Update readme to emphasize the focus on the base web infrastructure
I plan to move over more base tasks to this repository, like maintaining the keys for Backblaze. Therefore I adjusted the readme accordingly. Furthermore I fixed the spelling on sever places.
This commit is contained in:
51
README.adoc
51
README.adoc
@@ -1,11 +1,16 @@
|
|||||||
= Hetzer Infra
|
= Web Infra
|
||||||
:icons: font
|
:icons: font
|
||||||
|
|
||||||
This repository is meant to setup my kubernetes-cluster on Hetzner Cloud.
|
This project is meant to setup my base infrastructure for the web.
|
||||||
The setup is split into 2 dedicated parts:
|
In particular it will perform the following tasks:
|
||||||
|
|
||||||
. Create necessary machines in Hetzner Cloud via terraform.
|
* Setup Kubernetes cluster on Hetzner Cloud
|
||||||
. Install/Upgrade kubernetes-cluster and other software via ansible.
|
* Maintain keys for Backblaze (b2)
|
||||||
|
|
||||||
|
To achieve the goal of having a working base infrastructure for the web the setup is split into 2 dedicated steps:
|
||||||
|
|
||||||
|
. Create static assets like machines for Kubernetes and access-keys via Terraform
|
||||||
|
. Install/Upgrade Kubernetes-cluster and other software via Ansible.
|
||||||
|
|
||||||
== TL;DR
|
== TL;DR
|
||||||
|
|
||||||
@@ -27,12 +32,12 @@ ansible-playbook site.yml
|
|||||||
|
|
||||||
The project is split into different steps, each responsible for another task.
|
The project is split into different steps, each responsible for another task.
|
||||||
|
|
||||||
=== terraform
|
=== Terraform
|
||||||
I use terraform to provide the required infrastructure to run a kubernetes-cluster.
|
I use Terraform to provide the required infrastructure to run a Kubernetes-cluster.
|
||||||
|
|
||||||
[WARNING]
|
[WARNING]
|
||||||
Make sure `config.auto.tfvars` with all the needed configuration-secrets is present otherwise the module cannot be applied!
|
Make sure `config.auto.tfvars` with all the needed configuration-secrets is present otherwise the module cannot be applied!
|
||||||
The file is savely stored in the password-manager.
|
The file is safely stored in the password-manager.
|
||||||
|
|
||||||
[source,bash]
|
[source,bash]
|
||||||
----
|
----
|
||||||
@@ -40,17 +45,17 @@ terraform init # <1>
|
|||||||
terraform apply # <2>
|
terraform apply # <2>
|
||||||
----
|
----
|
||||||
|
|
||||||
<1> Init the terraform modules if necessary
|
<1> Initialize the Terraform modules if necessary
|
||||||
<2> Setup infrastructure and create/update inventory.ini
|
<2> Setup infrastructure and create/update inventory.ini
|
||||||
|
|
||||||
[WARNING]
|
[WARNING]
|
||||||
The setup will take longer than just the `terraform apply`, since terraform returns as soon as the machine is provided.
|
The setup will take longer than just the `terraform apply`, since Terraform returns as soon as the machine is provided.
|
||||||
Though it hasn't been started the machines, yet.
|
Though it hasn't been started the machines, yet.
|
||||||
As a rule of thumb wait ca. 5 minutes after the apply to do other work.
|
As a rule of thumb wait ca. 5 minutes after the apply to do other work.
|
||||||
|
|
||||||
=== ansible
|
=== Ansible
|
||||||
|
|
||||||
Use ansible to setup a k3s installation and provide a set of foundational services in the cluster.
|
Use Ansible to setup a k3s installation and provide a set of foundational services in the cluster.
|
||||||
The provided services are:
|
The provided services are:
|
||||||
|
|
||||||
https://cert-manager.io/docs/installation/helm[cert-manager]::
|
https://cert-manager.io/docs/installation/helm[cert-manager]::
|
||||||
@@ -78,7 +83,7 @@ A secure and reliable tool to share password.
