Private to master

.gitignore

@@ -2,3 +2,11 @@
 *.log
 ansible.cfg
 kubeconfig
+*.decrypted~*
+.decrypted~secret.yaml
+nautobot_secrets.yml
+generated_certificate/
+key.txt
+roles/install-cert-manager/templates/prod-byrnbaker-me-prod.j2
+.gitignore
+kube-prometheus-stack/

README.md

@@ -4,20 +4,45 @@ After watching a couple Techno Tims excelent videos on k3s, I decided to add a c
 ## Here is a list of Roles I have added to Techno Tims k3s-ansible project 
 - [Building VMs from an Ubuntu cloud-init template in Proxmox](https://technotim.live/posts/cloud-init-cloud-image/)
 - Destroying the VMs and deleting from Proxmox
+- [Deploy cert manager on k3s and configuring staging and production certificates](https://technotim.live/posts/kube-traefik-cert-manager-le/)
 - [Deploying Traefik on to k3s](https://technotim.live/posts/kube-traefik-cert-manager-le/)
-- Deploying Nautobot on the k3s
-- [Deploying cert manager on k3s and configuring staging and production certificates](https://technotim.live/posts/kube-traefik-cert-manager-le/)
+- Deploy Nautobot on the k3s
+- Deploy Rancher UI 2.8 with the rancherLB - still trying to figure out how to get this working behind traefik.
+- Deploy a self hosted gitlab behind traefik.
+
+
+## Building VMs from an Ubuntu cloud-init template in Proxmox & Destroying the VMs and deleting from Proxmox
+This includes some additional task of mounting NFS, or a ISCSI target. I am using the ISCSI for longhorn. This makes it easy to tear everything down and rebuild it quickly incase you hose up your cluster.
+
+## Deploy cert manager on k3s and configuring staging and production certificates
+Uses tags to just install Cert-manager via helm, as well as tags for staging (For testing all components) and production ( when you are ready to rollout your production wildcard certificates). 
+
+## Deploying Traefik
+This just takes what TechnoTim showed on his video, and customizes it a little bit to suit my needs, including enabling it for Gitlab. 
 
 ## Nautobot
-I use this tool pretty extensivly with work and my home lab. If you do not know about it you should check out this project managed by [NetworktoCode](https://docs.nautobot.com/projects/core/en/stable/)
+I use this tool pretty extensively with work and my home lab. If you do not know about it you should check out this project managed by [NetworktoCode](https://docs.nautobot.com/projects/core/en/stable/)
 
-## Things I moved around
+## Rancher UI
+In case you want to have the UI, I use it for navigating around and checking logs and deployments. Also use it to install Longhorn as well, would like to convert that over to a ansible task as well, but after I figure out how to get Rancher UI behind traefik.
 
+## Gitlab
+I like the idea of self hosting my code, so I thought it would be fun to have a local gitlab instance running. This way I can mess around with gitlab-ci and following along with [technotim](https://technotim.live/posts/self-hosted-devops-stack/). Includes ingress for both staging and production certificates.
+After installation completes use the following to get your initial root password - ```kubectl get secret gitlab-gitlab-initial-root-password -n gitlab -ojsonpath='{.data.password}' | base64 --decode ; echo```
 
-## Thanks 🤝
+## Installing everything
+You can use the ```deploy.sh``` bash script and it will install everything listed above.
 
-This repo is really standing on the shoulders of giants. Thank you to all those who have contributed and thanks to these repos for code and ideas:
+## If you install with staging it is easy to switch to your production certificate
+You can use ```switch_deployment_to_production.sh``` bash script. This will flip all of the services installed to the real certificate from LetsEncrypt.
 
+## If you would to destroy the entire deployment
+To destroy the entire deployment you can use the ```destroy-k3s-vms.yml```. This will stop and remove the Proxmox VMs.
+
+
+
+## Thanks 🤝
+This repo is really standing on the shoulders of giants. Thank you to all those who have contributed and thanks to these repos for code and ideas:
 - [k3s-io/k3s-ansible](https://github.com/k3s-io/k3s-ansible)
 - [geerlingguy/turing-pi-cluster](https://github.com/geerlingguy/turing-pi-cluster)
 - [212850a/k3s-ansible](https://github.com/212850a/k3s-ansible)

collections/requirements.yml

@@ -6,3 +6,4 @@ collections:
   - name: kubernetes.core
   - name: ansible.netcommon
   - name: community.crypto
+  - name: ansibleguy.opnsense

deploy-k3s-vms.yml

@@ -2,6 +2,94 @@
 - name: Prepare Proxmox VM Cluster
   hosts: localhost
   gather_facts: true
+
+  vars_prompt:
+    - name: node
+      prompt: What Prox node do you want to deploy on?
+      private: false
+    - name: template_id
+      prompt: What Prox template do you want to use (Prox Template VMID)?
+      private: false
+
   roles:
-    - role: proxmox_vm
-      when: prox_api is defined
+    - role: deploy_proxmox_vm
+      when: prox_api is defined
+
+- name: Create and Mount NFS share to VMs
+  hosts: node
+  gather_facts: true
+
+  tasks:
+    - name: Install qemu-guest-agent, nfs-common, and open-iscsi
+      ansible.builtin.apt:
+        name: 
+          - qemu-guest-agent
+          - nfs-common
+          - open-iscsi
+        state: present
+        update_cache: true
+      become: true
+
+    - block:     
+      - name: Enable and start open-iscsi
+        ansible.builtin.systemd:
+          name: open-iscsi
+          state: started
+          enabled: yes
+        become: true
+
+      - block:
+        - name: Ensure mount directory exists
+          ansible.builtin.file:
+            path: /mnt/longhorn/data
+            state: directory
+          become: true
+
+        - name: Ensure NFS share is mounted
+          ansible.posix.mount:
+            path: /mnt/longhorn/data
+            src: "{{ nfs_mount }}"
+            fstype: nfs
+            opts: defaults
+            state: mounted
+          become: true
+      when: nfs_mount is defined
+
+    - block:
+      - name: Discover iscsi targets
+        command: iscsiadm -m discovery -t st -p {{ iscsi_host }}
+        become: true
+
+      - name: Login to iscsi target
+        command: iscsiadm -m node --targetname {{ hostvars[inventory_hostname]['iscsi_target'] }} --portal {{ iscsi_host }}:3260 --login
+        become: true
+
+      - name: Format the disk
+        ansible.builtin.filesystem:
+          fstype: ext4
+          dev: /dev/sdb
+        become: true
+
+      - name: Create directory
+        file:
+          path: /mnt/iscsi
+          state: directory
+          mode: '0755'
+        become: true
+
+      - name: Mount the disk
+        mount:
+          path: /mnt/iscsi
+          src: /dev/sdb
+          fstype: ext4
+          state: mounted
+          opts: _netdev
+        become: true
+
+      - name: Add mount to fstab
+        lineinfile:
+          path: /etc/fstab
+          line: '/dev/sdb /mnt/iscsi ext4 _netdev 0 0'
+          state: present
+        become: true
+      when: hostvars[inventory_hostname]['iscsi_target'] is defined

deploy.sh

@@ -1,3 +1,17 @@
 #!/bin/bash
+echo "What Prox node do you want to deploy on?"
+read node
 
+echo "What Prox template do you want to use (Prox Template VMID)?"
+read template_id
+
+echo "Do you want a staging installation or a production installation? (Enter 'staging-install' or 'production-install')"
+read installation_type
+
+ansible-playbook deploy-k3s-vms.yml -e "node=$node template_id=$template_id"
 ansible-playbook site.yml
+ansible-playbook install-traefik.yml --tags "$installation_type"
+ansible-playbook install-cert-manager.yml --tags "$installation_type"
+ansible-playbook install-rancher-ui.yml --tags "$installation_type"
+
+ansible-playbook install-opnsense-host-overrides.yml

destroy-k3s-vms.yml

@@ -2,6 +2,12 @@
 - name: Prepare Proxmox VM Cluster
   hosts: localhost
   gather_facts: true
+
+  vars_prompt:
+    - name: node
+      prompt: What Prox node do you want to remove the VMs from?
+      private: false
+
   roles:
     - role: destroy_proxmox_vm
       when: prox_api is defined