Kubernetes Build: Difference between revisions
| mNo edit summary | JohnNorthrup (talk | contribs) mNo edit summary | ||
| (17 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| Information about home Kubernetes build. | |||
| ==Physical Build Out== | |||
| '''Kubernetes Network'''<br> | ===Networking=== | ||
| Pod Network CIDR 10.60.0.0/16 | The network design for this installation is one of high segmentation and access control. The [[Kubernetes Network|network]] design and [[Kubernetes Network Firewall|firewall rules.]] | ||
| ==='''Physical Information'''=== | |||
| Power Strip 10.1.2.8 | |||
| maas / saam | |||
| Memory Configuration XMP 3200MHz Profile w/ 1.35V | |||
| CAS 16-18-18-36 | |||
| Overcommit Ratio on KVM: CPU 3 / Memory 4 | |||
| {| class="wikitable" | |||
| |+Network Layout | |||
| !VLAN Name | |||
| !VLAN ID | |||
| !Network | |||
| |- | |||
| |Management | |||
| |2 | |||
| |10.1.2.0/24 | |||
| |- | |||
| |Physical Nodes | |||
| |3 | |||
| |10.1.3.0/24 | |||
| |- | |||
| |NLB West World | |||
| |10 | |||
| |10.1.10.0/24 | |||
| |- | |||
| |NLB Shogun World | |||
| |11 | |||
| |10.1.11.0/24 | |||
| |- | |||
| |K8S Edge Westworld | |||
| |15 | |||
| |10.1.15.0/24 | |||
| |- | |||
| |K8S Edge Shogunworld | |||
| |16 | |||
| |10.1.16.0/24 | |||
| |- | |||
| |K8S Masters Westworld | |||
| |20 | |||
| |10.1.20.0/24 | |||
| |- | |||
| |K8S Masters Shogunworld | |||
| |21 | |||
| |10.1.21.0/24 | |||
| |- | |||
| |K8S Nodes Westworld | |||
| |30 | |||
| |10.1.30.0/24 | |||
| |- | |||
| |K8S Nodes Shogunworld | |||
| |31 | |||
| |10.1.31.0.24 | |||
| |} | |||
| {| class="wikitable" | |||
| |+Physical Node | |||
| !Node Name | |||
| !MAC Address | |||
| |- | |||
| |j | |||
| |7085.c2d3.0d36 | |||
| |- | |||
| |a | |||
| |7085.c2d1.7efc | |||
| |- | |||
| |r | |||
| |7085.c2d4.7fab | |||
| |- | |||
| |v | |||
| |7085.c2d3.0b93 | |||
| |- | |||
| |i | |||
| |7085.c2d3.0d4a | |||
| |- | |||
| |s | |||
| |7085.c2d3.1053 | |||
| |} | |||
| '''Kubernetes Network'''<br>Pod Network CIDR 10.60.0.0/16 | |||
| ====Node Build Out==== | ====Node Build Out==== | ||
| {| class="wikitable sortable" | {| class="wikitable sortable" | ||
| |- | |- | ||
| !Physical Node!! | !Physical Node!!Westworld Node Name!!Shogunworld Node Name!!Etcd Node!!NLB Node | ||
| |- | |- | ||
| |j|| | |j||ww-ctrl-01||sw-wrk-01||sw-etcd-01||ww-nlb-01 | ||
| |- | |- | ||
| |a|| | |a||ww-ctrl-02||sw-wrk-02||sw-etcd-02||ww-nlb-02 | ||
| |- | |- | ||
| |r|| | |r||ww-wrk-01||sw-wrk-03||sw-etcd-03||ww-nlb-03 | ||
| |- | |- | ||
| |v|| | |v||ww-wrk-02||sw-wrk-04||ww-etcd-01||sw-nlb-01 | ||
| |- | |- | ||
| |i|| | |i||ww-wrk-03||sw-ctrl-01||ww-etcd-02||sw-nlb-02 | ||
| |- | |- | ||
| |s|| | |s||ww-wrk-04||sw-ctrl-02||ww-etcd-03||sw-nlb-03 | ||
| |} | |} | ||
| ====HA Config for Etcd & K8S Masters==== | ====HA Config for Etcd & K8S Masters==== | ||
| Two virtual IP addresses, 10.1.10.5 and 10.1.10.6, are shared between  | Two virtual IP addresses, 10.1.10.5 and 10.1.10.6, are shared between ww-nlb-01 and ww-nlb-02. | ||
| [[K8S HAProxy Configuration|HAProxy Configuration]] | |||
| 10.1.10.5 is for usage as the Etcd load-balanced IP address<br> | Heartbeat Configuration Files | ||
| 10.1.10.6 is for usage as the Kubernetes API endpoint | |||
| [[heartbeat ha.cf|ha.cf]]<br>[[heartbeat authkeys|authkeys]]<br>[[heartbeat haresources|haresources]]<br> | |||
| us-nlb-[01,02] have heartbeat installed to manage the shared IP addresses between the two. | |||
