feat: improve readme

zifeo · zifeo · commit 46d8f7d23b87 · 2023-06-18T12:58:51.000+02:00
diff --git a/README.md b/README.md
@@ -21,7 +21,7 @@ defaults for running production workload.
 - configure Openstack Swift or S3-like backend for automated etcd snapshots
 - smooth updates & agent nodes autoremoval with pod draining
 - bundled with Openstack Cloud Controller and Cinder CSI
-- Cilium networking (network policy support and no Kube-proxy)
+- Cilium networking (network policy support and no kube-proxy)
 - highly-available through load balancers
 - out of the box support for volume snapshot and Velero
 
@@ -38,89 +38,44 @@ defaults for running production workload.
 ## Getting started
 
 ```bash
-cat <<EOF > cluster.tf
-provider "openstack" {
-  tenant_name = "PCP-XXXXXXX"
-  user_name   = "PCU-XXXXXXX"
-  password    = "XXXXXXXXXXX"
-  auth_url    = "https://api.pub1.infomaniak.cloud/identity"
-  region      = "dc3-a"
-}
-
-module "rke2" {
-  source  = "zifeo/rke2/openstack"
-
-  name = "k8s"
-
-  floating_pool  = "ext-floating1"
-  rules_ssh_cidr = "0.0.0.0/0"
-  rules_k8s_cidr = "0.0.0.0/0"
-
-  bootstrap = true
-  servers = [
-    {
-      name = "server-a"
-
-      flavor_name      = "a2-ram4-disk0"
-      image_name       = "Ubuntu 20.04 LTS Focal Fossa"
-      system_user      = "ubuntu"
-      boot_volume_size = 8
-
-      rke2_version     = "v1.25.3+rke2r1"
-      rke2_volume_size = 16
-    }
-  ]
-
-  agents = [
-    {
-      name        = "pool-a"
-      nodes_count = 1
-
-      flavor_name      = "a2-ram4-disk0"
-      image_name       = "Ubuntu 20.04 LTS Focal Fossa"
-      system_user      = "ubuntu"
-      boot_volume_size = 8
-
-      rke2_version     = "v1.25.3+rke2r1"
-      rke2_volume_size = 16
-    }
-  ]
-}
-
-terraform {
-  required_providers {
-    openstack = {
-      source  = "terraform-provider-openstack/openstack"
-    }
-  }
-}
+git clone git@github.com:zifeo/terraform-openstack-rke2.git && cd terraform-openstack-rke2/examples/single-server
+cat <<EOF > terraform.tfvars
+project=PCP-XXXXXXXX
+username=PCU-XXXXXXXX
+password=XXXXXXXX
 EOF
 
 terraform init
-terraform apply
-# or, on upgrade, to process node by node
+terraform apply # approx 2-3 mins
+kubectl --kubeconfig single-server.rke2.yaml get nodes
+# NAME           STATUS   ROLES                       AGE     VERSION
+# k8s-pool-a-1   Ready    <none>                      119s    v1.21.5+rke2r2
+# k8s-server-1   Ready    control-plane,etcd,master   2m22s   v1.21.5+rke2r2
+
+# on upgrade, process node pool by node pool
 terraform apply -target='module.rke2.module.servers["server-a"]'
 # for servers, apply on the majority of nodes, then for the remaining ones
 # this ensures the load balancer routes are updated as well
 terraform apply -target='module.rke2.openstack_lb_members_v2.k8s'
 ```
 
-See [examples](./examples) for more options.
+See [examples](./examples) for more options or this
+[article](https://zifeo.com/articles/230617-low-cost-k8s) for a step-by-step
+tutorial.
 
 Note: it requires [rsync](https://rsync.samba.org) and
-[yq](https://github.com/mikefarah/yq) to generate remote kube config file. You
-can disable this behaviour by setting `ff_write_kubeconfig=false` and fetch
+[yq](https://github.com/mikefarah/yq) to generate remote kubeconfig file. You
+can disable this behavior by setting `ff_write_kubeconfig=false` and fetch
 yourself `/etc/rancher/rke2/rke2.yaml` on server nodes.
 
