Merge pull request #11 from aigisuk/develop

✨ add 'pre-install kubernetes dashboard' feature;📄 update readme;♻️ validate region variable
aigisuk · May 5, 2021 · 1201131 · 1201131
2 parents 084cace + f4d6c49
commit 1201131
Show file tree

Hide file tree

Showing 6 changed files with 73 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -1,5 +1,5 @@
 # Terraform DigitalOcean HA K3S Module
-A Terraform module to provision a high availability [K3s](https://k3s.io/) cluster with external database on the DigitalOcean cloud platform.
+An opinionated Terraform module to provision a high availability [K3s](https://k3s.io/) cluster with external database on the DigitalOcean cloud platform. Perfect for development or testing.
 
 ![Terraform, DigitalOcean, K3s illustration](https://res.cloudinary.com/qunux/image/upload/v1618967113/terraform-digitalocean-k3s-repo-logo_f2zyoz.svg)
 
@@ -12,8 +12,9 @@ A Terraform module to provision a high availability [K3s](https://k3s.io/) clust
 * [x] DigitalOcean's CCM ([Cloud Controller Manager](https://github.com/digitalocean/digitalocean-cloud-controller-manager)) and CSI ([Container Storage Interface](https://github.com/digitalocean/csi-digitalocean)) plugins are pre-installed. Enables the cluster to leverage DigitalOcean's load balancer and volume resources
 * [x] Option to make Servers (Masters) schedulable. Default is `false` i.e. `CriticalAddonsOnly=true:NoExecute`
 * [x] Cluster database engine is configurable. Choose from **PostgreSQL** (v11) or **MySQL** (v8)
+* [x] Pre-install the Kubernetes Dashboard (optional)
+* [ ] Pre-install Jetstack's [cert-manager](https://github.com/jetstack/cert-manager) (optional)
 * [ ] Pre-install an ingress controller from **Kong**, **Nginx** or **Traefik v2** (optional)
-* [ ] Pre-install the Kubernetes Dashboard (optional)
 * [ ] Generate custom `kubeconfig` file (optional)
 
 ## Compatibility/Requirements
@@ -65,13 +66,42 @@ Functional examples are included in the
 | server_count | Number of server (master) nodes to provision | number | `2`| no |
 | agent_count | Number of agent (worker) nodes to provision | number | `1`| no |
 | server_taint_criticalonly | Allow only critical addons to be scheduled on servers? (thus preventing workloads from being launched on them) | bool | `true`| no |
+| k8s_dashboard | Pre-Install [Kubernetes Dashboard](https://github.com/kubernetes/dashboard) | bool| `false`| no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
 | cluster_summary | A summary of the cluster's provisioned resources. |
 
+## Pre-Install the Kubernetes Dashboard
+
+The [Kubernetes Dashboard](https://github.com/kubernetes/dashboard) can pre pre-installed by setting input variable `k8s_dashboard` to `true`.
+
+A Service Account with the name `admin-user` is auto created and granted admin privileges. Use the following `kubectl` command to obtain the Bearer Token for the `admin-user`:
+
+```
+kubectl -n kubernetes-dashboard describe secret admin-user-token | awk '$1=="token:"{print $2}'
+```
+Output:
+```
+eyJhbGciOiJSUzI1NiI....JmL-nP-x1SPjOCNfZkg
+```
+
+Use `kubectl port-forward` to access the dashboard:
+
+```
+kubectl port-forward -n kubernetes-dashboard service/kubernetes-dashboard 8080:443
+```
+
+To access the Kubernetes Dashboard go to:
+```
+https://localhost:8080
+```
+Select the `Token` option, enter the `admin-user` Bearer Token obtained earlier and click `Sign in`:
+
+![Kubernetes-Dashboard-Login](https://user-images.githubusercontent.com/12916656/117087905-c3d99800-ad48-11eb-9245-6a73578c5e3a.png)
+
 ## Cost
 
 A default deployment of this module provisions the following resources:

diff --git a/examples/github_actions/README.md b/examples/github_actions/README.md
@@ -1,6 +1,6 @@
 # GitHub Actions Deployment Example
 
-This example is specifically for module tests.
+This example is specifically for module tests via GitHub Actions.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Inputs

diff --git a/manifests/k8s-dashboard.yaml b/manifests/k8s-dashboard.yaml
@@ -300,3 +300,26 @@ spec:
       volumes:
         - name: tmp-volume
           emptyDir: {}
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+  namespace: kubernetes-dashboard
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: admin-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: admin-user
+  namespace: kubernetes-dashboard
diff --git a/server_init.tf b/server_init.tf
@@ -23,6 +23,7 @@ resource "digitalocean_droplet" "k3s_server_init" {
     csi_crds_manifest   = file("${path.module}/manifests/do-csi/crds.yaml")
     csi_driver_manifest = file("${path.module}/manifests/do-csi/driver.yaml")
     csi_sc_manifest     = file("${path.module}/manifests/do-csi/snapshot-controller.yaml")
+    k8s_dashboard       = var.k8s_dashboard == true ? file("${path.module}/manifests/k8s-dashboard.yaml") : ""
   })
 }
 

diff --git a/user_data/ks3_server_init.sh b/user_data/ks3_server_init.sh
@@ -54,4 +54,9 @@ EOF
 # csi snapshot controller
 cat <<'EOF' | sudo tee /var/lib/rancher/k3s/server/manifests/snapshot-controller.yaml
 ${csi_sc_manifest}
+EOF
+
+kubernetes dashboard
+cat <<'EOF' | sudo tee /var/lib/rancher/k3s/server/manifests/k8s-dashboard.yaml
+${k8s_dashboard}
 EOF
diff --git a/variables.tf b/variables.tf
@@ -12,11 +12,15 @@ variable "region" {
   type        = string
   description = "Region in which to deploy the cluster"
   default     = "fra1"
+  validation {
+    condition     = length(regexall("^nyc1|sfo1|nyc2|ams2|sgp1|lon1|nyc3|ams3|fra1|tor1|sfo2|blr1|sfo3$", var.region)) > 0
+    error_message = "Invalid region. Valid regions are nyc1, sfo1, nyc2, ams2, sgp1, lon1, nyc3, ams3, fra1, tor1, sfo2, blr1 or sfo3."
+  }
 }
 
 variable "k3s_channel" {
   type        = string
-  description = "K3s release channel. 'stable', 'latest', 'testing' or a specific channel e.g. 'v1.20'"
+  description = "K3s release channel. 'stable', 'latest', 'testing' or a specific channel or version e.g. 'v1.20', 'v1.21.0+k3s1'"
   default     = "stable"
 }
 
@@ -84,4 +88,10 @@ variable "server_taint_criticalonly" {
   type        = bool
   description = "Allow only critical addons to be scheduled on servers? (thus preventing workloads from being launched on them)"
   default     = true
+}
+
+variable "k8s_dashboard" {
+  type        = bool
+  description = "Pre-install the Kubernetes Dashboard? (Default is false)"
+  default     = false
 }