You plan a dedicated machine to install and experiment with the Community Distribution of Kubernetes, maybe even on an rented root server in the wild wild world?
It is probably worth the time to read a little further....
Naturally when we do some experiments we can destroy our cluster and bring it in a state we can't fix or recover. From this point of view we should try to keep complex things simple and repeatable. This is what this lab wants to address to.
You can expect a fully virtualized small IT center with everything you need to install a User Provisioned Infrastructure (UPI) of OKD4 based on KVM. You get some great Rook Cloud-native Storage for your cluster and many more.
Additionally you get mostly all you need for a development environment including git, artifact management, private container registry, centralized user registry..... everything pre-configured and tightly integrated.
- Dedicated root server (recommended)
- Internet access*
- Git client (optional)
- SSH / VNC client
- Visual Studio Code Insiders (optional but highly recommended!)
This project is being developed on a Hetzner machine with the following specs:
- AMD Ryzen 9 3900 12-Core
- 128 GB DDR4 ECC
- 2 x 1,92 TB NVMe SSD
You can do it with less but than you have to tweak some settings and/or strip off some optional services.
*Please Note! NO proxy support in this version! Following soon.
95% of the installation process is copy&paste. No deep Linux or OKD4/Kubernetes skills needed!*
*The missing 5% is a guided CentOS 8.3 Linux installation and using a Firefox to create some tokens.
100% Open Source! Watch a animated gif at dropbox and open pandorra's box.
Lab Machine:
Provisioning and automation:
Bastion (KVM):
- OKD4 - UPI installation environment:
- OKD4 Registry Mirror
- Fedora CoreOS Mirror
- DNS
- DHCP
- TFTP
- Project Quay with Clair
- Podman, Skopeo, Buildah (no Docker!)
- 389 Directory
- GitLab (optional)
- Artifactory (optional)
Load Balancer (KVM):
OKD4 (KVMs):
- Bootstrap
- 3x Master
- 3x Worker
OKD4 Storage:
Especially with servers available in the wild wild world some kind of security makes sense!
For this reason:
- A Firewall is running on this lab and only SSH (port 53) is allowed on the external interface.
- Only SSH PubkeyAuthentication is allowed.
- Only necessary services are enabled.
- Except SSH all network services are bound to
localhost. - Virtual network is not directly reachable from the wild world.
- VS Code and VNC is only available via SSH tunnel.
If you go the Hetzner path additional security is possible and recommended.
This guide is not about installing and maintaining Linux at the highest possible levels. It's not about being the best of class automation expert and it's a controlled environment with intentionally 99% static settings. But if you know what you do, you can change and expand everything with ease and apply it to your needs. Have fun!
Thanks to all in the Open Source Community and especially to @cgruver for inspiration and help!
OKD-LAB is released under the Apache 2.0 license. See the LICENSE file for details. Some components may be licensed differently - consult individual repositories for more.