michael/IaC
1
0
Fork 0
Code Packages

doco

Browse Source
This commit is contained in:
michael 2022-11-02 01:03:56 +13:00
parent cce06a515b
commit 9fb0635789
4 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
README.md
View File

@ -1,17 +1,21 @@
The general idea is to bootstrap a bare metal host into a functioning kubernetes cluster.
These playbooks/roles in their current state will create all kubernetes nodes on a single host. This is for lab/testing/learning type scenarios.
With some adjustments though this could be used to provision multiple hypervisors, ideally with each running 2 VMs: a control-plane node and a worker node. If you've got the hardware or the cloud budget for that, then lucky you! :smile:
- Install Arch linux on the bare metal
- Configure the bare metal Arch host as a hypervisor (qemu/kvm)
- Install Arch linux into a VM on the hypervisor then convert it to a template.
- Deploy 3 (or more) VMs from the template (uses backing store qcow images).
- Create a kubernetes cluster from those 3 VMs.
- Install calico networking into the cluster.
- Remove the taint from control plane nodes. <-- Optional
- Deploy workloads into the cluster
An outline of the steps, which are roughly broekn up by playbook:
- [] Install Arch linux on the bare metal
- [x] Configure the bare metal Arch host as a hypervisor (qemu/kvm)
- [] Install Arch linux into a VM on the hypervisor then convert it to a template.
- [x] Deploy 3 (or more) VMs from the template (uses backing store qcow images).
- [x] Create a kubernetes cluster from those 3 VMs.
- [x] Install calico networking into the cluster.
- [] Remove the taint from control plane nodes. <-- Optional
- [] Deploy workloads into the cluster
What you don't see here is setup/configuration of an Opnsense VM to act as a firewall, this is too far off from being possible to automate.
Opnsense provides firewall, routing (including BGP peering to calico nodes), DNS and acts as a HA proxy load balancer to the kubernetes nodes. I'll add notes at some point on how to configure opnsense but it's not something that can be done sensibly with ansible.
Opnsense provides firewall, routing (including BGP peering to calico nodes), DNS and acts as a HA proxy load balancer to the kubernetes nodes. I'll add [notes](https://code.balsillie.net/michael/IaC/src/branch/master/notes/opnsense.md) at some point on how to configure opnsense but it's not something that can be done sensibly with ansible.
What you'll also need:

BIN
notes/images/opnsense_real-server_example.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 42 KiB

BIN
notes/images/opnsense_real-servers.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 88 KiB

7
notes/opnsense.md Normal file
View File

@ -0,0 +1,7 @@
Create the real servers to be added to the backend pool in the next step.
![HA Proxy Real Servers](./images/opnsense_real-servers.png)
Example of a real server config. Leave the SSL box unticked, these will operate in TCP mode only.
![Example of a Real Server entry](./images/opnsense_real-server_example.png)