working on standarding k8s, mass push before vakay

rssnyder · Nov 27, 2024 · 08e2caa · 08e2caa
1 parent 527f02a
commit 08e2caa
Show file tree

Hide file tree

Showing 9 changed files with 180 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -41,3 +41,18 @@ using ansible vault with a password in a local file
 ```shell
 ansible-vault encrypt_string --vault-password-file .vault_password 'bar' --name 'foo'
 ```
+
+## cidr
+
+|              | cidr           | notes                           |
+|--------------|----------------|---------------------------------|
+| home         | 192.168.2.0/24 |                                 |
+| tailscale    | 100.64.0.0/10  |                                 |
+| lab cluster  | 10.42.0.0/16   |                                 |
+| lab svc      | 10.43.0.0/16   |                                 |
+| oc cluster   | 10.42.0.0/16   | need to migrate to 10.44.0.0/16 |
+| oc svc       | 10.43.0.0/16   | need to migrate to 10.45.0.0/16 |
+| ocdr cluster | 10.46.0.0/16   |                                 |
+| ocdr svc     | 10.47.0.0/16   |                                 |
+| oc2 cluster  | 10.48.0.0/16   |                                 |
+| oc2 svc      | 10.49.0.0/16   |                                 |
diff --git a/hosts.yml b/hosts.yml
@@ -39,7 +39,11 @@ all:
           full: false
           ceph_disk: /dev/nvme0n1
         kate:
-          ansible_host: 192.168.3.12
+          ansible_host: 192.168.2.12
+          full: false
+          ceph_disk: /dev/nvme0n1
+        claire:
+          ansible_host: 192.168.2.13
           full: false
           ceph_disk: /dev/nvme0n1
     remote:

