tidy up
This commit is contained in:
parent
29e722d1b5
commit
a07565128e
27
README.md
27
README.md
@ -1,7 +1,26 @@
|
|||||||
Ansible for configuring base hosts
|
The general idea is to bootstrap a bare metal host into a functioning kubernetes cluster.
|
||||||
|
|
||||||
Packer for creating VM templates.
|
- Install Arch linux on the bare metal
|
||||||
|
- Configure the bare metal Arch host as a hypervisor (qemu/kvm)
|
||||||
|
- Install Arch linux into a VM on the hypervisor then convert it to a template.
|
||||||
|
- Deploy 3 (or more) VMs from the template (uses backing store qcow images).
|
||||||
|
- Create a kubernetes cluster from those 3 VMs.
|
||||||
|
- Install calico networking into the cluster.
|
||||||
|
- Remove the taint from control plane nodes. <-- Optional
|
||||||
|
- Deploy workloads into the cluster
|
||||||
|
|
||||||
Terraform for deploying VMs based on those templates.
|
What you don't see here is setup/configuration of an Opnsense VM to act as a firewall, this is too far off from being possible to automate.
|
||||||
|
|
||||||
Ansible for configuring deployed VMs into clusters.
|
Opnsense provides firewall, routing (including BGP peering to calico nodes), DNS and acts as a HA proxy load balancer to the kubernetes nodes. I'll add notes at some point on how to configure opnsense but it's not something that can be done sensibly with ansible.
|
||||||
|
|
||||||
|
What you'll also need:
|
||||||
|
|
||||||
|
Clone the git repo
|
||||||
|
Create a vault_password file (chmod 600) under the ansible directory. .gitignore should ensure this doesn't get commited to source control.
|
||||||
|
Create an ansible vault in your inventory directory tree to hold sensitive variables such as 'ansible_become_pass'. Again .gitignore should ensure this vault file remains only on your workstation.
|
||||||
|
|
||||||
|
Check the defaults files for roles carefully. Variables are a scattered mess right now and need to be properly amalgamated.
|
||||||
|
|
||||||
|
Ansible roles were written to work on an Arch linux workstation, some tasks are intended to install packages to localhost (such as kubectl) and use pacman modules to do so.
|
||||||
|
|
||||||
|
If you encounter problems with these change those tasks to use your relvant package manager module, eg apt or yum.
|
||||||
|
@ -6,13 +6,6 @@
|
|||||||
roles:
|
roles:
|
||||||
- vm_deploy
|
- vm_deploy
|
||||||
|
|
||||||
# - name: python bootstrap
|
|
||||||
# hosts: k8s
|
|
||||||
# gather_facts: false
|
|
||||||
# become: true
|
|
||||||
# roles:
|
|
||||||
# - python-install
|
|
||||||
|
|
||||||
# - name: vm hardening
|
# - name: vm hardening
|
||||||
# hosts: k8s
|
# hosts: k8s
|
||||||
# gather_facts: true
|
# gather_facts: true
|
||||||
|
@ -1,10 +1,10 @@
|
|||||||
---
|
---
|
||||||
# - name: configure control plane
|
- name: configure control plane
|
||||||
# hosts: k8s_control
|
hosts: k8s_control
|
||||||
# gather_facts: true
|
gather_facts: true
|
||||||
# become: true
|
become: true
|
||||||
# roles:
|
roles:
|
||||||
# - k8s_control
|
- k8s_control
|
||||||
|
|
||||||
- name: configure calico networking
|
- name: configure calico networking
|
||||||
hosts: localhost
|
hosts: localhost
|
||||||
|
@ -5,18 +5,3 @@
|
|||||||
become: true
|
become: true
|
||||||
roles:
|
roles:
|
||||||
- vm_destroy
|
- vm_destroy
|
||||||
|
|
||||||
# - name: python bootstrap
|
|
||||||
# hosts: k8s
|
|
||||||
# gather_facts: false
|
|
||||||
# become: true
|
|
||||||
# roles:
|
|
||||||
# - python-install
|
|
||||||
|
|
||||||
# - name: vm hardening
|
|
||||||
# hosts: k8s
|
|
||||||
# gather_facts: true
|
|
||||||
# become: true
|
|
||||||
# roles:
|
|
||||||
# - sshd
|
|
||||||
# - firewall
|
|
@ -12,8 +12,8 @@ vm_cpu: "4"
|
|||||||
vm_cpu_cores: "2"
|
vm_cpu_cores: "2"
|
||||||
vm_cpu_threads: "2"
|
vm_cpu_threads: "2"
|
||||||
vm_bridge: "br1"
|
vm_bridge: "br1"
|
||||||
vm_mac_prefix: "52:54:00:e3:af:"
|
vm_mac_prefix: "52:54:00:e3:af:" # vm name suffix will be appended to this
|
||||||
vm_subnet_prefix: "192.168.199.1" # vm suffix will be appended to this
|
vm_subnet_prefix: "192.168.199.1" # vm name suffix will be appended to this
|
||||||
vm_subnet_suffix: "/24"
|
vm_subnet_suffix: "/24"
|
||||||
vm_gateway: "192.168.199.254"
|
vm_gateway: "192.168.199.254"
|
||||||
vm_ntp: "192.168.199.254"
|
vm_ntp: "192.168.199.254"
|
||||||
|
@ -26,11 +26,6 @@
|
|||||||
state: shutdown
|
state: shutdown
|
||||||
name: "{{ vm_name }}"
|
name: "{{ vm_name }}"
|
||||||
|
|
||||||
# - name: destroy the vm
|
|
||||||
# community.libvirt.virt:
|
|
||||||
# state: destroyed
|
|
||||||
# name: "{{ vm_name }}"
|
|
||||||
|
|
||||||
- name: delete the firmware vars file
|
- name: delete the firmware vars file
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ firmware_vhd_pool_dir }}/{{ vm_name }}_VARS.fd"
|
path: "{{ firmware_vhd_pool_dir }}/{{ vm_name }}_VARS.fd"
|
||||||
|
@ -1,6 +1,5 @@
|
|||||||
---
|
---
|
||||||
- name: install parted package
|
- name: install parted package
|
||||||
become: true
|
|
||||||
community.general.pacman:
|
community.general.pacman:
|
||||||
name: parted
|
name: parted
|
||||||
state: latest
|
state: latest
|
||||||
|
2
zz_archived/README.md
Normal file
2
zz_archived/README.md
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
old stuff that didn't work out or was abandoned for a better approach.
|
||||||
|
Ignore what you see here.
|
Loading…
Reference in New Issue
Block a user