v2 ? data.rancher2_secret_v2.this[0].labels : data.rancher2_secret.this[0].labels 23 | } 24 | 25 | output "description" { 26 | value = var.use_v2 ? null : data.rancher2_secret.this[0].description 27 | } 28 | 29 | output "data" { 30 | value = var.use_v2 ? data.rancher2_secret_v2.this[0].data : data.rancher2_secret.this[0].data 31 | } 32 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-examples/cluster-aws/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_availability_zones" "available" { 2 | state = "available" 3 | } 4 | 5 | data "aws_availability_zone" "selected_az" { 6 | zone_id = local.instance_az_zone_id 7 | } 8 | 9 | data "aws_vpc" "default" { 10 | default = true 11 | } 12 | 13 | data "aws_subnets" "available" { 14 | filter { 15 | name = "vpc-id" 16 | values = [data.aws_vpc.default.id] 17 | } 18 | filter { 19 | name = "availability-zone-id" 20 | values = ["${data.aws_availability_zone.selected_az.zone_id}"] 21 | } 22 | } 23 | 24 | data "aws_ami" "ubuntu" { 25 | most_recent = true 26 | owners = ["099720109477"] 27 | 28 | filter { 29 | name = "name" 30 | values = ["${var.image}"] 31 | } 32 | 33 | filter { 34 | name = "virtualization-type" 35 | values = ["hvm"] 36 | } 37 | 38 | filter { 39 | name = "root-device-type" 40 | values = ["ebs"] 41 | } 42 | 43 | filter { 44 | name = "architecture" 45 | values = ["x86_64"] 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /rancher-cluster-operations/bulk-components/scripts/create_components.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | iterations=${1:-1} 4 | var_file="${2:-terraform.tfvars}" 5 | workspace_prefix="${3:-bulk}" 6 | timeout=${4:-30} 7 | 8 | echo "VAR FILE: ${var_file}" 9 | # echo "TF ARGS: ${tf_args}" 10 | echo "checking if workspaces exist" 11 | # This will not fix a broken terraform run, if the workspace already exists it will 12 | # be skipped 13 | for iter in $(seq -f "%05g" 1 ${iterations}); do 14 | workspace=${workspace_prefix}-${iter} 15 | if [ ! -d "$PWD/terraform.tfstate.d/${workspace}" ]; 16 | then 17 | # Workspace doesn't exist yet 18 | echo "provisioning ${iter} sets of clusters"; 19 | terraform workspace new "${workspace}" || terraform workspace select "${workspace}"; 20 | terraform apply -auto-approve -var-file="${var_file}" "${@:5}" -parallelism=10; 21 | sleep ${timeout}; 22 | elif [ "${iter}" -eq "${iterations}" ] 23 | then 24 | echo "${workspace} already exists!"; 25 | exit 1; 26 | fi 27 | done 28 | 29 | terraform workspace select default; 30 | -------------------------------------------------------------------------------- /linode-infra/files/base.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 3 | echo "net.ipv4.ip_local_port_range = 15000 61000" >> /etc/sysctl.conf 4 | echo "fs.file-max = 12000500" >> /etc/sysctl.conf 5 | echo "fs.nr_open = 20000500" >> /etc/sysctl.conf 6 | echo "net.ipv4.tcp_mem = 10000000 10000000 10000000" >> /etc/sysctl.conf 7 | sysctl -w net.core.rmem_max=8388608 8 | sysctl -w net.core.wmem_max=8388608 9 | sysctl -w net.core.rmem_default=65536 10 | sysctl -w net.core.wmem_default=65536 11 | sysctl -w net.ipv4.tcp_rmem='4096 87380 8388608' 12 | sysctl -w net.ipv4.tcp_wmem='4096 65536 8388608' 13 | sysctl -w net.ipv4.tcp_mem='8388608 8388608 8388608' 14 | sysctl -w net.ipv4.route.flush=1 15 | echo "# " >> /etc/security/limits.d/limits.conf 16 | echo " * soft nofile 20000000" >> /etc/security/limits.d/limits.conf 17 | echo " * hard nofile 20000000" >> /etc/security/limits.d/limits.conf 18 | sysctl -p 19 | systemctl disable firewalld --now 20 | apt-get install -y software-properties-common ntp 21 | # swapoff -a -------------------------------------------------------------------------------- /rancher-cluster-operations/bulk-components/variables-users.tf: -------------------------------------------------------------------------------- 1 | variable "num_users" { 2 | type = number 3 | default = 0 4 | description = "Number of new users to create, not to be used with var.users" 5 | } 6 | 7 | variable "user_password" { 8 | type = string 9 | description = "Password to use for created users" 10 | sensitive = true 11 | } 12 | 13 | variable "create_new_users" { 14 | type = bool 15 | default = true 16 | } 17 | 18 | variable "users" { 19 | type = list(object({ 20 | name = string 21 | username = optional(string) 22 | })) 23 | default = [] 24 | description = "A list of maps with at least a 'name' or username' field, not to be used with var.num_users" 25 | } 26 | 27 | variable "user_name_ref_pattern" { 28 | type = string 29 | default = "" 30 | } 31 | 32 | variable "user_project_binding" { 33 | type = bool 34 | default = false 35 | } 36 | 37 | variable "user_cluster_binding" { 38 | type = bool 39 | default = false 40 | } 41 | 42 | variable "user_global_binding" { 43 | type = bool 44 | default = false 45 | } 46 | -------------------------------------------------------------------------------- /testing/run.py: -------------------------------------------------------------------------------- 1 | import cleanup 2 | import os 3 | import pathlib 4 | import testbench 5 | 6 | from setup import setup 7 | from stabalize import start 8 | from requests import ConnectionError 9 | from common import wait_for 10 | 11 | 12 | def set_rancher_token_url(): 13 | tfstate = open(str(pathlib.Path(__file__).parent.absolute()) + "/../control-plane/rancher.tfstate").read() 14 | 15 | token = tfstate.split("\"token\": \"")[1] 16 | token = token.split("\",")[0] 17 | print("Token:", token) 18 | 19 | url = tfstate.split("\"url\": \"")[1] 20 | url = url.split("\",")[0] 21 | print("URL:", url) 22 | 23 | os.environ["RANCHER_SCALING_TOKEN"] = token 24 | os.environ["RANCHER_SCALING_URL"] = url 25 | os.environ["TF_VAR_rancher_api_url"] = url 26 | os.environ["TF_VAR_rancher_token_key"] = token 27 | 28 | 29 | def run(): 30 | setup() 31 | set_rancher_token_url() 32 | start() 33 | testbench.run() 34 | cleanup.run() 35 | 36 | 37 | for i in range(3): 38 | try: 39 | run() 40 | break 41 | except ConnectionError as e: 42 | continue 43 | -------------------------------------------------------------------------------- /control-plane/modules/aws-infra/files/base.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 3 | echo "net.ipv4.ip_local_port_range = 15000 61000" >> /etc/sysctl.conf 4 | echo "fs.file-max = 12000500" >> /etc/sysctl.conf 5 | echo "fs.nr_open = 20000500" >> /etc/sysctl.conf 6 | echo "net.ipv4.tcp_mem = 10000000 10000000 10000000" >> /etc/sysctl.conf 7 | sysctl -w net.core.rmem_max=8388608 8 | sysctl -w net.core.wmem_max=8388608 9 | sysctl -w net.core.rmem_default=65536 10 | sysctl -w net.core.wmem_default=65536 11 | sysctl -w net.ipv4.tcp_rmem='4096 87380 8388608' 12 | sysctl -w net.ipv4.tcp_wmem='4096 65536 8388608' 13 | sysctl -w net.ipv4.tcp_mem='8388608 8388608 8388608' 14 | sysctl -w net.ipv4.route.flush=1 15 | echo "# " >> /etc/security/limits.d/limits.conf 16 | echo " * soft nofile 20000000" >> /etc/security/limits.d/limits.conf 17 | echo " * hard nofile 20000000" >> /etc/security/limits.d/limits.conf 18 | sysctl -p 19 | systemctl disable firewalld --now 20 | apt-get install -y software-properties-common ntp 21 | # swapoff -a -------------------------------------------------------------------------------- /testing/setup.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | import requests 4 | import subprocess 5 | 6 | from common import wait_for 7 | 8 | 9 | def download_terraform(): 10 | os.chdir("../control-plane") 11 | url = "https://releases.hashicorp.com/terraform/0.12.20/terraform_0.12.20_" + sys.platform + "_amd64.zip" 12 | requests.get(url) 13 | subprocess.call("unzip terraform.zip", shell=True) 14 | subprocess.call("mv terraform /usr/local/bin", shell=True) 15 | 16 | 17 | def setup_host(): 18 | subprocess.call("terraform init", shell=True) 19 | try: 20 | subprocess.check_output("terraform apply -input=false -auto-approve", shell=True) 21 | except subprocess.CalledProcessError as e: 22 | if "[ERROR] Updating Admin token:" in e.stdout: 23 | print("Admin token not available yet...") 24 | return False 25 | subprocess.call("cat rancher.tfstate", shell=True) 26 | return True 27 | 28 | 29 | def setup(): 30 | download_terraform() 31 | print("Attempting to setup rancher host... May take a while due to spot instance availability...") 32 | wait_for(setup_host) 33 | 34 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-examples/rancher-setup/2.6.x/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | rancher2 = { 4 | source = "rancher/rancher2" 5 | } 6 | helm = { 7 | source = "hashicorp/helm" 8 | } 9 | null = { 10 | source = "hashicorp/null" 11 | } 12 | } 13 | } 14 | 15 | provider "rancher2" { 16 | alias = "bootstrap" 17 | api_url = var.rancher_api_url 18 | insecure = false 19 | bootstrap = true 20 | } 21 | 22 | provider "rancher2" { 23 | alias = "admin" 24 | api_url = module.install_common.rancher_url 25 | token_key = module.install_common.rancher_token 26 | timeout = "300s" 27 | } 28 | 29 | provider "helm" { 30 | kubernetes { 31 | config_path = abspath(var.kube_config_path) 32 | } 33 | } 34 | 35 | locals { 36 | rancher_CN = split("//", "${var.rancher_api_url}")[1] 37 | rancher_url_components = split(".", local.rancher_CN) 38 | rancher_subdomain = local.rancher_url_components[0] 39 | rancher_domain = "${local.rancher_url_components[1]}.${local.rancher_url_components[2]}.${local.rancher_url_components[3]}" 40 | } 41 | -------------------------------------------------------------------------------- /linode-infra/rancher-nodebalancer/variables.tf: -------------------------------------------------------------------------------- 1 | variable "label" { 2 | type = string 3 | default = null 4 | description = "The label of the Linode NodeBalancer" 5 | } 6 | 7 | variable "region" { 8 | type = string 9 | description = "The region where this NodeBalancer will be deployed. Examples are \"us-east\", \"us-west\", \"ap-south\", etc. See all regions [here](https://api.linode.com/v4/regions). *Changing `region` forces the creation of a new Linode NodeBalancer.*" 10 | } 11 | 12 | variable "tags" { 13 | type = list(string) 14 | default = null 15 | description = "A list of tags applied to this object. Tags are for organizational purposes only." 16 | } 17 | 18 | variable "node_count" { 19 | type = number 20 | description = "Number of linodes to add to the nodebalancer" 21 | } 22 | 23 | variable "linodes" { 24 | type = list(object({ 25 | label = string 26 | private_ip_address = string 27 | })) 28 | description = "A list of objects containing the label and private_ip_address of each linode to be added to the nodebalancer. Can pass a list of data.linode_instances as well" 29 | } 30 | -------------------------------------------------------------------------------- /linode-infra/firewall/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.13" 3 | required_providers { 4 | linode = { 5 | source = "linode/linode" 6 | } 7 | } 8 | } 9 | 10 | resource "linode_firewall" "this" { 11 | disabled = var.disabled 12 | label = var.label 13 | tags = var.tags 14 | inbound_policy = var.inbound_policy 15 | outbound_policy = var.outbound_policy 16 | linodes = var.linodes 17 | 18 | dynamic "inbound" { 19 | for_each = var.inbound_rules 20 | content { 21 | label = inbound.value.label 22 | action = inbound.value.action 23 | protocol = inbound.value.protocol 24 | ports = inbound.value.ports 25 | ipv4 = inbound.value.ipv4 26 | ipv6 = inbound.value.ipv6 27 | } 28 | } 29 | 30 | dynamic "outbound" { 31 | for_each = var.outbound_rules 32 | content { 33 | label = outbound.value.label 34 | action = outbound.value.action 35 | protocol = outbound.value.protocol 36 | ports = outbound.value.ports 37 | ipv4 = outbound.value.ipv4 38 | ipv6 = outbound.value.ipv6 39 | } 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-baseline-clusters/aws/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_availability_zones" "available" { 2 | state = "available" 3 | } 4 | 5 | data "aws_availability_zone" "selected_az" { 6 | zone_id = local.instance_az_zone_id 7 | } 8 | 9 | data "aws_security_group" "selected" { 10 | for_each = toset(var.security_groups) 11 | name = each.key 12 | } 13 | 14 | data "aws_vpc" "default" { 15 | default = true 16 | } 17 | 18 | data "aws_subnets" "available" { 19 | filter { 20 | name = "vpc-id" 21 | values = [data.aws_vpc.default.id] 22 | } 23 | filter { 24 | name = "availability-zone-id" 25 | values = ["${data.aws_availability_zone.selected_az.zone_id}"] 26 | } 27 | } 28 | 29 | data "aws_ami" "ubuntu" { 30 | most_recent = true 31 | owners = ["099720109477"] 32 | 33 | filter { 34 | name = "name" 35 | values = ["${var.image}"] 36 | } 37 | 38 | filter { 39 | name = "virtualization-type" 40 | values = ["hvm"] 41 | } 42 | 43 | filter { 44 | name = "root-device-type" 45 | values = ["ebs"] 46 | } 47 | 48 | filter { 49 | name = "architecture" 50 | values = ["x86_64"] 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-baseline-clusters/aws-dynamic/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_availability_zones" "available" { 2 | state = "available" 3 | } 4 | 5 | data "aws_availability_zone" "selected_az" { 6 | zone_id = local.instance_az_zone_id 7 | } 8 | 9 | data "aws_security_group" "selected" { 10 | for_each = toset(var.security_groups) 11 | name = each.key 12 | } 13 | 14 | data "aws_vpc" "default" { 15 | default = true 16 | } 17 | 18 | data "aws_subnets" "available" { 19 | filter { 20 | name = "vpc-id" 21 | values = [data.aws_vpc.default.id] 22 | } 23 | filter { 24 | name = "availability-zone-id" 25 | values = ["${data.aws_availability_zone.selected_az.zone_id}"] 26 | } 27 | } 28 | 29 | data "aws_ami" "ubuntu" { 30 | most_recent = true 31 | owners = ["099720109477"] 32 | 33 | filter { 34 | name = "name" 35 | values = ["${var.image}"] 36 | } 37 | 38 | filter { 39 | name = "virtualization-type" 40 | values = ["hvm"] 41 | } 42 | 43 | filter { 44 | name = "root-device-type" 45 | values = ["ebs"] 46 | } 47 | 48 | filter { 49 | name = "architecture" 50 | values = ["x86_64"] 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /control-plane/modules/aws-k3s/files/ingress-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | ### Values taken from https://github.com/rancher/rke2-charts/blob/main-source/packages/rke2-ingress-nginx/generated-changes/patch/values.yaml.patch 3 | %{ if install_nginx_ingress } 4 | cat </var/lib/rancher/k3s/server/manifests/ingress.yaml 5 | --- 6 | apiVersion: v1 7 | kind: Namespace 8 | metadata: 9 | name: ingress-nginx 10 | --- 11 | apiVersion: helm.cattle.io/v1 12 | kind: HelmChart 13 | metadata: 14 | name: ingress-nginx 15 | namespace: kube-system 16 | spec: 17 | chart: ingress-nginx 18 | repo: https://kubernetes.github.io/ingress-nginx 19 | targetNamespace: ingress-nginx 20 | version: ${ingress_nginx_version} 21 | set: 22 | valuesContent: |- 23 | fullnameOverride: ingress-nginx 24 | controller: 25 | kind: DaemonSet 26 | dnsPolicy: ClusterFirstWithHostNet 27 | watchIngressWithoutClass: true 28 | allowSnippetAnnotations: false 29 | hostNetwork: true 30 | hostPort: 31 | enabled: true 32 | publishService: 33 | enabled: false 34 | service: 35 | enabled: false 36 | metrics: 37 | enabled: false 38 | EOF 39 | %{ endif } 40 | -------------------------------------------------------------------------------- /clusters-rke1/provision_clusters.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | cluster_instances=${1:-1} 4 | workspace_prefix="workspace" 5 | 6 | echo "checking if workspaces exist" 7 | # This will not fix a broken terraform run, if the workspace already exists it will 8 | # be skipped 9 | for cluster_instance in $(seq -f "%05g" 1 ${cluster_instances}); do 10 | workspace=${workspace_prefix}-${cluster_instance} 11 | if [ ! -d "$PWD/terraform.tfstate.d/${workspace}" ]; 12 | then 13 | # Workspace doesn't exist yet 14 | echo "provisioning ${cluster_instances} sets of clusters" 15 | terraform workspace new "${workspace}" || terraform workspace select "${workspace}" 16 | # only create cloud credential and node_template if they have not already been created (if first tf apply is successful then skip creation) 17 | if [ ! ${cluster_instance} = "00001" ] && terraform workspace list | grep -q "${workspace_prefix}-00001"; 18 | then 19 | terraform apply -auto-approve -var "create_node_reqs=false" 20 | else 21 | terraform apply -auto-approve 22 | fi 23 | elif [ "${cluster_instance}" -eq "${cluster_instances}" ] 24 | then 25 | echo "${workspace} already exists!" 26 | exit 1; 27 | fi 28 | done 29 | 30 | terraform workspace select default 31 | -------------------------------------------------------------------------------- /control-plane/files/values/rancher_monitoring_chart_values.yaml: -------------------------------------------------------------------------------- 1 | alertmanager: 2 | enabled: false 3 | grafana: 4 | nodeSelector: 5 | monitoring: "yes" 6 | tolerations: 7 | - key: monitoring 8 | operator: Exists 9 | effect: NoSchedule 10 | prometheus: 11 | prometheusSpec: 12 | evaluationInterval: 1m 13 | nodeSelector: 14 | monitoring: "yes" 15 | resources: 16 | limits: 17 | memory: 5000Mi 18 | retentionSize: 50GiB 19 | scrapeInterval: 1m 20 | tolerations: 21 | - key: monitoring 22 | operator: Exists 23 | effect: NoSchedule 24 | prometheus-adapter: 25 | nodeSelector: 26 | monitoring: "yes" 27 | tolerations: 28 | - key: monitoring 29 | operator: Exists 30 | effect: NoSchedule 31 | kube-state-metrics: 32 | nodeSelector: 33 | monitoring: "yes" 34 | tolerations: 35 | - key: monitoring 36 | operator: Exists 37 | effect: NoSchedule 38 | prometheusOperator: 39 | nodeSelector: 40 | monitoring: "yes" 41 | tolerations: 42 | - key: monitoring 43 | operator: Exists 44 | effect: NoSchedule 45 | global: 46 | cattle: 47 | clusterId: local 48 | clusterName: local 49 | systemDefaultRegistry: "" 50 | systemDefaultRegistry: "" 51 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/.terraform.lock.hcl: -------------------------------------------------------------------------------- 1 | # This file is maintained automatically by "terraform init". 2 | # Manual edits may be lost in future updates. 3 | 4 | provider "registry.terraform.io/hashicorp/helm" { 5 | version = "2.9.0" 6 | hashes = [ 7 | "h1:D5BLFN82WndhQZQleXE5rO0hUDnlyqb60XeUJKDhuo4=", 8 | "zh:1471cb45908b426104687c962007b2980cfde294fa3530fabc4798ce9fb6c20c", 9 | "zh:1572e9cec20591ec08ece797b3630802be816a5adde36ca91a93359f2430b130", 10 | "zh:1b10ae03cf5ab1ae21ffaac2251de99797294ae4242b156b3b0beebbdbcb7e0f", 11 | "zh:3bd043b68de967d8d0b549d3f71485193d81167d5656f5507d743dedfe60e352", 12 | "zh:538911921c729185900176cc22eb8edcb822bc8d22b9ebb48103a1d9bb53cc38", 13 | "zh:69a6a2d40c0463662c3fb1621e37a3ee65024ea4479adf4d5f7f19fb0dea48c2", 14 | "zh:94b58daa0c351a49d01f6d8f1caae46c95c2d6c3f29753e2b9ea3e3c0e7c9ab4", 15 | "zh:9d0543331a4a32241e1ab5457f30b41df745acb235a0391205c725a5311e4809", 16 | "zh:a6789306524ca121512a95e873e3949b4175114a6c5db32bed2df2551a79368f", 17 | "zh:d146b94cd9502cca7f2044797a328d71c7ec2a98e2d138270d8a28c872f04289", 18 | "zh:d14ccd14511f0446eacf43a9243f22de7c1427ceb059cf67d7bf9803be2cb15d", 19 | "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-secret/.terraform.lock.hcl: -------------------------------------------------------------------------------- 1 | # This file is maintained automatically by "terraform init". 2 | # Manual edits may be lost in future updates. 