Verified Commit 6d38137c authored by Hugo's avatar Hugo
Browse files

debian 11

parent 1b1c36f2
......@@ -8,4 +8,5 @@ kubeconfig
*.log
.env
log
cluster.*.json
\ No newline at end of file
cluster.*.json
kubeconfig.*.yaml
\ No newline at end of file
......@@ -68,14 +68,105 @@ nodes:
w2:
type: vm
role: worker
serverType: cpx31
serverType: ccx12
privateIp: 10.0.1.131
ingress: false
volumes: {}
w3:
type: vm
role: worker
serverType: cpx31
serverType: ccx12
privateIp: 10.0.1.132
ingress: false
volumes: {}
w4:
type: vm
role: worker
serverType: ccx12
privateIp: 10.0.1.134
ingress: false
volumes: {}
w5:
type: vm
role: worker
serverType: cpx31
privateIp: 10.0.1.135
ingress: false
volumes: {}
w6:
type: vm
role: worker
serverType: cpx31
privateIp: 10.0.1.136
ingress: false
volumes: {}
w7:
type: vm
role: worker
serverType: cpx31
privateIp: 10.0.1.137
ingress: false
volumes: {}
w8:
type: vm
role: worker
serverType: cpx31
privateIp: 10.0.1.138
ingress: false
volumes: {}
w9:
type: vm
role: worker
serverType: cpx31
privateIp: 10.0.1.139
ingress: false
volumes: {}
w10:
type: vm
role: worker
serverType: cpx31
privateIp: 10.0.1.140
ingress: false
volumes: {}
w11:
type: vm
role: worker
serverType: cpx31
privateIp: 10.0.1.141
ingress: false
volumes: {}
w12:
type: vm
role: worker
serverType: cpx31
privateIp: 10.0.1.142
ingress: false
volumes: {}
w13:
type: vm
role: worker
serverType: cpx31
privateIp: 10.0.1.143
ingress: false
volumes: {}
w14:
type: vm
role: worker
serverType: cpx31
privateIp: 10.0.1.144
ingress: false
volumes: {}
w15:
type: vm
role: worker
serverType: cpx31
privateIp: 10.0.1.145
ingress: false
volumes: {}
w16:
type: vm
role: worker
serverType: cpx31
privateIp: 10.0.1.146
ingress: false
volumes: {}
deb http://deb.debian.org/debian bullseye main contrib non-free
# deb-src http://deb.debian.org/debian bullseye main contrib non-free
deb http://deb.debian.org/debian bullseye-updates main contrib non-free
# deb-src http://deb.debian.org/debian bullseye-updates main contrib non-free
# deb http://deb.debian.org/debian bullseye-backports main contrib non-free
# deb-src http://deb.debian.org/debian bullseye-backports main contrib non-free
deb http://security.debian.org/ bullseye-security main contrib non-free
# deb-src http://security.debian.org/ bullseye-security main contrib non-free
deb http://mirror.hetzner.de/debian/packages bullseye main contrib non-free
deb http://mirror.hetzner.de/debian/packages bullseye-updates main contrib non-free
deb http://mirror.hetzner.de/debian/packages bullseye-backports main contrib non-free
deb http://mirror.hetzner.de/debian/security bullseye-security main contrib non-free
......@@ -2,6 +2,7 @@
hosts: localhost
tasks:
- import_tasks: "tasks/provision.yaml"
- import_tasks: "tasks/register-inventory.yaml"
- name: setup infrastructure
hosts: all
......@@ -28,24 +29,3 @@
tasks:
- import_tasks: "tasks/deploy.yaml"
- import_tasks: "tasks/addons.yaml"
- name: fix worklet
hosts: worker
remote_user: root
any_errors_fatal: true
handlers:
- name: restart k0sworker
ansible.builtin.systemd:
state: restarted
daemon_reload: yes
name: k0sworker
tasks:
