moritz
/
infrapuzzle
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
infrapuzzle/k8s/README.md

236 lines
5.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# k8s
This folder holds all the services required for my private infrastructure. Following contraints apply:
* Order of implementation is top down.
* Every namespace has a subfolder within this subdirectory.
* helm3
# Operations
Cleanup `Error` pods.
```sh
kubectl get pods | grep Error | cut -d' ' -f 1 | xargs kubectl delete pod
```
Redeploy a deployment:
```sh
DEPLOYMENT="rstudio"
NAMESPACE="datalab"
kubectl patch deployment $DEPLOYMENT -n $NAMESPACE -p "{\"spec\": {\"template\": {\"metadata\": { \"labels\": { \"redeploy\": \"$( date +%s )\"}}}}}"
```
# Deployment
## namespaces
```sh
namespaces="flux cert-manager nginx-ingress infrapuzzle kuard auth nextcloud datalab web development tt-rss backup monitoring"
for i in $( echo $NAMESPACES ) ; do
k create ns $i
done
```
## helm repositories
```sh
helm repo add stable https://kubernetes-charts.storage.googleapis.com
helm repo add jetstack https://charts.jetstack.io
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add k8s-land https://charts.k8s.land
helm repo update
```
## [ingress-controller](https://github.com/helm/charts/tree/master/stable/nginx-ingress)
Apply with helm-operator:
```bash
helm upgrade nginx-ingress stable/nginx-ingress -n nginx-ingress -f nginx-ingress/nginx-ingress.yaml
```
## [cert-manager](https://cert-manager.io/docs/tutorials/acme/ingress/)
Apply with helm-operator:
```bash
helm upgrade cert-manager jetstack/cert-manager -n cert-manager -f cert-manager/cert-manager.yaml
# probably not even needed:
$ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/master/deploy/manifests/00-crds.yaml
# this is required:
$ kubectl apply -f cert-manager/staging-issuer.yaml
$ kubectl apply -f cert-manager/production-issuer.yaml
```
To test all this you may use the kuaard demo project:
```sh
$ kubectl apply -f kuard
# checkout: https://kuard.haumdaucher.de
$ kubectl delete -f kuard
```
## Add private docker registry
```sh
# create secret base64 encoded and put it in htpasswd helm chart
USER='moritz'
PASSWORD='xxx'
docker run --entrypoint htpasswd --rm registry:2 -Bbn $USER $PASSWORD
# #
helm upgrade --install docker-registry stable/docker-registry -n development -f development/registry.secret.yaml
##kubectl apply -f development/registry.secret.yaml
```
### creating docker-pull-secret
Create credentials secret [according to docu](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line):
```sh
namespaces="datalab"
for i in $( echo $namespaces ) ; do
kubectl create secret docker-registry registry-haumdaucher-de \
-n $i \
--docker-server=registry.haumdaucher.de \
--docker-username=moritz \
--docker-password='xxx' \
--docker-email=moritz@moritzgraf.de \
--dry-run -o yaml > ./${i}/docker-pull.yaml.secret
done
# apply
for i in $( echo $namespaces ) ; do
kubectl apply -f ${i}/docker-pull.yaml.secret
done
```
## rstudio
Currently only for one user:
```sh
kubectl apply -f datalab/rstudio.yaml
```
## tt-rss
Includes *persistent data* from mariadb table `tt-rss`.
```sh
helm upgrade --install tt-rss-mariadb bitnami/mariadb -n tt-rss -f tt-rss/tt-rss-mariadb.secret.yml
helm upgrade --install tt-rss-phpmyadmin bitnami/phpmyadmin -n tt-rss -f tt-rss/tt-rss-phpmyadmin.yml
kubectl apply -f tt-rss/
```
## monitoring
```sh
helm upgrade --install prometheus-operator stable/prometheus-operator -n monitoring -f monitoring/prometheus-operator.secret.yml
```
## gitea
In case my PRs have been accepted this is no longer necessary:
```sh
git clone git@github.com:iptizer/gitea-chart.git
```
```sh
# from chart repo
helm upgrade --install gitea k8s-land/gitea -n development -f development/gitea.secret.yml
# from local folder
helm upgrade --install gitea ./gitea-chart -n development -f development/gitea.secret.yml
# phpmyadmin
helm upgrade --install gitea-phpmyadmin bitnami/phpmyadmin -n development -f development/gitea-phpmyadmin.yml
```
### backup
//TODO something with gitea dump to stdout and rclone to dropbox
### restore
For backup & restore see [gitea documentation](https://docs.gitea.io/en-us/backup-and-restore/).
Download the `gitea-dump` locally and proceed with the following commands:
```sh
mkdir gitea_restore
mv gitea-dump-1587901016.zip gitea_restore
cd gitea_restore
unzip gitea-dump-1587901016.zip
Archive: gitea-dump-1587901016.zip
inflating: gitea-repo.zip
creating: custom/
[...]
```
Import of sql may be done via phpmyadmin.
Copy to remote pod:
```sh
kubectl cp ./gitea-repo.zip gitea-gitea-69cd9bc59b-q2b2f:/data/git/
```
And finally unzip inside shell on pod:
```sh
cd /data/git/
unzip gitea-repo.zip
mv repositories/ gitea-repositories/
```
Then login to git.moritzgraf.de and proceed with default values, or adjust them.
## minio
```sh
kubectl apply -f minio
```
## auth
Including:
* openLDAP
* phpldapadmin
* ldap self service
* dex
```sh
```
## nextcloud
Install with helm
```sh
```
Migate
Backup
## Add mopbot & corona & corona-api
```sh
kubectl apply -f datalab/
```
## Web
```sh
kubectl apply -f web/
```
Reference in New Issue View Git Blame Copy Permalink