- Automate everything
- Use Terraform for volatile infrastructure (servers, DNS records, certificates)
- Use Cloud-Init for static provisioning (packages, users)
- Use Ansible to provision servers (motd, SSH keys, workshop content)
- Logging in for provisoning is an anti-pattern!
- Security
- Participants log in using the
workshopssh user using their ssh key - The server is equipped with a wildcard TLS certificate. Communication to the server should be encrypted (HTTPS)
- (sudo rights are limited)
- Participants log in using the
- Cloud
- Servers can be deployed into any cloud (e.g. Hetzner, Digital Ocean)
- DNS records are managed at Digital Ocean (which is free)
- General
- Servers have random pet names (e.g.
upright-sunbird) - Servers have a FQDN using a common domain name (e.g.
k8s.o12stack.org) - Tools needed to view and edit text files are installed on the server
- Servers have random pet names (e.g.
And finally: What would a workshop server be without a nice motd welcome message:
