This repo was put together as a way to manage my Raspberry Pi with Terraform and Helm charts. There are a few manual steps, but for the most part Terraform manages everything. PR's welcome
- Raspberry Pi 4 Model B (2GB version)
- Ubuntu: (64bit for Raspberry Pi 4) 20.04 LTS and 18.04.4
- Terraform v12 - Terraform Cloud is used for remote state storage
- Kubectl - For managing the cluster remotely
- Microk8s - The Kubernetes install via Ubuntu snap package
- Helm 3 - Installs Helm charts with the Terraform Helm provider
- Pi-hole - Ad Blocking: There is no official helm chart, so I use this one mojo2600/pihole with DNS over HTTPs via cloudflared enabled
- Metallb - Bare-metal load balancer for kubernetes. Helm Chart located here stable/metallb
- Puppet (Package installation)
- Raspberry Pi Imager
Use Raspberry Pi Imager to download and copy the OS to the SD card. Once installed, remount card and do the following in the root of the volume:
-
Enable SSH by creating an empty file named ssh
-
Add the following the beginning of the cmdline.txt file.
cgroup_enable=memory cgroup_memory=1
-
OPTIONAL: If you want to add WIFI and/or disable LAN, edit network-config. Sometimes if both LAN and WIFI are enabled in this config, on boot it only brings up eth0. If you plan to connect only with WIFI you can comment out the ethernets section or once the server is up and you're connected to the LAN IP, run
sudo netplan apply
. For more complex configuration, check out netplanversion: 2 ethernets: eth0: dhcp4: true optional: true wifis: wlan0: dhcp4: true optional: true access-points: <WIFI_SSID>: password: <WIFI_PASSWORD>
-
Unmount card, place in Raspberry Pi and boot
Once the server is booted and you have the IP, connect with the following defaults
HOST: <SERVER_IP>
USER: ubuntu
PASSWORD: ubuntu
It will immediately ask you to change the default password. Once changed it will log you out immediately. Log back in and add your SSH public key to ~/.ssh/authorized_keys
The bootstrap directory holds Terraform code to connect to the server and install Microk8s via masterless Puppet
- Configure backend by updating
bootstrap/remote.tf
OPTIONAL: If you are going to use Terraform Cloud (free for up to 5 users), change organization and workspaces name
- Update the values in
bootstrap/bootstrap.auto.tfvars
or create your own to override the them - Initialize Terraform
terraform init
NOTE: If you used Terraform Cloud go to the console and change Execution Mode to from Remote to Local
https://app.terraform.io/app/<ORGANIZATION_NAME>/workspaces/<WORKSPACE_NAME>/settings/general
- Apply the configuration
terraform apply
- Once the run is complete, log in and grab the kubeconfig
sudo microk8s kubectl config view --flatten --minify
- Copy the kubeconfig to somewhere on your local machine like
~/.kube/config
and change the server from127.0.0.1
to your host IP. You can also change the contexts name and current-context frommicrok8s
todefault
as well, if you'd like - Verify you can access the cluster from your local machine with Kubectl
kubectl get node
The services directory holds Terraform code to install and configure Metallb and Pi-hole via Helm charts. Metallb is used to create a loadBalancerIP
for Pi-hole to enable connecting on a home network IP
- Configure backend by updating
services/remote.tf
OPTIONAL: If you used Terraform Cloud change the organization and workspaces name
- Update the values in
services/services.auto.tfvars
or create your own to override the them - Initialize Terraform
terraform init
NOTE: If you used Terraform Cloud go to the console and change Execution Mode to from Remote to Local
- Apply the configuration
terraform apply
NOTE: I have the pihole_adminPassword
set as a variable that gets passed in when I run an apply. I personally dont care that my password is getting saved in state since it's in Terraform Cloud, but you might. Something to keep in mind.
At this point you should now be able to access your Pi-hole web interface witn the pihole_ip
or pihole_hostname
you set in services.auto.tfvars
. If all looks well, you can now change the DNS server in your router to pint to your Pi-hole IP.
http://pi.hole/admin/
http://192.168.X.X/admin/
This set up uses a pretty small amount of CPU and RAM. My guess is that it would run Pi-hole and a few other small services fine on the 1GB model.
ubuntu@ubuntu:~$ w
19:42:03 up 8 min, 1 user, load average: 0.42, 0.83, 0.59
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
ubuntu pts/0 192.168.86.90 19:41 0.00s 0.12s 0.01s w
ubuntu@ubuntu:~$ free -m
total used free shared buff/cache available
Mem: 1848 840 23 13 984 1029
Swap: 0 0 0