From c4aaeea0fb5d43cf7d3d8d0fb93fad9048ddd4e9 Mon Sep 17 00:00:00 2001
From: Colin Wilson <colin.wilson@protonmail.ch>
Date: Wed, 5 May 2021 02:04:25 +0100
Subject: [PATCH 1/4] =?UTF-8?q?=E2=9C=A8=20add=20'pre-install=20kubernetes?=
 =?UTF-8?q?=20dashboard'=20feature=20=F0=9F=93=84=20update=20readme=20?=
 =?UTF-8?q?=E2=99=BB=EF=B8=8F=20validate=20region=20variable?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md                         | 24 +++++++++++++++++++++++-
 examples/github_actions/README.md |  2 +-
 manifests/k8s-dashboard.yaml      | 23 +++++++++++++++++++++++
 server_init.tf                    |  1 +
 user_data/ks3_server_init.sh      |  5 +++++
 variables.tf                      | 12 +++++++++++-
 6 files changed, 64 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 398ec10..8fe45b9 100644
--- a/README.md
+++ b/README.md
@@ -12,8 +12,8 @@ A Terraform module to provision a high availability [K3s](https://k3s.io/) clust
 * [x] DigitalOcean's CCM ([Cloud Controller Manager](https://github.com/digitalocean/digitalocean-cloud-controller-manager)) and CSI ([Container Storage Interface](https://github.com/digitalocean/csi-digitalocean)) plugins are pre-installed. Enables the cluster to leverage DigitalOcean's load balancer and volume resources
 * [x] Option to make Servers (Masters) schedulable. Default is `false` i.e. `CriticalAddonsOnly=true:NoExecute`
 * [x] Cluster database engine is configurable. Choose from **PostgreSQL** (v11) or **MySQL** (v8)
+* [x] Pre-install the Kubernetes Dashboard (optional)
 * [ ] Pre-install an ingress controller from **Kong**, **Nginx** or **Traefik v2** (optional)
-* [ ] Pre-install the Kubernetes Dashboard (optional)
 * [ ] Generate custom `kubeconfig` file (optional)
 
 ## Compatibility/Requirements
@@ -65,6 +65,7 @@ Functional examples are included in the
 | server_count | Number of server (master) nodes to provision | number | `2`| no |
 | agent_count | Number of agent (worker) nodes to provision | number | `1`| no |
 | server_taint_criticalonly | Allow only critical addons to be scheduled on servers? (thus preventing workloads from being launched on them) | bool | `true`| no |
+| k8s_dashboard | Pre-Install [Kubernetes Dashboard](https://github.com/kubernetes/dashboard) | bool| `false`| no |
 
 ## Outputs
 
@@ -72,6 +73,27 @@ Functional examples are included in the
 |------|-------------|
 | cluster_summary | A summary of the cluster's provisioned resources. |
 
+## Pre-Install the Kubernetes Dashboard
+
+The [Kubernetes Dashboard](https://github.com/kubernetes/dashboard) can pre pre-installed by setting module variable `k8s_dashboard` to `true`.
+
+A Service Account with the name `admin-user` is auto created and granted admin privileges. You can obtain the Bearer Token for the `admin-user` via the following `kubectl` command:
+
+```
+kubectl -n kubernetes-dashboard describe secret admin-user-token | awk '$1=="token:"{print $2}'
+```
+
+Then use `kubectl port-forward` to access the dashboard:
+
+```
+kubectl  port-forward -n kubernetes-dashboard service/kubernetes-dashboard 8080:443
+```
+
+To access Kubernetes Dashboard go to:
+```
+https://localhost:8080
+```
+
 ## Cost
 
 A default deployment of this module provisions the following resources:
diff --git a/examples/github_actions/README.md b/examples/github_actions/README.md
index 28ec51c..3de4ce7 100644
--- a/examples/github_actions/README.md
+++ b/examples/github_actions/README.md
@@ -1,6 +1,6 @@
 # GitHub Actions Deployment Example
 
-This example is specifically for module tests.
+This example is specifically for module tests via GitHub Actions.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Inputs
diff --git a/manifests/k8s-dashboard.yaml b/manifests/k8s-dashboard.yaml
index 531ab1f..79fab2b 100644
--- a/manifests/k8s-dashboard.yaml
+++ b/manifests/k8s-dashboard.yaml
@@ -300,3 +300,26 @@ spec:
       volumes:
         - name: tmp-volume
           emptyDir: {}
+
+---
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+  namespace: kubernetes-dashboard
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: admin-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: admin-user
+  namespace: kubernetes-dashboard
\ No newline at end of file
diff --git a/server_init.tf b/server_init.tf
index fe14a93..d5dd8b6 100644
--- a/server_init.tf
+++ b/server_init.tf
@@ -23,6 +23,7 @@ resource "digitalocean_droplet" "k3s_server_init" {
     csi_crds_manifest   = file("${path.module}/manifests/do-csi/crds.yaml")
     csi_driver_manifest = file("${path.module}/manifests/do-csi/driver.yaml")
     csi_sc_manifest     = file("${path.module}/manifests/do-csi/snapshot-controller.yaml")
+    k8s_dashboard       = var.k8s_dashboard == true ? file("${path.module}/manifests/k8s-dashboard.yaml") : ""
   })
 }
 
diff --git a/user_data/ks3_server_init.sh b/user_data/ks3_server_init.sh
index 0941718..278156c 100644
--- a/user_data/ks3_server_init.sh
+++ b/user_data/ks3_server_init.sh
@@ -54,4 +54,9 @@ EOF
 # csi snapshot controller
 cat <<'EOF' | sudo tee /var/lib/rancher/k3s/server/manifests/snapshot-controller.yaml
 ${csi_sc_manifest}
+EOF
+
+kubernetes dashboard
+cat <<'EOF' | sudo tee /var/lib/rancher/k3s/server/manifests/k8s-dashboard.yaml
+${k8s_dashboard}
 EOF
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 7d81933..beee304 100644
--- a/variables.tf
+++ b/variables.tf
@@ -12,11 +12,15 @@ variable "region" {
   type        = string
   description = "Region in which to deploy the cluster"
   default     = "fra1"
+  validation {
+    condition     = length(regexall("^nyc1|sfo1|nyc2|ams2|sgp1|lon1|nyc3|ams3|fra1|tor1|sfo2|blr1|sfo3$", var.region)) > 0
+    error_message = "Invalid region. Valid regions are nyc1, sfo1, nyc2, ams2, sgp1, lon1, nyc3, ams3, fra1, tor1, sfo2, blr1 or sfo3."
+  }
 }
 
 variable "k3s_channel" {
   type        = string
-  description = "K3s release channel. 'stable', 'latest', 'testing' or a specific channel e.g. 'v1.20'"
+  description = "K3s release channel. 'stable', 'latest', 'testing' or a specific channel or version e.g. 'v1.20', 'v1.21.0+k3s1'"
   default     = "stable"
 }
 
@@ -84,4 +88,10 @@ variable "server_taint_criticalonly" {
   type        = bool
   description = "Allow only critical addons to be scheduled on servers? (thus preventing workloads from being launched on them)"
   default     = true
+}
+
+variable "k8s_dashboard" {
+  type        = bool
+  description = "Pre-install the Kubernetes Dashboard? (Default is false)"
+  default     = false
 }
\ No newline at end of file

From 36a109c752ec0131e05bffa667f317f28ec7678b Mon Sep 17 00:00:00 2001
From: Colin Wilson <colin.wilson@protonmail.ch>
Date: Wed, 5 May 2021 02:31:20 +0100
Subject: [PATCH 2/4] =?UTF-8?q?=F0=9F=93=84=20readme=20update?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 8fe45b9..2405a0a 100644
--- a/README.md
+++ b/README.md
@@ -75,24 +75,31 @@ Functional examples are included in the
 
 ## Pre-Install the Kubernetes Dashboard
 
-The [Kubernetes Dashboard](https://github.com/kubernetes/dashboard) can pre pre-installed by setting module variable `k8s_dashboard` to `true`.
+The [Kubernetes Dashboard](https://github.com/kubernetes/dashboard) can pre pre-installed by setting input variable `k8s_dashboard` to `true`.
 
