init

Makefile

@@ -0,0 +1,10 @@
+include common.mk
+
+L0DIR = layer0
+include $(L0DIR)/make.mk
+
+L1DIR = layer1
+include $(L1DIR)/make.mk
+
+L2DIR = layer2
+include $(L2DIR)/make.mk

README.md

@@ -0,0 +1,13 @@
+# Stack (WIP)
+
+Production ready stack to simplify deployment of Akash
+
+## Layers and Components
+
+- [Layer 0](layer0): Bare metal servers on packet, provisioned using Terraform
+- [Layer 1](layer1): Kubernetes Cluster with Helm, and Container Storage Interfaces (CSI)
+- [Layer 2](layer2): Observabilty (Prometheus and Graphana) and Key Management (Vault)
+- [Layer 3](layer3): Akash Suite
+- [Layer 4](layer4): Applications
+
+- [Sanity Check](sanity): Cluster readiness checks for Akash

common.mk

@@ -0,0 +1,26 @@
+.EXPORT_ALL_VARIABLES:
+
+BASEDIR 		?= $(CURDIR)
+DATADIR 		= $(BASEDIR)/.data
+KUBECONFIG	= $(DATADIR)/kubeconfig
+K3S_VERSION = v0.9.0
+MASTER_IP 	?= $(shell dig +short k1.ovrclk.net)
+SSHUSER 		?= root
+RELEASE 		?= kernel
+
+setup:
+	mkdir -p $(DATADIR)
+
+clean:
+	rm -r $(DATADIR)
+
+kube-config: setup
+	k3su install --ip $(MASTER_IP) --user $(SSHUSER) --skip-install --local-path $(KUBECONFIG) --k3s-version=$(K3S_VERSION)
+
+kube-config-path:
+	@echo $(KUBECONFIG)
+
+checkaction:
+	@echo "Are you sure? This action is not reversable [y/N] " && read ans && [ $${ans:-N} = y ]
+
+.PHONY: .PHONY setup clean kube-config kube-config-path checkaction

layer0/.gitignore

@@ -0,0 +1 @@
+.terraform

layer0/Makefile

@@ -0,0 +1,2 @@
+include ../common.mk
+include make.mk

layer0/README.md

@@ -0,0 +1,35 @@
+# Layer 0
+
+Terraform scripts for provisioning a bare metal servers on Packet.  Extreme caution must be excercized when making changes.
+
+## Authentication
+
+## ENV Variables
+
+- `TF_VAR_packet_auth_token`: Authentication Token for Packet
+- `TF_VAR_packet_project_id`: Packet Project ID
+
+## Terraform Cloud
+
+Sign up for an account on [Terraform Cloud](https://app.terraform.io). Once you have access, create a auth token and terraform config file
+
+```
+$ export TF_TOKEN=5lsdovPZB...
+
+# cat >  ~/.terraformrc
+credentials "app.terraform.io" {
+  token = "$TF_TOKEN"
+}
+```
+
+## Setup
+
+- Terraform v0.12.9
+
+### Terraform
+
+To install dependencies on OSX using brew, run `brew update && brew install terraform`
+
+### Ansible
+
+`$ sudo pip install ansible`

layer0/make.mk

@@ -0,0 +1,8 @@
+terraform-init:
+	terraform init
+
+terraform-plan:
+	terraform plan
+
+terraform-apply:
+	terraform apply

layer0/packet-single/common.tf

@@ -0,0 +1,41 @@
+/* variables */
+variable "domain_name" {
+  type = "string"
+}
+
+variable "packet_auth_token" {
+  type = "string"
+}
+
+variable "packet_project_id" {
+  type    = "string"
+  default = "string"
+}
+
+variable "packet_plan" {
+  type    = "string"
+  default = "c1.small.x86"
+}
+
+variable "packet_facility" {
+  type    = "string"
+  default = "sjc1"
+}
+
+/* Terraform remote state management */
+
+terraform {
+  backend "remote" {
+    hostname     = "app.terraform.io"
+    organization = "ovrclk"
+
+    workspaces {
+      name = "kernel"
+    }
+  }
+}
+
+provider "packet" {
+  version    = "~> 2.4"
+  auth_token = "${var.packet_auth_token}"
+}

