rancherlabs · MSpencer87 · Jul 19, 2024 · Nov 1, 2024
diff --git a/packages/aws/rancher-custom-cluster.yaml b/packages/aws/rancher-custom-cluster.yaml
@@ -9,5 +9,8 @@ templates:
   - rancher-custom-cluster
 variables:
   airgap_setup:
+    - false
     - true
+  proxy_setup:
     - false
+    - true
diff --git a/packages/aws/rancher-proxy.yaml b/packages/aws/rancher-proxy.yaml
@@ -0,0 +1,21 @@
+manifest:
+  name: rancher-proxy
+  description: rancher-proxy
+  variables:
+    server_count:
+      default: 1
+templates:
+  - aws/registry_nodes
+  - aws/cluster_nodes
+  - proxy-standalone
+  - rke2
+  - rancher-proxy
+variables:
+  cni:
+    - calico
+  proxy_setup:
+    - true
+  docker_compose_version:
+    - 2.15.1
+  cert_manager_version:
+    - 1.15.0
diff --git a/templates/aws/cluster_nodes/manifest.yaml b/templates/aws/cluster_nodes/manifest.yaml
@@ -61,6 +61,10 @@ variables:
     type: boolean
     description: "Boolean that when set, will create rke setup rather regular cluster nodes."
     default: false
+  proxy_setup:
+    type: boolean
+    description: "Boolean that when set, will create proxied nodes rather regular cluster nodes."
+    default: false
   instance_type:
     type: string
     optional: false

diff --git a/templates/aws/cluster_nodes/terraform/pools/corral.tf b/templates/aws/cluster_nodes/terraform/pools/corral.tf
@@ -23,3 +23,4 @@ variable "server_count" {}
 variable "agent_count" {}
 variable "airgap_setup" {}
 variable "rke_setup" {}
+variable "proxy_setup" {}
diff --git a/templates/aws/cluster_nodes/terraform/pools/main.tf b/templates/aws/cluster_nodes/terraform/pools/main.tf
@@ -36,7 +36,7 @@ resource "aws_instance" "server" {
   key_name = aws_key_pair.corral_key.key_name
   vpc_security_group_ids = [var.aws_security_group]
   subnet_id = var.aws_subnet
-  associate_public_ip_address = var.airgap_setup ? false : true
+  associate_public_ip_address = var.airgap_setup || var.proxy_setup ? false : true
 
   ebs_block_device {
      device_name           = "/dev/sda1"
@@ -47,7 +47,7 @@ resource "aws_instance" "server" {
    }
 
   provisioner "remote-exec" {
-    inline = var.airgap_setup || var.rke_setup ? [
+    inline = var.airgap_setup || var.rke_setup || var.proxy_setup ? [
       "sudo su <<EOF",
       "echo \"${var.corral_public_key} ${self.key_name}\" > /root/.ssh/authorized_keys",
       "echo \"${var.corral_private_key}\"",
@@ -62,12 +62,12 @@ resource "aws_instance" "server" {
   }
   connection {
       type        = "ssh"
-      host        = var.airgap_setup ? self.private_ip : self.public_ip
+      host        = var.airgap_setup || var.proxy_setup ? self.private_ip : self.public_ip
       user        = var.aws_ssh_user
       private_key = var.corral_private_key
       timeout     = "4m"
-      bastion_host = var.airgap_setup ? var.registry_ip : null
-      bastion_user = var.airgap_setup ? var.aws_ssh_user : null
+      bastion_host = var.airgap_setup || var.proxy_setup ? var.registry_ip : null
+      bastion_user = var.airgap_setup || var.proxy_setup ? var.aws_ssh_user : null
    }
 
   tags = {
@@ -82,7 +82,7 @@ resource "aws_instance" "agent" {
   key_name = aws_key_pair.corral_key.key_name
   vpc_security_group_ids = [var.aws_security_group]
   subnet_id = var.aws_subnet
-  associate_public_ip_address = var.airgap_setup ? false : true
+  associate_public_ip_address = var.airgap_setup || var.proxy_setup ? false : true
 
   ebs_block_device {
      device_name           = "/dev/sda1"
@@ -93,7 +93,7 @@ resource "aws_instance" "agent" {
    }
 
