Cluster — hardware as a service.
This is where it gets fun. Multiple kldload nodes connected via WireGuard, orchestrated by Salt, optionally running Kubernetes. Build a cluster in the morning. Blow it away with a cron job at 8 PM. Sell the hardware time. Rebuild at 4 AM. Bare metal as disposable as cloud instances.
The architecture
Four WireGuard planes
wg0 — Enrollment only (how new nodes join)
wg1 — Management (Salt, SSH, web UI)
wg2 — Workload (Kubernetes, containers)
wg3 — Storage (NFS, iSCSI, ZFS replication, monitoring)
Each plane is a separate encrypted tunnel on a separate port. Management traffic never touches the workload network. Storage never touches the internet. Network segmentation without VLANs, without managed switches, without complexity.
The recipe
# Node 1: Install as master (hub for all WireGuard planes)
# Node 2-N: Install as workers (connect to master via wg0)
# On the master — Salt accepts all nodes automatically
salt-key -A -y
# Deploy a configuration to all nodes
salt "*" state.highstate
# Optional: add Kubernetes
kubeadm init --pod-network-cidr=10.244.0.0/16
# Workers join via wg2 (workload plane)
kubeadm join 10.79.0.1:6443 --token ...
# Hardware as a service: tear down at 8 PM, rebuild at 4 AM
# crontab -e
0 20 * * * /usr/local/sbin/cluster-teardown.sh
0 4 * * * /usr/local/sbin/cluster-rebuild.shWhat you'll learn
Network segmentation
Why management and workload traffic should never share a wire. How WireGuard makes this trivial without enterprise switches. Why four planes is the sweet spot.
Orchestration
Push (Ansible) vs. pull (Puppet) vs. event-driven (Salt). Why Salt's ZeroMQ bus scales where SSH-based tools don't. When Kubernetes is the right answer and when it's overkill.
Disposable infrastructure
The cloud taught us servers are cattle, not pets. kldload brings that mindset to bare metal. If rebuilding takes 5 minutes, why maintain state? Blow it away. Start fresh. The cron job is your scaling policy.