27 lines
1.7 KiB
Markdown
27 lines
1.7 KiB
Markdown
The general idea is to bootstrap a bare metal host into a functioning kubernetes cluster.
|
|
|
|
- Install Arch linux on the bare metal
|
|
- Configure the bare metal Arch host as a hypervisor (qemu/kvm)
|
|
- Install Arch linux into a VM on the hypervisor then convert it to a template.
|
|
- Deploy 3 (or more) VMs from the template (uses backing store qcow images).
|
|
- Create a kubernetes cluster from those 3 VMs.
|
|
- Install calico networking into the cluster.
|
|
- Remove the taint from control plane nodes. <-- Optional
|
|
- Deploy workloads into the cluster
|
|
|
|
What you don't see here is setup/configuration of an Opnsense VM to act as a firewall, this is too far off from being possible to automate.
|
|
|
|
Opnsense provides firewall, routing (including BGP peering to calico nodes), DNS and acts as a HA proxy load balancer to the kubernetes nodes. I'll add notes at some point on how to configure opnsense but it's not something that can be done sensibly with ansible.
|
|
|
|
What you'll also need:
|
|
|
|
Clone the git repo
|
|
Create a vault_password file (chmod 600) under the ansible directory. .gitignore should ensure this doesn't get commited to source control.
|
|
Create an ansible vault in your inventory directory tree to hold sensitive variables such as 'ansible_become_pass'. Again .gitignore should ensure this vault file remains only on your workstation.
|
|
|
|
Check the defaults files for roles carefully. Variables are a scattered mess right now and need to be properly amalgamated.
|
|
|
|
Ansible roles were written to work on an Arch linux workstation, some tasks are intended to install packages to localhost (such as kubectl) and use pacman modules to do so.
|
|
|
|
If you encounter problems with these change those tasks to use your relvant package manager module, eg apt or yum.
|