Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
1 result

maze

  • Clone with SSH
  • Clone with HTTPS
    • Name Last commit Last update
    ansible
    old
    terraform
    README.md
    README.md

    Maze configs and automation

    K8s cluster

    In my case there is a VPN connection to the 192.168.96.0/22 network.

    1. Terraform (in local)

    Setup a cloudinit template
    https://registry.terraform.io/modules/sdhibit/cloud-init-vm/proxmox/latest/examples/ubuntu_single_vm

    Setup env variables (PM_USER, PM_PASS)

    cd terraform
terraform init
terraform apply
    1. Ansible (in local)
    cd ansible
./bootstrap.sh
ansible-playbook install.yml
    1. KubeSpray (on mgmt)
    cd /root/kubespray
docker login
ansible-playbook -i inventory/prod/inventory.ini cluster.yml --become

    (-e download_run_once=True -e download_localhost=True removed because of containerd. mgmt vm should get a better configuration to cache images)

    (prod inventory is copied from ansible/files/...)

    1. Copy .kube config with ansible (in local)
    cd ansible
ansible-playbook cp-kube-config.yml
    1. Setup NFS Storageclass (on mgmt)

    https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner

    On mgmt

    helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
    helm install nfs-subdir-external-provisioner \
    nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
    --set nfs.server=192.168.96.102 --set nfs.path=/home/public \
    --namespace nfs-provisioner --create-namespace

    default storageclass name: nfs-client

    1. Install istio (on mgmt)

    https://istio.io/latest/docs/setup/install/operator/

    istioctl operator init # Setup the operator
    kubectl apply -f - <<EOF
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
  name: istio-control-plane
spec:
  profile: default
EOF # Default setup for istio
    # Validate that it is installed
kubectl get svc -n istio-system
kubectl get pods -n istio-system
    1. Cert Manager (on mgmt)
    kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.3.1/cert-manager.yaml

    Setup letsencrypt issuer

    kubectl apply -f - <<EOF
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-issuer
  namespace: istio-system
spec:
  acme:
    email: rlacko99@gmail.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-issuer-account-key
    solvers:
    - http01:
       ingress:
         class: istio
EOF

    Test it

    kubectl apply -f - <<EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: hello-cert
  namespace: istio-system
spec:
  secretName: hello-cert
  issuerRef:
    name: letsencrypt-issuer
  commonName: hello.maze.sch.bme.hu
  dnsNames:
  - hello.maze.sch.bme.hu
EOF

    Hosted with :heart: by KSZK