Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: rancher/terraform-provider-rancher2
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v3.1.1
Choose a base ref
...
head repository: rancher/terraform-provider-rancher2
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v3.2.0
Choose a head ref
  • 19 commits
  • 22 files changed
  • 5 contributors

Commits on Aug 3, 2023

  1. Copy the full SHA
    99c9350 View commit details
  2. Merge pull request #1188 from rancher/a-blender-patch-3

    Update CHANGELOG for docs patch v3.1.1
    a-blender authored Aug 3, 2023
    Copy the full SHA
    1362af8 View commit details

Commits on Aug 7, 2023

  1. Copy the full SHA
    187a69c View commit details

Commits on Aug 8, 2023

  1. Copy the full SHA
    7b9d01c View commit details

Commits on Aug 9, 2023

  1. Add script to build local binary

    Anna Blendermann committed Aug 9, 2023
    Copy the full SHA
    7b304a8 View commit details

Commits on Aug 10, 2023

  1. Copy the full SHA
    0a79a1c View commit details

Commits on Aug 11, 2023

  1. Merge pull request #1034 from a-blender/add-tf-local-binary-script

    [Q3] Add script to build local binary
    a-blender authored Aug 11, 2023
    Copy the full SHA
    baefd26 View commit details

Commits on Aug 18, 2023

  1. Backport branching info

    Anna Blendermann committed Aug 18, 2023
    Copy the full SHA
    c76abaf View commit details
  2. Merge pull request #1202 from a-blender/branch-tf-release-v3-backport

    [Backport release/v3] Update branching info
    a-blender authored Aug 18, 2023
    Copy the full SHA
    7f84585 View commit details

Commits on Sep 19, 2023

  1. Copy the full SHA
    1dab55c View commit details
  2. Merge pull request #1227 from thatmidwesterncoder/backport_942

    [Backport release/v3] [Docs] Remove keypair_name for amazonec2_config (#942)
    a-blender authored Sep 19, 2023
    Copy the full SHA
    a9770ee View commit details

Commits on Sep 26, 2023

  1. Revert "Remove OpenStack keypair_name references" (#1235)

    * Revert "Remove OpenStack keypair_name references"
    
    This reverts commit 4096070.
    
    * Add note to docs that keypair_name for openstack is required to be in the schema even if there are no references in rancher
    thatmidwesterncoder committed Sep 26, 2023
    Copy the full SHA
    f59cc95 View commit details
  2. Merge pull request #1236 from thatmidwesterncoder/backport_7527894

    [Backport release/v3] Revert "Remove OpenStack keypair_name references"
    thatmidwesterncoder authored Sep 26, 2023
    Copy the full SHA
    d94d5b6 View commit details

Commits on Oct 2, 2023

  1. Update msc schema and docs

    Anna Blendermann committed Oct 2, 2023
    Copy the full SHA
    74d5cce View commit details
  2. Merge pull request #1239 from a-blender/msc-schema-update-backport

    [Backport release/v3] Update msc schema and docs
    a-blender authored Oct 2, 2023
    Copy the full SHA
    1e152f4 View commit details

Commits on Oct 5, 2023

  1. Backport cluster config load err fix

    Anna Blendermann committed Oct 5, 2023
    Copy the full SHA
    40d884f View commit details
  2. Merge pull request #1245 from a-blender/fix-cluster-config-load-err-b…

    …ackport
    
    [Backport release/v3] Set protect-kernel-defaults on v2 clusters
    a-blender authored Oct 5, 2023
    Copy the full SHA
    8264cad View commit details

Commits on Oct 12, 2023

  1. Copy the full SHA
    75a20d5 View commit details

Commits on Oct 13, 2023

  1. Merge pull request #1252 from thatmidwesterncoder/changelog_3.2.0

    Update CHANGELOG for v3.2.0
    thatmidwesterncoder authored Oct 13, 2023
    Copy the full SHA
    59ba43c View commit details
39 changes: 38 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,40 @@
## 3.2.0 (October 12, 2023)

FEATURES:



ENHANCEMENTS:

