/RaspTerraPi

A way to manage the Raspberry Pi with Terraform and Helm charts

Primary LanguageHCL

RaspTerraPi

This repo was put together as a way to manage my Raspberry Pi with Terraform and Helm charts. There are a few manual steps, but for the most part Terraform manages everything. PR's welcome

Tested on:

Software

  • Terraform v12 - Terraform Cloud is used for remote state storage
  • Kubectl - For managing the cluster remotely
  • Microk8s - The Kubernetes install via Ubuntu snap package
  • Helm 3 - Installs Helm charts with the Terraform Helm provider
  • Pi-hole - Ad Blocking: There is no official helm chart, so I use this one mojo2600/pihole with DNS over HTTPs via cloudflared enabled
  • Metallb - Bare-metal load balancer for kubernetes. Helm Chart located here stable/metallb
  • Puppet (Package installation)
  • Raspberry Pi Imager

Installation Steps

Prep SD Card

Use Raspberry Pi Imager to download and copy the OS to the SD card. Once installed, remount card and do the following in the root of the volume:

  1. Enable SSH by creating an empty file named ssh

  2. Add the following the beginning of the cmdline.txt file.

    cgroup_enable=memory cgroup_memory=1

  3. OPTIONAL: If you want to add WIFI and/or disable LAN, edit network-config. Sometimes if both LAN and WIFI are enabled in this config, on boot it only brings up eth0. If you plan to connect only with WIFI you can comment out the ethernets section or once the server is up and you're connected to the LAN IP, run sudo netplan apply. For more complex configuration, check out netplan

    version: 2
ethernets:
  eth0:
    dhcp4: true
    optional: true
wifis:
  wlan0:
    dhcp4: true
    optional: true
    access-points:
      <WIFI_SSID>:
        password: <WIFI_PASSWORD>

  4. Unmount card, place in Raspberry Pi and boot

Configure server access

Once the server is booted and you have the IP, connect with the following defaults

HOST:   <SERVER_IP>
USER:     ubuntu
PASSWORD: ubuntu

It will immediately ask you to change the default password. Once changed it will log you out immediately. Log back in and add your SSH public key to ~/.ssh/authorized_keys

Bootstrap

The bootstrap directory holds Terraform code to connect to the server and install Microk8s via masterless Puppet

  1. Configure backend by updating bootstrap/remote.tf
    OPTIONAL: If you are going to use Terraform Cloud (free for up to 5 users), change organization and workspaces name
  2. Update the values in bootstrap/bootstrap.auto.tfvars or create your own to override the them
  3. Initialize Terraform 
    terraform init
    NOTE: If you used Terraform Cloud go to the console and change Execution Mode to from Remote to Local https://app.terraform.io/app/<ORGANIZATION_NAME>/workspaces/<WORKSPACE_NAME>/settings/general
  4. Apply the configuration 
    terraform apply
  5. Once the run is complete, log in and grab the kubeconfig 
    sudo microk8s kubectl config view --flatten --minify
  6. Copy the kubeconfig to somewhere on your local machine like ~/.kube/configand change the server from 127.0.0.1 to your host IP. You can also change the contexts name and current-context from microk8s to default as well, if you'd like
  7. Verify you can access the cluster from your local machine with Kubectl 
    kubectl get node

Services

The services directory holds Terraform code to install and configure Metallb and Pi-hole via Helm charts. Metallb is used to create a loadBalancerIP for Pi-hole to enable connecting on a home network IP

  1. Configure backend by updating services/remote.tf
    OPTIONAL: If you used Terraform Cloud change the organization and workspaces name
  2. Update the values in services/services.auto.tfvars or create your own to override the them
  3. Initialize Terraform 
    terraform init
    NOTE: If you used Terraform Cloud go to the console and change Execution Mode to from Remote to Local
    https://app.terraform.io/app/<ORGANIZATION_NAME>/workspaces/<WORKSPACE_NAME>/settings/general
  4. Apply the configuration 
    terraform apply

NOTE: I have the pihole_adminPassword set as a variable that gets passed in when I run an apply. I personally dont care that my password is getting saved in state since it's in Terraform Cloud, but you might. Something to keep in mind.

Pi-hole

At this point you should now be able to access your Pi-hole web interface witn the pihole_ip or pihole_hostname you set in services.auto.tfvars. If all looks well, you can now change the DNS server in your router to pint to your Pi-hole IP.

http://pi.hole/admin/
http://192.168.X.X/admin/

Resource Usage

This set up uses a pretty small amount of CPU and RAM. My guess is that it would run Pi-hole and a few other small services fine on the 1GB model.

ubuntu@ubuntu:~$ w
 19:42:03 up 8 min,  1 user,  load average: 0.42, 0.83, 0.59
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
ubuntu   pts/0    192.168.86.90    19:41    0.00s  0.12s  0.01s w

ubuntu@ubuntu:~$ free -m
              total        used        free      shared  buff/cache   available
Mem:           1848         840          23          13         984        1029
Swap:             0           0           0