Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provision cluster and bootstrap flux #6

Closed
wants to merge 30 commits into from
Closed

Provision cluster and bootstrap flux #6

wants to merge 30 commits into from

Conversation

rossf7
Copy link
Contributor

@rossf7 rossf7 commented Nov 7, 2023
edited
Loading

This is provisions the Equinix infra using OpenTofu and K3s and bootstraps Flux.

These secrets need to be added to the repo.

  • AWS_ACCESS_KEY_ID for S3 bucket to store state
  • AWS_SECRET_ACCESS_KEY
  • EQUINIX_AUTH_TOKEN the Equinix project API key
  • EQUINIX_PROJECT_ID the Equinix project ID
  • FLUX_GITHUB_TOKEN the GitHub token used to bootstrap Flux
  • K3S_TOKEN the K3s token for joining nodes
  • SSH_PUBLIC_KEY added as an Equinix project SSH key
  • SSH_PRIVATE_KEY needed so tofu can access nodes

Issue

@rossf7 rossf7 mentioned this pull request Nov 7, 2023
Closed
@leonardpahlke leonardpahlke mentioned this pull request Nov 16, 2023
Merged
@leonardpahlke
Copy link
Member

leonardpahlke commented Nov 16, 2023
edited
Loading

@nikimanoledaki has now access to add repo secrets

This was referenced Nov 22, 2023
Closed
Closed
@rossf7 rossf7 force-pushed the wip-opentofu-spike branch from 5a04d38 to 39e86f2 Compare November 28, 2023 14:08
@rossf7 rossf7 changed the title WIP: Provision cluster with OpenTofu WIP: Provision cluster with OpenTofu and K3s Nov 28, 2023
@rossf7 rossf7 marked this pull request as draft November 28, 2023 19:44
@nikimanoledaki nikimanoledaki mentioned this pull request Dec 6, 2023
Closed
@nikimanoledaki
Copy link
Contributor

nikimanoledaki commented Dec 14, 2023
edited
Loading

I'm going to pre-empt a review comment already - could you enable GPG so that signed commits are verified and then rebase, please? Thank you!

@dipankardas011
Copy link
Contributor

I am using gpg keys but not sure why its not giving a verified tag in every commit?

@rossf7 rossf7 marked this pull request as ready for review December 14, 2023 13:46
@rossf7 rossf7 marked this pull request as draft December 14, 2023 13:46
@rossf7
Copy link
Contributor Author

rossf7 commented Dec 14, 2023

I am using gpg keys but not sure why its not giving a verified tag in every commit?

I'm also using gpg keys so not sure either. This is still blocked on the S3 bucket but we're getting closer.

Once access is sorted will rebase or even create a new branch and cherry pick to have cleaner history.

@nikimanoledaki
Copy link
Contributor

Yes, nearly there! 🤞 Ross, cp sounds good 👍
Could it be a mismatch with the email address used to sign the commit vs the one used for the gpg key? 🤔

@rossf7 rossf7 changed the title WIP: Provision cluster with OpenTofu and K3s Provision cluster and bootstrap flux Dec 20, 2023
@rossf7 rossf7 marked this pull request as ready for review December 20, 2023 11:44
@rossf7 rossf7 force-pushed the wip-opentofu-spike branch from c770503 to e632666 Compare December 20, 2023 11:48
rossf7 and others added 9 commits December 20, 2023 13:07
@rossf7
Provision cluster with OpenTofu
f631183 
Signed-off-by: Ross Fairbanks <[email protected]>
@rossf7
feat: Remove ansible and add worker node
1327b86 
Signed-off-by: Ross Fairbanks <[email protected]>
@dipankardas011 @rossf7
Wip opentofu spike k3s (#3)
03f35ff 
Signed-off-by: Ross Fairbanks <[email protected]>
Signed-off-by: Dipankar Das <[email protected]>

* Provision cluster with OpenTofu

Signed-off-by: Ross Fairbanks <[email protected]>

* feat: Remove ansible and add worker node

Signed-off-by: Ross Fairbanks <[email protected]>

* fix: Add -enable to tofu init

Signed-off-by: Ross Fairbanks <[email protected]>

* fix: User data

* first iteration adding k3s for k8s clusters bootstrap

todo: need to test the script

Signed-off-by: Dipankar Das <[email protected]>

* comment to point out where is the kubeconfig

Signed-off-by: Dipankar Das <[email protected]>

* added var for k3s.version

Signed-off-by: Dipankar Das <[email protected]>

* removed deps for k3s agent token to use terraform/random

NOTE: value will be added via env vars

Signed-off-by: Dipankar Das <[email protected]>

---------

Signed-off-by: Ross Fairbanks <[email protected]>
Signed-off-by: Dipankar Das <[email protected]>
Co-authored-by: Ross Fairbanks <[email protected]>
Signed-off-by: Ross Fairbanks <[email protected]>
@dipankardas011 @rossf7
added workflow check whether k3s service is up
12ec03a 
workerplane vm depend on controlplane vm's k3s.service to be running

Signed-off-by: Dipankar Das <[email protected]>
@rossf7
Rename github action
b200d83 
Signed-off-by: Ross Fairbanks <[email protected]>
@dipankardas011 @rossf7
Added cilium script
91a7b53 
used cilium cli