* Add retry logic to rancher2_cluster update. See https://github.com/rancher/terraform-provider-rancher2/pull/1159
* Set protect-kernel-defaults on v2 clusters. See https://github.com/rancher/terraform-provider-rancher2/pull/1245
* Add group_search_filter, user_search_filter, and start_tls to LDAP Auth Config. See https://github.com/rancher/terraform-provider-rancher2/pull/1173
* [Docs] Update branching info. See https://github.com/rancher/terraform-provider-rancher2/pull/1202
* [Docs] Remove keypair_name for amazonec2_config. See https://github.com/rancher/terraform-provider-rancher2/pull/1227
* [Docs] Update msc schema and docs. See https://github.com/rancher/terraform-provider-rancher2/pull/1239

BUG FIXES:
* Fix machine selector config to allow kubelet arg list. See https://github.com/rancher/terraform-provider-rancher2/pull/1181



## 3.1.1 (August 3, 2023)

FEATURES:



ENHANCEMENTS:

* [Docs] Add Terraform docs for cluster and fleet agent customization, PSACT support, and authentication ping `entity_field_id` for the v3.1.1 patch release. See [#1175](https://github.com/rancher/terraform-provider-rancher2/pull/1175)
* [Docs] Fix broken markdown in `rancher2_cluster` resource. See [#1180](https://github.com/rancher/terraform-provider-rancher2/pull/1180)
* [Docs] Update wording in registry resource. See [#1185](https://github.com/rancher/terraform-provider-rancher2/pull/1185)
* [Docs] Add example for multiple machine pools in RKE2. See [#957](https://github.com/rancher/terraform-provider-rancher2/pull/957)

BUG FIXES:



## 3.1.0 (June 25, 2023)

FEATURES:
@@ -12,7 +49,7 @@ FEATURES:
* Add Pod Security Admission Configuration Template (PSACT) support with state migration logic for 1.25+ RKE and v2 prov clusters. See [#1119](https://github.com/rancher/terraform-provider-rancher2/pull/1119) and [#1117](https://github.com/rancher/terraform-provider-rancher2/pull/1117)
* **New Argument** `default_pod_security_admission_configuration_template_name` - (Optional) Cluster default pod security admission configuration template name (string)
* **New Argument** `default_pod_security_admission_configuration_template_name` - (Computed) Cluster V2 default pod security admission configuration template name (string)

ENHANCEMENTS:

* **New Argument** `entity_id_field` - (Optional) Entity ID for authentication config (string). See [#1163](https://github.com/rancher/terraform-provider-rancher2/pull/1163)
8 changes: 5 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
@@ -97,17 +97,19 @@ See [test process](docs/test-process.md) for details on release testing (_Terraf
Branching the Provider
---------------------------

The provider is branched into two release lines that have major version alignment with Rancher 2.6 and 2.7. The `release/v2` branch with 2.0.0+ is aligned with Rancher 2.6 and `master` with 3.0.0+ is aligned with Rancher 2.7. Terraform provider fixes and new features will be available on `master` but only critical bug fixes will be backported to `release/v2`.
The provider is branched into three release lines with major version alignment with Rancher 2.6, 2.7, and 2.8. The `release/v2` branch with 2.0.0+ is aligned with Rancher 2.6, the `release/v3` branch with 3.0.0+ is aligned with Rancher 2.7, and the `master` branch with 4.0.0+ is aligned with Rancher 2.8. The lifecycle of each major provider version is aligned with the lifecycle of each Rancher minor version. For example, provider versions 4.0.x which are aligned with Rancher 2.8.x will only be actively maintained until the EOM for Rancher 2.8.x and supported until EOL for Rancher 2.8.x.

See the [Rancher support matrix](https://www.suse.com/lifecycle/#rancher) for details.

Aligning major provider releases with minor Rancher releases means,

* We can follow semver
* We can cut patch/minor versions on an as-needed basis to fix bugs or add new resources
* We can cut patch/minor versions on an as-needed basis to fix bugs or add new resources
* We have 'out of band' flexibility and are only tied to releasing a new version of the provider when we get a new 2.x Rancher minor version.

