Merge pull request #72 from khanh-ph/release/3.3.0

Release version 3.3.0

.github/workflows/ci.yml

@@ -25,4 +25,32 @@ jobs:
 
     - name: Check Terraform format and syntax
       id: test
-      run: make test
+      run: make test
+  tflint:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+      name: Checkout source code
+
+    - uses: actions/cache@v3
+      name: Cache plugin dir
+      with:
+        path: ~/.tflint.d/plugins
+        key: ubuntu-latest-tflint-${{ hashFiles('.tflint.hcl') }}
+
+    - uses: terraform-linters/setup-tflint@v3
+      name: Setup TFLint
+      with:
+        tflint_version: v0.47.0
+
+    - name: Show version
+      run: tflint --version
+
+    - name: Init TFLint
+      run: tflint --init
+      env:
+        # https://github.com/terraform-linters/tflint/blob/master/docs/user-guide/plugins.md#avoiding-rate-limiting
+        GITHUB_TOKEN: ${{ github.token }}
+
+    - name: Run TFLint
+      run: tflint -f compact

.pre-commit-config.yaml

@@ -0,0 +1,12 @@
+repos:
+-   repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.81.2
+    hooks:
+    -   id: terraform_fmt
+    -   id: terraform_validate
+    -   id: terraform_tflint
+        args:
+           - --args=--format=compact
+    -   id: terraform_docs
+        args:
+           - --args=--config=.terraform-docs-config.yaml

.terraform-docs-config.yaml

@@ -0,0 +1,24 @@
+formatter: "md"
+
+sections:
+  show:
+    - inputs
+
+sort:
+  enabled: false
+  by: name
+
+settings:
+  anchor: true
+  color: true
+  default: true
+  description: false
+  escape: true
+  hide-empty: false
+  html: true
+  indent: 3
+  lockfile: true
+  read-comments: true
+  required: true
+  sensitive: true
+  type: true

README.md

@@ -13,7 +13,7 @@ Ensure the following software versions are installed:
 * [Proxmox VE](https://www.proxmox.com/en/proxmox-ve/get-started/) `>=7.3.3`
 * [Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli/) `>=1.3.3`
 
-> Kubespray has been set up automatically.
+> Kubespray will be set up automatically.
 
 ### System requirements
 
@@ -42,56 +42,63 @@ Follow these steps to use the project:
     $ terraform init
     ```
 
-4. Generate execution plan and review the output to ensure that the planned changes align with your expectations.
+4. Generate an execution plan and review the output to ensure that the planned changes align with your expectations.
 
     ```sh
     $ terraform plan -var-file="example.tfvars"
     ```
 
-5. If you're satisfy with the plan and ready to apply the changes. Run the following command:
+5. If you're satisfied with the plan and ready to apply the changes. Run the following command:
 
     ```sh
     $ terraform apply -var-file="example.tfvars"
     ```
 
-## Configurations
+## Terraform configurations
 
 The project provides several Terraform variables that allow you to customize the cluster to suit your needs. Please see the following:
 
