Skip to content

Commit

Permalink
Merge pull request #1239 from a-blender/msc-schema-update-backport
Browse files Browse the repository at this point in the history 
[Backport release/v3] Update msc schema and docs
  • Loading branch information
@a-blender
a-blender authored Oct 2, 2023
2 parents d94d5b6 + 74d5cce commit 1e152f4
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 89 deletions.
140 changes: 72 additions & 68 deletions docs/resources/cluster_v2.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ Provides a Rancher v2 Cluster v2 resource. This can be used to create RKE2 and K
# Create a new rancher v2 RKE2 custom Cluster v2
resource "rancher2_cluster_v2" "foo" {
name = "foo"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
fleet_namespace = "fleet-ns"
enable_network_policy = false
default_cluster_role_for_project_members = "user"
Expand All @@ -25,15 +25,15 @@ resource "rancher2_cluster_v2" "foo" {
resource "rancher2_cluster_v2" "foo" {
name = "foo"
fleet_namespace = "fleet-ns"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
enable_network_policy = false
default_cluster_role_for_project_members = "user"
}
```

**Note:** Once created, get the node command from `rancher2_cluster_v2.foo.cluster_registration_token`

### Creating Rancher v2 amazonec2 cluster v2
### Creating Rancher v2 AmazonEC2 cluster v2

```hcl
# Create amazonec2 cloud credential
Expand All @@ -49,19 +49,19 @@ resource "rancher2_cloud_credential" "foo" {
resource "rancher2_machine_config_v2" "foo" {
generate_name = "test-foo"
amazonec2_config {
ami = "<AMI_ID>"
region = "<REGION>"
security_group = [<AWS_SG>]
subnet_id = "<SUBNET_ID>"
vpc_id = "<VPC_ID>"
zone = "<ZONE>"
ami = "ami-id"
region = "region"
security_group = ["security-group"]
subnet_id = "subnet-id"
vpc_id = "vpc-id"
zone = "zone"
}
}
# Create a new rancher v2 Cluster with multiple machine pools
resource "rancher2_cluster_v2" "foo-rke2" {
name = "foo-rke2"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
enable_network_policy = false
default_cluster_role_for_project_members = "user"
rke_config {
Expand Down Expand Up @@ -98,7 +98,7 @@ resource "rancher2_cluster_v2" "foo-rke2" {
# Create a new rancher v2 amazonec2 RKE2 Cluster v2
resource "rancher2_cluster_v2" "foo-rke2" {
name = "foo-rke2"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
enable_network_policy = false
default_cluster_role_for_project_members = "user"
rke_config {
Expand All @@ -120,7 +120,7 @@ resource "rancher2_cluster_v2" "foo-rke2" {
# Create a new rancher v2 amazonec2 K3S Cluster v2
resource "rancher2_cluster_v2" "foo-k3s" {
name = "foo-k3s"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
enable_network_policy = false
default_cluster_role_for_project_members = "user"
rke_config {
Expand All @@ -145,27 +145,27 @@ resource "rancher2_cluster_v2" "foo-k3s" {
resource "rancher2_cloud_credential" "foo" {
name = "foo"
amazonec2_credential_config {
access_key = "<ACCESS_KEY>"
secret_key = "<SECRET_KEY>"
access_key = "access-key"
secret_key = "secret-key"
}
}
# Create amazonec2 machine config v2
resource "rancher2_machine_config_v2" "foo" {
generate_name = "test-foo"
amazonec2_config {
ami = "<AMI_ID>"
region = "<REGION>"
security_group = [<AWS_SG>]
subnet_id = "<SUBNET_ID>"
vpc_id = "<VPC_ID>"
zone = "<ZONE>"
ami = "ami-id"
region = "region"
security_group = ["security-group"]
subnet_id = "subnet-id"
vpc_id = "vpc-id"
zone = "zone"
}
}
resource "rancher2_cluster_v2" "foo" {
name = "foo"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
enable_network_policy = false
rke_config {
machine_pools {
Expand Down Expand Up @@ -249,18 +249,18 @@ EOF
```hcl
resource "rancher2_cluster_v2" "foo_cluster_v2" {
name = "cluster-with-custom-registry"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
rke_config {
machine_selector_config {
config = {
system-default-registry: "<CUSTOM_REGISTRY_HOSTNAME>"
system-default-registry: "custom-registry-hostname"
}
}
registries {
configs {
hostname = "<CUSTOM_REGISTRY_HOSTNAME>"
auth_config_secret_name = "<AUTH_CONFIG_SECRET_NAME>"
insecure = <TLS_INSECURE_BOOL>
hostname = "custom-registry-hostname"
auth_config_secret_name = "auth-config-secret-name"
insecure = <tls-insecure-bool>
tls_secret_name = ""
ca_bundle = ""
}
Expand All @@ -269,38 +269,25 @@ resource "rancher2_cluster_v2" "foo_cluster_v2" {
}
```
**Note:**
The `<AUTH_CONFIG_SECRET_NAME>` represents a generic kubernetes secret which contains two keys with base64 encoded values: the `username` and `password` for the specified custom registry. If the `system-default-registry` is not authenticated, no secret is required and the section within the `rke_config` can be omitted if not otherwise needed.
The `<AUTH_CONFIG_SECRET_NAME>` represents a generic kubernetes secret which contains two keys with base64 encoded values: the `username` and `password` for the specified custom registry. If the `system-default-registry` is not authenticated, no secret is required and the section within the `rke_config` can be omitted if not otherwise needed.