   provisioner "remote-exec" {
-    inline = var.airgap_setup ? [
+    inline = var.airgap_setup || var.proxy_setup ? [
       "sudo su <<EOF",
       "echo \"${var.corral_public_key} ${self.key_name}\" > /root/.ssh/authorized_keys",
       "echo \"${var.corral_private_key}\"",
@@ -108,12 +108,12 @@ resource "aws_instance" "agent" {
   }
   connection {
       type        = "ssh"
-      host        = var.airgap_setup ? self.private_ip : self.public_ip
+      host        = var.airgap_setup || var.proxy_setup ? self.private_ip : self.public_ip
       user        = var.aws_ssh_user
       private_key = var.corral_private_key
       timeout     = "4m"
-      bastion_host = var.airgap_setup ? var.registry_ip : null
-      bastion_user = var.airgap_setup ? var.aws_ssh_user : null
+      bastion_host = var.airgap_setup || var.proxy_setup ? var.registry_ip : null
+      bastion_user = var.airgap_setup || var.proxy_setup ? var.aws_ssh_user : null
    }
 
   tags = {
@@ -150,91 +150,91 @@ resource "aws_lb_target_group_attachment" "aws_tg_attachment_6443_server" {
 }
 
 resource "aws_lb_target_group_attachment" "aws_internal_tg_attachment_80_server" {
-  count = var.airgap_setup ? var.server_count : 0
+  count = var.airgap_setup || var.proxy_setup ? var.server_count : 0
   target_group_arn = aws_lb_target_group.aws_internal_tg_80[0].arn
   target_id        = aws_instance.server[count.index].id
   port             = 80
 }
 
 resource "aws_lb_target_group_attachment" "aws_internal_tg_attachment_443_server" {
-  count = var.airgap_setup ? var.server_count : 0
+  count = var.airgap_setup || var.proxy_setup ? var.server_count : 0
   target_group_arn = aws_lb_target_group.aws_internal_tg_443[0].arn
   target_id        = aws_instance.server[count.index].id
   port             = 443
 }
 
 resource "aws_lb_target_group_attachment" "aws_internal_tg_attachment_6443_server" {
-  count = var.airgap_setup ? var.server_count : 0
+  count = var.airgap_setup || var.proxy_setup ? var.server_count : 0
   target_group_arn = aws_lb_target_group.aws_internal_tg_6443[0].arn
   target_id        = aws_instance.server[count.index].id
   port             = 6443
 }
 
 resource "aws_lb_target_group_attachment" "aws_internal_tg_attachment_9345_server" {
-  count = var.airgap_setup ? var.server_count : 0
+  count = var.airgap_setup || var.proxy_setup ? var.server_count : 0
   target_group_arn = aws_lb_target_group.aws_internal_tg_9345[0].arn
   target_id        = aws_instance.server[count.index].id
   port             = 9345
 }
 
 resource "aws_lb_target_group_attachment" "aws_tg_attachment_80" {
-  count = var.airgap_setup ? var.agent_count : 0
+  count = var.airgap_setup || var.proxy_setup ? var.agent_count : 0
   target_group_arn = aws_lb_target_group.aws_tg_80.arn
   target_id        = aws_instance.agent[count.index].id
   port             = 80
 }
 
 resource "aws_lb_target_group_attachment" "aws_tg_attachment_443" {
-  count = var.airgap_setup ? var.agent_count : 0
+  count = var.airgap_setup || var.proxy_setup ? var.agent_count : 0
   target_group_arn = aws_lb_target_group.aws_tg_443.arn
   target_id        = aws_instance.agent[count.index].id
   port             = 443
 }
 
 resource "aws_lb_target_group_attachment" "aws_tg_attachment_6443" {
-  count = var.airgap_setup ? var.agent_count : 0
+  count = var.airgap_setup || var.proxy_setup ? var.agent_count : 0
   target_group_arn = aws_lb_target_group.aws_tg_6443.arn
   target_id        = aws_instance.agent[count.index].id
   port             = 6443
 }
 
 resource "aws_lb_target_group_attachment" "aws_tg_attachment_9345" {
-  count = var.airgap_setup ? var.agent_count : 0
+  count = var.airgap_setup || var.proxy_setup ? var.agent_count : 0
   target_group_arn = aws_lb_target_group.aws_tg_9345.arn
   target_id        = aws_instance.agent[count.index].id
   port             = 9345
 }
 
 resource "aws_lb_target_group_attachment" "aws_internal_tg_attachment_80" {
-  count = var.airgap_setup ? var.agent_count : 0
+  count = var.airgap_setup || var.proxy_setup ? var.agent_count : 0
   target_group_arn = aws_lb_target_group.aws_internal_tg_80[0].arn
   target_id        = aws_instance.agent[count.index].id
   port             = 80
 }
 
