31 lines
2.2 KiB
Markdown
31 lines
2.2 KiB
Markdown
The general idea is to bootstrap a bare metal host into a functioning kubernetes cluster.
|
|
These playbooks/roles in their current state will create all kubernetes nodes on a single host. This is for lab/testing/learning type scenarios.
|
|
With some adjustments though this could be used to provision multiple hypervisors, ideally with each running 2 VMs: a control-plane node and a worker node. If you've got the hardware or the cloud budget for that, then lucky you! :smile:
|
|
|
|
An outline of the steps, which are roughly broekn up by playbook:
|
|
|
|
- [] Install Arch linux on the bare metal
|
|
- [x] Configure the bare metal Arch host as a hypervisor (qemu/kvm)
|
|
- [] Install Arch linux into a VM on the hypervisor then convert it to a template.
|
|
- [x] Deploy 3 (or more) VMs from the template (uses backing store qcow images).
|
|
- [x] Create a kubernetes cluster from those 3 VMs.
|
|
- [x] Install calico networking into the cluster.
|
|
- [] Remove the taint from control plane nodes. <-- Optional
|
|
- [] Deploy workloads into the cluster
|
|
|
|
What you don't see here is setup/configuration of an Opnsense VM to act as a firewall, this is too far off from being possible to automate.
|
|
|
|
Opnsense provides firewall, routing (including BGP peering to calico nodes), DNS and acts as a HA proxy load balancer to the kubernetes nodes. I'll add [notes](https://code.balsillie.net/michael/IaC/src/branch/master/notes/opnsense.md) at some point on how to configure opnsense but it's not something that can be done sensibly with ansible.
|
|
|
|
What you'll also need:
|
|
|
|
Clone the git repo
|
|
Create a vault_password file (chmod 600) under the ansible directory. .gitignore should ensure this doesn't get commited to source control.
|
|
Create an ansible vault in your inventory directory tree to hold sensitive variables such as 'ansible_become_pass'. Again .gitignore should ensure this vault file remains only on your workstation.
|
|
|
|
Check the defaults files for roles carefully. Variables are a scattered mess right now and need to be properly amalgamated.
|
|
|
|
Ansible roles were written to work on an Arch linux workstation, some tasks are intended to install packages to localhost (such as kubectl) and use pacman modules to do so.
|
|
|
|
If you encounter problems with these change those tasks to use your relvant package manager module, eg apt or yum.
|