From 725eb334a9891d875b76168168807ca5e910b5ea Mon Sep 17 00:00:00 2001
From: Karim Naufal <rimkashox@gmail.com>
Date: Wed, 4 May 2022 15:59:03 +0200
Subject: [PATCH 1/2] rancher install ok

---
 init.tf                         | 26 ++++++++++++++++++++++++--
 templates/cert-manager.yaml.tpl | 17 +++++++++++++++++
 templates/rancher.yaml.tpl      | 21 +++++++++++++++++++++
 terraform.tfvars.example        | 20 ++++++++++++++++++++
 variables.tf                    | 31 ++++++++++++++++++++++++++++++-
 5 files changed, 112 insertions(+), 3 deletions(-)
 create mode 100644 templates/cert-manager.yaml.tpl
 create mode 100644 templates/rancher.yaml.tpl

diff --git a/init.tf b/init.tf
index d49b7d2..414c377 100644
--- a/init.tf
+++ b/init.tf
@@ -88,9 +88,11 @@ resource "null_resource" "kustomization" {
           "https://raw.githubusercontent.com/rancher/system-upgrade-controller/master/manifests/system-upgrade-controller.yaml",
         ],
         var.disable_hetzner_csi ? [] : ["https://raw.githubusercontent.com/hetznercloud/csi-driver/${local.csi_version}/deploy/kubernetes/hcloud-csi.yml"],
-        var.enable_longhorn ? ["longhorn.yaml"] : [],
         local.is_single_node_cluster ? [] : var.traefik_enabled ? ["traefik_config.yaml"] : [],
-        var.cni_plugin == "calico" ? ["https://projectcalico.docs.tigera.io/manifests/calico.yaml"] : []
+        var.cni_plugin == "calico" ? ["https://projectcalico.docs.tigera.io/manifests/calico.yaml"] : [],
+        var.enable_longhorn ? ["longhorn.yaml"] : [],
+        var.enable_cert_manager || var.enable_rancher ? ["cert-manager.yaml"] : [],
+        var.enable_rancher ? ["rancher.yaml"] : [],
       ),
       patchesStrategicMerge = concat(
         [
@@ -160,6 +162,26 @@ resource "null_resource" "kustomization" {
     destination = "/var/post_install/longhorn.yaml"
   }
 
+  # Upload the cert-manager config
+  provisioner "file" {
+    content = templatefile(
+      "${path.module}/templates/cert-manager.yaml.tpl",
+    {})
+    destination = "/var/post_install/cert-manager.yaml"
+  }
+
+  # Upload the rancher config
+  provisioner "file" {
+    content = templatefile(
+      "${path.module}/templates/rancher.yaml.tpl",
+      {
+        rancher_install_channel    = var.rancher_install_channel
+        rancher_hostname           = var.rancher_hostname
+        number_control_plane_nodes = length(local.control_plane_nodes)
+    })
+    destination = "/var/post_install/rancher.yaml"
+  }
+
   # Deploy secrets, logging is automatically disabled due to sensitive variables
   provisioner "remote-exec" {
     inline = [
diff --git a/templates/cert-manager.yaml.tpl b/templates/cert-manager.yaml.tpl
new file mode 100644
index 0000000..bcaa0c8
--- /dev/null
+++ b/templates/cert-manager.yaml.tpl
@@ -0,0 +1,17 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: cert-manager
+  namespace: kube-system
+spec:
+  chart: cert-manager
+  repo: https://charts.jetstack.io
+  targetNamespace: cert-manager
+  valuesContent: |-
+    installCRDs: true
\ No newline at end of file
diff --git a/templates/rancher.yaml.tpl b/templates/rancher.yaml.tpl
new file mode 100644
index 0000000..8d48e6b
--- /dev/null
+++ b/templates/rancher.yaml.tpl
@@ -0,0 +1,21 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cattle-system
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: rancher
+  namespace: kube-system
+spec:
+  chart: rancher
+  repo: https://releases.rancher.com/server-charts/${rancher_install_channel}
+  targetNamespace: cattle-system
+  valuesContent: |-
+    ingress:
+      tls:
+        source: rancher
+    hostname: ${rancher_hostname}
+    replicas: ${number_control_plane_nodes}
\ No newline at end of file
diff --git a/terraform.tfvars.example b/terraform.tfvars.example
index 40bec6d..946e232 100644
--- a/terraform.tfvars.example
+++ b/terraform.tfvars.example
@@ -183,3 +183,23 @@ load_balancer_location = "fsn1"
 # If you want to disable the automatic use of placement group "spread". See https://docs.hetzner.com/cloud/placement-groups/overview/
 # That may be useful if you need to deploy more than 500 nodes! The default is "false".
 # placement_group_disable = true
+
+# You can enable cert-manager (installed by Helm behind the scenes) with the following flag, the default is "false".
+# enable_cert_manager = true
+
+# You can enable rancher (installed by Helm behind the scenes) with the following flag, the default is "false".
+# When rancher is enabled, it automatically installs cert-manager too, and it uses rancher's own certificates.
+# As for the number of replicas, it is set to the numbe of control plane nodes.
+# You can customized all of the above by creating and applying a HelmChartConfig to pass the helm chart values of your choice. 
+# See https://rancher.com/docs/k3s/latest/en/helm/ 
+# and https://rancher.com/docs/rancher/v2.6/en/installation/install-rancher-on-k8s/chart-options/
+# enable_rancher = true
+
+# When rancher is deployed, by default is uses the "stable" channel. But this can be customized.
+# The allowed values are "stable", "latest", and "alpha".
+# rancher_install_channel = "latest"
+
+# Set your rancher hostname, the default is "rancher.example.com".
+# It is a required value when using rancher, but up to you to point the DNS to it or not. 
+# You can also not point the DNS, and just port-forward locally via kubectl to get access to the dashboard.
+# rancher_hostname = "rancher.xyz.dev"
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 4994180..049c593 100644
--- a/variables.tf
+++ b/variables.tf
@@ -107,7 +107,7 @@ variable "initial_k3s_channel" {
   description = "Allows you to specify an initial k3s channel"
 