3 | 4 | provider "registry.terraform.io/rancher/rancher2" { 5 | version = "1.23.0" 6 | hashes = [ 7 | "h1:lvFnC2QkVzXIalOFB2Za5n+bpqlgOMhJ2tzy0ErM9jk=", 8 | "zh:3089d8a8288e433762b02ce08b65c12a2a440e60fc1a70fd897f07cc8970f11d", 9 | "zh:3328fedb5c2b8c0ad7b88ffce09583509aad5b58ce1adec7c73d1154652e91ea", 10 | "zh:5447e5563f835ce8dadbfaba50385d499d28cef0443a38d27e825375c2532343", 11 | "zh:617eea02703becb4ad5690c0dac7a142db25290badccee43c633166c35f92316", 12 | "zh:6b088af0112b2c20dd807760f51f3e68d12a256329de291f24a7e8fe57914802", 13 | "zh:73e59c50c12ae08a6bb73a152a2debf14cd46cb44913e3049f82975cf1865259", 14 | "zh:7b49d2e9ab91590614fb6e24ba3c297cc8c9537702bfc188d503d224d724d532", 15 | "zh:a4f7595dbda8d80488041b66c2ae72c81c03cef88bf0cca0cf6f0d4156d54141", 16 | "zh:a541c829cdfc1e225cbc18fc4fcd6bad93687eb098a59b0816c10a5216f777fd", 17 | "zh:b0a7574069e17c66521e182701ef6644c15eeab8aabeb2b792b11fc8d8eab831", 18 | "zh:fc23b7c936512f91b810161bd7fe2c97938d9a38d562b55f0d8b458b7121c0d4", 19 | "zh:fe4742546c718ceadcb61b20716f747c8e3c48bffd00adc747308a4b1c1719b3", 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-cluster/v1/.terraform.lock.hcl: -------------------------------------------------------------------------------- 1 | # This file is maintained automatically by "terraform init". 2 | # Manual edits may be lost in future updates. 3 | 4 | provider "registry.terraform.io/rancher/rancher2" { 5 | version = "1.23.0" 6 | hashes = [ 7 | "h1:lvFnC2QkVzXIalOFB2Za5n+bpqlgOMhJ2tzy0ErM9jk=", 8 | "zh:3089d8a8288e433762b02ce08b65c12a2a440e60fc1a70fd897f07cc8970f11d", 9 | "zh:3328fedb5c2b8c0ad7b88ffce09583509aad5b58ce1adec7c73d1154652e91ea", 10 | "zh:5447e5563f835ce8dadbfaba50385d499d28cef0443a38d27e825375c2532343", 11 | "zh:617eea02703becb4ad5690c0dac7a142db25290badccee43c633166c35f92316", 12 | "zh:6b088af0112b2c20dd807760f51f3e68d12a256329de291f24a7e8fe57914802", 13 | "zh:73e59c50c12ae08a6bb73a152a2debf14cd46cb44913e3049f82975cf1865259", 14 | "zh:7b49d2e9ab91590614fb6e24ba3c297cc8c9537702bfc188d503d224d724d532", 15 | "zh:a4f7595dbda8d80488041b66c2ae72c81c03cef88bf0cca0cf6f0d4156d54141", 16 | "zh:a541c829cdfc1e225cbc18fc4fcd6bad93687eb098a59b0816c10a5216f777fd", 17 | "zh:b0a7574069e17c66521e182701ef6644c15eeab8aabeb2b792b11fc8d8eab831", 18 | "zh:fc23b7c936512f91b810161bd7fe2c97938d9a38d562b55f0d8b458b7121c0d4", 19 | "zh:fe4742546c718ceadcb61b20716f747c8e3c48bffd00adc747308a4b1c1719b3", 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /control-plane/modules/aws-k3s/files/cloud-config-base.tmpl: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | %{ if length(ssh_keys) > 0 } 3 | ssh_authorized_keys: 4 | %{ for ssh_key in ssh_keys } 5 | - ${ssh_key} 6 | %{ endfor } 7 | %{ endif } 8 | runcmd: 9 | - echo "net.ipv4.ip_local_port_range = 15000 61000" >> /etc/sysctl.conf 10 | - echo "fs.file-max = 12000500" >> /etc/sysctl.conf 11 | - echo "fs.nr_open = 20000500" >> /etc/sysctl.conf 12 | - echo "net.ipv4.tcp_mem = 10000000 10000000 10000000" >> /etc/sysctl.conf 13 | - sysctl -w net.core.rmem_max=8388608 14 | - sysctl -w net.core.wmem_max=8388608 15 | - sysctl -w net.core.rmem_default=65536 16 | - sysctl -w net.core.wmem_default=65536 17 | - sysctl -w net.ipv4.tcp_rmem='4096 87380 8388608' 18 | - sysctl -w net.ipv4.tcp_wmem='4096 65536 8388608' 19 | - sysctl -w net.ipv4.tcp_mem='8388608 8388608 8388608' 20 | - sysctl -w net.ipv4.route.flush=1 21 | - ulimit -n 20000000 22 | - echo "# " >> /etc/security/limits.d/limits.conf 23 | - echo " * soft nofile 20000000" >> /etc/security/limits.d/limits.conf 24 | - echo " * hard nofile 20000000" >> /etc/security/limits.d/limits.conf 25 | - sysctl -p 26 | - apt-get update 27 | - apt-get install -y software-properties-common 28 | - DEBIAN_FRONTEND=noninteractive apt-get upgrade -y 29 | -------------------------------------------------------------------------------- /rancher-cluster-operations/charts/rancher-monitoring/.terraform.lock.hcl: -------------------------------------------------------------------------------- 1 | # This file is maintained automatically by "terraform init". 2 | # Manual edits may be lost in future updates. 3 | 4 | provider "registry.terraform.io/rancher/rancher2" { 5 | version = "1.25.0" 6 | hashes = [ 7 | "h1:MRTSMbgic7Ed7fwnP0DQ314EIiSe8iQ4op8U8CRYAls=", 8 | "zh:2a2b9eb0599253c1564bff1998dc4049cddee6cb143d595a6225925aca0a1e61", 9 | "zh:2f9527c0df13cbbd79a6c29126bfdb08eb329a82a13416e22a7361d37b2b2afe", 10 | "zh:49563ec4b8fba24012c280bb5ed4a196377f8ecbc8ce5f33e897be4054a5849f", 11 | "zh:4e1707f7b97a8cae059a8294957510b7e2bff47360d2b4bba6c9e9dfabe7942c", 12 | "zh:6ac711001d29c5d71f91f6d48eefe536a830d56c74c6a469a9ccdd206e3c2e9c", 13 | "zh:7e77cb8b6dd69fbf3de8e3966a9978a762462b3910694c7ab80fc58e84050bac", 14 | "zh:814685a725079cf96ecfbfdcd9f0dff1624bd700cbf0ec85f271136cbaaeeed5", 15 | "zh:89d731d38aafe8742869e2295a9d7a3634ec2e9d865d441792f0e87f19aa0050", 16 | "zh:ca30ef1d051db2fd8ebd2584ec3a5764474f59ede1e05c149e6adf7f8a4ea087", 17 | "zh:cd16ea9e613786f6f4cf596a954dd7c38256c7c1d8c76804f2bc9d61ba3f6b9e", 18 | "zh:e0994a7e3ddd566086ba287b598c7e684e1cf373a04d5d75294dc76d3b6e1ee7", 19 | "zh:f0bae38481d8a962ab4b1cba14f2e93b404f565f5eea7cd29cb0e37e21de6dc8", 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/files/my-pause/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: my-pause 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "1.16.0" 25 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-cloud-credential/variables.tf: -------------------------------------------------------------------------------- 1 | variable "create_new" { 2 | type = bool 3 | default = true 4 | description = "Flag defining if a new rancher2_cloud_credential should be created on each tf apply. Useful for scripting purposes" 5 | } 6 | 7 | variable "name" { 8 | type = string 9 | description = "Display name of the rancher2_cloud_credential" 10 | nullable = false 11 | } 12 | 13 | variable "cloud_provider" { 14 | type = string 15 | description = "A string defining which cloud provider to dynamically create a rancher2_cloud_credential for" 16 | nullable = false 17 | validation { 18 | condition = contains(["aws", "linode"], var.cloud_provider) 19 | error_message = "Please pass in a case-sensitive string equal to one of the following: [\"aws\", \"linode\"]." 20 | } 21 | } 22 | 23 | variable "credential_config" { 24 | type = object({ 25 | access_key = optional(string) 26 | secret_key = optional(string) 27 | region = optional(string) 28 | token = optional(string) 29 | }) 30 | description = "An object containing your cloud provider's specific rancher2_cloud_credential config fields in order to dynamically map to them" 31 | nullable = false 32 | sensitive = true 33 | } 34 | -------------------------------------------------------------------------------- /rke1-local-control-plane/files/values/rancher_monitoring_chart_values.yaml: -------------------------------------------------------------------------------- 1 | alertmanager: 2 | enabled: false 3 | grafana: 4 | nodeSelector: 5 | monitoring: "yes" 6 | tolerations: 7 | - key: monitoring 8 | operator: Exists 9 | effect: NoSchedule 10 | prometheus: 11 | prometheusSpec: 12 | evaluationInterval: 1m 13 | nodeSelector: 14 | monitoring: "yes" 15 | resources: 16 | limits: 17 | memory: 5000Mi 18 | retentionSize: 50GiB 19 | scrapeInterval: 1m 20 | tolerations: 21 | - key: monitoring 22 | operator: Exists 23 | effect: NoSchedule 24 | prometheus-adapter: 25 | nodeSelector: 26 | monitoring: "yes" 27 | tolerations: 28 | - key: monitoring 29 | operator: Exists 30 | effect: NoSchedule 31 | kube-state-metrics: 32 | nodeSelector: 33 | monitoring: "yes" 34 | tolerations: 35 | - key: monitoring 36 | operator: Exists 37 | effect: NoSchedule 38 | prometheusOperator: 39 | nodeSelector: 40 | monitoring: "yes" 41 | tolerations: 42 | - key: monitoring 43 | operator: Exists 44 | effect: NoSchedule 45 | global: 46 | cattle: 47 | clusterId: local 48 | clusterName: local 49 | systemDefaultRegistry: "" 50 | systemDefaultRegistry: "" 51 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/files/crashing-pod/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: crashing-pod 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "1.16.0" 25 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-controller-metrics/.terraform.lock.hcl: -------------------------------------------------------------------------------- 1 | # This file is maintained automatically by "terraform init". 2 | # Manual edits may be lost in future updates. 3 | 4 | provider "registry.terraform.io/hashicorp/kubernetes" { 5 | version = "2.14.0" 6 | hashes = [ 7 | "h1:FFeFf2j2ipbMlrbhmIv8M7bzX3Zq8SQHeFkkQGALh1k=", 8 | "zh:1363fcd6eb3c63113eaa6947a4e7a9f78a6974ea344e89b662d97a78e2ccb70c", 9 | "zh:166352455666b7d584705ceeb00f24fb9b884ab84e3a1a6019dc45d6539c9174", 10 | "zh:4615249ce5311f6fbea9738b25b6e6159e7dcf4693b0a24bc6a5720d1bfd38d0", 11 | "zh:5205343f8e6cfa89d2f9a312edddcf263755bc294a5216555c390244df826f17", 12 | "zh:60b7d9b5da2d1a13bc9cdfe5be75da2e3d1034617dff51ef3f0beb72fe801879", 13 | "zh:61b73d78ef03f0b38ff567b78f2984089eb17724fd8d0f92943b7e522cf31e39", 14 | "zh:69dfe1278eecc6049736d74c3fa2d1f384035621ec5d72f8b180e3b25b45b592", 15 | "zh:7746656be1b437e43f7324898cd4548d7e8cad5308042ba38cb45c4fecbf38fe", 16 | "zh:7e573462091aaf2e6a37edeee33ee4d8f4c37f9a35c331e0f3a60caf078c88c1", 17 | "zh:a05e1f02b2385679087a7059944cac7fb1d71dd042601ee4d0d26e9808d14dd5", 18 | "zh:d8d5d52af1aa55160fec601a1006552d9b6fe21e97313850a1e79bc026e99cfe", 19 | "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", 20 | ] 21 | } 22 | -------------------------------------------------------------------------------- /clusters-rke2/del_etcdctl_keys.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ### This script will loop through all generated kubeconfig files in the "./files" directory based from wherever the script was invoked. 4 | ### It will look for kubeconfig files matching the pattern of ".workspace-XXXXX_kube_config", where each X = a number. It will then execute the etcdctl del --prefix /etcdctl-check-perf/ command. 5 | ### $1 - ssh key path 6 | ### $2 - ssh user (ex: "root", "ubuntu", etc.) 7 | 8 | while read -r workspace 9 | do 10 | printf "Iterating over etcd pods in %s\n" "$workspace" 11 | for etcdpod in $(kubectl --kubeconfig ./files/.${workspace}_kube_config -n kube-system get pod -l component=etcd --no-headers -o custom-columns=NAME:.metadata.name); 12 | do 13 | printf "Deleting etcdctl keys for %s\n" "$etcdpod"; 14 | kubectl --kubeconfig ./files/.${workspace}_kube_config -n kube-system exec $etcdpod -- sh -c "ETCDCTL_ENDPOINTS='https://127.0.0.1:2379' ETCDCTL_CACERT='/var/lib/rancher/rke2/server/tls/etcd/server-ca.crt' ETCDCTL_CERT='/var/lib/rancher/rke2/server/tls/etcd/server-client.crt' ETCDCTL_KEY='/var/lib/rancher/rke2/server/tls/etcd/server-client.key' ETCDCTL_API=3 etcdctl del --prefix /etcdctl-check-perf/"; 15 | done 16 | done < <(terraform workspace list | tr -cd '\n[:alnum:]-' | grep "workspace") 17 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-baseline-clusters/provision_clusters.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | cluster_instances=${1:-1} 4 | workspace_prefix="workspace" 5 | 6 | echo "checking if workspaces exist" 7 | # This will not fix a broken terraform run, if the workspace already exists it will 8 | # be skipped 9 | for cluster_instance in $(seq -f "%05g" 1 ${cluster_instances}); do 10 | workspace=${workspace_prefix}-${cluster_instance} 11 | if [ ! -d "$PWD/terraform.tfstate.d/${workspace}" ]; 12 | then 13 | # Workspace doesn't exist yet 14 | echo "provisioning ${cluster_instances} sets of clusters" 15 | terraform workspace new "${workspace}" || terraform workspace select "${workspace}" 16 | # only create cloud credential and node_template if they have not already been created (if first tf apply is successful then skip creation) 17 | if [ ! ${cluster_instance} = "00001" ] && terraform workspace list | grep -q "${workspace_prefix}-00001"; 18 | then 19 | terraform apply -auto-approve -var "create_node_reqs=false" 20 | else 21 | terraform apply -auto-approve 22 | fi 23 | elif [ "${cluster_instance}" -eq "${cluster_instances}" ] 24 | then 25 | echo "${workspace} already exists!" 26 | exit 1; 27 | fi 28 | done 29 | 30 | terraform workspace select default 31 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-examples/rancher-setup/2.5.x/variables.tf: -------------------------------------------------------------------------------- 1 | variable "rancher_api_url" { 2 | type = string 3 | nullable = false 4 | description = "API url for Rancher server" 5 | } 6 | 7 | variable "rancher_token" { 8 | type = string 9 | nullable = true 10 | default = null 11 | } 12 | 13 | variable "rancher_version" { 14 | type = string 15 | default = "2.5.14" 16 | description = "The version of Rancher to install (must be a 2.5.x version)" 17 | } 18 | 19 | variable "kube_config_path" { 20 | type = string 21 | default = null 22 | description = "Path to kubeconfig file on local machine" 23 | } 24 | 25 | variable "kube_config_context" { 26 | type = string 27 | default = null 28 | description = "Context to use for kubernetes operations" 29 | } 30 | 31 | variable "letsencrypt_email" { 32 | type = string 33 | default = null 34 | description = "LetsEncrypt email address to use" 35 | } 36 | 37 | variable "rancher_node_count" { 38 | type = number 39 | default = null 40 | } 41 | 42 | variable "rancher_password" { 43 | type = string 44 | default = "" 45 | description = "Password to set for admin user during bootstrap of Rancher Server, if not set random password will be generated" 46 | } 47 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-node-template/.terraform.lock.hcl: -------------------------------------------------------------------------------- 1 | # This file is maintained automatically by "terraform init". 2 | # Manual edits may be lost in future updates. 3 | 4 | provider "registry.terraform.io/rancher/rancher2" { 5 | version = "1.23.0" 6 | constraints = ">= 1.10.0" 7 | hashes = [ 8 | "h1:lvFnC2QkVzXIalOFB2Za5n+bpqlgOMhJ2tzy0ErM9jk=", 9 | "zh:3089d8a8288e433762b02ce08b65c12a2a440e60fc1a70fd897f07cc8970f11d", 10 | "zh:3328fedb5c2b8c0ad7b88ffce09583509aad5b58ce1adec7c73d1154652e91ea", 11 | "zh:5447e5563f835ce8dadbfaba50385d499d28cef0443a38d27e825375c2532343", 12 | "zh:617eea02703becb4ad5690c0dac7a142db25290badccee43c633166c35f92316", 13 | "zh:6b088af0112b2c20dd807760f51f3e68d12a256329de291f24a7e8fe57914802", 14 | "zh:73e59c50c12ae08a6bb73a152a2debf14cd46cb44913e3049f82975cf1865259", 15 | "zh:7b49d2e9ab91590614fb6e24ba3c297cc8c9537702bfc188d503d224d724d532", 16 | "zh:a4f7595dbda8d80488041b66c2ae72c81c03cef88bf0cca0cf6f0d4156d54141", 17 | "zh:a541c829cdfc1e225cbc18fc4fcd6bad93687eb098a59b0816c10a5216f777fd", 18 | "zh:b0a7574069e17c66521e182701ef6644c15eeab8aabeb2b792b11fc8d8eab831", 19 | "zh:fc23b7c936512f91b810161bd7fe2c97938d9a38d562b55f0d8b458b7121c0d4", 20 | "zh:fe4742546c718ceadcb61b20716f747c8e3c48bffd00adc747308a4b1c1719b3", 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/files/ranchertest-mytestcontainer/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: ranchertest/mytestcontainer 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | # appVersion: "1.16.0" 25 | -------------------------------------------------------------------------------- /clusters-rke2/provision_clusters.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -e 2 | 3 | cluster_instances=${1:-1} 4 | workspace_prefix=${2:-workspace} 5 | var_file=${3:-terraform.tfvars} 6 | 7 | echo "checking if workspaces exist" 8 | # This will not fix a broken terraform run, if the workspace already exists it will 9 | # be skipped 10 | for cluster_instance in $(seq -f "%05g" 1 ${cluster_instances}); do 11 | workspace=${workspace_prefix}-${cluster_instance} 12 | if [ ! -d "$PWD/terraform.tfstate.d/${workspace}" ]; 13 | then 14 | # Workspace doesn't exist yet 15 | echo "provisioning ${cluster_instances} sets of clusters" 16 | terraform workspace new "${workspace}" || terraform workspace select "${workspace}" 17 | # only create cloud credential and node_template if they have not already been created (if first tf apply is successful then skip creation) 18 | if [ ! ${cluster_instance} = "00001" ] && terraform workspace list | grep -q "${workspace_prefix}-00001"; 19 | then 20 | terraform apply -auto-approve -var "create_credential=false" -var-file="${var_file}" 21 | else 22 | terraform apply -auto-approve -var-file="${var_file}" 23 | fi 24 | elif [ "${cluster_instance}" -eq "${cluster_instances}" ] 25 | then 26 | echo "${workspace} already exists!" 27 | exit 1; 28 | fi 29 | done 30 | 31 | terraform workspace select default 32 | -------------------------------------------------------------------------------- /control-plane/modules/aws-infra/files/docker-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -xe 2 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 3 | export DEBIAN_FRONTEND=noninteractive 4 | apt-get update 5 | apt-get install -y \ 6 | ca-certificates \ 7 | curl \ 8 | gnupg \ 9 | lsb-release 10 | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --batch --yes --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg 11 | 12 | echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ 13 | $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null 14 | 15 | apt-get purge -y docker-ce docker-ce-cli containerd.io || true 16 | apt-get remove -y docker docker-engine docker.io containerd runc || true 17 | rm -rf /var/lib/docker 18 | rm -rf /var/lib/containerd 19 | 20 | # apt-get update 21 | # apt-get install -y docker-ce docker-ce-cli containerd.io 22 | 23 | curl https://releases.rancher.com/install-docker/${install_docker_version}.sh | sh && usermod -aG docker ubuntu 24 | 25 | until [ "$(pgrep -f --count dockerd)" -ge 1 ]; do 26 | sleep 2 27 | done 28 | # if [ -x "$(command -v docker)" ]; then 29 | # echo "Docker installed successfully" 30 | # else 31 | # echo "Docker not installed" 32 | # fi 33 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-cloud-credential/.terraform.lock.hcl: -------------------------------------------------------------------------------- 1 | # This file is maintained automatically by "terraform init". 2 | # Manual edits may be lost in future updates. 