DEV Community: RAUL TAPARA YANGALI

🚀 StackOpsys: Part 3-Automating Kubernetes Infrastructure on Proxmox with Packer, Terraform and Ansible

RAUL TAPARA YANGALI — Thu, 04 Sep 2025 03:03:58 +0000

🧱 What’s included in this phase?

✅ Automated Kubernetes cluster installation with kubeadm
✅ Master and worker nodes configuration with containerd runtime
✅ Network modules preparation for Istio
✅ SSH key management and passwordless authentication
✅ Cluster verification and kubeconfig setup
✅ Task automation with go-task for streamlined operations

📦 Technologies:

🤖 Ansible 2.9+
☸️ Kubernetes (kubeadm)
🐳 Containerd Runtime
⚡ Task (go-task) for automation 🐧 Ubuntu Server 24.04 LTS
🔧 Python 3.13

🌐 Setting Up StackOpsys Overview

📁 Project Structure Overview

ansible/
├── ansible.cfg              # Ansible configuration
├── site.yaml               # Main playbook
├── Taskfile.yml            # Automated tasks with Task
├── inventory/
│   ├── hosts.ini           # Host inventory
│   └── group_vars/
│       └── all.yaml        # Global variables
├── roles/
│   ├── prepare-nodes/      # Node preparation
│   ├── configure-master-node/  # Master configuration
│   ├── configure-worker-node/  # Worker configuration
│   ├── kubeconfig/         # Kubeconfig setup
│   └── reset-vm/           # Cluster reset (optional)
├── collections/
│   └── requirements.yaml   # Required Ansible collections
└── output/                 # Logs and output files

🔄 Detailed Workflow:

⚙️ Configuration Examples

Inventory Configuration

[k8s_master]
cluster-kubeadm-k8s-master-01 ansible_host=192.168.100.220

[k8s_worker]
cluster-kubeadm-k8s-worker-01 ansible_host=192.168.100.223
cluster-kubeadm-k8s-worker-02 ansible_host=192.168.100.224

Global Variables

os: "linux"
arch: "amd64"
ansible_user: <user>
ansible_ssh_private_key_file: ~/.ssh/ansible
ansible_become: true

Cluster Architecture

Master Node: 1 node (192.168.100.220)
Worker Nodes: 2 nodes (192.168.100.223, 192.168.100.224)
Runtime: Containerd
Network: Pre-configured for Istio

🚀 Usage Steps

1. Prerequisites Setup

# Install Task (MacOS)
brew install go-task/tap/go-task

# Install Ansible collections
ansible-galaxy collection install -r collections/requirements.yaml

# Setup SSH keys
ssh-copy-id -i ~/.ssh/ansible.pub rtaparay@192.168.100.220
ssh-copy-id -i ~/.ssh/ansible.pub rtaparay@192.168.100.223
ssh-copy-id -i ~/.ssh/ansible.pub rtaparay@192.168.100.224

2. Testing (Dry Run)

# Test complete configuration
task test:all

# Test master only
task test:site:master

# Test workers only
task test:site:worker

3. Full Deployment

# Execute complete configuration
task apply:all

# Or step by step
task apply:site
task apply:kubeconfig

4. Alternative: Direct Ansible

# Connectivity verification
ansible all -i inventory/hosts.ini -m ping

# Full deployment
ansible-playbook site.yaml -i inventory/hosts.ini

🔧 Ansible Roles Breakdown:

prepare-nodes - Disables swap permanently - Configures kernel
modules (overlay, br_netfilter) - Installs and configures containerd -
Prepares modules for Istio/Kubeflow - Installs kubeadm, kubelet, and
kubectl

configure-master-node - Initializes Kubernetes cluster with
kubeadm - Configures cluster networking - Generates join tokens for
worker nodes

configure-worker-node - Joins worker nodes to the cluster -
Configures kubelet on worker nodes

kubeconfig - Copies kubeconfig from master node - Sets up cluster
access configuration

📊 Outputs & Verification

Generated Files

output/
├── ansible-2025-01-XX_XX-XX-XX.log  # Execution logs
└── kubeconfig                        # Kubernetes config

