This commit introduces multiple connected changes, including:
- `docs/terraform`: Added docs describing networking expectations for Terraform modules
- `docs/terraform`: Removed docs describing debugging stuff. This has been added directly to module outputs below.
- `docs/terraform/gmsa`: Docs describing how to provision gMSA setups using the Terraform modules
- `azure_active_directory`: Introduced a new model for creating an Active Directory setup in Azure with a defined set of users and gMSAs added to it. The scripts used to power it are declarative, so changes that are introduced to values fields are reflected in AD on the next apply. A file to perform a `kubectl apply` for a Rancher integration is also provided by the module, which outputs the `management.cattle.io/v3` AuthConfig object and Secret that can be used to configrue Rancher to talk to the Active Directory instance, provided tha the Rancher instance exists in a virtual network that peers with this Active Directory's network (and can therefore access the private DNS also created by this module to locate the AD instance).
- `azure_rke2_cluster`: Added new `gmsa.tfvars` example for deploying GMSA applications on a Windows cluster the moment it is created
- `azure_rke2_cluster`: Specified an address_space of `10.2.0.0/16` to create a unique space that does not overlap with the AD address_space
- `azure_rke2_cluster`: Added support for providing active_directory fields to provide those fields to the `internal/azure/server` module for AD support
- `azure_rke2_cluster`: Added support for specifying `server.domain_join` if each server should be joined to the domain provided in the active_directory options
- `azure_server`: Specified an address_space of `10.3.0.0/16` to create a unique space that does not overlap with the AD address_space
- `azure_server`: Added support for providing active_directory fields to provide those fields to the `internal/azure/server` module for AD support
- `azure_server`: Added support for specifying `domain_join` if server should be joined to the domain provided in the active_directory options
- `internal/azure/network`: Added support for VPC Peering relationships between networks; this allows the Cluster and Rancher module to set up VPC peering against the setup created by the Active Directory module to allow its hosts to have direct network access to Active Directory and the private DNS that can be used to locate it.
- `internal/azure/network`: Added support for specifying DNS servers that will be attached to the default azurerm_virtual_network created by this module
- `internal/azure/network`: Added support for specifying an address space to provide this field to the `internal/rancher/network` module
- `internal/azure/server`: Added support for specifying an address space to provide this field to the `internal/azure/network` module
- `internal/azure/server`: Added logic to generate private_ip_addresses to provide to the `internal/azure/vm` module based on the provided subnet that the host is expected to reside in to support static private IP address allocation
- `internal/azure/server`: Added support for providing active_directory fields to provide those fields to the `internal/azure/vm` module if `server.domain_join` is set to true and to set the `peers` and `dns_servers` field appropriately to the `internal/azure/network` module for AD support
- `internal/azure/vm`: Allowed ability to provide DNS servers
- `internal/azure/vm`: Modified private IP allocation from dynamic to static, where the private_ip_address is now expected to be provided to the module on provisioning the VM
- `internal/azure/vm`: Added support for providing active_directory fields to support automatically adding scripts to execute an AD domain join on provisioning a Windows VM
- `internal/rancher/network`: instead of taking in a large set of variables that split up the provided VPC address space manually, the module now leverages the builtin Terraform function `cidrsubnets` to split the provided address space into equal chunks. This simplifies the logic of changing the address space, which necessary due to the new expectation that **every Terraform module in this repository should occupy its own unique address space of the form `10.X.0.0`.
It also includes some misc. changes including:
- `azure_docker_rancher`: Specified an address_space of `10.1.0.0/16` to create a unique space that does not overlap with the AD address_space
- `azure_docker_rancher`: Fixed the logic for performing an in-place upgrade.
- `azure_docker_rancher`: Utilized the `internal/kubernetes/user` module to create a single command to get a `KUBECONFIG` to the local Rancher cluster that is provided in the output of the module.
- `azure_docker_rancher`: Bubbled up debug output from `internal/azure/servers` that can be used to output common debugging scripts for Windows and Linux
- `azure_docker_rancher`: open_ports now takes in a list of **string** instead of a list of **numbers** to support port ranges
- `azure_docker_rancher`: Modified default instance size to Standard_B2s to save on Azure costs
- `azure_rke2_cluster`: Fixed misc. scripts added to examples that should have been removed before merge anyways
- `azure_rke2_cluster`: Added support for utilizing `internal/rancher/fleet/bundle` to schedule a set of "system applications" that would automatically be deployed onto the cluster the moment it is marked ready by Fleet. These applications support all the various options of deployment that the underlying internal module supports (see README.md)
- `azure_rke2_cluster`: Bubbled up debug output from `internal/azure/servers` that can be used to output common debugging scripts for Windows and Linux
- `azure_rke2_cluster`: open_ports now takes in a list of **string** instead of a list of **numbers** to support port ranges
- `azure_rke2_cluster`: Modified default instance size to Standard_B2s to save on Azure costs
- `azure_server`: Bubbled up debug output from `internal/azure/servers` that can be used to output common debugging scripts for Windows and Linux
- `azure_server`: open_ports now takes in a list of **string** instead of a list of **numbers** to support port ranges
- `internal/azure/network`: open_ports now takes in a list of **string** instead of a list of **numbers** to support port ranges
- `internal/azure/server`: Modified default instance size to Standard_B2s to save on Azure costs
- `internal/azure/server`: open_ports now takes in a list of **string** instead of a list of **numbers** to support port ranges
- `internal/azure/server`: Bubbled up debug output from `internal/azure/vm` that can be used to output common debugging scripts for Windows and Linux
- `internal/azure/vm`: Modified default instance size to Standard_B2s to save on Azure costs
- `internal/azure/vm`: Moved inline defined Windows SSH setup scripts into template files in the `files/` directory
- `internal/azure/vm`: Added a new debug output that can be used to output common debugging scripts for Windows and Linux
- `internal/kubernetes/user`: A new module that creates a TLS private key and certificate request corresponding to a new "user" (i.e. signed certificate) to add to a Kubernetes cluster as a cluster admin. This is now used in the cluster module in order to create a KUBECONFIG that can be used to make requests to the cluster that is independent of the one that is used to bootstrap the cluster.
- `internal/rancher/network`: open_ports now opens the port to **all protocols** instead of just TCP and takes in a list of **string** instead of a list of **numbers** to support port ranges
- `internal/rancher/network`: examples now include `80` amongst the open ports
- `internal/rancher/network`: validation has been added to ensure that the provided address space falls under the form `10.X.0.0`.
Harrison Affel