Many registries may be specified in the `rke_config`s `registries` section, however the `system-default-registry` from which core system images are pulled is always denoted via the `system-default-registry` key of the `machine_selector_config` or the `machine_global_config`. For more information on private registries, please refer to [the Rancher documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry#setting-a-private-registry-with-credentials-when-deploying-a-cluster)
Many registries may be specified in the `rke_config`s `registries` section, however the `system-default-registry` from which core system images are pulled is always denoted via the `system-default-registry` key of the `machine_selector_config` or the `machine_global_config`. For more information on private registries, please refer to [the Rancher documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry#setting-a-private-registry-with-credentials-when-deploying-a-cluster)

### Creating Rancher V2 cluster with cluster agent customization. For Rancher v2.7.5 and above.

```hcl
resource "rancher2_cluster_v2" "foo" {
name = "foo"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
enable_network_policy = false
rke_config {
machine_pools {
name = "pool1"
cloud_credential_secret_name = rancher2_cloud_credential.foo.id
control_plane_role = true
etcd_role = true
worker_role = true
quantity = 1
machine_config {
kind = rancher2_machine_config_v2.foo.kind
name = rancher2_machine_config_v2.foo.name
}
}
cluster_agent_deployment_customization {
append_tolerations {
effect = "NoSchedule"
key = "tolerate/control-plane"
value = "true"
}
cluster_agent_deployment_customization {
append_tolerations {
effect = "NoSchedule"
key = "tolerate/control-plane"
value = "true"
}
override_affinity = <<EOF
override_affinity = <<EOF
{
"nodeAffinity": {
"requiredDuringSchedulingIgnoredDuringExecution": {
Expand All @@ -317,12 +304,14 @@ resource "rancher2_cluster_v2" "foo" {
}
}
EOF
override_resource_requirements {
cpu_limit = "800"
cpu_request = "500"
memory_limit = "800"
memory_request = "500"
override_resource_requirements {
cpu_limit = "800"
cpu_request = "500"
memory_limit = "800"
memory_request = "500"
}
}
machine_pools ...
}
}
```
Expand All @@ -333,14 +322,14 @@ EOF

```hcl
locals {
version = "rke2" // will be k3s for K3s clusters
version = "rke2" // k3s for K3s clusters
rancher_psact_mount_path = "/etc/rancher/${local.version}/config/rancher-psact.yaml"
kube_apiserver_arg = var.default_psa_template != null && var.default_psa_template != "" ? ["admission-control-config-file=${local.rancher_psact_mount_path}"] : []
}
resource "rancher2_cluster_v2" "foo" {
name = "foo"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
enable_network_policy = false
default_pod_security_admission_configuration_template_name = "rancher-restricted"
rke_config {
Expand All @@ -350,18 +339,33 @@ resource "rancher2_cluster_v2" "foo" {
etcd-expose-metrics = false
kube-apiserver-arg = local.kube_apiserver_arg
})
machine_pools {
name = "pool1"
cloud_credential_secret_name = rancher2_cloud_credential.foo.id
control_plane_role = true
etcd_role = true
worker_role = true
quantity = 1
machine_config {
kind = rancher2_machine_config_v2.foo.kind
name = rancher2_machine_config_v2.foo.name
machine_pools ...
}
}
```

### Creating Rancher V2 cluster with Machine Selector Config. For Rancher 2.7.7 and above.

```hcl
resource "rancher2_cluster_v2" "foo" {
name = "foo"
kubernetes_version = "rancher-kubernetes-version"
enable_network_policy = false
rke_config {
machine_selector_config {
machine_label_selector {
match_expressions {
key = "node-label-key"
operator = "In"
values = ["node-label-value"]
}
}
config = <<EOF
kubelet-arg:
- cloud-provider-name=external
EOF
}
machine_pools ...
}
}
```
Expand Down Expand Up @@ -714,7 +718,7 @@ The following attributes are exported:
* `unhealthy_range` - (Optional) Range of unhealthy nodes for automated replacement to be allowed (string)
* `machine_labels` - (Optional) Labels for Machine pool nodes (map)
* `labels` - (Optional) Labels for Machine Deployment Resource (map)
* `annotations` - (Optional) Annotations for Machine Deployment Resource (map)
* `annotations` - (Optional) Annotations for Machine Deployment Resource (map)

##### `machine_config`

Expand Down Expand Up @@ -743,7 +747,7 @@ The following attributes are exported:
##### Arguments

* `machine_label_selector` - (Optional) Machine selector label (list maxitems:1)
* `config` - (Optional) Machine selector config (map)
* `config` - (Optional) Machine selector config. Must be in YAML format (string)

##### `machine_label_selector`

Expand Down Expand Up @@ -859,4 +863,4 @@ Clusters v2 can be imported using the Rancher Cluster v2 ID, that is in the form

```
$ terraform import rancher2_cluster_v2.foo &lt;FLEET_NAMESPACE&gt;/&lt;CLUSTER_NAME&gt;
```
```
22 changes: 1 addition & 21 deletions rancher2/schema_cluster_v2_rke_config_system_config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,29 +66,9 @@ func clusterV2RKEConfigSystemConfigFieldsV0() map[string]*schema.Schema {
},
},
"config": {
Type: schema.TypeString,
Type: schema.TypeMap,
Optional: true,
Description: "Machine selector config",
ValidateFunc: func(val interface{}, key string) (warns []string, errs []error) {
v, ok := val.(string)
if !ok || len(v) == 0 {
return
}
_, err := ghodssyamlToMapInterface(v)
if err != nil {
errs = append(errs, fmt.Errorf("%q must be in yaml format, error: %v", key, err))
return
}
return
},
DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
if old == "" || new == "" {
return false
}
oldMap, _ := ghodssyamlToMapInterface(old)
newMap, _ := ghodssyamlToMapInterface(new)
return reflect.DeepEqual(oldMap, newMap)
},
},
}

Expand Down

0 comments on commit 1e152f4

Please sign in to comment.