tudattr/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
db2d5dccd4be5eb38d74d1d4f7058bfda36d6d8b
ansible/changelog.md
Tuan-Dat Tran 99f6876ce9 docs: Add changelog and update role documentation
2026-02-16 09:21:08 +01:00

76 lines
4.0 KiB
Markdown
Raw Blame History

# Changelog
Technical evolution of the infrastructure stack, tracking the migration from standalone Docker hosts to a fully automated, GitOps-managed Kubernetes cluster.
## Phase 5: GitOps & Cluster Hardening (July 2025 - Present)
*Shifted control plane management to ArgoCD and expanded storage capabilities.*
- **GitOps Implementation**:
- Deployed **ArgoCD** in an App-of-Apps pattern to manage cluster state (`89c51aa`).
- Integrated **Sealed Secrets** (implied via vault diffs) and **Cert-Manager** for automated TLS management (`76000f8`).
- Migrated core services (Traefik, MetalLB) to Helm charts managed via ArgoCD manifests.
- **Storage Architecture**:
- Implemented **Longhorn** with iSCSI support for distributed block storage (`48aec11`).
- Added **NFS Provisioner** (`e1a2248`) for ReadWriteMany volumes capabilities.
- **Networking**:
- Centralized primary server IP logic (`97a5d6c`) to support HA control plane capability.
- Replaced Netcup DNS webhooks with **Cloudflare** for Caddy ACME challenges (`9cb90a8`).
- **Observability**:
- Added **healthcheck** definitions to Docker Compose services (`0e8e07e`) and K3s probes.
## Phase 4: IaaC Refactoring & Proxmox API Integration (Nov 2024 - June 2025)
*Refactored Ansible roles for modularity and implemented Proxmox API automation for "click-less" provisioning.*
- **Proxmox Automation**:
- Developed `roles/proxmox` to interface with Proxmox API: automated VM creation, cloning from templates, and Cloud-Init injection (`f2ea03b`).
- Configured **PCI Passthrough** (`591342f`) and hardware acceleration for media transcoding nodes.
- Added cron-based VM state reconciliation (`a1da69a`).
- **Ansible Restructuring**:
- **Inventory Refactor**: Moved from root-level inventory files to a hierarchical `vars/` structure (`609e000`).
- **Linting Pipeline**: Integrated `ansible-lint` and `pre-commit` hooks (`6eef96b`) to enforce YAML standards and best practices.
- **Vault Security**: Configured `.gitattributes` to enable `ansible-vault view` for cleartext diffs in git (`c3905ed`).
- **Identity Management**:
- Deployed **Keycloak** (`42196a3`) for OIDC/SAML authentication across the stack.
## Phase 3: The Kubernetes Migration (Sep 2024 - Oct 2024)
*Architectural pivot from Docker Compose to K3s.*
- **Control Plane Setup**:
- Bootstrapped **K3s** cluster with dedicated server/agent split.
- Configured **HAProxy/Nginx** load balancers (`51a49d0`) for API server high availability.
- **Node Provisioning**:
- Standardized node bootstrapping (kernel modules, sysctl params) for K3s compatibility.
- Deployed specialized storage nodes for Longhorn (`7d58de9`).
- **Decommissioning**:
- Drained and removed legacy Docker hosts (`0aed818`).
- Migrated stateful workloads (Postgres) to cluster-managed resources.
## Phase 2: Docker Service Expansion (2023 - 2024)
*Vertical scaling of Docker hosts and introduction of the monitoring stack.*
- **Service Stack**:
- Deployed the **\*arr suite** (Sonarr, Radarr, etc.) and Jellyfin with hardware mapping (`3d7f143`).
- Integrated **Paperless-ngx** with Redis and Tika consumption (`3f88065`).
- Self-hosted **Gitea** and **GitLab** (later removed) for source control.
- **Observability V1**:
- Deployed **Prometheus** and **Grafana** stack (`b3ae5ef`).
- Added **Node Exporter** and **SmartCTL Exporter** (`0a361d9`) to bare metal hosts.
- Implemented **Uptime Kuma** for external availability monitoring.
- **Reverse Proxy**:
- Transitioned ingress from Traefik v2 to **Nginx Proxy Manager**, then to **Caddy** for simpler configuration management (`a9af3c7`, `1a1b8cb`).
## Phase 1: Genesis & Networking (Late 2022)
*Initial infrastructure bring-up.*
- **Base Configuration**:
- Established Ansible role structure for baseline system hardening (SSH, users, packages).
- Configured **Wireguard** mesh for secure inter-node communication (`2ba4259`).
- Set up **Backblaze B2** offsite backups via Restic/Rclone (`b371e24`).
- **Network**:
- Experimented with **macvlan** Docker networks for direct container IP assignment.
Reference in New Issue View Git Blame Copy Permalink