services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

kube transfer to single-node host

Browse Source
This commit is contained in:
Reese Wells
2024-07-08 10:39:56 -04:00
parent d1afa569cc
commit 887df21477
69 changed files with 1675 additions and 2009 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
aws/README.md
View File

@@ -1,21 +1,43 @@
# AWS Credentials
Distributes aws credentials to all machines that need them.
## Aws Policies
## Access Key
Example Policy:
secrets/aws/policies/route53_reeselink.json
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:GetChange"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": [
"arn:aws:route53:::hostedzone/<zone_id>"
]
}
]
}
```
```bash
# Delete previous access key
aws iam delete-access-key --user-name route53 --access-key-id "$(aws iam list-access-keys --user-name route53 --output json | jq -r '.AccessKeyMetadata[0].AccessKeyId')"
# Allow updating route53 records for reeselink.com
aws iam create-policy --policy-name update-reeselink --policy-document file://secrets/aws/policies/route53_reeselink.json
# Create new access key
aws iam create-access-key --user-name route53 | jq -r '.AccessKey.AccessKeyId,.AccessKey.SecretAccessKey' | {read AWS_ACCESS_KEY_ID; read AWS_SECRET_ACCESS_KEY;}
# Send access keys to all servers
ansible-playbook \
-i ansible/inventory.yaml aws/distribute_aws_creds.yaml \
--extra-vars "access_key_id=$AWS_ACCESS_KEY_ID secret_access_key=$AWS_SECRET_ACCESS_KEY"
# List existing access keys
aws iam list-access-keys --user-name route53 --output json
# Allow updating route53 records for reeseapps.com
aws iam create-policy --policy-name update-reeseapps --policy-document file://secrets/aws/policies/route53_reeseapps.json
```

2
aws/config_template
View File

@@ -1,2 +0,0 @@
[profile default]
region={{ region }}

3
aws/creds_template
View File

@@ -1,3 +0,0 @@
[default]
aws_access_key_id={{ access_key_id }}
aws_secret_access_key={{ secret_access_key }}

27
aws/distribute_aws_creds.yaml
View File

@@ -1,27 +0,0 @@
- name: Update nginx stream configuration
hosts: colors:kubernetes
become: true
become_user: root
become_method: sudo
vars_files:
- vars.yaml
tasks:
- name: Create .aws dir
ansible.builtin.file:
path: /root/.aws
state: directory
mode: '0700'
- name: Copy credentials
template:
src: creds_template
dest: /root/.aws/credentials
owner: root
group: root
mode: '0600'
- name: Copy config
template:
src: config_template
dest: /root/.aws/config
owner: root
group: root
mode: '0600'

35
aws/install_aws_cli.yaml
View File

@@ -1,35 +0,0 @@
- name: Update nginx stream configuration
hosts: colors:kubernetes
become: true
become_user: root
become_method: sudo
vars_files:
- vars.yaml
tasks:
- name: Ensure curl, unzip installed
ansible.builtin.dnf:
name:
- curl
- unzip
state: present
- name: Download aws cli zip
ansible.builtin.get_url:
url: https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip
dest: /tmp/awscliv2.zip
mode: '0600'
- name: Remove /tmp/aws before unzipping
file:
path: /tmp/aws
state: absent
- name: Unzip aws cli
ansible.builtin.unarchive:
src: /tmp/awscliv2.zip
dest: /tmp
remote_src: yes
- name: Run aws installer
ansible.builtin.shell: /tmp/aws/install
register: result
ignore_errors: true
- name: Run aws updater
ansible.builtin.shell: /tmp/aws/install -u
when: result is failed

3
aws/vars.yaml
View File

@@ -1,3 +0,0 @@
region: us-east-2
access_key_id: ""
secret_access_key: ""