A Space Harbor deployment template repository, pre-configured for a minimal K3s cluster deployment.
- OS: Ubuntu 22.04 LTS (recommended)
- Virtualization: KVM/VMWare/Xen
- Memory: 4GB+ (1GB reserved for infrastructure - k3s, ingress controller, cert-manager, etc.)
- CPU: 1-2vCPU (recommended at least 2 vCPU)
- Container runtime: containerd + crun + gVisor
- Networking: Flannel using
host-gw - VPN: WireGuard for administrative access (API server is accessible via VPN)
- Network Policies: Kube-Router
- DNS: CoreDNS
- Metrics: Metrics Server
- Deployment: ArgoCD
- Ingress: Ingress NGINX + Cert Manager
- GitOps Secrets: Sealed Secrets
- Firewall: UFW
-
Prepare an Admin VPN setup Admin VPN is a WireGuard VPN - bulletproof and ultra lightweight entrypoint to your K3s node network from your computer.
At the beginning you need to generate a private & public keypair on your local computer.
# private key wg genkey > privkey # public key cat privkey | wg pubkey > pubkey
Then in your
vars(inventory) e.g.hosts.yamlput your public key and IP address:cluster: hosts: # (...) primary-01: # (...) admin_vpn_ip: 10.257.0.1 # your internal node IP admin_vpn_peers: - ip: 10.157.0.2 # your laptop IP public_key: "MY-PUBKEY-HERE"
-
Run provisioning
todo
Inspired by Stargate series Puddle Jumper spaceship, which is a small, flexible and fast ship that can fly through the Stargates.