Teach Noah how to use Kubernetes on-prem in a production environment
- Install
- Setup
- Stop using the word configure!
- Maintain
- Secure
- Storage
- Internal boot drives (MicroSD cards)
- External storage drive
- Processing
- Raspberry Pi 4 B+ x4
- Memory
- Internal RAM 16GB
- Connections
- Switch
- Cables
- Raspi network holepunch
- Router
- Electricity
- POE Switch
- Power strip
- Standardization tools
- Remote command tools
- Maintenance tools
- Storage management tools
- Firewall buster tools
- Virtual computers somewhere else
- Security tools
- Transport Layer Security
- Secret storage
- Rancher Longhorn ✅
- Simple, user-friendly solution made by the creators of k3s
- Easy automated backups to S3 or NFS
- Gained ARM64 support as of v1.1.0 - yay!
No ARM64 support, not an option :(
- Mounting & Formatting Drives on Linux Review
- K3s Kubernetes Distro ✅
- Simple, built-for-production Kubernetes distro, without the restrictions of microk8s
Ansible Hostname ChangerOfficial DocsChanging Hostname the Manual Way- Decided against changing hostnames with Ansible as it added more complication than it subtracted.
- Ansible Hosts documentation
- Encrypting secrets using Ansible's own Vault (not to be confused with Hashicorp Vault)
- Raspberry Pi Dramble Ansible repo
KubeADM Ansible Repo- Decided to go with K3s instead of mainline Kubernetes
- Ingress Controllers explained
- Example code of Traefik Ingress Controller
Inlets, a cloud-native tunneling system supporting ARM64- Big thanks to BattlePope for recommending this
- Ultimately decided against as the open source version wasn't suitable for a pseudo-production environment due to a lack of L4 TCP tunneling support
- SSH tunneling container
- Could be suitable in a future revision that includes built-in tunneling support
- AutoSSH (standard) Container
- Hashicorp Vault seems to be the thing to use
- Retrieving secrets using Hashicorp Vault
systemd
Services Review Tutorial- Kubernetes for the common developer, a good tutorial for the uninitiated dev
-
Ceph Filesystem❌ - too complicated, unreliable- Ceph Docker Image
- Supports both x86-64 and ARM64
- Ceph Setup Guide on Kubernetes
- Uses tool Rook which Kubernetifies Ceph
- Includes simple means to specify which nodes are used for storage & what the mount path is on them
- Rook/Ceph yaml examples
- Provisioning Ceph Block Storage
- Seems to be the industry standard in cloud "block" storage - highly-available virtual disks for VPS in DigitalOcean, AWS
- Ceph Docker Image
-
NFS Storage❌ - neither integrated nor redundant- DigitalOcean
- Rancher
- Deemed unsuitable due to lack of redundancy