This repository contains the general configuration files for the University of Bucharest's experimental Kubernetes cluster. We only keep global, cluster-wide config files here; project-specific configs are in their respective repositories.
According to the Kubernetes Configuration Best Practices, config files should be versioned controlled before being deployed. This simplifies rolling back config changes and provides greater transparency into the cluster's organisation.
UniBuc runs its Kubernetes cluster using RKE2 on the existing virtual machine-based infrastructure. See the node setup documentation for information on how the individual nodes are configured.
You should install the tools below if you plan to manage/work with K8s.
- kubectl for cluster administration
- Follow the instructions on this page for installing
kubectlon your platform.
- Follow the instructions on this page for installing
- kubelogin for AAD authentication
- You can use a binary release, for example.
- Adapt the sample Kubeconfig file to your needs. You can either put it in the
$HOME/.kube/directory - Upon first connecting to the cluster, the tool will ask you to open a link in the browser and log into MS365.
- Helm for easy package installation
- Cilium CLI if you need to manage Cilium
- NGINX Ingress Controller
- cert-manager for automatic TLS certificate management
- Longhorn for distributed block storage
Authentication is available through the MS365 accounts. The Kubernetes API server is configured to accept OpenID Connect Tokens issued by Azure AD. The user's groups are configured through Azure AD app roles.