Quick Start Guide

If you want to create a YAOOK/K8s cluster on OpenStack, follow the following steps. A bare-metal YAOOK/K8s cluster requires further preparations.

Commands are assumed to be executed at the top level of the Cluster Repository, if not stated otherwise.

If you are having problems, please visit our FAQ.

Install system requirements.
Create required resources.
Initialize cluster repository.
Configure cluster in ./config/default.nix.

Note

If you plan on deploying OpenStack using YAOOK/Operator on top of your YAOOK/K8s cluster, please refer to the cluster requirements of yaook/operator to see which features are recommended and required to be present in your Kubernetes cluster.
- There are many configuration options available, but the minimum changes that need to be made to the configuration file are:
  - You need to add your (public) wireguard key to the wireguard peer configuration.
  - As your cluster runs on top of OpenStack, you can enable the ch-k8s-lbaas loadbalancing to allow the creation of Kubernetes services of type LoadBalancer. If you want to do so, you also need to create the ch-k8s-lbaas.shared_secret secret.
  - Check yk8s.terraform for options that can be set, you need to change some of them to fit to your OpenStack cluster, e.g. the flavors, images, … of the gateway, master and worker nodes.
Configure the Vault backend
Configure access to the Vault backend by setting VAULT_ADDR in your cluster .envrc. More details about Vault as backend is provided at Using Hashicorp Vault.

After configuring the VAULT_ADDR, you then have to source a root token as VAULT_TOKEN and initialize and configure the Vault instance:
$ # Create policies and initialize approles $ ./managed-k8s/tools/vault/init.sh $ # Prepare a new cluster inside Vault, putting the root CA keys inside Vault. $ ./managed-k8s/tools/vault/mkcluster-root.sh
An option is provided to automatically spawn and configure a local Vault instance via docker for development setups. Please refer to Initialize Vault for a Development Setup.
After configuring the Vault backend, ensure you have a token with at least policy orchestrator sourced as VAULT_TOKEN. This is automatically the case if you are using the development setup.
Deploy cluster by executing the apply-all.sh script.
```
$ ./managed-k8s/actions/apply-all.sh
```
Get yourself a hot beverage and joyfully watch as your YAOOK/K8s cluster gets created and tested.
Start using your cluster.