Since i don't find where i can contact you personally about kubernetes HOT 6 CLOSED

Hey @abderraxim - this is an awesome request - from 0 to production. However, what is production? Every-one/situation will have a different production requirement. So, you'll have to define what production is to you. And then, you'll need to follow the steps that Venkat has documented so well to get you going.

For demos, deploying nginx into the cluster and showing how to access that service in a browser IS the production environment.

from kubernetes.

@abderraxim Perhaps you might take a look at https://homekube.org Its a complete tutorial on how to setup a barematal kubernetes cluster with references to @justmeandopensource and Techworld with nanas tutorials explaining the individual steps. Solution covers also cert-manger and automated certificate renewal for DNS01 (wildcard subdomains) with screenshots of a sample DNS service provider.

from kubernetes.

Thanks for your feedback, i will check that and get back to you, but before, i have a question or 2.

• where to start to achieve customized nameservers and external dns?
• how can route all the traffic on a single load balancing ip? Like we do on webserver we can design our subdomains or domains to hit the same ip but internally (via zone) hit different folders or in case of k8s different services

from kubernetes.

Let me explain how i see the thing:
I shall write necessities randomly and i hope you help me glue them, so let's start.

• building a cluster with multiple vps spread over different datacenters with multiple masters ( so there is no single point of failure)- minimum 3 to avoid split brain
• routing it via a load balancer which itself has no single point of failure ( as the hosting claims)
• having workers or not ( untaint masters )
• setting customized dns to assign after that domains from different registrars
• setting longhorn ( for k8s <1.25 ) to have shared scheduled space across all vps to avoid again single point of failure
• let's encrypt all over the cluster
• building dummy wordpress for example and route it to a subdomain
  There might be other points i will be adding them later, thank you again

from kubernetes.

Thanks for your feedback, i will check that and get back to you, but before, i have a question or 2.

* where to start to achieve customized nameservers and external dns?

* how can route all the traffic on a single load balancing ip? Like we do on webserver we can design our subdomains or domains to hit the same ip but internally (via zone) hit different folders or in case of k8s different services

CoreDns is a good choice for customized nameservers. We use it for providing our internal DNS. e.g. nas.internal.example.com, db.internal.example.com ... On your DNS providers config page you need to add your subdomain nameserver to the list of nameservers e.g. internal.example.com. You need to operate your own coreDNS server which is pretty straightforward and well explained. However to need to open port 53 tcp/udp on your public ip.
Not to confuse this nameserver for your site intrastructure with your kubernetes clusters nameservers which serve only for cluster internal name resolution.

For single ip loadbalancing we use haproxy as a doorkeeper. I'll add part of our haproxy.cfg file so you might get the idea.

global
    log stdout local0 debug

# Adjust the timeout to your needs
defaults
  log global
  timeout client 30s
  timeout server 30s
  timeout connect 5s

# Single VIP
frontend https
  bind *:443
  mode tcp
  option tcplog

  tcp-request inspect-delay 5s
  tcp-request content accept if { req_ssl_hello_type 1 }

  # NOTICE its req.ssl_sni not req_ssl_sni (deprecated but still valid)
  # NOTICE - do NOT use 'ssl_fc_sni' and 'ssl_fc_sni_end'
  # That is only supported if the certificates are supplied to haproxy e.g. bind *.443 ssl cert ....

  use_backend homekube if { req.ssl_sni -i dashboard.homekube.org }
  use_backend homekube if { req.ssl_sni -i prometheus.homekube.org }
  use_backend homekube if { req.ssl_sni -i grafana.homekube.org }
  use_backend homekube if { req.ssl_sni -i whoami.homekube.org }
  use_backend homekube if { req.ssl_sni -i auth.homekube.org }

  # www.homekube.org is served by github -> @see cname config for homekube.org
  # use_backend rainloop if { req.ssl_sni -i rainloop.homekube.org }
  use_backend raspi if { req.ssl_sni -m end .pi.homekube.org }
  default_backend backend_apache

# Using SNI to take routing decision
backend homekube
  mode tcp
  server ingress 192.168.1.200:443

# Using SNI to take routing decision
backend raspi
  mode tcp
  server raspi_ingress 192.168.1.48:443

# Default backend
# Servers 91 active and 96 backup
# server apache 192.168.1.96:443
backend backend_apache
  mode tcp
  server apache 192.168.1.91:443

192.168.1.200 and 192.168.1.48 are the entry points for the homekube.org demo cluster metallb configuration.
All the other parts of the configuration are documented here

Hope this helps. Good look !

from kubernetes.

I will see if I can put together some videos regarding this. I have a backlog of huge list of requested videos. I am going through them in order requested and will take a while to get to this. Cheers.

from kubernetes.