Skip to content
Snippets Groups Projects
Select Git revision
  • 58a0fa2541fe23b848f23bc8d185824f60b9b2d3
  • master default protected
2 results

maze

Name Last commit Last update
ansible
old
terraform
README.md
README.md

Maze configs and automation

K8s cluster

In my case there is a VPN connection to the 192.168.96.0/22 network.

  1. Terraform (in local)

Setup a cloudinit template
https://registry.terraform.io/modules/sdhibit/cloud-init-vm/proxmox/latest/examples/ubuntu_single_vm

Setup env variables (PM_USER, PM_PASS)

cd terraform
terraform init
terraform apply
  1. Ansible (in local)
cd ansible
./bootstrap.sh
ansible-playbook install.yml
  1. KubeSpray (on mgmt)
cd /root/kubespray
docker login
ansible-playbook -i inventory/prod/inventory.ini cluster.yml --become

(-e download_run_once=True -e download_localhost=True removed because of containerd. mgmt vm should get a better configuration to cache images)

(prod inventory is copied from ansible/files/...)

  1. Copy .kube config with ansible (in local)
cd ansible
ansible-playbook cp-kube-config.yml
  1. Setup NFS Storageclass (on mgmt)

https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner

On mgmt

helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
helm install nfs-subdir-external-provisioner \
    nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
    --set nfs.server=192.168.96.102 --set nfs.path=/home/public \
    --namespace nfs-provisioner --create-namespace

default storageclass name: nfs-client

  1. Install istio (on mgmt)

https://istio.io/latest/docs/setup/install/operator/

istioctl operator init # Setup the operator
kubectl apply -f - <<EOF
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
  namespace: istio-system
  name: istio-control-plane
spec:
  profile: default
EOF # Default setup for istio
# Validate that it is installed
kubectl get svc -n istio-system
kubectl get pods -n istio-system
  1. Cert Manager (on mgmt)
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.3.1/cert-manager.yaml

Setup letsencrypt issuer

kubectl apply -f - <<EOF
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-issuer
  namespace: istio-system
spec:
  acme:
    email: rlacko99@gmail.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-issuer-account-key
    solvers:
    - http01:
       ingress:
         class: istio
EOF

Test it

kubectl apply -f - <<EOF
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: hello-cert
  namespace: istio-system
spec:
  secretName: hello-cert
  issuerRef:
    name: letsencrypt-issuer
  commonName: hello.maze.sch.bme.hu
  dnsNames:
  - hello.maze.sch.bme.hu
EOF

Hosted with :heart: by KSZK