Terraform for Rancher on RKE1 on Proxmox
- Cloudflare DNS (you could change this easily)
- Proxmox with Ubuntu VM template
- DHCP/DNS and LB4 (ex. HaProxy)
- A way to encrypt your sensitive files (ex. gitcrypt, sop, etc.)
-
Create a DNS entry for the rancher domain name pointing to your LB IP
-
Configure your LB (ex. HAProxy)
-
Download the cloud image on your Proxmox host
-
Create a VM in Proxmox, delete the VM disk, and note the VM ID (ex. 106)
-
Create a disk from the cloud image in the Proxmox storage (ex. SSD)
qm importdisk 106 ./bionic-server-cloudimg-amd64.img SSD
-
Fork this repository
-
Delete .gitattributes (unless you want to use gitcrypt)
-
Choose your backend (tfstate)
-
Local = just delete the backend.tf
-
Remote = configure the backend.tf (ex. AzureRM):
terraform { backend "azurerm" { resource_group_name = "RGNAME" storage_account_name = "STORAGE_ACC_NAME" container_name = "CONTAINER_NAME" key = "rancher.tfstate" access_key = "XXXXXXXXXXXXXXXXX" } }
-
-
Replace the variables
-
variables/encrypted/proxmox.tfvars
proxmox_secrets = { url = "https://PROXMOX_HOST:8006/api2/json", user = "root@pam", pass = "PASSWORD", ssh_host = "PROXMOX_HOST" ssh_user = "root" } -
variables/encrypted/rancher.tfvars
rancher_bootstrap = "RANCHER_ADMIN_PASSWORD" cloudflare = { zone_id = "ZONE_ID" #Zone ID for your domain name ip = "1.2.3.4" #IP for your external public FQDN api_token = "XXXXXX" #Token created email = "[email protected]" #Cloudflare email account } acme_email = "[email protected]"
-