See the [compatibility matrix](docs/compatibility-matrix.md) for details.

If you are using Terraform to provision clusters on instances of Rancher 2.6 and 2.7, you must have a separate configuration in a separate dir for each provider. Otherwise, Terraform will overwrite the `.tfstate` file every time you switch versions.
If you are using Terraform to provision clusters on instances of Rancher 2.7 and 2.8, you must have a separate configuration in a separate dir for each provider. Otherwise, Terraform will overwrite the `.tfstate` file every time you switch versions.

Releasing the Provider
---------------------------
23 changes: 17 additions & 6 deletions docs/compatibility-matrix.md
Original file line number Diff line number Diff line change
@@ -6,15 +6,26 @@ The version matrix specifies the Terraform provider version _recommended_ to use

#### Rancher 2.6

| Terraform provider version | Rancher |
|----------------------------------------|:-------:|
| 2.0.0 | 2.6.11 |
| Terraform provider version | Rancher | Notes |
|----------------------------------------|:-------:|:-----------:|
| 2.0.0 | 2.6.11 | Bug fixes |

#### Rancher 2.7

| Terraform provider version | Rancher |
|----------------------------------------|:-------:|
| 3.0.0 | 2.7.2 |
| Terraform provider version | Rancher | Notes |
|----------------------------|:-------:|-----------------------------------------------------------------------------------------------------|
| 3.0.0 | 2.7.2 | Kubernetes 1.25 support, Azure / EKS / Harvester features<br/>and bug fixes |
| 3.0.1 | 2.7.4 | Fix to support old Harvester config |
| 3.0.2 | 2.7.4 | Fix Harvester disk_size default value |
| 3.1.0 | 2.7.5 | Cluster Agent customization, PSACT support for 1.25+ clusters,<br/>custom user tokens and bug fixes |
| 3.1.1 | 2.7.5 | Docs patch |
| 3.2.0 | 2.7.x | |

#### Rancher 2.8

| Terraform provider version | Rancher | Notes |
|----------------------------|:-------:|-------|
| 4.0.0 | 2.8.x | | |

#### FAQ

140 changes: 72 additions & 68 deletions docs/resources/cluster_v2.md
Original file line number Diff line number Diff line change
@@ -15,7 +15,7 @@ Provides a Rancher v2 Cluster v2 resource. This can be used to create RKE2 and K
# Create a new rancher v2 RKE2 custom Cluster v2
resource "rancher2_cluster_v2" "foo" {
name = "foo"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
fleet_namespace = "fleet-ns"
enable_network_policy = false
default_cluster_role_for_project_members = "user"
@@ -25,15 +25,15 @@ resource "rancher2_cluster_v2" "foo" {
resource "rancher2_cluster_v2" "foo" {
name = "foo"
fleet_namespace = "fleet-ns"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
enable_network_policy = false
default_cluster_role_for_project_members = "user"
}
```

**Note:** Once created, get the node command from `rancher2_cluster_v2.foo.cluster_registration_token`

### Creating Rancher v2 amazonec2 cluster v2
### Creating Rancher v2 AmazonEC2 cluster v2

