baremetal

README

Unikorn Baremetal Service

Overview

The baremetal service is essentially a cut down version of the Kubernetes service that provisions its own baremetal servers using hardware abstraction provided by the Region service.

Where possible, as the Baremetal service is very similar to the Kubernetes service, we must maintain type and API parity to ease creation of UX tools and services.

Installation

Unikorn Prerequisites

To use the Baremetal service you first need to install:

• The identity service to provide API authentication and authorization.
• The region service to provide provider agnostic cloud services (e.g. images, flavors and identity management).

Installing the Service

Installing Prerequisites

The Unikorn baremetal server component has a couple prerequisites that are required for correct functionality. If not installing the server component, skip to the next section.

You'll need to install:

• cert-manager (used to generate keying material for JWE/JWS and for ingress TLS)
• nginx-ingress (to perform routing, avoiding CORS, and TLS termination)

Installing the Baremetal Service

Helm

Create a values.yaml for the server component: A typical values.yaml that uses cert-manager and ACME, and external DNS might look like:

global:
  identity:
    host: https://identity.unikorn-cloud.org
  region:
    host: https://region.unikorn-cloud.org
  baremetal:
    host: https://baremetal.unikorn-cloud.org

helm install unikorn charts/unikorn --namespace unikorn --create-namespace --values values.yaml

ArgoCD

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: unikorn
  namespace: argocd
spec:
  project: default
  source:
    repoURL: https://unikorn-cloud.github.io/unikorn
    chart: unikorn
    targetRevision: v0.1.0
  destination:
    namespace: unikorn
    server: https://kubernetes.default.svc
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
    - CreateNamespace=true

Configuring Service Authentication and Authorization

The Unikorn Identity Service describes how to configure a service organization, groups and role mappings for services that require them.

This service requires asynchronous access to the Unikorn Region API in order to poll cloud identity and physical network status during cluster creation, and delete those resources on cluster deletion.

This service defines the unikorn-baremetal user that will need to be added to a group in the service organization. It will need the built in role infra-manager-service that allows:

• Read access to the region endpoints to access external networks
• Read/delete access to the identites endpoints to poll and delete cloud identities
• Read/delete access to the physicalnetworks endpoints to poll and delete physical networks
• Create/Read/Delete access to the servers endpoints to manage baremetal instances