grouponeincorporated / acme-infrastructure Goto Github PK

• Add/fix README with instructions for terraglue script
• Add README with instructions for Ansible
• Add README with instructions for ssh config
• Add README with instructions for rke
• Add README with instructions for k8s

snapshot: 'true' should not be a string, but rather only true. Bug in glue to be fixed.

At the moment an ingress controller is deployed with the application deployment, in the same namespace.

This is a solution for using multiple ingress controllers when wanting multiple loadbalancers <=> to get unique floating IPs for each deployment, and a loadbalancer for each namespace.

However, in this instance it might be better using a cluster-wide ingress controller.

This would also help with managing ingress resources for kube-state-metrics and similar.

The cluster-wide ingress-controller could reside in its own namespace, named for example "ingress-controller". It would then handle all ingress resources in all namespaces. And everything would have the same IP.

With this solution we could still have the ingress resource in the namespace for the deployment, to handle traffic to it, and also have an ingress resource for the kube-state-metrics to expose that to the prometheus-server.

Fix to check that ../terraform/terraform.tfstate exists and maybe add npm install argument

Find a suitable monitoring solution, and start implementing it.

Suggestions:

• Prometheus / Grafana
• Icinga2
• ...

Add relative paths to the config paths in glue, so it works for everyone regardless of folder structure, without the need of additional config files.

Add automated include of ssh config file to local ssh config.

Wait for instances to be ready before running Ansible

Add cloud.conf secret with cloud credentials.
Preferably encrypted, using for example ansible-vault.

Modify/extend the bitnami/wordpress and bitnami/mariadb Docker images to include all necessary data, if possible.

This includes the wp-content folder for wordpress, and the .sql-file needs to be initialized on the mariadb image.

These changes would make sure every deploy starts out the same, and circumvents having to do imports "manually" after deployment.

Nice QoL feature to do when time permits.

Ansible does host key checking and it will give error if there is a new machine by wrong key in ~/.ssh/known_hosts
Could be solved by turning off the key checking as mentioned here:
https://docs.ansible.com/ansible/latest/user_guide/connection_details.html#managing-host-key-checking

Add rules for:

• Port 80 (http)
• Port 443 (https)
  to the Terraform script.

Fix this to input basically your current IP with for example. https://api.ipify.org/

Testrun current Ansible Playbook and finish/fix it.

Wordpress + MariaDB are now up and running in a k8s test cluster, with cinder volumes.

The data for plug-ins, posts, etc from the customer needs to be imported in the wp/mdb instances.

Direct WP data is easy through the admin console, but fails due to plug-ins not being added. This data (plug-ins) resides in the database, and needs to be imported first. However, not sure how to do it exactly.

Tried with dB admin plugin in WP, which correctly connects to the db. There's no import function in this plugin, though.

Add servers to known_hosts file automatically after running Terraform, as to circumvent manual need for this before running Ansible Playbook (will fail otherwise).

Prometheus.yml needs ips from all instances except the prometheus server.
Location for ips: In targets under job_name: 'node_exporter'
See: https://github.com/GroupOneIncorporated/acme-infrastructure/blob/main/prometheus/prometheus.yml

Testrun rke with current automated cluster.yaml file, and apply eventual needed fixes.

Implement automatic copy of rke-created kubeconfig into .kube/config for kubectl use.

MariaDB deployment fails with the following error:
"The mariadb configuration file '/opt/bitnami/mariadb/conf/my.cnf' is not writable. Configurations based on environment variables will not be applied for this file."

Needs to be fixed, as a database is needed and wordpress deployment fails due to this.

Make sure "labels" and "taints" fields are not written even with empty values for worker nodes in cluster.yaml. This causes error when running rke up.

Must be fixed in glue.

Files, such as images etc, mainly the wp-content folder that is provided by the customer, needs to be imported into the WP deployment. Possible solution is a volume mount to import. Needs further research on best practice.

These files are of importance to the customer, and as such need to be incorporated into the solution.

Make deploy-all and destroy-all scripts dynamic. Mainly this applies to the k8s-scripts, to use the correct values-files for each team-member.

Add a reference to the key to be used with the hosts in the ssh_config file to be included in .ssh/config. To be fixed in glue.

Add needed cluster wide services:

• Openstack Cloud Controller Manager
• CSI Cinder plugin
• K8S Dashboard
• Cert-manager
  - cluster-issuer
• nginx-ingress
• Namespace

ATM ingress is not working properly => not routing traffic correctly.

Must get fixed, and working with loadbalancer to provide traffic into the cluster.

Suspect this issue is what causing certificates not to work either, or it is connected in some way at least..