   validation {
-    condition     = contains(["stable", "latest", "testing", "v1.16", "v1.17", "v1.18", "v1.19", "v1.20", "v1.21", "v1.22", "v1.23"], var.initial_k3s_channel)
+    condition     = contains(["stable", "latest", "testing", "v1.16", "v1.17", "v1.18", "v1.19", "v1.20", "v1.21", "v1.22", "v1.23", "v1.24"], var.initial_k3s_channel)
     error_message = "The initial k3s channel must be one of stable, latest or testing."
   }
 }
@@ -175,3 +175,32 @@ variable "disable_hetzner_csi" {
   default     = false
   description = "Disable hetzner csi driver"
 }
+
+variable "enable_cert_manager" {
+  type        = bool
+  default     = false
+  description = "Enable cert manager"
+}
+
+variable "enable_rancher" {
+  type        = bool
+  default     = false
+  description = "Enable rancher"
+}
+
+variable "rancher_install_channel" {
+  type        = string
+  default     = "stable"
+  description = "Rancher install channel"
+
+  validation {
+    condition     = contains(["stable", "latest", "alpha"], var.rancher_install_channel)
+    error_message = "The allowed values for the rancher install channel are stable, latest, or alpha."
+  }
+}
+
+variable "rancher_hostname" {
+  type        = string
+  default     = "rancher.example.com"
+  description = "Enable rancher"
+}

From 75a817ea3b91f63f6aa85d6dee04e07328be4abe Mon Sep 17 00:00:00 2001
From: Karim Naufal <rimkashox@gmail.com>
Date: Wed, 4 May 2022 21:39:58 +0200
Subject: [PATCH 2/2] rancher ok

---
 README.md                | 23 +++++++++++++++++++++++
 init.tf                  |  2 +-
 terraform.tfvars.example | 10 +++++-----
 variables.tf             |  2 +-
 4 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/README.md b/README.md
index 3e55cac..4858b36 100644
--- a/README.md
+++ b/README.md
@@ -229,6 +229,29 @@ To use Kube-Hetzner on Terraform cloud, use as a Terraform module as mentioned a
 