- import_tasks: "tasks/load-cluster.yaml"
- name: set worklet ip
lineinfile:
dest: /etc/systemd/system/k0sworker.service
regexp: "^ExecStart=/usr/local/bin/k0s worker"
line: 'ExecStart=/usr/local/bin/k0s worker --token-file=/etc/k0s/k0stoken --kubelet-extra-args="--node-ip={{node.privateIp}} --address=0.0.0.0"'
state: present
notify:
- restart k0sworker
- name: set konnectivity tolerations
kubernetes.core.k8s:
kubeconfig: kubeconfig
kubeconfig: "{{ kubeconfig }}"
state: present
namespace: kube-system
definition:
......@@ -19,7 +19,7 @@
- name: set node labels
kubernetes.core.k8s:
kubeconfig: kubeconfig
kubeconfig: "{{ kubeconfig }}"
state: present
definition:
apiVersion: v1
......@@ -37,7 +37,7 @@
- name: set node ingress taint
kubernetes.core.k8s:
kubeconfig: kubeconfig
kubeconfig: "{{ kubeconfig }}"
state: present
definition:
apiVersion: v1
......@@ -78,7 +78,7 @@
- name: deploy cert-manager
kubernetes.core.helm:
kubeconfig: kubeconfig
kubeconfig: "{{ kubeconfig }}"
update_repo_cache: yes
create_namespace: yes
name: cert-manager
......@@ -90,7 +90,7 @@
- name: deploy ingress-nginx
kubernetes.core.helm:
kubeconfig: kubeconfig
kubeconfig: "{{ kubeconfig }}"
update_repo_cache: yes
create_namespace: yes
name: ingress-nginx
......@@ -119,7 +119,7 @@
- name: deploy prometheus-stack
kubernetes.core.helm:
kubeconfig: kubeconfig
kubeconfig: "{{ kubeconfig }}"
update_repo_cache: yes
create_namespace: yes
name: prometheus-stack
......@@ -140,7 +140,7 @@
- name: deploy openebs-lvmlocalpv
kubernetes.core.helm:
kubeconfig: kubeconfig
kubeconfig: "{{ kubeconfig }}"
update_repo_cache: yes
name: openebs-lvmlocalpv
chart_ref: openebs-lvmlocalpv/lvm-localpv
......@@ -152,12 +152,12 @@
- name: deploy persistent volumes
kubernetes.core.k8s:
kubeconfig: kubeconfig
kubeconfig: "{{ kubeconfig }}"
state: present
template: "pvs.yaml.j2"
- name: deploy storage classes
kubernetes.core.k8s:
kubeconfig: kubeconfig
kubeconfig: "{{ kubeconfig }}"
state: present
src: "files/scs.yaml"
......@@ -8,12 +8,15 @@
shell: k0sctl apply --disable-telemetry
when: k0sctlConfig.changed
- set_fact:
kubeconfig: "kubeconfig.{{ lookup('env', 'ENV') }}.yaml"
- name: fetch kubeconfig
shell: k0sctl kubeconfig --disable-telemetry > kubeconfig
shell: "k0sctl kubeconfig --disable-telemetry > {{ kubeconfig }}"
when: k0sctlConfig.changed
- name: replace ip in kubeconfig
ansible.builtin.replace:
path: kubeconfig
path: "{{ kubeconfig }}"
regexp: "{{cluster.api.privateIp | regex_escape()}}"
replace: "{{cluster.api.publicIp}}"
......@@ -7,19 +7,4 @@
hcloud_token: "{{ lookup('env', 'HCLOUD_TOKEN') }}"
register: tf
- name: register cluster config
set_fact:
cluster: "{{ tf.outputs.cluster.value }}"
- copy: content="{{ cluster }}" dest="cluster.{{ lookup('env', 'ENV') }}.json"
- name: register hosts
add_host:
name: "{{ item.value.publicIp }}"
groups: "{{ item.value.role }}"
node: "{{ item.value }}"
node_pvs: '{{ item.value.volumes | dict2items | map(attribute="value") | selectattr("vg", "true") | map(attribute="device") }}'
node_disks: '{{ item.value.volumes | dict2items | map(attribute="value") | selectattr("vg", "false") | map(attribute="device") }}'
