{"id":20188732,"url":"https://github.com/remche/terraform-openstack-rke2","last_synced_at":"2026-03-05T14:32:14.245Z","repository":{"id":40352764,"uuid":"372875925","full_name":"remche/terraform-openstack-rke2","owner":"remche","description":"Deploy Kubernetes on OpenStack with RKE2","archived":false,"fork":false,"pushed_at":"2026-02-24T12:52:34.000Z","size":160,"stargazers_count":57,"open_issues_count":4,"forks_count":29,"subscribers_count":4,"default_branch":"master","last_synced_at":"2026-03-01T08:44:32.922Z","etag":null,"topics":["kubernetes","kubernetes-deployment","openstack","rancher","rke2","terraform","terraform-module"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/remche.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-01T15:22:29.000Z","updated_at":"2026-02-06T18:41:03.000Z","dependencies_parsed_at":"2023-02-09T02:01:28.692Z","dependency_job_id":"8bfca10e-3f4c-4d67-9f5f-73ff4b8bc044","html_url":"https://github.com/remche/terraform-openstack-rke2","commit_stats":{"total_commits":211,"total_committers":10,"mean_commits":21.1,"dds":0.3507109004739336,"last_synced_commit":"045b6498461733007baa7e002bde9d1b05188b99"},"previous_names":[],"tags_count":24,"template":false,"template_full_name":null,"purl":"pkg:github/remche/terraform-openstack-rke2","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remche%2Fterraform-openstack-rke2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remche%2Fterraform-openstack-rke2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remche%2Fterraform-openstack-rke2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remche%2Fterraform-openstack-rke2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/remche","download_url":"https://codeload.github.com/remche/terraform-openstack-rke2/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/remche%2Fterraform-openstack-rke2/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30130421,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-05T12:40:50.676Z","status":"ssl_error","status_checked_at":"2026-03-05T12:39:32.209Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubernetes","kubernetes-deployment","openstack","rancher","rke2","terraform","terraform-module"],"created_at":"2024-11-14T03:30:31.787Z","updated_at":"2026-03-05T14:32:14.218Z","avatar_url":"https://github.com/remche.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# terraform-openstack-rke2\n[![Terraform Registry](https://img.shields.io/badge/terraform-registry-blue.svg)](https://registry.terraform.io/modules/remche/rke2/openstack)\n[![test-fast](https://github.com/remche/terraform-openstack-rke2/actions/workflows/test-fast.yaml/badge.svg)](https://github.com/remche/terraform-openstack-rke2/actions/workflows/test-fast.yaml)\n[![test-full](https://github.com/remche/terraform-openstack-rke2/actions/workflows/test-full.yaml/badge.svg)](https://github.com/remche/terraform-openstack-rke2/actions/workflows/test-full.yaml)\n\n\n[Terraform](https://www.terraform.io/) module to deploy [Kubernetes](https://kubernetes.io) with [RKE2](https://docs.rke2.io/) on [OpenStack](https://www.openstack.org/).\n\nUnlike [RKE version](https://github.com/remche/terraform-openstack-rke) this module is not opinionated and let you configure everything via [RKE2 configuration file](https://docs.rke2.io/install/install_options/install_options/#configuring-rke2-server-nodes).\n\n## Prerequisites\n\n- [Terraform](https://www.terraform.io/) 0.13+\n- [OpenStack](https://docs.openstack.org/zh_CN/user-guide/common/cli-set-environment-variables-using-openstack-rc.html) environment properly sourced\n- A Openstack image fullfiling [RKE2 requirements](https://docs.rke2.io/install/requirements/) and featuring curl\n- At least one Openstack floating IP\n\n## Features\n\n- HA controlplane\n- Multiple agent node pools\n- Upgrade mechanism\n\n## Examples\n\nSee [examples](./examples) directory.\n\n\n## Documentation\n\nSee [USAGE.md](USAGE.md) for all available options.\n\n### Keypair\n\nYou can either specify a ssh key file to generate new keypair via `ssh_key_file` (default) or specify already existent keypair via `ssh_keypair_name`.\n\n\u003e [!WARNING]\n\u003e Default config will try to use  [ssh agent](https://linux.die.net/man/1/ssh-agent) for ssh connections to the nodes. Add `use_ssh_agent = false` if you don't use it.\n\n### Secgroup\n\nYou can define your own rules (e.g. limiting port 22 and 6443 to admin box).\n\n```hcl\nsecgroup_rules      = [ { \"source\" = \"x.x.x.x\", \"protocol\" = \"tcp\", \"port\" = 22 },\n                        { \"source\" = \"x.x.x.x\", \"protocol\" = \"tcp\", \"port\" = 6443 },\n                        { \"source\" = \"0.0.0.0/0\", \"protocol\" = \"tcp\", \"port\" = 80 },\n                        { \"source\" = \"0.0.0.0/0\", \"protocol\" = \"tcp\", \"port\" = 443}\n                      ]\n```\n\n### Nodes affinity\n\nYou can set [affinity policy](https://www.terraform.io/docs/providers/openstack/r/compute_servergroup_v2.html#policies) for controlplane and each nodes pool `server_group_affinity`. Default is `soft-anti-affinity`.