Add Ubiquity EdgeRouter documentation

2017-10-16 02:17:35 -07:00 · 2017-10-16 02:17:35 -07:00 · 911c53e4ae
parent bfa8dfc75d
commit 911c53e4ae
3 changed files with 145 additions and 1 deletions
--- a/docs/bare-metal.md
+++ b/docs/bare-metal.md
@ -94,7 +94,7 @@ For networks already supporting iPXE clients, you can add a `default.ipxe` confi
 chain http://matchbox.foo:8080/boot.ipxe
 ```
-For networks with Ubiquiti Routers, you can [configure the router](TODO) itself to chainload machines to iPXE and Matchbox.
+For networks with Ubiquiti Routers, you can [configure the router](/topics/hardware/#ubiquiti) itself to chainload machines to iPXE and Matchbox.
 For a small lab, you may wish to checkout the [quay.io/coreos/dnsmasq](https://quay.io/repository/coreos/dnsmasq) container image and [copy-paste examples](https://github.com/coreos/matchbox/blob/master/Documentation/network-setup.md#coreosdnsmasq).
--- a/docs/topics/hardware.md
+++ b/docs/topics/hardware.md
@ -0,0 +1,143 @@
 # Hardware
 While bare-metal Kubernetes clusters have no special hardware requirements (beyond the [min reqs](/bare-metal#requirements)), Typhoon does ensure certain router and server hardware integrates well with Kubernetes.
 ## Ubiquitiy
 Ubiquity EdgeRouters work well with bare-metal Kubernetes clusters. Knowledge about how to setup an EdgeRouter and use the CLI is required.
 ### PXE
 Ubiquiti EdgeRouters can provide a PXE-enabled network boot environment for client machines.
 #### ISC DHCP
 Add a subnet parameter to the LAN DHCP server to include an ISC DHCP config file.
 ```
 configure
 show service dhcp-server shared-network-name NAME subnet SUBNET
 set service dhcp-server shared-network-name NAME subnet SUBNET subnet-parameters "include &quot;/config/scripts/ipxe.conf&quot;;"
 commit-confirm
 ```
 Switch to root (i.e. `sudo -i`) and write the ISC DHCP config `/config/scripts/ipxe.conf`. iPXE client machines will chainload to `matchbox.example.com`, while non-iPXE clients will chainload to `undionly.kpxe` (requires TFTP to be enabled).
 ```
 allow bootp;
 allow booting;
 next-server ADD_ROUTER_IP_HERE;
 if exists user-class and option user-class = "iPXE" {
  filename "http://matchbox.example.com/boot.ipxe";
 } else {
  filename "undionly.kpxe";
 }
 ```
 ### TFTP
 Use `dnsmasq` as a TFTP server to serve [undionly.kpxe](http://boot.ipxe.org/undionly.kpxe).
 ```
 sudo -i
 mkdir /var/lib/tftpboot
 cd /var/lib/tftpboot
 curl http://boot.ipxe.org/undionly.kpxe -o undionly.kpxe
 ```
 Add `dnsmasq` command line options to enable the TFTP file server.
 ```
 configure
 show servce dns forwarding
 set service dns forwarding options enable-tftp
 set service dns forwarding options tftp-root=/var/lib/tftpboot
 commit-confirm
 ```
 !!! warning
    After firmware upgrades, the `/var/lib/tftpboot` directory will not exist and dnsmasq will not start properly. Repeat this process following an upgrade.
 ### DHCP
 Assign static IPs to clients with known MAC addresses. This is called a static mapping by EdgeOS. Configure the router with the commands based on region inventory.
 ```
 configure
 show service dhcp-server shared-network
 set service dhcp-server shared-network-name LAN subnet SUBNET static-mapping NAME mac-address MACADDR
 set service dhcp-server shared-network-name LAN subnet SUBNET static-mapping NAME ip-address 10.0.0.20
 ```
 ### DNS
 Assign DNS A records to nodes as options to `dnsmasq`.
 ```
 configure
 set service dns forwarding options host-record=node.example.com,10.0.0.20
 ```
 Restart `dnsmasq`.
 ```
 sudo /etc/init.d/dnsmasq restart
 ```
 Configure queries for `*.svc.cluster.local` to be forwarded to a Kubernetes `kube-dns` service IP to allow hosts to resolve cluster-local Kubernetes names.
 ```
 configure
 show service dns forwarding
 set service dns forwarding options server=/svc.cluster.local/10.3.0.10
 commit-confirm
 ```
 ### Kubernetes Services
 Add static routes for the Kubernetes IPv4 service range to Kubernetes node(s) so hosts can route to Kubernetes services (default: 10.3.0.0/16).
 ```
 configure
 show protocols static route
 set protocols static route 10.3.0.0/16 next-hop NODE_IP
 ...
 commit-confirm
 ```
 ### Port Forwarding
 Expose the [Ingress Controller](/addons/ingress#bare-metal) by adding `port-forward` rules that DNAT a port on the router's WAN interface to an internal IP and port. By convention, a public Ingress controller is assigned a fixed service IP like kube-dns (e.g. 10.3.0.12).
 ```
 configure
 set port-forward wan-interface eth0
 set port-forward lan-interface eth1
 set port-forward auto-firewall enable
 set port-forward hairpin-nat enable
 set port-forward rule 1 description 'ingress http'
 set port-forward rule 1 forward-to address 10.3.0.12
 set port-forward rule 1 forward-to port 80
 set port-forward rule 1 original-port 80
 set port-forward rule 1 protocol tcp_udp
 set port-forward rule 2 description 'ingress https'
 set port-forward rule 2 forward-to address 10.3.0.12
 set port-forward rule 2 forward-to port 443
 set port-forward rule 2 original-port 443
 set port-forward rule 2 protocol tcp_udp
 commit-confirm
 ```
 ### Web UI
 The web UI is often accessible from the LAN on ports 80/443 by default. Edit the ports to 8080 and 4443 to avoid a conflict.
 ```
 configure
 show service gui
 set service gui http-port 8080
 set service gui https-port 4443
 commit-confirm
 ```
--- a/mkdocs.yml
+++ b/mkdocs.yml
@ -51,6 +51,7 @@ pages:
    - 'Dashboard': 'addons/dashboard.md'
    - 'CLUO': 'addons/cluo.md'
  - 'Topics':
    - 'Hardware': 'topics/hardware.md'
    - 'Security': 'topics/security.md'
    - 'Performance': 'topics/performance.md'
  - 'FAQ': 'faq.md'