Kubespray Homelab

 

    In the past I broke my K3s homelab more than few times. To set up K3s cluster again it was not complicated. I want to automate process of set up my cluster. Pararerly I started prepare to CKA exam. I done some reserach, and I find tool to set up cluster for me. This tool was kubespray(1). You may ask what is Kubespray. Kubespray is an open-source application developed to automate Kubernetes installation and configuration processes. It uses Ansible to perform instalation regardless of the infrastructure(2).

Kubespray support 14 Linux distributions(1). 

It support core components like: kubernetes, etcd, docker, containerd, cri-0.        For Network Plugins it support 8 plugins, for example support calico, cilium and flannel. It can install aplication like helm, cert-manager, argocd, ingress-nginx and metallb. Kubespray also has plugins for AWS, Azure, GCP and for local installation.

 

Stage 1. Preparation

To guarante success, for instalation process current users need to be added in sudoers file to not ask for password. 

Add user to group to allow execute any command. It is important to reverse this set up after installation.

sidor ALL=(ALL) NOPASSWD:ALL 

 

For better file management I create new folder for itmes from Github Kubespray repository. I set python venv to have area when requirements file will be installed.

 

Install apps from app list in file 'requirements.txt' with --ignore-installwed flag.

-sudo apt-get install python3-pip

 

*Pip install bez sudo 

 

 

 

I clone Kubespray GitHub repository. 

I declare IP adresse of my Ubuntu Servers in my local network. All servers had set SSH connection, by SSH-COPY-ID. 

declare -a IPS=(10.0.0.4 10.0.0.5 10.0.0.6)

 

In file listed below set select what core elements, apps and addons I want to be installed in my Homelab cluster.

cp -rfp inventory/sample inventory/sidor 

.

- addons file

- cluster file

 

 

 

At first attempt, I failed. I thought, that only uninstall K3s will works. I was wrong. 

.

Next day, I reinstalled all my machines. I apply command:

 

Update directly inventory file: inventory/sidor/invenory.ini

 

ansible-playbook -i <inventory-file> --become --become-user=root <cluster-file> 

*If You not have SSH key run:

ssh-keygen -t rsa -b 4096

in next step run ssh-copy-id  <user>@<server-IP>

 

Comment(19.11.2025)

Lesson learn for next Kubespray instalation. 

If You make brake during instalation (ansible command.....), in first step You need to activate envoroment.This is very important.

 

source kubespray-venv/bin/activate 

 

It takes 12M and 21S to install and set up cluster K8s for me with with selected addons. For it is huge step to have K8s Kubernetes Cluster. This will great place for practice for CKA exam and my portfolio.

Even set up was successfull, in final step, I copy config and add rights to this config.

 sudo mkdir -p $HOME/.kube
 sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
 sudo chown $(id -u):$(id -g) $HOME/.kube/config

 

Here K8s cluster is ready. 

with installed apps and addons.

 

This tools is good my homelab. When I first time try to install K8s manully it take me 15 times longer. On every step I amy make mistake. When process is automated, it can be repeatable and faster. Automation is a key.

 

DOCS:

1. https://github.com/kubernetes-sigs/kubespray

2. https://faun.pub/guide-to-efficient-kubernetes-cluster-setup-with-kubespray-8a29c58b13a2

 

PS. 

Kubespray fullfill my current needs. 

I am aware there are much faster tools like Talos, but on current stage this YAGNI. 

Cloudflare Tunnel + Zero Trust

 

    I have my Homelab, and I wanted to test Cloudflare tunnel to expose my service to wordl wide. I want to develop my Homelab YAGNI principle. At this moment I decide to not dig in 1 subject but move forward. But I have secure it from unwanted internet traffic. 

Before I begin to present my entry, a few proceses need to completed to start. This steps are essential, but main hero of this entry is Cloudflare. 

First step is to create account on Cloudflare main website. Instruction is very deatiled. In second step, buy we domain. I bought on webside goodaddy.con. I buy webdomain: andrzejsidor.online

In next step, I choose free plan and I forwarded DNS on godaddy.com according cloudflare instruction.

For each selected in Overview tab Cloudflare provide dashboard with statistics for eacg domain.

 

To connect my local server with world, I selected Cloudflare tunnel to this job.

First set is select Zero Trust in menu 

In next step I select Networks and Tunnels. To create tunnel click button     >Create a tunnel<.

In tunnel properieties I select enviroment DOCKER. I have plan to create docker in my homelab. In next step create via docker compose my app. At the end create network and add both containers.

* Update:

I try few times combine creation cloudflare tunnel and my apps. Later I found out, that Dockder was not natively made by CNI standard (Docker was before CNI. Docker is made CNM - Container Network Model. 

I rework code from Cloudflare as docker composer, to save code. I do not want it to be efemerical. I want it store code for later, only to change TOKEN in future.

Token I save in .env file. I do not want it to commit to Github for security reason.

CODE:

docker-compose.yml                                                         
 

services:
  cloudflared:
    image: cloudflare/cloudflared
    container_name: cloudflared
    environment:
      - TZ=Europe/Amsterdam # Change this to your timezone
      - TUNNEL_TOKEN=${TOKEN}
    restart: unless-stopped
    command: tunnel --no-autoupdate run
    networks:
      - cloudflared

networks:
  cloudflared:
    name: cloudflared

Here docker compose is up with -d flag.

In app was visible under url: https://portainer.andrzejsidor.online/

Access to app was secured by Cloudflare. To open to app user need proviode my Github credentials  with MFA.