Add support for S3 backend.

README.md

 ## Prerequisites:
-- terraform - [install](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli)</br>
-- Form to access group project - https://projects.cloud.muni.cz/
+- terraform - [install](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli)
+- openstack-cli - [install](https://docs.openstack.org/newton/user-guide/common/cli-install-openstack-command-line-clients.html)
+- Form to access group project - https://projects.cloud.muni.cz/ (for master nodes we recommend to ask for `hpc.8core-16ram` )
 
 ## Create Infrastructure
 
-Create openstack application credentials: </br>
+Create openstack application credentials: 
  - On tab Identity > application credentials
  - \+ create application credential
  - Give a name > Create Applicaiton Credential
@@ -13,58 +14,49 @@ Create openstack application credentials: </br>
 ```
 git clone git@gitlab.ics.muni.cz:cloud/kubernetes/kubernetes-infra-example.git
 ```
-If required you may change the values as needed. (like infrastructure name, cluster size (master nodes, worker nodes groups), etc.)</br>
-- <code>~/kubernetes-infra-example/terraform/main.tf</code>
-- Give a path to your public ssh key at: <code>ssh_public_key = "~/.ssh/id_rsa.pub"</code>
+If required you may change the values as needed. (like infrastructure name, cluster size (master nodes, worker nodes groups), etc.) 
+- `~/kubernetes-infra-example/terraform/main.tf`
+- Give a path to your public ssh key at: `ssh_public_key = "~/.ssh/id_rsa.pub"`
 
 ```
 cd ~/kubernetes-infra-example/terraform/
-terraform init
 source ~/path/to/credentials.sh
+./init.sh
+terraform init
 terraform apply
 ```
 
 ## Create Kubernetes Cluster
 
-- <code>cd ~/kubernetes-infra-example/ansible/group_vars/all/</code>
+- `cd ~/kubernetes-infra-example/ansible/group_vars/all/`
 - All possible group vars are in [Kubespray](https://github.com/kubernetes-sigs/kubespray) project.
-- In <code>openstack.yml</code> modify the application credentials, can be the same credentials as already created.
+- In `openstack.yml` modify the application credentials, can be the same credentials as already created.
 
 
 #### Install Kubernetes
-Prerequisites: </br>
+Prerequisites: 
 ```
 cd ~/kubernetes-infra-example/ansible/01-playbook/
 sudo pip install -r requirements.txt
 ansible-galaxy install -r requirements.yml
 ```
 
-Run ansible playbook: </br>
+Run ansible playbook:
 ```
 cd ~/kubernetes-infra-example/ansible/01-playbook/
 ansible-playbook -i ../ansible_inventory --user=ubuntu --become --become-user=root play.yml
 ```
 
 #### Access via config
-- Kubeconfig is located in the artifacts directory, you can copy the config file to <code>~/.kube</code> directory for local access.
+- Kubeconfig is located in the artifacts directory, you can copy the config file to `~/.kube` directory for local access.
 
-#### Access with SSH </br>
+#### Access with SSH
 - If you need to access the cluster
-- Bastion ansible_hosts at <code>~/kubernetes-infra-example/ansible/ansible_inventory</code>
+- Bastion ansible_hosts at `~/kubernetes-infra-example/ansible/ansible_inventory`
 ```
 ssh -J ubuntu@<bastion_ip_address> ubuntu@<control-node_ip_address>
 # For example:
 # ssh -J ubuntu@195.113.167.169 ubuntu@10.10.10.26
 sudo -i
 kubectl get nodes
-```
-#### Nginx Ingress Controller
-Prerequisites: </br>
-- helm - [install](https://helm.sh/docs/intro/install/)</br>
-
-```
-helm repo add nginx-stable https://helm.nginx.com/stable
-helm repo update
-helm install nginx-ingress nginx-stable/nginx-ingress --set rbac.create=true
-kubectl get service
 ```
\ No newline at end of file

terraform/.gitignore

@@ -10,4 +10,6 @@ crash.log
 
 plan
 plan1
-.terraform.lock.hcl
\ No newline at end of file
+.terraform.lock.hcl
+.tf-s3-creds
+backend.tf
\ No newline at end of file

terraform/init.sh

+#!/bin/bash
+PROJECT_NAME=$(openstack application credential show ${OS_APPLICATION_CREDENTIAL_ID} -f value -c name)
+INFRA_NAME=$(grep -oP 'infra_name\s*=\s*"\K[^"]+' main.tf | awk '{print $1}')
+# Check if the container already exists
+if openstack container show "$PROJECT_NAME-$INFRA_NAME-tf-backend" >/dev/null 2>&1; then
+    echo "Container already exists, skipping creation."
+else
+    # Container doesn't exist, create it
+    openstack container create "$PROJECT_NAME-$INFRA_NAME-tf-backend"
+    echo "Container created."
+fi
+# Check if EC2 credentials already exist
+existing_credentials=$(openstack ec2 credentials list -f value | grep -c '^')
+if [ "$existing_credentials" -gt 0 ]; then
+    access=$(openstack ec2 credentials list -f value | head -n 1 |  awk '{print $1}')
+    secret=$(openstack ec2 credentials list -f value | head -n 1 |  awk '{print $2}')
+    echo "EC2 credentials already exist, skipping creation."
+else
+    # Create new EC2 credentials
+    CREDENTIALS=$(openstack ec2 credentials create -f shell)
+    access=$(echo "$CREDENTIALS" | grep -o 'access="[^"]*"' | cut -d'"' -f2)
+    secret=$(echo "$CREDENTIALS" | grep -o 'secret="[^"]*"' | cut -d'"' -f2)
+    echo "EC2 credentials created."
+fi
+if [ -f ".tf-s3-creds" ]; then
+    echo "Credential file already exists, skipping creation."
+else
+    cat > .tf-s3-creds << EOL
+    [default]
+    aws_access_key_id=${access}
+    aws_secret_access_key=${secret}
+EOL
+    echo "Credential file created."
+fi
+cat > backend.tf << EOL
+ terraform { 
+  backend "s3" {
+    endpoints =                 { s3 = "https://object-store.cloud.muni.cz/"}
+    shared_credentials_files    = ["./.tf-s3-creds"]
+    bucket                      = "$PROJECT_NAME-$INFRA_NAME-tf-backend"
+    use_path_style              = true
+    key                         = "terraform.tfstate"
+    region                      = "brno1"
+    skip_credentials_validation = true
+    skip_region_validation      = true
+    skip_requesting_account_id  = true
+    skip_metadata_api_check     = true
+    skip_s3_checksum            = true
+  }
+} 
+EOL
\ No newline at end of file

terraform/main.tf

 module "kubernetes_infra" {
 
   #  source = "./../../kubernetes-infra"
-    source = "git::https://gitlab.ics.muni.cz/cloud/terraform/modules/kubernetes-infra.git?ref=2.0.0"
+    source = "git::https://gitlab.ics.muni.cz/cloud/terraform/modules/kubernetes-infra.git?ref=2.0.1"
 
   # Example of variable override
   ssh_public_key = "~/.ssh/id_rsa.pub"

terraform/openstack_vars.yaml

-external_openstack_lbaas_floating_network_id: 9edb9ab8-8742-49e3-9461-528f31397672
-external_openstack_lbaas_network_id: 60bfbe57-ae9f-4455-b606-ae08062c3d16
-external_openstack_lbaas_subnet_id: 17b23236-4391-46e3-8ba4-be86d43d4034