 resource "aws_lb_target_group_attachment" "aws_internal_tg_attachment_443" {
-  count = var.airgap_setup ? var.agent_count : 0
+  count = var.airgap_setup || var.proxy_setup ? var.agent_count : 0
   target_group_arn = aws_lb_target_group.aws_internal_tg_443[0].arn
   target_id        = aws_instance.agent[count.index].id
   port             = 443
 }
 
 resource "aws_lb_target_group_attachment" "aws_internal_tg_attachment_6443" {
-  count = var.airgap_setup ? var.agent_count : 0
+  count = var.airgap_setup || var.proxy_setup ? var.agent_count : 0
   target_group_arn = aws_lb_target_group.aws_internal_tg_6443[0].arn
   target_id        = aws_instance.agent[count.index].id
   port             = 6443
 }
 
 resource "aws_lb_target_group_attachment" "aws_internal_tg_attachment_9345" {
-  count = var.airgap_setup ? var.agent_count : 0
+  count = var.airgap_setup || var.proxy_setup ? var.agent_count : 0
   target_group_arn = aws_lb_target_group.aws_internal_tg_9345[0].arn
   target_id        = aws_instance.agent[count.index].id
   port             = 9345
 }
 
 resource "aws_lb" "aws_internal_nlb" {
-  count = var.airgap_setup ? 1 : 0
+  count = var.airgap_setup || var.proxy_setup ? 1 : 0
   internal           = true
   load_balancer_type = "network"
   subnets            = [var.aws_subnet]
@@ -317,7 +317,7 @@ resource "aws_lb_target_group" "aws_tg_9345" {
 }
 
 resource "aws_lb_target_group" "aws_internal_tg_80" {
-  count = var.airgap_setup ? 1 : 0
+  count = var.airgap_setup || var.proxy_setup ? 1 : 0
   port             = 80
   protocol         = "TCP"
   vpc_id           = var.aws_vpc
@@ -335,7 +335,7 @@ resource "aws_lb_target_group" "aws_internal_tg_80" {
 }
 
 resource "aws_lb_target_group" "aws_internal_tg_443" {
-  count = var.airgap_setup ? 1 : 0
+  count = var.airgap_setup || var.proxy_setup ? 1 : 0
   port             = 443
   protocol         = "TCP"
   vpc_id           = var.aws_vpc
@@ -353,7 +353,7 @@ resource "aws_lb_target_group" "aws_internal_tg_443" {
 }
 
 resource "aws_lb_target_group" "aws_internal_tg_6443" {
-  count = var.airgap_setup ? 1 : 0
+  count = var.airgap_setup || var.proxy_setup ? 1 : 0
   port             = 6443
   protocol         = "TCP"
   vpc_id           = var.aws_vpc
@@ -371,7 +371,7 @@ resource "aws_lb_target_group" "aws_internal_tg_6443" {
 }
 
 resource "aws_lb_target_group" "aws_internal_tg_9345" {
-  count = var.airgap_setup ? 1 : 0
+  count = var.airgap_setup || var.proxy_setup ? 1 : 0
   port             = 9345
   protocol         = "TCP"
   vpc_id           = var.aws_vpc
@@ -429,7 +429,7 @@ resource "aws_lb_listener" "aws_nlb_listener_9345" {
 }
 
 resource "aws_lb_listener" "aws_internal_nlb_listener_80" {
-  count = var.airgap_setup ? 1 : 0
+  count = var.airgap_setup || var.proxy_setup ? 1 : 0
   load_balancer_arn = aws_lb.aws_internal_nlb[0].arn
   port              = "80"
   protocol          = "TCP"
@@ -440,7 +440,7 @@ resource "aws_lb_listener" "aws_internal_nlb_listener_80" {
 }
 
 resource "aws_lb_listener" "aws_internal_nlb_listener_443" {
-  count = var.airgap_setup ? 1 : 0
+  count = var.airgap_setup || var.proxy_setup ? 1 : 0
   load_balancer_arn = aws_lb.aws_internal_nlb[0].arn
   port              = "443"
   protocol          = "TCP"
@@ -451,7 +451,7 @@ resource "aws_lb_listener" "aws_internal_nlb_listener_443" {
 }
 
 resource "aws_lb_listener" "aws_internal_nlb_listener_6443" {
-  count = var.airgap_setup ? 1 : 0
+  count = var.airgap_setup || var.proxy_setup ? 1 : 0
   load_balancer_arn = aws_lb.aws_internal_nlb[0].arn
   port              = "6443"
   protocol          = "TCP"
@@ -462,7 +462,7 @@ resource "aws_lb_listener" "aws_internal_nlb_listener_6443" {
 }
 
