So Hetzner sells a bunch of computing stuff. I went for their dedicated servers.
note: slightly cheaper for compute+storage compared to buying committed use on GCP. free networking is +++.
Goals: setup kubernetes so I have a mini cloud to play with.
Hetzner has the option to install "minimal" Arch Linux as the OS, imo, not minimal enough.
Step 1: clean out unneeded packages and install a few necessary ones
note: neovim vs vim is just preference,
zsh is also preference,
binutils and fakeroot are needed for installing stuff from AUR,
rsync might already be installed,
sudo because I don't want to be root all the time,
fail2ban is not strictly necessary but helps keep logs clean.
1pacman -Rns btrfs-progs gptfdisk haveged xfsprogs wget vim net-tools cronie
2pacman -Syu sudo zsh git fail2ban neovim binutils fakeroot kubectl rsync docker
3
4systemctl enable --now fail2ban
5systemctl enable --now docker
Step 2: ensure needed forwarding conf:
1echo br_netfilter | sudo tee /etc/modules-load.d/br_netfilter.conf
2cat << EOF | sudo tee /etc/sysctl.d/30-ipforward.conf
3net.ipv4.ip_forward=1
4net.ipv6.conf.default.forwarding=1
5net.ipv6.conf.all.forwarding=1
6EOF
Step 3: manually edit some files
1# edit /etc/hostname
2
3# edit /etc/hosts
4
5# edit /etc/fstab
6# disable swap
7
8# edit /etc/ssh/sshd_config
9# PermitRootLogin no
10# PasswordAuthentication no
11# PrintLastLog no
Step 5: create user and add to sudo group
note: the defaults are apparently different than usual like no create home?
note: docker group is root-equivalent
1echo '%sudo ALL=(ALL) ALL' > sudoers.d/sudo
2groupadd sudo
3useradd -G sudo,docker -s /bin/zsh -m arccy
4passwd arccy
from own machine copy ssh keys for login
1ssh-copy-id -i ~/.ssh/id_ecdsa_sk hetz
2ssh-copy-id -i ~/.ssh/id_ed25519_sk hetz
3ssh-copy-id -i ~/.ssh/id_ed25519 hetz
Step 6: reboot for some of the changes to take effect
1systemctl reboot
actions will be run a user, so login
Step 7: copy configs for familiarity
1git clone https://github.com/seankhliao/config .config
2ln -s .config/zsh/zshenv .zshenv
3mkdir -p /home/arccy/data/xdg
Step 8: optional create and add ssh keys for github, else disable url rewrites in gitconfig
1ssh-keygen -t ed25519
2# add key to github
Step 9: install stuff from AUR
note: not strictly necessary, maybe better to install out of band? without this, no need for yay either
1curl -LO https://github.com/Jguer/yay/releases/download/v10.0.4/yay_10.0.4_x86_64.tar.gz
2tar xf yay_10.0.4_x86_64.tar.gz
3cd yay_10.0.4_x86_64
4chmod +x yay
5./yay -Syu yay-bin kind-bin
6cd
7rm -rf yay* .bash* .viminfo
Step 10: create config and cluster
This uses kind to run a cluster, originally the plan was a kubeadm installed cluster + cilium + istio but it wasn't working out too well (dunno why, it worked last time).
Disadvantage is hostPorts need to be mapped ahead of time.
note: alternate port mapping strategy would map into the NodePortrange
so services can be targeted and hostPort+DaemonSet unnecessary.
1kind: Cluster
2apiVersion: kind.x-k8s.io/v1alpha4
3networking:
4 apiServerAddress: 135.181.76.154
5nodes:
6 - role: control-plane
7 extraPortMappings:
8 # http3
9 - containerPort: 443
10 hostPort: 443
11 protocol: udp
12
13 # tls, https
14 - containerPort: 443
15 hostPort: 443
16 protocol: tcp
17
18 # http
19 - containerPort: 80
20 hostPort: 80
21 protocol: tcp
22
23 # ipfs swarm
24 - containerPort: 4001
25 hostPort: 4001
26 protocol: udp
27 - containerPort: 4001
28 hostPort: 4001
29 protocol: tcp
30
31 # wireguard
32 - containerPort: 51820
33 hostPort: 51820
34 protocol: udp