93 lines
2.5 KiB
Markdown
93 lines
2.5 KiB
Markdown
# datatroniq Challenge
|
|
|
|
## Description
|
|
|
|
This repository contains various ansible roles to install a single-node k3s for wordpress with ingress-nginx, kube-prom-stack and cert-manager.
|
|
You are able to execute single steps by specifing tags.
|
|
|
|
## How to use
|
|
|
|
***Requirements***
|
|
|
|
- ansible and sed needs to be installed locally
|
|
- root server access via key authentication
|
|
|
|
⚠️ full-install.yaml playbook can only run once cause for inital configuration root access is required which is locked down after ssh_hardening! → Open a ssh session before executing
|
|
|
|
***Steps***
|
|
|
|
- Clone this repository
|
|
|
|
`git clone ssh://$REPO`
|
|
|
|
- Change to cloned directory and create root.key with the root private key
|
|
|
|
```
|
|
cd datatroniq-challenge
|
|
cat <<EOF > root.key
|
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
...
|
|
-----END OPENSSH PRIVATE KEY-----
|
|
EOF
|
|
```
|
|
|
|
- Set your server IP in ansible/inventory/dev.yaml
|
|
|
|
```
|
|
export IP=$SERVERIP
|
|
sed -i "s/0.0.0.0/$IP/" ansible/inventory/dev.yaml
|
|
```
|
|
|
|
- Adjust your desired admin username in ansible/ansible.cfg and ansible/roles/user_add/vars/main.yml
|
|
|
|
```
|
|
export USER=$USERNAME
|
|
export NAME=$FULLNAME
|
|
sed -i "s/admin_dev/$USER/" ansible/ansible.cfg
|
|
sed -i "s/admin_dev/$USER/" ansible/roles/user_add/vars/main.yml
|
|
sed -i "s/FULLNAME/$NAME/" ansible/roles/user_add/vars/main.yml
|
|
```
|
|
|
|
- Copy your personal public key in ansible/roles/user_add/files/key.pub
|
|
|
|
```
|
|
cp ~/.ssh/id_rsa.pub ansible/roles/user_add/files/key.pub
|
|
|
|
```
|
|
|
|
- Run `cd ansible && ansible-playbook full-install.yaml`
|
|
|
|
..wait for a sec and grab a ☕
|
|
|
|
💥 Profit!
|
|
|
|
Following ingresses are created:
|
|
|
|
[https://wordpress.moritz.agitronic.net](https://wordpress.moritz.agitronic.net)
|
|
|
|
[https://grafana.moritz.agitronic.net](https://grafana.moritz.agitronic.net) (Credentials in roles/k8s-kube-prom-stack/files/values.yaml:grafana.admin(User|Password)
|
|
|
|
[https://alertmanager.moritz.agitronic.net](https://alertmanager.moritz.agitronic.net) (secured with basic auth, same creds as for grafana)
|
|
|
|
[https://prometheus.moritz.agitronic.net](https://prometheus.moritz.agitronic.net) (secured with basic auth, same creds as for grafana)
|
|
|
|
----
|
|
**ToDo**
|
|
- sealedSecrets via kube-seal
|
|
- cilium CNI
|
|
- Loki
|
|
- modSecurity configurations
|
|
- housekeeping
|
|
|
|
***(c)2025 Moritz Kleiber***
|
|
|
|
***Credits:***
|
|
|
|
**helm Charts**
|
|
|
|
https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx
|
|
https://artifacthub.io/packages/helm/cert-manager/cert-manager
|
|
https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
|
|
https://artifacthub.io/packages/helm/bitnami/wordpress
|
|
|