Add to the README
This commit is contained in:
@@ -15,6 +15,35 @@ Since hcloud keeps (seriously, several times) making me wait for verification I'
|
|||||||
The long term goal is for this to be a mostly uninteractive, to completion set up of my cloud services. Since it'll be IaC should I ever choose down the road to migrate certain ones to local nodes I run then that effort should also be more or less feasible.
|
The long term goal is for this to be a mostly uninteractive, to completion set up of my cloud services. Since it'll be IaC should I ever choose down the road to migrate certain ones to local nodes I run then that effort should also be more or less feasible.
|
||||||
|
|
||||||
|
|
||||||
|
### Initial requirements
|
||||||
|
Pulumi and Node/NPM installed
|
||||||
|
|
||||||
|
|
||||||
|
Then we need to set up the Pulumi stack
|
||||||
|
```
|
||||||
|
pulumi stack init hetzner-k3s-cluster
|
||||||
|
```
|
||||||
|
|
||||||
|
Then we can move to setting our handful of Pulumi initializing secrets (right now we just set for local)
|
||||||
|
|
||||||
|
If using hcloud then we need to get an API token from: https://console.hetzner.com/projects/<PROJECT-NUMBER-HERE>/security/tokens
|
||||||
|
```
|
||||||
|
pulumi config set hcloud:token <TOKEN-HERE>
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
If you don't have one you need to generate an SSH key.
|
||||||
|
We need to also enter our SSH public keys onto hcloud for simplicity sake: https://console.hetzner.com/projects/<PROJECT-NUMBER-HERE>/security/sshkeys
|
||||||
|
```
|
||||||
|
pulumi config set sshKeyName <NAME-OF-SSH-KEY-IN-HCLOUD>
|
||||||
|
```
|
||||||
|
Need to supply Pulumi the private key which can be grabbed something like ```cat ~/.ssh/id_e25519 | pulumi config set privateKeySsh``` (didn't test just going off memory)
|
||||||
|
|
||||||
|
|
||||||
|
If you have any others you want to add, you can add them in the same way
|
||||||
|
I personally add one that is used in this like:
|
||||||
|
```pulumi config set sshPersonalKeyName <PERSONAL-KEY-NAME-ON-HCLOUD>```
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### Vault
|
### Vault
|
||||||
|
|||||||
@@ -1,44 +1,57 @@
|
|||||||
(ns core
|
(ns core
|
||||||
(:require
|
(:require
|
||||||
["@pulumi/kubernetes" :as k8s]
|
["@pulumi/kubernetes" :as k8s]
|
||||||
[clojure.core.async :refer [go <!]]
|
["@pulumi/pulumi" :as pulumi]
|
||||||
[clojure.core.async.interop :refer [<p!]]
|
|
||||||
[infra.init :as init]
|
[infra.init :as init]
|
||||||
[k8s.csi-driver.hetzner :as hetznercsi]
|
[k8s.csi-driver.hetzner :as hetznercsi]
|
||||||
[k8s.services.openbao.openbao :as vault]
|
[k8s.services.openbao.openbao :as vault]
|
||||||
[k8s.services.nextcloud.nextcloud :as nextcloud]
|
[k8s.services.nextcloud.nextcloud :as nextcloud]))
|
||||||
))
|
|
||||||
|
|
||||||
(defn app-deployments [provider]
|
|
||||||
(let [
|
|
||||||
nextcloud-result (nextcloud/deploy-nextcloud-app provider)
|
|
||||||
vault-result (vault/deploy-vault provider)
|
|
||||||
]
|
|
||||||
{
|
|
||||||
:nextcloud nextcloud-result
|
|
||||||
:vault vault-result
|
|
||||||
}
|
|
||||||
))
|
|
||||||
|
|
||||||
|
(defn app-list [provider vault-params]
|
||||||
|
(let [nextcloud-result (nextcloud/deploy-nextcloud provider vault-params)]
|
||||||
|
{:nextcloud nextcloud-result}))
|
||||||
|
|
||||||
|
(defn app-deployments
|
||||||
|
"Deploy applications with proper dependency chain"
|
||||||
|
[provider kubeconfig apps]
|
||||||
|
(let [vault-result (vault/deploy-vault provider kubeconfig)
|
||||||
|
vault-params {:address (aget vault-result "address") :token (aget vault-result "root_token") :vault-port-forward (aget vault-result "port_forward_manager")}
|
||||||
|
app-results (if (nil? apps) {} (apps provider vault-params))
|
||||||
|
]
|
||||||
|
(assoc app-results :vault vault-result)
|
||||||
|
))
|
||||||
|
|
||||||
|
(defn init! [apps]
|
||||||
|
(let [cluster (init/create-cluster)
|
||||||
|
setup (.apply (get cluster :kubeconfig)
|
||||||
|
(fn [kc]
|
||||||
|
(js/Promise.
|
||||||
|
(fn [resolve _reject]
|
||||||
|
(let [provider (new k8s/Provider
|
||||||
|
"k8s-dynamic-provider"
|
||||||
|
(clj->js {:kubeconfig kc}))]
|
||||||
|
(hetznercsi/deploy-csi-driver provider)
|
||||||
|
(resolve (app-deployments provider kc apps)))))))]
|
||||||
|
{cluster setup}
|
||||||
|
))
|
||||||
|
|
||||||
|
|
||||||
(defn main! []
|
(defn main! []
|
||||||
(let [cluster (init/create-cluster)
|
(let [init (init! app-list)
|
||||||
app-outputs (.apply (get cluster :kubeconfig)
|
cluster (get init :cluster)
|
||||||
(fn [kc]
|
app-outputs (get init :setup)]
|
||||||
(js/Promise.
|
|
||||||
(fn [resolve _reject]
|
|
||||||
(let [provider (k8s/Provider. "k8s-dynamic-provider" #js {:kubeconfig kc})]
|
|
||||||
(hetznercsi/deploy-csi-driver provider)
|
|
||||||
(resolve (app-deployments provider)))))))]
|
|
||||||
|
|
||||||
|
(set! (.-exports js/module)
|
||||||
(set! (.-exports js/module)
|
(clj->js {
|
||||||
#js {
|
:kubeconfig (get cluster :kubeconfig)
|
||||||
:kubeconfig (get cluster :kubeconfig)
|
:masterIp (get cluster :masterIp)
|
||||||
:masterIp (get cluster :masterIp)
|
:workerDeIp (get cluster :workerDeIp)
|
||||||
:nextcloudUrl (.apply app-outputs #(get app-outputs :nextcloudUrl))})
|
:workerUsIp (get cluster :workerUsIp)
|
||||||
|
|
||||||
#_(set! (.-exports js/module)
|
:vaultAddress (.apply app-outputs #(get-in % [:vault :address]))
|
||||||
#js {:nextcloudUrl (.apply app-outputs (fn [outputs] (.-nextcloudUrl outputs)))})
|
:vaultToken (.apply app-outputs #(get-in % [:vault :root-token]))
|
||||||
))
|
|
||||||
|
:nextcloudUrl (.apply app-outputs
|
||||||
|
(fn [outputs]
|
||||||
|
(get-in outputs [:nextcloud :nextcloud-url])))}))))
|
||||||
|
|||||||
Reference in New Issue
Block a user