-### Mandatory variables
-
-Below are the mandatory variables:
-
-* `env_name`
-* `pm_api_url`
-* `pm_api_token_id`
-* `pm_api_token_secret`
-* `pm_tls_insecure`
-* `pm_host`
-* `internal_net_name`
-* `internal_net_subnet_cidr`
-* `bastion_ssh_port`
-* `bastion_ssh_ip`
-* `bastion_ssh_user`
-* `ssh_public_keys`
-* `ssh_private_key`
-* `vm_max_vcpus`
-* `vm_k8s_control_plane`
-* `vm_k8s_worker`
-
-### Kubespray variables (optional)
-
-You may also configure the following optional variables specific to Kubespray:
-
-* `kube_version`
-* `kube_network_plugin`
-* `enable_nodelocaldns`
-* `podsecuritypolicy_enabled`
-* `persistent_volumes_enabled`
-* `helm_enabled`
-* `ingress_nginx_enabled`
-* `argocd_enabled`
-* `argocd_version`
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+### Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_pm_api_url"></a> [pm\_api\_url](#input\_pm\_api\_url) | The base URL for Proxmox VE API. See https://pve.proxmox.com/wiki/Proxmox_VE_API#API_URL | `string` | n/a | yes |
+| <a name="input_pm_api_token_id"></a> [pm\_api\_token\_id](#input\_pm\_api\_token\_id) | The token ID to access Proxmox VE API. | `string` | n/a | yes |
+| <a name="input_pm_api_token_secret"></a> [pm\_api\_token\_secret](#input\_pm\_api\_token\_secret) | The UUID/secret of the token defined in the variable `pm_api_token_id`. | `string` | n/a | yes |
+| <a name="input_pm_tls_insecure"></a> [pm\_tls\_insecure](#input\_pm\_tls\_insecure) | Disable TLS verification while connecting to the Proxmox VE API server. | `bool` | n/a | yes |
+| <a name="input_pm_host"></a> [pm\_host](#input\_pm\_host) | The name of Proxmox node where the VM is placed. | `string` | n/a | yes |
+| <a name="input_env_name"></a> [env\_name](#input\_env\_name) | n/a | `string` | `"test"` | no |
+| <a name="input_internal_net_name"></a> [internal\_net\_name](#input\_internal\_net\_name) | Name of the internal network bridge. | `string` | `"vmbr1"` | no |
+| <a name="input_internal_net_subnet_cidr"></a> [internal\_net\_subnet\_cidr](#input\_internal\_net\_subnet\_cidr) | CIDR of the internal network. For example: 10.0.1.0/24 | `string` | `""` | no |
+| <a name="input_ssh_private_key"></a> [ssh\_private\_key](#input\_ssh\_private\_key) | SSH private key in base64. Used by Terraform client to connect to the VM after provisioning. | `string` | n/a | yes |
+| <a name="input_ssh_public_keys"></a> [ssh\_public\_keys](#input\_ssh\_public\_keys) | SSH public keys in base64. | `string` | n/a | yes |
+| <a name="input_vm_user"></a> [vm\_user](#input\_vm\_user) | n/a | `string` | `"ubuntu"` | no |
+| <a name="input_vm_sockets"></a> [vm\_sockets](#input\_vm\_sockets) | n/a | `number` | `1` | no |
+| <a name="input_vm_max_vcpus"></a> [vm\_max\_vcpus](#input\_vm\_max\_vcpus) | The maximum CPU cores available per CPU socket to allocate to the VM. | `number` | `2` | no |
+| <a name="input_vm_cpu_type"></a> [vm\_cpu\_type](#input\_vm\_cpu\_type) | The type of CPU to emulate in the Guest | `string` | `"host"` | no |
+| <a name="input_vm_os_disk_storage"></a> [vm\_os\_disk\_storage](#input\_vm\_os\_disk\_storage) | Default storage pool where OS VM disk is placed. | `string` | n/a | yes |
+| <a name="input_add_worker_node_data_disk"></a> [add\_worker\_node\_data\_disk](#input\_add\_worker\_node\_data\_disk) | A boolean value that indicates whether to add a data disk to each worker node of the cluster. | `bool` | `false` | no |
+| <a name="input_worker_node_data_disk_storage"></a> [worker\_node\_data\_disk\_storage](#input\_worker\_node\_data\_disk\_storage) | The storage pool where the data disk is placed. | `string` | `""` | no |
+| <a name="input_worker_node_data_disk_size"></a> [worker\_node\_data\_disk\_size](#input\_worker\_node\_data\_disk\_size) | The size of worker node data disk in Gigabyte. | `string` | `10` | no |
+| <a name="input_vm_ubuntu_tmpl_name"></a> [vm\_ubuntu\_tmpl\_name](#input\_vm\_ubuntu\_tmpl\_name) | Name of Cloud-init template Ubuntu VM. | `string` | `"ubuntu-2204"` | no |
+| <a name="input_bastion_ssh_ip"></a> [bastion\_ssh\_ip](#input\_bastion\_ssh\_ip) | IP of the bastion host. It could be either public IP or local network IP of the bastion host. | `string` | `""` | no |
+| <a name="input_bastion_ssh_user"></a> [bastion\_ssh\_user](#input\_bastion\_ssh\_user) | n/a | `string` | `"ubuntu"` | no |
+| <a name="input_bastion_ssh_port"></a> [bastion\_ssh\_port](#input\_bastion\_ssh\_port) | n/a | `number` | `22` | no |
+| <a name="input_create_kubespray_host"></a> [create\_kubespray\_host](#input\_create\_kubespray\_host) | n/a | `bool` | `true` | no |
+| <a name="input_kubespray_image"></a> [kubespray\_image](#input\_kubespray\_image) | n/a | `string` | `"khanhphhub/kubespray:v2.22.0"` | no |
+| <a name="input_kube_version"></a> [kube\_version](#input\_kube\_version) | Kubernetes version | `string` | `"v1.24.6"` | no |
+| <a name="input_kube_network_plugin"></a> [kube\_network\_plugin](#input\_kube\_network\_plugin) | Choose network plugin (cilium, calico, kube-ovn, weave or flannel. Use cni for generic cni plugin) | `string` | `"calico"` | no |
+| <a name="input_enable_nodelocaldns"></a> [enable\_nodelocaldns](#input\_enable\_nodelocaldns) | Enable nodelocal dns cache | `bool` | `false` | no |
+| <a name="input_podsecuritypolicy_enabled"></a> [podsecuritypolicy\_enabled](#input\_podsecuritypolicy\_enabled) | pod security policy (RBAC must be enabled either by having 'RBAC' in authorization\_modes or kubeadm enabled) | `bool` | `false` | no |
+| <a name="input_persistent_volumes_enabled"></a> [persistent\_volumes\_enabled](#input\_persistent\_volumes\_enabled) | Add Persistent Volumes Storage Class for corresponding cloud provider (supported: in-tree OpenStack, Cinder CSI, AWS EBS CSI, Azure Disk CSI, GCP Persistent Disk CSI) | `bool` | `false` | no |
+| <a name="input_helm_enabled"></a> [helm\_enabled](#input\_helm\_enabled) | Helm deployment | `bool` | `false` | no |
+| <a name="input_ingress_nginx_enabled"></a> [ingress\_nginx\_enabled](#input\_ingress\_nginx\_enabled) | Nginx ingress controller deployment | `bool` | `false` | no |
+| <a name="input_argocd_enabled"></a> [argocd\_enabled](#input\_argocd\_enabled) | ArgoCD | `bool` | `false` | no |
+| <a name="input_argocd_version"></a> [argocd\_version](#input\_argocd\_version) | ArgoCD version | `string` | `"v2.4.12"` | no |
+| <a name="input_vm_k8s_control_plane"></a> [vm\_k8s\_control\_plane](#input\_vm\_k8s\_control\_plane) | Control Plane VM specification | `object({ node_count = number, vcpus = number, memory = number, disk_size = number })` | <pre>{<br>  "disk_size": 20,<br>  "memory": 1536,<br>  "node_count": 1,<br>  "vcpus": 2<br>}</pre> | no |
+| <a name="input_vm_k8s_worker"></a> [vm\_k8s\_worker](#input\_vm\_k8s\_worker) | Worker VM specification | `object({ node_count = number, vcpus = number, memory = number, disk_size = number })` | <pre>{<br>  "disk_size": 20,<br>  "memory": 2048,<br>  "node_count": 2,<br>  "vcpus": 2<br>}</pre> | no |
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 ## Blog posts
 

