Readme
This commit is contained in:
parent
8771b6b68e
commit
c9c329ece1
|
@ -0,0 +1,63 @@
|
|||
Snel.com Ansible Playbooks - Installation
|
||||
---
|
||||
|
||||
## Install requirements on macOS
|
||||
```zsh
|
||||
brew install \
|
||||
ansible \
|
||||
ansible-lint \
|
||||
packer \
|
||||
jq \
|
||||
siderolabs/talos/talosctl \
|
||||
kubernetes-cli \
|
||||
helm \
|
||||
bitwarden-cli \
|
||||
velero
|
||||
helm plugin install https://github.com/databus23/helm-diff
|
||||
python3 -m pip install --upgrade --requirement ./requirements.txt
|
||||
ansible-galaxy install --force --role-file ./requirements.yml
|
||||
grep 'OBJC_DISABLE_INITIALIZE_FORK_SAFETY' ~/.zshrc || echo "OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES" >> ~/.zshrc
|
||||
source ~/.zshrc
|
||||
```
|
||||
|
||||
## Install requirements on Linux (non-root)
|
||||
```bash
|
||||
mkdir -p "${HOME}/bin"
|
||||
if [[ "${PATH}" != *"${HOME}/.local/bin"* ]]; then echo 'PATH="${HOME}/.local/bin:${PATH}"' >> ~/.bash_profile; source ~/.bash_profile; fi
|
||||
if [[ "${PATH}" != *"${HOME}/bin"* ]]; then echo 'PATH="${HOME}/bin:${PATH}"' >> ~/.bash_profile; source ~/.bash_profile; fi
|
||||
curl -L "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -o "${HOME}/bin/kubectl"
|
||||
curl -L "https://github.com/siderolabs/talos/releases/download/latest/talosctl-linux-amd64" -o "${HOME}/bin/talosctl"
|
||||
curl -L "https://get.helm.sh/helm-$(curl -s https://api.github.com/repos/helm/helm/releases/latest | jq -r '.tag_name' )-linux-amd64.tar.gz" | tar -C "${HOME}/bin" -xpzf - linux-amd64/helm --strip-components 1
|
||||
curl -sL "https://vault.bitwarden.com/download/?app=cli&platform=linux" | unzip -o -d "${HOME}/bin" - bw
|
||||
chmod +x "${HOME}/bin/"*
|
||||
python3 -m pip --version
|
||||
|
||||
```
|
||||
|
||||
## Clone repo
|
||||
```zsh
|
||||
mkdir -m750 -p ~/repos
|
||||
cd ~/repos
|
||||
git clone --recurse-submodules git@git.snel.com:snelcom-ansible/snel.ansible.git snel.ansible
|
||||
git config pull.rebase true
|
||||
git config core.hooksPath .githooks
|
||||
cd ~/repos/snel.ansible
|
||||
python3 -m pip install --upgrade --requirement ./requirements.txt
|
||||
ansible-galaxy install --force --role-file ./requirements.yml
|
||||
```
|
||||
|
||||
## Vaultwarden
|
||||
### First time login on Vaultwarden:
|
||||
```zsh
|
||||
bw config server 'https://pw.snel.com/'
|
||||
bw login
|
||||
```
|
||||
|
||||
## Vault password
|
||||
- Copy the vault password from the [Vaultwarden Item](https://pw.snel.com/#/vault?itemId=7f1b6fd8-f519-43ef-bc4f-108f9f39b75a&cipherId=261e5eb5-8118-4c7f-84c5-101793ede911)
|
||||
```bash
|
||||
cd ~/repos/snel.ansible
|
||||
mkdir -m700 -p .ansible
|
||||
echo -n '__THE_PASSWORD__' > .ansible/vault_pass
|
||||
chmod 600 .ansible/vault_pass
|
||||
```
|
78
README.md
78
README.md
|
@ -1,58 +1,38 @@
|
|||
Snel.com Ansible Playbooks
|
||||
---
|
||||
|
||||
## Clone repo on macOS
|
||||
## Preparation
|
||||
Make sure you followed the instructions in [INSTALL.md](./INSTALL.md)
|
||||
|
||||
## Step 1: Customer order
|
||||
Customer orders cluster using the [special order page](https://my.snel.com/cart/kubernetes/)
|
||||
|
||||
## Step 2: Create inventory
|
||||
In this repo:
|
||||
- Create a copy of the inventory file `inventory/cluster_[NAME].yml.tpl`.
|
||||
- Replace `[NAME]` with the name of the cluster and remove te `.tpl` suffix.
