Architecture
I have been evaluating some of the simplest Kubernetes solutions for local use, but as I have a major hardware limitation to create the lab, Microk8s responded better to some needs.
Hardware1 – Mac M1 has good memory and processor, but the ARM architecture doesn’t help and for professional reasons, it has a firewall and several security controls, which makes it difficult to create some configurations on the Microk8s, I have had a lot of difficulty configuring MetalLB with External IP.
Pods are created, services are also created with IP within the range configured in MetalLB, but it is not accessible even internally.
This hardware has been working well with Rancher/Docker.
Hardware2 – Intel Core i7/8Gb, this notebook is over 12 years old, but with Debian 12 installed, it has been the hardware I use for VMs (Vagrant / VirtualBox), Kubernetes (Microk8s) and Docker.
The plan is for this hardware situation to change soon €€€.
Network
DNS
For these Labs, a DNS server will be used for ease of understanding, instead of IPs.
For the *.devops-db.local and *.devops-db.com domains there are CA certificates, which will make it easier to configure SSL/TLS between the services.
| Domain | Public DNS | CA Certificate |
|---|---|---|
| *.devops-db.internal | No | No |
| *.lab.devops-db.info | Yes | Yes |
| *.devops-db.com | Yes | No |
Services
| Destination | Start | End |
|---|---|---|
| MetalLB | 172.17.5.150 | 172.17.5.200 |
| Hosts | 172.17.5.60 | 172.17.5.149 |
| Hardware | Virtualizer | IP |
|---|---|---|
| Mac M1 | Rancher / Docker | |
| Intel | Docker | 172.21.5.72/24, 172.21.5.75/24, 172.21.5.76/24 |
| Intel | Microk8s | |
| Intel | Vagrant / VirtualBox |
| Hardware | Virtualizer | Service | IP | Port | DNS |
|---|---|---|---|---|---|
| Intel | Docker | Bind9 | 172.21.5.72 | 53 | |
| Intel | Docker | Registry | 172.21.5.75 | 5000 | registry.devops-db.internal registry.lab.devops-db.info |
| Intel | Vagrant | GitLab | 172.21.5.153 | gitlab.devops-db.internal gitlab.lab.devops-db.info | |
| Intel | Docker | OpenLDAP | 172.21.5.150 | 389, 636 | ldap.devops-db.info |
| Intel | Docker | LDAP Account Manager | 172.21.5.72 | 8082 | ldapman.devops-db.internal |
| Mac | Docker | Jenkins | 172.21.5.70 | 8081, 50000 | jenkins.lab.devops-db.info |
| Intel | Vagrant | DevPi | 172.21.5.160 | 4040 | devpi.devops-db.internal |
Requirements / To do
| Action | Date |
|---|---|
Buy new hardware that can support the services (€  ) | |
| Buy *.devops-db.info certificate | |
| Setting up a VPN with SSL | |