Home Infrastructure as Code - Introduction (Part One)
Where am I today?
Currently for a few services at home, I have a CentOS 7 bare metal machine which is a single Kubernetes node and master. This was initially set up with Ansible, however over time configuration has drifted as I introduced technologies such as Flux , CIFS and Sealed Secrets. Flux is configured to monitor a GitHub repo called home-kubernetes (creative I know) and any persistent storage is on my NAS. I also use Traefik for my ingress traffic.
There is a Fortigate 60E in front of this which handles Load Balancing and is the nameserver server for my internal domain.
This works pretty great, however, there are some problems.
Problem
The computer that this is running on is getting quite old, and I really would hate to have to build all of this again if it fails. The Ansible configuration is no longer representing the current state and being a single node Kubernetes cluster, upgrading can be pretty risky with rollback being difficult.
Where do I want to get to?
So this solution is very over-engineered for a home solution but it’s pretty good exposure to a lot of tools.
My eventual end goal is to have the following technology stack, however it will take some time to get there.
- Packer
- PXE/TFTP/HTTP
- KVM
- Terraform
- cloud-init (no-cloud plugin) and a HTTP metadata service
- CentOS 8
- Docker (Maybe switch out to Podman and Buildah)
- Kubernetes
- Flux
- Sealed Secrets
- MetalLB
A very high level plan of how I aim to get to where I want to be
To begin with, I aim to introduce another two Git repos. home-packer and home-ansible. Yes, super creative naming but don’t judge. It’s my environment, not yours ;)
I will start off with geerlingguy’s CentOS 8 code as my base image and build the following images.
- home-base
- home-kvm
- home-kubernetes
Upon build time, these images will be configured using a mixture of Ansible playbooks and bash scripts where appropriate. The initialisation of services will be handled on first boot, via cloud-init and the relevant metadata.
I am looking to host my HTTP metadata service either on my NAS or in an Azure Storage Account with static hosting enabled. There should be one directory per MAC address which contains a user-data and meta-data file.
The home-kvm Packer image should then be either converted to a RAW image or squashfs image ready to be deployed via PXE. I then plan to use Kickstart to update the /etc/cloud/cloud.cfg to point to the correct datasource. The user-data will then be configured to run the initialisation Ansible scripts for the relevant service.
The above applies to the home-kubernetes image as well, however this time it should be converted into a QCOW2 image upon completion. This can then be deployed onto the KVM host via terraform.
Conclusion
So yeah, that was an overview of where I aim to eventually be, and I’ve sourced some old hardware to play around with bare metal deployments. Maybe it will go to plan, maybe some things will change along the way, but I’ll eventually get to where I want to be.
It’s a big project but I’m sure I’ll fit it in somewhere piece by piece.