michael/IaC
1
0
Fork 0
Code Packages

doco

Browse Source
This commit is contained in:
michael 2022-11-02 01:03:56 +13:00
parent cce06a515b
commit 9fb0635789
4 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
README.md
View File

@ -1,17 +1,21 @@
The general idea is to bootstrap a bare metal host into a functioning kubernetes cluster. The general idea is to bootstrap a bare metal host into a functioning kubernetes cluster.
These playbooks/roles in their current state will create all kubernetes nodes on a single host. This is for lab/testing/learning type scenarios.
With some adjustments though this could be used to provision multiple hypervisors, ideally with each running 2 VMs: a control-plane node and a worker node. If you've got the hardware or the cloud budget for that, then lucky you! :smile:
- Install Arch linux on the bare metal An outline of the steps, which are roughly broekn up by playbook:
- Configure the bare metal Arch host as a hypervisor (qemu/kvm)
- Install Arch linux into a VM on the hypervisor then convert it to a template. - [] Install Arch linux on the bare metal
- Deploy 3 (or more) VMs from the template (uses backing store qcow images). - [x] Configure the bare metal Arch host as a hypervisor (qemu/kvm)
- Create a kubernetes cluster from those 3 VMs. - [] Install Arch linux into a VM on the hypervisor then convert it to a template.
- Install calico networking into the cluster. - [x] Deploy 3 (or more) VMs from the template (uses backing store qcow images).
- Remove the taint from control plane nodes. <-- Optional - [x] Create a kubernetes cluster from those 3 VMs.
- Deploy workloads into the cluster - [x] Install calico networking into the cluster.
- [] Remove the taint from control plane nodes. <-- Optional
- [] Deploy workloads into the cluster
What you don't see here is setup/configuration of an Opnsense VM to act as a firewall, this is too far off from being possible to automate. What you don't see here is setup/configuration of an Opnsense VM to act as a firewall, this is too far off from being possible to automate.
Opnsense provides firewall, routing (including BGP peering to calico nodes), DNS and acts as a HA proxy load balancer to the kubernetes nodes. I'll add notes at some point on how to configure opnsense but it's not something that can be done sensibly with ansible. Opnsense provides firewall, routing (including BGP peering to calico nodes), DNS and acts as a HA proxy load balancer to the kubernetes nodes. I'll add [notes](https://code.balsillie.net/michael/IaC/src/branch/master/notes/opnsense.md) at some point on how to configure opnsense but it's not something that can be done sensibly with ansible.
What you'll also need: What you'll also need:

BIN
notes/images/opnsense_real-server_example.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 42 KiB

BIN
notes/images/opnsense_real-servers.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 88 KiB

7
notes/opnsense.md Normal file
View File

@ -0,0 +1,7 @@
Create the real servers to be added to the backend pool in the next step.
![HA Proxy Real Servers](./images/opnsense_real-servers.png)
Example of a real server config. Leave the SSL box unticked, these will operate in TCP mode only.
![Example of a Real Server entry](./images/opnsense_real-server_example.png)