Unicorn Delivery Service (UDS), Rancher Kubernetes Engine 2 (RKE2)
Important
This is an unofficial sandbox repository for developing and testing a UDS RKE2 capability. Please go to the defenseunicorns organization for the official UDS RKE2 capability.
This Zarf package serves as an air-gapped production environment for deploying UDS Core, individual UDS Capabilities, and UDS capabilities aggregated (bundled) via the UDS CLI.
See the UDS RKE2 Mermaid diagram for visual representations of the tech stack's components and order of operations.
The following are requirements for an environment where a user is deploying UDS RKE2 and its custom components and applications.
- A base installation of Ubuntu 20.04 or 22.04 on the node's host system
- UDS CLI v0.10.4
- See the RKE2 documentation for host system pre-requisites
- See the Application-Specific and Flavor-Specific Infrastructure configuration sections for instruction on setup based on what is deployed atop UDS RKE2
Important
This entire repository assumes that you have root access, and all scripts and actions are run as root. Use sudo su to activate a root shell.
This section provides minimal context and instructions for quickly deploying the base UDS RKE2 capability. See the DEVELOPMENT.md for instructions on how to further develop UDS RKE2.
Caution
Due to the the disk formatting and mount operations, networking and STIG configurations that are applied to a node's host, it is highly recommended that the contents of this repository are not directly installed on a personal machine.
The best way to test UDS RKE2 is to spin-up one or more nodes using a containerized method, such as virtual machines or networks.
LeapfrogAI, the main support target of this bundle, requires GPU passthrough to all worker nodes that will have a taint for attracting pods with GPU resource and workload requirements.
Please see the VM setup documentation and VM setup scripts to learn more about manually creating development VM..
There are 3 main "flavors" of the UDS RKE2 Core bundle, with 4 distinct flavors in total. Each flavor revolves around the storage and persistence layer of the cluster, and comes with its own documentation on configuration and installation, as linked in the bulleted list below. Please refer to that documentation for more details on each bundle flavor's recommendations and capabilities.
- Local Path Provisioner + MinIO
- (WIP) Longhorn + MinIO
- (WIP) Rook-Ceph
The following are quick starts for the local-path flavored UDS RKE2 bundle. This does not include the optional NVIDIA GPU operator and LeapfrogAI workarounds Zarf packages.
- Change directory to the bundle and deploy the bundle:
# use `ifconfig` to identify the NETWORK_INTERFACES for L2 advertisement
uds run uds-rke2-local-path-core --set NETWORK_INTERFACES="eth0" --set IP_ADDRESS_POOL="200, 201, 202, 203"- Modify your
/etc/hostsaccording to your base IP on the Istio Tenant gateway
# /etc/hosts
192.168.0.200 keycloak.admin.uds.dev grafana.admin.uds.dev neuvector.admin.uds.dev
192.168.0.201 sso.uds.dev- Login to GitHub Container Registry (GHCR) and DoD's Registry1:
# Login to GHCR
set +o history
export GHCR_USERNAME="YOUR-USERNAME-HERE"
export GHCR_PASSWORD="YOUR-PASSWORD-HERE"
echo $GHCR_PASSWORD | uds zarf tools registry login ghcr.io --username $GHCR_USERNAME --password-stdin
set -o history
# Login to Registry1
set +o history
export REGISTRY1_USERNAME="YOUR-USERNAME-HERE"
export REGISTRY1_PASSWORD="YOUR-PASSWORD-HERE"
echo $REGISTRY1_PASSWORD | uds zarf tools registry login registry1.dso.mil --username $REGISTRY1_USERNAME --password-stdin
set -o history- Build all necessary packages and then create and deploy the bundle
# use `ifconfig` to identify the NETWORK_INTERFACES for L2 advertisement
uds run uds-rke2-local-path-core-dev --set NETWORK_INTERFACES="eth0" --set IP_ADDRESS_POOL="200, 201, 202, 203"- Modify your
/etc/hostsaccording to your base IP on the Istio Tenant gateway
# /etc/hosts
192.168.0.200 keycloak.admin.uds.local grafana.admin.uds.local neuvector.admin.uds.local
192.168.0.201 sso.uds.localThe following sub-sections outlines all of the configuration documentation, which includes additional information, optional Zarf packages, and customization options for each component of UDS RKE2.