```hcl
# Create amazonec2 cloud credential
@@ -49,19 +49,19 @@ resource "rancher2_cloud_credential" "foo" {
resource "rancher2_machine_config_v2" "foo" {
generate_name = "test-foo"
amazonec2_config {
ami = "<AMI_ID>"
region = "<REGION>"
security_group = [<AWS_SG>]
subnet_id = "<SUBNET_ID>"
vpc_id = "<VPC_ID>"
zone = "<ZONE>"
ami = "ami-id"
region = "region"
security_group = ["security-group"]
subnet_id = "subnet-id"
vpc_id = "vpc-id"
zone = "zone"
}
}
# Create a new rancher v2 Cluster with multiple machine pools
resource "rancher2_cluster_v2" "foo-rke2" {
name = "foo-rke2"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
enable_network_policy = false
default_cluster_role_for_project_members = "user"
rke_config {
@@ -98,7 +98,7 @@ resource "rancher2_cluster_v2" "foo-rke2" {
# Create a new rancher v2 amazonec2 RKE2 Cluster v2
resource "rancher2_cluster_v2" "foo-rke2" {
name = "foo-rke2"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
enable_network_policy = false
default_cluster_role_for_project_members = "user"
rke_config {
@@ -120,7 +120,7 @@ resource "rancher2_cluster_v2" "foo-rke2" {
# Create a new rancher v2 amazonec2 K3S Cluster v2
resource "rancher2_cluster_v2" "foo-k3s" {
name = "foo-k3s"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
enable_network_policy = false
default_cluster_role_for_project_members = "user"
rke_config {
@@ -145,27 +145,27 @@ resource "rancher2_cluster_v2" "foo-k3s" {
resource "rancher2_cloud_credential" "foo" {
name = "foo"
amazonec2_credential_config {
access_key = "<ACCESS_KEY>"
secret_key = "<SECRET_KEY>"
access_key = "access-key"
secret_key = "secret-key"
}
}
# Create amazonec2 machine config v2
resource "rancher2_machine_config_v2" "foo" {
generate_name = "test-foo"
amazonec2_config {
ami = "<AMI_ID>"
region = "<REGION>"
security_group = [<AWS_SG>]
subnet_id = "<SUBNET_ID>"
vpc_id = "<VPC_ID>"
zone = "<ZONE>"
ami = "ami-id"
region = "region"
security_group = ["security-group"]
subnet_id = "subnet-id"
vpc_id = "vpc-id"
zone = "zone"
}
}
resource "rancher2_cluster_v2" "foo" {
name = "foo"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
enable_network_policy = false
rke_config {
machine_pools {
@@ -249,18 +249,18 @@ EOF
```hcl
resource "rancher2_cluster_v2" "foo_cluster_v2" {
name = "cluster-with-custom-registry"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
rke_config {
machine_selector_config {
config = {
system-default-registry: "<CUSTOM_REGISTRY_HOSTNAME>"
system-default-registry: "custom-registry-hostname"
}
}
registries {
configs {
hostname = "<CUSTOM_REGISTRY_HOSTNAME>"
auth_config_secret_name = "<AUTH_CONFIG_SECRET_NAME>"
insecure = <TLS_INSECURE_BOOL>
hostname = "custom-registry-hostname"
auth_config_secret_name = "auth-config-secret-name"
insecure = <tls-insecure-bool>
tls_secret_name = ""
ca_bundle = ""
}
@@ -269,38 +269,25 @@ resource "rancher2_cluster_v2" "foo_cluster_v2" {
}
```
**Note:**
The `<AUTH_CONFIG_SECRET_NAME>` represents a generic kubernetes secret which contains two keys with base64 encoded values: the `username` and `password` for the specified custom registry. If the `system-default-registry` is not authenticated, no secret is required and the section within the `rke_config` can be omitted if not otherwise needed.
The `<AUTH_CONFIG_SECRET_NAME>` represents a generic kubernetes secret which contains two keys with base64 encoded values: the `username` and `password` for the specified custom registry. If the `system-default-registry` is not authenticated, no secret is required and the section within the `rke_config` can be omitted if not otherwise needed.

Many registries may be specified in the `rke_config`s `registries` section, however the `system-default-registry` from which core system images are pulled is always denoted via the `system-default-registry` key of the `machine_selector_config` or the `machine_global_config`. For more information on private registries, please refer to [the Rancher documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry#setting-a-private-registry-with-credentials-when-deploying-a-cluster)
Many registries may be specified in the `rke_config`s `registries` section, however the `system-default-registry` from which core system images are pulled is always denoted via the `system-default-registry` key of the `machine_selector_config` or the `machine_global_config`. For more information on private registries, please refer to [the Rancher documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/global-default-private-registry#setting-a-private-registry-with-credentials-when-deploying-a-cluster)

