Home Ops

📖 Overview

This is a mono repository for my homelab infrastructure. I try to adhere to Infrastructure as Code (IaC) and GitOps practices using the tools like Ansible, Terraform, Kubernetes, Flux, Renovate and GitHub Actions.

⛵ Kubernetes

There is a template over at onedr0p/flux-cluster-template if you wanted to try and follow along with some of the practices I used here.

TODO

⚠️ pre-commit

It is advisable to install pre-commit and the pre-commit hooks that come with this repository.

1. Enable Pre-Commit

   task precommit:init

2. Update Pre-Commit, though it will occasionally make mistakes, so verify its results.

   task precommit:update

📂 Repository structure

The Git repository contains the following directories under kubernetes and are ordered below by how Flux will apply them.

📁 kubernetes      # Kubernetes cluster defined as code
├─📁 bootstrap     # Flux installation
├─📁 flux          # Main Flux configuration of repository
└─📁 apps          # Apps deployed into the cluster grouped by namespace

Setting up Age

Here we will create a Age Private and Public key. Using SOPS with Age allows us to encrypt secrets and use them in Ansible and Flux.

1. Create a Age Private / Public Key

age-keygen -o age.agekey

2. Set up the directory for the Age key and move the Age file to it

mkdir -p ~/.config/sops/age
mv age.agekey ~/.config/sops/age/keys.txt

3. Export the SOPS_AGE_KEY_FILE variable in your bashrc, zshrc or config.fish and source it, e.g.

export SOPS_AGE_KEY_FILE=~/.config/sops/age/keys.txt
source ~/.bashrc

4. Fill out the Age public key in the .config.env under BOOTSTRAP_AGE_PUBLIC_KEY, note the public key should start with age ...

📄 Configuration

📍 The .config.env file contains necessary configuration that is needed by Ansible, Terraform and Flux.

1. Copy the .config.sample.env to .config.env and start filling out all the environment variables.

   All are required unless otherwise noted in the comments.

   cp .config.sample.env .config.env

2. Once that is done, verify the configuration is correct by running:

   task verify

3. If you do not encounter any errors run start having the script wire up the templated files and place them where they need to be.

   task configure

⚡ Preparing Ubuntu Server with Ansible

📍 Here we will be running a Ansible Playbook to prepare Ubuntu Server for running a Kubernetes cluster.

1. Ensure you are able to SSH into your nodes from your workstation using a private SSH key without a passphrase. This is how Ansible is able to connect to your remote nodes.

   How to configure SSH key-based authentication

2. Install the Ansible deps

   task ansible:init

3. Verify Ansible can view your config

   task ansible:list

4. Verify Ansible can ping your nodes

   task ansible:ping

5. Run the Fedora Server Ansible prepare playbook

   task ansible:prepare

6. Reboot the nodes

   task ansible:reboot

⛵ Installing k3s with Ansible

📍 Here we will be running a Ansible Playbook to install k3s with this wonderful k3s Ansible galaxy role. After completion, Ansible will drop a kubeconfig in ./kubeconfig for use with interacting with your cluster with kubectl.

☢️ If you run into problems, you can run task ansible:nuke to destroy the k3s cluster and start over.

1. Verify Ansible can view your config

   task ansible:list

2. Verify Ansible can ping your nodes

   task ansible:ping

3. Install k3s with Ansible

   task ansible:install

4. Verify the nodes are online

   task cluster:nodes
   # NAME           STATUS   ROLES                       AGE     VERSION
   # k8s-0          Ready    control-plane,master      4d20h   v1.21.5+k3s1
   # k8s-1          Ready    worker                    4d20h   v1.21.5+k3s1