modules/proxmox_ubuntu_vm/main.tf

@@ -39,6 +39,18 @@ resource "proxmox_vm_qemu" "ubuntu_vm" {
     iothread = 1
   }
 
+  dynamic "disk" {
+    for_each = var.add_worker_node_data_disk ? [var.worker_node_data_disk_size] : []
+
+    content {
+      slot     = 1
+      type     = "virtio"
+      storage  = var.worker_node_data_disk_storage
+      size     = "${var.worker_node_data_disk_size}G"
+      iothread = 1
+    }
+  }
+
   network {
     model  = "virtio"
     bridge = var.vm_net_name

modules/proxmox_ubuntu_vm/variables.tf

@@ -96,6 +96,24 @@ variable "vm_host_number" {
   description = "The host number of the VM in the subnet"
 }
 
+variable "add_worker_node_data_disk" {
+  type        = bool
+  description = "A boolean value that indicates whether to add a data disk to each worker node of the cluster."
+  default     = false
+}
+
+variable "worker_node_data_disk_storage" {
+  type        = string
+  description = "The storage pool where the data disk is placed."
+  default     = ""
+}
+
+variable "worker_node_data_disk_size" {
+  type        = string
+  description = "The size of worker node data disk in Gigabyte."
+  default     = 10
+}
+
 #
 # Local vars
 # 

providers.tf

@@ -6,6 +6,10 @@ terraform {
       source  = "telmate/proxmox"
       version = "2.9.14"
     }
+    null = {
+      source  = "hashicorp/null"
+      version = "3.2.1"
+    }
   }
 }
 

variables.tf

@@ -58,12 +58,6 @@ variable "ssh_public_keys" {
   description = "SSH public keys in base64."
 }
 
-variable "vm_onboot" {
-  type        = bool
-  description = "VM should be brought up during host system boot."
-  default     = true
-}
-
 variable "vm_user" {
   type    = string
   default = "ubuntu"
@@ -80,29 +74,35 @@ variable "vm_max_vcpus" {
   default     = 2
 }
 
-variable "vm_vcpus" {
-  type        = number
-  description = "The number of CPU cores to allocate to the VM. This should be less or equal to vm_max_vcpus."
-  default     = 2
-}
-
 variable "vm_cpu_type" {
   type        = string
   description = "The type of CPU to emulate in the Guest"
   default     = "host"
 }
 
-variable "vm_os_disk_size_gb" {
-  type        = number
-  description = "The size of VM OS disk in Gigabyte"
-  default     = 20
-}
-
 variable "vm_os_disk_storage" {
   type        = string
   description = "Default storage pool where OS VM disk is placed."
 }
 
