With the help of the Gardener project, metal-stack can be used for spinning up Kubernetes clusters quickly and reliably on bare metal machines.
To make this happen, we implemented a couple of components, which are described here.
- Kubernetes Integration
CCM stands for cloud-controller-manager and is the bridge between Kubernetes and a cloud-provider.
We implemented the cloud provider interface in the metal-ccm repository. With the help of the cloud-controller-controller we provide metal-stack-specific properties for Kubernetes clusters, e.g. load balancer configuration through MetalLB or node properties.
When dealing with local storage, it can be pretty useful not to write directly on to the host system using hostpath. Instead, we wrote a storage plugin that enables your pods to write to logical volumes. A definition of a PVC can look like this:
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: lvm-pvc namespace: default spec: accessModes: - ReadWriteOnce storageClassName: csi-lvm resources: requests: storage: 50Mi
To make the firewalls created with metal-stack easily configurable through Kubernetes resources, we add our firewall-controller to the firewall image. The controller watches special CRDs, enabling users to manage:
- nftables rules
- Intrusion-detection with suricata
- network metric collection
Please check out the guide on how to use it.
There are some Gardener resources that need be reconciled when you act as a cloud provider for the Gardener. This section briefly describes the controllers implemented for deploying Kubernetes clusters through Gardener.
If you want to learn how to deploy metal-stack with Gardener, please check out the installation section.
The gardener-extension-provider-metal contains of a set of webhooks and controllers for reconciling or mutating Gardener-specific resources.
The project also contains a validator for metal-type Gardener resources, which you should also deploy in case you want to use metal-stack in combination with Gardener.
Due to the reason we use ignition in our operating system images for userdata, we had to provide an own extension controller for metal-stack, which you can find at Github in the os-metal-extension repository.
Worker nodes are managed through Gardener's machine-controller-manager (MCM). The MCM allows out-of-tree provider implementation via sidecar, which is what we implemented in the machine-controller-manager-provider-metal repository.