Merge pull request #2 from udaaraSH23/codex/update-readme-with-ansible-terraform-usage

udaaraSH23 · web-flow · commit ba2a33d471aa · 2026-01-22T20:49:06.000+05:30
docs: add Ansible and Terraform usage guides
diff --git a/README.md b/README.md
@@ -88,9 +88,43 @@ Common entry points:
 
 - `infrastructure/k8s/` for Kubernetes manifests (apps, database, secrets, and related resources).
 - `infrastructure/ansible/` for Ansible playbooks that apply deployment configuration and secrets.
+- `infrastructure/terraform/` for Azure infrastructure provisioning (K3s VM + networking).
 
 > Review and update environment-specific values (namespace, image tags, and secrets) before applying to your environment.
 
+#### Provisioning with Terraform (Azure)
+
+Use Terraform to provision the Azure VMs, networking, and public IPs for a small K3s cluster.
+
+1. Review or override defaults in `infrastructure/terraform/variables.tf`.
+2. Authenticate to Azure (e.g., `az login`) and run:
+
+```bash
+cd infrastructure/terraform
+terraform init
+terraform apply
+```
+
+Terraform outputs the public IPs you’ll use for Ansible inventory or SSH. For more details, see `infrastructure/terraform/README.md`.
+
+#### Deploying with Ansible
+
+Ansible playbooks install K3s, deploy ArgoCD, seed secrets, and install IAM/monitoring stacks.
+
+1. Create an inventory with `k3s_master` and `k3s_worker` hosts.
+2. Create `infrastructure/ansible/playbooks/secrets.yml` (recommended via Ansible Vault) with the variables referenced by the playbooks.
+3. Run the playbooks from the `infrastructure/ansible` directory:
+
+```bash
+ansible-playbook playbooks/install-k3s.yml -i inventory.ini -e "public_ip=<MASTER_PUBLIC_IP>" -e "private_ip=<MASTER_PRIVATE_IP>"
+ansible-playbook playbooks/install-argocd.yml
+ansible-playbook playbooks/deploy-secrets.yml
+ansible-playbook playbooks/install-iam-stack.yml
+ansible-playbook playbooks/monitoring-stack.yaml
+```
+
+For prerequisites and playbook details, see `infrastructure/ansible/README.md`.
+
 ## Functionality Overview
 
 ### Student Portal
diff --git a/infrastructure/ansible/README.md b/infrastructure/ansible/README.md
@@ -0,0 +1,87 @@
+# Ansible Playbooks
+
+This directory contains Ansible playbooks and roles to install K3s, deploy ArgoCD, push application secrets, and install IAM/monitoring stacks onto the K3s cluster.
+
+## Prerequisites
+
+- Ansible 2.14+
+- `kubectl` and `helm` on the machine running the playbooks
+- Access to the target VMs (SSH)
+- (Recommended) Ansible Vault for secrets
+
+## Inventory
+
+Create an inventory file (e.g., `inventory.ini`) with one `k3s_master` host and one or more `k3s_worker` hosts:
+
+```ini
+[k3s_master]
+master ansible_host=<MASTER_PUBLIC_IP> ansible_user=azureuser private_ip=<MASTER_PRIVATE_IP>
+
+[k3s_worker]
+worker ansible_host=<WORKER_PUBLIC_IP> ansible_user=azureuser private_ip=<WORKER_PRIVATE_IP>
+```
+
+The `private_ip` host var is required by the K3s playbook to join workers and to populate the kubeconfig.
+
+## Secrets
+
+Some playbooks load `playbooks/secrets.yml`. It should include values like:
+
+- `database_url`
+- `nextauth_secret`
+- `wso2_issuer`
+- `wso2_well_known`
+- `wso2_logout_url`
+- `node_tls_reject_unauthorized`
+- `student_url`, `library_url`, `admin_url`
+- `student_wso2_client_id`, `student_wso2_client_secret`
+- `library_wso2_client_id`, `library_wso2_client_secret`
+- `admin_wso2_client_id`, `admin_wso2_client_secret`
+- `grafana_admin_password`
+
+> Tip: Store `secrets.yml` with Ansible Vault: `ansible-vault create playbooks/secrets.yml`.
+
+## Playbooks
+
+Run playbooks from `infrastructure/ansible`:
+
+```bash
+cd infrastructure/ansible
+```
+
+### 1) Install K3s
+
+```bash
+ansible-playbook playbooks/install-k3s.yml -i inventory.ini -e "public_ip=<MASTER_PUBLIC_IP>" -e "private_ip=<MASTER_PRIVATE_IP>"
+```
+
+This produces `kubeconfig_azure.yaml` in the current directory and stores the cluster token for worker joins.
+
+### 2) Deploy ArgoCD
+
+```bash
+ansible-playbook playbooks/install-argocd.yml
+```
+
+### 3) Deploy Application Secrets
+
+```bash
+ansible-playbook playbooks/deploy-secrets.yml
+```
+
+### 4) Install IAM Stack (WSO2 + MySQL)
+
+```bash
+ansible-playbook playbooks/install-iam-stack.yml
+```
+
+### 5) Deploy Monitoring Stack (Prometheus + Grafana)
+
+```bash
+ansible-playbook playbooks/monitoring-stack.yaml
+```
+
+## Notes
+
+- If you rotate or change secrets, rerun the `deploy-secrets.yml` playbook.
+- All playbooks assume `kubeconfig_azure.yaml` exists in the working directory.
diff --git a/infrastructure/terraform/README.md b/infrastructure/terraform/README.md
@@ -0,0 +1,53 @@
+# Terraform (Azure) - K3s VM Provisioning
+
+This directory provisions Azure infrastructure for a small K3s cluster (one control-plane VM and one worker VM), plus networking and security group rules.
+
+## What It Creates
+
+- Resource group, VNet, subnet, NSG, and NSG rules.
+- Two Linux VMs with public IPs.
+- Outputs for both public IP addresses.
+
+## Prerequisites
+
+- Terraform 1.x
+- Azure CLI authenticated (`az login`)
+- A valid SSH public key (defaults to `~/.ssh/id_rsa.pub`)
+
+## Configure Variables
+
+Defaults are defined in `variables.tf`. Override them via a `terraform.tfvars` file or CLI flags.
+
+Example `terraform.tfvars`:
+
+```hcl
+location         = "eastasia"
+vm_size          = "Standard_D2as_v4"
+vm_size_node2    = "Standard_B4als_v2"
+admin_username   = "azureuser"
+ssh_public_key_path = "~/.ssh/id_rsa.pub"
+```
+
+## Usage
+
+```bash
+cd infrastructure/terraform
+terraform init
+terraform plan
+terraform apply
+```
+
+After apply completes, record the IPs:
+
+```bash
+terraform output public_ip
+terraform output public_ip_node2
+```
+
+Use these values in your Ansible inventory and playbook variables.
+
+## Destroy
+
+```bash
+terraform destroy
+```
