diff --git a/README.md b/README.md index c53b17c..0c89103 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,21 @@ The general idea is to bootstrap a bare metal host into a functioning kubernetes cluster. +These playbooks/roles in their current state will create all kubernetes nodes on a single host. This is for lab/testing/learning type scenarios. +With some adjustments though this could be used to provision multiple hypervisors, ideally with each running 2 VMs: a control-plane node and a worker node. If you've got the hardware or the cloud budget for that, then lucky you! :smile: -- Install Arch linux on the bare metal -- Configure the bare metal Arch host as a hypervisor (qemu/kvm) -- Install Arch linux into a VM on the hypervisor then convert it to a template. -- Deploy 3 (or more) VMs from the template (uses backing store qcow images). -- Create a kubernetes cluster from those 3 VMs. -- Install calico networking into the cluster. -- Remove the taint from control plane nodes. <-- Optional -- Deploy workloads into the cluster +An outline of the steps, which are roughly broekn up by playbook: + +- [] Install Arch linux on the bare metal +- [x] Configure the bare metal Arch host as a hypervisor (qemu/kvm) +- [] Install Arch linux into a VM on the hypervisor then convert it to a template. +- [x] Deploy 3 (or more) VMs from the template (uses backing store qcow images). +- [x] Create a kubernetes cluster from those 3 VMs. +- [x] Install calico networking into the cluster. +- [] Remove the taint from control plane nodes. <-- Optional +- [] Deploy workloads into the cluster What you don't see here is setup/configuration of an Opnsense VM to act as a firewall, this is too far off from being possible to automate. -Opnsense provides firewall, routing (including BGP peering to calico nodes), DNS and acts as a HA proxy load balancer to the kubernetes nodes. I'll add notes at some point on how to configure opnsense but it's not something that can be done sensibly with ansible. +Opnsense provides firewall, routing (including BGP peering to calico nodes), DNS and acts as a HA proxy load balancer to the kubernetes nodes. I'll add [notes](https://code.balsillie.net/michael/IaC/src/branch/master/notes/opnsense.md) at some point on how to configure opnsense but it's not something that can be done sensibly with ansible. What you'll also need: diff --git a/notes/images/opnsense_real-server_example.png b/notes/images/opnsense_real-server_example.png new file mode 100644 index 0000000..5b7f1c5 Binary files /dev/null and b/notes/images/opnsense_real-server_example.png differ diff --git a/notes/images/opnsense_real-servers.png b/notes/images/opnsense_real-servers.png new file mode 100644 index 0000000..703e3ff Binary files /dev/null and b/notes/images/opnsense_real-servers.png differ diff --git a/notes/opnsense.md b/notes/opnsense.md new file mode 100644 index 0000000..062bec9 --- /dev/null +++ b/notes/opnsense.md @@ -0,0 +1,7 @@ +Create the real servers to be added to the backend pool in the next step. + +![HA Proxy Real Servers](./images/opnsense_real-servers.png) + +Example of a real server config. Leave the SSL box unticked, these will operate in TCP mode only. + +![Example of a Real Server entry](./images/opnsense_real-server_example.png) \ No newline at end of file