Kubernetes Build

From Wizard Rants
Revision as of 03:41, 25 May 2023 by Northrup2 (talk | contribs) (Spacing)
Jump to navigation Jump to search

Physical Build Out

Networking

The network design for this installation is one of high segmentation and access control. The network design and firewall rules.

Physical Information

Power Strip 10.1.2.8 maas / saam

Memory Configuration XMP 3200MHz Profile w/ 1.35V

CAS 16-18-18-36

Overcommit Ratio on KVM: CPU 3 / Memory 4


Network Layout
VLAN Name VLAN ID Network
Management 2 10.1.2.0/24
Physical Nodes 3 10.1.3.0/24
NLB West World 10 10.1.10.0/24
NLB Shogun World 11 10.1.11.0/24
K8S Edge Westworld 15 10.1.15.0/24
K8S Edge Shogunworld 16 10.1.16.0/24
K8S Masters Westworld 20 10.1.20.0/24
K8S Masters Shogunworld 21 10.1.21.0/24
K8S Nodes Westworld 30 10.1.30.0/24
K8S Nodes Shogunworld 31 10.1.31.0.24
Physical Node
Node Name MAC Address
j 7085.c2d3.0d36
a 7085.c2d1.7efc
r 7085.c2d4.7fab
v 7085.c2d3.0b93
i 7085.c2d3.0d4a
s 7085.c2d3.1053

Kubernetes Network
Pod Network CIDR 10.60.0.0/16

Node Build Out

Physical Node Westworld Node Name Shogunworld Node Name Etcd Node NLB Node
j ww-ctrl-01 sw-wrk-01 sw-etcd-01 ww-nlb-01
a ww-ctrl-02 sw-wrk-02 sw-etcd-02 ww-nlb-02
r ww-wrk-01 sw-wrk-03 sw-etcd-03 ww-nlb-03
v ww-wrk-02 sw-wrk-04 ww-etcd-01 sw-nlb-01
i ww-wrk-03 sw-ctrl-01 ww-etcd-02 sw-nlb-02
s ww-wrk-04 sw-ctrl-02 ww-etcd-03 sw-nlb-03

HA Config for Etcd & K8S Masters

Two virtual IP addresses, 10.1.10.5 and 10.1.10.6, are shared between ww-nlb-01 and ww-nlb-02.

HAProxy Configuration

Heartbeat Configuration Files

ha.cf
authkeys
haresources

us-nlb-[01,02] have heartbeat installed to manage the shared IP addresses between the two.

10.1.10.5 is for usage as the Etcd load-balanced IP address
10.1.10.6 is for usage as the Kubernetes API endpoint

Kubernetes Installation

Certificate Authority
Kubernetes Config Files
Data Encryption
Bootstrapping etcd
Bootstrapping K8S Controllers
Bootstrapping K8S Workers
Configure Kubectl
Installing Cilium / Network Routing
Installing CoreDNS
Kubernetes Terms

Building Upon Kubernetes

CNI Networking : Cilium
Service Mesh : Istio
LoadBalancing : MetalLB

Services To Deploy

Vault

Prometheus

Fluentd

elasticsearch

grafana

Additional Elements

Harbor

Rook

GitLab

jaeger

Open Policy Agent

kured