layer0/packet-single/n1.tf

@@ -0,0 +1,18 @@
+resource "packet_device" "n1" {
+  hostname           = "n1.${var.packet_plan}"
+  plan               = "${var.packet_plan}"
+  facilities         = ["${var.packet_facility}"]
+  operating_system   = "ubuntu_18_04"
+  billing_cycle      = "hourly"
+  project_id         = var.packet_project_id
+}
+
+/* Outputs */
+output "k1_root_password" {
+  value = packet_device.k1.root_password
+  description = "root password to the server:k1 (disabled after 24 hours)"
+}
+
+output "k1_access_public_ipv4" {
+  value = packet_device.k1.access_public_ipv4
+}

layer1/.gitignore

@@ -0,0 +1 @@
+.packet-secret.yml

layer1/Makefile

@@ -0,0 +1,3 @@
+BASEDIR=..
+include ../common.mk
+include make.mk

layer1/README.md

@@ -0,0 +1,30 @@
+# layer 1
+
+## Kubernetes
+
+# Packet CSI deploy
+Copy deploy/template/secret.yaml to a local file:
+
+```
+cp deploy/template/secret.yaml packet-cloud-config.yaml
+```
+
+Replace the placeholder in the copy with your token. When you're done, the packet-cloud-config.yaml should look something like this:
+
+```
+apiVersion: v1
+kind: Secret
+metadata:
+  name: packet-cloud-config
+  namespace: kube-system
+stringData:
+  cloud-sa.json: |
+    {
+    "apiKey": "abc123abc123abc123",
+    "projectID": "abc123abc123abc123"
+    }
+```
+
+```
+kubectl apply -f ./packet-cloud-config.yaml
+```

layer1/dev/storage.yml

@@ -0,0 +1,60 @@
+---
+# storage provider
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: storage-provisioner
+  namespace: kube-system
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: storage-provisioner
+  labels:
+    addonmanager.kubernetes.io/mode: EnsureExists
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:persistent-volume-provisioner
+subjects:
+  - kind: ServiceAccount
+    name: storage-provisioner
+    namespace: kube-system
+
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: storage-provisioner
+  namespace: kube-system
+  labels:
+    integration-test: storage-provisioner
+    addonmanager.kubernetes.io/mode: Reconcile
+spec:
+  serviceAccountName: storage-provisioner
+  hostNetwork: true
+  containers:
+  - name: storage-provisioner
+    image: gcr.io/k8s-minikube/storage-provisioner:v1.8.1
+    command: ["/storage-provisioner"]
+    imagePullPolicy: IfNotPresent
+    volumeMounts:
+    - mountPath: /tmp
+      name: tmp
+  volumes:
+  - name: tmp
+    hostPath:
+      path: /tmp
+      type: Directory
+
+---
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: standard
+provisioner: k8s.io/minikube-hostpath
+reclaimPolicy: Delete
+volumeBindingMode: Immediate

layer1/helm.yml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: tiller
+  namespace: kube-system
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: tiller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+  - kind: ServiceAccount
+    name: tiller
+    namespace: kube-system

layer1/make.mk

@@ -0,0 +1,36 @@
+L1DIR ?= $(PWD)
+KUBE_NAMESPACE ?= kube-system
+
+layer1-install: kube-install helm-install csi-packet-install
+
+layer1-remove: kube-remove 
+
+.PHONY: .PHONY layer1-install layer1-remove
+
+kube-install: setup
+	k3su install --ip $(MASTER_IP) --user $(SSHUSER) --local-path $(KUBECONFIG) --k3s-version=$(K3S_VERSION)
+
+kube-remove: checkaction
+	ssh $(SSHUSER)@$(MASTER_IP) "k3s-uninstall.sh"
+
+helm-install:
+	kubectl apply -f $(L1DIR)/helm.yml
+	helm init --service-account tiller
+
+helm-remove:
+	kubectl delete -f $(L1DIR)/rbac.yml
+	helm reset 
+
+kube-remove-system-traefik:
+	kubectl delete deploy,sa,svc traefik --namespace=kube-system
+
+.PHONY: .PHONY kube-install kube-remove kube-remove-system-traefik helm-install helm-remove
+
+csi-packet-install:
+	kubectl apply --wait -f $(L1DIR)/packet-secret.yml
+	kubectl apply --wait -f $(L1DIR)/packet/
+
+csi-packet-remove:
+	kubectl delete --wait -f $(L1DIR)/packet
+
+.PHONY: .PHONY csi-packet-install csi-packet-remove

layer1/packet/.gitignore

@@ -0,0 +1 @@
+secret.yml