Maze configs and automation
K8s cluster
In my case there is a VPN connection to the 192.168.96.0/22 network.
- Terraform (in local)
Setup a cloudinit template
https://registry.terraform.io/modules/sdhibit/cloud-init-vm/proxmox/latest/examples/ubuntu_single_vm
Setup env variables (PM_USER, PM_PASS)
cd terraform
terraform init
terraform apply- Ansible (in local)
cd ansible
./bootstrap.sh
ansible-playbook install.yml- KubeSpray (on mgmt)
cd /root/kubespray
docker login
ansible-playbook -i inventory/prod/inventory.ini cluster.yml -e download_run_once=True -e download_localhost=True --become(prod inventory is copied from ansible/files/...)
- Copy .kube config with ansible (in local)
cd ansible
ansible-playbook cp-kube-config.yml- Setup NFS Storageclass (on mgmt)
https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner
On mgmt
helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/helm install nfs-subdir-external-provisioner \
nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
--set nfs.server=192.168.96.102 --set nfs.path=/home/public \
--namespace nfs-provisioner --create-namespacedefault storageclass name: nfs-client
- Install istio (on mgmt)
https://istio.io/latest/docs/setup/install/operator/
istioctl operator init # Setup the operatorkubectl apply -f - <<EOF
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
namespace: istio-system
name: istio-control-plane
spec:
profile: default
EOF # Default setup for istio# Validate that it is installed
kubectl get svc -n istio-system
kubectl get pods -n istio-system