feat: add rancher-terraform and import-existing-vm (#610)

* feat: add rancher-terraform and import-existing-vm

Signed-off-by: PoAn Yang <[email protected]>

---------

Signed-off-by: PoAn Yang <[email protected]>
Co-authored-by: Jillian <[email protected]>

Author: FrankYang0529

docs/rancher/csi-driver.md

@@ -276,3 +276,29 @@ Now you can create a new StorageClass that you intend to use in your guest Kuber
     :::
 
 1. You can now create a PVC based on this new **StorageClass**, which utilizes the **Host StorageClass** to provision volumes on the bare-metal Harvester cluster.
+
+## Upgrade the CSI Driver
+
+### Upgrade RKE2
+
+To upgrade the CSI driver, use the Rancher UI to upgrade RKE2. Ensure the new RKE2 version supports/bundled with the updated CSI driver version.
+
+1. Go to **☰** > **Cluster Management**.
+
+1. Find the guest cluster that you want to upgrade and select **⋮** > **Edit Config**.
+
+1. Select **Kubernetes Version**.
+
+1. Click **Save**.
+
+### Upgrade RKE and K3s
+
+You can upgrade RKE and K3s using the Rancher UI.
+
+1. Go to **☰** > **RKE/K3s Cluster** > **Apps** > **Installed Apps**.
+
+1. Find the CSI driver chart and select **⋮** > **Edit/Upgrade**.
+
+1. Select **Version**.
+
+1. Select **Next** > **Update**.

