From 645e9169d05f4ccafbe99206e1ce5e88976cd979 Mon Sep 17 00:00:00 2001 From: m0e Date: Thu, 30 Oct 2025 16:32:28 +0100 Subject: [PATCH] Edited README.md --- README.md | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 92 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5a5f144..5fb9311 100644 --- a/README.md +++ b/README.md @@ -1 +1,92 @@ -# datatroniq_challenge +# datatroniq Challenge + +## Description + +This repository contains various ansible roles to install a single-node k3s for wordpress with ingress-nginx, kube-prom-stack and cert-manager. +You are able to execute single steps by specifing tags. + +## How to use + +***Requirements*** + +- ansible and sed needs to be installed locally +- root server access via key authentication + +⚠️ full-install.yaml playbook can only run once cause for inital configuration root access is required which is locked down after ssh_hardening! → Open a ssh session before executing + +***Steps*** + +- Clone this repository + +`git clone ssh://$REPO` + +- Change to cloned directory and create root.key with the root private key + +``` +cd datatroniq-challenge +cat < root.key +-----BEGIN OPENSSH PRIVATE KEY----- +... +-----END OPENSSH PRIVATE KEY----- +EOF +``` + +- Set your server IP in ansible/inventory/dev.yaml + +``` +export IP=$SERVERIP +sed -i "s/0.0.0.0/$IP/" ansible/inventory/dev.yaml +``` + +- Adjust your desired admin username in ansible/ansible.cfg and ansible/roles/user_add/vars/main.yml + +``` +export USER=$USERNAME +export NAME=$FULLNAME +sed -i "s/admin_dev/$USER/" ansible/ansible.cfg +sed -i "s/admin_dev/$USER/" ansible/roles/user_add/vars/main.yml +sed -i "s/FULLNAME/$NAME/" ansible/roles/user_add/vars/main.yml +``` + +- Copy your personal public key in ansible/roles/user_add/files/key.pub + +``` +cp ~/.ssh/id_rsa.pub ansible/roles/user_add/files/key.pub + +``` + +- Run `cd ansible && ansible-playbook full-install.yaml` + +..wait for a sec and grab a ☕ + +💥 Profit! + +Following ingresses are created: + +[https://wordpress.moritz.agitronic.net](https://wordpress.moritz.agitronic.net) + +[https://grafana.moritz.agitronic.net](https://grafana.moritz.agitronic.net) (Credentials in roles/k8s-kube-prom-stack/files/values.yaml:grafana.admin(User|Password) + +[https://alertmanager.moritz.agitronic.net](https://alertmanager.moritz.agitronic.net) (secured with basic auth, same creds as for grafana) + +[https://prometheus.moritz.agitronic.net](https://prometheus.moritz.agitronic.net) (secured with basic auth, same creds as for grafana) + +---- +**ToDo** +- sealedSecrets via kube-seal +- cilium CNI +- Loki +- modSecurity configurations +- housekeeping + +***(c)2025 Moritz Kleiber*** + +***Credits:*** + +**helm Charts** + +https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx +https://artifacthub.io/packages/helm/cert-manager/cert-manager +https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack +https://artifacthub.io/packages/helm/bitnami/wordpress +