ARM Cluster Blog

Community Blog
1

I’m building an ARM cluster to handle all my home self-hosted stuff.
:white_check_mark: Done
:ballot_box_with_check: Partially Done
:x: Wont Do
:black_large_square: To do

So, goals:

:ballot_box_with_check: Deploy Unifi Controller
:black_large_square: Deploy docker pull-through cache
:black_large_square: Deploy Nextcloud
:black_large_square: Deploy deluge
:black_large_square: Deploy some media server, probably jellyfin
:black_large_square: Deploy a git server of sorts
:black_large_square: Automated cert management
:black_large_square: Secret handling
:black_large_square: Offsite backups
:black_large_square: Trust wireguard, disable 22 in
:black_large_square: deploy a reverse proxy for ingress in linode
:white_check_mark: configure traefik
:white_check_mark: Wireguard VPN ingress for management, on a dedicated pi 3
:white_check_mark: Dedicated storage node, attached to my 8x8TB ZFS array, on arm.
:x: Deploy k3s to a 3 node cluster.
:white_check_mark: Switch from SD Card to USB SSD Boot (no SD /boot partition)
:white_check_mark: Deploy docker swarm on Manjaro ARM

This is the first of many posts, probably. Will update as things go along.

I’m using this to learn about Kubernetes and all that stuff, while at the same time migrating from my 1950x-based monolithic desktop/workstation/server combo. Too much heat!

16 Likes
2

Let me try and take a swing at your wallet


Saw that on LearnLinuxTV. Really dig that he went even further and used a PoE switch and PoE hats.

2 Likes
3

I don’t think I’ll go that route. It’s too expensive for what it does.

Neat tho.

1 Like
4

Yeah I had sticker shock, and if I got it I wouldn’t be able to resist PoE hats adding more cost. But really neat- maybe something more affordable will come out.

5

I don’t really have anything to add, but I’m

Screenshot_20200715-000119~2
Screenshot_20200715-000119~2756×179 8.93 KB

IIRC you plan to use Pis, right?

4 Likes
6

I am using pis. 3x pi4 4gb 1x pi3 1x pi4 8gb

1 Like
7

By getting the pi4 this recently I hope you got the ‘propper’ usb-c charging?

8

To my knowledge, all my units have “proper” charging.

3 Likes
9

Your Lab

My Lab

Key Value
:white_check_mark: Done
:ballot_box_with_check: Partially Done
:x: Wont Do
:black_large_square: To do
  • :white_check_mark: Deploy Unifi Controller
  • :white_check_mark: Deploy Nextcloud
  • :x: Deploy deluge
  • :white_check_mark: Deploy some media server, probably jellyfin
  • :white_check_mark: Deploy a git server of sorts
  • :x: Automated cert management
  • :black_large_square: Secret handling (To-Do)
  • :white_check_mark: Offsite backups
  • :black_large_square: Trust wireguard, disable 22 in
  • :ballot_box_with_check: deploy a reverse proxy for ingress in linode

Things you need to add @SgtAwesomesauce

  • :white_check_mark: State management with saltstack, ansible, puppet, etc.
  • :white_check_mark: Web server for projects

You’re not a full blown loser like me until you’ve rolled all your own infrastructure :wink:

But this is nice! Keep me posted.

I won’t be satisfied with anything less that a HA Pi Cluster.

2 Likes
10

Wish I had the big D energy to home lab like this, but I’ll live vicariously through sgtawesomesauce- please have detailed updates.

4 Likes
11

State management with kubernetes yaml files.

Just deploy a pod through gitlab auto devops + kubernetes integration.

1 Like
12

I will. I hadn’t done details up till now, but I’m happy to answer any questions. I’ve got some notes I can probably share. I’ll format them to be human readable and share when I get some time.

13

from Imgflip Meme Generator
2 Likes
14

In an effort to provide more detail on my infrastructure, I’m going to explain, in more detail, the sort of infrastructure I’ve got deployed so far.

All the Pis are running Ubuntu 20.04 ARM x64. SSH is keys only, and I’ve got my ingress unit (a pi 3) with Port 22 open to world.

I’ve got a wireguard server running on the pi3, providing access to the cluster and home network outside, this was necessary since I was building this out while away from home last month.

I have 3 Pi 4, 4GB models set up in a k3s cluster, with traefik and metallb configured as ingress and loadbalancers already. All that remains to do is configure the actual services.

Today marks the beginning of a second stage wherein I build out the rest of the infrastructure. Step 1 will be exposing a cluster dataset on the storage node via NFS. Since I don’t have high availability as an option for this cluster, I’m just going to pray it doesn’t fail in a spectacular way. The good news is that it’s RAIDZ2, so I’ll be able to tolerate two disk failures, but I’m not hoping for that in the slightest.

Once step 1 is complete, the next step will be deploying the Unifi controller. That’s got a lot of ports that need to be exposed and it’s also got a small internal mongodb database. So the challenge will be twofold, I must secure reliable and fast storage for the mongo process to connect to, NFS will have to do, since I don’t want to trust the MicroSD cards with too much. Additionally, I must export all these ports in a sane manner so the controller can connect to my plethora of hardware (3 APs, 3 switches and a gateway).

Step 3 is nextcloud. I have daily backups from my phone to nextcloud that are currently not completing. I hope to finish that off shortly. Nextcloud is a bigger challenge, since it requires a separate database instance to work with reasonable efficiency, and it has a number of server configuration options that need to be processed.

Step 4 is to set up the linode instance to handle proxying. I’ve got traefik configured as an ingress controller on my cluster, so if I set up an nginx server properly, I should be able to simply forward all the traffic to the ingress controller via a wireguard tunnel and it should be entirely transparent. The tricky part will be handling certs, so what I might do is just use TCP proxying, rather than HTTP/HTTPS proxying, so that Traefik can handle the certs, rather than nginx.

This is where I’d really like some advice. I’d like to use traefik for the ingress controller, but need a proxy since my ISP blocks port 80. Traefik will automatically handle LetsEncrypt certs for me, and configuring all the subdomain certs, so I’d like to continue using it for that. I suspect HAProxy might be an option here, along with nginx, but I don’t have experience with it.

2 Likes
15

This is some next level stuff :slight_smile:

I have no input other than that. My knowledge stops at running pFsense + a ubiquity AP and Freenas.

But I’m looking forward to reading more :open_book:

2 Likes
16

As neat as that looks, threaded rod, washers and nuts attached between two pieces of plywood will achieve the same.

3 Likes
17

Welcome to my Temple of Knowledge.

I’m still learning this stuff too, so most of it is me blindly grasping at straws and documenting it.

I was thinking about 3d printing a fan baffle, to provide better-directed airflow to all nodes.

And then, possibly using GPIO to control the fan. :thinking:

Combine GPIO with prometheus and you’ve got a fully cluster-aware fan controller on a Raspberry Pi. :smiley:

3 Likes
18

Slow fan (beQuiet 800rpm fan?) running on 8V would also work.

19

plexiglass sheets are at Home Depot and Lowes (learned this from my enclosure project) so it wouldn’t be that hard to DIY something that looks similar, and lots of us are sitting on random old fans. Not sure why that Amazon unit is priced that high, I donno, I guess economy of scale, there just isn’t going to be that many people in that market.

20

Yeah, I’ve got a Noctua 5v fan right now, that’s hanging off the Pi 3’s 5v bus.

An 8v fan would require a step-up transformer.