\n\n\u003e [!WARNING]\n\u003e  `soft-anti-affinity` and `soft-affinity` needs Compute service API 2.15 or above.\n\n## Boot from volume\n\nSome providers require to boot the instances from an attached boot volume instead of the nova ephemeral volume.\nTo enable this feature, provide the variables to the config file. You can use  different value for server and agent nodes.\n\n```hcl\nboot_from_volume = true\nboot_volume_size = 20\nboot_volume_type = \"rbd-1\"\n```\n\n### Kubernetes version\n\nYou can specify rke2 version with `rke2_version` variables. Refer to RKE2 supported version.\n\nUpgrade by setting the target version via `rke2_version` and `do_upgrade = true`. It will upgrade the nodes one-by-one, server nodes first.\n\n\u003e [!WARNING]\n\u003e In-place upgrade mechanism is not battle-tested and relies on Terraform provisioners.\n\n### Addons\n\nSet the `manifests_path` variable to point out the directory containing your [manifests and HelmChart](https://docs.rke2.io/helm.html#automatically-deploying-manifests-and-helm-charts) (see [JupyterHub example](./examples/jupyterhub/)).\n\nIf you need a template step for your manifests, you can use `manifests_gzb64` (see [cinder-csi-plugin example](./examples/cinder-csi-plugin)).\n\n\u003e [!WARNING]\n\u003e Modifications made to manifests after cluster deployement wont have any effect.\n\n### Additional server config files\nSet the `additional_configs_path` variable to the directory containing your additional rke2 server configs. (see the [Audit Policy example](./examples/audit-policy/))\n\nIf you need a template step for your config files, you can use `additional_configs_gzb64`.\n\n\u003e [!WARNING]\n\u003e Modifications made to manifests after cluster deployement wont have any effect.\n\n### Downscale\n\nYou need to manually drain and remove node before downscaling a pool nodes.\n\n### Usage with [Terraform Kubernetes Provider](https://www.terraform.io/docs/providers/kubernetes/index.html) and [Helm Provider](https://www.terraform.io/docs/providers/helm/index.html)\n\nYou can tell the module to output kubernetes config by setting `output_kubernetes_config = true`.\n\n\u003e [!WARNING]\n\u003e **Interpolating provider variables from module output is not the recommended way to achieve integration**. See [here](https://www.terraform.io/docs/providers/kubernetes/index.html) and [here](https://www.terraform.io/docs/configuration/providers.html#provider-configuration).\n\u003e\n\u003e Use of a data sources is recommended.\n\n(Not recommended) You can use this module to populate [Terraform Kubernetes Provider](https://www.terraform.io/docs/providers/kubernetes/index.html) :\n\n```hcl\nprovider \"kubernetes\" {\n  host     = module.controlplane.kubernetes_config.host\n  client_certificate     = module.controlplane.kubernetes_config.client_certificate\n  client_key             = module.controlplane.kubernetes_config.client_key\n  cluster_ca_certificate = module.controlplane.kubernetes_config.cluster_ca_certificate\n}\n```\n\nRecommended way needs two `apply` operations, and setting the proper `terraform_remote_state` data source :\n\n```hcl\nprovider \"kubernetes\" {\n  host     = data.terraform_remote_state.rke2.outputs.kubernetes_config.host\n  client_certificate     = data.terraform_remote_state.rke2.outputs.kubernetes_config.client_certificate\n  client_key             = data.terraform_remote_state.rke2.outputs.kubernetes_config.client_key\n  cluster_ca_certificate = data.terraform_remote_state.rke2.outputs.kubernetes_config.cluster_ca_certificate\n}\n```\n\n### Node `lifecycle` Assumptions\n\u003e [!NOTE]\n\u003e Changes to certain module arguments will intentionally *not* cause the recreation of instances.\n\nTo provide users a better and more manageable experience, [several arguments](./modules/node/main.tf#L72) have been included in the instance's `ignore_changes` [lifecycle](https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#ignore_changes). You must manually `taint` the instance for force the recreation of the resource : \n\n```bash\nterraform taint 'module.controlplane.module.server.openstack_compute_instance_v2.instance'\n```\n\n### Proxy\n\nYou can specify a proxy via `proxy_url` variable. Private address ranges are automatically excluded, you can add more addresses via `no_proxy` variable. You might want to add you organization's DNS domain (that of the Keystone OpenStack API endpoint).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fremche%2Fterraform-openstack-rke2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fremche%2Fterraform-openstack-rke2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fremche%2Fterraform-openstack-rke2/lists"}