This module installs RKE2 on most Linux based servers.
Only two of the providers require setup:
We recommend setting the following environment variables for quick personal use:
GITHUB_TOKEN
GITHUB_OWNER
AWS_REGION
AWS_SECRET_ACCESS_KEY
AWS_ACCESS_KEY_ID
ZONEYou will need Curl available on the server running Terraform. The server installing RKE2 will also need Curl, please see the examples.
You will need write access to the filesystem on the server running Terraform. If downloading the files from GitHub, then you will need about 3GB storage space available in the 'local_file_path' location (defaults to ./rke2).
Where do I put my config files?
This module assumes all *.yaml files in the local_file_path are config files which can go in /etc/rancher/rke2/config/yaml.d and be used to configure rke2
see https://docs.rke2.io/install/configuration#multiple-config-files for more information.
If you are using the 'tar' install path you may supply files in that same path to fully control what is installed, you must use the expected names for the files:
generally that is:
"rke2-images.${local.system}-${local.arch}.tar.gz""rke2.${local.system}-${local.arch}.tar.gz""sha256sum-${local.arch}.txt"
If you do not want to download these files manually, you may use the rancher/rke2-download/github module to download the files automatically into your specified path for consumption within this module.
We have a few example implementations to get you started, these examples are tested in our CI before release. When you use them, update the source and version to use the Terraform registry.
The specific use case for the example modules is temporary infrastructure for testing purposes.
With that in mind, it is not expected that we manage the resources as a team, therefore the state files are all stored locally.
If you would like to store the state files remotely, add a terraform backend file (*.name.tfbackend) to your root module.
https://www.terraform.io/language/settings/backends/configuration#file
Please make sure to read terraform.md to understand the paradigms and expectations that this module has for development.
It is important to us that all collaborators have the ability to develop in similar environments, so we use tools which enable this as much as possible. These tools are not necessary, but they can make it much simpler to collaborate.
- I use nix that I have installed using their recommended script
- I source
source .envrcto enter the environment - I use the
run_tests.shscript to validate any change - I store my credentials in a local files and generate a symlink to them
- eg.
~/.config/github/default/rc - this will be automatically sourced when you enter the nix environment (and unloaded when you leave)
- see the
.envrcand.rcsfile for the implementation
- eg.
Our continuous integration uses Nix to ensure a consistent environment.
Our CI has special integrations with AWS to allow secure authentication, see https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/configuring-openid-connect-in-amazon-web-services for more information.