| 10.1.10.5 is for usage as the Etcd load-balanced IP address<br>10.1.10.6 is for usage as the Kubernetes API endpoint | |||
| ===Kubernetes Installation=== | ===Kubernetes Installation=== | ||
| Line 37: | Line 125: | ||
| [[Kubernetes Config Files]]<br> | [[Kubernetes Config Files]]<br> | ||
| [[Data Encryption]]<br> | [[Data Encryption]]<br> | ||
| [[Bootstrapping  | [[Bootstrapping etcd]]<br> | ||
| [[Bootstrapping K8S Controllers]]<br> | [[Bootstrapping K8S Controllers]]<br> | ||
| [[Bootstrapping K8S Workers]]<br> | [[Bootstrapping K8S Workers]]<br> | ||
| Line 46: | Line 134: | ||
| ===Building Upon Kubernetes=== | ===Building Upon Kubernetes=== | ||
| CNI Networking : [[Cilium]] <br> | CNI Networking<span> </span>: [[Cilium]] <br> | ||
| Service Mesh : [https://istio.io Istio] <br> | Service Mesh<span> </span>: [https://istio.io Istio] <br> | ||
| LoadBalancing : [https://metallb.universe.tf MetalLB] | LoadBalancing<span> </span>: [https://metallb.universe.tf MetalLB] | ||
| ===Services To Deploy=== | ===Services To Deploy=== | ||
| Line 73: | Line 161: | ||
| [https://www.openpolicyagent.org Open Policy Agent] | [https://www.openpolicyagent.org Open Policy Agent] | ||
| [https://github.com/weaveworks/kured kured] | |||
Latest revision as of 15:45, 13 August 2023
Information about home Kubernetes build.
Physical Build Out
Networking
The network design for this installation is one of high segmentation and access control. The network design and firewall rules.
Physical Information
Power Strip 10.1.2.8 maas / saam
Memory Configuration XMP 3200MHz Profile w/ 1.35V
CAS 16-18-18-36
Overcommit Ratio on KVM: CPU 3 / Memory 4
| VLAN Name | VLAN ID | Network | 
|---|---|---|
| Management | 2 | 10.1.2.0/24 | 
| Physical Nodes | 3 | 10.1.3.0/24 | 
| NLB West World | 10 | 10.1.10.0/24 | 
| NLB Shogun World | 11 | 10.1.11.0/24 | 
| K8S Edge Westworld | 15 | 10.1.15.0/24 | 
| K8S Edge Shogunworld | 16 | 10.1.16.0/24 | 
| K8S Masters Westworld | 20 | 10.1.20.0/24 | 
| K8S Masters Shogunworld | 21 | 10.1.21.0/24 | 
| K8S Nodes Westworld | 30 | 10.1.30.0/24 | 
| K8S Nodes Shogunworld | 31 | 10.1.31.0.24 | 
| Node Name | MAC Address | 
|---|---|
| j | 7085.c2d3.0d36 | 
| a | 7085.c2d1.7efc | 
| r | 7085.c2d4.7fab | 
| v | 7085.c2d3.0b93 | 
| i | 7085.c2d3.0d4a | 
| s | 7085.c2d3.1053 | 
Kubernetes Network
Pod Network CIDR 10.60.0.0/16
Node Build Out
| Physical Node | Westworld Node Name | Shogunworld Node Name | Etcd Node | NLB Node | 
|---|---|---|---|---|
| j | ww-ctrl-01 | sw-wrk-01 | sw-etcd-01 | ww-nlb-01 | 
| a | ww-ctrl-02 | sw-wrk-02 | sw-etcd-02 | ww-nlb-02 | 
| r | ww-wrk-01 | sw-wrk-03 | sw-etcd-03 | ww-nlb-03 | 
| v | ww-wrk-02 | sw-wrk-04 | ww-etcd-01 | sw-nlb-01 | 
| i | ww-wrk-03 | sw-ctrl-01 | ww-etcd-02 | sw-nlb-02 | 
| s | ww-wrk-04 | sw-ctrl-02 | ww-etcd-03 | sw-nlb-03 | 
HA Config for Etcd & K8S Masters
Two virtual IP addresses, 10.1.10.5 and 10.1.10.6, are shared between ww-nlb-01 and ww-nlb-02.
Heartbeat Configuration Files
us-nlb-[01,02] have heartbeat installed to manage the shared IP addresses between the two.
10.1.10.5 is for usage as the Etcd load-balanced IP address
10.1.10.6 is for usage as the Kubernetes API endpoint
Kubernetes Installation
Certificate Authority
Kubernetes Config Files
Data Encryption
Bootstrapping etcd
Bootstrapping K8S Controllers
Bootstrapping K8S Workers
Configure Kubectl
Installing Cilium / Network Routing
Installing CoreDNS
Kubernetes Terms
Building Upon Kubernetes
CNI Networking : Cilium 
Service Mesh : Istio 
LoadBalancing : MetalLB
Services To Deploy
Additional Elements
GitLab
jaeger