I have an experience building bare metal k8s cluster. I wanted my cluster to be fully functional and it wasn't easy to build the first one. I had to deal with ingress-nginx installation to get the Ingress to work.
If I would build a home lab I would take a look at Intel NUC 10
I find helpful using helm to install applications to my k8s clusters.
Also I would install next helm charts: ingress-nginx external-dns cert-manager
After that it would be easy to install openfaas and openwhisk to play with.
As it stands I'm running my k8s cluster using k3s and ingress-nginx.
I like the idea of openwhisk and openfaas because they seem widely supported.
In some of my services, I'm looking to have them accessible via ingress with user authentication protection (keycloak, oidc, oauth2). Would that be possible with any of these frameworks. I know openFaaS has it, but unfortunately oauth2 is behind a pay-wall.
Also, how is intra-service messaging handled? Is there a messaging bus service a-la-kafka or rabbitmq i can use? Do these frameworks have a custom message bus?
I have an experience building bare metal k8s cluster. I wanted my cluster to be fully functional and it wasn't easy to build the first one. I had to deal with ingress-nginx installation to get the Ingress to work.
If I would build a home lab I would take a look at Intel NUC 10
I find helpful using helm to install applications to my k8s clusters.
Also I would install next helm charts:
ingress-nginx
external-dns
cert-manager
After that it would be easy to install openfaas and openwhisk to play with.
As it stands I'm running my k8s cluster using k3s and ingress-nginx.
I like the idea of openwhisk and openfaas because they seem widely supported.
In some of my services, I'm looking to have them accessible via ingress with user authentication protection (keycloak, oidc, oauth2). Would that be possible with any of these frameworks. I know openFaaS has it, but unfortunately oauth2 is behind a pay-wall.
Also, how is intra-service messaging handled? Is there a messaging bus service a-la-kafka or rabbitmq i can use? Do these frameworks have a custom message bus?
You can protect your services with a oauth2_proxy. Take a look at this article.
And I don't know anything about messaging bus in these frameworks.
Probably not the ideal way to protect openfaas, but I managed to set up the gateway using oauth2_proxy as recommended.
Using the helm chart, I had to disable basic authentication and the generation of the authentication password.
I used annotations to configure the ingress routing rules to pass through oauth2_proxy before reaching the openfaas gateway
This setup is demonstrated in the Ansible role I've created within my cluster initialization playbook:
github.com/mikeyGlitz/k3s-home-clu...