diff --git a/k8s/baseline/velero.yaml → k8s/bootstrap/velero.yaml b/k8s/baseline/velero.yaml → k8s/bootstrap/velero.yaml
diff --git a/k8s/inventory/oc.yaml b/k8s/inventory/oc.yaml
@@ -0,0 +1,73 @@
+k3s_cluster:
+  children:
+    server:
+      hosts:
+        oca0:
+    agent:
+      hosts:
+        oca1:
+        oca2:
+        oca3:
+  vars:
+    ansible_user: ubuntu
+    k3s_version: v1.31.0+k3s1
+    cluster_context: oc
+    # extra_server_args: "--cluster-cidr=10.45.0.0/16"
+    # extra_agent_args: "--cluster-cidr=10.45.0.0/16"
+    api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_enp0s3']['ipv4']['address'] | default(groups['server'][0]) }}"
+
+    ## isengard
+    cluster_name: oc
+    s3:
+      url: https://s3.rileysnyder.dev
+      region: us-east-1
+    harness:
+      latest_delegate: 24.10.84104
+      delegate_token: !vault |
+        $ANSIBLE_VAULT;1.1;AES256
+        37663565356133643136323865333964393437323138663866306666313363313438663834663039
+        3862646231393964323164626562653232666231313766350a313336313835653030396339336239
+        33326362613965373138363536623939653362326237653766373364353964336561343734336435
+        6131663336303934310a353438303432396331613537386334326335396663386663366134663139
+        38316465346531353335616332343335393836393137353433323531366635326530373235623465
+        3836306136613330393762383630663430313936353066336335
+    longhorn:
+      bucket: longhorn
+      access_key_id: oc_X0c
+      secret_access_key: !vault |
+        $ANSIBLE_VAULT;1.1;AES256
+        64373630303366643834303136336362306338323632363764353664633730306433643131316538
+        3132393330313764616233663835333436333563343838350a356130343363333334393066623363
+        65656438626133643038336632613263353266306531373633363438623832323030396262633935
+        3862313366373161650a373732343533613266343138636535303534643365326562613633386632
+        63313733343636386265366561343138323963336131663362336130383865316366613034396561
+        3939613439373335323832336230363831663035343831356330
+    velero:
+      bucket: velero
+      access_key_id: _oc
+      secret_access_key: !vault |
+        $ANSIBLE_VAULT;1.1;AES256
+        38356238356564303230643661333063316161303735343237383336666637623130616437336661
+        3366626465303737323938373964636265656337636337370a653436303066386233393761386162
+        30346662393037613336393833636366313936653263663532323433323338633263386266636231
+        3762323036373439630a313934343238366465376464663235616135303064396633613430303633
+        30396335663932393431643764653639336133613735393635653462663532303262353439663532
+        6234383132616661313832326566346564656238323138666635
+    tailscale:
+      client_id: !vault |
+        $ANSIBLE_VAULT;1.1;AES256
+        63323037663139383066376462363932343361363639313962333738663762346538623663623865
+        3363643565323934326133353337366165326664393966360a633036623664396335373336363439
+        37343138643334396139313335326333386139663064396136313066616661313131376465643632
+        3238663435356238330a326338616235353631393364373332356365363935386439643934353931
+        33663532643166653963333566383363316438643661333634306433323661393031
+      client_secret: !vault |
+        $ANSIBLE_VAULT;1.1;AES256
+        62646361396333323863306339643564643930653434306466633832373936376533346636333935
+        3732613766663263623530643733346239313336626130310a643736306266313262323461353631
+        36313465386266356532383636376430346263626537613535343230336635376266376161353765
+        3631373833303333390a343064633135656662373630373836383537336161343239343866303131
+        30376432363933356161623063393464326464656565366263666334623231366634303762326136
+        35613766666166356432666130613762373964383534303463373232333664623561663839313737
+        32633935616566623837306663663062316536316533663835653634616665626565643338303232
+        39393161383565663763
diff --git a/k8s/inventory/oc2.yaml b/k8s/inventory/oc2.yaml
@@ -0,0 +1,17 @@
+k3s_cluster:
+  children:
+    server:
+      hosts:
+        oca4:
+    agent:
+      hosts:
+        oca5:
+        oca6:
+        oca7:
+  vars:
+    ansible_user: ubuntu
+    k3s_version: v1.31.0+k3s1
+    cluster_context: oc2
+    extra_server_args: "--cluster-cidr=10.48.0.0/16 --service-cidr=10.49.0.0/16 --cluster-dns=10.49.0.10 --cluster-domain=oc2.local"
+    # extra_agent_args: "--cluster-cidr=10.45.0.0/16"
+    api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_enp0s3']['ipv4']['address'] | default(groups['server'][0]) }}"
diff --git a/k8s/inventory/ocdr.yaml b/k8s/inventory/ocdr.yaml
@@ -6,10 +6,68 @@ k3s_cluster:
     agent:
       hosts:
         oca9:
+        oca10:
+        oca11:
   vars:
     ansible_user: ubuntu
     k3s_version: v1.31.0+k3s1
     cluster_context: ocdr
-    extra_server_args: "--cluster-cidr=10.45.0.0/16"
+    extra_server_args: "--cluster-cidr=10.46.0.0/16 --service-cidr=10.47.0.0/16 --cluster-dns=10.47.0.10 --cluster-domain=ocdr.local"
     # extra_agent_args: "--cluster-cidr=10.45.0.0/16"
-    api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_enp0s3']['ipv4']['address'] | default(groups['server'][0]) }}"
+    api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_enp0s3']['ipv4']['address'] | default(groups['server'][0]) }}"
+
+    ## isengard
+    cluster_name: ocdr
+    s3:
+      url: https://s3.rileysnyder.dev
+      region: us-east-1
+    harness:
+      latest_delegate: 24.10.84104
+      delegate_token: !vault |
+        $ANSIBLE_VAULT;1.1;AES256
+        37663565356133643136323865333964393437323138663866306666313363313438663834663039
+        3862646231393964323164626562653232666231313766350a313336313835653030396339336239
+        33326362613965373138363536623939653362326237653766373364353964336561343734336435
+        6131663336303934310a353438303432396331613537386334326335396663386663366134663139
+        38316465346531353335616332343335393836393137353433323531366635326530373235623465
+        3836306136613330393762383630663430313936353066336335
+    longhorn:
+      bucket: longhorn
+      access_key_id: ocdr_OCb
+      secret_access_key: !vault |
+        $ANSIBLE_VAULT;1.1;AES256
+        62346635326334306330306161613530363562653233643939386531303265613166386433366461
+        3236616637383738356661393634626564623636656264300a643935343833336636333532663530
+        63333336616237323239653938303131353430303065306336646132313938326462636539663764
+        3764363630313638660a613962613462663961316534326438663466623032343862333131663262
+        34333461393065336461353463626364376239333136373965363465313463386564613131333834
+        3938346239333036336134373834643766326338623638343630
+    velero:
+      bucket: velero
+      access_key_id: ocdr
+      secret_access_key: !vault |
+        $ANSIBLE_VAULT;1.1;AES256
+        66393631653339373662313261633661303939396435373531623364356230373732376362393833
+        3035303965383466303235343362326338346137323865390a326261343433656538656239363238
+        65363631326137653030373439303935353864626561306462336337636262633538646162373938
+        3134663032343466340a633063343936653536343162306435623338366465343138636432373931
+        39393138393062653236303163336530623232616631383634333735653030666436376263336463
+        3239333639666337636532643930646166656362383432353066
+    tailscale:
+      client_id: !vault |
+        $ANSIBLE_VAULT;1.1;AES256
+        34316464366633376436613864376162386230633562626163653765316636666637353237346130
+        6133633766363330323839633532373066356233326564660a333030393463653532333663666636
+        62663930636139343763396162376363396538643731386537376639636134666232626534613939
+        3736613361356666660a303637383365393537353832336664363162333633396561383234313765
+        32616331383661373439313130363665656238623164333934366236336632376139
+      client_secret: !vault |
+        $ANSIBLE_VAULT;1.1;AES256
+        30306230356431343565616234303234373739653430666566363962303165646538666235636464
+        6234303039623362373235633065383966303237346238330a323935366635633930313438363664
+        38363730313766653166373833383066373337393832333135336635376133363333373137613634
+        3061363132666635320a313336626535383537623063303838373534383031616264336335346637
+        30633761373037333234383062333836333933613262653437653738643965316131363263383730
+        61633937333165656365366166626238626566323831636639363832333139613438316538396165
+        65373363636166363232373338666436303831363266653338653234323263393831343430316662
+        61663034613631376431
diff --git a/k8s/manifests/secrets.yaml b/k8s/manifests/secrets.yaml
@@ -122,7 +122,7 @@ metadata:
 type: Opaque
 stringData:
   pg2s3.conf: |
-    pg_url = "postgresql://dm:{{ k8s.secrets.dnd_generator.PG_PASSWORD }}@192.168.0.3:5432/dndgenerator"
+    pg_url = "postgresql://dm:{{ k8s.secrets.dnd_generator.PG_PASSWORD }}@192.168.2.2:5432/dndgenerator"
     s3_url = "s3://{{ k8s.secrets.pg2s3.s3.username }}:{{ k8s.secrets.pg2s3.s3.password }}@s3.rileysnyder.dev/pg2s3"
     [backup]
     prefix = "dndgenerator"
@@ -140,7 +140,7 @@ metadata:
 type: Opaque
 stringData:
   pg2s3.conf: |
-    pg_url = "postgresql://dst_manager:{{ k8s.secrets.discord_bot_manager.pgpassword }}@192.168.0.3:5432/dst"
+    pg_url = "postgresql://dst_manager:{{ k8s.secrets.discord_bot_manager.pgpassword }}@192.168.2.2:5432/dst"
     s3_url = "s3://{{ k8s.secrets.pg2s3.s3.username }}:{{ k8s.secrets.pg2s3.s3.password }}@s3.rileysnyder.dev/pg2s3"
     [backup]
     prefix = "dst"

