tf(tkgs-cluster): add module to manage a tkgs cluster

terraform/modules/tkgs-cluster/README.md

@@ -0,0 +1,35 @@
+# tkgs-cluster
+
+This module can be used to create TKGs cluster in a vSphere environment. Due to some restriction of the supervisor clusters (RBAC), the kubernetes_manifest resource can not be used and we need to rely on the Kubernetes CLI and manually manage the lifecycle of the resources.
+
+## Prerequisites
+
+* kubectl CLI
+
+## Destroy a cluster
+
+If you wan to destroy a cluster, you can not remove immediately the resource from the code base. You have to use the variable `desired_state` to trigger the destruction and than safely remove the code.
+
+<!-- BEGIN_TF_DOCS -->
+<!-- This section will be overridden by terraform-docs. Do not change it.-->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| cluster\_name | n/a | `string` | n/a | yes |
+| cluster\_namespace | n/a | `string` | n/a | yes |
+| storage\_class | n/a | `string` | n/a | yes |
+| tkr | n/a | `string` | n/a | yes |
+| vm\_class | n/a | `string` | n/a | yes |
+| additional\_ca | CA bundle to inject in the nodes in PEM format | `string` | `null` | no |
+| control\_plane\_replicas | n/a | `number` | `1` | no |
+| desired\_state | n/a | `string` | `"PRESENT"` | no |
+| supervisor\_context\_name | n/a | `string` | `null` | no |
+| worker\_node\_replicas | n/a | `number` | `3` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| kubeconfig | n/a |
+<!-- END_TF_DOCS -->

terraform/modules/tkgs-cluster/cluster.tf

@@ -0,0 +1,50 @@
+locals {
+  is_apply_action  = var.desired_state == "PRESENT"
+  is_delete_action = var.desired_state == "DELETED"
+  context_flag     = var.supervisor_context_name != null ? "--context ${var.supervisor_context_name}" : ""
+  manifest = templatefile("${path.module}/files/tkc-cluster.yaml.tpl", {
+    cluster_name           = var.cluster_name
+    cluster_namespace      = var.cluster_namespace
+    vm_class               = var.vm_class
+    storage_class          = var.storage_class
+    tkr                    = var.tkr
+    control_plane_replicas = var.control_plane_replicas
+    worker_node_replicas   = var.worker_node_replicas
+    additional_ca          = try(base64encode(var.additional_ca), null)
+  })
+}
+
+# The Kubernetes provider provide a resource kubernetes_manifest to manage CRD but during the plan
+# and the apply it needs to list the CRDs and this operation can not be performed in a supervisor
+# cluster unless you manually create the necessary role bindings (this means that you have to connect
+# with the Kubernetes credentials available in the supervisor nodes).
+# This is a workaround to deploy TKC cluster until a proper Terraform provider is implemeted
+
+resource "terraform_data" "apply_cluster" {
+  count = local.is_apply_action ? 1 : 0
+
+  triggers_replace = [
+    local.manifest
+  ]
+
+  provisioner "local-exec" {
+    command    = "kubectl apply -f - ${local.context_flag} <<< \"${local.manifest}\""
+    on_failure = fail
+  }
+
+  provisioner "local-exec" {
+    command    = "kubectl wait -f - --for=condition=Ready --timeout=20m ${local.context_flag} <<< \"${local.manifest}\""
+    on_failure = fail
+  }
+}
+
+resource "terraform_data" "delete_cluster" {
+  count = local.is_delete_action ? 1 : 0
+
+  provisioner "local-exec" {
+    command    = "kubectl delete tkc -n ${var.cluster_namespace} ${var.cluster_name} ${local.context_flag}"
+    on_failure = fail
+  }
+
+  depends_on = [terraform_data.apply_cluster]
+}

terraform/modules/tkgs-cluster/files/tkc-cluster.yaml.tpl

@@ -0,0 +1,36 @@
+apiVersion: run.tanzu.vmware.com/v1alpha3
+kind: TanzuKubernetesCluster
+metadata:
+  name: ${cluster_name}
+  namespace: ${cluster_namespace}
+spec:
+  topology:
+    controlPlane:
+      replicas: ${control_plane_replicas}
+      vmClass: ${vm_class}
+      storageClass: ${storage_class}
+      tkr:
+        reference:
+          name: ${tkr}
+      nodeDrainTimeout: 10m
+    nodePools:
+      - name: node-pool-default
+        replicas: ${worker_node_replicas}
+        vmClass: ${vm_class}
+        storageClass: ${storage_class}
+        tkr:
+          reference:
+            name: ${tkr}
+        nodeDrainTimeout: 5m
+  settings:
+    storage:
+      defaultClass: ${storage_class}
+    network:
+      cni:
+        name: antrea
+%{ if additional_ca != null ~}
+      trust:
+        additionalTrustedCAs:
+          - name: ca-bundle
+            data: ${additional_ca}
+%{ endif ~}

terraform/modules/tkgs-cluster/output.tf

@@ -0,0 +1,15 @@
+data "kubernetes_secret_v1" "cluster_admin_kubeconfig" {
+  count = local.is_apply_action ? 1 : 0
+
+  metadata {
+    name      = "${var.cluster_name}-kubeconfig"
+    namespace = var.cluster_namespace
+  }
+
+  depends_on = [terraform_data.apply_cluster]
+}
+
+output "kubeconfig" {
+  sensitive = true
+  value = try(yamldecode(data.kubernetes_secret_v1.cluster_admin_kubeconfig.0.data.value), null)
+}

terraform/modules/tkgs-cluster/variables.tf

@@ -0,0 +1,52 @@
+variable "supervisor_context_name" {
+  type = string
+  default = null
+  nullable = true
+}
+
+variable "cluster_name" {
+  type = string
+}
+
+variable "cluster_namespace" {
+  type = string
+}
+
+variable "control_plane_replicas" {
+  type = number
+  default = 1
+}
+
+variable "worker_node_replicas" {
+  type = number
+  default = 3
+}
+
+variable "vm_class" {
+  type = string
+}
+
+variable "storage_class" {
+  type = string
+}
+
+variable "tkr" {
+  type = string
+}
+
+variable "desired_state" {
+  type = string
+  default = "PRESENT"
+
+  validation {
+    condition = contains(["PRESENT", "DELETED"], var.desired_state)
+    error_message = "Allowed values are PRESENT, DELETED"
+  }
+}
+
+variable "additional_ca" {
+  type = string
+  description = "CA bundle to inject in the nodes in PEM format"
+  nullable = true
+  default = null
+}

terraform/modules/tkgs-cluster/version

@@ -0,0 +1 @@
+0.0.1