123 lines
2.8 KiB
Markdown
123 lines
2.8 KiB
Markdown
# k8s
|
|
|
|
This folder holds all the services required for my private infrastructure. Following contraints apply:
|
|
|
|
* Order of implementation is top down.
|
|
* Every namespace has a subfolder within this subdirectory.
|
|
* helm3
|
|
|
|
# Operations
|
|
|
|
Cleanup `Error` pods.
|
|
|
|
```sh
|
|
kubectl get pods | grep Error | cut -d' ' -f 1 | xargs kubectl delete pod
|
|
```
|
|
|
|
# Deployment
|
|
|
|
## namespaces
|
|
|
|
```sh
|
|
namespaces="flux cert-manager nginx-ingress infrapuzzle kuard auth nextcloud datalab"
|
|
for i in $( echo $NAMESPACES ) ; do
|
|
k create ns $i
|
|
done
|
|
```
|
|
|
|
## [helm-operator](https://github.com/fluxcd/helm-operator/blob/master/chart/helm-operator/README.md)
|
|
|
|
As I use helm extensively, using the helm-operator was a logical step. [See documentation for installation.](https://github.com/fluxcd/helm-operator/blob/master/chart/helm-operator/README.md)
|
|
|
|
```bash
|
|
$ helm repo add fluxcd https://charts.fluxcd.io
|
|
$ helm repo update
|
|
$ kubectl apply -f https://raw.githubusercontent.com/fluxcd/helm-operator/master/deploy/crds.yaml
|
|
$ helm upgrade -i helm-operator fluxcd/helm-operator \
|
|
--namespace flux \
|
|
--set helm.versions=v3
|
|
```
|
|
|
|
## [ingress-controller](https://github.com/helm/charts/tree/master/stable/nginx-ingress)
|
|
|
|
Apply with helm-operator:
|
|
|
|
```bash
|
|
$ kubectl apply -f nginx-ingress/ingress.yaml
|
|
```
|
|
|
|
## [cert-manager](https://cert-manager.io/docs/tutorials/acme/ingress/)
|
|
|
|
Apply with helm-operator:
|
|
|
|
```bash
|
|
$ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/master/deploy/manifests/00-crds.yaml
|
|
$ kubectl apply -f cert-manager/cert-manager.yaml
|
|
$ kubectl apply -f cert-manager/staging-issuer.yaml
|
|
$ kubectl apply -f cert-manager/production-issuer.yaml
|
|
```
|
|
|
|
To test all this you may use the kuaard demo project:
|
|
|
|
```sh
|
|
$ kubectl apply -f kuard
|
|
# checkout: https://kuard.haumdaucher.de
|
|
$ kubectl delete -f kuard
|
|
```
|
|
|
|
## auth
|
|
|
|
Including:
|
|
|
|
* openLDAP
|
|
* phpldapadmin
|
|
* ldap self service
|
|
* dex
|
|
|
|
|
|
```sh
|
|
|
|
```
|
|
|
|
## nextcloud
|
|
|
|
Install with helm
|
|
|
|
```sh
|
|
|
|
```
|
|
|
|
Migate
|
|
|
|
|
|
Backup
|
|
|
|
## Add private docker registry
|
|
|
|
*Current state:* Registry of hub.moritzgraf.de:5000 is used.
|
|
|
|
Create credentials secret [according to docu](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line):
|
|
|
|
```sh
|
|
namespaces="datalab"
|
|
for i in $( echo $namespaces ) ; do
|
|
kubectl create secret docker-registry hub-moritzgraf-de \
|
|
-n $i \
|
|
--docker-server=hub.moritzgraf.de:5000 \
|
|
--docker-username=moritz \
|
|
--docker-password='xxx' \
|
|
--docker-email=moritz@moritzgraf.de \
|
|
--dry-run -o yaml > ./${i}/docker-pull.yaml.secret
|
|
done
|
|
# apply
|
|
for i in $( echo $namespaces ) ; do
|
|
kubectl apply -f ${i}/docker-pull.yaml.secret
|
|
done
|
|
```
|
|
|
|
## Add mopbot & corona & corona-api
|
|
|
|
```sh
|
|
kubectl apply -f datalab/mopbot.yaml
|
|
kubectl apply -f datalab/corona-api.yaml
|
|
``` |