 ## Infomaniak OpenStack
 
-A stable, performent and fully-equiped Kubernetes cluster in Switzerland for as
+A stable, performant and fully equipped Kubernetes cluster in Switzerland for as
 little as CHF 26.90/month (at the time of writing):
 
-- nginx-ingress with floating ip (perfect under Cloudflare proxy)
-- persistence through cinder-csi storage classes (retain, delete)
-- 1 server 1cpu/2go (= master)
-- 1 agent 1cpu/2go (= worker)
+- load-balancer with floating IP (perfect under Cloudflare proxy)
+- 1 server 2cpu/4Go (= master)
+- 1 agent 2cpu/4Go (= worker)
 
 | Flavour                                                                            | CHF/month |
 | ---------------------------------------------------------------------------------- | --------- |
@@ -129,34 +84,12 @@ little as CHF 26.90/month (at the time of writing):
 | 3x2cpu/4go HA servers with 1x4cpu/16Go worker                                      | ~50.—     |
 | 3x2cpu/4go HA servers with 3x4cpu/16Go workers                                     | ~85.—     |
 
-```bash
-git clone git@github.com:zifeo/terraform-openstack-rke2.git && cd terraform-openstack-rke2/examples/single-server
-cat <<EOF > terraform.tfvars
-tenant_name = "PCP-XXXXXXX"
-user_name   = "PCU-XXXXXXX"
-password    = "XXXXXXXXXXX"
-EOF
-terraform init
-terraform apply # approx 2-3mins
-kubectl --kubeconfig rke2.yaml get nodes
-# NAME           STATUS   ROLES                       AGE     VERSION
-# k8s-pool-a-1   Ready    <none>                      119s    v1.21.5+rke2r2
-# k8s-server-1   Ready    control-plane,etcd,master   2m22s   v1.21.5+rke2r2
-helm install wordpress --values wordpress.yaml --namespace default bitnami/wordpress
-kubectl --kubeconfig rke2.yaml get pods -n default
-# NAME                         READY   STATUS    RESTARTS   AGE
-# wordpress-7474ddb77f-w6c86   1/1     Running   0          102s
-# wordpress-mariadb-0          1/1     Running   0          102s
-curl -s $(terraform output -raw floating_ip) -H 'host: wordpress.local' | grep Welcome
-# <p>Welcome to WordPress. This is your first post. Edit or delete it, then start writing!</p>
-```
-
 See their technical [documentation](https://docs.infomaniak.cloud) and
 [pricing](https://www.infomaniak.com/fr/hebergement/public-cloud/tarifs).
 
 ## More on RKE2 & OpenStack
 
-[RKE2 cheatsheet](https://gist.github.com/superseb/3b78f47989e0dbc1295486c186e944bf)
+[RKE2 cheat sheet](https://gist.github.com/superseb/3b78f47989e0dbc1295486c186e944bf)
 
 ```
 # alias already set on the nodes
diff --git a/examples/lade.yml b/examples/lade.yml
@@ -0,0 +1,4 @@
+terraform:
+  TF_VAR_username: "op://exponent.1password.eu/Private/Openstack%20teo-debug/username"
+  TF_VAR_password: "op://exponent.1password.eu/Private/Openstack%20teo-debug/password"
+  TF_VAR_project: "op://exponent.1password.eu/Private/Openstack%20teo-debug/project"
diff --git a/examples/single-server/main.tf b/examples/single-server/main.tf
@@ -3,7 +3,8 @@ module "rke2" {
   # version = ""
   source = "./../.."
 
-  # must be true for single-server cluster or only on the first run for HA cluster 
+  # must be true for single server cluster or
+  # only on the first run for high-availability cluster 
   bootstrap           = true
   name                = "single-server"
   ssh_authorized_keys = ["~/.ssh/id_rsa.pub"]
@@ -24,9 +25,8 @@ module "rke2" {
 
     rke2_version     = "v1.26.4+rke2r1"
     rke2_volume_size = 6
-    rke2_config      = <<EOF
-# https://docs.rke2.io/install/install_options/server_config/
-
+    # https://docs.rke2.io/install/install_options/server_config/
+    rke2_config = <<EOF
 etcd-snapshot-schedule-cron: "0 */6 * * *"
 etcd-snapshot-retention: 20
 
@@ -49,7 +49,7 @@ control-plane-resource-requests: kube-apiserver-cpu=75m,kube-apiserver-memory=12
     }
   ]
 
-  # enable automatically `kubectl delete node AGENT-NAME` after an agent change
+  # enable automatically agent removal of the cluster
   ff_autoremove_agent = true
   # rewrite kubeconfig
   ff_write_kubeconfig = true
