A repository for building the base infrastructure (Proxmox VM + K3s) to operate the OpenCSP service.
./bootstrap is run once from your local PC. After that, internal infrastructure configuration is written in ./cluster and managed via GitOps.
- Terraform or OpenTofu installed on your local PC
- Ansible installed on your local PC
- Proxmox server access credentials (API Token, SSH Key)
- A GitHub token granting FluxCD access to the ops repository
- Navigate to the
bootstrap/terraformdirectory. - Copy the sample file to create your configuration file.
cp terraform.tfvars.sample terraform.tfvars
- Open
terraform.tfvarsand fill in your Proxmox connection details and node specs. - Create the VMs.
terraform init terraform plan # optional terraform applyNote: Once complete,
bootstrap/ansible/inventory.iniwill be generated automatically.
-
Navigate to the
bootstrap/ansibledirectory. -
Download the required roles.
ansible-galaxy install -r requirements.yml --force
-
Run the playbook to set up the K3s cluster and configure GitOps.
# K3s Nodes ansible-playbook site.yml --limit k3s_nodes -e "netbird_setup_key=YOUR_ACTUAL_SETUP_KEY" -e "github_token=ghp_YOUR_TOKEN_HERE" # Teleport Agent ansible-playbook site.yml --limit test_vms -e "TELEPORT_PROXY_ADDR=teleport.domain.com:443" -e "TELEPORT_JOIN_TOKEN=token"
- Once the playbook completes, FluxCD-related files will be created under
cluster/(influx-system). All subsequent internal infrastructure configuration should be written in./cluster.
- Once the playbook completes, FluxCD-related files will be created under
When a node spec change or OS upgrade is needed, replace the node rather than modifying it in place.
- Add a new node to the
k3s_nodeslist interraform.tfvars(e.g., addops-worker-02). - Run
terraform applyandansible-playbook— the new node joins the cluster. - Drain the old node (
ops-worker-01).kubectl drain ops-worker-01 --ignore-daemonsets --delete-emptydir-data
- Remove the old node (
ops-worker-01) fromterraform.tfvars. - Run
terraform apply— the old VM is safely deleted.