Signed-off-by: Dipankar Das <[email protected]>
@dipankardas011 @rossf7
fix: added $$ as excape sequence for env vars
f1e5ff5 
Co-authored-by: Ross Fairbanks <[email protected]>
Signed-off-by: Dipankar Das <[email protected]>
@rossf7
Use var for cilium version
f92ece7 
Signed-off-by: Ross Fairbanks <[email protected]>
@rossf7
Add flux bootstrap step
773d51f 
Signed-off-by: Ross Fairbanks <[email protected]>
@rossf7 rossf7 force-pushed the wip-opentofu-spike branch from e632666 to 773d51f Compare December 20, 2023 12:08
@rossf7
Copy link
Contributor Author

rossf7 commented Dec 20, 2023

@nikimanoledaki @dipankardas011 I've rebased and edited all commits so they are signed.

dipankardas011
dipankardas011 approved these changes Dec 20, 2023
View reviewed changes
Copy link
Contributor

@dipankardas011 dipankardas011 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice ready for merge 👍🏼

dipankardas011 and others added 3 commits January 9, 2024 12:15
@dipankardas011 @rossf7 @nikimanoledaki
added flux based helm install of kepler
30a91d0 
Signed-off-by: Dipankar Das <[email protected]>

now kepler serviceMonitor is visible to promtheus

Signed-off-by: Dipankar Das <[email protected]>

removed the kube-prometheus fluxcd manifest refer pr cncf-tags#12

Signed-off-by: Dipankar Das <[email protected]>

refactored the comments in the manifest

Signed-off-by: Dipankar Das <[email protected]>
Co-authored-by: Ross Fairbanks <[email protected]>
Co-authored-by: Niki Manoledaki <[email protected]>
@rossf7
Remove tf lock file
75daea4 
Signed-off-by: Ross Fairbanks <[email protected]>
@rossf7
Improve tofu logic and upgrade versions
b593db3 
Signed-off-by: Ross Fairbanks <[email protected]>
@rossf7
Copy link
Contributor Author

rossf7 commented Jan 9, 2024

I made some "final final" changes and renamed some of the vars. The PR description is updated with the new secret names.

Just needs the S3 bucket and then the secrets can be added and this can be merged.

FYI @nikimanoledaki @dipankardas011

@rossf7
Fix flux branch and use tofu var
b0777de 
Signed-off-by: Ross Fairbanks <[email protected]>
@nikimanoledaki nikimanoledaki mentioned this pull request Jan 10, 2024
Closed
7 tasks
nikimanoledaki and others added 17 commits January 19, 2024 12:45
@nikimanoledaki @rossf7
Delete extra flux init
c3621ef 
Signed-off-by: nikimanoledaki <[email protected]>
@dipankardas011 @rossf7
added initial setup
021938b 
Signed-off-by: Dipankar Das <[email protected]>
@dipankardas011 @rossf7
updated the kepler grafana dashboard
1e7f1b1 
used this https://raw.githubusercontent.com/sustainable-computing-io/kepler/main/grafana-dashboards/Kepler-Exporter.json

Signed-off-by: Dipankar Das <[email protected]>
@dipankardas011 @rossf7
refactoring and specifying namespace for kepler grafana dashboard
9a9b1e8 
Signed-off-by: Dipankar Das <[email protected]>
@AntonioDiTuri @rossf7
trying to solve the signed commit problem
3f60d02 
Signed-off-by: Antonio Di Turi <[email protected]>
@rossf7
Kepler docs edits
593039b 
Signed-off-by: Ross Fairbanks <[email protected]>
@rossf7
Use kube-prometheus-stack chart
1ba9248 
Signed-off-by: Ross Fairbanks <[email protected]>
@rossf7
Switch branch for testing
68637ce 
Signed-off-by: Ross Fairbanks <[email protected]>
@rossf7
Add dependsOn and create namespace settings
75ffcb4 
Signed-off-by: Ross Fairbanks <[email protected]>
@rossf7
Fix naming
1b1c1e0 
Signed-off-by: Ross Fairbanks <[email protected]>
@rossf7
Revert wip branch
ebd5dd5 
Signed-off-by: Ross Fairbanks <[email protected]>
@rossf7
Switch branch back
0018306 
Signed-off-by: Ross Fairbanks <[email protected]>
@nikimanoledaki @rossf7
Revert branch watched by Flux to 'main'
0d95bb0 
Signed-off-by: nikimanoledaki <[email protected]>
@nikimanoledaki @rossf7
Create falco namespace
e853f7f 
Signed-off-by: nikimanoledaki <[email protected]>
@nikimanoledaki @rossf7
Move kepler and prometheus to clusters/base
b0456a5 
Signed-off-by: nikimanoledaki <[email protected]>
@nikimanoledaki @rossf7
Rename apps to projects
6456f56 
Signed-off-by: nikimanoledaki <[email protected]>
@rossf7
Add path filter to action
00d81d6 
Signed-off-by: Ross Fairbanks <[email protected]>
@rossf7
Copy link
Contributor Author

rossf7 commented Jan 19, 2024

Going to create a fresh branch and cp to clean the history a bit. Please ignore for now. 🙏

@rossf7
Copy link
Contributor Author

rossf7 commented Jan 19, 2024

Closing in favor of #28

@rossf7 rossf7 closed this Jan 19, 2024
@rossf7 rossf7 deleted the wip-opentofu-spike branch January 19, 2024 12:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dipankardas011 dipankardas011 dipankardas011 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Action] Bootstrap Kubernetes cluster with IaC tooling
6 participants
@rossf7 @leonardpahlke @nikimanoledaki @dipankardas011 @guidemetothemoon @AntonioDiTuri