IaC #362
IaC #362
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
I think this is ready for initial review. |
infra/README.md
Outdated
| terraform plan --var-file=your.tfvars | ||
| terraform apply --var-file=your.tfvars |
There was a problem hiding this comment.
So we gotta fill out the example.tfvars?
There was a problem hiding this comment.
You need to fill out the values in whatever var file you reference
There was a problem hiding this comment.
Can that be added/explained in the docs?
There was a problem hiding this comment.
Good call, updated step 2
infra/mgr_provision.sh
Outdated
| # Setup secret files (will need to be modified) | ||
| cp meshdb/infra/helm/meshdb/secret.values.yaml ./secret.values.yaml | ||
| cp meshdb/infra/helm/meshdb/values.yaml ./values.yaml | ||
| cp meshdb/infra/tf/example.tfvars ./local.tfvars |
There was a problem hiding this comment.
You might want to call this out in the README as well
There was a problem hiding this comment.
This one doesn't need to exist (the vm already exists)
The other ones are mentioned as ../../../../values.yaml and ../../../../secret.values.yaml
Co-authored-by: Willard Nilges <[email protected]>
Co-authored-by: Willard Nilges <[email protected]>
infra/README.md
Outdated
| terraform plan | ||
| terraform apply | ||
| # update address block in /opt/meshdb_mgmt/meshdb/infra/cluster/metallb_extra.yaml | ||
| kubectl apply -f /opt/meshdb_mgmt/meshdb/infra/cluster/metallb_extra.yaml |
There was a problem hiding this comment.
Some instructions on how to get the kubeconfig might be good.
There was a problem hiding this comment.
scp -i tf/<private key> ubuntu@<control node>:/etc/rancher/k3s/k3s.yaml ./
|
Woah helm is insane. Y'all can run this show, I'll sit this one out |
There was a problem hiding this comment.
LGTM! A couple of optional/nice to have things we might want to consider a bit further down the track:
- Using resource type
StatefulSetinstead ofDeploymentforredisandpostgres - Leaning on ingress-nginx (or another ingress controller) as opposed to a static nginx config
- Having Terraform bootstrap the
k3scluster with ArgoCD and then have it manage rendering and applying charts/manifests
Co-authored-by: Willard Nilges <[email protected]>
|
Getting this when I try to run stage 2 again. What exactly is the stage 2? It looks like it's setting up metallb and such? The stage2 script is running terraform... where exactly? I see a terraform zip on the k3s nodes... that seems a bit cursed. I have no idea if this is the kind of thing we should be doing with terraform. Update: Looks like it wanted my ssh agent. When I start my ssh agent, it seems to be able to SSH, and I get this: Confused as to why the SSH agent is necessary, but that aside, it seems like stage2 is expecting some stuff that isn't present. Could be due to me not having the agent set up when I was originally configuring. UpdateGot logs from a complete from-scratch run (which I think is really the way to do it). I think we gotta wait for the dpkg lock. Experimenting right now... Interesting: Gonna track stuff here: #368 |
Overview
Github secrets to be added
DEV0_KEYDEV0_KNOWN_HOSTSDEV0_SSH_TARGETDEV0_PROJECT_PATHTODO