LCMD db logoLCMD[db]

Deployment

VPS Provisioning

Guide for provisioning the VPS using Ansible and K3s

This guide explains how to provision our VPS using Ansible and K3s. We use the k3s-ansible template as our base configuration.

Prerequisites

Before you begin, ensure you:

  1. Are connected to the EPFL network (or VPN)
  2. Have Ansible installed on your local machine
  3. Have created the .vault_pass file at the root of the ansible folder with the vault password

Working with Encrypted Files

Some sensitive information in the Ansible configuration (like in group_vars/all/vars.yml) is encrypted using Ansible Vault. To work with these encrypted files:

  1. Ensure you have the .vault_pass file set up as mentioned in the prerequisites
  2. To edit an encrypted file, use:
cd infrastructure/ansible
ansible-vault edit group_vars/all/vars.yml

This will decrypt the file temporarily for editing and re-encrypt it when you save and exit.

Never commit the .vault_pass file to version control. Share the vault password securely with team members who need access.

The encrypted file contains:

  • ansible_become_pass: For privilege escalation
  • token: Default cluster token for K3s

These variables will be included in all playbooks by default. See Ansible variable precedence for more details.

Installation

cd infrastructure/ansible

Run the playbook

ansible-playbook playbooks/site.yml -i inventory.yml

Installs prerequisites on the server, sets up K3s in single-node mode, configures networking and security.

For K3s configuration options, refer to the K3s documentation.

Deployment Overview

How code in main becomes prod

Kubernetes Setup

Guide for kubectl access and cluster deployment

On this page

PrerequisitesWorking with Encrypted FilesInstallationNavigate to the ansible directoryRun the playbook