Gilmour109/calchat-pipeline
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

k3s: debian vm and manifest

Browse Source
This commit is contained in:
Linus Waldowsky
2026-02-26 11:43:13 +01:00
parent 0cab06acd4
commit 8ad2c150a4
13 changed files with 267 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.gitignore vendored
View File

@@ -1 +1,8 @@
docs/ docs/
tofu/*.tfstate
tofu/*.tfstate.backup
tofu/.terraform/
tofu/terraform.tfvars
gitea/drone.env

3
ansible/inventory.yml
View File

@@ -3,3 +3,6 @@ all:
drone-runner: drone-runner:
ansible_host: 192.168.178.200 ansible_host: 192.168.178.200
ansible_user: root ansible_user: root
k3s:
ansible_host: 192.168.178.201
ansible_user: debian

28
ansible/k3s.yml Normal file
View File

@@ -0,0 +1,28 @@
- name: Configure k3s VM
hosts: k3s
become: true
tasks:
- name: Install dependencies
apt:
name:
- curl
- name: Install k3s
shell: curl -sfL https://get.k3s.io | sh -
args:
creates: /usr/local/bin/k3s
- name: Copy Manifest
copy:
src: ../kubernetes/manifest.yml
dest: /home/debian/manifest.yml
- name: Allow Password Authetification
lineinfile:
dest=/etc/ssh/sshd_config
regexp="^PasswordAuthentication no"
line="PasswordAuthentication yes"
state=present
- name: Restart sshd
shell: systemctl restart sshd.service

103
kubernetes/manifest.yml Normal file
View File

@@ -0,0 +1,103 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongo-${NAME}
spec:
replicas: 1
selector:
matchLabels:
app: mongo-${NAME}
template:
metadata:
labels:
app: mongo-${NAME}
spec:
containers:
- name: mongo
image: mongo:8
ports:
- containerPort: 27017
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: "root"
- name: MONGO_INITDB_ROOT_PASSWORD
value: "mongoose"
---
apiVersion: v1
kind: Service
metadata:
name: mongo-${NAME}
spec:
selector:
app: mongo-${NAME}
ports:
- port: 27017
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: calchat-server-${NAME}
spec:
replicas: 1
selector:
matchLabels:
app: calchat-server-${NAME}
template:
metadata:
labels:
app: calchat-server-${NAME}
spec:
containers:
- name: calchat-server
image: gitea.gilmour109.de/gilmour109/calchat-server:${TAG}
imagePullPolicy: Always
ports:
- containerPort: 3001
env:
- name: PORT
value: "3001"
- name: MONGODB_URI
value: "mongodb://root:mongoose@mongo-${NAME}:27017/calchat?authSource=admin"
- name: USE_TEST_RESPONSES
value: "true"
- name: VERSION
value: "${TAG}"
- name: COMMIT
value: "${COMMIT}"
- name: OPENAI_API_KEY
value: "dummy"
---
apiVersion: v1
kind: Service
metadata:
name: calchat-server-${NAME}
spec:
selector:
app: calchat-server-${NAME}
ports:
- port: 3001
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: calchat-server-${NAME}
spec:
rules:
- host: "${NAME}.192.168.178.201.nip.io"
http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: calchat-server-${NAME}
port:
number: 3001

4
tofu/.gitignore vendored
View File

@@ -1,4 +0,0 @@
*.tfstate
*.tfstate.backup
.terraform/
terraform.tfvars

16
tofu/.terraform.lock.hcl generated
View File

@@ -23,3 +23,19 @@ provider "registry.opentofu.org/bpg/proxmox" {
"zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597", "zh:f26e0763dbe6a6b2195c94b44696f2110f7f55433dc142839be16b9697fa5597",
] ]
} }
provider "registry.opentofu.org/hashicorp/random" {
version = "3.8.1"
hashes = [
"h1:EHn3jsqOKhWjbg0X+psk0Ww96yz3N7ASqEKKuFvDFwo=",
"zh:25c458c7c676f15705e872202dad7dcd0982e4a48e7ea1800afa5fc64e77f4c8",
"zh:2edeaf6f1b20435b2f81855ad98a2e70956d473be9e52a5fdf57ccd0098ba476",
"zh:44becb9d5f75d55e36dfed0c5beabaf4c92e0a2bc61a3814d698271c646d48e7",
"zh:7699032612c3b16cc69928add8973de47b10ce81b1141f30644a0e8a895b5cd3",
"zh:86d07aa98d17703de9fbf402c89590dc1e01dbe5671dd6bc5e487eb8fe87eee0",
"zh:8c411c77b8390a49a8a1bc9f176529e6b32369dd33a723606c8533e5ca4d68c1",
"zh:a5ecc8255a612652a56b28149994985e2c4dc046e5d34d416d47fa7767f5c28f",
"zh:aea3fe1a5669b932eda9c5c72e5f327db8da707fe514aaca0d0ef60cb24892f9",
"zh:f56e26e6977f755d7ae56fa6320af96ecf4bb09580d47cb481efbf27f1c5afff",
]
}

