# Kubernetes

## Network Prereqs

1. Allow Internal -> Load Balancer
2. Block Load Balancer -> Internal
3. Forward ports 22023-22122 to proxy.reeselink.com
4. `firewall-cmd --add-port=22023-22122/tcp --permanent && firewall-cmd --reload`

## Creating VMs

```bash
# Note: bridge1 is connected to an isolated network
export VM_NAME=reese-k3s

qemu-img convert -f qcow2 -O raw \
/srv/smb/pool0/ducoterra/images/builds/fedora43-base.qcow2 \
/srv/vm/pool1/${VM_NAME}-boot.raw

virt-install \
--boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=no \
--cpu host-passthrough --vcpus sockets=1,cores=4,threads=2 \
--ram=4096 \
--os-variant=fedora43 \
--network bridge:bridge1 \
--graphics none \
--console pty,target.type=virtio \
--name ${VM_NAME} \
--import --disk "path=/srv/vm/pool1/${VM_NAME}-boot.raw,bus=virtio"
```

- [ ] Add the public key to root

- [ ] Add the following to the proxy server's nginx.conf

```conf
    server {
        listen     22023;
        proxy_pass 10.4.0.159:22;
        proxy_connect_timeout 10s;
        proxy_timeout 30s;
    }
```

- [ ] `systemctl restart nginx`

- [ ] Send SSH command `ssh -p 22023 root@ipv4.reeselink.com`