loop: "{{ cluster.nodes | dict2items }}"
loop_control:
label: "{{ item.key }}"
- copy: content="{{ tf.outputs.cluster.value }}" dest="cluster.{{ lookup('env', 'ENV') }}.json"
- import_tasks: load-cluster.yaml
- name: register hosts
add_host:
name: "{{ item.value.publicIp }}"
groups: "{{ item.value.role }}"
node: "{{ item.value }}"
node_pvs: '{{ item.value.volumes | dict2items | map(attribute="value") | selectattr("vg", "true") | map(attribute="device") }}'
node_disks: '{{ item.value.volumes | dict2items | map(attribute="value") | selectattr("vg", "false") | map(attribute="device") }}'
loop: "{{ cluster.nodes | dict2items }}"
loop_control:
label: "{{ item.key }}"
- name: update apt registry
ansible.posix.synchronize:
src: files/apt/
dest: /etc/apt
- name: update packages
ansible.builtin.apt:
update_cache: yes
upgrade: dist
notify: reboot
upgrade: safe
......@@ -19,21 +19,22 @@ provider "registry.terraform.io/hashicorp/template" {
}
provider "registry.terraform.io/hetznercloud/hcloud" {
version = "1.27.2"
version = "1.30.0"
hashes = [
"h1:vIrSTDNmnHO/YHfqGWk20RU4C6Q9QpDYmffnEz+1jnk=",
"zh:0294686d56f01d562a9ab654e7a6b2c29fdbad37e4fcdb8f8a220bfccf193de7",
"zh:0a159d762616e94fac9dbe7d90c1b6892aa3ca494f48100e7b5c7dbd891cd5ee",
"zh:106bdbec2288dc7e0ba8c69bb8d1d8b73deb70bc6247027132079086ea4dc613",
"zh:26b6217c52158172a5cfb377c8a51c1a53589a53e1f7118e9ce407ab772fd751",
"zh:404610c460ad942b64df4162ae97ac8f04679e4e1385905e253e357cdc2179fa",
"zh:729ae99602b8cfbde655d9456886c42eb7d8c99d09edc9987cb80176b3056a05",
"zh:7f9851952f1e43707e6b9393551a609eee32d58238d4cea876301441354f4077",
"zh:8e0debc2b24ab6d8f8517a4a91759894555458df92b7cd213e582b6d32a6b8a9",
"zh:8ff3bc4e8cd2154d76d14af6b97f029f6ccdbdc9cd37b254bade61e8ae59d87d",
"zh:9fe93ff81ecca5aec5260c14688d4ee81aab89cb471f10057398562b0294de26",
"zh:b844d04e422c12f2f421e7904db8d57b2be80c1a77f8cfca1e793e5d4a67b7c3",
"zh:c45e8d7def6a52353e52b6b0baafcda0ad012344563d34706216f490ecabb0a7",
"zh:e121ffee1f491dc1be901075b94e01e45611eec368b43a35c25b00a17d319315",
"h1:UOiUjzQsB5c1YbYwQepx0q69s3JUCk9nBgZM7L1uPGg=",
"zh:02471480d607007cc31a0e787deae1715ba63cdd7ca84b71e3e68fc80f728c61",
"zh:190c41ba6d2c67f514b54be0f9b3c5c4ee66d03bf96c4682e19f0ff72f72f231",
"zh:3e6146fe3c33cc16f533faebdaf2714afc0a9bb2d86407f49d5891e7463bf4e3",
"zh:4203a55ca7892a6547a791aea5371f0c9e2893614c7310d3638227dc84bcee2e",
"zh:4727f6e75ba9f4056980077e0dc5a0c6c2556786562ce497b17132ea376d3a00",
"zh:7b78955e60859cec251a3de3a20ac925b7355486586de64e512ab108bded94c0",
"zh:7da6f473d9010335da6f0ac041b581faf9a2745a39e05d529f729d7e6b520abb",
"zh:8cdc6cee9038807bc8860297ee55f4c342a3de7b9bae9ac6b6b43e347087e024",
"zh:8fcdf4eccbaa4e4138f0ed0cc3de2384975bcc4e320b635569cfac91319815ef",
"zh:932ec403afbcc85e9a7de40c145a150d355e9052102a0b3a1d69cdcd11996604",
"zh:9b80be65005c11db8b5ec77f016bb903e41a13652ce0affadb3be618627aa52d",
"zh:9f2b9f217cdb82c3400b5481113d68f1e9ef589be827ffb1f5feb7482a09fa47",
"zh:a9d69dcaa92597c5884a0a370ac1ff6853bf5dc3c54a7468ea4db2491b7bb8cc",
"zh:afaef5095b17939457369de34a3d77ded2cc18b5d09da2416cde3688b3a66c02",
]
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment