wip

diff --git a/.gitignore b/.gitignore
new file mode 100644 (file)
index 0000000..a49b9cf
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+.terraform.lock.hcl
+.terraform/

diff --git a/controller.tf b/controller.tf
new file mode 100644 (file)
index 0000000..575bf82
--- /dev/null
+++ b/controller.tf
@@ -0,0 +1,55 @@
+resource "digitalocean_vpc" "acg-k8s-vpc" {
+  name = "acg-k8s-vpc"
+  region = "nyc1"
+}
+
+resource "digitalocean_droplet" "acg-k8s-control" {
+  image = "ubuntu-20-04-x64"
+  name = "acg-k8s-control"
+  region = "nyc1"
+  size = "s-2vcpu-2gb"
+  ssh_keys = [
+    data.digitalocean_ssh_key.debesto.id
+  ]
+  vpc_uuid = digitalocean_vpc.acg-k8s-vpc.id
+
+  connection {
+    host = self.ipv4_address
+    user = "root"
+    type = "ssh"
+    private_key = file(var.pvt_key)
+    timeout = "2m"
+  }
+
+  provisioner "remote-exec" {
+    scripts = [
+      "provision-node.sh"
+    ]
+  }
+}
+
+resource "digitalocean_domain" "default" {
+  name = "acg-control.vexinglabs.com"
+  ip_address = digitalocean_droplet.acg-k8s-control.ipv4_address
+}
+
+resource "digitalocean_project" "cka-study-project" {
+  name = "cka-study-project"
+  description = "A project to contain CKA study resources"
+  purpose = "k8s cluster"
+  environment = "Development"
+  resources = [
+    digitalocean_vpc.acg-k8s-vpc.urn
+    digitalocean_droplet.agc-k8s-control.urn
+  ]
+}
+
+resource "ansible_playbook" "playbook" {
+  playbook = "users.yml"
+  name = digitalocean_domain.default.id
+  replayable = true
+
+  extra_vars = {
+    ssh_key = digitalocean_ssh_key.debesto.id
+  }
+}

diff --git a/install.yml b/install.yml
new file mode 100644 (file)
index 0000000..b293cc9
--- /dev/null
+++ b/install.yml
@@ -0,0 +1,21 @@
+---
+- hosts: "masters, workers"
+  remote_user: ubuntu
+  become: yes
+  become_method: sudo
+  become_user: root
+  gather_facts: yes
+  connection: ssh
+
+  tasks:
+    - name: Create containerd config file
+    - name: Add conf for containerd
+    - name: modprobe
+    - name: Set system configurations for Kubernetes networking
+    - name: Add conf for containerd
+    - name: Apply new settings
+    - name: install containerd
+    - name: Disable swap
+    - name: Create k8s repo file
+    - name: Add k8s source
+    - name: Install k8s

diff --git a/provider.tf b/provider.tf
new file mode 100644 (file)
index 0000000..87fad5b
--- /dev/null
+++ b/provider.tf
@@ -0,0 +1,23 @@
+terraform {
+  required_providers {
+    digitalocean = {
+      source = "digitalocean/digitalocean"
+      version = "~> 2.0"
+    }
+    ansible = {
+      version = "~> 1.1.0"
+      source = "ansible/ansible"
+    }
+  }
+}
+
+variable "do_token" {}
+variable "pvt_key" {}
+
+provider "digitalocean" {
+  token = var.do_token
+}
+
+data "digitalocean_ssh_key" "debesto" {
+  name = "debesto"
+}

diff --git a/provision-node.sh b/provision-node.sh
new file mode 100644 (file)
index 0000000..bf98720
--- /dev/null
+++ b/provision-node.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+# Update
+apt-get update && apt-get upgrade
+apt-get install -y \
+  ca-certificates curl gnupg lsb-release apt-transport-https
+
+# Enable kernel modules
+cat <<EOF | tee /etc/modules-load.d/k8s.conf
+overlay
+br_netfilter
+EOF
+
+modprobe overlay
+modprobe br_netfilter
+
+
+# sysctl
+cat <<EOF | tee /etc/systctl.d/k8s.conf
+net.bridge.bridge-nf-call-iptables = 1
+net.bridge.bridge-nf-call-ip6tables = 1
+net.ipv4.ip_forward = 1
+EOF
+
+sysctl --system
+
+
+# Setup to install Docker Engine
+mkdir -m 0755 -p /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+
+echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+  $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
+
+apt-get update

diff --git a/users.yml b/users.yml
new file mode 100644 (file)
index 0000000..7f61407
--- /dev/null
+++ b/users.yml
@@ -0,0 +1,18 @@
+---
+- hosts: "workers, masters"
+  become: yes
+
+  tasks:
+    - name: Create the kube user account
+      user: name=kube append=yes state=present createhome=yes shell=/bin/bash
+
+    - name: allow 'kube' to use sudo w/out a password
+      lineinfile:
+        dest: /etc/sudoers
+        line: 'kube ALL=(ALL) NOPASSWD: ALL'
+        validate: 'visudo -cf %s'
+
+    - name: set up authorized_keys for the kube user
+      authorized_key: user=kube key="{{item}}"
+      with_file:
+        - ~/.ssh/id_rsa.pub