ducoterra
f2015e2c71
All checks were successful
Podman DDNS Image / build-and-push-ddns (push) Successful in 1m3s
48 lines
1.2 KiB
Markdown
48 lines
1.2 KiB
Markdown
# Kubernetes
|
|
|
|
## Network Prereqs
|
|
|
|
1. Allow Internal -> Load Balancer
|
|
2. Block Load Balancer -> Internal
|
|
3. Forward ports 22023-22122 to proxy.reeselink.com
|
|
4. `firewall-cmd --add-port=22023-22122/tcp --permanent && firewall-cmd --reload`
|
|
|
|
## Creating VMs
|
|
|
|
```bash
|
|
# Note: bridge1 is connected to an isolated network
|
|
export VM_NAME=reese-k3s
|
|
|
|
qemu-img convert -f qcow2 -O raw \
|
|
/srv/smb/pool0/ducoterra/images/builds/fedora43-base.qcow2 \
|
|
/srv/vm/pool1/${VM_NAME}-boot.raw
|
|
|
|
virt-install \
|
|
--boot uefi,firmware.feature0.name=secure-boot,firmware.feature0.enabled=no \
|
|
--cpu host-passthrough --vcpus sockets=1,cores=4,threads=2 \
|
|
--ram=4096 \
|
|
--os-variant=fedora43 \
|
|
--network bridge:bridge1 \
|
|
--graphics none \
|
|
--console pty,target.type=virtio \
|
|
--name ${VM_NAME} \
|
|
--import --disk "path=/srv/vm/pool1/${VM_NAME}-boot.raw,bus=virtio"
|
|
```
|
|
|
|
- [ ] Add the public key to root
|
|
|
|
- [ ] Add the following to the proxy server's nginx.conf
|
|
|
|
```conf
|
|
server {
|
|
listen 22023;
|
|
proxy_pass 10.4.0.159:22;
|
|
proxy_connect_timeout 10s;
|
|
proxy_timeout 30s;
|
|
}
|
|
```
|
|
|
|
- [ ] `systemctl restart nginx`
|
|
|
|
- [ ] Send SSH command `ssh -p 22023 root@ipv4.reeselink.com`
|