Cluster Verification Commands

# Copy kubeconfig locally
scp rtaparay@192.168.100.220:~/.kube/config ~/.kube/config

# Verify cluster status
kubectl get nodes
kubectl get pods -A
kubectl cluster-info

Expected Output

NAME                            STATUS   ROLES           AGE   VERSION
cluster-kubeadm-k8s-master-01   Ready    control-plane   5m    v1.28.x
cluster-kubeadm-k8s-worker-01   Ready    <none>          3m    v1.28.x
cluster-kubeadm-k8s-worker-02   Ready    <none>          3m    v1.28.x

🔄 Task Automation Features

Available Tasks

task init - Initialize log directories
task test:all - Run all tests (dry-run)
task apply:all - Full cluster deployment
task apply:site - Main playbook execution
task apply:kubeconfig - Kubeconfig setup only

Automated Logging

Timestamped log files
Structured output directory
Verbose execution tracking

🛠️ Troubleshooting & Reset

Common Issues

# SSH connectivity test
ansible all -i inventory/hosts.ini -m ping

# Manual swap disable
sudo swapoff -a
sudo sed -i '/ swap / s/^/#/' /etc/fstab

# Verbose execution
ansible-playbook site.yaml -i inventory/hosts.ini -vvv

Cluster Reset (Optional)

# Uncomment reset-vm role in site.yaml
ansible-playbook site.yaml -i inventory/hosts.ini --tags reset

✅ What’s next?

With your Kubernetes cluster now fully automated:

🔹 Deploy CNI plugins(Calico)
🔹 Configure service mesh (Istio)

🤝 Complete StackOpsys Journey

Part 1: 🏗️ Custom VM templates with Packer

Part 2: ☁️ Infrastructure provisioning with Terraform

Part 3: 🤖 Cluster automation with Ansible

📁 Full project available at: 👉 github.com/rtaparay/stackopsys

🚀 StackOpsys: Part 2-Automating Kubernetes Infrastructure on Proxmox with Packer, Terraform and Ansible

RAUL TAPARA YANGALI — Wed, 20 Aug 2025 05:55:05 +0000

In the first part of StackOpsys, we built a secure, cloud-init-ready image for Kubernetes using Packer. Now it’s time for Part 2: automating the creation of Kubernetes cluster infrastructure using Terraform on Proxmox VE.

🧱 What’s included in this phase?

✅ Creation of VMs (master + workers) based on the custom Ubuntu 22.04 template

✅ Modular structure with a reusable vms_proxmox Terraform module

✅ Network bridge configuration, fixed IPs, and cloud-init enabled

✅ Support for multiple environments (dev, QA, prod) using .tfvars

📦 Technologies

🧰 Terraform 1.8+
☁️ Proxmox VE 8.3.3+
🐧 Ubuntu Server 22.04 LTS

📁 Project Structure Overview

terraform/
├── environments/
│   ├── dev.tfvars
│   └── prd.tfvars
├── modules/
│   ├── vms_proxmox/
│   └── tools_k8s/
├── main.tf
├── variables.tf
├── outputs.tf
├── providers.tf
└── .github/workflows/terraform.yaml

⚙️ Configuration Examples

Proxmox Access

proxmox = {
  endpoint  = "https://192.168.100.100:8006/api2/json"
  username  = "root"
  password  = "your_password"
  api_token = "root@pam!iac-tf=your_token"
}

Cluster & VMs

cluster = {
  name     = "cluster-kubeadm"
  gateway  = "192.168.100.1"
  cidr     = 24
  endpoint = "192.168.100.220"
}

vms = {
  "k8s-master-01" = {
    ip            = "192.168.100.220"
    cpu           = 4
    ram_dedicated = 4096
    file_id       = "directory:9001/base-9001-disk-0.qcow2"
  }
}

🚀 Usage Steps

1. Initialize Terraform

terraform init

2. Plan

terraform plan -var-file=environments/dev.tfvars

3. Apply

terraform apply -var-file=environments/dev.tfvars

4. Destroy (optional)

terraform destroy -var-file=environments/dev.tfvars

🔐 Outputs

cluster_name = "cluster-kubeadm"
vm_ipv4_address_vms = [
  "192.168.100.220/24",
  "192.168.100.223/24",
  "192.168.100.224/24"
]

🔄 GitHub Actions Pipeline

Includes:

Terraform init/plan/validate/apply
Secrets stored securely in GitHub
Reproducible infrastructure builds

✅ What’s next?