docs/rancher/import-existing-vm.md

@@ -0,0 +1,143 @@
+---
+sidebar_position: 8
+sidebar_label: Import Existing Cluster built on Harvester VM
+title: "Import Existing Cluster built on Harvester VM"
+keywords:
+  - Harvester
+  - harvester
+  - Rancher
+  - rancher
+---
+
+Rancher allows you to import existing Harvester VMs in which you installed Kubernetes.
+
+## Deployment
+
+### Prerequisites
+
+- The Kubernetes cluster is built on top of Harvester VMs.
+
+### Deploy Guest Clusters on Harvester VMs
+
+1. Generate the csi-driver cloud-config file using the [generate_addon_csi.sh](https://raw.githubusercontent.com/harvester/harvester-csi-driver/master/deploy/generate_addon_csi.sh) script, which is available in the [harvester/harvester-csi-driver](https://github.com/harvester/harvester-csi-driver) repository.
+
+    Example:
+
+    ```shell
+    ./generate_addon_csi.sh <serviceaccount name> <namespace> RKE2
+    ```
+
+    The generated output will be similar to the following one:
+    ```yaml
+    ########## cloud-config ############
+    apiVersion: v1
+    clusters:
+    - cluster: <token>
+        server: https://<YOUR HOST HARVESTER VIP>:6443
+      name: default
+    contexts:
+    - context:
+        cluster: default
+        namespace: default
+        user: rke2-guest-01-default-default
+      name: rke2-guest-01-default-default
+    current-context: rke2-guest-01-default-default
+    kind: Config
+    preferences: {}
+    users:
+    - name: rke2-guest-01-default-default
+      user:
+        token: <token>
+
+    ########## cloud-init user data ############
+    write_files:
+      - encoding: b64
+        content: YXBpVmVyc2lvbjogdjEKY2x1c3RlcnM6Ci0gY2x1c3RlcjoKICAgIGNlcnRpZmljYXRlLWF1dGhvcml0eS1kYXRhOiBMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VKbFZFTkRRVklyWjBGM1NVSkJaMGxDUVVSQlMwSm5aM0ZvYTJwUFVGRlJSRUZxUVd0TlUwbDNTVUZaUkZaUlVVUkVRbXg1WVRKVmVVeFlUbXdLWTI1YWJHTnBNV3BaVlVGNFRtcG5NVTE2VlhoT1JGRjNUVUkwV0VSVVNYcE5SRlY1VDFSQk5VMVVRVEJOUm05WVJGUk5lazFFVlhsT2FrRTFUVlJCTUFwTlJtOTNTa1JGYVUxRFFVZEJNVlZGUVhkM1dtTnRkR3hOYVRGNldsaEtNbHBZU1hSWk1rWkJUVlJaTkU1VVRURk5WRkV3VFVSQ1drMUNUVWRDZVhGSENsTk5ORGxCWjBWSFEwTnhSMU5OTkRsQmQwVklRVEJKUVVKSmQzRmFZMDVTVjBWU2FsQlVkalJsTUhFMk0ySmxTSEZEZDFWelducGtRa3BsU0VWbFpHTUtOVEJaUTNKTFNISklhbWdyTDJab2VXUklNME5ZVURNeFZXMWxTM1ZaVDBsVGRIVnZVbGx4YVdJMGFFZE5aekpxVVdwQ1FVMUJORWRCTVZWa1JIZEZRZ292ZDFGRlFYZEpRM0JFUVZCQ1owNVdTRkpOUWtGbU9FVkNWRUZFUVZGSUwwMUNNRWRCTVZWa1JHZFJWMEpDVWpaRGEzbEJOSEZqYldKSlVESlFWVW81Q2xacWJWVTNVV2R2WjJwQlMwSm5aM0ZvYTJwUFVGRlJSRUZuVGtsQlJFSkdRV2xCZUZKNU4xUTNRMVpEYVZWTVdFMDRZazVaVWtWek1HSnBZbWxVSzJzS1kwRnhlVmt5Tm5CaGMwcHpMM2RKYUVGTVNsQnFVVzVxZEcwMVptNTZWR3AxUVVsblRuTkdibFozWkZRMldXWXpieTg0ZFRsS05tMWhSR2RXQ2kwdExTMHRSVTVFSUVORlVsUkpSa2xEUVZSRkxTMHRMUzBLCiAgICBzZXJ2ZXI6IGh0dHBzOi8vMTkyLjE2OC4wLjEzMTo2NDQzCiAgbmFtZTogZGVmYXVsdApjb250ZXh0czoKLSBjb250ZXh0OgogICAgY2x1c3RlcjogZGVmYXVsdAogICAgbmFtZXNwYWNlOiBkZWZhdWx0CiAgICB1c2VyOiBya2UyLWd1ZXN0LTAxLWRlZmF1bHQtZGVmYXVsdAogIG5hbWU6IHJrZTItZ3Vlc3QtMDEtZGVmYXVsdC1kZWZhdWx0CmN1cnJlbnQtY29udGV4dDogcmtlMi1ndWVzdC0wMS1kZWZhdWx0LWRlZmF1bHQKa2luZDogQ29uZmlnCnByZWZlcmVuY2VzOiB7fQp1c2VyczoKLSBuYW1lOiBya2UyLWd1ZXN0LTAxLWRlZmF1bHQtZGVmYXVsdAogIHVzZXI6CiAgICB0b2tlbjogZXlKaGJHY2lPaUpTVXpJMU5pSXNJbXRwWkNJNklreGhUazQxUTBsMWFsTnRORE5TVFZKS00waE9UbGszTkV0amNVeEtjM1JSV1RoYVpUbGZVazA0YW1zaWZRLmV5SnBjM01pT2lKcmRXSmxjbTVsZEdWekwzTmxjblpwWTJWaFkyTnZkVzUwSWl3aWEzVmlaWEp1WlhSbGN5NXBieTl6WlhKMmFXTmxZV05qYjNWdWRDOXVZVzFsYzNCaFkyVWlPaUprWldaaGRXeDBJaXdpYTNWaVpYSnVaWFJsY3k1cGJ5OXpaWEoyYVdObFlXTmpiM1Z1ZEM5elpXTnlaWFF1Ym1GdFpTSTZJbkpyWlRJdFozVmxjM1F0TURFdGRHOXJaVzRpTENKcmRXSmxjbTVsZEdWekxtbHZMM05sY25acFkyVmhZMk52ZFc1MEwzTmxjblpwWTJVdFlXTmpiM1Z1ZEM1dVlXMWxJam9pY210bE1pMW5kV1Z6ZEMwd01TSXNJbXQxWW1WeWJtVjBaWE11YVc4dmMyVnlkbWxqWldGalkyOTFiblF2YzJWeWRtbGpaUzFoWTJOdmRXNTBMblZwWkNJNkltTXlZak5sTldGaExUWTBNMlF0TkRkbU1pMDROemt3TFRjeU5qWXpNbVl4Wm1aaU5pSXNJbk4xWWlJNkluTjVjM1JsYlRwelpYSjJhV05sWVdOamIzVnVkRHBrWldaaGRXeDBPbkpyWlRJdFozVmxjM1F0TURFaWZRLmFRZmU1d19ERFRsSWJMYnUzWUVFY3hmR29INGY1VnhVdmpaajJDaWlhcXB6VWI0dUYwLUR0cnRsa3JUM19ZemdXbENRVVVUNzNja1BuQmdTZ2FWNDhhdmlfSjJvdUFVZC04djN5d3M0eXpjLVFsTVV0MV9ScGJkUURzXzd6SDVYeUVIREJ1dVNkaTVrRWMweHk0X0tDQ2IwRHQ0OGFoSVhnNlMwRDdJUzFfVkR3MmdEa24wcDVXUnFFd0xmSjdEbHJDOFEzRkNUdGhpUkVHZkUzcmJGYUdOMjdfamR2cUo4WXlJQVd4RHAtVHVNT1pKZUNObXRtUzVvQXpIN3hOZlhRTlZ2ZU05X29tX3FaVnhuTzFEanllbWdvNG9OSEpzekp1VWliRGxxTVZiMS1oQUxYSjZXR1Z2RURxSTlna1JlSWtkX3JqS2tyY3lYaGhaN3lTZ3o3QQo=
+        owner: root:root
+        path: /var/lib/rancher/rke2/etc/config-files/cloud-provider-config
+        permissions: '0644'
+    ```
+
+1. Generate the cloud-provider cloud-config using the [generate_addon.sh](https://raw.githubusercontent.com/harvester/cloud-provider-harvester/master/deploy/generate_addon.sh) script, which is available in the [harvester/cloud-provider-harvester](https://github.com/harvester/cloud-provider-harvester) repository.
+
+    Example:
+
+    ```shell
