begin k8s setup

2022-10-23 19:58:01 +13:00 · 2022-10-23 19:58:01 +13:00 · 31157afa57
commit 31157afa57
parent 020efcc3bb
2 changed files with 86 additions and 18 deletions
--- a/ansible/inventory/inventory.yaml
+++ b/ansible/inventory/inventory.yaml
@ -4,32 +4,81 @@ all:
      children:
        hypervisors:
          hosts:
-            server:
-              ansible_host: server.balsillie.net
-            lab:
-              ansible_host: lab.balsillie.net
+            - server
+            - lab
+            - hv00
        vms:
          children:
            nodes:
              hosts:
-                node1:
-                  ansible_host: node1.balsillie.net
-                node2:
-                  ansible_host: node2.balsillie.net
-                node3:
-                  ansible_host: node3.balsillie.net
+                - node1
+                - node2
+                - node3
          hosts:
-            router:
-              ansible_host: router.balsillie.net
+            - router
+    hetzner:
+      hosts:
+        - hv00
+        - firewall00
+    k8s:
+      children:
+        k8s_control:
+          hosts:
+            - kube00
+            - kube01
+            - kube02
+        k8s_taint:
+          hosts:
+            - kube00
+            - kube01
+            - kube02
+        k8s_worker:
+          hosts:
+            - kube00
+            - kube01
+            - kube02        
+    firewalls:
+      children:
+        fortigate:
+          hosts:
+            - fortigate00
+        opnsense:
+          hosts:
+            - firewall00
+    switches:
+      hosts:
+        - switch00
    workstations:
      children:
        arch:
          hosts:
-            lat5420:
-              ansible_host: lat5420.balsillie.net
-            sff:
-              ansible_host: sff.balsillie.net
+            - lat5420
+            - sff
        windows:
          hosts:
-            bridie:
-              ansible_host: bridie.balsillie.net
+            - bridie
+  hosts:
+    server:
+      ansible_host: server.balsillie.net
+    lab:
+      ansible_host: lab.balsillie.net
+    hv00:
+      ansible_host: server.balsillie.net
+    bridie:
+      ansible_host: bridie.balsillie.net
+    lat5420:
+      ansible_host: lat5420.balsillie.net
+    sff:
+      ansible_host: sff.balsillie.net
+    node1:
+      ansible_host: node1.balsillie.net
+    node2:
+      ansible_host: node2.balsillie.net
+    node3:
+      ansible_host: node3.balsillie.net
+    router:
+      ansible_host: router.balsillie.net
+    firewall00:
+      ansible_host: firewall.balsillie.net
+    fortigate00:
+      ansible_host: fortigate.balsillie.net
--- a/ansible/playbooks/k8s.yaml
+++ b/ansible/playbooks/k8s.yaml
@ -0,0 +1,19 @@
+---
+- name: python bootstrap
+  hosts: k8s
+  gather_facts: false
+  become: true
+  roles:
+    - python-install
+- name: ssh hardening
+  hosts: k8s
+  gather_facts: true
+  become: true
+  roles:
+    - sshd
+- name: configure control plane
+  hosts: k8s_control
+  gather_facts: true
+  become: false
+  roles:
+    - k8s_control