Kubernetes Proxmox deployment

local_proxmox/.terraform.lock.hcl

@@ -0,0 +1,24 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/telmate/proxmox" {
+  version     = "2.9.11"
+  constraints = "2.9.11"
+  hashes = [
+    "h1:RKM2pvHNJrQKcMD7omaPiM099vWGgDnnZqn1kGknYXU=",
+    "zh:0db1e3940cf208e56919e68c6d557dfc87d380316a474c8999916308bf991440",
+    "zh:2a0ae7af5b2f96d53b24f34575bc72ccbb79cab870901f26f00a301613f7c69e",
+    "zh:2f9eb4a4d2c5db04ec0940d7e250aaf1bac559acc787a5883688ba42159f8b8e",
+    "zh:362a5b44995a51c8de78f0106aa7741f212bb15fbf2d7477794ea3ee63e2c17d",
+    "zh:4d212404b741848cef1e469e390ad1df659bbfa8d47cd079d82d83c288925438",
+    "zh:54a65a01946839db263f8da389791863f6909db9d5fcfdb472e23b14883a5b6c",
+    "zh:5dfc95303efc53686b23762dfa4c50d887eb4cc0a3e9d527adc29b3a9f0439eb",
+    "zh:68db84c007cbdd7267d1f7b767b0b2b91e9ee2e2b92ac1d8a1568f3bc61e67cd",
+    "zh:85d45466445883ae64eed3d5fcb996de389ecf9268f0f7d2f22911fb3f56a344",
+    "zh:8673f8c794ea8413dc9a3933902492b3e5be99e79bc611fcef415be7d7268210",
+    "zh:d5041f72f550f3c81dafecb4e7dfca9f849737154a0e2c81434df6c72d75af25",
+    "zh:e60e03b495dd76660784a8ab07d8db0ce1df7165e713efb350c1864d92f87a8c",
+    "zh:ed1f75a2fe7d764356119a590f301ab8fd40cfeea78a514450868beb92115f28",
+    "zh:efa4140b78775509665370c915e60c9043a1325d608f96da151f8f7fcc7cb45e",
+  ]
+}

local_proxmox/kubernetes_playbook.yml

@@ -0,0 +1,54 @@
+---
+- name: Setup Environment for Kubernetes
+  strategy: free
+  hosts: all
+  vars:
+    ansible_user: ansible
+    ansible_ssh_private_key_file: "~/.ssh/ansible-private-key"
+  become: true
+
+  tasks:
+    - name: Enable TCP ports
+      ufw:
+        proto: tcp
+        rule: allow
+        port: '{{ item }}'
+      loop:
+        - 80
+        - 443
+        - 2379
+        - 2380
+        - 6443
+        - 9099
+        - 10250
+        - 10254
+        - 30000:32767
+
+    - name: Enable UDP ports
+      ufw:
+        proto: udp
+        rule: allow
+        port: '{{ item }}'
+      loop:
+        - 8472
+        - 4789
+        - 30000:32767
+
+    - name: Download Docker Install Script 20.10
+      get_url:
+        url: https://releases.rancher.com/install-docker/20.10.sh
+        dest: /root/install-docker.sh
+        mode: 0700
+        owner: root
+        group: root
+
+    - name: Install Docker 20.10
+      shell:
+        cmd: /root/install-docker.sh
+        creates: /usr/bin/docker
+
+    - name: Set sysctl setting
+      sysctl:
+        name: net.bridge.bridge-nf-call-iptables
+        value: '1'
+        state: present

local_proxmox/main.tf

@@ -0,0 +1,79 @@
+terraform {
+  required_providers {
+    proxmox = {
+      source  = "telmate/proxmox"
+      version = "2.9.11"
+    }
+  }
+}
+
+provider "proxmox" {
+  pm_api_url          = "https://joseph.djpianalto.com/api2/json"
+  pm_api_token_id     = "terraform@pam!terraform_api_token"
+  pm_api_token_secret = var.pm_api_token_secret
+  pm_tls_insecure     = false
+}
+
+resource "proxmox_vm_qemu" "kubernetes_cluster" {
+  for_each = var.vms
+
+  name        = each.value.name
+  vmid        = each.key
+  target_node = each.value.node
+  clone       = var.template_name
+
+  agent    = 1
+  os_type  = "linux"
+  cores    = each.value.cores
+  sockets  = 1
+  cpu      = "host"
+  memory   = each.value.memory
+  scsihw   = "virtio-scsi-pci"
+  bootdisk = "scsi0"
+
+  disk {
+    slot    = 0
+    size    = each.value.disk
+    type    = "scsi"
+    storage = "${each.value.node}_vm_store"
+  }
+
+  network {
+    model  = "virtio"
+    bridge = "vmbr0"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      network,
+    ]
+  }
+
+  ipconfig0    = "ip=${each.value.ip}/16,gw=10.0.0.254"
+  sshkeys      = <<EOF
+${var.ssh_key}
+EOF
+  ciuser       = "ansible"
+  cipassword   = var.ansible_password
+  searchdomain = "local"
+  nameserver   = "10.0.0.252"
+
+  provisioner "remote-exec" {
+    inline = ["echo Hello World!; sleep 10"]
+
+    connection {
+      host        = each.value.ip
+      type        = "ssh"
+      user        = "ansible"
+      private_key = file(var.private_key_file)
+    }
+  }
+
+  provisioner "local-exec" {
+    command = "ansible-playbook --vault-pass-file /home/dustyp/ansible_vault_pass --limit ${each.value.ip}, -i /home/dustyp/code/Ansible/basic_setup/inventory.yml /home/dustyp/code/Ansible/basic_setup/main.yml"
+  }
+
+  provisioner "local-exec" {
+    command = "ansible-playbook -i ${each.value.ip}, kubernetes_playbook.yml"
+  }
+}

local_proxmox/vars.tf

@@ -0,0 +1,30 @@
+variable "proxmox_host" {
+  default = "joseph"
+}
+
+variable "template_name" {
+  default = "ubuntu-2204-cloudinit-template"
+}
+
+variable "ssh_key" {
+  default = "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGpnqGpX2OwlRJmPLLOriysA7RyOJCIJHi1MJNUUI62fC0SQqlkcWtpKi73VmAlIk0AaqT3b35uHUHTcG6zEI9QLQB/3ea1EnMLOzw5SK5Oo2G3iE6Gv3Mk2Zl0migHWs82/cNZMPWTrNEPLYWlA1twaqgxeJvE8+P9fiG4qt65fWF1FQ== dustyp@dusty-framework"
+}
+
+variable "private_key_file" {
+  default = "/home/dustyp/.ssh/ansible-private-key"
+}
+
+variable "pm_api_token_secret" {}
+
+variable "ansible_password" {}
+
+variable "vms" {
+  default = {
+    300 = { "name" : "kubernetes-m0", "disk" : "32G", "memory" : "8192", "cores" : 4, "ip" = "10.0.10.10", "node" = "joseph" },
+    301 = { "name" : "kubernetes-m1", "disk" : "32G", "memory" : "8192", "cores" : 4, "ip" = "10.0.10.11", "node" = "jacob" },
+    302 = { "name" : "kubernetes-m2", "disk" : "32G", "memory" : "8192", "cores" : 4, "ip" = "10.0.10.12", "node" = "joseph" },
+    303 = { "name" : "kubernetes-w0", "disk" : "128G", "memory" : "16384", "cores" : 8, "ip" = "10.0.10.13", "node" = "joseph" },
+    304 = { "name" : "kubernetes-w1", "disk" : "128G", "memory" : "16384", "cores" : 8, "ip" = "10.0.10.14", "node" = "jacob" },
+    305 = { "name" : "kubernetes-w2", "disk" : "128G", "memory" : "16384", "cores" : 8, "ip" = "10.0.10.15", "node" = "joseph" },
+  }
+}