+variable "add_worker_node_data_disk" {
+  type        = bool
+  description = "A boolean value that indicates whether to add a data disk to each worker node of the cluster."
+  default     = false
+}
+
+variable "worker_node_data_disk_storage" {
+  type        = string
+  description = "The storage pool where the data disk is placed."
+  default     = ""
+}
+
+variable "worker_node_data_disk_size" {
+  type        = string
+  description = "The size of worker node data disk in Gigabyte."
+  default     = 10
+}
+
 variable "vm_ubuntu_tmpl_name" {
   type        = string
   description = "Name of Cloud-init template Ubuntu VM."
@@ -189,14 +189,6 @@ variable "argocd_version" {
   default     = "v2.4.12"
 }
 
-#
-# Local vars
-# 
-locals {
-  internal_net_subnet_mask = "/${split("/", var.internal_net_subnet_cidr)[1]}"
-  internal_net_default_gw  = cidrhost(var.internal_net_subnet_cidr, 1)
-}
-
 #
 # VM specifications for Kubernetes nodes
 #

vm-k8s-nodes.tf

@@ -23,23 +23,26 @@ module "k8s_control_plane_nodes" {
 module "k8s_worker_nodes" {
   source = "./modules/proxmox_ubuntu_vm"
 
-  node_count          = var.vm_k8s_worker["node_count"]
-  pm_host             = var.pm_host
-  vm_ubuntu_tmpl_name = var.vm_ubuntu_tmpl_name
-  vm_name_prefix      = "${var.env_name}-k8s-worker"
-  vm_max_vcpus        = var.vm_max_vcpus
-  vm_vcpus            = var.vm_k8s_worker["vcpus"]
-  vm_sockets          = var.vm_sockets
-  vm_cpu_type         = var.vm_cpu_type
-  vm_memory_mb        = var.vm_k8s_worker["memory"]
-  vm_os_disk_storage  = var.vm_os_disk_storage
-  vm_os_disk_size_gb  = var.vm_k8s_worker["disk_size"]
-  vm_net_name         = var.internal_net_name
-  vm_net_subnet_cidr  = var.internal_net_subnet_cidr
-  vm_host_number      = 20
-  vm_user             = var.vm_user
-  vm_tags             = "${var.env_name};terraform;k8s-worker"
-  ssh_public_keys     = var.ssh_public_keys
+  node_count                    = var.vm_k8s_worker["node_count"]
+  pm_host                       = var.pm_host
+  vm_ubuntu_tmpl_name           = var.vm_ubuntu_tmpl_name
+  vm_name_prefix                = "${var.env_name}-k8s-worker"
+  vm_max_vcpus                  = var.vm_max_vcpus
+  vm_vcpus                      = var.vm_k8s_worker["vcpus"]
+  vm_sockets                    = var.vm_sockets
+  vm_cpu_type                   = var.vm_cpu_type
+  vm_memory_mb                  = var.vm_k8s_worker["memory"]
+  vm_os_disk_storage            = var.vm_os_disk_storage
+  vm_os_disk_size_gb            = var.vm_k8s_worker["disk_size"]
+  vm_net_name                   = var.internal_net_name
+  vm_net_subnet_cidr            = var.internal_net_subnet_cidr
+  vm_host_number                = 20
+  vm_user                       = var.vm_user
+  vm_tags                       = "${var.env_name};terraform;k8s-worker"
+  ssh_public_keys               = var.ssh_public_keys
+  add_worker_node_data_disk     = var.add_worker_node_data_disk
+  worker_node_data_disk_storage = var.worker_node_data_disk_storage
+  worker_node_data_disk_size    = var.worker_node_data_disk_size
 }
 
 output "k8s_control_plane" {

vm-kubespray-host.tf

@@ -19,8 +19,8 @@ locals {
   kubespray_inventory_content = templatefile(
     "${path.module}/kubespray/inventory.ini",
     {
-      cp_nodes     = "${join("\n", [for host in module.k8s_control_plane_nodes.vm_list : join("", [host.name, " ansible_ssh_host=${host.ip0}", " ansible_connection=ssh"])])}"
-      worker_nodes = "${join("\n", [for host in module.k8s_worker_nodes.vm_list : join("", [host.name, " ansible_ssh_host=${host.ip0}", " ansible_connection=ssh"])])}"
+      cp_nodes     = join("\n", [for host in module.k8s_control_plane_nodes.vm_list : join("", [host.name, " ansible_ssh_host=${host.ip0}", " ansible_connection=ssh"])])
+      worker_nodes = join("\n", [for host in module.k8s_worker_nodes.vm_list : join("", [host.name, " ansible_ssh_host=${host.ip0}", " ansible_connection=ssh"])])
       bastion      = "" # var.bastion_ssh_ip != "" ? "[bastion]\nbastion ansible_host=${var.bastion_ssh_ip} ansible_port=${var.bastion_ssh_port} ansible_user=${var.bastion_ssh_user}" : ""
     }
   )