feat: init project

Author: KoLiBer

.github/.releaserc.yml

@@ -0,0 +1,16 @@
+tagFormat: $${q}{version}
+branches:
+    - main
+    - master
+    - +([0-9])?(.{+([0-9]),x}).x
+    - { name: next, prerelease: true }
+    - { name: beta, prerelease: true }
+    - { name: alpha, prerelease: true }
+    - { name: stable, prerelease: true }
+plugins:
+    - "@semantic-release/commit-analyzer"
+    - "@semantic-release/release-notes-generator"
+    - "@semantic-release/changelog"
+    - "@semantic-release/github"
+    - - "@semantic-release/git"
+      - assets: [CHANGELOG.md]

.github/workflows/cicd.yml

@@ -0,0 +1,61 @@
+name: CI/CD
+
+on:
+    pull_request: { branches: ["*"] }
+    push:
+        branches:
+            - "+([0-9])?(.{+([0-9]),x}).x"
+            - master
+            - main
+            - next
+
+jobs:
+    build:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v3
+              with:
+                  fetch-depth: 0
+            - uses: actions/setup-node@v2
+              with:
+                  node-version: "17"
+            - uses: hashicorp/setup-terraform@v1
+              with:
+                  terraform_version: "1.1.4"
+            - uses: actions/cache@v2
+              with:
+                  path: .terraform/
+                  key: ${{ hashFiles('.terraform.lock.hcl') }}
+            - uses: actions/cache@v2
+              with:
+                  path: build/
+                  key: ${{ github.sha }}
+
+            - run: terraform init
+            - run: terraform fmt -check
+            - run: terraform validate -no-color
+            - run: mkdir -p build && cp -R .terraform.lock.hcl *.tf build
+
+    test:
+        needs: build
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@v3
+
+            - run: echo CodeCoverage
+
+    release:
+        needs: test
+        runs-on: ubuntu-latest
+        if: github.event_name == 'push'
+        steps:
+            - uses: actions/checkout@v3
+            - uses: actions/cache@v2
+              with:
+                  path: build/
+                  key: ${{ github.sha }}
+
+            - run: npm i -g semantic-release @semantic-release/changelog @semantic-release/github @semantic-release/git
+            - run: cat .github/.releaserc.yml | envsubst > .releaserc.yml && semantic-release
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,37 @@
+# Local .terraform directories
+**/.terraform/*
+
+# .tfstate files
+*.tfstate
+*.tfstate.*
+
+# Crash log files
+crash.log
+
+# Exclude all .tfvars files, which are likely to contain sentitive data, such as
+# password, private keys, and other secrets. These should not be part of version
+# control as they are data points which are potentially sensitive and subject
+# to change depending on the environment.
+#
+*.tfvars
+
+# Ignore override files as they are usually used to override resources locally and so
+# are not checked in
+override.tf
+override.tf.json
+*_override.tf
+*_override.tf.json
+
+# Include override files you do wish to add to version control using negated pattern
+#
+# !example_override.tf
+
+# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
+# example: *tfplan*
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc
+
+# dotenv environment variables file
+.env

LICENSE.md

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2022-present, KoLiBer
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NON INFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,67 @@
+# Terraform Module RKE
+
+![pipeline](https://github.com/cktf/terraform-module-rke/actions/workflows/cicd.yml/badge.svg)
+![release](https://img.shields.io/github/v/release/cktf/terraform-module-rke?display_name=tag)
+![license](https://img.shields.io/github/license/cktf/terraform-module-rke)
+
+**RKE** is a Terraform module useful for bootstraping **HA** kubernetes clusters using **k3s** and **rke2** on **Remote Machines**
+
+## Installation
+
+Add the required configurations to your terraform config file and install module using command bellow:
+
+```bash
+terraform init
+```
+
+## Usage
+
+```hcl
+module "rke" {
+  source = "cktf/rke/module"
+
+  masters = {
+    1 = {
+      connection = {
+        type     = "ssh"
+        host     = "192.168.172.185"
+        port     = 22
+        user     = "ubuntu"
+        password = "ubuntu"
+      }
+    }
+  }
+
+  nodes = {
+    1 = {
+      connection = {
+        type     = "ssh"
+        host     = "192.168.172.186"
+        port     = 22
+        user     = "ubuntu"
+        password = "ubuntu"
+      }
+    }
+    2 = {
+      connection = {
+        type     = "ssh"
+        host     = "192.168.172.186"
+        port     = 22
+        user     = "ubuntu"
+        password = "ubuntu"
+      }
+    }
+  }
+}
+```
+
+## Contributing
+
+Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
+
+Please make sure to update tests as appropriate.
+
+## License
+
+This project is licensed under the [MIT](LICENSE.md).  
+Copyright (c) KoLiBer ([email protected])

