Run your own PlonkFW!
Before deploying PlonkFW, ensure that your environment meets the following requirements:
- Firewall Operating System: Ubuntu 24.04, "Minimal Server" install.
- Local Tools:
kubectl,flux, andansiblecommands available in your local env.
The reference architecture for PlonkFW consists of the following components:
- Hardware: No strong requirements here. SR-IOV capable nics may be required at some point / for some features.
- Ubuntu 24.04: The primary operating system where RKE2 will be installed and managed.
- RKE2: A certified Kubernetes distribution that simplifies cluster management and deployment.
- Cilium: A CNI (Container Network Interface) plugin that provides ebpf-accelerated operation and advanced network policies.
- Multus: A CNI (Container Network Interface) plugin that enables Kubernetes pods to attach multiple network interfaces.
First you need a clean Ubuntu 24.04 install on your chosen hardware.
To deploy PlonkFW, you'll want to fork this repo and do some setup steps:
# Make a temporary directory and cd to it
TEMPDIR=$(mktemp -d)
cd $TEMPDIR
# Generate a new ssh key
ssh-keygen -t ed25519 -f ./id_ed25519.flux-system.plonkfw
# Copy public key to keyboard
cat ./id_ed25519.flux-system.plonkfw.pub | pbcopy
# Go to https://github.com/<myorg>/<myrepo>/settings/keys/new
# and add as deploy key - write access optional
# Copy private key to where ansible expects it - or override plonkfw['flux_github_ssh_private_key_file'] in extravars
cp ./id_ed25519.flux-system.plonkfw "${REPO_ROOT}/ansible/fluxcd-sshkey/"- Ansible Inventory:
${REPO_ROOT}/ansible/inventory/inventory.yml - Ansible ExtraVars:
${REPO_ROOT}/ansible/var/extravars.yml - Flux PostSub Vars/Secrets:
TBD
cd ansible
ansible-galaxy collection install -r roles/requirements.yml
bash ./initial-provision.sh