tidy up
This commit is contained in:
parent
29e722d1b5
commit
a07565128e
27
README.md
27
README.md
@ -1,7 +1,26 @@
|
||||
Ansible for configuring base hosts
|
||||
The general idea is to bootstrap a bare metal host into a functioning kubernetes cluster.
|
||||
|
||||
Packer for creating VM templates.
|
||||
- Install Arch linux on the bare metal
|
||||
- Configure the bare metal Arch host as a hypervisor (qemu/kvm)
|
||||
- Install Arch linux into a VM on the hypervisor then convert it to a template.
|
||||
- Deploy 3 (or more) VMs from the template (uses backing store qcow images).
|
||||
- Create a kubernetes cluster from those 3 VMs.
|
||||
- Install calico networking into the cluster.
|
||||
- Remove the taint from control plane nodes. <-- Optional
|
||||
- Deploy workloads into the cluster
|
||||
|
||||
Terraform for deploying VMs based on those templates.
|
||||
What you don't see here is setup/configuration of an Opnsense VM to act as a firewall, this is too far off from being possible to automate.
|
||||
|
||||
Ansible for configuring deployed VMs into clusters.
|
||||
Opnsense provides firewall, routing (including BGP peering to calico nodes), DNS and acts as a HA proxy load balancer to the kubernetes nodes. I'll add notes at some point on how to configure opnsense but it's not something that can be done sensibly with ansible.
|
||||
|
||||
What you'll also need:
|
||||
|
||||
Clone the git repo
|
||||
Create a vault_password file (chmod 600) under the ansible directory. .gitignore should ensure this doesn't get commited to source control.
|
||||
Create an ansible vault in your inventory directory tree to hold sensitive variables such as 'ansible_become_pass'. Again .gitignore should ensure this vault file remains only on your workstation.
|
||||
|
||||
Check the defaults files for roles carefully. Variables are a scattered mess right now and need to be properly amalgamated.
|
||||
|
||||
Ansible roles were written to work on an Arch linux workstation, some tasks are intended to install packages to localhost (such as kubectl) and use pacman modules to do so.
|
||||
|
||||
If you encounter problems with these change those tasks to use your relvant package manager module, eg apt or yum.
|
||||
|
@ -6,13 +6,6 @@
|
||||
roles:
|
||||
- vm_deploy
|
||||
|
||||
# - name: python bootstrap
|
||||
# hosts: k8s
|
||||
# gather_facts: false
|
||||
# become: true
|
||||
# roles:
|
||||
# - python-install
|
||||
|
||||
# - name: vm hardening
|
||||
# hosts: k8s
|
||||
# gather_facts: true
|
||||
|
@ -1,10 +1,10 @@
|
||||
---
|
||||
# - name: configure control plane
|
||||
# hosts: k8s_control
|
||||
# gather_facts: true
|
||||
# become: true
|
||||
# roles:
|
||||
# - k8s_control
|
||||
- name: configure control plane
|
||||
hosts: k8s_control
|
||||
gather_facts: true
|
||||
become: true
|
||||
roles:
|
||||
- k8s_control
|
||||
|
||||
- name: configure calico networking
|
||||
hosts: localhost
|
||||
|
@ -5,18 +5,3 @@
|
||||
become: true
|
||||
roles:
|
||||
- vm_destroy
|
||||
|
||||
# - name: python bootstrap
|
||||
# hosts: k8s
|
||||
# gather_facts: false
|
||||
# become: true
|
||||
# roles:
|
||||
# - python-install
|
||||
|
||||
# - name: vm hardening
|
||||
# hosts: k8s
|
||||
# gather_facts: true
|
||||
# become: true
|
||||
# roles:
|
||||
# - sshd
|
||||
# - firewall
|
@ -12,8 +12,8 @@ vm_cpu: "4"
|
||||
vm_cpu_cores: "2"
|
||||
vm_cpu_threads: "2"
|
||||
vm_bridge: "br1"
|
||||
vm_mac_prefix: "52:54:00:e3:af:"
|
||||
vm_subnet_prefix: "192.168.199.1" # vm suffix will be appended to this
|
||||
vm_mac_prefix: "52:54:00:e3:af:" # vm name suffix will be appended to this
|
||||
vm_subnet_prefix: "192.168.199.1" # vm name suffix will be appended to this
|
||||
vm_subnet_suffix: "/24"
|
||||
vm_gateway: "192.168.199.254"
|
||||
vm_ntp: "192.168.199.254"
|
||||
|
@ -26,11 +26,6 @@
|
||||
state: shutdown
|
||||
name: "{{ vm_name }}"
|
||||
|
||||
# - name: destroy the vm
|
||||
# community.libvirt.virt:
|
||||
# state: destroyed
|
||||
# name: "{{ vm_name }}"
|
||||
|
||||
- name: delete the firmware vars file
|
||||
ansible.builtin.file:
|
||||
path: "{{ firmware_vhd_pool_dir }}/{{ vm_name }}_VARS.fd"
|
||||
|
@ -1,6 +1,5 @@
|
||||
---
|
||||
- name: install parted package
|
||||
become: true
|
||||
community.general.pacman:
|
||||
name: parted
|
||||
state: latest
|
||||
|
2
zz_archived/README.md
Normal file
2
zz_archived/README.md
Normal file
@ -0,0 +1,2 @@
|
||||
old stuff that didn't work out or was abandoned for a better approach.
|
||||
Ignore what you see here.
|
Loading…
Reference in New Issue
Block a user