In Part 3, we’ll use Ansible to:

Install required packages on each VM
Configure kubeadm on the master node
Join the worker nodes automatically
Deploy networking (e.g., Calico) and additional tools

📖 Full code and documentation on GitHub

Follow along and let me know what you'd add!

DevOps #Terraform #Kubernetes #IaC #Proxmox #Ansible #CI/CD #CloudInit #StackOpsys

🚀 StackOpsys: Part 1-Automating Kubernetes Infrastructure on Proxmox with Packer, Terraform and Ansible

RAUL TAPARA YANGALI — Tue, 19 Aug 2025 05:41:11 +0000

✨ What is StackOpsys?

StackOpsys is a personal project I'm building to automate the end-to-end deployment of Kubernetes clusters on Proxmox VE using key Infrastructure as Code (IaC) tools:

🔧 Packer → builds custom base images
⚙️ Terraform → provisions virtual machines on Proxmox
📦 Ansible → installs packages and connects the nodes to the cluster
☸️ Kubeadm → orchestrates the Kubernetes cluster
🖥️ Proxmox VE → local virtualization environment

🛠️ Project Status

So far, I’ve completed the Packer phase by creating a secure base image with Ubuntu Server 24.04 LTS that includes system configurations to run Kubernetes properly:

Swap disabled
Kernel modules loaded (br_netfilter, overlay)
sysctl network parameters applied
Firewall configured with firewalld and required ports open

This forms a solid base for a fully reproducible cluster deployment.

📦 Using Packer in StackOpsys

What does this module do?

It creates a custom image in Proxmox VE, ideal for Terraform use. It’s also prepared for integration with Ansible and Kubeadm.

Requirements:

A working Proxmox VE setup
API Token with permissions to create VMs
Packer version ≥ 1.8

🧪 Installing Packer

🔹 On Ubuntu

sudo apt-get update
sudo apt-get install -y unzip
curl -fsSL https://releases.hashicorp.com/packer/1.9.4/packer_1.9.4_linux_amd64.zip -o packer.zip
unzip packer.zip
sudo mv packer /usr/local/bin/
packer --version

🔹 On macOS

brew tap hashicorp/tap
brew install hashicorp/tap/packer
packer --version

🚀 How to Use Packer in StackOpsys

1️⃣ Initialize the environment

git clone https://github.com/rtaparay/StackOpsys.git
cd packer/base-images
packer init -upgrade .

✅ Validate the template with custom variables

packer validate -var-file=dev.pkrvars.hcl .

🏗️ Build the image (interactive mode if errors occur)

packer build -on-error=ask -var-file="dev.pkrvars.hcl" .

🔍 Detailed build with logs

PACKER_LOG=1 packer build -on-error=ask -var-file="dev.pkrvars.hcl" . 2>&1 | tee logs/packer-build-$(date +"%Y-%m-%d_%H:%M:%S").log

📁 Project Structure (so far)

packer
├── base-images
│   ├── files
│   │   └── 99-pve.cfg
│   ├── http
│   │   ├── meta-data
│   │   └── user-data
│   ├── logs
│   ├── dev.pkrvars.hcl
│   ├── scripts
│   │   └── install-kubeadm.sh
│   ├── ubuntu-server-noble.pkr.hcl
│   └── variables.pkr.hcl

🔐 Preconfigured Network Security

The image enables firewalld and opens the required ports for Kubernetes:

Port/Range	Protocol	Function	Used By
6443	TCP	Kubernetes API	kube-apiserver
2379-2380	TCP	etcd	etcd
10250	TCP	Kubelet API	kubelet
10251	TCP	kube-scheduler	kube-scheduler
10252	TCP	kube-controller-manager	kube-controller-manager

📍 What's Next?

Next phases include:

Terraform for automatic VM creation in Proxmox using this image
Ansible for installing packages and joining nodes to the cluster
Kubeadm for control-plane initialization and networking

All under a clean, modular and fully repeatable flow.

🤝 Want to follow or contribute?

📁 Project in progress. You can follow it or drop suggestions here:

👉 github.com/rtaparay/stackopsys

🧠 Final Thoughts

StackOpsys is more than a script or template—it's a complete approach to building infrastructure from scratch, with full control, best practices, and freedom to scale.

If you're into DevOps, Kubernetes, IaC or building your own Proxmox lab, this might be useful to you!

Thanks for reading 💻⚙️