feat: implement kubeadm bootstrap scaffolding for Nix nodes
All checks were successful
Terraform Plan / Terraform Plan (push) Successful in 18s
All checks were successful
Terraform Plan / Terraform Plan (push) Successful in 18s
This commit is contained in:
@@ -10,8 +10,13 @@ This folder defines role-based NixOS configs for a kubeadm cluster.
|
||||
## What this provides
|
||||
|
||||
- Shared Kubernetes/node prerequisites in `modules/k8s-common.nix`
|
||||
- Shared cluster defaults in `modules/k8s-cluster-settings.nix`
|
||||
- Role-specific settings for control planes and workers
|
||||
- Host configs for each node in `hosts/`
|
||||
- Bootstrap helper commands:
|
||||
- `th-kubeadm-init`
|
||||
- `th-kubeadm-join-control-plane`
|
||||
- `th-kubeadm-join-worker`
|
||||
- `th-kubeadm-status`
|
||||
|
||||
## Hardware config files
|
||||
|
||||
@@ -36,7 +41,56 @@ sudo nixos-rebuild switch --flake .#cp-1
|
||||
For remote target-host workflows, use your preferred deploy wrapper later
|
||||
(`nixos-rebuild --target-host ...` or deploy-rs/colmena).
|
||||
|
||||
## Bootstrap runbook (kubeadm + kube-vip + Cilium)
|
||||
|
||||
1. Apply Nix config on all nodes (`cp-*`, then `wk-*`).
|
||||
2. On `cp-1`, run:
|
||||
|
||||
```bash
|
||||
sudo th-kubeadm-init
|
||||
```
|
||||
|
||||
This infers the control-plane VIP as `<node-subnet>.250` on `eth0`, creates the
|
||||
kube-vip static pod manifest, and runs `kubeadm init`.
|
||||
|
||||
3. Install Cilium from `cp-1`:
|
||||
|
||||
```bash
|
||||
helm repo add cilium https://helm.cilium.io
|
||||
helm repo update
|
||||
helm upgrade --install cilium cilium/cilium \
|
||||
--namespace kube-system \
|
||||
--set kubeProxyReplacement=true
|
||||
```
|
||||
|
||||
4. Generate join commands on `cp-1`:
|
||||
|
||||
```bash
|
||||
sudo kubeadm token create --print-join-command
|
||||
sudo kubeadm init phase upload-certs --upload-certs
|
||||
```
|
||||
|
||||
5. Join `cp-2` and `cp-3`:
|
||||
|
||||
```bash
|
||||
sudo th-kubeadm-join-control-plane '<kubeadm join ... --control-plane --certificate-key ...>'
|
||||
```
|
||||
|
||||
6. Join workers:
|
||||
|
||||
```bash
|
||||
sudo th-kubeadm-join-worker '<kubeadm join ...>'
|
||||
```
|
||||
|
||||
7. Validate from a control plane:
|
||||
|
||||
```bash
|
||||
kubectl get nodes -o wide
|
||||
kubectl -n kube-system get pods -o wide
|
||||
```
|
||||
|
||||
## Notes
|
||||
|
||||
- This does not run `kubeadm init/join` automatically.
|
||||
- It prepares OS/runtime/kernel prerequisites so kubeadm bootstrapping is clean.
|
||||
- Scripts are intentionally manual-triggered (predictable for homelab bring-up).
|
||||
- If `.250` on the node subnet is already in use, change `controlPlaneVipSuffix`
|
||||
in `modules/k8s-cluster-settings.nix` before bootstrap.
|
||||
|
||||
Reference in New Issue
Block a user