+    ./generate_addon.sh <serviceaccount name> <namespace>
+    ```
+
+    The generated output will be similar to the following one:
+    The output will look as follows:
+
+    ```yaml
+    ########## cloud config ############
+    apiVersion: v1
+    clusters:
+    - cluster:
+        certificate-authority-data: <CACERT>
+        server: https://HARVESTER-ENDPOINT/k8s/clusters/local
+      name: local
+    contexts:
+    - context:
+        cluster: local
+        namespace: default
+        user: harvester-cloud-provider-default-local
+      name: harvester-cloud-provider-default-local
+    current-context: harvester-cloud-provider-default-local
+    kind: Config
+    preferences: {}
+    users:
+    - name: harvester-cloud-provider-default-local
+      user:
+        token: <TOKEN>
+
+    ########## cloud-init user data ############
+    write_files:
+    - encoding: b64
+      content: <CONTENT>
+      owner: root:root
+      path: /etc/kubernetes/cloud-config
+      permissions: '0644'
+    ```
+
+1. Create VM with two cloud-config files.
+
+    ![VM with cloud-config](/img/v1.4/rancher/vm-with-cloud-config.png)
+
+1. Install RKE2 in the VM.
+
+    ```shell
+    sudo mkdir -p /etc/rancher/rke2
+    echo "cni: calico
+    disable-kube-proxy: false
+    etcd-expose-metrics: false" | sudo tee /etc/rancher/rke2/config.yaml
+    curl -sfL https://get.rke2.io | sudo sh -
+    sudo systemctl enable rke2-server.service
+    sudo systemctl start rke2-server.service
+    ```
+
+1. Verify that RKE2 is running in the VM.
+
+    ```shell
+    sudo /var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml get nodes
+    ```
+
+1. Import the VM into Rancher.
+
+    On the Rancher UI, go to **Cluster Management** > **Clusters** > **Import Existing** > **Generic** > **Create**.
+
+    ![Import Exisging Cluster](/img/v1.4/rancher/import-existing-cluster.png)
+
+    ```shell
+    # Run the command in the VM
+    curl --insecure -sfL https://192.168.0.181:6443/v3/import/g5p2g2gtxw4564nktdl4nr5cwwvtwqp9zxd6dmhm5nc7vpnxmr9cfk_c-m-mzf28skd.yaml | sudo /var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml apply -f -
+    ```
+
+1. Install the Harvester Cloud Provider.
+
+    On the RKE2 Cluster Dashboard, go to **Apps** > **Charts** > **Harvester Cloud Provider** > **Install**.
+
+1. Install the Harvester CSI Driver.
+
+    On the RKE2 Cluster Dashboard, go to **Apps** > **Charts** > **Harvester CSI Driver** > **Install**.
+

