rpik8s

personal bootstrapping for rpi k8s cluster

This is meant to be a living document for my personal setup. This is an opinionated configuration for setting up an rPi cluster for my personal lab. The goal is to have a cluster of 6 devices configured with a single powered USB hub that all communicates over wireless. this is for easy of use and portability.

What I have in my configuration:

• 2x raspberry pi 4 - 2GB
• 4x raspberry pi 3 B+
• 32GB micro SD cards on all devices

Base install requirements before running the first ansible configs. Maybe these can be further automated in the future, but as of now, there is a "single touch" that needs to take place before they get boostrapped with ansible:

• ubuntu 19.10 64bit

• each instance needs a default password configured (this is a required change on the first login)

• each instance has a hostname configured on the localdomain (I use the convention rpc01-06) this is easily applied with sudo hostnamectl set-hostname rpc06

• each instance needs a preshared pubkey configured. I recommend generating a key specifically for this and sharing it with each server as follows

ssh-keygen -f ~/.ssh/rpik8s -N '' -t ed25519
cat ~/.ssh/rpik8s.pub | ssh ubuntu@rpc06 'cat >> ~/.ssh/authorized_keys'

• ssh config that is tied to the preshared pubkey example below

Host rpc0*
  IdentityFile ~/.ssh/rpik8s

Configuring your secrets.yml file

No secrets are hard-coded into this repo. You are welcome to use whatever secrets manager you want, but this config expects a secrets.yml file. Since this isn't tracked in the VCS, I'd recommend storing these secrets in a secrets manager system like pass, 1password, or keychain. Ansible has a secrets manager called ansible-vault, which stores these secrets with symetric encryption at rest.

From the root of this repo run ansible-vault create ansible/secrets.yml

secrets.yml expects to store there yaml variables to run properly:

wireless_ssid=
wireless_passphrase=