|
||||
- Inside this file replace all `[NAME]` and update the IPs
|
||||
- In the package the customer will have one new Cloud VPS Bucket, this IP is used for `control.[NAME].k8s.snel.com`
|
||||
- In the package the customer will have 6 new Talos VPSses.
|
||||
- The first 3 IPs need to be used for the `talos_control_nodes`
|
||||
- The remaining 3 IPs need to be used for the `talos_worker_nodes`
|
||||
- Attach 3 extra IPs to the VPS which will become `c1.[NAME].k8s.snel.com`, the first control node.
|
||||
- Use these IPs in the inventory file as `ingress_ips`
|
||||
- These will be floating IPs for MetalLB
|
||||
|
||||
### Step 3: Execute playbook - VPSses
|
||||
Your Vaultwarden vault password will be asked.
|
||||
```zsh
|
||||
cd ~/repos
|
||||
git clone --recurse-submodules git@git.snel.com:snelcom-ansible/snel.ansible.git snel.ansible
|
||||
```
|
||||
|
||||
|
||||
## Install on macOS
|
||||
```zsh
|
||||
brew install \
|
||||
ansible \
|
||||
ansible-lint \
|
||||
packer \
|
||||
jq \
|
||||
siderolabs/talos/talosctl \
|
||||
kubernetes-cli \
|
||||
helm \
|
||||
bitwarden-cli \
|
||||
velero
|
||||
helm plugin install https://github.com/databus23/helm-diff
|
||||
bw config server 'https://pw.snel.com/'
|
||||
python3 -m pip install --upgrade --requirement ./requirements.txt
|
||||
ansible-galaxy install --force --role-file ./requirements.yml
|
||||
git config core.hooksPath .githooks
|
||||
grep 'OBJC_DISABLE_INITIALIZE_FORK_SAFETY' ~/.zshrc || echo "OBJC_DISABLE_INITIALIZE_FORK_SAFETY=YES" >> ~/.zshrc
|
||||
source ~/.zshrc
|
||||
```
|
||||
|
||||
## Install on Linux (non-root)
|
||||
```bash
|
||||
mkdir -p "${HOME}/bin"
|
||||
if [[ "${PATH}" != *"${HOME}/bin"* ]]; then echo 'PATH="${HOME}/bin:${PATH}"' >> ~/.bash_profile; source ~/.bash_profile; fi
|
||||
curl -L "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -o "${HOME}/bin/kubectl"
|
||||
curl -L "https://github.com/siderolabs/talos/releases/download/latest/talosctl-linux-amd64" -o "${HOME}/bin/talosctl"
|
||||
curl -L "https://get.helm.sh/helm-$(curl -s https://api.github.com/repos/helm/helm/releases/latest | jq -r '.tag_name' )-linux-amd64.tar.gz" | tar -C "${HOME}/bin" -xpzf - linux-amd64/helm --strip-components 1
|
||||
chmod +x "${HOME}/bin/"*
|
||||
```
|
||||
|
||||
## Usage
|
||||
### First time: Login on Vaultwarden:
|
||||
```zsh
|
||||
bw login
|
||||
```
|
||||
|
||||
### Execute playbook - VPSses
|
||||
```zsh
|
||||
bw sync
|
||||
BW_SESSION=$(bw unlock --raw) ansible-playbook site.yml --limit customer_deovero
|
||||
cd ~/repos/snel.ansible
|
||||
git pull
|
||||
bw sync
|
||||
BW_SESSION=$(bw unlock --raw) ansible-playbook site.yml --limit cluster_[NAME]
|
||||
```
|
||||
|
||||
### Execute playbook - (Re)install Talos on Hardware
|
||||
Your Vaultwarden vault password will be asked.