 </details>
 
+<details>
+
+<summary>Configure add-ons with HelmChartConfig</summary>
+
+For instance, to customize the Rancher install, if you choose to enable it, you can create and apply the following `HelmChartConfig`:
+
+```yaml
+apiVersion: helm.cattle.io/v1
+kind: HelmChartConfig
+metadata:
+  name: rancher
+  namespace: kube-system
+spec:
+  valuesContent: |-
+    **values.yaml content you want to customize**
+```
+
+The helm options for Rancher can be seen here <https://github.com/rancher/rancher/blob/release/v2.6/chart/values.yaml>.
+
+Same goes for all add-ons, like Longhorn, Cert-manager, and Traefik.
+
+</details>
+
 ## Debugging
 
 First and foremost, it depends, but it's always good to have a quick look into Hetzner quickly without logging in to the UI. That is where the `hcloud` cli comes in.
diff --git a/init.tf b/init.tf
index 414c377..24db1d1 100644
--- a/init.tf
+++ b/init.tf
@@ -170,7 +170,7 @@ resource "null_resource" "kustomization" {
     destination = "/var/post_install/cert-manager.yaml"
   }
 
-  # Upload the rancher config
+  # Upload the Rancher config
   provisioner "file" {
     content = templatefile(
       "${path.module}/templates/rancher.yaml.tpl",
diff --git a/terraform.tfvars.example b/terraform.tfvars.example
index 946e232..28ff1e6 100644
--- a/terraform.tfvars.example
+++ b/terraform.tfvars.example
@@ -18,7 +18,7 @@ private_key = "/home/username/.ssh/id_ed25519"
 network_region = "eu-central" # change to `us-east` if location is ash
 
 # For the control planes, at least three nodes are the minimum for HA. Otherwise, you need to turn off the automatic upgrade (see ReadMe).
-# As per rancher docs, it must always be an odd number, never even! See https://rancher.com/docs/k3s/latest/en/installation/ha-embedded/
+# As per Rancher docs, it must always be an odd number, never even! See https://rancher.com/docs/k3s/latest/en/installation/ha-embedded/
 # For instance, one is ok (non-HA), two is not ok, and three is ok (becomes HA). It does not matter if they are in the same nodepool or not! So they can be in different locations and of various types.
 
 # Of course, you can choose any number of nodepools you want, with the location you want. The only constraint on the location is that you need to stay in the same network region, Europe, or the US.
@@ -187,19 +187,19 @@ load_balancer_location = "fsn1"
 # You can enable cert-manager (installed by Helm behind the scenes) with the following flag, the default is "false".
 # enable_cert_manager = true
 
-# You can enable rancher (installed by Helm behind the scenes) with the following flag, the default is "false".
-# When rancher is enabled, it automatically installs cert-manager too, and it uses rancher's own certificates.
+# You can enable Rancher (installed by Helm behind the scenes) with the following flag, the default is "false".
+# When Rancher is enabled, it automatically installs cert-manager too, and it uses rancher's own certificates.
 # As for the number of replicas, it is set to the numbe of control plane nodes.
 # You can customized all of the above by creating and applying a HelmChartConfig to pass the helm chart values of your choice. 
 # See https://rancher.com/docs/k3s/latest/en/helm/ 
 # and https://rancher.com/docs/rancher/v2.6/en/installation/install-rancher-on-k8s/chart-options/
 # enable_rancher = true
 
-# When rancher is deployed, by default is uses the "stable" channel. But this can be customized.
+# When Rancher is deployed, by default is uses the "stable" channel. But this can be customized.
 # The allowed values are "stable", "latest", and "alpha".
 # rancher_install_channel = "latest"
 
-# Set your rancher hostname, the default is "rancher.example.com".
+# Set your Rancher hostname, the default is "rancher.example.com".
 # It is a required value when using rancher, but up to you to point the DNS to it or not. 
 # You can also not point the DNS, and just port-forward locally via kubectl to get access to the dashboard.
 # rancher_hostname = "rancher.xyz.dev"
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 049c593..691718f 100644
--- a/variables.tf
+++ b/variables.tf
@@ -195,7 +195,7 @@ variable "rancher_install_channel" {
 
   validation {
     condition     = contains(["stable", "latest", "alpha"], var.rancher_install_channel)
-    error_message = "The allowed values for the rancher install channel are stable, latest, or alpha."
+    error_message = "The allowed values for the Rancher install channel are stable, latest, or alpha."
   }
 }