jwreagor / k8s-bare-metal Goto Github PK

After some feedback, I think it makes sense to remove the bastion as a requirement for the Packer builds. Then the bastion can be brought up as a requirement during the Terraform process itself.

Need to make sure specific actions are idempotent throughout the process. Like not rewriting certs... etc.

Is docker the reason why nodes can only be kvm instances? Would cri-o (http://cri-o.io/) or another container runtime remove that requirement and let us use lx-zones instead?

The Hard Way article sets up kubectl on the bastion itself. I'd like to do that here as well as open up a port that proxies into the Kubernetes API server instance.

There's a lapse in the process going from make build into make plan. I'd like the step to be seamless without having to configure image UUIDs within the .terraform.vars file.

This patch should solve the problem through a post-provisioner. A script should write out the previously built image UUID and generate a new template that is used by Terraform as the .terraform.vars file.

I don't want a joined make build that also runs Terraform as that would break the library boundary amongst the two. I'm ok with a script that combines everything as it's own thing at the end of this project.

At the end of launching workers, the process needs to setup networking on KVM worker nodes. This is to allow communication between pods/services running on separate hosts within the Kubernetes cluster.

Right now, I believe this utilizes the default kubenet networking driver. Future enhancements might change or remove this networking option as there may be better options running on Triton.

Right now I'm reusing the etcd Autopilot Pattern for quickly getting a prototype out the door. This task should provide the etcd cluster from within Packer and Terraform like all other nodes.

I'd like to have an option for workers that sit outside the private fabric network. This should allow opening up port 80 and having multiple frontend edge hosts for ingress controllers, public CNS based load balancing, etc.

Right now workers use the KVM Ubuntu Certified image which uses the ubuntu user by default instead of root. Joyent uses root everywhere else... so yeah... we should open up root for administration purposes.