DevOps / Kubernetes Platform Engineering
Air-gapped & Hardened Kubernetes Cluster with Kubespray
A documentation-first project that walks through building an air-gapped, hardened,
highly available Kubernetes cluster using Kubespray, with real-world constraints and
operational details.
What this project is about
Many Kubernetes examples assume full Internet access and a simple single-node cluster.
This project is based on a more realistic scenario:
- No direct Internet access from Kubernetes nodes (air-gapped environment)
- Multi-node cluster with a highly available control plane
- Local OS package repositories and a private container registry
- Opinionated hardening and post-install validation
- A reusable runbook that other engineers can follow end-to-end
Explore the full runbook & configuration
The GitHub repository contains:
-
Main runbook:
Installing-Airgapped-Hardened-Kubernetes-Cluster-Using-Kubespray.md
-
Scripts, appendices and Configurations: example inventories,
group vars, helper scripts and troubleshooting notes
-
Architecture and operational guidance for bringing up the cluster in an
air-gapped environment
➜
Open the GitHub repository
Skills demonstrated
- Kubernetes cluster provisioning with Kubespray
- Designing and operating air-gapped clusters
- High-availability control plane design
- Private container registry & internal OS repositories
- Security hardening and operational runbooks
Getting started
To dive into the details, start with the main runbook in the GitHub repository and
adapt the inventories, group vars and scripts to your own environment
(IP addressing, OS version, storage, network policies, etc.).