|
| 1 | +# Deploy a new mybinder.org federation member on a bare VM with `k3s` |
| 2 | + |
| 3 | +[k3s](https://k3s.io/) is a popular kubernetes distribution that we can use |
| 4 | +to build _single node_ kubernetes installations that satisfy the needs of the |
| 5 | +mybinder project. By focusing on the simplest possible kubernetes installation, |
| 6 | +we can get all the benefits of kubernetes (simplified deployment, cloud agnosticity, |
| 7 | +unified tooling, etc) **except** autoscaling, and deploy **anywhere we can get a VM |
| 8 | +with root access**. This is vastly simpler than managing an autoscaling kubernetes |
| 9 | +cluster, and allows expansion of the mybinder federation in ways that would otherwise |
| 10 | +be more difficult. |
| 11 | + |
| 12 | +## VM requirements |
| 13 | + |
| 14 | +The k3s project publishes [their requirements](https://docs.k3s.io/installation/requirements?), |
| 15 | +but we have a slightly more opinionated list. |
| 16 | + |
| 17 | +1. We must have full `root` access. |
| 18 | +2. Runs latest Ubuntu LTS (currently 24.04). Debian is acceptable. |
| 19 | +3. Direct internet access, inbound (public IP) and outbound. |
| 20 | +4. "As big as possible", as we will be using all the capacity of this one VM |
| 21 | +5. Ability to grant same access to the VM to all the operators of the mybinder federation. |
| 22 | + |
| 23 | +## Installing `k3s` |
| 24 | + |
| 25 | +We can use the [quickstart](https://docs.k3s.io/quick-start) on the `k3s` website, with the added |
| 26 | +config of _disabling traefik_ that comes built in. We deploy nginx as part of our deployment, so we |
| 27 | +do not need traefik. |
| 28 | + |
| 29 | +1. Create a Kubelet Config file in `/etc/kubelet.yaml` so we can |
| 30 | + tweak various kubelet options, including maximum number of pods on a single |
| 31 | + node: |
| 32 | + |
| 33 | + ```yaml |
| 34 | + apiVersion: kubelet.config.k8s.io/v1beta1 |
| 35 | + kind: KubeletConfiguration |
| 36 | + maxPods: 300 |
| 37 | + ``` |
| 38 | +
|
| 39 | + We will need to develop better intuition for how many pods per node, but given we offer about |
| 40 | + 450M of RAM per user, and RAM is the limiting factor (not CPU), let's roughly start with the |
| 41 | + following formula to determine this: |
| 42 | +
|
| 43 | + maxPods = 1.75 \* amount of ram in GB |
| 44 | +
|
| 45 | + This adds a good amount of margin. We can tweak this later |
| 46 | +
|
| 47 | +2. Install `k3s`! |
| 48 | + |
| 49 | + ```bash |
| 50 | + curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server --kubelet-arg=config=/etc/kubelet.yaml" sh -s - --disable=traefik |
| 51 | + ``` |
| 52 | + |
| 53 | + This runs for a minute, but should set up latest `k3s` on that node! You can verify that by running |
| 54 | + `kubectl get node` and `kubectl version`. |
| 55 | + |
| 56 | +## Extracting authentication information via a `KUBECONFIG` file |
| 57 | + |
| 58 | +Follow https://docs.k3s.io/cluster-access#accessing-the-cluster-from-outside-with-kubectl |
| 59 | + |
| 60 | +## Setup DNS entries |
| 61 | + |
| 62 | +There's only one IP to set DNS entries for - the public IP of the VM. No loadbalancers or similar here. |
| 63 | + |
| 64 | +mybinder.org's DNS is managed via Cloudflare. You should have access, or ask someone in the mybinder team who does! |
| 65 | + |
| 66 | +Add the following entries: |
| 67 | + |
| 68 | +- An `A` record for `X.mybinder.org` pointing to wards the public IP. `X` should be an organizational identifier that identifies and thanks whoever is donating this. |
| 69 | +- Another `A` record for `*.X.mybinder.org` to the same public IP |
| 70 | + |
| 71 | +Give this a few minutes because it may take a while to propagate. |
| 72 | + |
| 73 | +## Make a config copy for this new member |
| 74 | + |
| 75 | +TODO |
| 76 | + |
| 77 | +## Make a secret config for this new member |
| 78 | + |
| 79 | +TODO |
| 80 | + |
| 81 | +## Deploy binder! |
| 82 | + |
| 83 | +## Test and validate |
| 84 | + |
| 85 | +## Add to the redirector |
0 commit comments