### Creating Rancher V2 cluster with cluster agent customization. For Rancher v2.7.5 and above.

```hcl
resource "rancher2_cluster_v2" "foo" {
name = "foo"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
enable_network_policy = false
rke_config {
machine_pools {
name = "pool1"
cloud_credential_secret_name = rancher2_cloud_credential.foo.id
control_plane_role = true
etcd_role = true
worker_role = true
quantity = 1
machine_config {
kind = rancher2_machine_config_v2.foo.kind
name = rancher2_machine_config_v2.foo.name
}
}
cluster_agent_deployment_customization {
append_tolerations {
effect = "NoSchedule"
key = "tolerate/control-plane"
value = "true"
}
cluster_agent_deployment_customization {
append_tolerations {
effect = "NoSchedule"
key = "tolerate/control-plane"
value = "true"
}
override_affinity = <<EOF
override_affinity = <<EOF
{
"nodeAffinity": {
"requiredDuringSchedulingIgnoredDuringExecution": {
@@ -317,12 +304,14 @@ resource "rancher2_cluster_v2" "foo" {
}
}
EOF
override_resource_requirements {
cpu_limit = "800"
cpu_request = "500"
memory_limit = "800"
memory_request = "500"
override_resource_requirements {
cpu_limit = "800"
cpu_request = "500"
memory_limit = "800"
memory_request = "500"
}
}
machine_pools ...
}
}
```
@@ -333,14 +322,14 @@ EOF

```hcl
locals {
version = "rke2" // will be k3s for K3s clusters
version = "rke2" // k3s for K3s clusters
rancher_psact_mount_path = "/etc/rancher/${local.version}/config/rancher-psact.yaml"
kube_apiserver_arg = var.default_psa_template != null && var.default_psa_template != "" ? ["admission-control-config-file=${local.rancher_psact_mount_path}"] : []
}
resource "rancher2_cluster_v2" "foo" {
name = "foo"
kubernetes_version = "<RANCHER_KUBERNETES_VERSION>"
kubernetes_version = "rancher-kubernetes-version"
enable_network_policy = false
default_pod_security_admission_configuration_template_name = "rancher-restricted"
rke_config {
@@ -350,18 +339,33 @@ resource "rancher2_cluster_v2" "foo" {
etcd-expose-metrics = false
kube-apiserver-arg = local.kube_apiserver_arg
})
machine_pools {
name = "pool1"
cloud_credential_secret_name = rancher2_cloud_credential.foo.id
control_plane_role = true
etcd_role = true
worker_role = true
quantity = 1
machine_config {
kind = rancher2_machine_config_v2.foo.kind
name = rancher2_machine_config_v2.foo.name
machine_pools ...
}
}
```

### Creating Rancher V2 cluster with Machine Selector Config. For Rancher 2.7.7 and above.

```hcl
resource "rancher2_cluster_v2" "foo" {
name = "foo"
kubernetes_version = "rancher-kubernetes-version"
enable_network_policy = false
rke_config {
machine_selector_config {
machine_label_selector {
match_expressions {
key = "node-label-key"
operator = "In"
values = ["node-label-value"]
}
}
config = <<EOF
kubelet-arg:
- cloud-provider-name=external
EOF
}
machine_pools ...
}
}
```
@@ -714,7 +718,7 @@ The following attributes are exported:
* `unhealthy_range` - (Optional) Range of unhealthy nodes for automated replacement to be allowed (string)
* `machine_labels` - (Optional) Labels for Machine pool nodes (map)
* `labels` - (Optional) Labels for Machine Deployment Resource (map)
* `annotations` - (Optional) Annotations for Machine Deployment Resource (map)
* `annotations` - (Optional) Annotations for Machine Deployment Resource (map)

##### `machine_config`

@@ -743,7 +747,7 @@ The following attributes are exported:
##### Arguments

* `machine_label_selector` - (Optional) Machine selector label (list maxitems:1)
* `config` - (Optional) Machine selector config (map)
* `config` - (Optional) Machine selector config. Must be in YAML format (string)

##### `machine_label_selector`

@@ -859,4 +863,4 @@ Clusters v2 can be imported using the Rancher Cluster v2 ID, that is in the form

```
$ terraform import rancher2_cluster_v2.foo &lt;FLEET_NAMESPACE&gt;/&lt;CLUSTER_NAME&gt;
```
```
Loading