Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit e99bf62
Showing
29 changed files
with
1,544 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
include common.mk | ||
|
||
L0DIR = layer0 | ||
include $(L0DIR)/make.mk | ||
|
||
L1DIR = layer1 | ||
include $(L1DIR)/make.mk | ||
|
||
L2DIR = layer2 | ||
include $(L2DIR)/make.mk |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
# Stack (WIP) | ||
|
||
Production ready stack to simplify deployment of Akash | ||
|
||
## Layers and Components | ||
|
||
- [Layer 0](layer0): Bare metal servers on packet, provisioned using Terraform | ||
- [Layer 1](layer1): Kubernetes Cluster with Helm, and Container Storage Interfaces (CSI) | ||
- [Layer 2](layer2): Observabilty (Prometheus and Graphana) and Key Management (Vault) | ||
- [Layer 3](layer3): Akash Suite | ||
- [Layer 4](layer4): Applications | ||
|
||
- [Sanity Check](sanity): Cluster readiness checks for Akash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
.EXPORT_ALL_VARIABLES: | ||
|
||
BASEDIR ?= $(CURDIR) | ||
DATADIR = $(BASEDIR)/.data | ||
KUBECONFIG = $(DATADIR)/kubeconfig | ||
K3S_VERSION = v0.9.0 | ||
MASTER_IP ?= $(shell dig +short k1.ovrclk.net) | ||
SSHUSER ?= root | ||
RELEASE ?= kernel | ||
|
||
setup: | ||
mkdir -p $(DATADIR) | ||
|
||
clean: | ||
rm -r $(DATADIR) | ||
|
||
kube-config: setup | ||
k3su install --ip $(MASTER_IP) --user $(SSHUSER) --skip-install --local-path $(KUBECONFIG) --k3s-version=$(K3S_VERSION) | ||
|
||
kube-config-path: | ||
@echo $(KUBECONFIG) | ||
|
||
checkaction: | ||
@echo "Are you sure? This action is not reversable [y/N] " && read ans && [ $${ans:-N} = y ] | ||
|
||
.PHONY: .PHONY setup clean kube-config kube-config-path checkaction |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
.terraform |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
include ../common.mk | ||
include make.mk |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
# Layer 0 | ||
|
||
Terraform scripts for provisioning a bare metal servers on Packet. Extreme caution must be excercized when making changes. | ||
|
||
## Authentication | ||
|
||
## ENV Variables | ||
|
||
- `TF_VAR_packet_auth_token`: Authentication Token for Packet | ||
- `TF_VAR_packet_project_id`: Packet Project ID | ||
|
||
## Terraform Cloud | ||
|
||
Sign up for an account on [Terraform Cloud](https://app.terraform.io). Once you have access, create a auth token and terraform config file | ||
|
||
``` | ||
$ export TF_TOKEN=5lsdovPZB... | ||
# cat > ~/.terraformrc | ||
credentials "app.terraform.io" { | ||
token = "$TF_TOKEN" | ||
} | ||
``` | ||
|
||
## Setup | ||
|
||
- Terraform v0.12.9 | ||
|
||
### Terraform | ||
|
||
To install dependencies on OSX using brew, run `brew update && brew install terraform` | ||
|
||
### Ansible | ||
|
||
`$ sudo pip install ansible` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
terraform-init: | ||
terraform init | ||
|
||
terraform-plan: | ||
terraform plan | ||
|
||
terraform-apply: | ||
terraform apply |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
/* variables */ | ||
variable "domain_name" { | ||
type = "string" | ||
} | ||
|
||
variable "packet_auth_token" { | ||
type = "string" | ||
} | ||
|
||
variable "packet_project_id" { | ||
type = "string" | ||
default = "string" | ||
} | ||
|
||
variable "packet_plan" { | ||
type = "string" | ||
default = "c1.small.x86" | ||
} | ||
|
||
variable "packet_facility" { | ||
type = "string" | ||
default = "sjc1" | ||
} | ||
|
||
/* Terraform remote state management */ | ||
|
||
terraform { | ||
backend "remote" { | ||
hostname = "app.terraform.io" | ||
organization = "ovrclk" | ||
|
||
workspaces { | ||
name = "kernel" | ||
} | ||
} | ||
} | ||
|
||
provider "packet" { | ||
version = "~> 2.4" | ||
auth_token = "${var.packet_auth_token}" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
resource "packet_device" "n1" { | ||
hostname = "n1.${var.packet_plan}" | ||
plan = "${var.packet_plan}" | ||
facilities = ["${var.packet_facility}"] | ||
operating_system = "ubuntu_18_04" | ||
billing_cycle = "hourly" | ||
project_id = var.packet_project_id | ||
} | ||
|
||
/* Outputs */ | ||
output "k1_root_password" { | ||
