From bf68a2b6b6e77fec4adee7fcca4ef1c139baf690 Mon Sep 17 00:00:00 2001 From: dkeightley Date: Fri, 10 Jan 2025 16:53:43 +1300 Subject: [PATCH 1/2] Add sles as default image --- README.md | 2 +- modules/infra/aws/data.tf | 15 +++++ modules/infra/aws/docs.md | 6 +- modules/infra/aws/main.tf | 2 +- modules/infra/aws/variables.tf | 25 +++++++- recipes/rke/split-roles/aws/docs.md | 4 +- recipes/rke/split-roles/aws/main.tf | 18 ++++-- .../split-roles/aws/terraform.tfvars.example | 57 +++++++++++++++++++ recipes/rke/split-roles/aws/variables.tf | 16 +++++- recipes/standalone/aws/rke/docs.md | 4 +- recipes/standalone/aws/rke/main.tf | 14 +++-- .../aws/rke/terraform.tfvars.example | 7 +++ recipes/standalone/aws/rke/variables.tf | 16 +++++- recipes/upstream/aws/k3s/docs.md | 6 +- recipes/upstream/aws/k3s/main.tf | 15 +++-- .../upstream/aws/k3s/terraform.tfvars.example | 7 +++ recipes/upstream/aws/k3s/variables.tf | 16 +++++- recipes/upstream/aws/rke/docs.md | 6 +- .../upstream/aws/rke/terraform.tfvars.example | 7 +++ recipes/upstream/aws/rke/user_data.tmpl | 2 +- recipes/upstream/aws/rke/variables.tf | 18 +++++- recipes/upstream/aws/rke2/docs.md | 4 +- recipes/upstream/aws/rke2/main.tf | 9 ++- .../aws/rke2/terraform.tfvars.example | 7 +++ recipes/upstream/aws/rke2/variables.tf | 16 +++++- 25 files changed, 258 insertions(+), 41 deletions(-) create mode 100644 recipes/rke/split-roles/aws/terraform.tfvars.example diff --git a/README.md b/README.md index bf825b36..732b0314 100644 --- a/README.md +++ b/README.md @@ -65,7 +65,7 @@ Git clone can be performed only after setting up the required ssh keys. Please r #### Terraform -Terraform should be installed on your local or remote computer where the repository is cloned. Please refer [here](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli) for installation instructions. +Terraform (v1.9 or greater) should be installed on your local or remote computer where the repository is cloned. Please refer [here](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli) for installation instructions. ### What's next diff --git a/modules/infra/aws/data.tf b/modules/infra/aws/data.tf index 03859e23..96587eb4 100644 --- a/modules/infra/aws/data.tf +++ b/modules/infra/aws/data.tf @@ -14,3 +14,18 @@ data "aws_ami" "ubuntu" { values = ["hvm"] } } + +data "aws_ami" "sles" { + most_recent = true + owners = ["679593333241"] # SUSE + + filter { + name = "name" + values = ["suse-sles-15-sp6-byos-*-hvm-ssd-x86_64-*"] + } + + filter { + name = "virtualization-type" + values = ["hvm"] + } +} \ No newline at end of file diff --git a/modules/infra/aws/docs.md b/modules/infra/aws/docs.md index 9a4a1c4a..ae96894a 100644 --- a/modules/infra/aws/docs.md +++ b/modules/infra/aws/docs.md @@ -25,6 +25,7 @@ No modules. | [aws_security_group.sg_allowall](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource | | [local_file.private_key_pem](https://registry.terraform.io/providers/hashicorp/local/latest/docs/resources/file) | resource | | [tls_private_key.ssh_private_key](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key) | resource | +| [aws_ami.sles](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source | | [aws_ami.ubuntu](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source | ## Inputs @@ -38,17 +39,19 @@ No modules. | [create\_security\_group](#input\_create\_security\_group) | Should create the security group associated with the instance(s) | `bool` | `true` | no | | [create\_ssh\_key\_pair](#input\_create\_ssh\_key\_pair) | Specify if a new SSH key pair needs to be created for the instances | `bool` | `false` | no | | [iam\_instance\_profile](#input\_iam\_instance\_profile) | Specify IAM Instance Profile to assign to the instances/nodes | `string` | `null` | no | +| [instance\_ami](#input\_instance\_ami) | Override the default SLES or Ubuntu AMI | `string` | `null` | no | | [instance\_count](#input\_instance\_count) | Number of EC2 instances to create | `number` | `3` | no | | [instance\_disk\_size](#input\_instance\_disk\_size) | Specify root disk size (GB) | `string` | `"80"` | no | | [instance\_security\_group](#input\_instance\_security\_group) | Provide a pre-existing security group ID | `string` | `null` | no | | [instance\_type](#input\_instance\_type) | Instance type used for all EC2 instances | `string` | `"t3.medium"` | no | +| [os\_type](#input\_os\_type) | Use SLES or Ubuntu images when launching instances (sles or ubuntu) | `string` | `"sles"` | no | | [prefix](#input\_prefix) | Prefix added to names of all resources | `string` | `"rancher-terraform"` | no | | [spot\_instances](#input\_spot\_instances) | Use spot instances | `bool` | `false` | no | | [ssh\_key](#input\_ssh\_key) | Contents of the private key to connect to the instances. | `string` | `null` | no | | [ssh\_key\_pair\_name](#input\_ssh\_key\_pair\_name) | Specify the SSH key name to use (that's already present in AWS) | `string` | `null` | no | | [ssh\_key\_pair\_path](#input\_ssh\_key\_pair\_path) | Path to the SSH private key used as the key pair (that's already present in AWS) | `string` | `null` | no | | [ssh\_private\_key\_path](#input\_ssh\_private\_key\_path) | Path to write the generated SSH private key | `string` | `null` | no | -| [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access | `string` | `"ubuntu"` | no | +| [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access | `string` | `null` | no | | [subnet\_id](#input\_subnet\_id) | VPC Subnet ID to create the instance(s) in | `string` | `null` | no | | [tag\_begin](#input\_tag\_begin) | When module is being called mode than once, begin tagging from this number | `number` | `1` | no | | [tags](#input\_tags) | User-provided tags for the resources | `map(string)` | `{}` | no | @@ -65,6 +68,5 @@ No modules. | [instances\_public\_ip](#output\_instances\_public\_ip) | n/a | | [node\_username](#output\_node\_username) | n/a | | [sg-id](#output\_sg-id) | n/a | -| [ssh\_key](#output\_ssh\_key) | n/a | | [ssh\_key\_pair\_name](#output\_ssh\_key\_pair\_name) | n/a | | [ssh\_key\_path](#output\_ssh\_key\_path) | n/a | diff --git a/modules/infra/aws/main.tf b/modules/infra/aws/main.tf index 724f3814..5d3f0a2b 100644 --- a/modules/infra/aws/main.tf +++ b/modules/infra/aws/main.tf @@ -75,7 +75,7 @@ resource "aws_security_group" "sg_allowall" { resource "aws_instance" "instance" { count = var.instance_count - ami = data.aws_ami.ubuntu.id + ami = var.instance_ami != null ? var.instance_ami : var.os_type == "sles" ? data.aws_ami.sles.id : data.aws_ami.ubuntu.id instance_type = var.instance_type subnet_id = var.subnet_id diff --git a/modules/infra/aws/variables.tf b/modules/infra/aws/variables.tf index ea4dc590..e62a6e29 100644 --- a/modules/infra/aws/variables.tf +++ b/modules/infra/aws/variables.tf @@ -84,6 +84,22 @@ variable "instance_count" { nullable = false } +variable "instance_ami" { + type = string + description = "Override the default SLES or Ubuntu AMI" + default = null +} + +variable "os_type" { + type = string + description = "Use SLES or Ubuntu images when launching instances (sles or ubuntu)" + default = "sles" + validation { + condition = contains(["sles", "ubuntu"], var.os_type) + error_message = "The operating system type must be 'sles' or 'ubuntu'." + } +} + variable "vpc_id" { type = string description = "VPC ID to create the instance(s) in" @@ -148,8 +164,11 @@ variable "instance_security_group" { variable "ssh_username" { type = string description = "Username used for SSH with sudo access" - default = "ubuntu" - nullable = false + default = null + validation { + condition = var.ssh_username != null + error_message = "An SSH username must be provided" + } } variable "spot_instances" { @@ -185,4 +204,4 @@ variable "tags" { description = "User-provided tags for the resources" type = map(string) default = {} -} +} \ No newline at end of file diff --git a/recipes/rke/split-roles/aws/docs.md b/recipes/rke/split-roles/aws/docs.md index 8d44c5e5..8ff76424 100644 --- a/recipes/rke/split-roles/aws/docs.md +++ b/recipes/rke/split-roles/aws/docs.md @@ -33,6 +33,7 @@ No resources. | [dependency](#input\_dependency) | An optional variable to add a dependency from another resource (not used) | `any` | `null` | no | | [docker\_version](#input\_docker\_version) | Docker version to install on nodes | `string` | `"23.0.6"` | no | | [install\_docker](#input\_install\_docker) | Should install docker while creating the instance | `bool` | `true` | no | +| [instance\_ami](#input\_instance\_ami) | Override the default SLES or Ubuntu AMI | `string` | `null` | no | | [instance\_security\_group](#input\_instance\_security\_group) | Provide a pre-existing security group ID | `string` | `null` | no | | [instance\_security\_group\_name](#input\_instance\_security\_group\_name) | Provide a pre-existing security group name | `string` | `null` | no | | [kube\_config\_filename](#input\_kube\_config\_filename) | Filename to write the kube config | `string` | `null` | no | @@ -42,11 +43,12 @@ No resources. | [master\_nodes\_iam\_instance\_profile](#input\_master\_nodes\_iam\_instance\_profile) | Specify IAM instance profile to attach to master nodes | `string` | `null` | no | | [master\_nodes\_instance\_disk\_size](#input\_master\_nodes\_instance\_disk\_size) | Disk size used for all master nodes (in GB) | `string` | `"80"` | no | | [master\_nodes\_instance\_type](#input\_master\_nodes\_instance\_type) | Instance type used for all master nodes | `string` | `"t3.medium"` | no | +| [os\_type](#input\_os\_type) | Use SLES or Ubuntu images when launching instances (sles or ubuntu) | `string` | `null` | no | | [prefix](#input\_prefix) | Prefix added to names of all resources | `string` | n/a | yes | | [ssh\_key](#input\_ssh\_key) | Contents of the private key to connect to the instances. | `string` | `null` | no | | [ssh\_key\_pair\_name](#input\_ssh\_key\_pair\_name) | Specify the SSH key name to use (that's already present in AWS) | `string` | `null` | no | | [ssh\_key\_pair\_path](#input\_ssh\_key\_pair\_path) | Path to the SSH private key used as the key pair (that's already present in AWS) | `string` | `null` | no | -| [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access | `string` | `"ubuntu"` | no | +| [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access, must align with the AMI in use | `string` | `null` | no | | [subnet\_id](#input\_subnet\_id) | VPC Subnet ID to create the instance(s) in | `string` | `null` | no | | [tags](#input\_tags) | User-provided tags for the resources | `map(string)` | `{}` | no | | [vpc\_id](#input\_vpc\_id) | VPC ID to create the instance(s) in | `string` | `null` | no | diff --git a/recipes/rke/split-roles/aws/main.tf b/recipes/rke/split-roles/aws/main.tf index f7ab3d8c..7788f1c0 100644 --- a/recipes/rke/split-roles/aws/main.tf +++ b/recipes/rke/split-roles/aws/main.tf @@ -1,3 +1,7 @@ +locals { + ssh_username = var.instance_ami != null ? var.ssh_username : var.os_type == "sles" ? "ec2-user" : "ubuntu" +} + module "master_nodes" { source = "../../../../modules/infra/aws" @@ -5,11 +9,13 @@ module "master_nodes" { instance_count = var.master_nodes_count instance_type = var.master_nodes_instance_type instance_disk_size = var.master_nodes_instance_disk_size + instance_ami = var.instance_ami + os_type = var.os_type create_ssh_key_pair = var.create_ssh_key_pair ssh_key_pair_name = var.ssh_key_pair_name ssh_key_pair_path = var.ssh_key_pair_path ssh_key = var.ssh_key - ssh_username = var.ssh_username + ssh_username = local.ssh_username aws_region = var.aws_region create_security_group = var.create_security_group instance_security_group = var.instance_security_group @@ -18,7 +24,7 @@ module "master_nodes" { user_data = templatefile("${path.module}/user_data.tmpl", { install_docker = var.install_docker - username = var.ssh_username + username = local.ssh_username docker_version = var.docker_version } ) @@ -33,11 +39,13 @@ module "worker_nodes" { instance_count = var.worker_nodes_count instance_type = var.worker_nodes_instance_type instance_disk_size = var.worker_nodes_instance_disk_size + instance_ami = var.instance_ami + os_type = var.os_type create_ssh_key_pair = var.create_ssh_key_pair ssh_key_pair_name = var.ssh_key_pair_name ssh_key_pair_path = var.ssh_key_pair_path ssh_key = var.ssh_key - ssh_username = var.ssh_username + ssh_username = local.ssh_username aws_region = var.aws_region create_security_group = var.create_security_group instance_security_group = var.instance_security_group @@ -46,7 +54,7 @@ module "worker_nodes" { user_data = templatefile("${path.module}/user_data.tmpl", { install_docker = var.install_docker - username = var.ssh_username + username = local.ssh_username docker_version = var.docker_version } ) @@ -82,7 +90,7 @@ locals { module "rke" { source = "../../../../modules/distribution/rke" prefix = var.prefix - node_username = var.ssh_username + node_username = local.ssh_username create_kubeconfig_file = var.create_kubeconfig_file kube_config_path = var.kube_config_path kube_config_filename = var.kube_config_filename diff --git a/recipes/rke/split-roles/aws/terraform.tfvars.example b/recipes/rke/split-roles/aws/terraform.tfvars.example new file mode 100644 index 00000000..73be4026 --- /dev/null +++ b/recipes/rke/split-roles/aws/terraform.tfvars.example @@ -0,0 +1,57 @@ +###### !! Required variables !! ###### + +## -- Terraform will use the default ~/.aws/credentials file or environment variables to determine the access/secret keys. Uncomment the below only if necessary. +# aws_access_key = "ACCESS_KEY_HERE" +# aws_secret_key = "SECRET_KEY_HERE" + +## -- AWS region to create the resources, uncomment one or adjust as needed +# aws_region = "us-east-1" # US, Virginia +# aws_region = "us-west-2" # US, Oregon +# aws_region = "eu-west-1" # EU, Ireland +# aws_region = "eu-west-1" # EU, Frankfurt +# aws_region = "ap-southeast-2" # AU, Sydney +# aws_region = "ap-south-1" # IN, Mumbai + +## -- Set the prefix for the name tag on instancrease created. A default prefix (rancher-terraform) if not provided. +prefix = "my-name-here" + +###### !! Optional variables !! ###### + +## -- Password to set when installing Rancher, otherwise use default (initial-admin-password) +# rancher_password = "at-least-12-characters" + +## -- Rancher version to use when installing the Rancher helm chart, otherwise use the latest in the stable repository +# rancher_version = "2.7.3" + +## -- Override the default k8s version used by RKE +# kubernetes_version = "v1.24.10-rancher4-1" + +## -- Number and type of EC2 instances to launch +master_nodes_count = 1 +worker_nodes_count = 1 +# master_nodes_instance_type = "t3.medium" +# worker_nodes_instance_type = "t3.medium" + +## -- Use spot instances +# spot_instances = false + +### -- Use SLES or Ubuntu images when launching instances (sles or ubuntu) +# os_type = "sles" +## - SSH username (must match the SSH user for the AMI used) +# ssh_username = "ec2-user" +## - Custom AMI to launch instances with +# instance_ami = "ami-xxxx" + +##### SSH +## -- (A) Create a new keypair in AWS +create_ssh_key_pair = true +## -- Override the default (./${prefix}_ssh_private_key.pem) path where this SSH key is written +# ssh_private_key_path = "/path/to/private/key.pem" + +## -- (B) Provide an existing keypair name in AWS to use for nodes, the matching private key file for this keypair also must be provided so RKE can SSH to the launched nodes +# ssh_key_pair_name = "aws_keypair_name" +# ssh_key_pair_path = "/path/to/private/key.pem" +##### + +## -- Override the default (${prefix}_kube_config.yml) kubeconfig file/path +# kube_config_path = "~/.kube/rancher-terraform.yml" \ No newline at end of file diff --git a/recipes/rke/split-roles/aws/variables.tf b/recipes/rke/split-roles/aws/variables.tf index dabc8251..8cc7c579 100644 --- a/recipes/rke/split-roles/aws/variables.tf +++ b/recipes/rke/split-roles/aws/variables.tf @@ -136,8 +136,20 @@ variable "bastion_host" { variable "ssh_username" { type = string - description = "Username used for SSH with sudo access" - default = "ubuntu" + description = "Username used for SSH with sudo access, must align with the AMI in use" + default = null +} + +variable "instance_ami" { + type = string + description = "Override the default SLES or Ubuntu AMI" + default = null +} + +variable "os_type" { + type = string + description = "Use SLES or Ubuntu images when launching instances (sles or ubuntu)" + default = null } variable "master_nodes_instance_type" { diff --git a/recipes/standalone/aws/rke/docs.md b/recipes/standalone/aws/rke/docs.md index 1494e0c9..e2d6d01f 100644 --- a/recipes/standalone/aws/rke/docs.md +++ b/recipes/standalone/aws/rke/docs.md @@ -29,6 +29,7 @@ No resources. | [dependency](#input\_dependency) | An optional variable to add a dependency from another resource (not used) | `any` | `null` | no | | [docker\_version](#input\_docker\_version) | Docker version to install on nodes | `string` | `"20.10"` | no | | [install\_docker](#input\_install\_docker) | Should install docker while creating the instance | `bool` | `true` | no | +| [instance\_ami](#input\_instance\_ami) | Override the default SLES or Ubuntu AMI | `string` | `null` | no | | [instance\_count](#input\_instance\_count) | Number of EC2 instances to create | `number` | `null` | no | | [instance\_disk\_size](#input\_instance\_disk\_size) | Specify root disk size (GB) | `string` | `null` | no | | [instance\_security\_group](#input\_instance\_security\_group) | Provide a pre-existing security group ID | `string` | `null` | no | @@ -36,11 +37,12 @@ No resources. | [kube\_config\_filename](#input\_kube\_config\_filename) | Filename to write the kube config | `string` | `null` | no | | [kube\_config\_path](#input\_kube\_config\_path) | The path to write the kubeconfig for the RKE cluster | `string` | `null` | no | | [kubernetes\_version](#input\_kubernetes\_version) | Kubernetes version to use for the RKE cluster | `string` | `null` | no | +| [os\_type](#input\_os\_type) | Use SLES or Ubuntu images when launching instances (sles or ubuntu) | `string` | `null` | no | | [prefix](#input\_prefix) | Prefix added to names of all resources | `string` | `null` | no | | [spot\_instances](#input\_spot\_instances) | Use spot instances | `bool` | `null` | no | | [ssh\_key\_pair\_name](#input\_ssh\_key\_pair\_name) | Specify the SSH key name to use (that's already present in AWS) | `string` | `null` | no | | [ssh\_key\_pair\_path](#input\_ssh\_key\_pair\_path) | Path to the SSH private key used as the key pair (that's already present in AWS) | `string` | `null` | no | -| [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access | `string` | `"ubuntu"` | no | +| [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access, must align with the AMI in use | `string` | `null` | no | | [subnet\_id](#input\_subnet\_id) | VPC Subnet ID to create the instance(s) in | `string` | `null` | no | ## Outputs diff --git a/recipes/standalone/aws/rke/main.tf b/recipes/standalone/aws/rke/main.tf index e586988b..a11f77c9 100644 --- a/recipes/standalone/aws/rke/main.tf +++ b/recipes/standalone/aws/rke/main.tf @@ -1,13 +1,19 @@ +locals { + ssh_username = var.instance_ami != null ? var.ssh_username : var.os_type == "sles" ? "ec2-user" : "ubuntu" +} + module "cluster-nodes" { source = "../../../../modules/infra/aws" prefix = var.prefix instance_count = var.instance_count instance_type = var.instance_type instance_disk_size = var.instance_disk_size + instance_ami = var.instance_ami + os_type = var.os_type create_ssh_key_pair = var.create_ssh_key_pair ssh_key_pair_name = var.ssh_key_pair_name ssh_key_pair_path = var.ssh_key_pair_path - ssh_username = var.ssh_username + ssh_username = local.ssh_username spot_instances = var.spot_instances aws_region = var.aws_region create_security_group = var.create_security_group @@ -16,7 +22,7 @@ module "cluster-nodes" { user_data = templatefile("${path.module}/user_data.tmpl", { install_docker = var.install_docker - username = var.ssh_username + username = local.ssh_username docker_version = var.docker_version } ) @@ -27,7 +33,7 @@ module "rke" { prefix = var.prefix dependency = module.cluster-nodes.dependency ssh_private_key_path = module.cluster-nodes.ssh_key_path - node_username = var.ssh_username + node_username = local.ssh_username kube_config_path = var.kube_config_path kube_config_filename = var.kube_config_filename kubernetes_version = var.kubernetes_version @@ -43,4 +49,4 @@ module "rke" { hostname_override = null } ] -} +} \ No newline at end of file diff --git a/recipes/standalone/aws/rke/terraform.tfvars.example b/recipes/standalone/aws/rke/terraform.tfvars.example index c155c6ef..a104adcc 100644 --- a/recipes/standalone/aws/rke/terraform.tfvars.example +++ b/recipes/standalone/aws/rke/terraform.tfvars.example @@ -33,6 +33,13 @@ instance_count = 1 ## -- Use spot instances # spot_instances = false +### -- Use SLES or Ubuntu images when launching instances (sles or ubuntu) +# os_type = "sles" +## - SSH username (must match the SSH user for the AMI used) +# ssh_username = "ec2-user" +## - Custom AMI to launch instances with +# instance_ami = "ami-xxxx" + ##### SSH ## -- (A) Create a new keypair in AWS create_ssh_key_pair = true diff --git a/recipes/standalone/aws/rke/variables.tf b/recipes/standalone/aws/rke/variables.tf index fc4c46dc..b6d08664 100644 --- a/recipes/standalone/aws/rke/variables.tf +++ b/recipes/standalone/aws/rke/variables.tf @@ -130,8 +130,8 @@ variable "ssh_key_pair_path" { variable "ssh_username" { type = string - description = "Username used for SSH with sudo access" - default = "ubuntu" + description = "Username used for SSH with sudo access, must align with the AMI in use" + default = null } variable "spot_instances" { @@ -140,6 +140,18 @@ variable "spot_instances" { default = null } +variable "instance_ami" { + type = string + description = "Override the default SLES or Ubuntu AMI" + default = null +} + +variable "os_type" { + type = string + description = "Use SLES or Ubuntu images when launching instances (sles or ubuntu)" + default = null +} + variable "subnet_id" { type = string description = "VPC Subnet ID to create the instance(s) in" diff --git a/recipes/upstream/aws/k3s/docs.md b/recipes/upstream/aws/k3s/docs.md index f348ec9f..5ac2b21b 100644 --- a/recipes/upstream/aws/k3s/docs.md +++ b/recipes/upstream/aws/k3s/docs.md @@ -8,7 +8,7 @@ | Name | Version | |------|---------| -| [local](#provider\_local) | n/a | +| [local](#provider\_local) | 2.5.2 | | [ssh](#provider\_ssh) | 2.6.0 | ## Modules @@ -43,6 +43,7 @@ | [cert\_manager\_helm\_repository\_username](#input\_cert\_manager\_helm\_repository\_username) | Private Cert Manager helm repository username | `string` | `null` | no | | [create\_security\_group](#input\_create\_security\_group) | Should create the security group associated with the instance(s) | `bool` | `null` | no | | [create\_ssh\_key\_pair](#input\_create\_ssh\_key\_pair) | Specify if a new SSH key pair needs to be created for the instances | `bool` | `null` | no | +| [instance\_ami](#input\_instance\_ami) | Override the default SLES or Ubuntu AMI | `string` | `null` | no | | [instance\_disk\_size](#input\_instance\_disk\_size) | Specify root disk size (GB) | `string` | `null` | no | | [instance\_security\_group](#input\_instance\_security\_group) | Provide a pre-existing security group ID | `string` | `null` | no | | [instance\_type](#input\_instance\_type) | Instance type used for all EC2 instances | `string` | `null` | no | @@ -52,6 +53,7 @@ | [k3s\_version](#input\_k3s\_version) | Kubernetes version to use for the k3s cluster | `string` | `null` | no | | [kube\_config\_filename](#input\_kube\_config\_filename) | Filename to write the kube config | `string` | `null` | no | | [kube\_config\_path](#input\_kube\_config\_path) | The path to write the kubeconfig for the RKE cluster | `string` | `null` | no | +| [os\_type](#input\_os\_type) | Use SLES or Ubuntu images when launching instances (sles or ubuntu) | `string` | `"sles"` | no | | [prefix](#input\_prefix) | Prefix added to names of all resources | `string` | `null` | no | | [rancher\_bootstrap\_password](#input\_rancher\_bootstrap\_password) | Password to use when bootstrapping Rancher (min 12 characters) | `string` | `"initial-bootstrap-password"` | no | | [rancher\_helm\_repository](#input\_rancher\_helm\_repository) | Helm repository for Rancher chart | `string` | `null` | no | @@ -64,7 +66,7 @@ | [spot\_instances](#input\_spot\_instances) | Use spot instances | `bool` | `null` | no | | [ssh\_key\_pair\_name](#input\_ssh\_key\_pair\_name) | Specify the SSH key name to use (that's already present in AWS) | `string` | `null` | no | | [ssh\_key\_pair\_path](#input\_ssh\_key\_pair\_path) | Path to the SSH private key used as the key pair (that's already present in AWS) | `string` | `null` | no | -| [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access | `string` | `"ubuntu"` | no | +| [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access, must align with the AMI in use | `string` | `null` | no | | [subnet\_id](#input\_subnet\_id) | VPC Subnet ID to create the instance(s) in | `string` | `null` | no | | [wait](#input\_wait) | An optional wait before installing the Rancher helm chart | `string` | `"20s"` | no | | [worker\_instance\_count](#input\_worker\_instance\_count) | Number of worker EC2 instances to create | `number` | `null` | no | diff --git a/recipes/upstream/aws/k3s/main.tf b/recipes/upstream/aws/k3s/main.tf index fe61f54c..1a91f358 100644 --- a/recipes/upstream/aws/k3s/main.tf +++ b/recipes/upstream/aws/k3s/main.tf @@ -2,6 +2,7 @@ locals { kc_path = var.kube_config_path != null ? var.kube_config_path : path.cwd kc_file = var.kube_config_filename != null ? "${local.kc_path}/${var.kube_config_filename}" : "${local.kc_path}/${var.prefix}_kube_config.yml" kc_file_backup = "${local.kc_file}.backup" + ssh_username = var.instance_ami != null ? var.ssh_username : var.os_type == "sles" ? "ec2-user" : "ubuntu" } module "k3s_first" { @@ -18,10 +19,12 @@ module "k3s_first_server" { instance_count = 1 instance_type = var.instance_type instance_disk_size = var.instance_disk_size + instance_ami = var.instance_ami + os_type = var.os_type create_ssh_key_pair = var.create_ssh_key_pair ssh_key_pair_name = var.ssh_key_pair_name ssh_key_pair_path = var.ssh_key_pair_path - ssh_username = var.ssh_username + ssh_username = local.ssh_username spot_instances = var.spot_instances aws_region = var.aws_region create_security_group = var.create_security_group @@ -45,9 +48,11 @@ module "k3s_additional_servers" { instance_count = var.server_instance_count - 1 instance_type = var.instance_type instance_disk_size = var.instance_disk_size + instance_ami = var.instance_ami + os_type = var.os_type create_ssh_key_pair = false ssh_key_pair_name = module.k3s_first_server.ssh_key_pair_name - ssh_username = var.ssh_username + ssh_username = local.ssh_username spot_instances = var.spot_instances tag_begin = 2 aws_region = var.aws_region @@ -63,10 +68,12 @@ module "k3s_workers" { instance_count = var.worker_instance_count instance_type = var.instance_type instance_disk_size = var.instance_disk_size + instance_ami = var.instance_ami + os_type = var.os_type create_ssh_key_pair = false ssh_key_pair_name = module.k3s_first_server.ssh_key_pair_name ssh_key_pair_path = pathexpand(module.k3s_first_server.ssh_key_path) - ssh_username = var.ssh_username + ssh_username = local.ssh_username spot_instances = var.spot_instances aws_region = var.aws_region create_security_group = false @@ -85,7 +92,7 @@ resource "ssh_resource" "retrieve_kubeconfig" { commands = [ "sudo sed 's/127.0.0.1/${module.k3s_first_server.instances_public_ip[0]}/g' /etc/rancher/k3s/k3s.yaml" ] - user = var.ssh_username + user = local.ssh_username private_key = data.local_file.ssh_private_key.content } diff --git a/recipes/upstream/aws/k3s/terraform.tfvars.example b/recipes/upstream/aws/k3s/terraform.tfvars.example index 5fb3ee46..8fee2e5a 100644 --- a/recipes/upstream/aws/k3s/terraform.tfvars.example +++ b/recipes/upstream/aws/k3s/terraform.tfvars.example @@ -38,6 +38,13 @@ worker_instance_count = 1 ## -- Use spot instances # spot_instances = false +### -- Use SLES or Ubuntu images when launching instances (sles or ubuntu) +# os_type = "sles" +## - SSH username (must match the SSH user for the AMI used) +# ssh_username = "ec2-user" +## - Custom AMI to launch instances with +# instance_ami = "ami-xxxx" + ## -- K3S token, override the programmatically generated token # k3s_token = "string here" diff --git a/recipes/upstream/aws/k3s/variables.tf b/recipes/upstream/aws/k3s/variables.tf index 8a60779e..56b8f907 100644 --- a/recipes/upstream/aws/k3s/variables.tf +++ b/recipes/upstream/aws/k3s/variables.tf @@ -205,8 +205,8 @@ variable "ssh_key_pair_path" { variable "ssh_username" { type = string - description = "Username used for SSH with sudo access" - default = "ubuntu" + description = "Username used for SSH with sudo access, must align with the AMI in use" + default = null } variable "spot_instances" { @@ -215,6 +215,18 @@ variable "spot_instances" { default = null } +variable "instance_ami" { + type = string + description = "Override the default SLES or Ubuntu AMI" + default = null +} + +variable "os_type" { + type = string + description = "Use SLES or Ubuntu images when launching instances (sles or ubuntu)" + default = "sles" +} + variable "subnet_id" { type = string description = "VPC Subnet ID to create the instance(s) in" diff --git a/recipes/upstream/aws/rke/docs.md b/recipes/upstream/aws/rke/docs.md index 5ed1ee21..129f86d9 100644 --- a/recipes/upstream/aws/rke/docs.md +++ b/recipes/upstream/aws/rke/docs.md @@ -30,8 +30,9 @@ No resources. | [create\_security\_group](#input\_create\_security\_group) | Should create the security group associated with the instance(s) | `bool` | `null` | no | | [create\_ssh\_key\_pair](#input\_create\_ssh\_key\_pair) | Specify if a new SSH key pair needs to be created for the instances | `bool` | `null` | no | | [dependency](#input\_dependency) | An optional variable to add a dependency from another resource (not used) | `any` | `null` | no | -| [docker\_version](#input\_docker\_version) | Docker version to install on nodes | `string` | `"20.10"` | no | +| [docker\_version](#input\_docker\_version) | Docker version to install on nodes | `string` | `"27.2"` | no | | [install\_docker](#input\_install\_docker) | Should install docker while creating the instance | `bool` | `true` | no | +| [instance\_ami](#input\_instance\_ami) | Override the default SLES or Ubuntu AMI | `string` | `null` | no | | [instance\_count](#input\_instance\_count) | Number of EC2 instances to create | `number` | `null` | no | | [instance\_disk\_size](#input\_instance\_disk\_size) | Specify root disk size (GB) | `string` | `null` | no | | [instance\_security\_group](#input\_instance\_security\_group) | Provide a pre-existing security group ID | `string` | `null` | no | @@ -39,6 +40,7 @@ No resources. | [kube\_config\_filename](#input\_kube\_config\_filename) | Filename to write the kube config | `string` | `null` | no | | [kube\_config\_path](#input\_kube\_config\_path) | The path to write the kubeconfig for the RKE cluster | `string` | `null` | no | | [kubernetes\_version](#input\_kubernetes\_version) | Kubernetes version to use for the RKE cluster | `string` | `null` | no | +| [os\_type](#input\_os\_type) | Use SLES or Ubuntu images when launching instances (sles or ubuntu) | `string` | `"sles"` | no | | [prefix](#input\_prefix) | Prefix added to names of all resources | `string` | `null` | no | | [rancher\_bootstrap\_password](#input\_rancher\_bootstrap\_password) | Password to use when bootstrapping Rancher (min 12 characters) | `string` | `"initial-bootstrap-password"` | no | | [rancher\_helm\_repository](#input\_rancher\_helm\_repository) | Helm repository for Rancher chart | `string` | `null` | no | @@ -50,7 +52,7 @@ No resources. | [spot\_instances](#input\_spot\_instances) | Use spot instances | `bool` | `null` | no | | [ssh\_key\_pair\_name](#input\_ssh\_key\_pair\_name) | Specify the SSH key name to use (that's already present in AWS) | `string` | `null` | no | | [ssh\_key\_pair\_path](#input\_ssh\_key\_pair\_path) | Path to the SSH private key used as the key pair (that's already present in AWS) | `string` | `null` | no | -| [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access | `string` | `"ubuntu"` | no | +| [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access, must align with the AMI in use | `string` | `null` | no | | [subnet\_id](#input\_subnet\_id) | VPC Subnet ID to create the instance(s) in | `string` | `null` | no | | [wait](#input\_wait) | An optional wait before installing the Rancher helm chart | `string` | `"20s"` | no | diff --git a/recipes/upstream/aws/rke/terraform.tfvars.example b/recipes/upstream/aws/rke/terraform.tfvars.example index 9f1a5425..19b924d6 100644 --- a/recipes/upstream/aws/rke/terraform.tfvars.example +++ b/recipes/upstream/aws/rke/terraform.tfvars.example @@ -36,6 +36,13 @@ instance_count = 1 ## -- Use spot instances # spot_instances = false +### -- Use SLES or Ubuntu images when launching instances (sles or ubuntu) +# os_type = "sles" +## - SSH username (must match the SSH user for the AMI used) +# ssh_username = "ec2-user" +## - Custom AMI to launch instances with +# instance_ami = "ami-xxxx" + ##### SSH ## -- (A) Create a new keypair in AWS create_ssh_key_pair = true diff --git a/recipes/upstream/aws/rke/user_data.tmpl b/recipes/upstream/aws/rke/user_data.tmpl index e794cfa6..9cfdf91e 100644 --- a/recipes/upstream/aws/rke/user_data.tmpl +++ b/recipes/upstream/aws/rke/user_data.tmpl @@ -6,4 +6,4 @@ if [ ${install_docker} = true ] export DEBIAN_FRONTEND=noninteractive curl -sSL https://releases.rancher.com/install-docker/${docker_version}.sh | sh - sudo usermod -aG docker ${username} -fi +fi \ No newline at end of file diff --git a/recipes/upstream/aws/rke/variables.tf b/recipes/upstream/aws/rke/variables.tf index 0f1ab3ba..096c849f 100644 --- a/recipes/upstream/aws/rke/variables.tf +++ b/recipes/upstream/aws/rke/variables.tf @@ -107,7 +107,7 @@ variable "install_docker" { variable "docker_version" { type = string description = "Docker version to install on nodes" - default = "20.10" + default = "27.2" } variable "rancher_bootstrap_password" { @@ -164,8 +164,8 @@ variable "ssh_key_pair_path" { variable "ssh_username" { type = string - description = "Username used for SSH with sudo access" - default = "ubuntu" + description = "Username used for SSH with sudo access, must align with the AMI in use" + default = null } variable "spot_instances" { @@ -174,6 +174,18 @@ variable "spot_instances" { default = null } +variable "instance_ami" { + type = string + description = "Override the default SLES or Ubuntu AMI" + default = null +} + +variable "os_type" { + type = string + description = "Use SLES or Ubuntu images when launching instances (sles or ubuntu)" + default = "sles" +} + variable "subnet_id" { type = string description = "VPC Subnet ID to create the instance(s) in" diff --git a/recipes/upstream/aws/rke2/docs.md b/recipes/upstream/aws/rke2/docs.md index 7b94984c..6626b7db 100644 --- a/recipes/upstream/aws/rke2/docs.md +++ b/recipes/upstream/aws/rke2/docs.md @@ -42,12 +42,14 @@ | [cert\_manager\_helm\_repository\_username](#input\_cert\_manager\_helm\_repository\_username) | Private Cert Manager helm repository username | `string` | `null` | no | | [create\_security\_group](#input\_create\_security\_group) | Should create the security group associated with the instance(s) | `bool` | `null` | no | | [create\_ssh\_key\_pair](#input\_create\_ssh\_key\_pair) | Specify if a new SSH key pair needs to be created for the instances | `bool` | `null` | no | +| [instance\_ami](#input\_instance\_ami) | Override the default SLES or Ubuntu AMI | `string` | `null` | no | | [instance\_count](#input\_instance\_count) | Number of EC2 instances to create | `number` | `null` | no | | [instance\_disk\_size](#input\_instance\_disk\_size) | Specify root disk size (GB) | `string` | `null` | no | | [instance\_security\_group](#input\_instance\_security\_group) | Provide a pre-existing security group ID | `string` | `null` | no | | [instance\_type](#input\_instance\_type) | Instance type used for all EC2 instances | `string` | `null` | no | | [kube\_config\_filename](#input\_kube\_config\_filename) | Filename to write the kube config | `string` | `null` | no | | [kube\_config\_path](#input\_kube\_config\_path) | The path to write the kubeconfig for the RKE cluster | `string` | `null` | no | +| [os\_type](#input\_os\_type) | Use SLES or Ubuntu images when launching instances (sles or ubuntu) | `string` | `"sles"` | no | | [prefix](#input\_prefix) | Prefix added to names of all resources | `string` | `null` | no | | [rancher\_bootstrap\_password](#input\_rancher\_bootstrap\_password) | Password to use when bootstrapping Rancher (min 12 characters) | `string` | `"initial-bootstrap-password"` | no | | [rancher\_helm\_repository](#input\_rancher\_helm\_repository) | Helm repository for Rancher chart | `string` | `null` | no | @@ -62,7 +64,7 @@ | [spot\_instances](#input\_spot\_instances) | Use spot instances | `bool` | `null` | no | | [ssh\_key\_pair\_name](#input\_ssh\_key\_pair\_name) | Specify the SSH key name to use (that's already present in AWS) | `string` | `null` | no | | [ssh\_key\_pair\_path](#input\_ssh\_key\_pair\_path) | Path to the SSH private key used as the key pair (that's already present in AWS) | `string` | `null` | no | -| [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access | `string` | `"ubuntu"` | no | +| [ssh\_username](#input\_ssh\_username) | Username used for SSH with sudo access, must align with the AMI in