diff --git a/playbooks/k3s-master.yml b/playbooks/k3s-master.yml
@@ -1,10 +1,6 @@
 ---
 - name: copy k3s manifests
-  hosts:
-  - charlie
-  - oca0
-  - oca4
-  - zaius
+  hosts: server
   become: yes
 
   tasks:

diff --git a/secrets.yml b/secrets.yml
@@ -516,13 +516,13 @@ all:
               6336383533303734326665393864653664373230633038656366
     tailscale_authkey: !vault |
       $ANSIBLE_VAULT;1.1;AES256
-      32643637396138353461653265383566623939383061386565363364396639336433316334656364
-      3039356636363439303766623731383736663730366230390a363734383662636561626433316165
-      30633737653961386431373265313739323435656563323762653039313638343034613261626331
-      6331383463666336660a636637623532306332373332346130643438373736373835326338353133
-      61373564333239643735343032303731373537623937326335323735633866373635653134663332
-      62383139623331343936613831643435643230656537313734653064333866656530323862353663
-      626166353061613861336636313633646264
+      33353933643861303265363133613863303238303236623664643731346266306230336638376662
+      6538353631626262313566333935343533306639323535640a346131666434333161633737343038
+      36613138643162316435616434666336636134303736323365663138386533653831646266633761
+      6533313539616439380a306263633463633066663034323464383036663666376466373739356432
+      32373065386436353166656264333565663062336361326533393535343139363739393861366436
+      65656433346336376536663665333932363635343264623464353465656537626335376432363730
+      633062316139633833366437353639653764
     apex_token: !vault |
       $ANSIBLE_VAULT;1.1;AES256
       61323861313564303165303461616131366230616338326434633833643663336136326431373362