3 | 4 | provider "registry.terraform.io/rancher/rancher2" { 5 | version = "1.23.0" 6 | hashes = [ 7 | "h1:iRezZScEh4Mfw6qtPttz/lNgm8iXSB+oxDGM4uyfDSM=", 8 | "h1:lvFnC2QkVzXIalOFB2Za5n+bpqlgOMhJ2tzy0ErM9jk=", 9 | "zh:3089d8a8288e433762b02ce08b65c12a2a440e60fc1a70fd897f07cc8970f11d", 10 | "zh:3328fedb5c2b8c0ad7b88ffce09583509aad5b58ce1adec7c73d1154652e91ea", 11 | "zh:5447e5563f835ce8dadbfaba50385d499d28cef0443a38d27e825375c2532343", 12 | "zh:617eea02703becb4ad5690c0dac7a142db25290badccee43c633166c35f92316", 13 | "zh:6b088af0112b2c20dd807760f51f3e68d12a256329de291f24a7e8fe57914802", 14 | "zh:73e59c50c12ae08a6bb73a152a2debf14cd46cb44913e3049f82975cf1865259", 15 | "zh:7b49d2e9ab91590614fb6e24ba3c297cc8c9537702bfc188d503d224d724d532", 16 | "zh:a4f7595dbda8d80488041b66c2ae72c81c03cef88bf0cca0cf6f0d4156d54141", 17 | "zh:a541c829cdfc1e225cbc18fc4fcd6bad93687eb098a59b0816c10a5216f777fd", 18 | "zh:b0a7574069e17c66521e182701ef6644c15eeab8aabeb2b792b11fc8d8eab831", 19 | "zh:fc23b7c936512f91b810161bd7fe2c97938d9a38d562b55f0d8b458b7121c0d4", 20 | "zh:fe4742546c718ceadcb61b20716f747c8e3c48bffd00adc747308a4b1c1719b3", 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /control-plane/k3s-outputs.tf: -------------------------------------------------------------------------------- 1 | output "db_instance_availability_zone" { 2 | description = "The availability zone of the RDS instance" 3 | value = var.k8s_distribution == "k3s" ? module.db[0].db_instance_availability_zone : null 4 | } 5 | 6 | output "db_instance_endpoint" { 7 | description = "The connection endpoint" 8 | value = var.k8s_distribution == "k3s" ? nonsensitive(module.k3s[0].datastore_endpoint) : null 9 | } 10 | 11 | output "db_password" { 12 | value = var.k8s_distribution == "k3s" ? nonsensitive(module.k3s[0].db_pass) : null 13 | } 14 | 15 | output "external_lb_dns_name" { 16 | value = var.k8s_distribution == "k3s" ? module.k3s[0].external_lb_dns_name : null 17 | } 18 | 19 | output "k3s_cluster_secret" { 20 | value = var.k8s_distribution == "k3s" ? nonsensitive(module.k3s[0].k3s_cluster_secret) : null 21 | sensitive = true 22 | } 23 | 24 | output "k3s_tls_san" { 25 | value = var.k8s_distribution == "k3s" ? module.k3s[0].k3s_tls_san : null 26 | } 27 | 28 | output "db_engine_version" { 29 | value = var.k8s_distribution == "k3s" ? var.db_engine_version : null 30 | } 31 | 32 | output "db_skip_final_snapshot" { 33 | value = var.k8s_distribution == "k3s" ? var.db_skip_final_snapshot : null 34 | } 35 | 36 | output "server_k3s_exec" { 37 | value = var.k8s_distribution == "k3s" ? var.server_k3s_exec : null 38 | } 39 | -------------------------------------------------------------------------------- /control-plane/modules/aws-k3s/files/k3s-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | curl -o ${k3s_datastore_cafile} https://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem 4 | 5 | export INSTALL_K3S_VERSION='v${install_k3s_version}' 6 | export INSTALL_K3S_EXEC='%{ if is_k3s_server }${k3s_tls_san} ${k3s_disable_agent} ${k3s_deploy_traefik} %{ endif ~} ${k3s_exec}' 7 | export K3S_CLUSTER_SECRET='${k3s_cluster_secret}' 8 | export K3S_TOKEN='${k3s_cluster_secret}' 9 | %{~ if use_custom_datastore } 10 | export K3S_DATASTORE_CAFILE='${k3s_datastore_cafile}' 11 | export K3S_DATASTORE_ENDPOINT='${k3s_datastore_endpoint}' 12 | %{~ endif ~} 13 | 14 | %{~ if !is_k3s_server } 15 | export K3S_URL='https://${k3s_url}:6443' 16 | %{~ endif ~} 17 | 18 | %{ if sleep_at_startup } 19 | sleep_time=$(((RANDOM % 10) + 25)) 20 | sleep $sleep_time 21 | %{ endif ~} 22 | 23 | until (curl -sfL https://get.k3s.io | sh -); do 24 | echo 'k3s did not install correctly' 25 | systemctl status k3s.service 26 | journalctl -xe --no-pager -u k3s.service 27 | k3s-uninstall.sh 28 | sleep 2 29 | done 30 | 31 | %{~ if is_k3s_server ~} 32 | until kubectl get pods -A | grep 'Running'; 33 | do 34 | echo 'Waiting for k3s startup' 35 | sleep 5 36 | done 37 | echo 'export KUBECONFIG=/etc/rancher/k3s/k3s.yaml' >> ~/.bashrc 38 | echo 'source <(kubectl completion bash)' >>~/.bashrc 39 | %{~ endif ~} 40 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-examples/rancher-setup/2.5.x/.terraform.lock.hcl: -------------------------------------------------------------------------------- 1 | # This file is maintained automatically by "terraform init". 2 | # Manual edits may be lost in future updates. 3 | 4 | provider "registry.terraform.io/hashicorp/kubernetes" { 5 | version = "2.12.0" 6 | hashes = [ 7 | "h1:d9e/U+LvNNR4WNgVUevYqS3MOg0SnhTysJIxb84313c=", 8 | "h1:hC6qT9uTYG0Ya6HzwuoytcSA7fD8wZ5V0WDlZJAI558=", 9 | "zh:0b9495de4cde4bff48941409cab65ef66ea0d260fcf3d6919fb7f915911fb8da", 10 | "zh:31b8817e521d4928f2d19735bf54cbedb91cf70b93a16f4edf5495eed3f9ea33", 11 | "zh:3ec7dc2d3d432f8f7b44a108a21bea44de310c37f2414eb2913762dbd01c112a", 12 | "zh:4949e4cbc9cd1a633b621d217552b3254a439178cf562886c09fe386119ecf66", 13 | "zh:5a4451328e4940bb0b235e17944b48e75017eb37dce6470142dd899c07512ae1", 14 | "zh:8123b3fdc7a46239dfdc49392aeacafb532d32724e85b00fc84b7ba77a337856", 15 | "zh:8d7229be22e0534c7568a3b60e9ed0b4f468794521cdcaf32c4f6ca727436ede", 16 | "zh:9548f2ce05a5de59bd71a0770cae3b80095145c96754f3698c608a44fdd5d0de", 17 | "zh:c245f1bafc8c2c6adb8dc38ca7ba43ce35134c1f9de3a3370187dec701aa38a1", 18 | "zh:d0496e2fed1787186bd4cfb821db8cbb8dedb3c13e78195e3572ec7ae01ed100", 19 | "zh:f2d515a13e40a2d3757230b6bd0ba469877d6a103cf6ac6d9b06655efc99808d", 20 | "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", 21 | ] 22 | } 23 | -------------------------------------------------------------------------------- /rke1-local-control-plane/files/values/rke_cluster_yaml.tfpl: -------------------------------------------------------------------------------- 1 | nodes: 2 | %{ for i in range(length(addresses)) ~} 3 | - address: ${addresses[i]} 4 | internal_address: ${private_addresses[i]} 5 | role: 6 | - controlplane 7 | - worker 8 | - etcd 9 | user: ${user} 10 | %{ endfor ~} 11 | %{ if dedicated_monitoring ~} 12 | - address: ${monitor_address} 13 | internal_address: ${monitor_private_address} 14 | role: 15 | - worker 16 | user: ${user} 17 | labels: 18 | monitoring: "yes" 19 | taints: 20 | - key: monitoring 21 | value: "yes" 22 | effect: NoSchedule 23 | %{ endif ~} 24 | services: 25 | etcd: 26 | snapshot: true 27 | retention: 24h 28 | creation: 6h 29 | kube-api: 30 | secrets_encryption_config: 31 | enabled: ${enable_secrets_encryption} 32 | audit_log: 33 | enabled: ${enable_audit_log} 34 | ingress: 35 | provider: nginx 36 | options: 37 | use-forwarded-headers: "true" 38 | ssh_key_path: ${ssh_key_path} 39 | ssh_agent_auth: false 40 | ignore_docker_version: false 41 | %{ if length(kubernetes_version) > 0 ~} 42 | kubernetes_version: ${kubernetes_version} 43 | %{ endif ~} 44 | enable_cri_dockerd: ${enable_cri_dockerd} 45 | cluster_name: local 46 | %{ if length(keys(system_images)) > 0 ~} 47 | system_images: 48 | %{ for key, value in system_images ~} 49 | ${key}: ${value} 50 | %{ endfor ~} 51 | %{ endif ~} 52 | -------------------------------------------------------------------------------- /control-plane/modules/generate-kube-config/README.md: -------------------------------------------------------------------------------- 1 | # generate-kube-config 2 | 3 | 4 | ## Requirements 5 | 6 | | Name | Version | 7 | |------|---------| 8 | | [terraform](#requirement\_terraform) | >= 0.14 | 9 | 10 | ## Providers 11 | 12 | | Name | Version | 13 | |------|---------| 14 | | [local](#provider\_local) | n/a | 15 | 16 | ## Modules 17 | 18 | No modules. 19 | 20 | ## Resources 21 | 22 | | Name | Type | 23 | |------|------| 24 | | [local_file.kubeconfig](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | 25 | 26 | ## Inputs 27 | 28 | | Name | Description | Type | Default | Required | 29 | |------|-------------|------|---------|:--------:| 30 | | [identifier\_prefix](#input\_identifier\_prefix) | n/a | `string` | n/a | yes | 31 | | [kubeconfig\_content](#input\_kubeconfig\_content) | n/a | `string` | n/a | yes | 32 | | [kubeconfig\_dir](#input\_kubeconfig\_dir) | n/a | `string` | n/a | yes | 33 | 34 | ## Outputs 35 | 36 | | Name | Description | 37 | |------|-------------| 38 | | [kubeconfig\_path](#output\_kubeconfig\_path) | n/a | 39 | 40 | -------------------------------------------------------------------------------- /testing/tests.py: -------------------------------------------------------------------------------- 1 | class Result: 2 | def __init__(self, passed, err_msg=None): 3 | self.err_msg = err_msg 4 | self.passed = passed 5 | 6 | 7 | def run_tests(df): 8 | test_results = [ 9 | test_cluster_list_time(df), 10 | test_project_list_time(df), 11 | ] 12 | passed = True 13 | err_msgs = [] 14 | for result in test_results: 15 | if not result.passed: 16 | passed = False 17 | err_msgs.append(result.err_msg) 18 | if not passed: 19 | print(len(err_msgs), "metric tests FAILED:\n") 20 | errors = "\n".join(err_msgs) 21 | raise Exception(errors) 22 | else: 23 | print("All metric tests passed!") 24 | 25 | 26 | def test_cluster_list_time(df): 27 | try: 28 | average_less_than(df, "rancher_cluster_list_time", 5) 29 | except AssertionError as e: 30 | return Result(False, err_msg="rancher cluster list time not less than 5 seconds.") 31 | return Result(True) 32 | 33 | 34 | def test_project_list_time(df): 35 | try: 36 | average_less_than(df, "rancher_project_list_time", 5) 37 | except AssertionError as e: 38 | return Result(False, err_msg="rancher project list time not less than 5 seconds.") 39 | return Result(True) 40 | 41 | 42 | def average_less_than(df, col, limit): 43 | averages = df.mean("rows") 44 | 45 | assert averages[col] < limit 46 | 47 | 48 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-examples/rancher-setup/2.5.x/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_providers { 3 | # rancher2 = { 4 | # source = "rancher/rancher2" 5 | # } 6 | # helm = { 7 | # source = "hashicorp/helm" 8 | # } 9 | # null = { 10 | # source = "hashicorp/null" 11 | # } 12 | kubernetes = { 13 | source = "hashicorp/kubernetes" 14 | } 15 | } 16 | } 17 | 18 | # provider "rancher2" { 19 | # alias = "bootstrap" 20 | # api_url = var.rancher_api_url 21 | # insecure = false 22 | # bootstrap = true 23 | # } 24 | 25 | # provider "rancher2" { 26 | # alias = "admin" 27 | # api_url = module.install_common.rancher_url 28 | # token_key = module.install_common.rancher_token 29 | # timeout = "300s" 30 | # } 31 | 32 | # provider "helm" { 33 | # kubernetes { 34 | # config_path = abspath(var.kube_config_path) 35 | # } 36 | # } 37 | 38 | provider "kubernetes" { 39 | config_path = abspath(var.kube_config_path) 40 | config_context = var.kube_config_context 41 | } 42 | 43 | # locals { 44 | # rancher_CN = split("//", "${var.rancher_api_url}")[1] 45 | # rancher_url_components = split(".", local.rancher_CN) 46 | # rancher_subdomain = local.rancher_url_components[0] 47 | # rancher_domain = "${local.rancher_url_components[1]}.${local.rancher_url_components[2]}.${local.rancher_url_components[3]}" 48 | # } 49 | -------------------------------------------------------------------------------- /cluster-with-nodes/variables.tf: -------------------------------------------------------------------------------- 1 | /* 2 | The k3s agents per node and ec2_instances_per_cluster are used together to determine total number of nodes 3 | */ 4 | 5 | variable "k3s_agents_per_node" { 6 | type = number 7 | description = "The number of k3s agents on each ec2 instance" 8 | } 9 | 10 | variable "ec2_instances_per_cluster" { 11 | type = number 12 | description = "Number of EC2 instances per cluster" 13 | } 14 | 15 | variable "server_instance_max_price" {} 16 | variable "server_instance_type" { 17 | type = string 18 | description = "Instance type to use for k3s server" 19 | } 20 | 21 | variable "worker_instance_max_price" {} 22 | 23 | variable "worker_instance_type" { 24 | type = string 25 | description = "Instance type to use for k3s workers" 26 | } 27 | 28 | variable "k3s_server_args" { 29 | type = string 30 | default = "" 31 | description = "extra args to pass to k3s server" 32 | } 33 | 34 | variable "rancher_api_url" { 35 | type = string 36 | description = "api url for rancher server" 37 | } 38 | 39 | variable "rancher_token_key" { 40 | type = string 41 | description = "rancher server API token" 42 | } 43 | 44 | variable "k3s_token" { 45 | type = string 46 | description = "k3s token" 47 | } 48 | 49 | variable "docker_overlay_cidr" { 50 | type = string 51 | description = "docker overlay network cidr i.e. 10.0.0.0/8" 52 | } -------------------------------------------------------------------------------- /clusters/check_etcd_perf.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ### This script will loop through all generated kubeconfig files in the "./files" directory based from wherever the script was invoked. 4 | ### It will look for kubeconfig files matching the pattern of ".workspace-XXXXX_kube_config", where each X = a number. It will then execute the etcdctl check perf command. 5 | ### Example invocation when executing within "clusters-rke1/linode": ../check_etcd_perf.sh ~/.ssh/ root 6 | ### $1 - ssh key path 7 | ### $2 - ssh user (ex: "root", "ubuntu", etc.) 8 | 9 | mkdir -p "./files/kube_config" 10 | mkdir -p "./files/etcd_perf" 11 | num_workspaces=$(terraform workspace list | awk 'NR > 1 {print $1}') 12 | while read -r workspace 13 | do 14 | while read -r node 15 | do 16 | printf "Getting etcd perf results for %s\n" "$node" 17 | { printf "\nNumber of Workspaces: %s" "$num_workspaces"; printf "\nGetting etcd perf results for %s" "$node"; } >> "./files/etcd_perf/etcd_perf_${workspace}.txt" 18 | ssh -n -o "StrictHostKeyChecking no" -i "${1}" -T "${2}@${node}" "sudo -s sleep 5 && docker exec etcd etcdctl check perf -w fields" >> "./files/etcd_perf/etcd_perf_${workspace}.txt" 19 | done < <(kubectl --kubeconfig ./files/kube_config/${workspace}_kube_config get nodes -o wide | grep etcd | tr -s ' ' | cut -d ' ' -f6) 20 | done < <(terraform workspace list | tr -cd '\n[:alnum:]-' | grep "workspace") 21 | -------------------------------------------------------------------------------- /clusters-rke1/check_etcd_perf.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ### This script will loop through all generated kubeconfig files in the "./files" directory based from wherever the script was invoked. 4 | ### It will look for kubeconfig files matching the pattern of ".workspace-XXXXX_kube_config", where each X = a number. It will then execute the etcdctl check perf command. 5 | ### Example invocation when executing within "clusters-rke1/linode": ../check_etcd_perf.sh ~/.ssh/ root 6 | ### $1 - ssh key path 7 | ### $2 - ssh user (ex: "root", "ubuntu", etc.) 8 | 9 | mkdir -p "./files/kube_config" 10 | mkdir -p "./files/etcd_perf" 11 | num_workspaces=$(terraform workspace list | awk 'NR > 1 {print $1}') 12 | while read -r workspace 13 | do 14 | while read -r node 15 | do 16 | printf "Getting etcd perf results for %s\n" "$node" 17 | { printf "\nNumber of Workspaces: %s" "$num_workspaces"; printf "\nGetting etcd perf results for %s" "$node"; } >> "./files/etcd_perf/etcd_perf_${workspace}.txt" 18 | ssh -n -o "StrictHostKeyChecking no" -i "${1}" -T "${2}@${node}" "sudo -s sleep 5 && docker exec etcd etcdctl check perf -w fields" >> "./files/etcd_perf/etcd_perf_${workspace}.txt" 19 | done < <(kubectl --kubeconfig ./files/kube_config/${workspace}_kube_config get nodes -o wide | grep etcd | tr -s ' ' | cut -d ' ' -f6) 20 | done < <(terraform workspace list | tr -cd '\n[:alnum:]-' | grep "workspace") 21 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-cloud-credential/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.1.0" 3 | required_providers { 4 | rancher2 = { 5 | source = "rancher/rancher2" 6 | version = ">= 1.10.0" 7 | } 8 | } 9 | } 10 | 11 | resource "rancher2_cloud_credential" "this" { 12 | count = var.create_new ? 1 : 0 13 | name = var.name 14 | 15 | dynamic "amazonec2_credential_config" { 16 | for_each = var.cloud_provider == "aws" ? [1] : [] 17 | content { 18 | access_key = var.credential_config.access_key 19 | secret_key = var.credential_config.secret_key 20 | default_region = var.credential_config.region 21 | } 22 | } 23 | dynamic "linode_credential_config" { 24 | for_each = var.cloud_provider == "linode" ? [1] : [] 25 | content { 26 | token = var.credential_config.token 27 | } 28 | } 29 | } 30 | 31 | ### Only create a new cloud_credential if the caller has defined that a new cloud_credential should be created 32 | ### else, look for an existing cloud_credential with the given name 33 | data "rancher2_cloud_credential" "this" { 34 | name = var.create_new ? rancher2_cloud_credential.this[0].name : var.name 35 | } 36 | 37 | output "id" { 38 | value = data.rancher2_cloud_credential.this.id 39 | } 40 | 41 | output "name" { 42 | value = data.rancher2_cloud_credential.this.name 43 | } 44 | 45 | output "cloud_cred" { 46 | value = data.rancher2_cloud_credential.this 47 | } 48 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-baseline-clusters/check_etcd_perf.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ### This script will loop through all generated kubeconfig files in the "./files" directory based from wherever the script was invoked. 4 | ### It will look for kubeconfig files matching the pattern of ".workspace-XXXXX_kube_config", where each X = a number. It will then execute the etcdctl check perf command. 5 | ### Example invocation when executing within "clusters-rke1/linode": ../check_etcd_perf.sh ~/.ssh/ root 6 | ### $1 - ssh key path 7 | ### $2 - ssh user (ex: "root", "ubuntu", etc.) 8 | 9 | mkdir -p "./files/kube_config" 10 | mkdir -p "./files/etcd_perf" 11 | num_workspaces=$(terraform workspace list | awk 'NR > 1 {print $1}') 12 | while read -r workspace 13 | do 14 | while read -r node 15 | do 16 | printf "Getting etcd perf results for %s\n" "$node" 17 | { printf "\nNumber of Workspaces: %s" "$num_workspaces"; printf "\nGetting etcd perf results for %s" "$node"; } >> "./files/etcd_perf/etcd_perf_${workspace}.txt" 18 | ssh -n -o "StrictHostKeyChecking no" -i "${1}" -T "${2}@${node}" "sudo -s sleep 5 && docker exec etcd etcdctl check perf -w fields" >> "./files/etcd_perf/etcd_perf_${workspace}.txt" 19 | done < <(kubectl --kubeconfig ./files/kube_config/${workspace}_kube_config get nodes -o wide | grep etcd | tr -s ' ' | cut -d ' ' -f6) 20 | done < <(terraform workspace list | tr -cd '\n[:alnum:]-' | grep "workspace") 21 | -------------------------------------------------------------------------------- /control-plane/modules/aws-k3s/output.tf: -------------------------------------------------------------------------------- 1 | output "rancher_admin_password" { 2 | value = local.install_rancher ? local.rancher_password : null 3 | sensitive = true 4 | } 5 | 6 | output "rancher_url" { 7 | value = try(rancher2_bootstrap.admin[0].url, "N/A") 8 | } 9 | 10 | output "rancher_token_id" { 11 | value = try(rancher2_bootstrap.admin[0].token_id, "N/A") 12 | } 13 | 14 | output "rancher_token" { 15 | value = try(rancher2_bootstrap.admin[0].token, "N/A") 16 | sensitive = false 17 | } 18 | 19 | output "kube_config" { 20 | value = try(data.rancher2_cluster.local[0].kube_config, "N/A") 21 | sensitive = true 22 | } 23 | 24 | output "external_lb_dns_name" { 25 | value = local.create_agent_nlb > 0 ? aws_lb.agent_lb[0].dns_name : null 26 | } 27 | 28 | output "k3s_cluster_secret" { 29 | value = local.k3s_cluster_secret 30 | sensitive = true 31 | } 32 | 33 | output "k3s_tls_san" { 34 | value = local.k3s_tls_san 35 | } 36 | 37 | output "use_new_bootstrap" { 38 | value = var.use_new_bootstrap 39 | } 40 | 41 | output "tls_cert_file" { 42 | value = local.tls_cert_file 43 | sensitive = true 44 | } 45 | 46 | output "tls_key_file" { 47 | value = local.tls_key_file 48 | sensitive = true 49 | } 50 | 51 | output "db_pass" { 52 | value = local.db_pass 53 | sensitive = true 54 | } 55 | 56 | output "datastore_endpoint" { 57 | value = local.k3s_datastore_endpoint 58 | sensitive = true 59 | } 60 | 61 | output "use_new_monitoring_crd_url" { 62 | value = local.use_new_monitoring_crd_url 63 | } 64 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-controller-metrics/README.md: -------------------------------------------------------------------------------- 1 | # rancher-controller-metrics 2 | 3 | This module should only be applied against Rancher clusters on version `2.5.x` with `rancher-monitoring` installed and the `CATTLE_PROMETHEUS_METRICS` environment variable set to true. 4 | 5 | 6 | ## Requirements 7 | 8 | | Name | Version | 9 | |------|---------| 10 | | [terraform](#requirement\_terraform) | >= 0.14 | 11 | 12 | ## Providers 13 | 14 | | Name | Version | 15 | |------|---------| 16 | | [kubernetes](#provider\_kubernetes) | 2.14.0 | 17 | 18 | ## Modules 19 | 20 | No modules. 