scottk/homelab
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/homelab.git synced 2025-10-31 18:07:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: Updated README and QUICKSTART to be more in line with current setup

Browse Source
This commit is contained in:
Vegard Hagen
2023-01-22 21:58:23 +01:00
parent 450117ae55
commit 4ea04bc8ab
2 changed files with 46 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
QUICKSTART.md
View File

@@ -32,7 +32,7 @@ kubectl taint nodes --all node-role.kubernetes.io/control-plane-
cilium install cilium install
``` ```
# Load Balancer # MetalLB
## Install MetalLB for LoadBalancing ## Install MetalLB for LoadBalancing
@@ -42,18 +42,18 @@ https://raw.githubusercontent.com/metallb/metallb/v0.13.7/config/manifests/metal
kubectl apply -k infra/metallb kubectl apply -k infra/metallb
``` ```
# Traefik # Traefik reverse proxy
https://doc.traefik.io/traefik/v2.9/user-guides/crd-acme/ https://doc.traefik.io/traefik/v2.9/user-guides/crd-acme/
## Run Terraform-script ```shell
kubectl kustomize --enable-helm infra/traefik | ku apply -f -
```
This will create a cert-storage `StorageClass` and a traefik-cert-pv `PersistentVolume` for use by Traefik before # ArgoCD
installing Traefik in the `kube-system` namespace using the official Traefik Helm chart which binds to the
traefik-cert-pv `PersistentVolume` for persistent storage of certificates using the traefik `PersistentVolumeClaim`. https://argo-cd.readthedocs.io/en/stable/getting_started/
```shell ```shell
terraform init kubectl apply -k infra/traefik
terraform plan
terraform apply
``` ```

83
README.md
View File

@@ -20,18 +20,12 @@ sudo apt-get update
sudo apt-get install -y containerd conntrack socat kubelet kubeadm kubectl sudo apt-get install -y containerd conntrack socat kubelet kubeadm kubectl
``` ```
cri-ctl: https://github.com/kubernetes-sigs/cri-tools Kubelet 1.26 requires containerd 1.6.0 or later.
TODO: nerdctl?
We are going to use Cilium kube-proxy (TODO)
## Initialise cluster ## Initialise cluster
```shell We are going to use cilium in place of kube-proxy
sudo kubeadm init https://docs.cilium.io/en/v1.12/gettingstarted/kubeproxy-free/
```
Kubelet 1.26 requires containerd 1.6.0+
```shell ```shell
sudo kubeadm init --skip-phases=addon/kube-proxy sudo kubeadm init --skip-phases=addon/kube-proxy
@@ -88,63 +82,30 @@ Install Cilium
cilium install cilium install
``` ```
// TODO: Directly by Helm chart
```shell
helm template --namespace kube-system cilium cilium/cilium --version 1.12.1 --set cluster.id=0,cluster.name=kubernetes,encryption.nodeEncryption=false,kubeProxyReplacement=disabled,operator.replicas=1,serviceAccounts.cilium.name=cilium,serviceAccounts.operator.name=cilium-operator,tunnel=vxlan
```
Validate install Validate install
```shell ```shell
cilium status cilium status
``` ```
### (Optional) Replace kube-proxy with Cilium [TODO]
https://docs.cilium.io/en/v1.12/gettingstarted/kubeproxy-free/
*NB* Cluster should be initialised with
```shell
sudo kubeadm init --skip-phases=addon/kube-proxy
```
## MetalLB ## MetalLB
For load balancing For load balancing
https://metallb.universe.tf/installation/ https://metallb.universe.tf/installation/
Installation
https://raw.githubusercontent.com/metallb/metallb/v0.13.5/config/manifests/metallb-native.yaml
```shell ```shell
kubectl apply -f infra/metallb/00-manifest.yml kubectl apply -f infra/metallb
```
Configure IP-pool and advertise as Level 2
https://metallb.universe.tf/configuration/
```yaml
kubectl apply -f infra/metallb/01-configuration.yml
``` ```
# Traefik # Traefik
Configure `helm/traefik-values.ymal` and run Install Traefik
```shell ```shell
terraform init kubectl kustomize --enable-helm infra/traefik | ku apply -f -
terraform plan
terraform apply
``` ```
to deploy Traefik using Helm
**NB:** It appears we need the "volume-permissions" init container for Traefik if using `StorageClass` with
provisioner `kubernetes.io/no-provisioner`
## Port forward Traefik ## Port forward Traefik
Port forward Traefik ports in router from 8000 to 80 for http and 4443 to 443 for https. Port forward Traefik ports in router from 8000 to 80 for http and 4443 to 443 for https.
@@ -152,6 +113,21 @@ IP can be found with `kubectl get svc`.
# Test-application # Test-application
## Generate secret
```yaml
apiVersion: v1
kind: Secret
metadata:
name: traefik-forward-auth-secrets
namespace: whoami
type: Opaque
data:
google-client-id: <...>
google-client-secret: <...>
secret: <...>
```
Deploy a test-application by running Deploy a test-application by running
```shell ```shell
@@ -162,9 +138,17 @@ An unsecured test-application `whoami` should be available at [https://test.${DO
If you configured `apps/whoami/traefik-forward-auth` correctly a secured version should be available If you configured `apps/whoami/traefik-forward-auth` correctly a secured version should be available
at [https://whoami.${DOMAIN}](https://whoami.${DOMAIN}) at [https://whoami.${DOMAIN}](https://whoami.${DOMAIN})
# ArgoCD
[ArgoCD](https://argo-cd.readthedocs.io/en/stable/getting_started/) is configured to bootstrap the rest of the cluster
```shell
kubectl apply -k infra/traefik
```
# Kubernetes Dashboard # Kubernetes Dashboard
An OIDC (treaefik-forward-auth) An OIDC (traefik-forward-auth)
protected [Kubernetes Dashboard](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/) can be protected [Kubernetes Dashboard](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/) can be
deployed using deployed using
@@ -181,9 +165,12 @@ sudo iptables -F && sudo iptables -t nat -F && sudo iptables -t mangle -F && sud
sudo ipvsadm -C sudo ipvsadm -C
``` ```
# Troubleshoot # Troubleshooting
Missing runc-config in containerd Kubernetes 1.26 requires containerd 1.6.0 or later due to the removal of support for CRI
version `v1alpha2` ([link](https://kubernetes.io/blog/2022/11/18/upcoming-changes-in-kubernetes-1-26/#cri-api-removal)).
Make sure that `runc` is properly configured in containerd.
```shell ```shell
sudo cat /etc/containerd/config.toml sudo cat /etc/containerd/config.toml