Proviso k8s to naked metallic

{getToc} $title={Table of Contents}
$ads={1}
I’ve got some mini PCs that I want to cluster together for a homelab, but want to touch on k8s and some type of IaC. At my workplace, we use cdktf, but I wanted to try something else — and a friend suggested...

One’ve obtained any mini PCs that One privation to bunch unneurotic for a homelab, however privation to contact connected k8s and any kind of IaC. Astatine my office, we usage cdktf, however One needed to attempt thing other — and a person instructed One expression into pulumi. Truthful that’s we’re going with, and what this infra order volition usage!

My dev container has already been setup with SSH cardinal entree and sits down a VPN, truthful One’m skipping complete that. This volition screen provisioning a k8s bunch connected-prem with naked metallic. Using pulumi arsenic the IaC and rancher kubernetes motor (k8s inside docker containers).

The representation will get worse the longer you expression astatine it. One’m rather curious successful “dre metallic”, possibly we’ll research this astatine a future clip.

Pre-reqs

Pulumi put in connected workstation (https://www.pulumi.com/docs/instal/#chocolatey)
Dev container with SSH

Setup

Connected your workstation, we demand to instal the rke pulumi suppliers truthful that we tin entree the SDK:

pulumi plugin instal assets rke
pip instal pulumi pulumi-rke

Initialize pulumi task

mkdir my_first_app
cd my_first_app
pulumi fresh python -y

Since One’m running with python, One setup arsenic a python task — awareness escaped to commencement arsenic any another communication.

Tally done the setup and sanction your stack successful CLI. One conscionable named excavation “dev”.

main.py

The task instauration ought to person initialized any records-data and a venv successful your task. We privation to modify __main__.py to the pursuing:

import pulumi
import pulumi_rke arsenic rke# Specify nodes for the bunch
node = rke.ClusterNodeArgs(
 code="<distant container ip code>",
 person="<person that volition execute the instructions connected the distant container>",
 function=["controlplane", "etcd", "person"],
 ssh_key_path="<implicit way to backstage cardinal to distant container>"
)
# Specify the RKE bunch configuration
bunch = Bunch(
 "investigating-bunch",
 nodes=[node],
 cluster_name="trial-1"
)
# Export the kubeconfig
pulumi.export("kubeconfig", bunch.kube_config_yaml)

Line: we’ll beryllium running successful __main__.py solely for the the rest of this article

This was the first book that One began with, arsenic we seat successful the beneath sections, it volition beryllium modified a spot. Archetypal, nevertheless, fto’s spell complete any parameters:

Node Configuration:

A node is outlined with its IP code, SSH person, roles, and SSH cardinal way. Successful a existent-planet script, you’d person aggregate nodes, all possibly with antithetic roles (controlplane, etcd, person). Guarantee the IP code, person, and SSH cardinal way lucifer your existent situation.

Bunch Configuration:

The Bunch assets is outlined with a mention to the nodes. You tin specify the Kubernetes interpretation and another bunch-broad settings present.

Export Kubeconfig:

Last the bunch is provisioned, the kubeconfig to entree the bunch is exported. You tin usage this kubeconfig to work together with your Kubernetes bunch.

SSH Cardinal

The `ssh_key_path` successful the Pulumi RKE book ought to beryllium the implicit way to your SSH backstage cardinal connected the section device wherever you’re moving the Pulumi book. This cardinal is utilized to authenticate in opposition to the node(s) that volition signifier your Kubernetes bunch. Besides, the backstage cardinal essential beryllium successful OpenSSH/RSA format, not ppk

Erstwhile fit, tally `pulumi ahead`

Archetypal blocker: Module Not Recovered…

This is venv content arsenic famous present: https://stackoverflow.com/questions/75378119/pulumi-runtime-cant-discovery-pulumi-room

 pulumi:pulumi:Stack (trial-k8s-proviso-dev):
 mistake: Programme failed with an unhandled objection:
 Traceback (about new telephone past):
 import pulumi_rke arsenic rke
 ModuleNotFoundError: Nary module named ‘pulumi_rke’

Irritating, however easy mounted. Instructions:

venv/Scripts/pip instal pulumi # conscionable successful lawsuit
venv/Scripts/pip instal pulumi_rke

Erstwhile once more, tally `pulumi ahead`…

2nd blocker: enable_cri_dockerd wants to beryllium fit


Diagnostics:
 rke:scale:Bunch (investigating-bunch):
 mistake: 1 mistake occurred:
 *
 ============= RKE outputs ==============
 clip=”2023–Eleven–24T16:20:38–05:00" flat=information msg=”[rke_provider] rke bunch modified arguments: representation[cluster_name:actual kubernetes_version:actual nodes:actual]”
 clip=”2023–Eleven–24T16:20:38–05:00" flat=information msg=”Creating RKE bunch…”
...
kubernetes interpretation v1.26.9-rancher1–1 requires enable_cri_dockerd to beryllium fit to actual

Extracting from this: `kubernetes interpretation v1.26.9-rancher1–1 requires enable_cri_dockerd to beryllium fit to actual`

