Skip to content
Snippets Groups Projects
user avatar
undercloud: nftables: add rules for server room occupants
Nicolas Froger authored 
Signed-off-by: Nicolas Froger's avatarNicolas Froger <nico@cri.epita.fr>
e4a26509
Select Git revision
0 result
Compare History Find file
Name Last commit Last update
.gitlab
k8s
kolla
overcloud
roles
scripts/afs
undercloud
.ansible-lint
.black-excluded
.checkov.yml
.envrc
.gitattributes
.gitignore
.gitlab-ci.yml
.pre-commit-config.yaml
.yamllint
Dockerfile
LICENSE
README.md
ansible.cfg
config.sh
flake.lock
flake.nix
poetry.lock
pyproject.toml
renovate-presets.json
renovate.json
requirements.yml
README.md

EPITA Infrastructure

This project is the main repository for EPITA's teaching IT infrastructure. We try to follow the Infrastructure as Code (IaC) methodology as much as possible for all of our deployments.

EPITA's teaching IT infrastructure is made of a OpenStack private cloud cluster made available to some entities of the school (majors or laboratories). We also use it ourselves to deploy common services for the whole school. Most of our services are deployed in Kubernetes clusters on top of our OpenStack private cloud.

Repository structure

Undercloud

The undercloud folder is the Ansible deployment folder for our Undercloud. The Undercloud is the underlying infrastructure behind our OpenStack private cloud deployment.

The Undercloud is in charge of :

  • backbone networking (routing, firewalling)
  • DNS secondary of some zones, primary is OpenStack Designate
  • DNS primary of some zones
  • Vault
  • Authentication inside the Undercloud
  • E-mail relaying
  • Backups
  • Part of the monitoring
  • Storage (Ceph)
  • OpenStack infrastructure (control plane and computes)
  • ArgoCD

We have a small k3s cluster for some of the mentioned above services inside the Undercloud. The cluster runs in libvirt virtual machines on some physical servers of the Undercloud.

Ceph is deployed using cephadm which is not a IaC tool, so our Ceph deployment cannot be found in this repository.

Kolla-Ansible

The kolla folder contains the Kolla-Ansible deployment files used to deploy our OpenStack private cloud infrastructure. It is not part of the undercloud folder as it is far more complicated than the other Ansible roles we use for the rest of the Undercloud.

Overcloud

The overcloud folder contains all of our Ansible and Terraform files to deploy our services inside our OpenStack private cloud. Most of user facing services are part of the Overcloud, and the vast majority is deployed in Kubernetes clusters in the Overcloud.

Currently deployed services of the Overcloud are :

  • Moulinette as a Service (MaaS) workers
  • GitLab CI runners
  • RT ticket system
  • OpenAFS cluster for students file storage in computer rooms
  • Moodle
  • ops RKE1 cluster (mostly for monitoring and logging operations)
  • prod-1 RKE1 cluster for most of the user facing services

Kubernetes

The k8s folder contains the Kubernetes manifests for all of our Kubernetes clusters. Everything is automatically synced to our clusters using ArgoCD.