f6186e7484
|
||
|---|---|---|
| .. | ||
| auth | ||
| cert-manager | ||
| datalab | ||
| development | ||
| kuard | ||
| longhorn-system | ||
| minio | ||
| nextcloud | ||
| nginx-ingress | ||
| openebs | ||
| troubleshoot | ||
| tt-rss | ||
| web | ||
| README.md | ||
README.md
k8s
This folder holds all the services required for my private infrastructure. Following contraints apply:
- Order of implementation is top down.
- Every namespace has a subfolder within this subdirectory.
- helm3
Operations
Cleanup Error pods.
kubectl get pods | grep Error | cut -d' ' -f 1 | xargs kubectl delete pod
Redeploy a deployment:
DEPLOYMENT="rstudio"
NAMESPACE="datalab"
kubectl patch deployment $DEPLOYMENT -n $NAMESPACE -p "{\"spec\": {\"template\": {\"metadata\": { \"labels\": { \"redeploy\": \"$( date +%s )\"}}}}}"
Deployment
namespaces
namespaces="flux cert-manager nginx-ingress infrapuzzle kuard auth nextcloud datalab web development tt-rss backup monitoring"
for i in $( echo $NAMESPACES ) ; do
k create ns $i
done
helm repositories
helm repo add stable https://kubernetes-charts.storage.googleapis.com
helm repo add jetstack https://charts.jetstack.io
helm repo update
ingress-controller
Apply with helm-operator:
helm upgrade nginx-ingress stable/nginx-ingress -n nginx-ingress -f nginx-ingress/nginx-ingress.yaml
cert-manager
Apply with helm-operator:
helm upgrade cert-manager jetstack/cert-manager -n cert-manager -f cert-manager/cert-manager.yaml
# probably not even needed:
$ kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/master/deploy/manifests/00-crds.yaml
# this is required:
$ kubectl apply -f cert-manager/staging-issuer.yaml
$ kubectl apply -f cert-manager/production-issuer.yaml
To test all this you may use the kuaard demo project:
$ kubectl apply -f kuard
# checkout: https://kuard.haumdaucher.de
$ kubectl delete -f kuard
Add private docker registry
# create secret base64 encoded and put it in htpasswd helm chart
USER='moritz'
PASSWORD='xxx'
docker run --entrypoint htpasswd --rm registry:2 -Bbn $USER $PASSWORD
# #
helm upgrade --install docker-registry stable/docker-registry -n development -f development/registry.secret.yaml
##kubectl apply -f development/registry.secret.yaml
rstudio
Currently only for one user:
kubectl apply -f datalab/rstudio.yaml
creating docker-pull-secret
Create credentials secret according to docu:
namespaces="datalab"
for i in $( echo $namespaces ) ; do
kubectl create secret docker-registry registry-haumdaucher-de \
-n $i \
--docker-server=registry.haumdaucher.de \
--docker-username=moritz \
--docker-password='xxx' \
--docker-email=moritz@moritzgraf.de \
--dry-run -o yaml > ./${i}/docker-pull.yaml.secret
done
# apply
for i in $( echo $namespaces ) ; do
kubectl apply -f ${i}/docker-pull.yaml.secret
done
tt-rss
Includes persistent data from mariadb table tt-rss.
kubectl apply -f tt-rss/
minio
kubectl apply -f minio
monitoring
auth
Including:
- openLDAP
- phpldapadmin
- ldap self service
- dex
nextcloud
Install with helm
Migate
Backup
Add mopbot & corona & corona-api
kubectl apply -f datalab/
Web
kubectl apply -f web/