21 | 22 | ## Resources 23 | 24 | | Name | Type | 25 | |------|------| 26 | | [kubernetes_config_map.rancher_controllers](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/config_map) | resource | 27 | 28 | ## Inputs 29 | 30 | | Name | Description | Type | Default | Required | 31 | |------|-------------|------|---------|:--------:| 32 | | [kube\_config\_path](#input\_kube\_config\_path) | Path to kubeconfig file on local machine | `string` | `null` | no | 33 | | [rancher\_token](#input\_rancher\_token) | Rancher2 API token for authentication | `string` | `null` | no | 34 | | [rancher\_version](#input\_rancher\_version) | The Rancher Server's version | `string` | `"null"` | no | 35 | 36 | ## Outputs 37 | 38 | No outputs. 39 | 40 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/README.md: -------------------------------------------------------------------------------- 1 | # deploy-chart 2 | 3 | 4 | ## Requirements 5 | 6 | No requirements. 7 | 8 | ## Providers 9 | 10 | | Name | Version | 11 | |------|---------| 12 | | [helm](#provider\_helm) | 2.9.0 | 13 | 14 | ## Modules 15 | 16 | No modules. 17 | 18 | ## Resources 19 | 20 | | Name | Type | 21 | |------|------| 22 | | [helm_release.local_chart](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | 23 | | [helm_release.remote_chart](https://registry.terraform.io/providers/hashicorp/helm/latest/docs/resources/release) | resource | 24 | 25 | ## Inputs 26 | 27 | | Name | Description | Type | Default | Required | 28 | |------|-------------|------|---------|:--------:| 29 | | [kube\_config\_path](#input\_kube\_config\_path) | Path to kubeconfig file on local machine | `string` | `null` | no | 30 | | [local\_chart\_path](#input\_local\_chart\_path) | n/a | `any` | `null` | no | 31 | | [namespace](#input\_namespace) | n/a | `any` | n/a | yes | 32 | | [num\_charts](#input\_num\_charts) | n/a | `number` | `1` | no | 33 | | [release\_prefix](#input\_release\_prefix) | n/a | `any` | n/a | yes | 34 | 35 | ## Outputs 36 | 37 | | Name | Description | 38 | |------|-------------| 39 | | [metadata](#output\_metadata) | n/a | 40 | 41 | -------------------------------------------------------------------------------- /clusters-rke2/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_availability_zones" "available" { 2 | state = "available" 3 | } 4 | 5 | data "aws_availability_zone" "selected_az" { 6 | zone_id = local.instance_az_zone_id 7 | } 8 | 9 | data "aws_vpc" "default" { 10 | default = true 11 | } 12 | 13 | data "aws_security_group" "selected" { 14 | for_each = toset(var.security_groups) 15 | name = each.key 16 | } 17 | 18 | data "aws_subnets" "available" { 19 | filter { 20 | name = "vpc-id" 21 | values = [data.aws_vpc.default.id] 22 | } 23 | filter { 24 | name = "availability-zone-id" 25 | values = ["${data.aws_availability_zone.selected_az.zone_id}"] 26 | } 27 | } 28 | 29 | data "aws_ami" "ubuntu" { 30 | most_recent = true 31 | owners = ["099720109477"] 32 | 33 | filter { 34 | name = "name" 35 | values = ["ubuntu-minimal/images/*/ubuntu-bionic-18.04-*"] 36 | } 37 | 38 | filter { 39 | name = "virtualization-type" 40 | values = ["hvm"] 41 | } 42 | 43 | filter { 44 | name = "root-device-type" 45 | values = ["ebs"] 46 | } 47 | 48 | filter { 49 | name = "architecture" 50 | values = ["x86_64"] 51 | } 52 | } 53 | 54 | data "aws_iam_instance_profile" "rancher_iam_full_access" { 55 | name = var.iam_instance_profile 56 | } 57 | 58 | data "rancher2_cloud_credential" "this" { 59 | name = var.create_credential ? rancher2_cloud_credential.shared_cred[0].name : local.cloud_cred_name 60 | } 61 | 62 | data "aws_key_pair" "this" { 63 | count = local.keypair_name_valid ? 1 : 0 64 | key_name = var.create_keypair ? aws_key_pair.this[0].key_name : local.keypair_name 65 | } 66 | -------------------------------------------------------------------------------- /control-plane/common-outputs.tf: -------------------------------------------------------------------------------- 1 | output "k8s_distribtion" { 2 | value = var.k8s_distribution 3 | } 4 | 5 | output "rancher_admin_password" { 6 | value = var.rancher_password 7 | sensitive = true 8 | } 9 | 10 | output "rancher_url" { 11 | value = local.rancher_url 12 | } 13 | 14 | output "rancher_token" { 15 | value = try(nonsensitive(local.rancher_token), "") 16 | sensitive = false 17 | } 18 | 19 | output "install_rancher" { 20 | value = var.install_rancher 21 | } 22 | 23 | output "install_certmanager" { 24 | value = var.install_certmanager 25 | } 26 | 27 | output "install_monitoring" { 28 | value = var.install_monitoring 29 | } 30 | 31 | output "certmanager_version" { 32 | value = var.certmanager_version 33 | } 34 | 35 | output "tls_cert_file" { 36 | value = var.tls_cert_file 37 | sensitive = true 38 | } 39 | 40 | output "tls_key_file" { 41 | value = var.tls_key_file 42 | sensitive = true 43 | } 44 | 45 | output "rancher_charts_repo" { 46 | value = var.install_monitoring ? var.rancher_charts_repo : null 47 | } 48 | 49 | output "rancher_charts_branch" { 50 | value = var.install_monitoring ? var.rancher_charts_branch : null 51 | } 52 | 53 | output "rancher_version" { 54 | value = var.rancher_version 55 | } 56 | 57 | output "use_new_bootstrap" { 58 | value = local.use_new_bootstrap 59 | } 60 | 61 | output "kube_config_path" { 62 | value = abspath(module.generate_kube_config.kubeconfig_path) 63 | } 64 | 65 | output "secrets_encryption" { 66 | value = var.enable_secrets_encryption 67 | } 68 | 69 | output "cattle_prometheus_metrics" { 70 | value = var.cattle_prometheus_metrics 71 | } 72 | -------------------------------------------------------------------------------- /control-plane/modules/aws-infra/files/k8s-setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -xe 2 | exec > >(tee /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 3 | apt-get update 4 | apt-get install -y apt-transport-https ca-certificates curl 5 | # curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg 6 | # echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list 7 | # apt-get update 8 | 9 | # remove kubectl 10 | # apt-get purge -y kubectl 11 | 12 | # enable required kernel modules 13 | for module in br_netfilter ip6_udp_tunnel ip_set ip_set_hash_ip ip_set_hash_net iptable_filter iptable_nat iptable_mangle iptable_raw nf_conntrack_netlink nf_conntrack nf_defrag_ipv4 nf_nat nfnetlink udp_tunnel veth vxlan x_tables xt_addrtype xt_conntrack xt_comment xt_mark xt_multiport xt_nat xt_recent xt_set xt_statistic xt_tcpudp; 14 | do 15 | if ! lsmod | grep -q $module; then 16 | echo "module $module is not present"; 17 | modprobe $module 18 | fi; 19 | done 20 | 21 | # install kubectl 22 | # apt-get install -y kubectl 23 | 24 | # turn swap off 25 | echo "swapoff -a" >> /etc/fstab 26 | 27 | # set recommended networking options 28 | sysctl -w net.bridge.bridge-nf-call-iptables=1 29 | sysctl -w net.ipv4.ip_forward=1 30 | sysctl -w net.bridge.bridge-nf-call-ip6tables=1 31 | sysctl --system 32 | 33 | echo "AllowTcpForwarding yes" >> /etc/ssh/sshd_config 34 | systemctl restart ssh 35 | 36 | until [ "$(pgrep -f --count ssh)" -ge 3 ]; do 37 | sleep 2 38 | done 39 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-secret/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.13" 3 | required_providers { 4 | rancher2 = { 5 | source = "rancher/rancher2" 6 | version = ">= 1.13.0" 7 | } 8 | } 9 | } 10 | 11 | locals { 12 | ### ensure data is base64encoded for rancher2_secret only 13 | secret_data = { for k, v in var.data : k => try(fileexists(v), false) ? filebase64(v) : base64encode(v) } 14 | } 15 | 16 | resource "rancher2_secret" "this" { 17 | count = !var.use_v2 && var.create_new ? 1 : 0 18 | annotations = var.annotations 19 | labels = var.labels 20 | description = var.description 21 | project_id = var.project_id 22 | name = var.name 23 | namespace_id = var.namespace 24 | data = local.secret_data 25 | } 26 | 27 | resource "rancher2_secret_v2" "this" { 28 | count = var.use_v2 && var.create_new ? 1 : 0 29 | 30 | immutable = var.immutable 31 | type = var.type 32 | annotations = var.annotations 33 | labels = var.labels 34 | cluster_id = var.cluster_id 35 | name = var.name 36 | namespace = var.namespace 37 | data = var.data 38 | } 39 | 40 | data "rancher2_secret" "this" { 41 | count = var.use_v2 ? 0 : 1 42 | 43 | name = var.create_new ? rancher2_secret.this[0].name : var.name 44 | namespace_id = var.namespace 45 | project_id = var.project_id 46 | } 47 | 48 | data "rancher2_secret_v2" "this" { 49 | count = var.use_v2 ? 1 : 0 50 | 51 | name = var.create_new ? rancher2_secret_v2.this[0].name : var.name 52 | namespace = var.namespace 53 | cluster_id = var.cluster_id 54 | } 55 | -------------------------------------------------------------------------------- /control-plane/modules/rke2/rancher_lb_components.tf: -------------------------------------------------------------------------------- 1 | resource "aws_lb_target_group" "server_443" { 2 | name = "${var.name}-rke2-443" 3 | port = 443 4 | protocol = "TCP" 5 | vpc_id = var.vpc_id 6 | 7 | health_check { 8 | interval = 10 9 | port = 80 10 | protocol = "TCP" 11 | healthy_threshold = 3 12 | unhealthy_threshold = 3 13 | } 14 | 15 | stickiness { 16 | type = "source_ip" 17 | enabled = false 18 | } 19 | 20 | tags = local.tags 21 | } 22 | 23 | resource "aws_lb_target_group" "server_80" { 24 | name = "${var.name}-rke2-80" 25 | port = 80 26 | protocol = "TCP" 27 | vpc_id = var.vpc_id 28 | 29 | health_check { 30 | interval = 10 31 | port = 80 32 | protocol = "TCP" 33 | healthy_threshold = 3 34 | unhealthy_threshold = 3 35 | } 36 | 37 | stickiness { 38 | type = "source_ip" 39 | enabled = false 40 | } 41 | 42 | tags = local.tags 43 | } 44 | 45 | resource "aws_lb_listener" "server-port_443" { 46 | load_balancer_arn = module.aws_infra_rke2.lb_arn 47 | port = "443" 48 | protocol = "TCP" 49 | 50 | default_action { 51 | type = "forward" 52 | target_group_arn = aws_lb_target_group.server_443.arn 53 | } 54 | } 55 | 56 | resource "aws_lb_listener" "server-port_80" { 57 | load_balancer_arn = module.aws_infra_rke2.lb_arn 58 | port = "80" 59 | protocol = "TCP" 60 | 61 | default_action { 62 | type = "forward" 63 | target_group_arn = aws_lb_target_group.server_80.arn 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-examples/cluster-aws/providers.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 1.1.0" 3 | required_providers { 4 | rancher2 = { 5 | source = "rancher/rancher2" 6 | } 7 | null = { 8 | source = "hashicorp/null" 9 | } 10 | random = { 11 | source = "hashicorp/random" 12 | } 13 | aws = { 14 | source = "hashicorp/aws" 15 | } 16 | } 17 | } 18 | 19 | terraform { 20 | backend "local" { 21 | path = "rancher.tfstate" 22 | } 23 | } 24 | 25 | provider "rancher2" { 26 | api_url = var.rancher_api_url 27 | token_key = var.rancher_token_key 28 | insecure = var.insecure_flag 29 | } 30 | 31 | provider "aws" { 32 | region = "us-west-1" 33 | access_key = var.aws_access_key 34 | secret_key = var.aws_secret_key 35 | } 36 | 37 | locals { 38 | az_zone_ids_list = tolist(data.aws_availability_zones.available.zone_ids) 39 | az_zone_ids_random_index = random_id.index.dec % length(local.az_zone_ids_list) 40 | instance_az_zone_id = local.az_zone_ids_list[local.az_zone_ids_random_index] 41 | selected_az_suffix = data.aws_availability_zone.selected_az.name_suffix 42 | subnet_ids_list = tolist(data.aws_subnets.available.ids) 43 | subnet_ids_random_index = random_id.index.dec % length(local.subnet_ids_list) 44 | instance_subnet_id = local.subnet_ids_list[local.subnet_ids_random_index] 45 | rancher_subdomain = split(".", split("//", "${var.rancher_api_url}")[1])[0] 46 | } 47 | 48 | resource "random_id" "index" { 49 | byte_length = 2 50 | } 51 | 52 | 53 | resource "random_pet" "this" { 54 | keepers = { 55 | } 56 | prefix = "aws" 57 | length = 1 58 | } 59 | -------------------------------------------------------------------------------- /linode-infra/files/k8s-setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -xe 2 | exec > >(tee -a /var/log/user-data.log|logger -t user-data -s 2>/dev/console) 2>&1 3 | 4 | apt-get update 5 | apt-get install -y apt-transport-https ca-certificates curl 6 | # curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg 7 | # echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list 8 | # apt-get update 9 | 10 | # remove kubectl 11 | # apt-get purge -y kubectl 12 | 13 | # enable required kernel modules 14 | for module in br_netfilter ip6_udp_tunnel ip_set ip_set_hash_ip ip_set_hash_net iptable_filter iptable_nat iptable_mangle iptable_raw nf_conntrack_netlink nf_conntrack nf_defrag_ipv4 nf_nat nfnetlink udp_tunnel veth vxlan x_tables xt_addrtype xt_conntrack xt_comment xt_mark xt_multiport xt_nat xt_recent xt_set xt_statistic xt_tcpudp; 15 | do 16 | if ! lsmod | grep -q $module; then 17 | echo "module $module is not present"; 18 | modprobe $module 19 | fi; 20 | done 21 | 22 | # install kubectl 23 | # apt-get install -y kubectl 24 | 25 | # turn swap off 26 | echo "swapoff -a" >> /etc/fstab 27 | 28 | # Open TCP/6443 for all 29 | iptables -A INPUT -p tcp --dport 6443 -j ACCEPT 30 | # set recommended networking options 31 | sysctl -w net.bridge.bridge-nf-call-iptables=1 32 | sysctl -w net.ipv4.ip_forward=1 33 | sysctl -w net.bridge.bridge-nf-call-ip6tables=1 34 | sysctl --system 35 | 36 | echo "AllowTcpForwarding yes" >> /etc/ssh/sshd_config 37 | systemctl restart ssh 38 | 39 | until [ "$(pgrep -f --count ssh)" -ge 3 ]; do 40 | sleep 2 41 | done 42 | -------------------------------------------------------------------------------- /rancher-cluster-operations/charts/rancher-monitoring/variables.tf: -------------------------------------------------------------------------------- 1 | variable "rancher_url" { 2 | default = null 3 | type = string 4 | description = "The Rancher Server's URL" 5 | } 6 | 7 | variable "rancher_token" { 8 | default = null 9 | type = string 10 | description = "Rancher2 API token for authentication" 11 | } 12 | 13 | variable "use_v2" { 14 | default = true 15 | type = bool 16 | description = "Boolean to determine which version of rancher_catalog and rancher_app to use" 17 | } 18 | 19 | variable "charts_repo" { 20 | default = "https://git.rancher.io/charts" 21 | type = string 22 | description = "Url to repo hosting charts" 23 | } 24 | 25 | variable "charts_branch" { 26 | default = "release-v2.6" 27 | type = string 28 | description = "The github branch for the desired Rancher chart version" 29 | } 30 | 31 | variable "chart_version" { 32 | default = null 33 | type = string 34 | description = "Version of rancher-monitoring chart to install" 35 | } 36 | 37 | variable "values" { 38 | default = null 39 | type = string 40 | description = "Values file content for rancher-monitoring" 41 | } 42 | 43 | variable "cluster_id" { 44 | default = "local" 45 | type = string 46 | description = "(optional) describe your variable" 47 | } 48 | 49 | variable "project_id" { 50 | type = string 51 | } 52 | 53 | variable "timeouts" { 54 | default = null 55 | type = object({ 56 | create = optional(string, "10m") 57 | update = optional(string, "10m") 58 | delete = optional(string, "10m") 59 | }) 60 | description = "A map of string representing the timeouts for each resource operation: ['create', 'update', 'delete']." 61 | } 62 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/files/my-pause/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "my-pause.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "my-pause.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "my-pause.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "my-pause.labels" -}} 37 | helm.sh/chart: {{ include "my-pause.chart" . }} 38 | {{ include "my-pause.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Name }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "my-pause.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "my-pause.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | -------------------------------------------------------------------------------- /clusters-rke2/check_etcd_perf.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | ### This script will loop through all generated kubeconfig files in the "./files" directory based from wherever the script was invoked. 4 | ### It will look for kubeconfig files matching the pattern of ".workspace-XXXXX_kube_config", where each X = a number. It will then execute the etcdctl check perf command. 5 | ### Example invocation when executing within "clusters-rke1/linode": ../check_etcd_perf.sh ~/.ssh/ root 6 | ### $1 - ssh key path 7 | ### $2 - ssh user (ex: "root", "ubuntu", etc.) 8 | 9 | mkdir -p "./files/kube_config" 10 | mkdir -p "./files/etcd_perf" 11 | num_workspaces=$(terraform workspace list | awk 'NR > 1 {print $1}') 12 | while read -r workspace 13 | do 14 | printf "Iterating over etcd pods in %s\n" "$workspace" 15 | for etcdpod in $(kubectl --kubeconfig ./files/kube_config/${workspace}_kube_config -n kube-system get pod -l component=etcd --no-headers -o custom-columns=NAME:.metadata.name); 16 | do 17 | printf "Getting etcd perf results for %s\n" "$etcdpod" 18 | { printf "\nNumber of Workspaces: %s" "$num_workspaces"; printf "Getting etcd perf results for %s\n" "$etcdpod"; } >> "./files/etcd_perf/etcd_perf_${workspace}.txt" 19 | kubectl --kubeconfig ./files/kube_config/${workspace}_kube_config -n kube-system exec $etcdpod -- sh -c "ETCDCTL_ENDPOINTS='https://127.0.0.1:2379' ETCDCTL_CACERT='/var/lib/rancher/rke2/server/tls/etcd/server-ca.crt' ETCDCTL_CERT='/var/lib/rancher/rke2/server/tls/etcd/server-client.crt' ETCDCTL_KEY='/var/lib/rancher/rke2/server/tls/etcd/server-client.key' ETCDCTL_API=3 etcdctl check perf -w fields" >> "./files/etcd_perf/etcd_perf_${workspace}.txt" 20 | done 21 | done < <(terraform workspace list | tr -cd '\n[:alnum:]-' | grep "workspace") 22 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-controller-metrics/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14" 3 | required_providers { 4 | kubernetes = { 5 | source = "hashicorp/kubernetes" 6 | } 7 | } 8 | } 9 | 10 | locals { 11 | token_id = split(":", var.rancher_token)[0] 12 | } 13 | 14 | # resource "kubernetes_secret" "bearer_token_secret" { 15 | # metadata { 16 | # name = "secret-${local.token_id}" 17 | # namespace = "cattle-system" 18 | # } 19 | 20 | # data = { 21 | # token = "${var.rancher_token}" 22 | # } 23 | # } 24 | 25 | # resource "kubernetes_manifest" "rancher_service_monitor" { 26 | # manifest = yamldecode(templatefile( 27 | # "${path.module}/files/rancher-service-monitor.yaml", 28 | # { secret_name = "${kubernetes_secret.bearer_token_secret.metadata[0].name}", rancher_version = "${var.rancher_version}" } 29 | # )) 30 | 31 | # timeouts { 32 | # create = "4m" 33 | # update = "4m" 34 | # delete = "15s" 35 | # } 36 | # } 37 | 38 | resource "kubernetes_config_map" "rancher_controllers" { 39 | metadata { 40 | annotations = { 41 | "meta.helm.sh/release-name" = "rancher-monitoring-${count.index}" 42 | "meta.helm.sh/release-namespace" = "cattle-monitoring-system" 43 | } 44 | labels = { 45 | "app" = "rancher-monitoring-grafana-${count.index}" 46 | "grafana_dashboard" = "1-${count.index}" 47 | "heritage" = "terraform" 48 | "app.kubernetes.io/managed-by" = "terraform" 49 | } 50 | name = "rancher-custom-dashboards-controllers-${count.index}" 51 | namespace = "cattle-dashboards" 52 | } 53 | 54 | data = { 55 | "rancher-controllers-dashboard.json" = "${file("${path.module}/files/controllers-dashboard.json")}" 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/files/ranchertest-mytestcontainer/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "mytestcontainer.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "mytestcontainer.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "mytestcontainer.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "mytestcontainer.labels" -}} 37 | helm.sh/chart: {{ include "mytestcontainer.chart" . }} 38 | {{ include "mytestcontainer.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Name }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "mytestcontainer.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "mytestcontainer.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | -------------------------------------------------------------------------------- /linode-infra/files/docker-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash -x 2 | exec > >(tee -a /var/log/user-data.log | logger -t user-data -s 2>/dev/console) 2>&1 3 | export DEBIAN_FRONTEND=noninteractive 4 | apt-get update 5 | apt-get install -y \ 6 | ca-certificates \ 7 | curl \ 8 | gnupg \ 9 | lsb-release 10 | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --batch --yes --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg 11 | 12 | echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ 13 | $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list >/dev/null 14 | 15 | apt-get purge -y docker-ce docker-ce-cli containerd.io || true 16 | apt-get remove -y docker docker-engine docker.io containerd runc || true 17 | rm -rf /var/lib/docker 18 | rm -rf /var/lib/containerd 19 | 20 | # apt-get update 21 | # apt-get install -y docker-ce docker-ce-cli containerd.io 22 | 23 | curl https://releases.rancher.com/install-docker/${install_docker_version}.sh | sh && usermod -aG docker ubuntu 24 | 25 | until [ "$(pgrep -f --count dockerd)" -ge 1 ]; do 26 | sleep 2 27 | done 28 | 29 | docker_active=$(systemctl is-active docker.service) 30 | containerd_active=$(systemctl is-active containerd.service) 31 | until [[ $docker_active == "active" && $containerd_active == "active" ]]; do 32 | apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin 33 | ### start docker on boot 34 | systemctl enable docker.service && systemctl enable containerd.service 35 | 36 | docker_active=$(systemctl is-active docker.service) 37 | containerd_active=$(systemctl is-active containerd.service) 38 | done 39 | # if [ -x "$(command -v docker)" ]; then 40 | # echo "Docker installed successfully" 41 | # else 42 | # echo "Docker not installed" 43 | # fi 44 | -------------------------------------------------------------------------------- /rancher-cluster-operations/README.md: -------------------------------------------------------------------------------- 1 | ## What is this for? 2 | This is a collection of convenience component modules for creating various Rancher2 and K8s terraform resources, installing various charts/Apps, etc. 3 | 4 | ## Rancher Component Modules 5 | * install-common 6 | * charts/rancher-monitoring 7 | * rancher-controller-metrics 8 | * rancher-cloud-credential 9 | * rancher-node-template 10 | * rancher-cluster 11 | * rancher-secret 12 | 13 | ### Rancher Examples 14 | * rancher-examples/cluster-aws 15 | * rancher-examples/cluster-linode 16 | * rancher-examples/rancher-setup/2.5.x 17 | * rancher-examples/rancher-setup/2.6.x 18 | 19 | Examples can be found in the `rancher-examples/` sub-directory, these are meant purely as examples and are not intended to be used as-is. The example modules can be applied and/or modified to aid in understanding how each individual component module can be used. 20 | 21 | 22 | ### Cluster Example Modules 23 | A pre-existing Rancher Local cluster is required and a minimal subset of input variables are exposed to ease exploratory usage. The `cluster-aws` and `cluster-linode` modules are examples of how to provision downstream nodedriver clusters using Rancher. These modules will create the following components (not all of which are necessary for a functioning cluster): `rancher2_cloud_credential`, `rancher2_node_template`, `rancher2_node_pool`, `rancher2_cluster`, `rancher2_secret` or `rancher2_secret_v2`. 24 | 25 | ### Rancher Setup Example Modules 26 | These modules require a pre-configured cluster with a valid URL from which the underlying nodes/machines for the cluster can be reached. A minimal subset of input variables are available and must be provided. These modules can configure and install the following: cert-manager, Rancher (2.5.x or 2.6.x respectively), rancher-monitoring, custom controllers metrics dashboard (only for Rancher 2.5.x), a Rancher Secret. -------------------------------------------------------------------------------- /linode-infra/instance-config/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.13" 3 | required_providers { 4 | linode = { 5 | source = "linode/linode" 6 | } 7 | } 8 | } 9 | 10 | resource "linode_instance_config" "this" { 11 | linode_id = var.linode_id 12 | label = var.label 13 | booted = var.booted 14 | comments = var.comments 15 | kernel = var.kernel 16 | memory_limit = var.memory_limit 17 | root_device = var.root_device 18 | run_level = var.run_level 19 | virt_mode = var.virt_mode 20 | 21 | dynamic "devices" { 22 | for_each = var.devices 23 | iterator = device 24 | content { 25 | sda = try(device.value.sda, null) 26 | sdb = try(device.value.sdb, null) 27 | sdc = try(device.value.sdc, null) 28 | sdd = try(device.value.sdd, null) 29 | # The following Linux block devices are unavailable in "fullvirt" `virt_mode` 30 | sde = try(device.value.sde, null) 31 | sdf = try(device.value.sdf, null) 32 | sdg = try(device.value.sdg, null) 33 | sdh = try(device.value.sdh, null) 34 | } 35 | } 36 | 37 | dynamic "helpers" { 38 | for_each = var.helpers 39 | iterator = helper 40 | content { 41 | devtmpfs_automount = try(helper.devtmpfs_automount, null) 42 | distro = try(helper.distro, null) 43 | modules_dep = try(helper.modules_dep, null) 44 | network = try(helper.network, null) 45 | updatedb_disabled = try(helper.updatedb_disabled, null) 46 | } 47 | } 48 | 49 | # Public networking on eth0 50 | dynamic "interface" { 51 | for_each = var.interfaces 52 | iterator = interface 53 | content { 54 | purpose = try(interface.value.purpose, null) 55 | ipam_address = try(interface.value.ipam_address, null) 56 | label = try(interface.value.label, null) 57 | } 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-examples/cluster-linode/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | default = "us-west" 4 | description = "Cloud provider-specific region string. Defaults to a Linode-compatible region." 5 | } 6 | 7 | variable "image" { 8 | type = string 9 | default = "linode/ubuntu18.04" 10 | description = "Cloud provider-specific image name string." 11 | } 12 | 13 | variable "node_instance_type" { 14 | type = string 15 | default = "g6-standard-2" 16 | description = "Cloud provider-specific instance type string to use for the nodes" 17 | } 18 | 19 | variable "rancher_api_url" { 20 | type = string 21 | nullable = false 22 | description = "api url for rancher server" 23 | } 24 | 25 | variable "rancher_token_key" { 26 | type = string 27 | nullable = false 28 | description = "rancher server API token" 29 | } 30 | 31 | variable "insecure_flag" { 32 | type = bool 33 | default = false 34 | description = "Flag used to determine if Rancher is using self-signed invalid certs (using a private CA)" 35 | } 36 | 37 | variable "k8s_distribution" { 38 | type = string 39 | default = "rke1" 40 | description = "The K8s distribution to use for setting up the cluster. One of k3s, rke1, or rke2." 41 | nullable = false 42 | validation { 43 | condition = contains(["k3s", "rke1", "rke2"], var.k8s_distribution) 44 | error_message = "Please pass in a string equal to one of the following: [\"k3s\", \"rke1\", \"rke2\"]." 45 | } 46 | } 47 | 48 | variable "k8s_version" { 49 | type = string 50 | default = "v1.20.15-rancher1-4" 51 | description = "Version of k8s to use for downstream cluster (should match to a valid var.k8s_distribution-specific version). Defaults to a valid RKE1 version" 52 | } 53 | 54 | variable "linode_token" { 55 | type = string 56 | default = null 57 | sensitive = true 58 | } 59 | -------------------------------------------------------------------------------- /linode-infra/instance-disk/variables.tf: -------------------------------------------------------------------------------- 1 | variable "linode_id" { 2 | type = number 3 | description = "(Required) The ID of the Linode to create this Disk under." 4 | } 5 | 6 | variable "label" { 7 | type = string 8 | description = "(Required) The Disk's label for display purposes only." 9 | } 10 | 11 | variable "size" { 12 | type = string 13 | description = "(Required) The size of the Disk in MB. NOTE: Resizing a disk will trigger a Linode reboot." 14 | } 15 | 16 | variable "authorized_keys" { 17 | type = optional(list(string)) 18 | description = "(Optional) A list of public SSH keys that will be automatically appended to the root user’s ~/.ssh/authorized_keys file when deploying from an Image." 19 | } 20 | 21 | variable "authorized_users" { 22 | type = optional(list(string)) 23 | description = "(Optional) A list of usernames. If the usernames have associated SSH keys, the keys will be appended to the root user’s ~/.ssh/authorized_keys file." 24 | } 25 | 26 | variable "filesystem" { 27 | type = string 28 | description = "(Optional) The filesystem of this disk. (`raw`, `swap`, `ext3`, `ext4`, `initrd`)" 29 | } 30 | 31 | variable "image" { 32 | type = string 33 | description = "(Optional) An Image ID to deploy the Linode Disk from." 34 | } 35 | 36 | variable "root_pass" { 37 | type = string 38 | description = "(Optional) The root user’s password on a newly-created Linode Disk when deploying from an Image." 39 | } 40 | 41 | variable "stackscript_data" { 42 | type = string 43 | description = "(Optional) An object containing responses to any User Defined Fields present in the StackScript being deployed to this Disk. Only accepted if `stackscript_id` is given." 44 | } 45 | 46 | variable "stackscript_id" { 47 | type = string 48 | description = "(Optional) A StackScript ID that will cause the referenced StackScript to be run during deployment of this Disk." 49 | } 50 | -------------------------------------------------------------------------------- /cluster-with-nodes/modules/downstream-k3s-nodes/README.md: -------------------------------------------------------------------------------- 1 | # downstream-k3s-nodes 2 | 3 | 4 | ## Requirements 5 | 6 | No requirements. 7 | 8 | ## Providers 9 | 10 | | Name | Version | 11 | |------|---------| 12 | | [aws](#provider\_aws) | n/a | 13 | 14 | ## Modules 15 | 16 | No modules. 17 | 18 | ## Resources 19 | 20 | | Name | Type | 21 | |------|------| 22 | | [aws_spot_instance_request.k3s-worker](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/spot_instance_request) | resource | 23 | 24 | ## Inputs 25 | 26 | | Name | Description | Type | Default | Required | 27 | |------|-------------|------|---------|:--------:| 28 | | [ami\_id](#input\_ami\_id) | n/a | `any` | n/a | yes | 29 | | [consul\_store](#input\_consul\_store) | n/a | `any` | n/a | yes | 30 | | [install\_k3s\_version](#input\_install\_k3s\_version) | n/a | `any` | n/a | yes | 31 | | [instances](#input\_instances) | n/a | `number` | n/a | yes | 32 | | [k3s\_agents\_per\_node](#input\_k3s\_agents\_per\_node) | The number of k3s agents on each ec2 instance | `number` | n/a | yes | 33 | | [k3s\_endpoint](#input\_k3s\_endpoint) | n/a | `any` | n/a | yes | 34 | | [k3s\_token](#input\_k3s\_token) | n/a | `any` | n/a | yes | 35 | | [prefix](#input\_prefix) | n/a | `any` | n/a | yes | 36 | | [spot\_price](#input\_spot\_price) | n/a | `any` | n/a | yes | 37 | | [worker\_instance\_type](#input\_worker\_instance\_type) | Instance type to use for k3s workers | `string` | n/a | yes | 38 | 39 | ## Outputs 40 | 41 | No outputs. 42 | 43 | -------------------------------------------------------------------------------- /rke1-local-control-plane/outputs.tf: -------------------------------------------------------------------------------- 1 | output "rancher_admin_password" { 2 | value = var.rancher_password 3 | sensitive = true 4 | } 5 | 6 | output "rancher_url" { 7 | value = local.rancher_url 8 | } 9 | 10 | output "rancher_token" { 11 | value = try(nonsensitive(local.rancher_token), "") 12 | sensitive = false 13 | } 14 | 15 | output "install_rancher" { 16 | value = var.install_rancher 17 | } 18 | 19 | output "install_certmanager" { 20 | value = var.install_certmanager 21 | } 22 | 23 | output "install_monitoring" { 24 | value = var.install_monitoring 25 | } 26 | 27 | output "certmanager_version" { 28 | value = var.certmanager_version 29 | } 30 | 31 | output "rancher_charts_repo" { 32 | value = var.install_monitoring ? var.rancher_charts_repo : null 33 | } 34 | 35 | output "rancher_charts_branch" { 36 | value = var.install_monitoring ? var.rancher_charts_branch : null 37 | } 38 | 39 | output "rancher_version" { 40 | value = var.rancher_version 41 | } 42 | 43 | output "use_new_bootstrap" { 44 | value = local.use_new_bootstrap 45 | } 46 | 47 | output "kube_config_path" { 48 | value = abspath(local.kube_config) 49 | } 50 | 51 | output "secrets_encryption" { 52 | value = var.enable_secrets_encryption 53 | } 54 | 55 | output "cattle_prometheus_metrics" { 56 | value = var.cattle_prometheus_metrics 57 | } 58 | 59 | output "name" { 60 | value = local.name 61 | } 62 | 63 | output "nodes_ids" { 64 | # value = module.aws_infra[0].nodes_ids 65 | value = local.nodes_info[*].id 66 | } 67 | 68 | output "nodes_public_ips" { 69 | # value = module.aws_infra[0].nodes_public_ips 70 | value = local.nodes_info[*].public_address 71 | } 72 | 73 | output "nodes_private_ips" { 74 | # value = module.aws_infra[0].nodes_private_ips 75 | value = local.nodes_info[*].private_address 76 | } 77 | 78 | output "nodes_info" { 79 | value = local.nodes_info 80 | } 81 | 82 | output "rancher2_settings" { 83 | value = data.rancher2_setting.this.* 84 | } 85 | -------------------------------------------------------------------------------- /testing/cleanup.py: -------------------------------------------------------------------------------- 1 | import boto3 2 | import os 3 | import pathlib 4 | import subprocess 5 | 6 | 7 | def cleanup_ec2(): 8 | ec2_client = boto3.client( 9 | 'ec2', 10 | region_name="us-east-2", 11 | aws_access_key_id=os.environ["AWS_ACCESS_KEY_ID"], 12 | aws_secret_access_key=os.environ["AWS_SECRET_ACCESS_KEY"]) 13 | 14 | tag_value = os.getenv("TF_VAR_cluster_name", "load-testing") 15 | reservations = ec2_client.describe_spot_instance_requests( 16 | Filters=[ 17 | { 18 | "Name": "tag:RancherScaling", 19 | "Values": [ 20 | tag_value 21 | ] 22 | }]) 23 | 24 | for sir in reservations["SpotInstanceRequests"]: 25 | try: 26 | instance_id = sir["InstanceId"] 27 | ec2_client.terminate_instances( 28 | InstanceIds=[instance_id] 29 | ) 30 | except Exception as e: 31 | print("Failed to delete instance ", instance_id, ":", e) 32 | try: 33 | sir_id = sir["SpotInstanceRequestId"] 34 | ec2_client.cancel_spot_instance_requests( 35 | [sir_id]) 36 | except Exception as e: 37 | print("Failed to delete spot request", sir_id, ":", e ) 38 | 39 | 40 | def cleanup_host(): 41 | path = str(pathlib.Path(__file__).parent.absolute()) + "/../control-plane" 42 | os.chdir(path) 43 | subprocess.call("terraform destroy -input=false -auto-approve", shell=True) 44 | 45 | 46 | def cleanup_states(): 47 | clusters_state_path = str(pathlib.Path(__file__).parent.absolute()) + "/../clusters/terraform.tfstate.d" 48 | backup_clusters_path = str(pathlib.Path(__file__).parent.absolute()) + "/../clusters/backup_terraform.tfstate.d" 49 | subprocess.call("mv " + clusters_state_path + " " + backup_clusters_path, shell=True) 50 | 51 | 52 | def run(): 53 | cleanup_ec2() 54 | cleanup_host() 55 | cleanup_states() 56 | -------------------------------------------------------------------------------- /linode-infra/instance/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.13" 3 | required_providers { 4 | linode = { 5 | source = "linode/linode" 6 | } 7 | } 8 | } 9 | 10 | locals { 11 | 12 | } 13 | 14 | resource "linode_instance" "this" { 15 | count = var.node_count 16 | 17 | label = "${var.label}-${count.index}" 18 | tags = distinct(concat(var.tags, ["${var.label}"])) 19 | group = var.group 20 | 21 | image = var.image 22 | region = var.region 23 | type = var.type 24 | 25 | authorized_keys = var.authorized_keys 26 | authorized_users = var.authorized_users 27 | root_pass = var.root_pass 28 | 29 | private_ip = var.private_ip 30 | shared_ipv4 = var.shared_ipv4 31 | 32 | swap_size = var.swap_size 33 | resize_disk = var.resize_disk 34 | backups_enabled = var.backups_enabled 35 | watchdog_enabled = var.watchdog_enabled 36 | booted = var.booted 37 | 38 | dynamic "alerts" { 39 | for_each = var.alerts 40 | iterator = alert 41 | content { 42 | cpu = alert.value.cpu 43 | network_in = alert.value.network_in 44 | network_out = alert.value.network_out 45 | transfer_quota = alert.value.transfer_quota 46 | io = alert.value.io 47 | } 48 | } 49 | 50 | dynamic "backups" { 51 | for_each = var.backups 52 | iterator = backup 53 | content { 54 | enabled = backup.value.enabled 55 | schedule { 56 | day = backup.value.schedule.day 57 | window = backup.value.schedule.window 58 | } 59 | } 60 | } 61 | 62 | dynamic "interface" { 63 | for_each = toset(var.interfaces) 64 | content { 65 | purpose = interface.value.purpose 66 | label = interface.label.purpose 67 | ipam_address = interface.ipam_address.purpose 68 | } 69 | } 70 | 71 | timeouts { 72 | create = var.create_timeout 73 | update = var.update_timeout 74 | delete = var.delete_timeout 75 | } 76 | } 77 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-examples/rancher-setup/2.5.x/README.md: -------------------------------------------------------------------------------- 1 | # 2.5.x 2 | 3 | 4 | ## Requirements 5 | 6 | No requirements. 7 | 8 | ## Providers 9 | 10 | No providers. 11 | 12 | ## Modules 13 | 14 | | Name | Source | Version | 15 | |------|--------|---------| 16 | | [controller\_metrics](#module\_controller\_metrics) | ../../../rancher-controller-metrics | n/a | 17 | 18 | ## Resources 19 | 20 | No resources. 21 | 22 | ## Inputs 23 | 24 | | Name | Description | Type | Default | Required | 25 | |------|-------------|------|---------|:--------:| 26 | | [kube\_config\_context](#input\_kube\_config\_context) | Context to use for kubernetes operations | `string` | `null` | no | 27 | | [kube\_config\_path](#input\_kube\_config\_path) | Path to kubeconfig file on local machine | `string` | `null` | no | 28 | | [letsencrypt\_email](#input\_letsencrypt\_email) | LetsEncrypt email address to use | `string` | `null` | no | 29 | | [rancher\_api\_url](#input\_rancher\_api\_url) | API url for Rancher server | `string` | n/a | yes | 30 | | [rancher\_node\_count](#input\_rancher\_node\_count) | n/a | `number` | `null` | no | 31 | | [rancher\_password](#input\_rancher\_password) | Password to set for admin user during bootstrap of Rancher Server, if not set random password will be generated | `string` | `""` | no | 32 | | [rancher\_token](#input\_rancher\_token) | n/a | `string` | `null` | no | 33 | | [rancher\_version](#input\_rancher\_version) | The version of Rancher to install (must be a 2.5.x version) | `string` | `"2.5.14"` | no | 34 | 35 | ## Outputs 36 | 37 | No outputs. 38 | 39 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/files/crashing-pod/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "crashing-pod.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "crashing-pod.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "crashing-pod.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "crashing-pod.labels" -}} 37 | helm.sh/chart: {{ include "crashing-pod.chart" . }} 38 | {{ include "crashing-pod.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "crashing-pod.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "crashing-pod.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "crashing-pod.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "crashing-pod.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /rancher-cluster-operations/bulk-components/outputs.tf: -------------------------------------------------------------------------------- 1 | output "cluster_id" { 2 | value = var.output_stdout ? data.rancher2_cluster.this.id : null 3 | } 4 | 5 | output "tokens" { 6 | value = var.output_stdout ? local.all_tokens : null 7 | } 8 | 9 | output "secrets" { 10 | value = var.output_stdout ? local.all_secrets : null 11 | } 12 | 13 | output "secrets_v2" { 14 | value = var.output_stdout ? local.all_secrets_v2 : null 15 | } 16 | 17 | output "aws_cloud_credentials" { 18 | value = var.output_stdout ? local.all_aws_credentials : null 19 | } 20 | 21 | output "linode_cloud_credentials" { 22 | value = var.output_stdout ? local.all_linode_credentials : null 23 | } 24 | 25 | output "projects" { 26 | value = var.output_stdout ? local.all_projects : null 27 | } 28 | 29 | resource "local_file" "tokens" { 30 | count = var.output_local_file ? 1 : 0 31 | content = jsonencode(local.all_tokens) 32 | filename = "${path.module}/files/${terraform.workspace}_all_tokens.txt" 33 | } 34 | 35 | resource "local_file" "secrets" { 36 | count = var.output_local_file ? 1 : 0 37 | content = jsonencode(local.all_secrets) 38 | filename = "${path.module}/files/${terraform.workspace}_all_secrets.txt" 39 | } 40 | 41 | resource "local_file" "secrets_v2" { 42 | count = var.output_local_file ? 1 : 0 43 | content = jsonencode(local.all_secrets_v2) 44 | filename = "${path.module}/files/${terraform.workspace}_all_secrets_v2.txt" 45 | } 46 | 47 | resource "local_file" "aws_credentials" { 48 | count = var.output_local_file ? 1 : 0 49 | content = jsonencode(local.all_aws_credentials) 50 | filename = "${path.module}/files/${terraform.workspace}_all_aws_credentials.txt" 51 | } 52 | 53 | resource "local_file" "linode_credentials" { 54 | count = var.output_local_file ? 1 : 0 55 | content = jsonencode(local.all_linode_credentials) 56 | filename = "${path.module}/files/${terraform.workspace}_all_linode_credentials.txt" 57 | } 58 | 59 | resource "local_file" "projects" { 60 | count = var.output_local_file ? 1 : 0 61 | content = jsonencode(local.all_projects) 62 | filename = "${path.module}/files/${terraform.workspace}_all_projects.txt" 63 | } 64 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-examples/rancher-setup/2.6.x/README.md: -------------------------------------------------------------------------------- 1 | # 2.6.x 2 | 3 | 4 | ## Requirements 5 | 6 | No requirements. 7 | 8 | ## Providers 9 | 10 | | Name | Version | 11 | |------|---------| 12 | | [rancher2.admin](#provider\_rancher2.admin) | 1.24.0 | 13 | 14 | ## Modules 15 | 16 | | Name | Source | Version | 17 | |------|--------|---------| 18 | | [install\_common](#module\_install\_common) | ../../../install-common | n/a | 19 | | [rancher\_monitoring](#module\_rancher\_monitoring) | ../../../charts/rancher-monitoring | n/a | 20 | | [secret\_v2](#module\_secret\_v2) | ../../../rancher-secret | n/a | 21 | 22 | ## Resources 23 | 24 | | Name | Type | 25 | |------|------| 26 | | [rancher2_cluster.local](https://registry.terraform.io/providers/rancher/rancher2/latest/docs/data-sources/cluster) | data source | 27 | 28 | ## Inputs 29 | 30 | | Name | Description | Type | Default | Required | 31 | |------|-------------|------|---------|:--------:| 32 | | [kube\_config\_path](#input\_kube\_config\_path) | Path to kubeconfig file on local machine | `string` | `null` | no | 33 | | [letsencrypt\_email](#input\_letsencrypt\_email) | LetsEncrypt email address to use | `string` | `null` | no | 34 | | [rancher\_api\_url](#input\_rancher\_api\_url) | API url for Rancher server | `string` | n/a | yes | 35 | | [rancher\_node\_count](#input\_rancher\_node\_count) | n/a | `number` | `null` | no | 36 | | [rancher\_password](#input\_rancher\_password) | Password to set for admin user during bootstrap of Rancher Server, if not set random password will be generated | `string` | `""` | no | 37 | | [rancher\_version](#input\_rancher\_version) | The version of Rancher to install (must be a 2.6.x version) | `string` | `"2.6.5"` | no | 38 | 39 | ## Outputs 40 | 41 | No outputs. 42 | 43 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/files/crashing-pod/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for crashing-pod. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: nginx 9 | pullPolicy: IfNotPresent 10 | # Overrides the image tag whose default is the chart appVersion. 11 | tag: "" 12 | 13 | imagePullSecrets: [] 14 | nameOverride: "" 15 | fullnameOverride: "" 16 | 17 | serviceAccount: 18 | # Specifies whether a service account should be created 19 | create: true 20 | # Annotations to add to the service account 21 | annotations: {} 22 | # The name of the service account to use. 23 | # If not set and create is true, a name is generated using the fullname template 24 | name: "" 25 | 26 | podAnnotations: {} 27 | 28 | podSecurityContext: {} 29 | # fsGroup: 2000 30 | 31 | securityContext: {} 32 | # capabilities: 33 | # drop: 34 | # - ALL 35 | # readOnlyRootFilesystem: true 36 | # runAsNonRoot: true 37 | # runAsUser: 1000 38 | 39 | service: 40 | type: ClusterIP 41 | port: 80 42 | 43 | ingress: 44 | enabled: false 45 | className: "" 46 | annotations: {} 47 | # kubernetes.io/ingress.class: nginx 48 | # kubernetes.io/tls-acme: "true" 49 | hosts: 50 | - host: chart-example.local 51 | paths: 52 | - path: / 53 | pathType: ImplementationSpecific 54 | tls: [] 55 | # - secretName: chart-example-tls 56 | # hosts: 57 | # - chart-example.local 58 | 59 | resources: {} 60 | # We usually recommend not to specify default resources and to leave this as a conscious 61 | # choice for the user. This also increases chances charts run on environments with little 62 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 63 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 64 | # limits: 65 | # cpu: 100m 66 | # memory: 128Mi 67 | # requests: 68 | # cpu: 100m 69 | # memory: 128Mi 70 | 71 | autoscaling: 72 | enabled: false 73 | minReplicas: 1 74 | maxReplicas: 100 75 | targetCPUUtilizationPercentage: 80 76 | # targetMemoryUtilizationPercentage: 80 77 | 78 | nodeSelector: {} 79 | 80 | tolerations: [] 81 | 82 | affinity: {} 83 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-examples/cluster-aws/variables.tf: -------------------------------------------------------------------------------- 1 | variable "region" { 2 | type = string 3 | default = "us-west-1" 4 | description = "Cloud provider-specific region string. Defaults to a Linode and AWS-compatible region." 5 | } 6 | 7 | variable "image" { 8 | type = string 9 | default = "ubuntu-minimal/images/*/ubuntu-bionic-18.04-*" 10 | description = "Cloud provider-specific image name string." 11 | } 12 | 13 | variable "node_instance_type" { 14 | type = string 15 | default = "t3a.large" 16 | description = "Cloud provider-specific instance type string to use for the nodes" 17 | } 18 | 19 | variable "rancher_api_url" { 20 | type = string 21 | nullable = false 22 | description = "api url for rancher server" 23 | } 24 | 25 | variable "rancher_token_key" { 26 | type = string 27 | nullable = false 28 | description = "rancher server API token" 29 | } 30 | 31 | variable "insecure_flag" { 32 | type = bool 33 | default = false 34 | description = "Flag used to determine if Rancher is using self-signed invalid certs (using a private CA)" 35 | } 36 | 37 | variable "k8s_distribution" { 38 | type = string 39 | default = "rke1" 40 | description = "The K8s distribution to use for setting up the cluster. One of k3s, rke1, or rke2." 41 | nullable = false 42 | validation { 43 | condition = contains(["k3s", "rke1", "rke2"], var.k8s_distribution) 44 | error_message = "Please pass in a string equal to one of the following: [\"k3s\", \"rke1\", \"rke2\"]." 45 | } 46 | } 47 | 48 | variable "k8s_version" { 49 | type = string 50 | default = "v1.20.15-rancher1-4" 51 | description = "Version of k8s to use for downstream cluster (should match to a valid var.k8s_distribution-specific version). Defaults to a valid RKE1 version" 52 | } 53 | 54 | variable "aws_access_key" { 55 | type = string 56 | sensitive = true 57 | nullable = false 58 | } 59 | 60 | variable "aws_secret_key" { 61 | type = string 62 | sensitive = true 63 | nullable = false 64 | } 65 | 66 | variable "security_groups" { 67 | type = list(string) 68 | default = [] 69 | description = "A list of security group names (EC2-Classic) or IDs (default VPC) to associate with" 70 | } 71 | -------------------------------------------------------------------------------- /cluster-with-nodes/.terraform.lock.hcl: -------------------------------------------------------------------------------- 1 | # This file is maintained automatically by "terraform init". 2 | # Manual edits may be lost in future updates. 3 | 4 | provider "registry.terraform.io/hashicorp/aws" { 5 | version = "3.45.0" 6 | hashes = [ 7 | "h1:9l/yDPt/OPG6a0ITu7amfq1LjdnWHTsOgn/KOxM26HA=", 8 | "h1:LKU/xfna87/p+hl5yTTW3dvOqWJp5JEM+Dt3nnvSDvA=", 9 | "zh:0fdbb3af75ff55807466533f97eb314556ec41a908a543d7cafb06546930f7c6", 10 | "zh:20656895744fa0f4607096b9681c77b2385f450b1577f9151d3070818378a724", 11 | "zh:390f316d00f25a5e45ef5410961fd05bf673068c1b701dc752d11df6d8e741d7", 12 | "zh:3da70f9de241d5f66ea9994ef1e0beddfdb005fa2d2ef6712392f57c5d2e4844", 13 | "zh:65de63cc0f97c85c28a19db560c546aa25f4f403dbf4783ac53c3918044cf180", 14 | "zh:6fc52072e5a66a5d0510aaa2b373a2697895f51398613c68619d8c0c95fc75f5", 15 | "zh:7c1da61092bd1206a020e3ee340ab11be8a4f9bb74e925ca1229ea5267fb3a62", 16 | "zh:94e533d86ce3c08e7102dcabe34ba32ae7fd7819fd0aedef28f48d29e635eae2", 17 | "zh:a3180d4826662e19e71cf20e925a2be8613a51f2f3f7b6d2643ac1418b976d58", 18 | "zh:c783df364928c77fd4dec5419533b125bebe2d50212c4ad609f83b701c2d981a", 19 | "zh:e1279bde388cb675d324584d965c6d22c3ec6890b13de76a50910a3bcd84ed64", 20 | ] 21 | } 22 | 23 | provider "registry.terraform.io/rancher/rancher2" { 24 | version = "1.15.1" 25 | hashes = [ 26 | "h1:9QsOHDa8xTFzXZ/fUVATNQULk1V7+WDcrhKvqW0ztUg=", 27 | "h1:NrO4w1cQxh+hVJ8A9rJn+NzaENLQCkl2hAuEIbbKJ1A=", 28 | "zh:2135bd4df89743973859dbc0d7629b3a8703107a34d2a003aac32fecd13196f1", 29 | "zh:35079bc6d0126746293e181177fc4879bcc4e10de78fe3e6a41946364c231994", 30 | "zh:3573acee6a8ead423ef63276c6d4d7060c474d983a7d4aa3df73fc738df9ca3b", 31 | "zh:49a56ab652d1e77bea15c4be987e62c1714c81748d8e5e9f59797e9a65fd343f", 32 | "zh:6638ee6bba615901dccc45c3542f8e6cba5796dde4844479e3323b887bb6d797", 33 | "zh:9e1c5b3634f408ad03ccc63b3f3ee6185a157f4d83245f4d007aa1a769b5d49e", 34 | "zh:a38a074c979088c1be610a9cb3c3e82de6552b38b90a7954df622907439d02d2", 35 | "zh:ae530311b88510b242859f0555797c58293d77e2af7ad2f53624c1d350a6ee21", 36 | "zh:de66176b9544033f7574bd9fa9e222f1a7412eafe8e66db9b6c59cf46aa5ebbb", 37 | "zh:e0a44aaa9e25c8db8b0d7f556aecf1c979aff3d3f867ce361f85d502f3dccbd5", 38 | "zh:fd5000e1886fa504c94bdaaf3a3ba7cbaf15afd67093d881ae737c724ee83352", 39 | ] 40 | } 41 | -------------------------------------------------------------------------------- /linode-infra/firewall/variables.tf: -------------------------------------------------------------------------------- 1 | variable "label" { 2 | type = string 3 | description = "This Firewall's unique label" 4 | } 5 | 6 | variable "disabled" { 7 | type = bool 8 | default = false 9 | description = "If true, the Firewall's rules are not enforced" 10 | } 11 | 12 | variable "inbound_rules" { 13 | type = list(object({ 14 | label = string 15 | action = string 16 | protocol = string 17 | ports = string 18 | ipv4 = list(string) 19 | ipv6 = list(string) 20 | })) 21 | default = null 22 | description = "A list of firewall rules (as maps) that specifies what inbound network traffic is allowed" 23 | } 24 | 25 | variable "inbound_policy" { 26 | type = string 27 | nullable = false 28 | description = "The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule" 29 | validation { 30 | condition = contains(["ACCEPT", "DROP"], var.inbound_policy) 31 | error_message = "Please pass in a string equal to one of the following: [\"ACCEPT\", \"DROP\"]." 32 | } 33 | } 34 | 35 | variable "outbound_rules" { 36 | type = list(object({ 37 | label = string 38 | action = string 39 | protocol = string 40 | ports = string 41 | ipv4 = list(string) 42 | ipv6 = list(string) 43 | })) 44 | default = null 45 | description = "A list of firewall rules (as maps) that specifies what outbound network traffic is allowed" 46 | } 47 | 48 | variable "outbound_policy" { 49 | type = string 50 | nullable = false 51 | description = "The default behavior for inbound traffic. This setting can be overridden by updating the inbound.action property of the Firewall Rule" 52 | validation { 53 | condition = contains(["ACCEPT", "DROP"], var.outbound_policy) 54 | error_message = "Please pass in a string equal to one of the following: [\"ACCEPT\", \"DROP\"]." 55 | } 56 | } 57 | 58 | variable "linodes" { 59 | type = list(string) 60 | nullable = false 61 | description = "A list of IDs of Linodes this Firewall should govern it's network traffic for" 62 | } 63 | 64 | variable "tags" { 65 | type = list(string) 66 | description = "A list of tags applied to the Kubernetes cluster. Tags are for organizational purposes only" 67 | } -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/files/my-pause/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for my-pause. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: kubernetes/pause 9 | pullPolicy: IfNotPresent 10 | # Overrides the image tag whose default is the chart appVersion. 11 | tag: "latest" 12 | 13 | imagePullSecrets: [] 14 | # nameOverride: "" 15 | # fullnameOverride: "" 16 | 17 | # serviceAccount: 18 | # # Specifies whether a service account should be created 19 | # create: true 20 | # # Annotations to add to the service account 21 | # annotations: {} 22 | # # The name of the service account to use. 23 | # # If not set and create is true, a name is generated using the fullname template 24 | # name: "my-pause-svcacc" 25 | 26 | podAnnotations: {} 27 | 28 | podSecurityContext: {} 29 | # fsGroup: 2000 30 | 31 | securityContext: {} 32 | # capabilities: 33 | # drop: 34 | # - ALL 35 | # readOnlyRootFilesystem: true 36 | # runAsNonRoot: true 37 | # runAsUser: 1000 38 | 39 | # service: 40 | # type: ClusterIP 41 | # port: 80 42 | 43 | # ingress: 44 | # enabled: false 45 | # className: "" 46 | # annotations: {} 47 | # # kubernetes.io/ingress.class: nginx 48 | # # kubernetes.io/tls-acme: "true" 49 | # hosts: 50 | # - host: chart-example.local 51 | # paths: 52 | # - path: / 53 | # pathType: ImplementationSpecific 54 | # tls: [] 55 | # # - secretName: chart-example-tls 56 | # # hosts: 57 | # # - chart-example.local 58 | 59 | resources: {} 60 | # We usually recommend not to specify default resources and to leave this as a conscious 61 | # choice for the user. This also increases chances charts run on environments with little 62 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 63 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 64 | # limits: 65 | # cpu: 100m 66 | # memory: 128Mi 67 | # requests: 68 | # cpu: 100m 69 | # memory: 128Mi 70 | 71 | autoscaling: 72 | enabled: false 73 | minReplicas: 1 74 | maxReplicas: 100000 75 | targetCPUUtilizationPercentage: 80 76 | # targetMemoryUtilizationPercentage: 80 77 | 78 | nodeSelector: {} 79 | 80 | tolerations: [] 81 | 82 | affinity: {} 83 | -------------------------------------------------------------------------------- /rancher-cluster-operations/deploy-chart/files/ranchertest-mytestcontainer/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for my-pause. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: ranchertest/mytestcontainer 9 | pullPolicy: IfNotPresent 10 | # Overrides the image tag whose default is the chart appVersion. 11 | tag: "latest" 12 | 13 | imagePullSecrets: [] 14 | # nameOverride: "" 15 | # fullnameOverride: "" 16 | 17 | # serviceAccount: 18 | # # Specifies whether a service account should be created 19 | # create: true 20 | # # Annotations to add to the service account 21 | # annotations: {} 22 | # # The name of the service account to use. 23 | # # If not set and create is true, a name is generated using the fullname template 24 | # name: "my-pause-svcacc" 25 | 26 | podAnnotations: {} 27 | 28 | podSecurityContext: {} 29 | # fsGroup: 2000 30 | 31 | securityContext: {} 32 | # capabilities: 33 | # drop: 34 | # - ALL 35 | # readOnlyRootFilesystem: true 36 | # runAsNonRoot: true 37 | # runAsUser: 1000 38 | 39 | # service: 40 | # type: ClusterIP 41 | # port: 80 42 | 43 | # ingress: 44 | # enabled: false 45 | # className: "" 46 | # annotations: {} 47 | # # kubernetes.io/ingress.class: nginx 48 | # # kubernetes.io/tls-acme: "true" 49 | # hosts: 50 | # - host: chart-example.local 51 | # paths: 52 | # - path: / 53 | # pathType: ImplementationSpecific 54 | # tls: [] 55 | # # - secretName: chart-example-tls 56 | # # hosts: 57 | # # - chart-example.local 58 | 59 | resources: {} 60 | # We usually recommend not to specify default resources and to leave this as a conscious 61 | # choice for the user. This also increases chances charts run on environments with little 62 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 63 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 64 | # limits: 65 | # cpu: 100m 66 | # memory: 128Mi 67 | # requests: 68 | # cpu: 100m 69 | # memory: 128Mi 70 | 71 | autoscaling: 72 | enabled: false 73 | minReplicas: 1 74 | maxReplicas: 100000 75 | targetCPUUtilizationPercentage: 80 76 | # targetMemoryUtilizationPercentage: 80 77 | 78 | nodeSelector: {} 79 | 80 | tolerations: [] 81 | 82 | affinity: {} 83 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-cluster/v1/variables.tf: -------------------------------------------------------------------------------- 1 | variable "k8s_distribution" { 2 | type = string 3 | default = null 4 | description = "The K8s distribution to use for setting up the cluster. One of k3s, rke1, or rke2." 5 | validation { 6 | condition = contains(["k3s", "rke1", "rke2"], var.k8s_distribution) 7 | error_message = "Please pass in a string equal to one of the following: [\"k3s\", \"rke1\", \"rke2\"]." 8 | } 9 | } 10 | 11 | variable "k8s_version" { 12 | type = string 13 | default = null 14 | description = "Version of k8s to use for downstream cluster (RKE1 version string)" 15 | } 16 | 17 | variable "name" { 18 | type = string 19 | default = "load-testing" 20 | description = "Unique identifier appended to the Rancher url subdomain" 21 | } 22 | 23 | variable "description" { 24 | type = string 25 | default = null 26 | description = "(optional) describe your variable" 27 | } 28 | 29 | variable "annotations" { 30 | type = map(any) 31 | default = null 32 | description = "Optional annotations for the Cluster" 33 | } 34 | 35 | variable "labels" { 36 | type = map(any) 37 | default = {} 38 | description = "Labels to add to each provisioned cluster" 39 | } 40 | 41 | variable "agent_env_vars" { 42 | type = list(map(string)) 43 | default = null 44 | description = "List of maps for optional Agent Env Vars for Rancher agent. Just for Rancher v2.5.6 and above" 45 | } 46 | 47 | variable "sensitive_output" { 48 | type = bool 49 | default = false 50 | description = "Bool that determines if certain outputs should be marked as sensitive and be masked. Default: false" 51 | } 52 | 53 | variable "upgrade_strategy" { 54 | type = any 55 | default = null 56 | description = "(Optional/Computed) Upgrade strategy options for the proper cluster type (object with optional attributes for those defined here https://registry.terraform.io/providers/rancher/rancher2/latest/docs/resources/cluster)" 57 | } 58 | 59 | 60 | variable "network_config" { 61 | type = any 62 | default = null 63 | description = "(Optional/Computed) Network config options for any valid cluster config (object with optional attributes for any network-related options defined here https://registry.terraform.io/providers/rancher/rancher2/latest/docs/resources/cluster)" 64 | } 65 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-cloud-credential/README.md: -------------------------------------------------------------------------------- 1 | # rancher-cloud-credential 2 | 3 | This component module can be used to create or retrieve a `rancher2_cloud_credential` resource. 4 | 5 | 6 | ## Requirements 7 | 8 | | Name | Version | 9 | |------|---------| 10 | | [terraform](#requirement\_terraform) | >= 1.1.0 | 11 | | [rancher2](#requirement\_rancher2) | >= 1.10.0 | 12 | 13 | ## Providers 14 | 15 | | Name | Version | 16 | |------|---------| 17 | | [rancher2](#provider\_rancher2) | 1.23.0 | 18 | 19 | ## Modules 20 | 21 | No modules. 22 | 23 | ## Resources 24 | 25 | | Name | Type | 26 | |------|------| 27 | | [rancher2_cloud_credential.this](https://registry.terraform.io/providers/rancher/rancher2/latest/docs/resources/cloud_credential) | resource | 28 | | [rancher2_cloud_credential.this](https://registry.terraform.io/providers/rancher/rancher2/latest/docs/data-sources/cloud_credential) | data source | 29 | 30 | ## Inputs 31 | 32 | | Name | Description | Type | Default | Required | 33 | |------|-------------|------|---------|:--------:| 34 | | [cloud\_provider](#input\_cloud\_provider) | A string defining which cloud provider to dynamically create a rancher2\_cloud\_credential for | `string` | n/a | yes | 35 | | [create\_new](#input\_create\_new) | Flag defining if a new rancher2\_cloud\_credential should be created on each tf apply. Useful for scripting purposes | `bool` | `true` | no | 36 | | [credential\_config](#input\_credential\_config) | An object containing your cloud provider's specific rancher2\_cloud\_credential config fields in order to dynamically map to them | 
object({
    access_key = optional(string)
    secret_key = optional(string)
    region     = optional(string)
    token      = optional(string)
  })
| n/a | yes | 37 | | [name](#input\_name) | Display name of the rancher2\_cloud\_credential | `string` | n/a | yes | 38 | 39 | ## Outputs 40 | 41 | | Name | Description | 42 | |------|-------------| 43 | | [cloud\_cred](#output\_cloud\_cred) | n/a | 44 | | [id](#output\_id) | n/a | 45 | | [name](#output\_name) | n/a | 46 | 47 | -------------------------------------------------------------------------------- /control-plane/db.tf: -------------------------------------------------------------------------------- 1 | resource "aws_security_group" "database" { 2 | count = var.k8s_distribution == "k3s" ? 1 : 0 3 | name = "${local.name}-database" 4 | vpc_id = data.aws_vpc.default.id 5 | } 6 | 7 | resource "aws_security_group_rule" "database_self" { 8 | count = var.k8s_distribution == "k3s" ? 1 : 0 9 | type = "ingress" 10 | from_port = var.db_port 11 | to_port = var.db_port 12 | protocol = "TCP" 13 | self = true 14 | security_group_id = aws_security_group.database[0].id 15 | } 16 | 17 | 18 | module "db" { 19 | count = var.k8s_distribution == "k3s" ? 1 : 0 20 | source = "terraform-aws-modules/rds/aws" 21 | version = ">= 3.2" 22 | 23 | identifier = local.identifier 24 | 25 | # All available versions: http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.VersionMgmt 26 | engine = var.db_engine 27 | engine_version = var.db_engine_version 28 | major_engine_version = split(".", var.db_engine_version)[0] 29 | 30 | instance_class = var.db_instance_class 31 | allocated_storage = var.db_allocated_storage 32 | storage_encrypted = var.db_storage_encrypted 33 | iops = var.db_iops 34 | storage_type = var.db_storage_type 35 | skip_final_snapshot = var.db_skip_final_snapshot 36 | 37 | subnet_ids = data.aws_subnets.all.ids 38 | vpc_security_group_ids = [data.aws_security_group.default.id, aws_security_group.database[0].id] 39 | multi_az = false 40 | auto_minor_version_upgrade = false 41 | deletion_protection = false 42 | 43 | db_name = var.db_name 44 | username = var.db_username 45 | port = var.db_port 46 | create_db_parameter_group = false 47 | create_db_subnet_group = false 48 | create_db_option_group = false 49 | performance_insights_enabled = false 50 | 51 | db_subnet_group_name = var.db_subnet_group_name != null ? var.db_subnet_group_name : (var.aws_region == "us-west-1" || var.aws_region == "us-east-1") ? "default-${data.aws_vpc.default.id}" : "default" 52 | 53 | maintenance_window = "Mon:00:00-Mon:03:00" 54 | backup_window = "03:00-06:00" 55 | backup_retention_period = 0 56 | 57 | tags = { 58 | "rancher.user" = data.aws_caller_identity.current.user_id 59 | } 60 | 61 | parameters = [ 62 | ] 63 | 64 | options = [ 65 | ] 66 | } 67 | -------------------------------------------------------------------------------- /clusters/variables.tf: -------------------------------------------------------------------------------- 1 | variable "cluster_name" { 2 | type = string 3 | default = "load-testing" 4 | description = "Unique identifier used in resource names and tags" 5 | } 6 | 7 | variable "cluster_count" { 8 | type = number 9 | default = 1 10 | description = "Number of clusters to provision" 11 | } 12 | 13 | variable "aws_region" { 14 | type = string 15 | default = "us-west-1" 16 | } 17 | 18 | variable "security_groups" { 19 | type = list(any) 20 | default = [] 21 | description = "A list of security group names (EC2-Classic) or IDs (default VPC) to associate with" 22 | } 23 | 24 | variable "server_instance_type" { 25 | type = string 26 | description = "Instance type to use for k3s server" 27 | } 28 | 29 | variable "volume_size" { 30 | type = string 31 | default = "32" 32 | description = "Size of the storage volume to use in GB" 33 | } 34 | 35 | variable "volume_type" { 36 | type = string 37 | default = "gp2" 38 | description = "Type of storage volume to use" 39 | } 40 | 41 | variable "k3s_server_args" { 42 | type = string 43 | default = "" 44 | description = "extra args to pass to k3s server" 45 | } 46 | 47 | variable "rancher_api_url" { 48 | type = string 49 | description = "api url for rancher server" 50 | } 51 | 52 | variable "rancher_token_key" { 53 | type = string 54 | description = "rancher server API token" 55 | } 56 | 57 | variable "ssh_keys" { 58 | type = list(any) 59 | default = [] 60 | description = "SSH keys to inject into the EC2 instances" 61 | } 62 | 63 | variable "install_k3s_image" { 64 | type = string 65 | default = "v1.19.3-k3s1" 66 | description = "k3s image to use during install (container image tag with the 'v')" 67 | } 68 | 69 | variable "k3d_version" { 70 | type = string 71 | default = "v3.4.0" 72 | description = "k3d version to use during cluster create (release tag with the 'v')" 73 | } 74 | 75 | variable "k3s_cluster_secret" { 76 | type = string 77 | default = "" 78 | description = "k3s cluster secret" 79 | } 80 | 81 | variable "insecure_flag" { 82 | type = bool 83 | default = false 84 | description = "Flag used to determine if Rancher is using self-signed invalid certs (using a private CA)" 85 | } 86 | 87 | variable "cluster_labels" { 88 | type = map(any) 89 | default = {} 90 | description = "Labels to add to each provisioned cluster" 91 | } 92 | -------------------------------------------------------------------------------- /cluster-with-nodes/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | backend "local" { 3 | path = "rancher.tfstate" 4 | } 5 | } 6 | 7 | locals { 8 | name = "load-testing" 9 | instances_per_cluster = var.ec2_instances_per_cluster 10 | cluster_instance = terraform.workspace 11 | k3s_token = var.k3s_token 12 | install_k3s_version = "docker.io/rancher/k3s:v1.17.2-k3s1" 13 | } 14 | 15 | provider "aws" { 16 | region = "us-west-2" 17 | //profile = "rancher-eng" 18 | } 19 | 20 | provider "rancher2" { 21 | api_url = var.rancher_api_url 22 | token_key = var.rancher_token_key 23 | } 24 | 25 | resource "rancher2_cluster" "k3s" { 26 | name = "${local.name}-${local.cluster_instance}" 27 | description = "TF imported cluster ${local.name}-${local.cluster_instance}" 28 | } 29 | 30 | resource "aws_spot_instance_request" "k3s-server" { 31 | //ebs_optimized = true 32 | instance_type = var.server_instance_type 33 | ami = data.aws_ami.ubuntu.id 34 | spot_price = var.worker_instance_max_price 35 | wait_for_fulfillment = true 36 | spot_type = "one-time" 37 | user_data = templatefile("${path.module}/files/server_userdata.tmpl", 38 | { 39 | k3s_token = local.k3s_token, 40 | install_k3s_version = local.install_k3s_version, 41 | registration_commands = rancher2_cluster.k3s[*].cluster_registration_token[0].command, 42 | vpc_cidr = data.aws_vpc.default.cidr_block 43 | docker_overlay_cidr = var.docker_overlay_cidr 44 | } 45 | ) 46 | 47 | tags = { 48 | Name = "${local.name}-server-${local.cluster_instance}" 49 | RancherScaling = "true" 50 | } 51 | 52 | root_block_device { 53 | volume_size = "32" 54 | volume_type = "gp2" 55 | } 56 | depends_on = [rancher2_cluster.k3s] 57 | } 58 | 59 | module "downstream-k3s-nodes" { 60 | source = "./modules/downstream-k3s-nodes" 61 | k3s_agents_per_node = var.k3s_agents_per_node 62 | instances = var.ec2_instances_per_cluster 63 | worker_instance_type = var.worker_instance_type 64 | 65 | ami_id = data.aws_ami.ubuntu.id 66 | spot_price = var.worker_instance_max_price 67 | prefix = local.name 68 | k3s_token = local.k3s_token 69 | k3s_endpoint = "https://${aws_spot_instance_request.k3s-server.private_ip}:6443" 70 | install_k3s_version = local.install_k3s_version 71 | consul_store = aws_spot_instance_request.k3s-server.private_ip 72 | } -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-secret/variables.tf: -------------------------------------------------------------------------------- 1 | variable "use_v2" { 2 | type = bool 3 | nullable = false 4 | description = "(required) Flag defining whether to create or retrieve a rancher2_secret_v2 or rancher2_secret" 5 | } 6 | 7 | variable "create_new" { 8 | type = bool 9 | nullable = false 10 | description = "(required) Flag defining if a new Secret should be created on each tf apply. Useful for scripting purposes" 11 | } 12 | 13 | variable "annotations" { 14 | type = map(string) 15 | default = null 16 | description = "(optional) A map of annotations to add to the Secret" 17 | } 18 | 19 | variable "labels" { 20 | type = map(string) 21 | default = null 22 | description = "(optional) A map of labels to add to the Secret" 23 | } 24 | variable "description" { 25 | type = string 26 | default = null 27 | description = "(rancher2_secret only) Description for the Secret" 28 | } 29 | 30 | variable "name" { 31 | type = string 32 | nullable = false 33 | description = "(Required) Name for the Secret" 34 | } 35 | 36 | variable "namespace" { 37 | type = string 38 | default = null 39 | description = "(optional) The namespace or namespace_id to create the Secret in" 40 | } 41 | 42 | variable "project_id" { 43 | type = string 44 | default = null 45 | description = "(rancher2_secret only) ID of the project where the Secret should be created" 46 | } 47 | 48 | variable "cluster_id" { 49 | type = string 50 | default = "local" 51 | description = "(rancher2_secret_v2 only) ID of the cluster where the Secret should be created" 52 | } 53 | 54 | variable "immutable" { 55 | type = string 56 | default = false 57 | description = "(optional) If set to true, any Secret update will remove and recreate the Secret. This is a beta field enabled by k8s ImmutableEphemeralVolumes feature gate" 58 | } 59 | 60 | variable "type" { 61 | type = string 62 | default = "Opaque" 63 | description = "(optional) The type of the Secret, used to facilitate programmatic handling of Secret data. [More info](https://github.com/kubernetes/api/blob/release-1.20/core/v1/types.go#L5772) about k8s Secret types and expected format" 64 | } 65 | 66 | variable "data" { 67 | type = map(any) 68 | description = "(required if create_new = true) Map of data to include in each Secret (values can be file paths). Data values for rancher2_secret will be base64encoded as required, therefore do not pass in encoded data" 69 | } 70 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-baseline-clusters/linode-dynamic/cluster_v2.tf: -------------------------------------------------------------------------------- 1 | resource "rancher2_machine_config_v2" "this" { 2 | for_each = local.v2_configs 3 | generate_name = "${each.value.name}${each.key}-nt" 4 | linode_config { 5 | image = var.image 6 | instance_type = var.server_instance_type 7 | region = var.region 8 | authorized_users = var.authorized_users 9 | tags = "RancherScaling,${local.rancher_subdomain},Owner,${local.rancher_subdomain}" 10 | } 11 | } 12 | 13 | resource "rancher2_cluster_v2" "cluster_v2" { 14 | for_each = local.v2_configs 15 | name = each.value.name 16 | kubernetes_version = each.value.k8s_version 17 | cloud_credential_secret_name = module.cloud_credential.id 18 | dynamic "agent_env_vars" { 19 | for_each = var.agent_env_vars == null ? [] : var.agent_env_vars 20 | iterator = agent_var 21 | content { 22 | name = agent_var.value.name 23 | value = agent_var.value.value 24 | } 25 | } 26 | rke_config { 27 | dynamic "machine_pools" { 28 | for_each = each.value.roles_per_pool 29 | iterator = pool 30 | content { 31 | name = "${each.value.name}-${pool.key}" 32 | cloud_credential_secret_name = module.cloud_credential.id 33 | control_plane_role = try(tobool(pool.value["control-plane"]), false) 34 | worker_role = try(tobool(pool.value["worker"]), false) 35 | etcd_role = try(tobool(pool.value["etcd"]), false) 36 | quantity = try(tonumber(pool.value["quantity"]), 1) 37 | 38 | machine_config { 39 | kind = rancher2_machine_config_v2.this[each.key].kind 40 | name = rancher2_machine_config_v2.this[each.key].name 41 | } 42 | } 43 | } 44 | } 45 | timeouts { 46 | create = "15m" 47 | } 48 | depends_on = [ 49 | module.cloud_credential 50 | ] 51 | } 52 | 53 | resource "rancher2_cluster_sync" "cluster_v2" { 54 | count = local.v2_count 55 | cluster_id = local.v2_clusters[count.index].cluster_v1_id 56 | state_confirm = 3 57 | } 58 | 59 | resource "local_file" "v2_kube_config" { 60 | count = length(local.v2_kube_config_list) 61 | content = local.v2_kube_config_list[count.index] 62 | filename = "${path.module}/files/kube_config/${terraform.workspace}_${local.v2_clusters[count.index].name}_kube_config" 63 | file_permission = "0700" 64 | } 65 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-examples/rancher-setup/2.6.x/main.tf: -------------------------------------------------------------------------------- 1 | ### install common components for Rancher local clusters (cert-manager + Rancher) 2 | module "install_common" { 3 | source = "../../../install-common" 4 | providers = { 5 | rancher2 = rancher2.bootstrap 6 | } 7 | 8 | kube_config_path = var.kube_config_path 9 | 10 | subdomain = local.rancher_subdomain 11 | domain = local.rancher_domain 12 | install_certmanager = true 13 | install_rancher = true 14 | certmanager_version = "1.8.1" 15 | 16 | helm_rancher_chart_values_path = "../../../install-common/files/rancher_chart_values.tftpl" 17 | letsencrypt_email = var.letsencrypt_email 18 | rancher_image = "rancher/rancher" 19 | rancher_version = "2.6.5" 20 | rancher_password = var.rancher_password 21 | use_new_bootstrap = true 22 | rancher_node_count = var.rancher_node_count 23 | cattle_prometheus_metrics = true 24 | } 25 | 26 | data "rancher2_cluster" "local" { 27 | provider = rancher2.admin 28 | 29 | name = "local" 30 | depends_on = [ 31 | module.install_common 32 | ] 33 | } 34 | 35 | ### Create custom Rancher Catalog and install rancher-monitoring for Rancher 2.6.x 36 | ### Note: Version 100.1.2+up19.0.3 and above will automatically have the controllers metrics enabled 37 | ### along with a newly created dashboard for them 38 | module "rancher_monitoring" { 39 | source = "../../../charts/rancher-monitoring" 40 | providers = { 41 | rancher2 = rancher2.admin 42 | } 43 | 44 | use_v2 = true 45 | rancher_url = module.install_common.rancher_url 46 | rancher_token = module.install_common.rancher_token 47 | charts_branch = "release-v2.6" 48 | chart_version = "100.1.3+up19.0.3" 49 | values = "../../../charts/files/rancher_monitoring_chart_values.yaml" 50 | cluster_id = data.rancher2_cluster.local.id 51 | project_id = null 52 | } 53 | 54 | module "secret_v2" { 55 | source = "../../../rancher-secret" 56 | providers = { 57 | rancher2 = rancher2.admin 58 | } 59 | 60 | use_v2 = true 61 | create_new = true 62 | immutable = true 63 | type = "Opaque" 64 | annotations = { example = "annotation" } 65 | labels = { example = "label" } 66 | cluster_id = data.rancher2_cluster.local.id 67 | name = "tf-example-secretv2" 68 | namespace = "default" 69 | data = { example = "my data value" } 70 | 71 | depends_on = [ 72 | data.rancher2_cluster_v2.local 73 | ] 74 | } 75 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-baseline-clusters/linode/cluster_v1.tf: -------------------------------------------------------------------------------- 1 | module "node_template" { 2 | source = "../../rancher-node-template" 3 | providers = { 4 | rancher2 = rancher2 5 | } 6 | 7 | create_new = var.create_node_reqs 8 | name = local.node_template_name 9 | cloud_cred_id = module.cloud_credential.id 10 | install_docker_version = var.install_docker_version 11 | cloud_provider = "linode" 12 | node_config = { 13 | image = var.image 14 | instance_type = var.server_instance_type 15 | region = var.region 16 | authorized_users = var.authorized_users 17 | tags = "RancherScaling,${local.rancher_subdomain},Owner,${local.rancher_subdomain}" 18 | } 19 | engine_fields = var.node_template_engine_fields 20 | } 21 | 22 | resource "rancher2_node_pool" "this" { 23 | cluster_id = module.rke1.id 24 | name = "rke1-pool0" 25 | hostname_prefix = substr("${local.rancher_subdomain}-${local.name_suffix}-rke1-pool0-node", 0, local.name_max_length) 26 | node_template_id = module.node_template.id 27 | quantity = try(tonumber(local.roles_per_pool[0]["quantity"]), false) 28 | control_plane = try(tobool(local.roles_per_pool[0]["control-plane"]), false) 29 | etcd = try(tobool(local.roles_per_pool[0]["etcd"]), false) 30 | worker = try(tobool(local.roles_per_pool[0]["worker"]), false) 31 | delete_not_ready_after_secs = var.auto_replace_timeout 32 | } 33 | 34 | module "rke1" { 35 | source = "../../rancher-cluster/v1" 36 | providers = { 37 | rancher2 = rancher2 38 | } 39 | 40 | name = "${local.cluster_name}-rke1" 41 | description = "TF linode nodedriver cluster ${local.cluster_name}-rke1" 42 | k8s_distribution = "rke1" 43 | k8s_version = var.rke1_version 44 | network_config = local.network_config 45 | upgrade_strategy = local.upgrade_strategy 46 | kube_api = local.kube_api 47 | agent_env_vars = var.agent_env_vars 48 | enable_cri_dockerd = var.enable_cri_dockerd 49 | 50 | depends_on = [ 51 | module.node_template 52 | ] 53 | } 54 | 55 | resource "rancher2_cluster_sync" "rke1" { 56 | cluster_id = module.rke1.id 57 | node_pool_ids = [rancher2_node_pool.this.id] 58 | state_confirm = 3 59 | } 60 | 61 | resource "local_file" "rke1_kube_config" { 62 | content = rancher2_cluster_sync.rke1.kube_config 63 | filename = "${path.module}/files/kube_config/${module.rke1.name}_kube_config" 64 | file_permission = "0700" 65 | } 66 | -------------------------------------------------------------------------------- /rancher-cluster-operations/charts/rancher-monitoring/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.14" 3 | required_providers { 4 | rancher2 = { 5 | source = "rancher/rancher2" 6 | } 7 | } 8 | } 9 | 10 | locals { 11 | default_values = abspath("${path.module}/files/rancher_monitoring_chart_values.yaml") 12 | values = try(length(var.values) > 0 ? var.values : local.default_values, local.default_values) 13 | } 14 | 15 | resource "rancher2_catalog" "charts_custom" { 16 | count = var.use_v2 ? 