Abstract

Guide to the most difficult bare-metal Kubernetes cluster installation that I could think of.

Bare-Metal Kubernetes for Masochists

OpenSSL

At some point, if we feel like it, it might be worth the time to set up a proper CA on the LAN.

It sounds impossible, but you can, in fact, set up your own private Let’s Encrypt

Goal

This project is intended to discover as many errors, faults, and problems as possible in a Kubernetes cluster. To that end, a bare-metal Kubernetes cluster will be built and run on a handful of Stick PCs.

Current Infrastructure

There are currently 5 of these available. One will be deployed as a router to prevent my networking experiments interfering with my better half’s television time.

The remaining four will be deployed in two types. The first will be Samba Active Directory Domain Controllers and Kubernetes worker nodes. There will be two of these. The other two will be Kubernetes Control Planes and worker nodes.

If this is successfully deployed, then I might try and think of something to do with it. Until then, the answer to the question of why did you build this is ‘Because it’s there.’

Because it’s there.

—George Mallory, first white guy to summit Everest.

• etcd
• dex
  • Purpose
  • Notes

Process

This is the most difficult to implement setup that I could think of, if anyone happens upon this tiny unremarkable corner of the internet who knows of a more difficult implementation I’d love to hear about it.

1. Get ArchLinux installed on the stick PCs.

2. Bring up the router.

3. Make the AD instances into a replicating pair of AD DCs.

4. Update the domain with all of the required DNS entries for AD.

5. Validate the configuration and replication for the AD DCs.

6. Bring etcd up on the Kubernetes Control Planes and produce an etcd cluster with them.

7. Bring up the Control Plane instances and make sure they’re clustered.

8. Finally, bring up the worker nodes and join them to the cluster.

K8S Services by Host

host	hostname	service
kcp01	kcp01.int.bh.loc	host
	etcd01.int.bh.loc	etcd key-value store
	kapi01.int.bh.loc	k8s api
	dm01.int.bh.loc	AD domain member
kcp02	kcp02.int.bh.loc	host
	etcd02.int.bh.loc	etcd key-value store
	kapi02.int.bh.loc	k8s api
	dm02.int.bh.loc	AD domain member
kw01	kw01.int.bh.loc	kubernetes worker / kubelet
	dc01.int.bh.loc	AD domain controller
	kdc01.int.bh.loc	kerberos
	ldap01.int.bh.loc	lightweight directory access
kw02	kw02.int.bh.loc	kubernetes worker / kubelet
	dc02.int.bh.loc	AD domain controller
	kdc02.int.bh.loc	kerberos
	ldap02.int.bh.loc	lightweight directory access

nerdctl

This may be helpful, but you’ll need to look at the related package page here to get it working.