-A Service Account with the name `admin-user` is auto created and granted admin privileges. You can obtain the Bearer Token for the `admin-user` via the following `kubectl` command:
+A Service Account with the name `admin-user` is auto created and granted admin privileges. Use the following `kubectl` command to obtain the Bearer Token for the `admin-user`:
 
 ```
 kubectl -n kubernetes-dashboard describe secret admin-user-token | awk '$1=="token:"{print $2}'
 ```
+Output:
+```
+eyJhbGciOiJSUzI1NiI....JmL-nP-x1SPjOCNfZkg
+```
 
-Then use `kubectl port-forward` to access the dashboard:
+You can use `kubectl port-forward` to access the dashboard:
 
 ```
 kubectl  port-forward -n kubernetes-dashboard service/kubernetes-dashboard 8080:443
 ```
 
-To access Kubernetes Dashboard go to:
+To access the Kubernetes Dashboard go to:
 ```
 https://localhost:8080
 ```
+Select the `Token` option and enter the `admin-user` Bearer Token you obtained earlier and click `Sign in`:
+
+![Kubernetes-Dashboard-Login](https://user-images.githubusercontent.com/12916656/117087905-c3d99800-ad48-11eb-9245-6a73578c5e3a.png)
 
 ## Cost
 

From fa97d1fc6dc9fdc605f96f4239b5284332599118 Mon Sep 17 00:00:00 2001
From: Colin Wilson <colin.wilson@protonmail.ch>
Date: Wed, 5 May 2021 02:41:01 +0100
Subject: [PATCH 3/4] =?UTF-8?q?=F0=9F=93=84=20readme=20update?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 2405a0a..d16baa2 100644
--- a/README.md
+++ b/README.md
@@ -87,17 +87,17 @@ Output:
 eyJhbGciOiJSUzI1NiI....JmL-nP-x1SPjOCNfZkg
 ```
 
-You can use `kubectl port-forward` to access the dashboard:
+Use `kubectl port-forward` to access the dashboard:
 
 ```
-kubectl  port-forward -n kubernetes-dashboard service/kubernetes-dashboard 8080:443
+kubectl port-forward -n kubernetes-dashboard service/kubernetes-dashboard 8080:443
 ```
 
 To access the Kubernetes Dashboard go to:
 ```
 https://localhost:8080
 ```
-Select the `Token` option and enter the `admin-user` Bearer Token you obtained earlier and click `Sign in`:
+Select the `Token` option, enter the `admin-user` Bearer Token obtained earlier and click `Sign in`:
 
 ![Kubernetes-Dashboard-Login](https://user-images.githubusercontent.com/12916656/117087905-c3d99800-ad48-11eb-9245-6a73578c5e3a.png)
 

From f4d6c49ea765dcc9a52e93712a38628a7ecf4039 Mon Sep 17 00:00:00 2001
From: Colin Wilson <colin.wilson@protonmail.ch>
Date: Wed, 5 May 2021 02:48:02 +0100
Subject: [PATCH 4/4] =?UTF-8?q?=F0=9F=93=84=20readme=20update?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index d16baa2..11f9619 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 # Terraform DigitalOcean HA K3S Module
-A Terraform module to provision a high availability [K3s](https://k3s.io/) cluster with external database on the DigitalOcean cloud platform.
+An opinionated Terraform module to provision a high availability [K3s](https://k3s.io/) cluster with external database on the DigitalOcean cloud platform. Perfect for development or testing.
 
 ![Terraform, DigitalOcean, K3s illustration](https://res.cloudinary.com/qunux/image/upload/v1618967113/terraform-digitalocean-k3s-repo-logo_f2zyoz.svg)
 
@@ -13,6 +13,7 @@ A Terraform module to provision a high availability [K3s](https://k3s.io/) clust
 * [x] Option to make Servers (Masters) schedulable. Default is `false` i.e. `CriticalAddonsOnly=true:NoExecute`
 * [x] Cluster database engine is configurable. Choose from **PostgreSQL** (v11) or **MySQL** (v8)
 * [x] Pre-install the Kubernetes Dashboard (optional)
+* [ ] Pre-install Jetstack's [cert-manager](https://github.com/jetstack/cert-manager) (optional)
 * [ ] Pre-install an ingress controller from **Kong**, **Nginx** or **Traefik v2** (optional)
 * [ ] Generate custom `kubeconfig` file (optional)