Skip to content

A homelab running Kubernetes with k3s. TLS with LetsEncrypt and remote access with Tailscale. Automated with Ansible.

License

Notifications You must be signed in to change notification settings

landakram/homelab

Repository files navigation

Homelab

A homelab running Kubernetes with k3s. Automated provisioning with Ansible.

Notes

  • Remote user is assumed to be mark.
  • Remote sudo password is retrieved from keychain on ansible controller. A single sudo password is assumed for all remote hosts.
  • DNS is assumed to be managed by CloudFlare nameservers. CloudFlare is used for public DNS entries (for internal, LAN IP addresses) and for dns-01 challenges for LetsEncrypt.

Provisioning a new machine

  1. Install ubuntu server edition on the new machine.
    • A mark user should be created in the sudo group.
    • The sudo password should be the same as what is set in keyring get ansible-sudo mark on the ansible controller. A machine may also use a custom sudo password, in which case, the sudo password should be set to keyring get <system-name> mark.
  2. Enable SSH password authentication
  3. Note the IP address of the new host. This can be done with nmap if necessary:
nmap -p 22  10.0.0.0/24
  1. Add the new host's IP address to a group in inventory/homelab/hosts.ini. If adding a new k8s node (not a master), it should be added under the [node] section. Note that this file is not checked into version control.

  2. Install ansible dependencies:

ansible-galaxy install -r requirements.yml
  1. Bootstrap the node. Note that this will add an SSH key and disable SSH password authentication, making -k unnecessary in any subsequent call:
ansible-playbook site.yml -k

Building a homelab from scratch

This playbook used k3s-io/k3s-ansible as a starting point. To create a cluster from scratch, one must create inventory files, which are not version controlled in this repo.

So to create a cluster from scratch:

  1. Clone this repository
  2. Copy the inventory/sample directory from k3s-io/k3s-ansible as inventory/homelab in this repo.
  3. Set the remote sudo password in the ansible controller's keychain:
keyring set ansible-sudo mark

For custom sudo passwords, set keyring set <system-name> mark and ensure that ansible_become_pass is set correctly in host_vars/<system-name>.yml, e.g.

ansible_become_pass: "{{ lookup('keyring', 'some-system-name mark') | d(omit) }}"
  1. Follow the instructions from Provisioning a new machine.
  2. After setting up the k8s master, you might want to copy over its kube config so that you can use kubectl from the ansible controller:
scp mark@<master-ip>:~/.kube/config ~/.kube/config

Note: Additional variables are needed in inventory/homelab/group_vars/all.yml than what are stubbed out from k3s-io/k3s-ansible. At some point, I'll make this reproducible. For now, ansible will error out when it reaches an undefined variable. You should take that variable and define it in group_vars.

About

A homelab running Kubernetes with k3s. TLS with LetsEncrypt and remote access with Tailscale. Automated with Ansible.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published