CSTF/wild-cloud
1
1
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects 1 Releases 1 Wiki Activity
Files
f80f0e97caff007565a971ad34451a88236dbe20
wild-cloud/infrastructure_setup
History
Paul Payne f80f0e97ca Add RBAC configuration for dashboard admin and update TLS secret reference
2025-05-05 09:43:56 -07:00
..
cert-manager
Refactor cert-manager and ExternalDNS configurations
2025-05-03 13:51:52 -07:00
coredns
Add CoreDNS configuration and update setup script; remove split-horizon config
2025-05-05 09:41:47 -07:00
externaldns
Add ExternalDNS configuration and setup script for Cloudflare integration
2025-05-05 09:43:28 -07:00
kubernetes-dashboard
Add RBAC configuration for dashboard admin and update TLS secret reference
2025-05-05 09:43:56 -07:00
metallb
Initial commit.
2025-04-27 14:57:00 -07:00
traefik
Add Traefik README and update service configuration annotations
2025-05-05 09:42:02 -07:00
utils
Add netdebug script and Kubernetes configuration for debugging pod
2025-05-05 09:40:00 -07:00
get_helm.sh
Initial commit.
2025-04-27 14:57:00 -07:00
README.md
Initial commit.
2025-04-27 14:57:00 -07:00
setup-all.sh
Initial commit.
2025-04-27 14:57:00 -07:00
setup-cert-manager.sh
Refactor cert-manager and ExternalDNS configurations
2025-05-03 13:51:52 -07:00
setup-coredns.sh
Add CoreDNS configuration and update setup script; remove split-horizon config
2025-05-05 09:41:47 -07:00
setup-dashboard.sh
Initial commit.
2025-04-27 14:57:00 -07:00
setup-externaldns.sh
Add ExternalDNS configuration and setup script for Cloudflare integration
2025-05-05 09:43:28 -07:00
setup-metallb.sh
Initial commit.
2025-04-27 14:57:00 -07:00
setup-traefik.sh
Initial commit.
2025-04-27 14:57:00 -07:00
setup-utils.sh
Initial commit.
2025-04-27 14:57:00 -07:00
validate_setup.sh
Initial commit.
2025-04-27 14:57:00 -07:00

README.md

Infrastructure setup scripts

Creates a fully functional personal cloud infrastructure on a bare metal Kubernetes (k3s) cluster that provides:

  1. External access to services via configured domain names (using ${DOMAIN})
  2. Internal-only access to admin interfaces (via internal.${DOMAIN} subdomains)
  3. Secure traffic routing with automatic TLS
  4. Reliable networking with proper load balancing

Architecture

Internet → External DNS → MetalLB LoadBalancer → Traefik → Kubernetes Services
                                    ↑
                                 Internal DNS
                                    ↑
                              Internal Network

Key Components

  • MetalLB - Provides load balancing for bare metal clusters
  • Traefik - Handles ingress traffic, TLS termination, and routing
  • cert-manager - Manages TLS certificates
  • CoreDNS - Provides DNS resolution for services
  • Kubernetes Dashboard - Web UI for cluster management (accessible via https://dashboard.internal.${DOMAIN})

Configuration Approach

All infrastructure components use a consistent configuration approach:

  1. Environment Variables - All configuration settings are managed using environment variables loaded by running source load-env.sh
  2. Template Files - Configuration files use templates with ${VARIABLE} syntax
  3. Setup Scripts - Each component has a dedicated script in infrastructure_setup/ for installation and configuration

Idempotent Design

All setup scripts are designed to be idempotent:

  • Scripts can be run multiple times without causing harm
  • Each script checks for existing resources before creating new ones
  • Configuration updates are applied cleanly without duplication
  • Failed or interrupted setups can be safely retried
  • Changes to configuration will be properly applied on subsequent runs

This idempotent approach ensures consistent, reliable infrastructure setup and allows for incremental changes without requiring a complete teardown and rebuild.