Abstract
We should set up a Wireguard mesh network on each of the hosts so that we can have secure inter-node networking. We'll need to allocate a subnet for each server which we can then add containers and services onto for inter-node communication.
We'll most likely put together a PDEP for these allocations, it'll be something like 10.1.0.0/16 is assigned to turing, 10.2.0.0/16 is assigned to lovelace and so on. We'll also allocate a subnet for DevOps team members so that they can access the internal network and have full reach into services.
Implementation
We need to:
- Install wireguard on all hosts
- Generate wireguard private keys for all hosts
- Collect public keys for all hosts
- Template a wireguard configuration that configures the routing for each node
- This should obviously not include the current host
- We'll also template in the DevOps team members, team members will generate a key-pair and PR their public component to the role
Abstract
We should set up a Wireguard mesh network on each of the hosts so that we can have secure inter-node networking. We'll need to allocate a subnet for each server which we can then add containers and services onto for inter-node communication.
We'll most likely put together a PDEP for these allocations, it'll be something like
10.1.0.0/16is assigned toturing,10.2.0.0/16is assigned tolovelaceand so on. We'll also allocate a subnet for DevOps team members so that they can access the internal network and have full reach into services.Implementation
We need to: