studio/sbbb
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
mainline
sbbb/cloud-init.yaml

48 lines
1.2 KiB
YAML
Raw Permalink Normal View History

feat(infra): production bootstrap — cert-manager, longhorn, monitoring Add new bases for cert-manager (Let's Encrypt + wildcard cert), Longhorn distributed storage, and monitoring (kube-prometheus-stack + Loki + Tempo + Grafana OIDC). Add cloud-init for Scaleway Elastic Metal provisioning. Production overlay: add patches for postgres sizing, SeaweedFS volume, OpenSearch storage, LiveKit service, Pingora host ports, resource limits, and CNPG daily barman backups. Update cert-manager.yaml with full dnsNames for all *.sunbeam.pt subdomains.
2026-03-06 12:06:27 +00:00
#cloud-config
# Scaleway Elastic Metal — latest Debian
# Provisions: sienna user w/ GitHub SSH keys, k3s (traefik disabled)
users:
- name: sienna
groups: [sudo]
shell: /bin/bash
sudo: "ALL=(ALL) NOPASSWD:ALL"
ssh_import_id:
- gh:siennathesane
# Lock root and default debian user from password auth (SSH keys only)
disable_root: true
package_update: true
package_upgrade: true
packages:
- curl
- ca-certificates
- jq
# Write k3s config before the installer runs so traefik is never started
write_files:
- path: /etc/rancher/k3s/config.yaml
owner: root:root
permissions: "0644"
content: |
disable:
- traefik
runcmd:
# Install k3s (picks up /etc/rancher/k3s/config.yaml automatically)
- curl -sfL https://get.k3s.io | sh -
# Allow sienna to use kubectl without sudo
- mkdir -p /home/sienna/.kube
- cp /etc/rancher/k3s/k3s.yaml /home/sienna/.kube/config
- chown -R sienna:sienna /home/sienna/.kube
- chmod 600 /home/sienna/.kube/config
# Fix server address in kubeconfig (loopback is fine for local use)
- systemctl enable --now k3s
final_message: |
Sunbeam node ready. k3s installed, traefik disabled.
SSH: ssh sienna@<server-ip>
kubectl: KUBECONFIG=~/.kube/config kubectl get nodes
Reference in New Issue Copy Permalink