Doc updates #380
Doc updates #380
Conversation
james-otten
commented
Jun 2, 2024
•
james-otten
commented
- Figure out the meshdb-cluster stuff (first time deploy)
- Finish docs
- frr + haproxy
Co-authored-by: Willard Nilges <[email protected]>
Co-authored-by: Willard Nilges <[email protected]>
infra/ansible/k8s_lb.yaml
Outdated
| state: restarted | ||
| enabled: true | ||
| become: true | ||
|
|
There was a problem hiding this comment.
Maybe add comment explaining the reasoning behind the steps?
infra/ansible/lb_config/haproxy.cfg
Outdated
| bind {{ EXTERNAL_LISTEN_IP }}:80 | ||
| bind {{ EXTERNAL_LISTEN_IP }}:443 |
There was a problem hiding this comment.
Might be able to delete this, especially if we use traefik. Need to test.
There was a problem hiding this comment.
certbot used for let's encrypt instead of traefik
| nameservers: | ||
| addresses: [ "10.10.10.10", "10.10.10.11", "8.8.8.8" ] |
There was a problem hiding this comment.
This might cause trouble; We'll see during the test.
| @@ -66,7 +70,17 @@ variable "meshdb_networkrange" { | |||
| default = "24" | |||
| } | |||
|
|
|||
| variable "meshdb_net_block" { | |||
There was a problem hiding this comment.
TODO: Investigate this further
There was a problem hiding this comment.
I think this is a variable we use for FRR config.
There was a problem hiding this comment.
Cleaned up var names
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| module "k3s" { | ||
| source = "xunleii/k3s/module" | ||
|
|
||
| depends_on_ = [ | ||
| proxmox_vm_qemu.meshdbmgr, | ||
| proxmox_vm_qemu.meshdbnode, | ||
| ] | ||
| k3s_version = "latest" | ||
| cluster_domain = "cluster.local" | ||
| cidr = { | ||
| pods = "10.42.0.0/16" | ||
| services = "10.43.0.0/16" | ||
| } | ||
| drain_timeout = "30s" | ||
| managed_fields = ["label", "taint"] // ignore annotations | ||
|
|
||
| global_flags = [ | ||
| ] | ||
|
|
||
| servers = { | ||
| for instance in proxmox_vm_qemu.meshdbmgr : | ||
| instance.name => { | ||
| ip = instance.default_ipv4_address | ||
| connection = { | ||
| host = instance.default_ipv4_address | ||
| # TODO: Try to use tls_private_key? | ||
| #private_key = trimspace(tls_private_key.ed25519_provisioning.private_key_pem) | ||
| private_key = file("${path.module}/meshdb${var.meshdb_env_name}") | ||
| user = "debian" | ||
| } | ||
| flags = [ | ||
| "--write-kubeconfig-mode 644", | ||
| ] | ||
| } | ||
| } | ||
|
|
||
| agents = { | ||
| for instance in proxmox_vm_qemu.meshdbnode : | ||
| instance.name => { | ||
| name = instance.name | ||
| ip = instance.default_ipv4_address | ||
| connection = { | ||
| host = instance.default_ipv4_address | ||
| # TODO: Try to use tls_private_key? | ||
| #private_key = trimspace(tls_private_key.ed25519_provisioning.private_key_pem) | ||
| private_key = file("${path.module}/meshdb${var.meshdb_env_name}") | ||
| user = "debian" | ||
| } | ||
| } | ||
| } | ||
| } |
Check failure
Code scanning / checkov
Ensure Terraform module sources use a commit hash Error
|
Closing the following PRs in favor of this one: |