value = packet_device.k1.root_password | ||
description = "root password to the server:k1 (disabled after 24 hours)" | ||
} | ||
|
||
output "k1_access_public_ipv4" { | ||
value = packet_device.k1.access_public_ipv4 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
.packet-secret.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
BASEDIR=.. | ||
include ../common.mk | ||
include make.mk |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
# layer 1 | ||
|
||
## Kubernetes | ||
|
||
# Packet CSI deploy | ||
Copy deploy/template/secret.yaml to a local file: | ||
|
||
``` | ||
cp deploy/template/secret.yaml packet-cloud-config.yaml | ||
``` | ||
|
||
Replace the placeholder in the copy with your token. When you're done, the packet-cloud-config.yaml should look something like this: | ||
|
||
``` | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: packet-cloud-config | ||
namespace: kube-system | ||
stringData: | ||
cloud-sa.json: | | ||
{ | ||
"apiKey": "abc123abc123abc123", | ||
"projectID": "abc123abc123abc123" | ||
} | ||
``` | ||
|
||
``` | ||
kubectl apply -f ./packet-cloud-config.yaml | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
--- | ||
# storage provider | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: storage-provisioner | ||
namespace: kube-system | ||
labels: | ||
addonmanager.kubernetes.io/mode: Reconcile | ||
|
||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: storage-provisioner | ||
labels: | ||
addonmanager.kubernetes.io/mode: EnsureExists | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: system:persistent-volume-provisioner | ||
subjects: | ||
- kind: ServiceAccount | ||
name: storage-provisioner | ||
namespace: kube-system | ||
|
||
--- | ||
apiVersion: v1 | ||
kind: Pod | ||
metadata: | ||
name: storage-provisioner | ||
namespace: kube-system | ||
labels: | ||
integration-test: storage-provisioner | ||
addonmanager.kubernetes.io/mode: Reconcile | ||
spec: | ||
serviceAccountName: storage-provisioner | ||
hostNetwork: true | ||
containers: | ||
- name: storage-provisioner | ||
image: gcr.io/k8s-minikube/storage-provisioner:v1.8.1 | ||
command: ["/storage-provisioner"] | ||
imagePullPolicy: IfNotPresent | ||
volumeMounts: | ||
- mountPath: /tmp | ||
name: tmp | ||
volumes: | ||
- name: tmp | ||
hostPath: | ||
path: /tmp | ||
type: Directory | ||
|
||
--- | ||
kind: StorageClass | ||
apiVersion: storage.k8s.io/v1 | ||
metadata: | ||
name: standard | ||
provisioner: k8s.io/minikube-hostpath | ||
reclaimPolicy: Delete | ||
volumeBindingMode: Immediate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: tiller | ||
namespace: kube-system | ||
|
||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: ClusterRoleBinding | ||
metadata: | ||
name: tiller | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: ClusterRole | ||
name: cluster-admin | ||
subjects: | ||
- kind: ServiceAccount | ||
name: tiller | ||
namespace: kube-system |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
L1DIR ?= $(PWD) | ||
KUBE_NAMESPACE ?= kube-system | ||
|
||
layer1-install: kube-install helm-install csi-packet-install | ||
|
||
layer1-remove: kube-remove | ||
|
||
.PHONY: .PHONY layer1-install layer1-remove | ||
|
||
kube-install: setup | ||
k3su install --ip $(MASTER_IP) --user $(SSHUSER) --local-path $(KUBECONFIG) --k3s-version=$(K3S_VERSION) | ||
|
||
kube-remove: checkaction | ||
ssh $(SSHUSER)@$(MASTER_IP) "k3s-uninstall.sh" | ||
|
||
helm-install: | ||
kubectl apply -f $(L1DIR)/helm.yml | ||
helm init --service-account tiller | ||
|
||
helm-remove: | ||
kubectl delete -f $(L1DIR)/rbac.yml | ||
helm reset | ||
|
||
kube-remove-system-traefik: | ||
kubectl delete deploy,sa,svc traefik --namespace=kube-system | ||
|
||
.PHONY: .PHONY kube-install kube-remove kube-remove-system-traefik helm-install helm-remove | ||
|
||
csi-packet-install: | ||
kubectl apply --wait -f $(L1DIR)/packet-secret.yml | ||
kubectl apply --wait -f $(L1DIR)/packet/ | ||
|
||
csi-packet-remove: | ||
kubectl delete --wait -f $(L1DIR)/packet | ||
|
||
.PHONY: .PHONY csi-packet-install csi-packet-remove |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
secret.yml |
Oops, something went wrong.