Continued work

danmanners · Jan 2, 2024 · c4f717d · c4f717d
1 parent bd9c08d
commit c4f717d
Show file tree

Hide file tree

Showing 7 changed files with 1,766 additions and 8 deletions.
diff --git a/.github/readme.md b/.github/readme.md
@@ -4,15 +4,22 @@ This repository is an opinionated way to deploy Kubernetes in [AWS](https://aws.
 
 > The estimated cost (in USD) for this project [can be found here](https://calculator.aws/#/estimate?id=c5b85559c7cc50a0376c8f36c6d51c45e2c81917) and equates to about $0.1678 per hour or $122.51 per month, or $1,470.12 per year.
 
+## Critical Notes
+
+> [!WARNING]
+> This project is still in the _very_ early stages of development and is not ready for production use. Please use at your own risk!
+
 ## 👋 Introduction
 
-tbd
+This project aims to serve as an opinioned but practical starting point for deploying cloud resources using [Infrastructure-as-Code](https://www.redhat.com/en/topics/automation/what-is-infrastructure-as-code-iac) (**IaC**), Kubernetes in AWS using [Talos Linux](https://www.talos.dev/) (_**not**_ AWS EKS), and [GitOps](https://about.gitlab.com/topics/gitops/) using [ArgoCD](https://argoproj.github.io/cd). I want to enable those interested to learn how to go from zero to operational, so I will attempt to explain everything in detail as you navigate through this repository! I hope this serves as a useful learning tool for you, dear reader, as well as a practical starting point for deploying your own Kubernetes cluster in the cloud.
+
+As best I can, links to other resources that I have found useful in my personal learning journey and references to any technology utilized by this project will be provided.
 
 ## ✨ Features
 
-- An Automated and Immutable Deployment of Kubernetes in AWS
-- Vanilla ArgoCD deployment to quickly get started
-- Encrypted Secrets using [Bitnami-Labs/Sealed-Secrets](https://github.com/bitnami-labs/sealed-secrets)
+- Automated and Immutable Deployment of Kubernetes in AWS
+- ArgoCD for GitOps and declarative service management
+- Encrypted Secrets in your Git Repo using [Bitnami-Labs/Sealed-Secrets](https://github.com/bitnami-labs/sealed-secrets)
 
 ...and more!
 
