grouponeincorporated / acme-infrastructure Goto Github PK
View Code? Open in Web Editor NEWIaC project. Deployment of WP + MariaDB in a provisioned K8S cluster.
IaC project. Deployment of WP + MariaDB in a provisioned K8S cluster.
snapshot: 'true' should not be a string, but rather only true. Bug in glue to be fixed.
At the moment an ingress controller is deployed with the application deployment, in the same namespace.
This is a solution for using multiple ingress controllers when wanting multiple loadbalancers <=> to get unique floating IPs for each deployment, and a loadbalancer for each namespace.
However, in this instance it might be better using a cluster-wide ingress controller.
This would also help with managing ingress resources for kube-state-metrics and similar.
The cluster-wide ingress-controller could reside in its own namespace, named for example "ingress-controller". It would then handle all ingress resources in all namespaces. And everything would have the same IP.
With this solution we could still have the ingress resource in the namespace for the deployment, to handle traffic to it, and also have an ingress resource for the kube-state-metrics to expose that to the prometheus-server.
acme-infrastructure/deploy-all.sh
Line 20 in 251bd61
Fix to check that ../terraform/terraform.tfstate exists and maybe add npm install argument
Find a suitable monitoring solution, and start implementing it.
Suggestions:
Add relative paths to the config paths in glue, so it works for everyone regardless of folder structure, without the need of additional config files.
Add automated include of ssh config file to local ssh config.
Wait for instances to be ready before running Ansible
Add cloud.conf secret with cloud credentials.
Preferably encrypted, using for example ansible-vault.
Modify/extend the bitnami/wordpress and bitnami/mariadb Docker images to include all necessary data, if possible.
This includes the wp-content folder for wordpress, and the .sql-file needs to be initialized on the mariadb image.
These changes would make sure every deploy starts out the same, and circumvents having to do imports "manually" after deployment.
Nice QoL feature to do when time permits.
Ansible does host key checking and it will give error if there is a new machine by wrong key in ~/.ssh/known_hosts
Could be solved by turning off the key checking as mentioned here:
https://docs.ansible.com/ansible/latest/user_guide/connection_details.html#managing-host-key-checking
Add rules for:
acme-infrastructure/terraform/main.tf
Line 26 in c0d214e
Fix this to input basically your current IP with for example. https://api.ipify.org/
Testrun current Ansible Playbook and finish/fix it.
Wordpress + MariaDB are now up and running in a k8s test cluster, with cinder volumes.
The data for plug-ins, posts, etc from the customer needs to be imported in the wp/mdb instances.
Direct WP data is easy through the admin console, but fails due to plug-ins not being added. This data (plug-ins) resides in the database, and needs to be imported first. However, not sure how to do it exactly.
Tried with dB admin plugin in WP, which correctly connects to the db. There's no import function in this plugin, though.
Add servers to known_hosts file automatically after running Terraform, as to circumvent manual need for this before running Ansible Playbook (will fail otherwise).
Prometheus.yml needs ips from all instances except the prometheus server.
Location for ips: In targets under job_name: 'node_exporter'
See: https://github.com/GroupOneIncorporated/acme-infrastructure/blob/main/prometheus/prometheus.yml
Testrun rke with current automated cluster.yaml file, and apply eventual needed fixes.
Implement automatic copy of rke-created kubeconfig into .kube/config for kubectl use.
MariaDB deployment fails with the following error:
"The mariadb configuration file '/opt/bitnami/mariadb/conf/my.cnf' is not writable. Configurations based on environment variables will not be applied for this file."
Needs to be fixed, as a database is needed and wordpress deployment fails due to this.
Make sure "labels" and "taints" fields are not written even with empty values for worker nodes in cluster.yaml. This causes error when running rke up.
Must be fixed in glue.
Files, such as images etc, mainly the wp-content folder that is provided by the customer, needs to be imported into the WP deployment. Possible solution is a volume mount to import. Needs further research on best practice.
These files are of importance to the customer, and as such need to be incorporated into the solution.
Make deploy-all and destroy-all scripts dynamic. Mainly this applies to the k8s-scripts, to use the correct values-files for each team-member.
Add a reference to the key to be used with the hosts in the ssh_config file to be included in .ssh/config. To be fixed in glue.
Add needed cluster wide services:
ATM ingress is not working properly => not routing traffic correctly.
Must get fixed, and working with loadbalancer to provide traffic into the cluster.
Suspect this issue is what causing certificates not to work either, or it is connected in some way at least..
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.