History

Moritz Graf 2857921a2e Fixing unused values in loghorn		2020-04-14 14:55:41 +02:00
..
auth	Tryout with storageos - not successful	2020-04-10 01:29:08 +02:00
cert-manager	Adding # status: notices	2020-04-05 19:40:18 +02:00
datalab	Changing to registry haumdaucher for datalab	2020-04-11 22:53:50 +02:00
development	Adding DB for tt-rss	2020-04-11 23:48:53 +02:00
kuard	Commenting kuard out, as it is only for dev	2020-04-11 22:31:16 +02:00
longhorn-system	Fixing unused values in loghorn	2020-04-14 14:55:41 +02:00
minio	Moning awscli pod to minio namespace	2020-04-13 23:32:36 +02:00
nextcloud	Adding # status: notices	2020-04-05 19:40:18 +02:00
nginx-ingress	Adding # status: notices	2020-04-05 19:40:18 +02:00
troubleshoot	Adding # status: notices	2020-04-05 19:40:18 +02:00
tt-rss	Migrating tt-rss	2020-04-13 19:24:01 +02:00
web	Adding secrets for registry	2020-04-10 00:45:20 +02:00
README.md	Adding minio for backup	2020-04-13 22:43:16 +02:00

README.md

k8s

This folder holds all the services required for my private infrastructure. Following contraints apply:

Order of implementation is top down.
Every namespace has a subfolder within this subdirectory.
helm3

Operations

Cleanup Error pods.

kubectl get pods | grep Error | cut -d' ' -f 1 | xargs kubectl delete pod

Redeploy a deployment:

DEPLOYMENT="rstudio"
NAMESPACE="datalab"
kubectl patch deployment $DEPLOYMENT -n $NAMESPACE -p "{\"spec\": {\"template\": {\"metadata\": { \"labels\": {  \"redeploy\": \"$( date +%s )\"}}}}}"

Deployment

namespaces

namespaces="flux cert-manager nginx-ingress infrapuzzle kuard auth nextcloud datalab web development longhorn-system tt-rss backup"
for i in $( echo $NAMESPACES ) ; do
  k create ns $i
done

helm-operator

As I use helm extensively, using the helm-operator was a logical step. See documentation for installation.

$ helm repo add fluxcd https://charts.fluxcd.io
$ helm repo update
$ kubectl apply -f https://raw.githubusercontent.com/fluxcd/helm-operator/master/deploy/crds.yaml
$ helm upgrade -i helm-operator fluxcd/helm-operator \
    --namespace flux \
    --set helm.versions=v3

ingress-controller

Apply with helm-operator:

$ kubectl apply -f nginx-ingress/ingress.yaml

cert-manager

Apply with helm-operator:

$ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/master/deploy/manifests/00-crds.yaml
$ kubectl apply -f cert-manager/cert-manager.yaml
$ kubectl apply -f cert-manager/staging-issuer.yaml
$ kubectl apply -f cert-manager/production-issuer.yaml

To test all this you may use the kuaard demo project:

$ kubectl apply -f kuard
# checkout: https://kuard.haumdaucher.de
$ kubectl delete -f kuard

longhorn-system

# on node:
sudo yum install -y iscsi-initiator-utils
# locally
kubectl apply -f longhorn-system/longhorn.yaml

rstudio

Currently only for one user:

kubectl apply -f datalab/rstudio.yaml

Add private docker registry

# create secret base64 encoded and put it in htpasswd helm chart
USER='moritz'
PASSWORD='xxx'
docker run --entrypoint htpasswd --rm registry:2 -Bbn $USER $PASSWORD
# 
kubectl apply -f development/registry.secret.yaml

creating docker-pull-secret

Create credentials secret according to docu:

namespaces="datalab"
for i in $( echo $namespaces ) ; do
  kubectl create secret docker-registry registry-haumdaucher-de \
    -n $i \
    --docker-server=registry.haumdaucher.de \
    --docker-username=moritz \
    --docker-password='xxx' \
    --docker-email=moritz@moritzgraf.de \
    --dry-run -o yaml > ./${i}/docker-pull.yaml.secret
done
# apply
for i in $( echo $namespaces ) ; do
  kubectl apply -f ${i}/docker-pull.yaml.secret
done

tt-rss

Includes persistent data from mariadb table tt-rss.

kubectl apply -f tt-rss/

minio

kubectl apply -f minio

auth

Including:

openLDAP
phpldapadmin
ldap self service
dex

nextcloud

Install with helm

Migate

Backup

Add mopbot & corona & corona-api

kubectl apply -f datalab/

Web

kubectl apply -f web/