rpik8s
personal bootstrapping for rpi k8s cluster
This is meant to be a living document for my personal setup. This is an opinionated configuration for setting up an rPi cluster for my personal lab. The goal is to have a cluster of 6 devices configured with a single powered USB hub that all communicates over wireless. this is for easy of use and portability.
What I have in my configuration:
- 2x raspberry pi 4 - 2GB
- 4x raspberry pi 3 B+
- 32GB micro SD cards on all devices
Base install requirements before running the first ansible configs. Maybe these can be further automated in the future, but as of now, there is a "single touch" that needs to take place before they get boostrapped with ansible:
-
each instance needs a default password configured (this is a required change on the first login)
-
each instance has a hostname configured on the localdomain (I use the convention rpc01-06) this is easily applied with
sudo hostnamectl set-hostname rpc06
-
each instance needs a preshared pubkey configured. I recommend generating a key specifically for this and sharing it with each server as follows
ssh-keygen -f ~/.ssh/rpik8s -N '' -t ed25519
cat ~/.ssh/rpik8s.pub | ssh ubuntu@rpc06 'cat >> ~/.ssh/authorized_keys'
- ssh config that is tied to the preshared pubkey example below
Host rpc0*
IdentityFile ~/.ssh/rpik8s
Configuring your secrets.yml file
No secrets are hard-coded into this repo. You are welcome to use whatever secrets manager you want, but this config expects a secrets.yml file. Since this isn't tracked in the VCS, I'd recommend storing these secrets in a secrets manager system like pass, 1password, or keychain. Ansible has a secrets manager called ansible-vault, which stores these secrets with symetric encryption at rest.
From the root of this repo run
ansible-vault create ansible/secrets.yml
secrets.yml expects to store there yaml variables to run properly:
wireless_ssid=
wireless_passphrase=