Overview
In this guide we will create a Liquid Metal Platform on devices hosted by Equinix Metal.
The Platform we will end up with is the one used by the team for testing and delivering demos in a near-Production environment. Therefore it is a good place to start and learn more about Liquid Metal while you fine-tune your environments.
Requirements
You will need to have the following to complete this tutorial:
- An Equinix Account
- A Tailscale account
terraform
installed locallytailscale
installed locallykind
installed locallykubectl
installed locallyclusterctl
installed locally
Please do not authenticate your local machine to Tailscale just now.
Outcomes
We will be using Terraform and the terraform-equinix-liquidmetal
to provision our infrastructure.
The module will create the following in your org:
- A new project
- A VLAN in that project
- A "networking hub" device to run our DHCP server, NAT forwarding and VPN subnet router
N
devices to act as MicroVM hosts running theflintlockd
service
The following networking topology will be applied:
- All devices will be configured in Hybrid Bonded mode.
- All devices will be connected to a VLAN (
100
) tagged to their bonded interface. The VLAN's subnet will be192.168.10.0/25
. - A DHCP server will be configured to assign MicroVM addresses from within that VLAN's private range.
- MicroVMs will have
macvtap
devices mapped to their host's VLAN interface. - NAT and filter rules will forward egress traffic from the VLAN interface to the parent bond.
- A VPN subnet router will route traffic from local VPN-connected devices to MicroVMs in the private subnet.
At the time of writing, the private subnet for MicroVMs (192.168.10.0/25
) is
not configurable with the terraform module used in this tutorial. This may cause
issues if you are using the same network on your local workstation.
Fixing this is on our todo list.