Multi-Cloud Kubernetes Local

A comprehensive local infrastructure setup for deploying multi-cloud Kubernetes clusters using Nix package manager, encrypted volumes, and proxy-based networking.

🏗️ Architecture Overview

This project creates a multi-cloud Kubernetes infrastructure with:

13 Encrypted Volumes representing different cloud providers
Provider-Grouped Networking with logical IP allocation
Container Runtime (containerd + crictl) configured for all volumes
CAPI Orchestration for multi-cloud cluster management
Cross-Cloud Networking with Cilium, Istio, and WireGuard
🔄 Proxy-Based Communication for reliable volume connectivity (KEY FEATURE)

🌐 Proxy-Based Networking (Core Feature)

The proxy-based networking is the key innovation that makes this setup work reliably on macOS:

Simple HTTP Proxy Server

Main Proxy: http://localhost:8000
Status Endpoint: http://localhost:8000/status
Health Check: http://localhost:8000/health
Volume Access: http://localhost:8000/volume/{volume_name}

Communication Flow

Volume A → Simple Proxy (8000) → Volume B
Volume A → Simple Proxy (8000) → Localhost Services
Volume A (AWS) → Simple Proxy (8000) → Volume B (Azure)

Why Proxy-Based?

Reliable: HTTP-based communication that works across platforms
Simple: Single proxy server for all communication
Debuggable: Easy to test with curl commands
Cross-Platform: Works on macOS, Linux, and other platforms
Manageable: Centralized proxy management

📁 Project Structure

multi-cloud-k8s-local/
├── README.md                           # This file
├── QUICK_START.md                      # Quick start guide
├── setup-main.sh                       # 🚀 MAIN SETUP SCRIPT (ONE COMMAND)
├── MULTI_CLOUD_K8S_SETUP_SUMMARY.md   # Detailed setup summary
├── create-volumes-simple.sh           # Create encrypted volumes
├── configure-volumes.sh               # Configure volumes with Nix
├── setup-provider-networking.sh       # Provider-grouped networking
├── setup-cross-cloud-networking.sh    # Cross-cloud networking stack
├── setup-container-runtime.sh         # Container runtime setup
├── setup-macos-networking.sh          # macOS networking (ifconfig/pfctl)
├── setup-simple-proxy.sh              # 🔄 PROXY-BASED NETWORKING
├── deploy-capi-simple.sh              # CAPI deployment
└── volumes/                           # Encrypted volume configurations
    ├── etcd-1/                        # AWS etcd node
    ├── etcd-2/                        # Azure etcd node
    ├── etcd-3/                        # GCP etcd node
    ├── talos-control-plane-1/         # AWS control plane
    ├── talos-control-plane-2/         # Azure control plane
    ├── talos-control-plane-3/         # GCP control plane
    ├── talos-control-plane-4/         # IBM control plane
    ├── talos-control-plane-5/         # DigitalOcean control plane
    ├── karpenter-worker-1/            # AWS worker
    ├── karpenter-worker-2/            # Azure worker
    ├── karpenter-worker-3/            # GCP worker
    ├── karpenter-worker-4/            # IBM worker
    ├── karpenter-worker-5/            # DigitalOcean worker
    ├── capi-management/               # CAPI configurations
    └── networking/                    # Networking configurations
        └── proxy/                     # 🔄 PROXY-BASED NETWORKING
            ├── simple-proxy.py        # Main proxy server
            ├── manage-simple-proxy.sh # Proxy management
            └── simple-proxy-architecture.md

🚀 Quick Start

One-Command Setup

For the complete setup, run:

./setup-main.sh

This single command orchestrates the entire infrastructure setup with detailed step descriptions.

Manual Setup (Alternative)

If you prefer to run individual components:

Prerequisites

macOS (tested on macOS 14.6.0)
Nix package manager installed
Root/sudo access for network operations
Python 3 for proxy server

1. Create Encrypted Volumes

sudo ./create-volumes-simple.sh

This creates 13 encrypted volumes representing different cloud providers.

2. Configure Volumes

sudo ./configure-volumes.sh

This configures each volume with Nix and Kubernetes tools.