@@ -55,10 +62,6 @@ tbd
 
 tbd
 
-## 🐛 Debugging
-
-tbd
-
 ## 👉 Help and Support
 
 tbd

diff --git a/containers/cluster-bootstrapping/Dockerfile b/containers/cluster-bootstrapping/Dockerfile
@@ -0,0 +1,59 @@
+# syntax=docker/dockerfile:1.6.0
+
+# Set Args
+ARG ALPINE_VERSION=3.18
+ARG TALOS_VERSION=v1.6.0
+ARG TALHELPER_VERSION=v1.16.1
+ARG SOPS_VERSION=v3.8.1
+ARG KUBECTL_VERSION=v1.28.4
+ARG KUSTOMIZE_VERSION=v5.2.1
+ARG HELM_VERSION=v3.13.2
+
+FROM docker.io/library/alpine:${ALPINE_VERSION} AS init
+ARG TALOS_VERSION
+ARG TALHELPER_VERSION
+ARG SOPS_VERSION
+ARG KUBECTL_VERSION
+ARG KUSTOMIZE_VERSION
+ARG HELM_VERSION
+# Install SOPS, talosctl, talhelper, kubectl, kustomize, helm, curl, and jq
+RUN apk add --no-cache wget tar upx && \
+    # Create the init directory we'll use to copy files into the runtime container
+    mkdir -p /opt/init && \
+    # Determine if this is an amd64 or arm64 system
+    export ARCH=$([ "$(uname -m)" = "x86_64" ] && echo amd64 || echo arm64) && \
+    echo "Running on ${ARCH} architecture" && \
+    # Download the talosctl binary and make it executable
+    echo "Installing talosctl version ${TALOS_VERSION}" && \
+    wget -qO /opt/init/talosctl https://github.com/siderolabs/talos/releases/download/${TALOS_VERSION}/talosctl-linux-${ARCH} && \
+    chmod +x /opt/init/talosctl && \
+    # Download the talhelper binary and make it executable
+    echo "Installing talhelper version ${TALHELPER_VERSION}" && \
+    wget -qO- https://github.com/budimanjojo/talhelper/releases/download/${TALHELPER_VERSION}/talhelper_linux_${ARCH}.tar.gz | \
+    tar -xz -C /opt/init talhelper && \
+    # Download the sops binary and make it executable
+    echo "Installing sops version ${SOPS_VERSION}" && \
+    wget -qO /opt/init/sops https://github.com/getsops/sops/releases/download/${SOPS_VERSION}/sops-${SOPS_VERSION}.linux.${ARCH} && \
+    chmod +x /opt/init/sops && \
+    # Install the kubectl binary and make it executable
+    echo "Installing kubectl version ${KUBECTL_VERSION}" && \
+    wget -qO /opt/init/kubectl https://dl.k8s.io/release/$(wget -qO- https://dl.k8s.io/release/stable.txt)/bin/linux/${ARCH}/kubectl && \
+    chmod +x /opt/init/kubectl && \
+    # Install the kustomize binary and make it executable
+    echo "Installing kustomize version ${KUSTOMIZE_VERSION}" && \
+    wget -qO- https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_${ARCH}.tar.gz | tar -xz -C /opt/init && \
+    # Install the helm binary and make it executable
+    echo "Installing helm version ${HELM_VERSION}" && \
+    wget -qO- https://get.helm.sh/helm-${HELM_VERSION}-linux-${ARCH}.tar.gz | tar -xz -C /opt/init --strip-components=1 linux-${ARCH}/helm && \
+    chmod +x /opt/init/helm && \
+    # Compress the binaries
+    upx /opt/init/*
+
+FROM docker.io/library/alpine:${ALPINE_VERSION} AS runtime
+# Copy the init directory from the init stage
+COPY --from=init /opt/init /opt/init
+RUN apk add --no-cache curl jq yq git
+ENV PATH="/opt/init:${PATH}"
+COPY bootstrapping.sh /opt/init/bootstrapping.sh
+
+# ENTRYPOINT ["/opt/init/bootstrapping.sh"]
diff --git a/containers/cluster-bootstrapping/bootstrapping.sh b/containers/cluster-bootstrapping/bootstrapping.sh
@@ -0,0 +1,59 @@
+# # Set the URL we'll hit twice
+# export url="http://169.254.169.254/latest/meta-data/iam/security-credentials"
+
+# # Generate the Token
+# export TOKEN=$(curl -sXPUT \
+#     "http://169.254.169.254/latest/api/token" \
+#     -H "X-aws-ec2-metadata-token-ttl-seconds: 21600")
+
+# # Generate our AWS Credentials
+# curl -sH "X-aws-ec2-metadata-token: $TOKEN" ${url}/$(curl -s ${url}) >/tmp/creds.json
+
+# # Configure our AWS Credentials
+# mkdir -p ~/.aws/
+# cat <<EOF >~/.aws/credentials
+# [default]
+# aws_access_key_id=$(cat /tmp/creds.json | jq -r '.AccessKeyId')
+# aws_secret_access_key=$(cat /tmp/creds.json | jq -r '.SecretAccessKey')
+# region=us-east-1
+# EOF
+
+# Clone the homelab repo
+git clone \
+    --depth 1 \
+    --branch feature/restructure \
+    https://github.com/danmanners/homelab-kube-cluster.git \
+    /tmp/homelab-kube-cluster
+
+# Change to the repo directory and Build the Talos Configs
+cd /tmp/homelab-kube-cluster/iac/cloud/talos
+sops -d -i talsecret.sops.yaml
+talhelper genconfig
+
+# Check if the cluster has already been deployed
+if $(talosctl --talosconfig clusterconfig/talosconfig -n 172.29.8.5 kubeconfig /tmp/kubeconfig); then
+    DEPLOYED="True"
+else
+    DEPLOYED="False"
+fi
+
+# Loop through the files in the talos directory, and perform different tasks for the first file and all subsequent files
+for FILE in $(ls -1 clusterconfig/*.yaml); do
+    # Get the network interface we'll be provisioning
+    TARGET_IP=$(cat ${FILE} |
+        yq -r '.machine.network.interfaces[0].addresses[0]' |
+        awk -F'/' '{print $1}')
+    # If this is the first file, we need to create the cluster
+    if [[ "${FILE}" == "clusterconfig/talos-control-plane-01.cloud.danmanners.com.yaml" && "${DEPLOYED}" == "True" ]]; then
+        # Create the cluster
+        talosctl --talosconfig clusterconfig/talosconfig \
+            apply-config -i -n ${TARGET_IP} -f ${FILE}
+        # Bootstrap the cluster
+        talosctl --talosconfig clusterconfig/talosconfig \
+            bootstrap -n ${TARGET_IP} -e ${TARGET_IP}
+    else
+        # Apply the latest configs to each cluster node
+        talosctl --talosconfig clusterconfig/talosconfig \
+            apply-config -i -n ${TARGET_IP} -f ${FILE}
+    fi
+done
diff --git a/containers/cluster-bootstrapping/readme.md b/containers/cluster-bootstrapping/readme.md
@@ -0,0 +1,7 @@
+# Cloud Cluster Bootstrapping
+
+This Dockerfile will be utilized by AWS Lambda to bootstrap the cloud cluster. It will wait for the Talos Nodes to be up and operational, and from within the AWS networking it will be able to:
+
+1. Clone your repository
+2. Decrypt the encrypted secrets for the cluster using `SOPS` and your AGE key
+3. Run the `talosctl` commands to bootstrap the initial cluster
diff --git a/containers/cluster-provisioning/readme.md b/containers/cluster-provisioning/readme.md
@@ -0,0 +1,7 @@
+# Cluster Worker Node and Service Instantiation
+
+This Dockerfile will be utilized as a job within the cluster to instantiate the worker nodes and services. It will be able to:
+
+1. Clone your repository
+2. Decrypt the encrypted secrets for the cluster using `SOPS` and your AGE key
+3. Run the `talosctl` commands to instantiate the worker nodes and services
diff --git a/containers/readme.md b/containers/readme.md