|
||||
```zsh
|
||||
bw sync
|
||||
BW_SESSION=$(bw unlock --raw) ansible-playbook ./playbooks/snel.kubernetes-cluster/dci_reinstall_talos.yml --limit customer_deovero
|
||||
cd ~/repos/snel.ansible
|
||||
bw sync
|
||||
BW_SESSION=$(bw unlock --raw) ansible-playbook ./playbooks/snel.kubernetes-cluster/dci_reinstall_talos.yml --limit cluster_[NAME]
|
||||
```
|
|
@ -0,0 +1,39 @@
|
|||
---
|
||||
kubernetes:
|
||||
children:
|
||||
customer_[NAME]:
|
||||
vars:
|
||||
cluster_name: [NAME].k8s.snel.com
|
||||
children:
|
||||
control_lb_nodes:
|
||||
hosts:
|
||||
control.[NAME].k8s.snel.com:
|
||||
ansible_host: 185.62.___.___
|
||||
talos:
|
||||
children:
|
||||
talos_control_nodes:
|
||||
hosts:
|
||||
c1.[NAME].k8s.snel.com:
|
||||
ansible_host: 185.62.___.___
|
||||
c2.[NAME].k8s.snel.com:
|
||||
ansible_host: 185.62.___.___
|
||||
c3.[NAME].k8s.snel.com:
|
||||
ansible_host: 185.62.___.___
|
||||
talos_worker_nodes:
|
||||
hosts:
|
||||
w1.[NAME].k8s.snel.com:
|
||||
ansible_host: 185.62.___.___
|
||||
w2.[NAME].k8s.snel.com:
|
||||
ansible_host: 185.62.___.___
|
||||
w3.[NAME].k8s.snel.com:
|
||||
ansible_host: 185.62.___.___
|
||||
#talos_hardware_nodes:
|
||||
# hosts:
|
||||
# hw1.[NAME].k8s.snel.com:
|
||||
talos_first_nodes:
|
||||
hosts:
|
||||
c1.[NAME].k8s.snel.com:
|
||||
ingress_ips:
|
||||
- 185.62.___.___ # Rancher + Traefik
|
||||
# - 185.62.___.___ # extra IP
|
||||
# - 185.62.___.___ # extra IP
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
kubernetes:
|
||||
children:
|
||||
customer_deovero:
|
||||
cluster_deovero:
|
||||
vars:
|
||||
cluster_name: deovero.k8s.snel.com
|
||||
children:
|
||||
|
@ -75,4 +75,4 @@ kubernetes:
|
|||
ingress_ips:
|
||||
- 185.62.58.184 # Rancher + Traefik
|
||||
- 185.62.57.66
|
||||
- 185.62.58.66
|
||||
#- 185.62.58.66
|
|
@ -0,0 +1,39 @@
|
|||
---
|
||||
kubernetes:
|
||||
children:
|
||||
cluster_pietje:
|
||||
vars:
|
||||
cluster_name: pietje.k8s.snel.com
|
||||
children:
|
||||
control_lb_nodes:
|
||||
hosts:
|
||||
control.pietje.k8s.snel.com:
|
||||
ansible_host: 185.62.58.98
|
||||
talos:
|
||||
children:
|
||||
talos_control_nodes:
|
||||
hosts:
|
||||
c1.pietje.k8s.snel.com:
|
||||
ansible_host: 185.62.58.123
|
||||
c2.pietje.k8s.snel.com:
|
||||
ansible_host: 185.62.57.138
|
||||
c3.pietje.k8s.snel.com:
|
||||
ansible_host: 185.62.57.9
|
||||
talos_worker_nodes:
|
||||
hosts:
|
||||
w1.pietje.k8s.snel.com:
|
||||
ansible_host: 185.62.56.40
|
||||
w2.pietje.k8s.snel.com:
|
||||
ansible_host: 185.62.56.141
|
||||
w3.pietje.k8s.snel.com:
|
||||
ansible_host: 185.62.57.201
|
||||
# talos_hardware_nodes:
|
||||
# hosts:
|
||||
# hw1.[NAME].k8s.snel.com:
|
||||
talos_first_nodes:
|
||||
hosts:
|
||||
c1.pietje.k8s.snel.com:
|
||||
ingress_ips:
|
||||
- 185.62.58.66 # Rancher + Traefik
|
||||
# - 185.62.___.___ # extra IP
|
||||
# - 185.62.___.___ # extra IP
|
|
@ -23,12 +23,11 @@ smtp_relay_password: !vault |
|
|||
35633337396139646630663734386336613036306532326363386364376462363336
|
||||
smtp_relay_auth_method: cram-md5
|
||||
ip_whitelist:
|
||||
# Jeroen Telenet
|
||||
- 81.83.244.93
|
||||
# Jeroen Telenet
|
||||
- 83.217.157.124
|
||||
# Jeroen Telenet
|
||||
- 2a02:1810:1514:6800::/60
|
||||
# DeoVero - Jeroen Telenet UDM
|
||||
- 81.83.246.2
|
||||
- 2a02:1810:1507:dd00::/60
|
||||
# DeoVero - Jeroen Telenet Synology
|
||||
- 83.83.245.115
|
||||
# Jeroen LAN
|
||||
- 192.168.0.0/23
|
||||
# jump.snel.com
|
||||
|
|
Loading…
Reference in New Issue