3. 🔄 Setup Proxy-Based Networking (KEY STEP)

sudo ./setup-simple-proxy.sh
sudo ./volumes/networking/proxy/manage-simple-proxy.sh start

This sets up the proxy server for volume communication.

4. Deploy CAPI

sudo ./deploy-capi-simple.sh

This sets up Cluster API for multi-cloud orchestration.

🔧 Management Commands

🔄 Proxy Management (Primary)

# Start/stop proxy server
sudo ./volumes/networking/proxy/manage-simple-proxy.sh start
sudo ./volumes/networking/proxy/manage-simple-proxy.sh stop

# Check proxy status
sudo ./volumes/networking/proxy/manage-simple-proxy.sh status

# Test connectivity
sudo ./volumes/networking/proxy/manage-simple-proxy.sh test

# Test specific volume
curl http://localhost:8000/volume/etcd-1
curl http://localhost:8000/status

Volume Management

# Mount/unmount all volumes
sudo ./volumes/manage-volumes.sh mount-all
sudo ./volumes/manage-volumes.sh unmount-all

# Check volume status
sudo ./volumes/manage-volumes.sh status

Container Runtime Management

# Check container runtime status
sudo ./volumes/manage-container-runtime.sh status

# Install container runtime in volumes
sudo ./volumes/manage-container-runtime.sh install

CAPI Management

# Initialize CAPI
sudo ./volumes/capi-management/manage-capi.sh init

# Deploy clusters
sudo ./volumes/capi-management/manage-capi.sh deploy

# Check CAPI status
sudo ./volumes/capi-management/manage-capi.sh status

🌐 Network Architecture

Provider Networks

AWS Provider: 10.0.0.0/16 (etcd-1, talos-control-plane-1, karpenter-worker-1)
Azure Provider: 10.1.0.0/16 (etcd-2, talos-control-plane-2, karpenter-worker-2)
GCP Provider: 10.2.0.0/16 (etcd-3, talos-control-plane-3, karpenter-worker-3)
IBM Provider: 10.3.0.0/16 (talos-control-plane-4, karpenter-worker-4)
DigitalOcean Provider: 10.4.0.0/16 (talos-control-plane-5, karpenter-worker-5)

🔄 Proxy Communication (Core)

Main Proxy: http://localhost:8000
Status Endpoint: http://localhost:8000/status
Health Check: http://localhost:8000/health
Volume Access: http://localhost:8000/volume/{volume_name}

🔒 Security Features

AES-256 Encrypted Volumes with predictable passphrases
Provider-Grouped Networking for logical isolation
Container Runtime Security with containerd and crictl
Cross-Cloud Encryption with WireGuard VPN
Network Policies with Cilium CNI
mTLS Communication with Istio service mesh
🔄 Proxy-Based Security with centralized access control

📊 Current Status

Component	Status	Progress
Nix Configuration	✅ Complete	100%
Encrypted Volumes	✅ Complete	100%
Provider Networking	✅ Complete	100%
Container Runtime	✅ Complete	100%
CAPI Setup	✅ Complete	100%
Cross-Cloud Networking	✅ Complete	100%
🔄 Proxy Networking	✅ Complete	100%
Cluster Deployment	🔄 Pending	0%
Connectivity Testing	🔄 Pending	0%

🛠️ Tools Installed

Kubernetes Tools

kubectl: v1.33.4
clusterctl: v1.11.0
helm: v3.18.6
talosctl: v1.10.7

Container Runtime

containerd: v2.1.4
runc: v1.3.0
crictl: v1.32.0
CNI plugins: v1.4.1

🔄 Proxy Server

Python 3 HTTP Server: Custom proxy implementation
Port 8000: Main proxy endpoint
Volume Endpoints: Individual volume access

🔄 Next Steps

Deploy Multi-Cloud Kubernetes Clusters - Initialize CAPI and deploy clusters
Test Cross-Cloud Connectivity - Verify networking and cluster communication via proxy
Deploy Applications - Deploy sample applications across providers
Monitor and Scale - Set up monitoring and auto-scaling

📚 Documentation

Setup Summary - Detailed setup documentation
🔄 Proxy Architecture - Proxy networking details
CAPI Architecture - CAPI configuration details
Container Runtime Architecture - Container runtime details

🤝 Contributing

This is a proof-of-concept implementation for multi-cloud Kubernetes infrastructure with proxy-based networking as the key innovation. Contributions and improvements are welcome!

