Skip to content
Find file Normal view History Permalink
_index.md 2.24 KiB
Newer Older
Pierre Ozoux's avatar
First commit.
Pierre Ozoux committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 
---
title: "Layers"
---

## Layer 0 - infra

Create 9 machines on your favorite place. We'll not details the steps here. We use hetzner cloud. Deploy a debian or ubuntu or your favorite distrib.

## Layer 1 - network

Then we need to prepare the Network:

### wireguard

In term of network topology, we'll use 3 networks, all secured by wireguard:

 - management
 - Ceph backend
 - Kubernetes overlay

Management will be used by kubernetes and ceph components.

The ceph backend will be used for data heavy part of ceph.

And the overlay to allow services running on top of kubernetes to discuss together.
Mossroy's avatar
Typos and fixes on website  
Mossroy committed
27 
In this step, we'll only install the 2 first one. The overlay will be installed later.
Pierre Ozoux's avatar
First commit.
Pierre Ozoux committed
28 29 30 31 32 33 

## Layer 2 - kubespray

Use [kubespray](https://github.com/kubernetes-sigs/kubespray) to deploy your components.
It is a set of ansible roles to deploy an HA kubernetes cluster.
Pierre Ozoux's avatar
Warns about kubespray.  
Pierre Ozoux committed
34 35 
Or deploy them by hand. We currently use kubespray, but think of not using it for the next iteration.
Pierre Ozoux's avatar
First commit.
Pierre Ozoux committed
36 37 38 
We personnaly use the following:

 - containerd - It is the container runtime. Nowadays, the industry is moving from Docker to containerd, so do we.
Mossroy's avatar
Typos and fixes on website  
Mossroy committed
39 
 - kubeadm - It is developed upstream under kubernetes namespace. It is aimed at becoming the defacto installation tool for kubernetes.
Pierre Ozoux's avatar
First commit.
Pierre Ozoux committed
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 
 - canal with wireguard - it is the Kubernetes overlay network.
 - nginx-ingress
 - cert-manager

## Layer 3 - storage

Storage with [ceph](https://codimd.indie.host/GoflbbtqT5uTgiZJOJoCKg?both) (Or [rook](https://rook.io/) if you are bold ;), it is almost production ready) 

## Layer 4 - backing services

This term is a reference to [12 factor app](https://12factor.net/), and it is not a coincidence! (If you don't know it, get there and read it!)

This is our curated list of operators:

 - [Postgres operator](https://github.com/zalando/postgres-operator)
 - [Redis operator](https://github.com/spotahome/redis-operator)
 - [Stash](https://github.com/appscode/stash/) for backups/restore

## Layer 5 - upstream operators

## Layer 6 - libre.sh operator

## Layer 7 - web UI
Mossroy's avatar
Typos and fixes on website  
Mossroy committed
64 
UI to let people self serve. The status of this is clearly [vaporware](https://en.wikipedia.org/wiki/Vaporware), but we hope to release an alpha by begining of 2021 (Except if you have skills and want to work on it already, this would be amazing ;) ).