A homelab running Kubernetes with k3s. Automated provisioning with Ansible.
- Remote user is assumed to be
mark
. - Remote sudo password is retrieved from keychain on ansible controller. A single sudo password is assumed for all remote hosts.
- DNS is assumed to be managed by CloudFlare nameservers. CloudFlare is used for public DNS entries (for internal, LAN IP addresses) and for dns-01 challenges for LetsEncrypt.
- Install ubuntu server edition on the new machine.
- A
mark
user should be created in thesudo
group. - The
sudo
password should be the same as what is set inkeyring get ansible-sudo mark
on the ansible controller. A machine may also use a custom sudo password, in which case, the sudo password should be set tokeyring get <system-name> mark
.
- A
- Enable SSH password authentication
- Note the IP address of the new host. This can be done with
nmap
if necessary:
nmap -p 22 10.0.0.0/24
-
Add the new host's IP address to a group in
inventory/homelab/hosts.ini
. If adding a new k8s node (not a master), it should be added under the[node]
section. Note that this file is not checked into version control. -
Install ansible dependencies:
ansible-galaxy install -r requirements.yml
- Bootstrap the node. Note that this will add an SSH key and disable SSH password authentication, making
-k
unnecessary in any subsequent call:
ansible-playbook site.yml -k
This playbook used k3s-io/k3s-ansible as a starting point. To create a cluster from scratch, one must create inventory files, which are not version controlled in this repo.
So to create a cluster from scratch:
- Clone this repository
- Copy the
inventory/sample
directory from k3s-io/k3s-ansible asinventory/homelab
in this repo. - Set the remote sudo password in the ansible controller's keychain:
keyring set ansible-sudo mark
For custom sudo passwords, set keyring set <system-name> mark
and ensure that ansible_become_pass
is set correctly in host_vars/<system-name>.yml
, e.g.
ansible_become_pass: "{{ lookup('keyring', 'some-system-name mark') | d(omit) }}"
- Follow the instructions from Provisioning a new machine.
- After setting up the k8s master, you might want to copy over its kube config so that you can use
kubectl
from the ansible controller:
scp mark@<master-ip>:~/.kube/config ~/.kube/config
Note: Additional variables are needed in inventory/homelab/group_vars/all.yml
than what are stubbed out from k3s-io/k3s-ansible. At some point, I'll make this reproducible. For now, ansible will error out when it reaches an undefined variable. You should take that variable and define it in group_vars.