📄 License

This project is part of the database_CI repository and follows the same licensing terms.

Total Setup Time: ~3 hours
Files Created: 50+ configuration and management files
Volumes Configured: 13 encrypted volumes
Cloud Providers: 5 (AWS, Azure, GCP, IBM, DigitalOcean)
Management Scripts: 8 comprehensive automation scripts
🔄 Proxy Server: HTTP-based communication for all volumes

Name		Name	Last commit message	Last commit date
Latest commit History 11 Commits
demo		demo
nix-scripts		nix-scripts
volumes		volumes
.gitignore		.gitignore
MASTER_SCRIPT_SUMMARY.md		MASTER_SCRIPT_SUMMARY.md
MULTI_CLOUD_K8S_SETUP_SUMMARY.md		MULTI_CLOUD_K8S_SETUP_SUMMARY.md
QUICK_START.md		QUICK_START.md
README.md		README.md
aws-cluster-fixed.yaml		aws-cluster-fixed.yaml
aws-cluster.yaml		aws-cluster.yaml
azure-cluster.yaml		azure-cluster.yaml
cilium-config.yaml		cilium-config.yaml
configure-volumes.sh		configure-volumes.sh
create-volumes-simple.sh		create-volumes-simple.sh
cve-monitoring.sh		cve-monitoring.sh
demo-launcher.sh		demo-launcher.sh
deploy-capi-cloud-clusters.sh		deploy-capi-cloud-clusters.sh
deploy-capi-simple.sh		deploy-capi-simple.sh
deploy-direct.sh		deploy-direct.sh
deploy-docker-clusters-to-volumes.sh		deploy-docker-clusters-to-volumes.sh
deploy-kind-clusters.sh		deploy-kind-clusters.sh
deploy-multi-cloud-clusters.sh		deploy-multi-cloud-clusters.sh
deploy-now.sh		deploy-now.sh
deploy-security-networking-monitoring.sh		deploy-security-networking-monitoring.sh
deploy-simple-stack.sh		deploy-simple-stack.sh
deploy-with-manifests.sh		deploy-with-manifests.sh
digitalocean-cluster.yaml		digitalocean-cluster.yaml
docker-cluster-fixed.yaml		docker-cluster-fixed.yaml
docker-cluster.yaml		docker-cluster.yaml
dynamic-volume-mounter.sh		dynamic-volume-mounter.sh
gcp-cluster.yaml		gcp-cluster.yaml
global-hook-test.txt		global-hook-test.txt
ibm-cluster.yaml		ibm-cluster.yaml
load-generator.yaml		load-generator.yaml
manage-nix-packages.sh		manage-nix-packages.sh
multi-cloud-clusters.yaml		multi-cloud-clusters.yaml
nginx-deployment.yaml		nginx-deployment.yaml
nix-architecture.md		nix-architecture.md
nix-system-trusted-users.conf		nix-system-trusted-users.conf
nix-user-config.conf		nix-user-config.conf
security-cve-analysis.md		security-cve-analysis.md
security-scan-and-update.sh		security-scan-and-update.sh
setup-complete-infrastructure.sh		setup-complete-infrastructure.sh
setup-container-runtime.sh		setup-container-runtime.sh
setup-cross-cloud-networking.sh		setup-cross-cloud-networking.sh
setup-kubeconfig.sh		setup-kubeconfig.sh
setup-macos-networking.sh		setup-macos-networking.sh
setup-main.sh		setup-main.sh
setup-nix-complete.sh		setup-nix-complete.sh
setup-nix-environment.sh		setup-nix-environment.sh
setup-provider-networking.sh		setup-provider-networking.sh
setup-simple-proxy.sh		setup-simple-proxy.sh
test-app.yaml		test-app.yaml
test-cluster-deployment.sh		test-cluster-deployment.sh
test-yubikey-connected.txt		test-yubikey-connected.txt
update-vulnerable-versions.sh		update-vulnerable-versions.sh
working-cluster.yaml		working-cluster.yaml

blind3dd/multi-cloud-k8s-local

Folders and files

Latest commit

History

Repository files navigation