In this, 3rd, part of the series I’ll take a look on the way of setting up with your Personal Kubernetes. In previous two I went through choosing and host provider and tools for provisioning for your cluster. In this article I’ll show you how I’m making work with the cluster as smooth as possible and what I learned on the way.
Kubernetes is very core hungry. With kube-linode it takes 3 cores to run all the infrastructure tools. I get those are VPS cores and they are not excellent but either way, when optimising for low price, it’s quite a lot. Other components aren’t that important as I’m completely ok with 4GB of RAM and 48GB of space per worker machine. So if you want to replicate similar setup as kube-linode you can safely assume you’ll need this amount of resources, at least.
Working with Volumes
I think Rook is great. I love how I can create HA filesystem and object storage in the flavour of S3. But after looking at performance, mentioned before, I’m starting to think about removing it from the available services. I’m motivating it by the mount of resources needed for Rook and Ceph (distributed storage system) need to work properly.
From what I can see it’s total of over 1 core at all times. In the Linode terms it’s over $10 monthly for having that and I realised I don’t really need it for my personal use. Don’t get me wrong, it’s nice … but I’m not using enough features to make it worth the money.
Traditional Kubernetes volumes for the rescue!
HTTPS with Let’s Encrypt
Now the part i’m very happy with – completely automatic https with Traefik! As I mentioned before I’m not that great in server administration and I’m thinking about manual set up for certificates as a pain I don’t need. Thankfully I don’t need to care about this any more. Traefik is a reverse proxy for Kubernetes, but not only offering wide range of functionality taking minimal amount of resources.
With Traefik configuration kube-linode is providing your domain will be served automatically over HTTPS with SSL termination on the load balancer level. It means you don’t need to set it up in your service and gateway will take care of that for you. Additionally you don’t need to do anything but accessing your domain to make it happen. At the first request Traefik will make a call to Let’s Encrypt, get certificate and save it for further use. This way you don’t need to worry about any configuration for that part.
What is worth mentioning is rate limiting on the side of Let’s Encrypt. As far as I remember it’s 20 certificates per domain per week. It’s including subdomains so if you play with your cluster and rebuilt it few times with the same domain you may end up with reaching the limit for the week. Only thing you can do at this point is wait for the next week to come.
Other problem I had is Bad Request responses from Let’s Encrypt. I don’t know what was the issue but things happen. Those are rate limited as well and after getting 5 of them in an hour you will be forced to wait fo another hour to begin before you’ll be able to retry again.
Docker registry and CI/CD pipeline
Having Personal Kubernetes Cluster brings few requirements on you to be able to use if effectively for your personal projects.
First, and I think the most important is Docker Registry. If you want to deploy private projects you need to either deploy one for yourself or use external service for that. Docker itself provides SaaS version of private registry but it’s additional cost we don’t really want to take on. So what are other options we have?
Of course we have our own personal Kubernetes so we can use it. There is few tutorials showing how to deploy registry:2 on Kubernetes. With editing files for the shape and size of your environment I think it shouldn’t take you more than an hour.
Other, I think more efficient way of dealing with Docker Registry is using gitlab.com. Besides unlimited git repositories it offers free docker registry and CI/CD builds for free. In the free tier you can use up to 2000 minutes of CI/CD pipeline time a month. IMO it’s enough for personal usage, when you don’t earn any real money for the projects you’re working on.
If you have some income coming from the projects you can think about setting the Registry and use Jenkins as a pipeline. They need some resources but it’s alright when they pay for themselves.
Final thoughts about Personal Kubernetes Cluster
After all Personal Kubernetes cluster gives a lot of value for reasonable price. The biggest saving for me is time saved on deployments and maintenance. With proper solutions in place, like GitLab, it’s becoming even easier to use modern workflow with your personal projects.
On top that is the added value of working with top grade technologies. I believe you’ll be able to use this knowledge is day to day work.
If I missed some great service or tool you like to use with Kubernetes let me know in comments below and I’ll add it to the list.