Platform9 has packaged etcdadm, nodeadm, and cctl into an open-source toolkit named Klusterkit to ease the delivery of production-grade Kubernetes in air-gapped environments.
The software-as-a-service provider’s project targets those organisations interested in modernising their applications using the popular container orchestrator, but who run into deployment problems in data centers isolated from the outside world for security.
Klusterkit offers the ability to package the artifacts required to deploy Kubernetes plus create, backup, restore and scale you on-premise Kubernetes clusters.
Etcdadm is meant to simplify operating an etcd cluster while nodeadm deploys the dependencies kubeadm needed to work properly.
The core of the kit, however, is cctl – a cluster-lifecycle management tool with features such as a highly-available Kubernetes control plane, rolling upgrade support with rollback capability, and a Flannel CNI backend. It also contains ways to deploy and manage secure etcd clusters as well as backup and recovery for such clusters in cases of quorum loss.
CLI can be executed from all nodes in a cluster, provided the cluster configuration file cctl-state.yaml is synchronised between nodes. Storing Kubernetes metadata in this file only is meant to keep the system resilient.
Cctl implements and calls the Kubernetes community’s Cluster API for CRUD operations on clusters. Steps relying on calls to etcdadm and nodeadm make use of Platform9’s ssh-provider cluster API provider for extra security.
If nothing else is specified, Klusterkit will create self-signed CA certificates for Kuberentes, etcd, and the front proxy. It also writes to directories owned by root with permission set to only accessible by root for good measure.
Documentation and the project itself are still in the early stages, but worth a look if you’re interested in the project’s architecture and a guide on how to get started.