|
|||||||
TODO: Not setup yet!
|
TODO: Not setup yet!
|
||||||
|
|
||||||
[NOTE]
|
[NOTE]
|
||||||
The k3s-setup requires a `inventory.ini` which is automatically created by terraform.
|
The k3s-setup requires a `inventory.ini` which is automatically created by Terraform.
|
||||||
So, make sure to apply the infra at least once, before running these playbooks.
|
So, make sure to apply the infra at least once, before running these playbooks.
|
||||||
|
|
||||||
[source,bash]
|
[source,bash]
|
||||||
@@ -87,7 +92,7 @@ ansible-galaxy install -r requirements.yml # <1>
|
|||||||
ansible-playbook site.yml # <2>
|
ansible-playbook site.yml # <2>
|
||||||
----
|
----
|
||||||
|
|
||||||
<1> Install required ansible collections to create a k3s-cluster (can be omitted in subsequent runs)
|
<1> Install required Ansible collections to create a k3s-cluster (can be omitted in subsequent runs)
|
||||||
<2> Install k3s and download kube-config to .kube/config
|
<2> Install k3s and download kube-config to .kube/config
|
||||||
|
|
||||||
[IMPORTANT]
|
[IMPORTANT]
|
||||||
@@ -130,26 +135,26 @@ Instead proceed as the following:
|
|||||||
. Open k9s and go to `:nodes`
|
. Open k9s and go to `:nodes`
|
||||||
. Select the highest agent and press `r` to drain it
|
. Select the highest agent and press `r` to drain it
|
||||||
. Afterward that succeeded delete it with `Ctrl-d`
|
. Afterward that succeeded delete it with `Ctrl-d`
|
||||||
. Finally reduce the amount of agents in terraform and apply the change
|
. Finally reduce the amount of agents in Terraform and apply the change
|
||||||
--
|
--
|
||||||
|
|
||||||
== Responsibilities
|
== Responsibilities
|
||||||
|
|
||||||
terraform::
|
Terraform::
|
||||||
* Creation of network for the kubernetes-cluster
|
* Creation of network for the Kubernetes-cluster
|
||||||
** A public subnet exposed to the internet for the kubernetes-servers
|
** A public subnet exposed to the internet for the Kubernetes-servers
|
||||||
** A private subnet for the kubernetes-agents
|
** A private subnet for the Kubernetes-agents
|
||||||
* Routing between the networks
|
* Routing between the networks
|
||||||
* Firewall rules to block everything from the servers except of:
|
* Firewall rules to block everything from the servers except of:
|
||||||
** ping (protocol: `icmp`)
|
** ping (protocol: `icmp`)
|
||||||
** kubernetes api (Usually port `6443`)
|
** Kubernetes API (Usually port `6443`)
|
||||||
** ssh (I prefer to use a non-standard port (usually port `1022`)
|
** ssh (I prefer to use a non-standard port (usually port `1022`)
|
||||||
** public services, e.g. http and https (port `80` and `443`) but also git-ssh (port `22`)
|
** public services, e.g. http and https (port `80` and `443`) but also git-ssh (port `22`)
|
||||||
* Creating the machines for kubernetes-servers in the public subnet
|
* Creating the machines for Kubernetes-servers in the public subnet
|
||||||
* Creating the machines for kubernetes-agents in the private subnet
|
* Creating the machines for Kubernetes-agents in the private subnet
|
||||||
* Creating DNS-records in Hetzer Cloud
|
* Creating DNS-records in Hetzer Cloud
|
||||||
|
|
||||||
ansible::
|
Ansible::
|
||||||
* Setup SSH-connections
|
* Setup SSH-connections
|
||||||
* Setting up routing on all servers
|
* Setting up routing on all servers
|
||||||
* Installing k3s
|
* Installing k3s
|
||||||
|
|||||||
Reference in New Issue
Block a user