From: Adam Shamblin Date: Sat, 28 Oct 2023 22:37:12 +0000 (-0600) Subject: wip X-Git-Url: https://git.vexinglabs.com/?a=commitdiff_plain;h=1d260cf76fbc50304164c84a9d87a8083b195cea;p=k8s-cluster.git wip --- 1d260cf76fbc50304164c84a9d87a8083b195cea diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a49b9cf --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +.terraform.lock.hcl +.terraform/ diff --git a/controller.tf b/controller.tf new file mode 100644 index 0000000..575bf82 --- /dev/null +++ b/controller.tf @@ -0,0 +1,55 @@ +resource "digitalocean_vpc" "acg-k8s-vpc" { + name = "acg-k8s-vpc" + region = "nyc1" +} + +resource "digitalocean_droplet" "acg-k8s-control" { + image = "ubuntu-20-04-x64" + name = "acg-k8s-control" + region = "nyc1" + size = "s-2vcpu-2gb" + ssh_keys = [ + data.digitalocean_ssh_key.debesto.id + ] + vpc_uuid = digitalocean_vpc.acg-k8s-vpc.id + + connection { + host = self.ipv4_address + user = "root" + type = "ssh" + private_key = file(var.pvt_key) + timeout = "2m" + } + + provisioner "remote-exec" { + scripts = [ + "provision-node.sh" + ] + } +} + +resource "digitalocean_domain" "default" { + name = "acg-control.vexinglabs.com" + ip_address = digitalocean_droplet.acg-k8s-control.ipv4_address +} + +resource "digitalocean_project" "cka-study-project" { + name = "cka-study-project" + description = "A project to contain CKA study resources" + purpose = "k8s cluster" + environment = "Development" + resources = [ + digitalocean_vpc.acg-k8s-vpc.urn + digitalocean_droplet.agc-k8s-control.urn + ] +} + +resource "ansible_playbook" "playbook" { + playbook = "users.yml" + name = digitalocean_domain.default.id + replayable = true + + extra_vars = { + ssh_key = digitalocean_ssh_key.debesto.id + } +} diff --git a/install.yml b/install.yml new file mode 100644 index 0000000..b293cc9 --- /dev/null +++ b/install.yml @@ -0,0 +1,21 @@ +--- +- hosts: "masters, workers" + remote_user: ubuntu + become: yes + become_method: sudo + become_user: root + gather_facts: yes + connection: ssh + + tasks: + - name: Create containerd config file + - name: Add conf for containerd + - name: modprobe + - name: Set system configurations for Kubernetes networking + - name: Add conf for containerd + - name: Apply new settings + - name: install containerd + - name: Disable swap + - name: Create k8s repo file + - name: Add k8s source + - name: Install k8s diff --git a/provider.tf b/provider.tf new file mode 100644 index 0000000..87fad5b --- /dev/null +++ b/provider.tf @@ -0,0 +1,23 @@ +terraform { + required_providers { + digitalocean = { + source = "digitalocean/digitalocean" + version = "~> 2.0" + } + ansible = { + version = "~> 1.1.0" + source = "ansible/ansible" + } + } +} + +variable "do_token" {} +variable "pvt_key" {} + +provider "digitalocean" { + token = var.do_token +} + +data "digitalocean_ssh_key" "debesto" { + name = "debesto" +} diff --git a/provision-node.sh b/provision-node.sh new file mode 100644 index 0000000..bf98720 --- /dev/null +++ b/provision-node.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash + +# Update +apt-get update && apt-get upgrade +apt-get install -y \ + ca-certificates curl gnupg lsb-release apt-transport-https + +# Enable kernel modules +cat < /dev/null + +apt-get update diff --git a/users.yml b/users.yml new file mode 100644 index 0000000..7f61407 --- /dev/null +++ b/users.yml @@ -0,0 +1,18 @@ +--- +- hosts: "workers, masters" + become: yes + + tasks: + - name: Create the kube user account + user: name=kube append=yes state=present createhome=yes shell=/bin/bash + + - name: allow 'kube' to use sudo w/out a password + lineinfile: + dest: /etc/sudoers + line: 'kube ALL=(ALL) NOPASSWD: ALL' + validate: 'visudo -cf %s' + + - name: set up authorized_keys for the kube user + authorized_key: user=kube key="{{item}}" + with_file: + - ~/.ssh/id_rsa.pub