Besides, what One motion was that the default representation is 2 insignificant revisions aged and it seems similar it’s utilizing rancher 1–1? Wherever rancher 2-X is launched. Truthful utilizing this grid One tried to fit my k8s interpretation arsenic:

 …
 kubernetes_version=”v1.28.Three-rancher2–1"

It did not similar that. Fortunately, pulumi logged retired a database of appropriate interpretation mixtures! Truthful One conscionable selected the about new k8s + rancher interpretation operation that is supported: `v1.26.Four-rancher2–1`

Backmost to the first blocker: enable_cri_dockerd

It isn’t documented arsenic required, however it’s a emblem successful rke.Bunch:

bunch = rke.Bunch( 
 "investigating-bunch", 
 nodes=[node], 
 cluster_name="trial-1", 
 enable_cri_dockerd=Actual, 
 kubernetes_version="v1.26.Four-rancher2–1" 
)

Truthful, fto’s conscionable fit it arsenic Actual and decision connected. If you’d similar to cognize the ground, cheque this retired

Tally: `pulumi ahead`

3rd blocker: SSH: Nary Cardinal Recovered

One saved encountering the pursuing content:

Failed moving bunch err:Bunch essential person astatine slightest 1 etcd flat adult: 
delight specify 1 oregon much etcd successful bunch config

You acquire this communication astatine the aboveground… Nevertheless, with logging choices:

pulumi ahead --logtostderr -v9

we tin scroll ahead a spot to seat the existent content is that the bid can not discovery the ssh cardinal:

Delight cheque if the configured cardinal oregon specified cardinal record is a legitimate 
SSH Backstage Cardinal. Mistake: Mistake configuring SSH: ssh: nary cardinal recovered

Our node config successful the book primitively appeared similar this:

node = rke.ClusterNodeArgs( 
 code="A hundred.118.7.10", 
 person="rke-ser-1", 
 ssh_key_path="C:\\homelab\\id_rsa", 
 roles=["controlplane", "etcd", "person"] 
)

The codification remark for the people seems similar:

:param pulumi.Enter[str] ssh_key_path: SSH Backstage Cardinal Way (drawstring)

It appeared tenable to attempt what One had, One equal divided it into once the archetypal effort didn’t activity:

node = rke.ClusterNodeArgs( 
 code="One hundred.118.7.10", 
 person="rke-ser-1", 
 ssh_key="id_rsa",
 ssh_key_path="C:\\homelab\\", 
 roles=["controlplane", "etcd", "person"] 
)

… but, to nary avail. Truthful, last scouring the net (and equal asking GPT), One resorted to merely speechmaking successful the backstage cardinal arsenic a drawstring into a adaptable and passing that adaptable into the config similar truthful:

…
with unfastened("C:\\homelab\\id_rsa", "r") arsenic record: 
 ssh_key = record.publication()  node = rke.ClusterNodeArgs( 
 code="One hundred.118.7.10", 
 person="rke-ser-1", 
 ssh_key=ssh_key, 
 roles=["controlplane", "etcd", "person"] 
)

Tally `pulumi ahead`

Drumroll delight…

We’ve bought a k8s bunch provisioned by RKE connected naked metallic utilizing pulumi!!!

 Kind Sanction Program Information
 + pulumi:pulumi:Stack trial-k8s-proviso-dev make 1 informing
 + └─ rke:scale:Bunch investigating-bunch make
Diagnostics:
 pulumi:pulumi:Stack (trial-k8s-proviso-dev):
 informing: roles_deprecated is deprecated: Usage function alternatively
Outputs:
 kubeconfig: output<drawstring>
Sources:
 + 2 to make
…
 Kind Sanction Position Data
 + pulumi:pulumi:Stack trial-k8s-proviso-dev created (91s) 1 informing
 + └─ rke:scale:Bunch investigating-bunch created (88s)
Diagnostics:
 pulumi:pulumi:Stack (trial-k8s-proviso-dev):
 informing: roles_deprecated is deprecated: Usage function alternatively
Outputs:
 kubeconfig: [concealed]
Assets:
 + 2 created

Log into your distant server and tally: `docker ps`

Last Book

import pulumi
import pulumi_rke arsenic rkewith unfastened('C:\\homelab\\id_rsa', 'r') arsenic record:
 ssh_key = record.publication()
# Specify nodes for the bunch
node = rke.ClusterNodeArgs(
 code="A hundred.118.7.10",
 person="rke-ser-1",
 ssh_key=ssh_key,
 roles=["controlplane", "etcd", "person"]
)
# Specify the RKE bunch configuration
bunch = rke.Bunch(
 "investigating-bunch",
 nodes=[node],
 cluster_name="trial-1",
 enable_cri_dockerd=Actual,
 kubernetes_version="v1.26.Four-rancher2-1",
 ssh_agent_auth=Actual
)
# Export the kubeconfig
pulumi.export("kubeconfig", bunch.kube_config_yaml)

$ads={2}