24
tofu/main.tf → tofu/drone-runner.tf
View File

@@ -1,15 +1,3 @@
provider "proxmox" {
endpoint = var.proxmox_endpoint
username = "root@pam"
password = var.proxmox_password
insecure = true
ssh {
agent = true
username = "root"
}
}
resource "proxmox_virtual_environment_download_file" "debian_13_lxc_template" { resource "proxmox_virtual_environment_download_file" "debian_13_lxc_template" {
content_type = "vztmpl" content_type = "vztmpl"
datastore_id = "local" datastore_id = "local"
@@ -73,5 +61,15 @@ resource "proxmox_virtual_environment_container" "drone_runner" {
startup { startup {
order = "1" order = "1"
} }
} }
output "drone_runner_id" {
description = "VMID of the Drone Runner LXC"
value = proxmox_virtual_environment_container.drone_runner.vm_id
}
output "drone_runner_ip" {
description = "IP address of the Drone Runner LXC"
value = var.drone_runner_ip
}

66
tofu/k3s.tf Normal file
View File

@@ -0,0 +1,66 @@
resource "proxmox_virtual_environment_download_file" "latest_debian_13_trixie_qcow2_img" {
content_type = "import"
datastore_id = "local"
node_name = var.node_name
url = "https://cloud.debian.org/images/cloud/trixie/latest/debian-13-genericcloud-amd64.qcow2"
}
resource "proxmox_virtual_environment_vm" "debian_13_vm_for_k3s" {
name = "k3s"
description = "Debian 13 vm for k3s"
tags = ["opentofu", "debian"]
node_name = var.node_name
vm_id = var.k3s_id
agent {
enabled = false
}
stop_on_destroy = true
startup {
order = "3"
up_delay = "60"
down_delay = "60"
}
cpu {
cores = 2
type = "host"
}
memory {
dedicated = 4096
floating = 4096
}
disk {
datastore_id = "local-lvm"
import_from = proxmox_virtual_environment_download_file.latest_debian_13_trixie_qcow2_img.id
interface = "scsi0"
size = 20
}
initialization {
ip_config {
ipv4 {
address = var.k3s_ip
gateway = var.gateway
}
}
user_account {
keys = [trimspace(file(var.ssh_public_key_path))]
password = var.k3s_password
username = "debian"
}
}
network_device {
bridge = "vmbr0"
}
operating_system {
type = "l26"
}
}

9
tofu/outputs.tf
View File

@@ -1,9 +0,0 @@
output "drone_runner_id" {
description = "VMID of the Drone Runner LXC"
value = proxmox_virtual_environment_container.drone_runner.vm_id
}
output "drone_runner_ip" {
description = "IP address of the Drone Runner LXC"
value = var.drone_runner_ip
}

12
tofu/provider.tf Normal file
View File

@@ -0,0 +1,12 @@
provider "proxmox" {
endpoint = var.proxmox_endpoint
username = "root@pam"
password = var.proxmox_password
insecure = true
ssh {
agent = true
username = "root"
}
}

3
tofu/terraform.tfvars.example
View File

@@ -6,3 +6,6 @@ drone_runner_ip = "192.168.x.200/24"
gateway = "192.168.x.1" gateway = "192.168.x.1"
ssh_public_key_path = "~/.ssh/id_ed25519.pub" ssh_public_key_path = "~/.ssh/id_ed25519.pub"
drone_runner_password = "lxc-root-password" drone_runner_password = "lxc-root-password"
k3s_id = 201
k3s_ip = "192.168.x.201/24"
k3s_password = "debian-vm-password"

17
tofu/variables.tf
View File

@@ -21,11 +21,22 @@ variable "drone_runner_id" {
default = 200 default = 200
} }
variable "k3s_id" {
description = "VMID for the k3s vm"
type = number
default = 4321
}
variable "drone_runner_ip" { variable "drone_runner_ip" {
description = "Static IP in CIDR notation" description = "Static IP in CIDR notation"
type = string type = string
} }
variable "k3s_ip" {
description = "Static IP in CIDR notation"
type = string
}
variable "gateway" { variable "gateway" {
description = "Network gateway IP" description = "Network gateway IP"
type = string type = string
@@ -42,3 +53,9 @@ variable "drone_runner_password" {
type = string type = string
sensitive = true sensitive = true
} }
variable "k3s_password" {
description = "Password for debian user on the K3s VM"
type = string
sensitive = true
}

2
tofu/versions.tf
View File

@@ -3,7 +3,7 @@ terraform {
backend "s3" { backend "s3" {
bucket = "tofu-state" bucket = "tofu-state"
key = "drone-runner/terraform.tfstate" key = "calchat-pipeline/terraform.tfstate"
region = "garage" region = "garage"
endpoints = { endpoints = {