m0e/datatroniq_challenge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Edited README.md

Browse Source
This commit is contained in:
m0e 2025-10-30 16:32:28 +01:00
parent 9fb2dd77bc
commit 645e9169d0
Signed by: m0e
GPG Key ID: 3CCA6D483D789AEB
1 changed files with 92 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
README.md
View File

@ -1 +1,92 @@
# datatroniq_challenge # datatroniq Challenge
## Description
This repository contains various ansible roles to install a single-node k3s for wordpress with ingress-nginx, kube-prom-stack and cert-manager.
You are able to execute single steps by specifing tags.
## How to use
***Requirements***
- ansible and sed needs to be installed locally
- root server access via key authentication
⚠️ full-install.yaml playbook can only run once cause for inital configuration root access is required which is locked down after ssh_hardening! → Open a ssh session before executing
***Steps***
- Clone this repository
`git clone ssh://$REPO`
- Change to cloned directory and create root.key with the root private key
```
cd datatroniq-challenge
cat <<EOF > root.key
-----BEGIN OPENSSH PRIVATE KEY-----
...
-----END OPENSSH PRIVATE KEY-----
EOF
```
- Set your server IP in ansible/inventory/dev.yaml
```
export IP=$SERVERIP
sed -i "s/0.0.0.0/$IP/" ansible/inventory/dev.yaml
```
- Adjust your desired admin username in ansible/ansible.cfg and ansible/roles/user_add/vars/main.yml
```
export USER=$USERNAME
export NAME=$FULLNAME
sed -i "s/admin_dev/$USER/" ansible/ansible.cfg
sed -i "s/admin_dev/$USER/" ansible/roles/user_add/vars/main.yml
sed -i "s/FULLNAME/$NAME/" ansible/roles/user_add/vars/main.yml
```
- Copy your personal public key in ansible/roles/user_add/files/key.pub
```
cp ~/.ssh/id_rsa.pub ansible/roles/user_add/files/key.pub
```
- Run `cd ansible && ansible-playbook full-install.yaml`
..wait for a sec and grab a ☕
💥 Profit!
Following ingresses are created:
[https://wordpress.moritz.agitronic.net](https://wordpress.moritz.agitronic.net)
[https://grafana.moritz.agitronic.net](https://grafana.moritz.agitronic.net) (Credentials in roles/k8s-kube-prom-stack/files/values.yaml:grafana.admin(User|Password)
[https://alertmanager.moritz.agitronic.net](https://alertmanager.moritz.agitronic.net) (secured with basic auth, same creds as for grafana)
[https://prometheus.moritz.agitronic.net](https://prometheus.moritz.agitronic.net) (secured with basic auth, same creds as for grafana)
----
**ToDo**
- sealedSecrets via kube-seal
- cilium CNI
- Loki
- modSecurity configurations
- housekeeping
***(c)2025 Moritz Kleiber***
***Credits:***
**helm Charts**
https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx
https://artifacthub.io/packages/helm/cert-manager/cert-manager
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
https://artifacthub.io/packages/helm/bitnami/wordpress