onedr0p / k3s-homeops-ansible Goto Github PK
View Code? Open in Web Editor NEWBootstrap a k3s cluster on top of Ubuntu 20.04
k3s-homeops-ansible's Issues
Install rook-ceph pre-reqs
https://rook.io/docs/rook/v1.2/k8s-pre-reqs.html
tl;dr
sudo apt-get install -y lvm2
and yoink this from my repo
https://github.com/onedr0p/k3s-gitops/blob/master/ansible/roles/system/tasks/main.yml#L6
Implement E2E Testing with GitHub Actions
https://github.com/hashicorp/terraform-github-actions
Explore secret management in GitHub.
Pass k3s flags as a Ansible variable when installing k3s master or nodes
Might make configuring more dynamic to allow a variable to pass any k3s install flags to
https://rancher.com/docs/k3s/latest/en/installation/install-options/
Minor consideration would be to check if docker flag is included and then install docker.
Output Vault root token & unseal token to repo root
Needed to update vault in other stages.
Add to gitignore too.
Allow option for over-writing kube config
toggle with variable, default to no
Add ansible tasks to taskfile
Add Kubeval to CI lint
Explore Prow for PR approvals
Implement longhorn role
Docker should be optional since k3s could install and use containerd
Move download/tasks into k3s role
Calico currently enabled, flannel should be configurable to use instead
Related to BGP mode.
Do not send poweroff on power button press
edit /etc/systemd/logind.conf
change #HandlePowerKey=poweroff to HandlePowerKey=ignore
this will prevent misclicks with the power button on my NUCs, you can still force poweroff by holding the button
Add taint to storage nodes for rook-ceph
Would be nice to taint the servers running rook-ceph and apply tolerations to the rook-ceph deployments. This way standard workloads can only be ran on the worker nodes without any affinity rules.
Convert Calico BGP file to inline with EOF
Getting errors because it references a local path that is no longer local.
failed: [k3s-0 -> localhost] (item=kubectl apply -f /home/ryan/src/k3s-bootstrap/devops/kube-system/calico/calico.yaml) => {"ansible_loop_var": "item", "attempts": 6, "changed": false, "cmd": ["kubectl", "apply", "-f", "/home/ryan/src/k3s-bootstrap/devops/kube-system/calico/calico.yaml"], "delta": "0:00:00.239140", "end": "2020-02-17 00:55:58.162550", "item": "kubectl apply -f /home/ryan/src/k3s-bootstrap/devops/kube-system/calico/calico.yaml", "msg": "non-zero return code", "rc": 1, "start": "2020-02-17 00:55:57.923410", "stderr": "Unable to connect to the server: x509: certificate signed by unknown authority", "stderr_lines": ["Unable to connect to the server: x509: certificate signed by unknown authority"], "stdout": "", "stdout_lines": []}
Add a preflight playbook
Ensure tools are installed locally
- helm
- kubectl
- fluxctl
- calicoctl
- vault
...
Prompt to copy sample files if not exists
- hosts
- main variables
- encrypted vault variables
- unencrypted vault variables
...
- Validate that a key file is created or offer to generate for Ansible Vault
...
- Warn that the option to encrypt the encrypted variables should be set to true as part as playbook
...
- Validate that pre-commit includes option to check for Ansible-Vault being encrypted
- Validate that .gitattributes includes filter for git-crypt and the vault.key file
add-repo-key script should have username configurable
Remove more packages
apt-get --purge -qqy remove apport bcache-tools btrfs-progs byobu cloud-guest-utils cloud-initramfs-copymods cloud-initramfs-dyn-netconf friendly-recovery fwupd landscape-common lxd-agent-loader ntfs-3g open-vm-tools plymouth plymouth-theme-ubuntu-text popularity-contest snapd sosreport tmux ubuntu-advantage-tools ufw```
Create all.yml.sample and gitignore current all.yml
Makes it so having settings specific to our envs for testing, but requires us to update the sample when new vars are added or removed.
Add kubeconfig to .gitignore
Add description of project to README
- What is the goal of this project?
- What components are defaulted?
- What dependencies are needed to get started?
k3s on VMware vSphere
FYI I started to work on the k3s on vSphere. I have the infra deployment kinda done using terraform.
I think would be good to join forces here.
Create vagrant task to remove old block devices
Running into errors where vagrant thinks the block device exists
VBoxManage: error: Failed to create medium
VBoxManage: error: Could not create the medium storage unit '/Users/devin/Code/k3s-cluster-ansible/k8s-node-10-block.vdi'.
VBoxManage: error: VDI: cannot create image '/Users/devin/Code/k3s-cluster-ansible/k8s-node-10-block.vdi' (VERR_ALREADY_EXISTS)
VBoxManage: error: Details: code VBOX_E_FILE_ERROR (0x80bb0004), component MediumWrap, interface IMedium
VBoxManage: error: Context: "RTEXITCODE handleCreateMedium(HandlerArg *)" at line 510 of file VBoxManageDisk.cpp
hashicorp/vagrant#8107 (comment)
Maybe we should add this in a task to run if shit gets fubared?
Vault Values will not work
They assume local access to the .txt files.
Document global Ansible variables and their values
RFC: Switch to Debian
Ansible with Vagrant currently failing on this step
TASK [k3s/master : Restore node-token file access] *****************************
changed: [192.168.88.200]
ERROR! Attempting to decrypt but no vault secrets found
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.Explore “Kuby” for environment variable substitution
Implement pre-commit
Local Path Provisioner for k3s should be configurable
Explore adding local user variable
Default to {{ ansible_user }} and update any local copy jobs to use that user instead.
Use case is for build processes where the remote user is different from the local user.
Implement linting workflows in CI
Vault Configuration should wait for Consul
I believe it's initializing before consul is ready
Document supported CNI
Probably only want to stay with calico and flannel for now.
Swap out hardcoded server names with variables in taints
Currently set to r610... etc
Project: Simplify Project
- Keep a reduced number of options in our config.yaml
- Remove Docker install and stay with containerd, maybe use https://github.com/GoogleContainerTools/kaniko for building images if people want Drone CI or something.
Add install homebrew deps to taskfile
Something like ... task macos:deps
Prep Disks for Ceph
Ceph isn't always picking up block devices at initial provision. Need to add detection for state of block device with option to clean.
Implement linting
- ansible
- yaml
- shellcheck
Explore Ansible Lint
Document supported CRI
Docker and containerd
Let timezone be configurable
Right now it is hardcoded in the ansible scripts.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.