use | `string` | `null` | no | | [subnet\_id](#input\_subnet\_id) | VPC Subnet ID to create the instance(s) in | `string` | `null` | no | | [wait](#input\_wait) | An optional wait before installing the Rancher helm chart | `string` | `"20s"` | no | diff --git a/recipes/upstream/aws/rke2/main.tf b/recipes/upstream/aws/rke2/main.tf index d12eb656..ec1ce037 100644 --- a/recipes/upstream/aws/rke2/main.tf +++ b/recipes/upstream/aws/rke2/main.tf @@ -2,6 +2,7 @@ locals { kc_path = var.kube_config_path != null ? var.kube_config_path : path.cwd kc_file = var.kube_config_filename != null ? "${local.kc_path}/${var.kube_config_filename}" : "${local.kc_path}/${var.prefix}_kube_config.yml" kc_file_backup = "${local.kc_file}.backup" + ssh_username = var.instance_ami != null ? var.ssh_username : var.os_type == "sles" ? "ec2-user" : "ubuntu" } module "rke2_first" { @@ -17,10 +18,12 @@ module "rke2_first_server" { instance_count = 1 instance_type = var.instance_type instance_disk_size = var.instance_disk_size + instance_ami = var.instance_ami + os_type = var.os_type create_ssh_key_pair = var.create_ssh_key_pair ssh_key_pair_name = var.ssh_key_pair_name ssh_key_pair_path = var.ssh_key_pair_path - ssh_username = var.ssh_username + ssh_username = local.ssh_username spot_instances = var.spot_instances aws_region = var.aws_region create_security_group = var.create_security_group @@ -43,6 +46,8 @@ module "rke2_additional_servers" { instance_count = var.instance_count - 1 instance_type = var.instance_type instance_disk_size = var.instance_disk_size + instance_ami = var.instance_ami + os_type = var.os_type create_ssh_key_pair = false ssh_key_pair_name = module.rke2_first_server.ssh_key_pair_name ssh_key_pair_path = module.rke2_first_server.ssh_key_path @@ -66,7 +71,7 @@ resource "ssh_resource" "retrieve_kubeconfig" { commands = [ "sudo sed 's/127.0.0.1/${module.rke2_first_server.instances_public_ip[0]}/g' /etc/rancher/rke2/rke2.yaml" ] - user = var.ssh_username + user = local.ssh_username private_key = data.local_file.ssh_private_key.content } diff --git a/recipes/upstream/aws/rke2/terraform.tfvars.example b/recipes/upstream/aws/rke2/terraform.tfvars.example index e3f49a7e..38e9b83f 100644 --- a/recipes/upstream/aws/rke2/terraform.tfvars.example +++ b/recipes/upstream/aws/rke2/terraform.tfvars.example @@ -36,6 +36,13 @@ instance_count = 1 ## -- Use spot instances # spot_instances = false +### -- Use SLES or Ubuntu images when launching instances (sles or ubuntu) +# os_type = "sles" +## - SSH username (must match the SSH user for the AMI used) +# ssh_username = "ec2-user" +## - Custom AMI to launch instances with +# instance_ami = "ami-xxxx" + ## -- RKE2 token, override the programmatically generated token # rke2_token = "string here" diff --git a/recipes/upstream/aws/rke2/variables.tf b/recipes/upstream/aws/rke2/variables.tf index f8ad6651..9286f05d 100644 --- a/recipes/upstream/aws/rke2/variables.tf +++ b/recipes/upstream/aws/rke2/variables.tf @@ -193,8 +193,8 @@ variable "ssh_key_pair_path" { variable "ssh_username" { type = string - description = "Username used for SSH with sudo access" - default = "ubuntu" + description = "Username used for SSH with sudo access, must align with the AMI in use" + default = null } variable "spot_instances" { @@ -203,6 +203,18 @@ variable "spot_instances" { default = null } +variable "instance_ami" { + type = string + description = "Override the default SLES or Ubuntu AMI" + default = null +} + +variable "os_type" { + type = string + description = "Use SLES or Ubuntu images when launching instances (sles or ubuntu)" + default = "sles" +} + variable "subnet_id" { type = string description = "VPC Subnet ID to create the instance(s) in" From 70f3ce4ca74e06d97774b931b5f0e097a622fdbd Mon Sep 17 00:00:00 2001 From: dkeightley Date: Fri, 10 Jan 2025 16:59:46 +1300 Subject: [PATCH 2/2] fmt --- recipes/upstream/aws/k3s/main.tf | 2 +- recipes/upstream/aws/rke2/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/recipes/upstream/aws/k3s/main.tf b/recipes/upstream/aws/k3s/main.tf index 1a91f358..caa5e54a 100644 --- a/recipes/upstream/aws/k3s/main.tf +++ b/recipes/upstream/aws/k3s/main.tf @@ -2,7 +2,7 @@ locals { kc_path = var.kube_config_path != null ? var.kube_config_path : path.cwd kc_file = var.kube_config_filename != null ? "${local.kc_path}/${var.kube_config_filename}" : "${local.kc_path}/${var.prefix}_kube_config.yml" kc_file_backup = "${local.kc_file}.backup" - ssh_username = var.instance_ami != null ? var.ssh_username : var.os_type == "sles" ? "ec2-user" : "ubuntu" + ssh_username = var.instance_ami != null ? var.ssh_username : var.os_type == "sles" ? "ec2-user" : "ubuntu" } module "k3s_first" { diff --git a/recipes/upstream/aws/rke2/main.tf b/recipes/upstream/aws/rke2/main.tf index ec1ce037..afc84c7d 100644 --- a/recipes/upstream/aws/rke2/main.tf +++ b/recipes/upstream/aws/rke2/main.tf @@ -2,7 +2,7 @@ locals { kc_path = var.kube_config_path != null ? var.kube_config_path : path.cwd kc_file = var.kube_config_filename != null ? "${local.kc_path}/${var.kube_config_filename}" : "${local.kc_path}/${var.prefix}_kube_config.yml" kc_file_backup = "${local.kc_file}.backup" - ssh_username = var.instance_ami != null ? var.ssh_username : var.os_type == "sles" ? "ec2-user" : "ubuntu" + ssh_username = var.instance_ami != null ? var.ssh_username : var.os_type == "sles" ? "ec2-user" : "ubuntu" } module "rke2_first" {