A toolbox for creating IaC on Proxmox
The aim of this project is to provide the glue needed to build a beginning of Cloud and IaC on the Proxmox hypervisor. Evolutions will be planned to potentially support other hypervisors, but for now we're choosing the path of freedom.
Many projects already exist on this theme, and we'll credit them all as references. However, few clearly explain the path to a ready-to-use environment for designing I.S. and services in "code" form.
It's a long road, but it's already begun.
In the firsts step services will be deployed manually. We can find all the documentation in the corresponding folders.
In the examples, we use the "play.lan" domain. For the moment, everything is hard-coded, so you'll have to use your brain to modify it.
We decided to order the files to impose an order of deployment.
Proxmox is one of the best hypervisor and freely accessible. Since there's never a perfect choice, this one's a little self-imposed.
Proxmox documentation is abundant, and the official website is really full of resources. There will therefore be a few deviations in our documentation, and we invite you to refer to the official documentation for the installation and deployment of a standalone hypervisor or a cluster.
It is compatible with cloud images and cloud-init images. It's a perfect start for IaC.
Note
In this documentation, we will deal with the most common case, usually referring to a single node. It's up to you to adapt the scripts and documentation if you have several nodes and want to deploy the services elsewhere. The node name, the storage name, the pool name must be adapted to your configuration.
OpenWRT is choosen for its lightweight footprint for the core network. It's the main router/firewall of our architecture.
We chose this software because it contains LDAP for user management (and the user interface for user management). It provides a PKI infrastructure and can also manage client hosts.
KeyCloak is FreeIPA's companion, mainly maintained by RedHat teams. It ensures compatibility with SSO protocols, especially OIDC.
We need a way to manage secrets and certificates, and Vault is the leading product for this. It is fully compatible with all IaC languages.
The first step is to create the images needed to offer the VPS service. This part provides the minimum OS to support the services to be deployed. In the case of laboratories, these images can also be used to test and emulate a complete Information System.
Different steps and prerequisites are required to make this part work. Each Packer subfolder contains documentation relating to its part.
The Terraform part is left up to users to deploy their own services and I.S. as they see fit. However, examples will be provided. We will provide an example to deploy RKE2 in our infrastructure (it will be the main Terraform project).
RKE2 is chosen by default for the Kubernetes part, as it is complete and secure.
For homelab (only), you'll need lightweight Kubernetes. RKE2 is heavy and requires a lot of resources.
Some Ansible Playbook will be used mainly for operational purpose.
You can contrib to this project. You just need to follow namings convention of this project.
An asset folder will be present (in each subfolder) for storing images used in the documentation.