m0e/datatroniq_challenge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
datatroniq_challenge/README.md
m0e 645e9169d0
Edited README.md
2025-10-30 16:32:28 +01:00

2.5 KiB
Raw Blame History

datatroniq Challenge

Description

This repository contains various ansible roles to install a single-node k3s for wordpress with ingress-nginx, kube-prom-stack and cert-manager. You are able to execute single steps by specifing tags.

How to use

Requirements

  • ansible and sed needs to be installed locally
  • root server access via key authentication

⚠️ full-install.yaml playbook can only run once cause for inital configuration root access is required which is locked down after ssh_hardening! → Open a ssh session before executing

Steps

  • Clone this repository

git clone ssh://$REPO

  • Change to cloned directory and create root.key with the root private key
cd datatroniq-challenge
cat <<EOF > root.key
-----BEGIN OPENSSH PRIVATE KEY-----
...
-----END OPENSSH PRIVATE KEY-----
EOF
  • Set your server IP in ansible/inventory/dev.yaml
export IP=$SERVERIP
sed -i "s/0.0.0.0/$IP/" ansible/inventory/dev.yaml
  • Adjust your desired admin username in ansible/ansible.cfg and ansible/roles/user_add/vars/main.yml
export USER=$USERNAME
export NAME=$FULLNAME
sed -i "s/admin_dev/$USER/" ansible/ansible.cfg
sed -i "s/admin_dev/$USER/" ansible/roles/user_add/vars/main.yml 
sed -i "s/FULLNAME/$NAME/" ansible/roles/user_add/vars/main.yml
  • Copy your personal public key in ansible/roles/user_add/files/key.pub
cp ~/.ssh/id_rsa.pub ansible/roles/user_add/files/key.pub
  • Run cd ansible && ansible-playbook full-install.yaml

..wait for a sec and grab a

💥 Profit!

Following ingresses are created:

https://wordpress.moritz.agitronic.net

https://grafana.moritz.agitronic.net (Credentials in roles/k8s-kube-prom-stack/files/values.yaml:grafana.admin(User|Password)

https://alertmanager.moritz.agitronic.net (secured with basic auth, same creds as for grafana)

https://prometheus.moritz.agitronic.net (secured with basic auth, same creds as for grafana)

ToDo

  • sealedSecrets via kube-seal
  • cilium CNI
  • Loki
  • modSecurity configurations
  • housekeeping

(c)2025 Moritz Kleiber

Credits:

helm Charts

https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx https://artifacthub.io/packages/helm/cert-manager/cert-manager https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack https://artifacthub.io/packages/helm/bitnami/wordpress