Giter VIP home page Giter VIP logo

kwuxlab's Introduction

Kwuxlab

The Kwuxlab is a repository containing real-world examples of:

  1. Infrastructure configuration/deployment (via terraform/terragrunt)
  2. Configuration management (via ansible)
  3. Deploying services on-top of a cluster of machines
    1. Private networking via Tailscale
    2. Hashicorp stack
      • Service Discovery via Consul
      • Container (and direct-host) workload scheduling and orchestration via Nomad
      • Service mesh via Consul Connect
      • Secret management via Vault

Kwuxlab Free vs. Kwuxlab Pro

Kwuxlab Free is designed to be a playground environment, where you can get familiar with basic features of Consul, Vault, and Nomad.

Kwuxlab Free allows you to quickly deploy a fully functional Hashicorp cluster on your local machine via VMs, so you can follow along with tutorials and get familiar with the fantastic developer experience that the stack enables!

Kwuxlab Pro provides you with a complete set of tools to deploy and comfortably maintain a complete environment, including, at a high-level:

  • Connecting all nodes in the environment via Tailscale VPN, and using the dual-network configuration to deploy sensitive applications (e.g. Consul) on the private network, while allowing internet-facing traffic via the Envoy proxy, managed by Nomad.
  • Configuring and initializing Consul and Nomad Access Control Lists (ACLs) for secure authentication/authorization across services and Vault-managed secrets.
  • And much, much, more (see below)!

Moving from the Kwuxlab Pro environment to a homelab/production environment requires only that you add additional security where desired (e.g. configuring cloud-provider firewalls).

Features

  1. Infrastructure Environment

    • ✔️ (Kwuxlab Pro Only) Terraform modules and Terragrunt configuration for deployment on
      • ✔️ Hetzner Cloud
      • AWS
      • GCP
      • Azure
    • ✔️ Virtual machine deployment via Vagrant
  2. Basic compute environment configuration, including basic security/quality-of-life settings:

    • ✔️ (Kwuxlab Pro Only) Non-root sudoer user creation
      • Includes configuration to allow non-root user with Ansible
    • ✔️ (Kwuxlab Pro Only) Log-rotation & Journalctl max disk usage settings
    • ✔️ (Kwuxlab Pro Only) NTP installation/configuration to avoid time-drift
    • ✔️ (Kwuxlab Pro Only) Base firewall configuration via the Uncomplicated Firewall (UFW)
    • ✔️ (Kwuxlab Pro Only) Secure SSH configuration
      • Includes configuration of authorized_hosts file
    • ✔️ (Kwuxlab Pro Only) Fail2Ban configuration
    • ✔️ (Kwuxlab Pro Only) Hostname configuration
    • ✔️ (Kwuxlab Pro Only) Tailscale installation & bootstrapping
    • ✔️ (Kwuxlab Pro Only) Stateful storage with details of ansible playbook execution (version, etc.) on remote host for future debugging/upgrade reference.
    • ✔️ Docker installation & base configuration
    • ✔️ Python/python3-pip installation/configuration
    • ✔️ Envoy proxy installation/base configuration
  3. Consul deployment/configuration

  4. Vault deployment/configuration

    • ✔️ (Kwuxlab Pro Only) Service (all ports) bound to private (tailscale) network; not accessible via internet.
    • ✔️ (Kwuxlab Pro Only) Integrate with Consul via ACL token
    • ✔️ Basic Vault installation
  5. Nomad deployment/configuration

    • ✔️ (Kwuxlab Pro Only) Service (all ports) bound to private (tailscale) network; not accessible via internet.
    • ✔️ (Kwuxlab Pro Only) Configure and manage Host Volumes for stateful workloads
    • ✔️ (Kwuxlab Pro Only) Dynamic integration with upstream services (Vault, Consul) via Consul DNS/Service Discovery
    • ✔️ (Kwuxlab Pro Only) Authorization with Consul via Consul ACLs Consul Access Control Lists (ACLs)
    • ✔️ (Kwuxlab Pro Only) Configuration & Bootstrapping of Nomad Access Control Lists (ACLs)
    • ✔️ Nomad installation
    • ✔️ Consul integration
    • ✔️ Vault integration

Support Kwuxlab/InfraCasts to get these awesome features AND awesome tutorials on how to make use of this code at https://infracasts.com

Getting Started

This repository makes use of git submodules, which you'll need to fetch. Don't worry, it's pretty straight-forward; the commands below should fetch all required components!

  1. Clone this repository with submodules

    git clone --recurse-submodules -j4 [email protected]:momer/kwuxlab.git
  2. Ensure fetch of submodules

    git submodule update --init --recursive --remote
  3. Begin by creating your target infrastructure environment /infrastructure/README.md for details.

  4. Configure your machines with Ansible, securing them and installing services like Tailscale, the Hashicorp stack, etc. See this project's /ansible/README for details.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.