docs/rancher/rancher-terraform.md

@@ -0,0 +1,184 @@
+---
+sidebar_position: 7
+sidebar_label: Rancher Terraform
+title: "Rancher Terraform"
+keywords:
+  - Harvester
+  - harvester
+  - Rancher
+  - rancher
+  - Terraform
+  - terraform
+description: Rancher Terraform allows administrators to create and manage RKE2 guest clusters using Terraform.
+---
+
+The [Rancher Terraform Provider](https://registry.terraform.io/providers/rancher/rancher2/) allows administrators to create and manage RKE2 guest clusters using Terraform.
+
+## Deployment
+
+### Prerequisites
+
+- The Kubernetes cluster is built on top of Harvester VMs.
+- The Harvester VMs that run as guest Kubernetes nodes are in the same namespace.
+
+
+### Deploy Guest Clusters Using the Rancher Terraform Provider
+
+1. Create an API key.
+
+    On the Rancher UI, go to **Account & API Keys** > **Create API key** > **Create**.
+
+    ![Create API Key](/img/v1.4/rancher/create-api-key.png)
+    ![Access & Secret Keys](/img/v1.4/rancher/access-and-secret-keys.png)
+
+1. Obtain the Harvester cluster ID.
+
+    On the Rancher UI, go to **Virtualization Management** > **Manage** > **Related Resources** > **Mgmt Cluster Name**.
+
+    ![Harvester Cluster ID](/img/v1.4/rancher/harvester-cluster-id.png)
+
+1. Obtain the kubeconfig for the Harvester Cloud Provider and the Harvester CSI Driver.
+
+
+    ```shell
+    # Generate harvester cloud provider kubeconfig
+    RANCHER_SERVER_URL="<RANCHER_SERVER_URL>" # Pure server URL like https://192.168.0.181:6443
+    RANCHER_ACCESS_KEY="<RANCHER_ACCESS_KEY>"
+    RANCHER_SECRET_KEY="<RANCHER_SECRET_KEY>"
+    HARVESTER_CLUSTER_ID="<HARVESTER_CLUSTER_ID>"
+    CLUSTER_NAME="rke2-demo"
+    curl -k -X POST ${RANCHER_SERVER_URL}/k8s/clusters/${HARVESTER_CLUSTER_ID}/v1/harvester/kubeconfig \
+    -H 'Content-Type: application/json' \
+    -u ${RANCHER_ACCESS_KEY}:${RANCHER_SECRET_KEY} \
+    -d '{"clusterRoleName": "harvesterhci.io:cloudprovider", "namespace": "default", "serviceAccountName": "'${CLUSTER_NAME}'"}' | xargs | sed 's/\\n/\n/g' > ${CLUSTER_NAME}-kubeconfig
+    ```
+
+1. Prepare a `provider.tf` file with the following content:
+
+    ```hcl
+    terraform {
+    required_providers {
+        rancher2 = {
+            source  = "rancher/rancher2"
+            version = "4.2.0"
+            }
+        }
+    }
+
+    # Configure the Rancher2 provider to admin
+    provider "rancher2" {
+        api_url    = "<api_url>" # API Endpoint on Account & API Keys page
+        access_key = "<access_key>"
+        secret_key = "<secret_key>"
+        insecure   = true # Set to true if the Rancher server uses a self-signed certificate
+    }
+    ```
+
+1. Prepare a `main.tf` file with the following content:
+
+    ```hcl
+    # Get imported harvester cluster info
+    data "rancher2_cluster_v2" "harv" {
+        name = "<harvester_cluster_name_in_rancher>"
+    }
+
+    # Create a new Cloud Credential for an imported Harvester cluster
+    resource "rancher2_cloud_credential" "harv-cred" {
+        name = "harv-cred"
+        harvester_credential_config {
+            cluster_id = data.rancher2_cluster_v2.harv.cluster_v1_id
+            cluster_type = "imported"
+            kubeconfig_content = data.rancher2_cluster_v2.harv.kube_config
+        }
+    }
+
+    # Create a new rancher2 machine config v2 using harvester node_driver
+    resource "rancher2_machine_config_v2" "rke2-machine" {
+        generate_name = "rke2-machine"
+        harvester_config {
+            vm_namespace = "default"
+            cpu_count = "2"
+            memory_size = "4"
+            disk_info = <<EOF
+            {
+                "disks": [{
+                    "imageName": "default/<vmimage-name>",
+                    "size": 15,
+                    "bootOrder": 1
+                }]
+            }
+            EOF
+            network_info = <<EOF
+            {
+                "interfaces": [{
+                    "networkName": "default/<network-name>"
+                }]
+            }
+            EOF
+            ssh_user = "<ssh_user>"
+            user_data = <<EOF
+            package_update: true
+            packages:
+            - qemu-guest-agent
+            - iptables
+            runcmd:
+            - - systemctl
+                - enable
+                - '--now'
+                - qemu-guest-agent.service
+            EOF
+        }
+    }
+
+    resource "rancher2_cluster_v2" "rke2-demo" {
+        name = "rke2-demo"
+        kubernetes_version = "v1.28.10+rke2r1"
+        rke_config {
+            machine_pools {
+                name = "pool1"
+                cloud_credential_secret_name = rancher2_cloud_credential.harv-cred.id
+                control_plane_role = true
+                etcd_role = true
+                worker_role = true
+                quantity = 1
+                machine_config {
+                    kind = rancher2_machine_config_v2.rke2-machine.kind
+                    name = rancher2_machine_config_v2.rke2-machine.name
+                }
+            }
+
+            machine_selector_config {
+                config = yamlencode({
+                    cloud-provider-config = file("${path.module}/rke2-demo-kubeconfig")
+                    cloud-provider-name = "harvester"
+                })
+            }
+
+            machine_global_config = <<EOF
+            cni: "calico"
+            disable-kube-proxy: false
+            etcd-expose-metrics: false
+            EOF
+
+            upgrade_strategy {
+                control_plane_concurrency = "1"
+                worker_concurrency = "1"
+            }
+
+            etcd {
+                snapshot_schedule_cron = "0 */5 * * *"
+                snapshot_retention = 5
+            }
+
+            chart_values = <<EOF
+            harvester-cloud-provider:
+            clusterName: rke2-demo
+            cloudConfigPath: /var/lib/rancher/rke2/etc/config-files/cloud-provider-config
+            EOF
+        }
+    }
+    ```
+
+1. Run `terraform init`.
+
+1. Run `terraform apply`.