/uds-rke2

A sandbox repository and package for a production-ready UDS RKE2 capability

Primary LanguageShellApache License 2.0Apache-2.0

UDS RKE2 Environment

Unicorn Delivery Service (UDS), Rancher Kubernetes Engine 2 (RKE2)

Important

This is an unofficial sandbox repository for developing and testing a UDS RKE2 capability. Please go to the defenseunicorns organization for the official UDS RKE2 capability.

This Zarf package serves as an air-gapped production environment for deploying UDS Core, individual UDS Capabilities, and UDS capabilities aggregated (bundled) via the UDS CLI.

See the UDS RKE2 Mermaid diagram for visual representations of the tech stack's components and order of operations.

Table of Contents

  1. Pre-Requisites
  2. Usage
  3. Additional Info

Pre-Requisites

The following are requirements for an environment where a user is deploying UDS RKE2 and its custom components and applications.

Usage

Important

This entire repository assumes that you have root access, and all scripts and actions are run as root. Use sudo su to activate a root shell.

This section provides minimal context and instructions for quickly deploying the base UDS RKE2 capability. See the DEVELOPMENT.md for instructions on how to further develop UDS RKE2.

Virtual Machines

Caution

Due to the the disk formatting and mount operations, networking and STIG configurations that are applied to a node's host, it is highly recommended that the contents of this repository are not directly installed on a personal machine.

The best way to test UDS RKE2 is to spin-up one or more nodes using a containerized method, such as virtual machines or networks.

LeapfrogAI, the main support target of this bundle, requires GPU passthrough to all worker nodes that will have a taint for attracting pods with GPU resource and workload requirements.

Please see the VM setup documentation and VM setup scripts to learn more about manually creating development VM..

Bundles

There are 3 main "flavors" of the UDS RKE2 Core bundle, with 4 distinct flavors in total. Each flavor revolves around the storage and persistence layer of the cluster, and comes with its own documentation on configuration and installation, as linked in the bulleted list below. Please refer to that documentation for more details on each bundle flavor's recommendations and capabilities.

  1. Local Path Provisioner + MinIO
  2. (WIP) Longhorn + MinIO
  3. (WIP) Rook-Ceph

Quick Start

The following are quick starts for the local-path flavored UDS RKE2 bundle. This does not include the optional NVIDIA GPU operator and LeapfrogAI workarounds Zarf packages.

Latest

  1. Change directory to the bundle and deploy the bundle:
# use `ifconfig` to identify the NETWORK_INTERFACES for L2 advertisement
uds run uds-rke2-local-path-core --set NETWORK_INTERFACES="eth0" --set IP_ADDRESS_POOL="200, 201, 202, 203"
  1. Modify your /etc/hosts according to your base IP on the Istio Tenant gateway
# /etc/hosts

192.168.0.200   keycloak.admin.uds.dev grafana.admin.uds.dev neuvector.admin.uds.dev
192.168.0.201   sso.uds.dev

Development

  1. Login to GitHub Container Registry (GHCR) and DoD's Registry1:
# Login to GHCR
set +o history
export GHCR_USERNAME="YOUR-USERNAME-HERE"
export GHCR_PASSWORD="YOUR-PASSWORD-HERE"
echo $GHCR_PASSWORD | uds zarf tools registry login ghcr.io --username $GHCR_USERNAME --password-stdin
set -o history

# Login to Registry1
set +o history
export REGISTRY1_USERNAME="YOUR-USERNAME-HERE"
export REGISTRY1_PASSWORD="YOUR-PASSWORD-HERE"
echo $REGISTRY1_PASSWORD | uds zarf tools registry login registry1.dso.mil --username $REGISTRY1_USERNAME --password-stdin
set -o history
  1. Build all necessary packages and then create and deploy the bundle
# use `ifconfig` to identify the NETWORK_INTERFACES for L2 advertisement
uds run uds-rke2-local-path-core-dev --set NETWORK_INTERFACES="eth0" --set IP_ADDRESS_POOL="200, 201, 202, 203"
  1. Modify your /etc/hosts according to your base IP on the Istio Tenant gateway
# /etc/hosts

192.168.0.200   keycloak.admin.uds.local grafana.admin.uds.local neuvector.admin.uds.local
192.168.0.201   sso.uds.local

Additional Info

The following sub-sections outlines all of the configuration documentation, which includes additional information, optional Zarf packages, and customization options for each component of UDS RKE2.

Base Infrastructure

Flavor-Specific Infrastructure

Application-Specific

Virtual Machine Setup and Testing

Credits and Resources