 resource "aws_lb_listener" "aws_internal_nlb_listener_9345" {
-  count = var.airgap_setup ? 1 : 0
+  count = var.airgap_setup || var.proxy_setup ? 1 : 0
   load_balancer_arn = aws_lb.aws_internal_nlb[0].arn
   port              = "9345"
   protocol          = "TCP"
@@ -481,7 +481,7 @@ resource "aws_route53_record" "aws_route53" {
 }
 
 resource "aws_route53_record" "aws_route53_internal" {
-  count = var.airgap_setup ? 1 : 0
+  count = var.airgap_setup || var.proxy_setup ? 1 : 0
   zone_id            = data.aws_route53_zone.selected.zone_id
   name               = "${var.aws_hostname_prefix}-internal"
   type               = "CNAME"

diff --git a/templates/aws/cluster_nodes/terraform/pools/outputs.tf b/templates/aws/cluster_nodes/terraform/pools/outputs.tf
@@ -7,38 +7,42 @@ output "internal_fqdn" {
 }
 
 output "kube_api_host" {
-  value = var.airgap_setup ?  aws_instance.server[0].private_ip : aws_instance.server[0].public_ip
+  value = var.airgap_setup || var.proxy_setup ? aws_instance.server[0].private_ip : aws_instance.server[0].public_ip
 }
 
 output "airgap_setup" {
   value = var.airgap_setup
 }
 
+output "proxy_setup" {
+  value = var.proxy_setup
+}
+
 output "corral_node_pools" {
   value = {
     bastion = [for instance in [aws_instance.server[0]] : {
       name = instance.tags.Name // unique name of node
       user = "root" // ssh username
       ssh_user = var.aws_ssh_user
-      address = var.airgap_setup ? instance.private_ip : instance.public_ip // address of ssh host
+      address = var.airgap_setup || var.proxy_setup ? instance.private_ip : instance.public_ip // address of ssh host
       internal_address = instance.private_ip
-      bastion_address = var.airgap_setup ? var.registry_ip : ""
+      bastion_address = var.airgap_setup || var.proxy_setup ? var.registry_ip : ""
     }]
     server = [for instance in slice(aws_instance.server, 1, var.server_count) : {
       name = instance.tags.Name // unique name of node
       user = "root" // ssh username
       ssh_user = var.aws_ssh_user
-      address = var.airgap_setup ? instance.private_ip : instance.public_ip // address of ssh host
+      address = var.airgap_setup || var.proxy_setup ? instance.private_ip : instance.public_ip // address of ssh host
       internal_address = instance.private_ip
-      bastion_address = var.airgap_setup ? var.registry_ip : ""
+      bastion_address = var.airgap_setup || var.proxy_setup ? var.registry_ip : ""
     }]
     agent = [for instance in aws_instance.agent : {
       name = instance.tags.Name // unique name of node
       user = "root" // ssh username
       ssh_user = var.aws_ssh_user
-      address = var.airgap_setup ? instance.private_ip : instance.public_ip // address of ssh host
+      address = var.airgap_setup || var.proxy_setup ? instance.private_ip : instance.public_ip // address of ssh host
       internal_address= instance.private_ip
-      bastion_address = var.airgap_setup ? var.registry_ip : ""
+      bastion_address = var.airgap_setup || var.proxy_setup ? var.registry_ip : ""
     }]
   }
 }
diff --git a/templates/aws/nodes/manifest.yaml b/templates/aws/nodes/manifest.yaml
@@ -64,10 +64,18 @@ variables:
     type: string
     optional: true
     description: "Public IP address of the bastion node"
+  bastion_private_ip:
+    type: string
+    optional: true
+    description: "Private IP address of the bastion node"
   airgap_setup:
     type: boolean
     default: false
     description: "Boolean that when set, will create airgap nodes rather regular cluster nodes."
+  proxy_setup:
+    type: boolean
+    default: false
+    description: "Boolean that when set, will create proxied nodes rather regular cluster nodes."
 commands:
   - module: pools
   - command: "echo \"$CORRAL_corral_user_public_key\" >> /$(whoami)/.ssh/authorized_keys"

diff --git a/templates/aws/nodes/terraform/pools/corral.tf b/templates/aws/nodes/terraform/pools/corral.tf
@@ -20,3 +20,5 @@ variable "instance_type" {}
 variable "node_count" {}
 variable "airgap_setup" {}
 variable "bastion_ip" {}
+variable "bastion_private_ip" {}
+variable "proxy_setup" {}