main.tf

@@ -0,0 +1,9 @@
+terraform {
+  required_version = ">= 0.14.0"
+  required_providers {
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 3.0.0"
+    }
+  }
+}

outputs.tf

@@ -0,0 +1,27 @@
+output "host" {
+  depends_on = [data.k8sbootstrap_auth.this]
+
+  value       = "https://${local.public_alb}:6443"
+  sensitive   = false
+  description = "Cluster Host"
+}
+
+output "token" {
+  depends_on = [data.k8sbootstrap_auth.this]
+
+  value       = "${random_string.token_id.result}.${random_string.token_secret.result}"
+  sensitive   = true
+  description = "Cluster Token"
+}
+
+output "ca_crt" {
+  value       = data.k8sbootstrap_auth.this.ca_crt
+  sensitive   = true
+  description = "Cluster CA Certificate"
+}
+
+output "kubeconfig" {
+  value       = data.k8sbootstrap_auth.this.kubeconfig
+  sensitive   = true
+  description = "Cluster Kubernetes Config"
+}

script.tf

@@ -0,0 +1,49 @@
+resource "null_resource" "this" {
+  triggers = {
+    connection = jsonencode(var.connection)
+    create     = var.create
+    destroy    = var.destroy
+  }
+
+  connection {
+    type                = try(jsondecode(self.triggers.connection).type, null)
+    host                = try(jsondecode(self.triggers.connection).host, null)
+    port                = try(jsondecode(self.triggers.connection).port, null)
+    user                = try(jsondecode(self.triggers.connection).user, null)
+    password            = try(jsondecode(self.triggers.connection).password, null)
+    timeout             = try(jsondecode(self.triggers.connection).timeout, null)
+    script_path         = try(jsondecode(self.triggers.connection).script_path, null)
+    private_key         = try(jsondecode(self.triggers.connection).private_key, null)
+    certificate         = try(jsondecode(self.triggers.connection).certificate, null)
+    agent               = try(jsondecode(self.triggers.connection).agent, null)
+    agent_identity      = try(jsondecode(self.triggers.connection).agent_identity, null)
+    host_key            = try(jsondecode(self.triggers.connection).host_key, null)
+    https               = try(jsondecode(self.triggers.connection).https, null)
+    insecure            = try(jsondecode(self.triggers.connection).insecure, null)
+    use_ntlm            = try(jsondecode(self.triggers.connection).use_ntlm, null)
+    cacert              = try(jsondecode(self.triggers.connection).cacert, null)
+    bastion_host        = try(jsondecode(self.triggers.connection).bastion_host, null)
+    bastion_host_key    = try(jsondecode(self.triggers.connection).bastion_host_key, null)
+    bastion_port        = try(jsondecode(self.triggers.connection).bastion_port, null)
+    bastion_user        = try(jsondecode(self.triggers.connection).bastion_user, null)
+    bastion_password    = try(jsondecode(self.triggers.connection).bastion_password, null)
+    bastion_private_key = try(jsondecode(self.triggers.connection).bastion_private_key, null)
+    bastion_certificate = try(jsondecode(self.triggers.connection).bastion_certificate, null)
+  }
+
+  provisioner "remote-exec" {
+    when = create
+    inline = [
+      "echo '${try(jsondecode(self.triggers.connection).password, "")}' | sudo -S -v",
+      "echo ${base64encode(self.triggers.create)} | base64 -d | sudo sh"
+    ]
+  }
+
+  provisioner "remote-exec" {
+    when = destroy
+    inline = [
+      "echo '${try(jsondecode(self.triggers.connection).password, "")}' | sudo -S -v",
+      "echo ${base64encode(self.triggers.destroy)} | base64 -d | sudo sh"
+    ]
+  }
+}

variables.tf

@@ -0,0 +1,20 @@
+variable "connection" {
+  type        = any
+  default     = {}
+  sensitive   = false
+  description = "Script Connection"
+}
+
+variable "create" {
+  type        = string
+  default     = ""
+  sensitive   = false
+  description = "Script Create"
+}
+
+variable "destroy" {
+  type        = string
+  default     = ""
+  sensitive   = false
+  description = "Script Destroy"
+}