From 8ad2c150a4f165d87084ca50fed4b12e836af523 Mon Sep 17 00:00:00 2001 From: Linus Waldowsky Date: Thu, 26 Feb 2026 11:43:13 +0100 Subject: [PATCH] k3s: debian vm and manifest --- .gitignore | 7 ++ ansible/inventory.yml | 3 + ansible/k3s.yml | 28 ++++++++ kubernetes/manifest.yml | 103 ++++++++++++++++++++++++++++++ tofu/.gitignore | 4 -- tofu/.terraform.lock.hcl | 16 +++++ tofu/{main.tf => drone-runner.tf} | 24 ++++--- tofu/k3s.tf | 66 +++++++++++++++++++ tofu/outputs.tf | 9 --- tofu/provider.tf | 12 ++++ tofu/terraform.tfvars.example | 3 + tofu/variables.tf | 17 +++++ tofu/versions.tf | 2 +- 13 files changed, 267 insertions(+), 27 deletions(-) create mode 100644 ansible/k3s.yml create mode 100644 kubernetes/manifest.yml delete mode 100644 tofu/.gitignore rename tofu/{main.tf => drone-runner.tf} (82%) create mode 100644 tofu/k3s.tf delete mode 100644 tofu/outputs.tf create mode 100644 tofu/provider.tf diff --git a/.gitignore b/.gitignore index 77f12ae..45ff17e 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,8 @@ docs/ + +tofu/*.tfstate +tofu/*.tfstate.backup +tofu/.terraform/ +tofu/terraform.tfvars + +gitea/drone.env diff --git a/ansible/inventory.yml b/ansible/inventory.yml index f796a68..4d4b976 100644 --- a/ansible/inventory.yml +++ b/ansible/inventory.yml @@ -3,3 +3,6 @@ all: drone-runner: ansible_host: 192.168.178.200 ansible_user: root + k3s: + ansible_host: 192.168.178.201 + ansible_user: debian diff --git a/ansible/k3s.yml b/ansible/k3s.yml new file mode 100644 index 0000000..78dfed8 --- /dev/null +++ b/ansible/k3s.yml @@ -0,0 +1,28 @@ +- name: Configure k3s VM + hosts: k3s + become: true + tasks: + - name: Install dependencies + apt: + name: + - curl + + - name: Install k3s + shell: curl -sfL https://get.k3s.io | sh - + args: + creates: /usr/local/bin/k3s + + - name: Copy Manifest + copy: + src: ../kubernetes/manifest.yml + dest: /home/debian/manifest.yml + + - name: Allow Password Authetification + lineinfile: + dest=/etc/ssh/sshd_config + regexp="^PasswordAuthentication no" + line="PasswordAuthentication yes" + state=present + + - name: Restart sshd + shell: systemctl restart sshd.service diff --git a/kubernetes/manifest.yml b/kubernetes/manifest.yml new file mode 100644 index 0000000..7fc6ae2 --- /dev/null +++ b/kubernetes/manifest.yml @@ -0,0 +1,103 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: mongo-${NAME} +spec: + replicas: 1 + selector: + matchLabels: + app: mongo-${NAME} + template: + metadata: + labels: + app: mongo-${NAME} + spec: + containers: + - name: mongo + image: mongo:8 + ports: + - containerPort: 27017 + env: + - name: MONGO_INITDB_ROOT_USERNAME + value: "root" + - name: MONGO_INITDB_ROOT_PASSWORD + value: "mongoose" + +--- + +apiVersion: v1 +kind: Service +metadata: + name: mongo-${NAME} +spec: + selector: + app: mongo-${NAME} + ports: + - port: 27017 + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: calchat-server-${NAME} +spec: + replicas: 1 + selector: + matchLabels: + app: calchat-server-${NAME} + template: + metadata: + labels: + app: calchat-server-${NAME} + spec: + containers: + - name: calchat-server + image: gitea.gilmour109.de/gilmour109/calchat-server:${TAG} + imagePullPolicy: Always + ports: + - containerPort: 3001 + env: + - name: PORT + value: "3001" + - name: MONGODB_URI + value: "mongodb://root:mongoose@mongo-${NAME}:27017/calchat?authSource=admin" + - name: USE_TEST_RESPONSES + value: "true" + - name: VERSION + value: "${TAG}" + - name: COMMIT + value: "${COMMIT}" + - name: OPENAI_API_KEY + value: "dummy" + +--- + +apiVersion: v1 +kind: Service +metadata: + name: calchat-server-${NAME} +spec: + selector: + app: calchat-server-${NAME} + ports: + - port: 3001 + +--- + +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: calchat-server-${NAME} +spec: + rules: + - host: "${NAME}.192.168.178.201.nip.io" + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: calchat-server-${NAME} + port: + number: 3001 diff --git a/tofu/.gitignore b/tofu/.gitignore deleted file mode 100644 index 1cd3b67..0000000 --- a/tofu/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -*.tfstate -*.tfstate.backup -.terraform/ -terraform.tfvars diff --git a/tofu/.terraform.lock.hcl b/tofu/.terraform.lock.hcl index 37da490..8ebaba8 100644 --- a/tofu/.terraform.lock.hcl +++ b/tofu/.terraform.lock.hcl @@ -23,3 +23,19 @@ provider "registry.opentofu.org/bpg/proxmox" { "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597", ] } + +provider "registry.opentofu.org/hashicorp/random" { + version = "3.8.1" + hashes = [ + "h1:EHn3jsqOKhWjbg0X+psk0Ww96yz3N7ASqEKKuFvDFwo=", + "zh:25c458c7c676f15705e872202dad7dcd0982e4a48e7ea1800afa5fc64e77f4c8", + "zh:2edeaf6f1b20435b2f81855ad98a2e70956d473be9e52a5fdf57ccd0098ba476", + "zh:44becb9d5f75d55e36dfed0c5beabaf4c92e0a2bc61a3814d698271c646d48e7", + "zh:7699032612c3b16cc69928add8973de47b10ce81b1141f30644a0e8a895b5cd3", + "zh:86d07aa98d17703de9fbf402c89590dc1e01dbe5671dd6bc5e487eb8fe87eee0", + "zh:8c411c77b8390a49a8a1bc9f176529e6b32369dd33a723606c8533e5ca4d68c1", + "zh:a5ecc8255a612652a56b28149994985e2c4dc046e5d34d416d47fa7767f5c28f", + "zh:aea3fe1a5669b932eda9c5c72e5f327db8da707fe514aaca0d0ef60cb24892f9", + "zh:f56e26e6977f755d7ae56fa6320af96ecf4bb09580d47cb481efbf27f1c5afff", + ] +} diff --git a/tofu/main.tf b/tofu/drone-runner.tf similarity index 82% rename from tofu/main.tf rename to tofu/drone-runner.tf index 04cab81..fb00d45 100644 --- a/tofu/main.tf +++ b/tofu/drone-runner.tf @@ -1,15 +1,3 @@ -provider "proxmox" { - endpoint = var.proxmox_endpoint - username = "root@pam" - password = var.proxmox_password - insecure = true - - ssh { - agent = true - username = "root" - } -} - resource "proxmox_virtual_environment_download_file" "debian_13_lxc_template" { content_type = "vztmpl" datastore_id = "local" @@ -73,5 +61,15 @@ resource "proxmox_virtual_environment_container" "drone_runner" { startup { order = "1" } - } + +output "drone_runner_id" { + description = "VMID of the Drone Runner LXC" + value = proxmox_virtual_environment_container.drone_runner.vm_id +} + +output "drone_runner_ip" { + description = "IP address of the Drone Runner LXC" + value = var.drone_runner_ip +} + diff --git a/tofu/k3s.tf b/tofu/k3s.tf new file mode 100644 index 0000000..e98cc14 --- /dev/null +++ b/tofu/k3s.tf @@ -0,0 +1,66 @@ +resource "proxmox_virtual_environment_download_file" "latest_debian_13_trixie_qcow2_img" { + content_type = "import" + datastore_id = "local" + node_name = var.node_name + url = "https://cloud.debian.org/images/cloud/trixie/latest/debian-13-genericcloud-amd64.qcow2" +} + +resource "proxmox_virtual_environment_vm" "debian_13_vm_for_k3s" { + name = "k3s" + description = "Debian 13 vm for k3s" + tags = ["opentofu", "debian"] + + node_name = var.node_name + vm_id = var.k3s_id + + agent { + enabled = false + } + stop_on_destroy = true + + startup { + order = "3" + up_delay = "60" + down_delay = "60" + } + + cpu { + cores = 2 + type = "host" + } + + memory { + dedicated = 4096 + floating = 4096 + } + + disk { + datastore_id = "local-lvm" + import_from = proxmox_virtual_environment_download_file.latest_debian_13_trixie_qcow2_img.id + interface = "scsi0" + size = 20 + } + + initialization { + ip_config { + ipv4 { + address = var.k3s_ip + gateway = var.gateway + } + } + + user_account { + keys = [trimspace(file(var.ssh_public_key_path))] + password = var.k3s_password + username = "debian" + } + } + + network_device { + bridge = "vmbr0" + } + + operating_system { + type = "l26" + } +} diff --git a/tofu/outputs.tf b/tofu/outputs.tf deleted file mode 100644 index dd8e0dd..0000000 --- a/tofu/outputs.tf +++ /dev/null @@ -1,9 +0,0 @@ -output "drone_runner_id" { - description = "VMID of the Drone Runner LXC" - value = proxmox_virtual_environment_container.drone_runner.vm_id -} - -output "drone_runner_ip" { - description = "IP address of the Drone Runner LXC" - value = var.drone_runner_ip -} diff --git a/tofu/provider.tf b/tofu/provider.tf new file mode 100644 index 0000000..0b52a4b --- /dev/null +++ b/tofu/provider.tf @@ -0,0 +1,12 @@ +provider "proxmox" { + endpoint = var.proxmox_endpoint + username = "root@pam" + password = var.proxmox_password + insecure = true + + ssh { + agent = true + username = "root" + } +} + diff --git a/tofu/terraform.tfvars.example b/tofu/terraform.tfvars.example index 232e0d2..5f0b450 100644 --- a/tofu/terraform.tfvars.example +++ b/tofu/terraform.tfvars.example @@ -6,3 +6,6 @@ drone_runner_ip = "192.168.x.200/24" gateway = "192.168.x.1" ssh_public_key_path = "~/.ssh/id_ed25519.pub" drone_runner_password = "lxc-root-password" +k3s_id = 201 +k3s_ip = "192.168.x.201/24" +k3s_password = "debian-vm-password" diff --git a/tofu/variables.tf b/tofu/variables.tf index c3ce5f5..0919373 100644 --- a/tofu/variables.tf +++ b/tofu/variables.tf @@ -21,11 +21,22 @@ variable "drone_runner_id" { default = 200 } +variable "k3s_id" { + description = "VMID for the k3s vm" + type = number + default = 4321 +} + variable "drone_runner_ip" { description = "Static IP in CIDR notation" type = string } +variable "k3s_ip" { + description = "Static IP in CIDR notation" + type = string +} + variable "gateway" { description = "Network gateway IP" type = string @@ -42,3 +53,9 @@ variable "drone_runner_password" { type = string sensitive = true } + +variable "k3s_password" { + description = "Password for debian user on the K3s VM" + type = string + sensitive = true +} diff --git a/tofu/versions.tf b/tofu/versions.tf index a1d16fc..39df9a8 100644 --- a/tofu/versions.tf +++ b/tofu/versions.tf @@ -3,7 +3,7 @@ terraform { backend "s3" { bucket = "tofu-state" - key = "drone-runner/terraform.tfstate" + key = "calchat-pipeline/terraform.tfstate" region = "garage" endpoints = {