Anonymous

Equipment/Blanton: Difference between revisions

From London Hackspace Wiki

Equipment/Blanton (view source)

Revision as of 20:04, 19 July 2021

793 bytes added ,  19 July 2021
no edit summary
No edit summary
Line 174: Line 174:
This hosts irccat and a few other things.
This hosts irccat and a few other things.


It can run docker containers, with the subnet 10.0.24.0/23 forwarded to it via a static route for this use case.
=== kube-master/kube-node/kube-node2 (second node coming soon) ===
There is a Kubernetes cluster running. People have long asked for containerisation, so here it is!


The network was created with this command:
I did try doing something with docker-compose, but the networking got unwealdy fast, and I realised I was about to create something not unlike Kubernetes but badly in a bunch of scripts!
A big sticking point of what took so long to get this working was the dual stack IPv4 and IPv6 support needed to fit into the rest of the hackspace environment,


  docker network create --ipv6 --driver bridge --subnet=10.0.24.0/23 --subnet=2a00:1d40:1843:1a4::/64  --opt "com.docker.network.bridge.name"="dockerexternal" external
A few quick notes:
* Networking is provided by Calico
* LoadBalancer requests are serviced by metallb
** If you want both IPv4 and IPv6 you will need to create two LoadBalancer instances pointing to the same service
* nginx-ingress is configured to support HTTP/HTTPS services
* cert-manager is configured to issue LetsEncrypt certificates automatically, assuming DNS entries are already in place (as would be needed for a regular VM wanting a cert)
** Mark your ingress with the annotation ''cert-manager.io/cluster-issuer: "letsencrypt-prod"''
* there's a single-node glusterfs "cluster" providing storage
* While it's all currently on Blanton, if there was another box (or ideally two) available, it would be possible to make this much more resilient


there were a few IPTables tricks involved as well to allow forwarding. This basically needed this file in /etc/iptables/rules.v4
MetalLB is configured to allocate IP addresses in the ranges 10.0.21.128/25 and 2a00:1d40:1843:182:f000::/68 - it uses layer 2 ARP to advertise these on the LAN.


  *filter
  :DOCKER-USER - [0:0]
  -I DOCKER-USER -i ens18 -o dockerexternal -j ACCEPT
  COMMIT


as well as


  sudo apt-get install iptables-persistent netfilter-persistent
=== gluster ===
 
This is a single-node "cluster" of glusterfs, for providing storage to Kubernetes PersistentVolumeRequests. The idea being it could be expanded in future to run on multple machines for redundancy, if we had more than one working machine. Note that an odd number of nodes is required for proper redundancy (otherwise there can't be a majority for consensus)
A docker-compose file such as this could be used to place a container on this externally accessible network:
 
  version: "3"
  services:
    dash:
      image: acnode-dashboard
      environment:
        - MQTT_SERVER=mqtt.lan.london.hackspace.org.uk:1883
        - LISTEN_ADDR=:8080
      networks:
        - external
  networks:
    external:
      external:
        name: external


=== Scheduled Services ===
=== Scheduled Services ===
Retrieved from ‘https://wiki.london.hackspace.org.uk/view/Special:MobileDiff/54091