0 : 1 17 | name = "rancher-charts-custom" 18 | url = var.charts_repo 19 | branch = var.charts_branch 20 | 21 | timeouts { 22 | create = try(var.timeouts.create, null) 23 | update = try(var.timeouts.update, null) 24 | delete = try(var.timeouts.delete, null) 25 | } 26 | } 27 | 28 | resource "rancher2_app" "rancher_monitoring" { 29 | count = var.use_v2 ? 0 : 1 30 | catalog_name = "rancher-charts-custom" 31 | name = "rancher-monitoring" 32 | project_id = var.project_id 33 | template_name = "rancher-monitoring" 34 | template_version = var.chart_version 35 | target_namespace = "cattle-monitoring-system" 36 | values_yaml = base64encode(file(local.values)) 37 | 38 | timeouts { 39 | create = try(var.timeouts.create, null) 40 | update = try(var.timeouts.update, null) 41 | delete = try(var.timeouts.delete, null) 42 | } 43 | 44 | depends_on = [ 45 | rancher2_catalog.charts_custom 46 | ] 47 | } 48 | 49 | resource "rancher2_catalog_v2" "charts_custom" { 50 | count = var.use_v2 ? 1 : 0 51 | 52 | cluster_id = var.cluster_id 53 | name = "rancher-charts-custom" 54 | git_repo = var.charts_repo 55 | git_branch = var.charts_branch 56 | 57 | timeouts { 58 | create = try(var.timeouts.create, null) 59 | update = try(var.timeouts.update, null) 60 | delete = try(var.timeouts.delete, null) 61 | } 62 | 63 | provisioner "local-exec" { 64 | command = <<-EOT 65 | sleep 10 66 | EOT 67 | } 68 | } 69 | 70 | resource "rancher2_app_v2" "rancher_monitoring" { 71 | count = var.use_v2 ? 1 : 0 72 | 73 | cluster_id = var.cluster_id 74 | name = "rancher-monitoring" 75 | namespace = "cattle-monitoring-system" 76 | repo_name = "rancher-charts-custom" 77 | chart_name = "rancher-monitoring" 78 | chart_version = var.chart_version 79 | values = file(local.values) 80 | 81 | timeouts { 82 | create = try(var.timeouts.create, null) 83 | update = try(var.timeouts.update, null) 84 | delete = try(var.timeouts.delete, null) 85 | } 86 | 87 | depends_on = [ 88 | rancher2_catalog_v2.charts_custom 89 | ] 90 | } 91 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-examples/cluster-linode/main.tf: -------------------------------------------------------------------------------- 1 | module "linode_cloud_credential" { 2 | source = "../../rancher-cloud-credential" 3 | create_new = true 4 | name = "${local.rancher_subdomain}-${random_pet.this.id}" 5 | cloud_provider = "linode" 6 | credential_config = { 7 | token = var.linode_token 8 | } 9 | } 10 | 11 | module "linode_node_template" { 12 | source = "../../rancher-node-template" 13 | create_new = true 14 | name = "${local.rancher_subdomain}-${random_pet.this.id}-node-template" 15 | cloud_cred_id = module.linode_cloud_credential.id 16 | install_docker_version = "20.10" 17 | cloud_provider = "linode" 18 | node_config = { 19 | image = var.image 20 | instance_type = var.node_instance_type 21 | region = var.region 22 | } 23 | } 24 | 25 | resource "rancher2_node_pool" "this" { 26 | count = 1 27 | cluster_id = module.linode_cluster_v1.id 28 | name = "${local.rancher_subdomain}-${random_pet.this.id}-${count.index}" 29 | hostname_prefix = "${local.rancher_subdomain}-${random_pet.this.id}-pool${count.index}-node" 30 | node_template_id = module.linode_node_template.id 31 | quantity = 1 32 | control_plane = true 33 | etcd = true 34 | worker = true 35 | } 36 | 37 | module "linode_cluster_v1" { 38 | source = "../../rancher-cluster/v1" 39 | name = "${local.rancher_subdomain}-${random_pet.this.id}-cluster" 40 | description = "TF linode nodedriver cluster" 41 | labels = { 42 | distribution = var.k8s_distribution, 43 | cloud = "linode" 44 | } 45 | k8s_distribution = var.k8s_distribution 46 | k8s_version = var.k8s_version 47 | ### In order to setup the linode custom cloud provider you may follow the linode documentation here: https://www.linode.com/docs/guides/how-to-deploy-kubernetes-on-linode-with-rancher-2-x/ 48 | # cloud_provider = custom 49 | network_config = { 50 | plugin = "canal" 51 | mtu = null 52 | } 53 | upgrade_strategy = { 54 | drain = false 55 | } 56 | 57 | depends_on = [ 58 | module.linode_node_template 59 | ] 60 | } 61 | 62 | resource "rancher2_cluster_sync" "this" { 63 | cluster_id = module.linode_cluster_v1.id 64 | node_pool_ids = rancher2_node_pool.this[*].id 65 | state_confirm = 5 66 | 67 | timeouts { 68 | create = "15m" 69 | update = "15m" 70 | delete = "15m" 71 | } 72 | } 73 | 74 | module "secret" { 75 | source = "../../rancher-secret" 76 | name_prefix = "linode-secret" 77 | cluster_id = rancher2_cluster_sync.this.id 78 | data = { 79 | example_secret = "True" 80 | } 81 | } 82 | -------------------------------------------------------------------------------- /linode-infra/rancher-nodebalancer/main.tf: -------------------------------------------------------------------------------- 1 | terraform { 2 | required_version = ">= 0.13" 3 | required_providers { 4 | linode = { 5 | source = "linode/linode" 6 | } 7 | } 8 | } 9 | 10 | locals { 11 | ports = [80, 443, 6443] 12 | } 13 | 14 | resource "linode_nodebalancer" "this" { 15 | label = var.label 16 | region = var.region 17 | client_conn_throttle = 0 18 | tags = var.tags 19 | } 20 | 21 | resource "linode_nodebalancer_config" "this" { 22 | count = length(local.ports) 23 | 24 | nodebalancer_id = linode_nodebalancer.this.id 25 | port = local.ports[count.index] 26 | protocol = "tcp" 27 | check = "connection" 28 | check_timeout = 6 29 | check_path = "/healthz" 30 | stickiness = "table" 31 | } 32 | 33 | ### Adding linodes to nodebalancer 34 | resource "linode_nodebalancer_node" "nlb_80" { 35 | count = var.node_count 36 | nodebalancer_id = linode_nodebalancer.this.id 37 | config_id = linode_nodebalancer_config.this[0].id 38 | label = substr("${var.linodes[count.index].label}-${local.ports[0]}", 0, 32) 39 | address = "${var.linodes[count.index].private_ip_address}:${local.ports[0]}" 40 | mode = "accept" 41 | } 42 | 43 | resource "linode_nodebalancer_node" "nlb_443" { 44 | count = var.node_count 45 | nodebalancer_id = linode_nodebalancer.this.id 46 | config_id = linode_nodebalancer_config.this[1].id 47 | label = substr("${var.linodes[count.index].label}-${local.ports[1]}", 0, 32) 48 | address = "${var.linodes[count.index].private_ip_address}:${local.ports[1]}" 49 | mode = "accept" 50 | } 51 | 52 | resource "linode_nodebalancer_node" "nlb_6443" { 53 | count = var.node_count 54 | nodebalancer_id = linode_nodebalancer.this.id 55 | config_id = linode_nodebalancer_config.this[2].id 56 | label = substr("${var.linodes[count.index].label}-${local.ports[2]}", 0, 32) 57 | address = "${var.linodes[count.index].private_ip_address}:${local.ports[2]}" 58 | mode = "accept" 59 | } 60 | ### End adding linodes to nodebalancer 61 | 62 | output "id" { 63 | value = linode_nodebalancer.this.id 64 | } 65 | 66 | output "hostname" { 67 | value = linode_nodebalancer.this.hostname 68 | } 69 | 70 | output "ipv4" { 71 | value = linode_nodebalancer.this.ipv4 72 | } 73 | 74 | output "ipv6" { 75 | value = linode_nodebalancer.this.ipv6 76 | } 77 | 78 | output "created" { 79 | value = linode_nodebalancer.this.created 80 | } 81 | 82 | output "updated" { 83 | value = linode_nodebalancer.this.updated 84 | } 85 | 86 | output "transfer" { 87 | value = linode_nodebalancer.this.transfer 88 | } 89 | -------------------------------------------------------------------------------- /rancher-cluster-operations/rancher-examples/rancher-setup/2.5.x/main.tf: -------------------------------------------------------------------------------- 1 | ## install common components for Rancher local clusters (cert-manager + Rancher) 2 | module "install_common" { 3 | source = "../../../install-common" 4 | providers = { 5 | rancher2 = rancher2.bootstrap 6 | } 7 | 8 | kube_config_path = var.kube_config_path 9 | subdomain = local.rancher_subdomain 10 | domain = local.rancher_domain 11 | install_certmanager = true 12 | install_rancher = true 13 | certmanager_version = "1.8.1" 14 | 15 | helm_rancher_chart_values_path = "../../../install-common/files/rancher_chart_values.tftpl" 16 | letsencrypt_email = var.letsencrypt_email 17 | rancher_image = "rancher/rancher" 18 | rancher_version = var.rancher_version 19 | rancher_password = var.rancher_password 20 | use_new_bootstrap = false 21 | rancher_node_count = var.rancher_node_count 22 | cattle_prometheus_metrics = true 23 | } 24 | 25 | data "rancher2_cluster" "local" { 26 | provider = rancher2.admin 27 | 28 | name = "local" 29 | depends_on = [ 30 | module.install_common 31 | ] 32 | } 33 | 34 | ## Create custom Rancher Catalog and install rancher-monitoring for Rancher 2.5.x 35 | module "rancher_monitoring" { 36 | source = "../../../charts/rancher-monitoring" 37 | providers = { 38 | rancher2 = rancher2.admin 39 | } 40 | 41 | use_v2 = false 42 | rancher_url = module.install_common.rancher_url 43 | rancher_token = module.install_common.rancher_token 44 | charts_branch = "release-v2.5" 45 | chart_version = "16.6.1+up16.6.0" 46 | values = "../../../charts/files/rancher_monitoring_chart_values.yaml" 47 | cluster_id = data.rancher2_cluster.local.id 48 | project_id = data.rancher2_cluster.local.default_project_id 49 | } 50 | 51 | ### Setup and install the custom controller metrics dashboards for rancher-monitoring 52 | module "controller_metrics" { 53 | source = "../../../rancher-controller-metrics" 54 | rancher_token = var.rancher_token 55 | rancher_version = var.rancher_version 56 | 57 | depends_on = [ 58 | module.rancher_monitoring 59 | ] 60 | } 61 | 62 | module "secret" { 63 | source = "../../../rancher-secret" 64 | providers = { 65 | rancher2 = rancher2.admin 66 | } 67 | 68 | use_v2 = false 69 | create_new = true 70 | annotations = { example = "annotation" } 71 | labels = { example = "label" } 72 | description = "Example description of secret" 73 | project_id = data.rancher2_cluster.local.default_project_id 74 | name = "tf-example-secret" 75 | namespace = "default" 76 | data = { example = "my data value" } 77 | } 78 | -------------------------------------------------------------------------------- /cluster-with-nodes/modules/downstream-k3s-nodes/files/worker_userdata.tmpl: -------------------------------------------------------------------------------- 1 | #cloud-config 2 | ssh_authorized_keys: 3 | - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaitXW9CBM/yxEhVaBQ9WEB8KEdwbzlMk6M2URfbr07mA9Rk3ssWf2hS3RMwF76rasRLmrjsge1Q9cc8uck722vs8qCpwz/aMnsHF8kfnifkv3JKgfYCTkVzbsW7HzNmmkbsBVPS2tlVDpG+cHQNwZMgo1MGVJqAvPnrKlLzSj/XVeBKYV8a7/GLwrJTiXegitkyE3i1L42aMwzGDwEDnKkFBYW1JXXim0j97ztWy8YaScuptqd9WJ5NfHgUGfhFSYKlEX+FP5x0oyLVgGRmoUh7NellALQ9mWW+tJgSd7oWPoeJtHLAVMoiX02w1OtBUOFq1s0IJ9nDdU/I9v+grP chriskim@Endeavor 4 | write_files: 5 | - path: /etc/docker/daemon.json 6 | permissions: '0770' 7 | content: | 8 | { 9 | "cluster-store": "consul://${consul_store}:8500", 10 | "cluster-advertise": "eth0:2376" 11 | } 12 | runcmd: 13 | - echo "net.ipv4.ip_local_port_range = 15000 61000" >> /etc/sysctl.conf 14 | - echo "fs.file-max = 12000500" >> /etc/sysctl.conf 15 | - echo "fs.nr_open = 20000500" >> /etc/sysctl.conf 16 | - echo "net.ipv4.tcp_mem = 10000000 10000000 10000000" >> /etc/sysctl.conf 17 | - sysctl -w net.core.rmem_max=8388608 18 | - sysctl -w net.core.wmem_max=8388608 19 | - sysctl -w net.core.rmem_default=65536 20 | - sysctl -w net.core.wmem_default=65536 21 | - sysctl -w net.ipv4.tcp_rmem='4096 87380 8388608' 22 | - sysctl -w net.ipv4.tcp_wmem='4096 65536 8388608' 23 | - sysctl -w net.ipv4.tcp_mem='8388608 8388608 8388608' 24 | - sysctl -w net.ipv4.route.flush=1 25 | - ulimit -n 20000000 26 | - echo "# " >> /etc/security/limits.d/limits.conf 27 | - echo " * soft nofile 20000000" >> /etc/security/limits.d/limits.conf 28 | - echo " * hard nofile 20000000" >> /etc/security/limits.d/limits.conf 29 | - sysctl -p 30 | - apt-get update 31 | - apt-get install -y vim software-properties-common resolvconf linux-headers-$(uname -r) 32 | - echo "nameserver 1.1.1.1" > /etc/resolvconf/resolv.conf.d/tail 33 | - systemctl start resolvconf 34 | - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - 35 | - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" 36 | - apt-get update 37 | - apt-get -y install docker-ce 38 | # - DEBIAN_FRONTEND=noninteractive apt-get upgrade -y 39 | #- curl -s https://raw.githubusercontent.com/rancher/k3d/master/install.sh | bash 40 | - wget https://github.com/Oats87/k3d/releases/download/network1/k3d-linux-amd64 -O /usr/local/bin/k3d 41 | - chmod +x /usr/local/bin/k3d 42 | - sleep 5 43 | - while true; do curl -sk ${k3s_endpoint}/ping 2>&1 | grep -q "pong"; if [ $? != 0 ]; then echo "notreadyyet"; sleep 5; continue; fi; break; done; echo "yep"; 44 | - k3d add-node -n "k3s-cluster-i${current_instance}" --network "k3d-k3s-cluster" --k3s-token="${k3s_token}" --k3s "${k3s_endpoint}" --count "${agents_per_node}" --image="${install_k3s_version}" --arg --flannel-iface=eth0 -------------------------------------------------------------------------------- /testing/README.md: -------------------------------------------------------------------------------- 1 | # How setup environment 2 | 1. `sudo pip install virtualenv` 3 | 2. `mkdir -p ~/.venv/rancher-scaling` 4 | 3. `virtualenv -p python3 ~/.venv/rancher-scaling` 5 | 4. `source ~/.venv/rancher-scaling/bin/activate` 6 | 5. `pip install -r requirements.txt` 7 | 6. `deactivate` 8 | 9 | # How to use 10 | 1. `source ~/.venv/rancher-scaling/bin/activate` 11 | 2. set environment variable "AWS_ACCESS_KEY_ID" to access key 12 | 3. set environment variable "AWS_SECRET_ACCESS_KEY" to secret key 13 | 14 | ## For full scaling setup and test 15 | 4. set environment variable "TF_VAR_cluster_name" to something, preferrably your name, that can be used to distinguish clusters created by this instance ofscale-testing 16 | 5. set environment variable "TF_VAR_server_instance_type", at least m5.xlarge is recommended- this is for the nodes containing k3s clusters 17 | 6. set environment variable "TF_VAR_k3s_per_node" to 1 18 | 7. set environment variable "TF_VAR_TF_VAR_ec2_instances_per_cluster" to 1 19 | 8. set environment variable "TF_VAR_cluster_count", this is the number of cluster being put on a single node, 12-15 for m5.xlarge 20 | 9. set environment variable "TF_VAR_worker_instance_type", won't be used, so set to t2.small 21 | 10. (optional) set environment variable "RANCHER_SCALING_GOAL" to number of desired clusters 22 | 11. (optional) set environment variable "RANCHER_SCALING_BATCH_SIZE" to number of nodes to create for cluster load. This multiplied by "TF_VAR_cluster_count" is the total number of clusters provisioned at once. 23 | 12. (optional) set environment variable "TF_VAR_rancher_node_count", default is 1 which is for single rancher install, set to 3 for HA 24 | 13. (optional) set environment variable "TF_VAR_rancher_instance_type", default is m5.xlarge- for 1k+ loads m5.4xlarge is recommended 25 | 14. (optional) set environment variable "TF_VAR_rancher_image", "TF_VAR_rancher_image_tag", default is rancher/rancher and master respectively 26 | 27 | ## For just tests 28 | 4. set environment variable "RANCHER_SCALING_URL" to rancher url. 29 | 5. set environment variable "RANCHER_SCALING_TOKEN" to rancher token. 30 | 6. run `python testbench.py`. 31 | 7. (optional) can run `jupyter notebook` and select "Scaling Summary". 32 | 8. (when done) `deactivate` 33 | 34 | # Options 35 | ### There are multiple optional parameters that can be configured with environment variables. 36 | ### Below are the environment variables that can be set and what they do. If these are not set, 37 | ### they will be given default values. 38 | 39 | RANCHER_SCALING_PULSE: time to wait between each iteration 40 | RANCHER_SCALING_JITTER: random number within this range will be added to every "pulse" 41 | RANCHER_SCALING_ITERATIONS: number of times to run full suite of metrics 42 | RANCHER_SCALING_SAVE: amount of time to wait in between saving results to csv 43 | -------------------------------------------------------------------------------- /control-plane/modules/aws-infra/data.tf: -------------------------------------------------------------------------------- 1 | data "aws_region" "current" {} 2 | 3 | data "aws_vpc" "default" { 4 | default = false 5 | id = var.vpc_id 6 | } 7 | 8 | data "aws_subnets" "available" { 9 | filter { 10 | name = "vpc-id" 11 | values = [data.aws_vpc.default.id] 12 | } 13 | } 14 | 15 | data "aws_route53_zone" "dns_zone" { 16 | count = local.use_route53 ? 1 : 0 17 | name = local.r53_domain 18 | } 19 | 20 | data "aws_ami" "ubuntu" { 21 | most_recent = true 22 | owners = ["099720109477"] 23 | 24 | filter { 25 | name = "name" 26 | values = ["ubuntu/images/*/ubuntu-bionic-18.04-*"] 27 | } 28 | 29 | filter { 30 | name = "virtualization-type" 31 | values = ["hvm"] 32 | } 33 | 34 | filter { 35 | name = "root-device-type" 36 | values = ["ebs"] 37 | } 38 | 39 | filter { 40 | name = "architecture" 41 | values = ["x86_64"] 42 | } 43 | } 44 | 45 | data "cloudinit_config" "server" { 46 | gzip = false 47 | base64_encode = true 48 | 49 | # Main cloud-config configuration file. 50 | part { 51 | filename = "00_cloud-config-base.yaml" 52 | content_type = "text/cloud-config" 53 | content = templatefile("${path.module}/files/cloud-config-base.tmpl", { 54 | ssh_keys = var.ssh_keys, 55 | } 56 | ) 57 | } 58 | 59 | # part { 60 | # filename = "01_base.sh" 61 | # content_type = "text/x-shellscript" 62 | # content = file("${path.module}/files/base.sh") 63 | # merge_type = "list(append)+dict(recurse_array)+str()" 64 | # } 65 | 66 | part { 67 | filename = "02_k8s-setup.sh" 68 | content_type = "text/x-shellscript" 69 | content = file("${path.module}/files/k8s-setup.sh") 70 | merge_type = "list(append)+dict(recurse_array)+str()" 71 | } 72 | 73 | part { 74 | filename = "03_docker-install.sh" 75 | content_type = "text/x-shellscript" 76 | content = templatefile("${path.module}/files/docker-install.sh", { 77 | install_docker_version = local.install_docker_version, 78 | } 79 | ) 80 | merge_type = "list(append)+dict(recurse_array)+str()" 81 | } 82 | dynamic "part" { 83 | for_each = var.user_data_parts 84 | content { 85 | filename = part.value.filename 86 | content_type = part.value.content_type 87 | content = part.value.content 88 | } 89 | } 90 | } 91 | 92 | data "aws_instances" "nodes" { 93 | instance_tags = { 94 | Name = local.instance_names 95 | Owner = var.user 96 | } 97 | depends_on = [ 98 | aws_autoscaling_group.server 99 | ] 100 | } 101 | 102 | data "aws_security_group" "extras" { 103 | count = length(var.extra_security_groups) 104 | name = var.extra_security_groups[count.index] 105 | } 106 | --------------------------------------------------------------------------------