Skip to content

Commit

Permalink
Bump to k8s 1.27
Browse files Browse the repository at this point in the history
  • Loading branch information
@erebe
erebe committed Aug 19, 2023
1 parent 9f5f212 commit 86f05ba
Show file tree
Hide file tree
Showing 48 changed files with 550 additions and 5,596 deletions.
21 changes: 6 additions & 15 deletions Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
HOST='root@erebe.eu'
RASPBERRY='pi@10.200.200.2'

.PHONY: install deploy release dns sudo ssh package firewall kubernetes_install k8s email nextcloud nextcloud_resync_file backup app wireguard pihole webhook blog minio dashy vaultwarden warpgate
.PHONY: install deploy release dns sudo ssh package firewall k8s email nextcloud nextcloud_resync_file backup app wireguard pihole webhook blog minio dashy vaultwarden warpgate

deploy: dns sudo ssh package firewall k8s email nextcloud webhook backup wireguard blog dashy vaultwarden warpgate

Expand Down Expand Up @@ -55,26 +55,20 @@ firewall:
ssh ${HOST} 'chmod +x /etc/nftables.conf && /etc/nftables.conf'
ssh ${HOST} 'systemctl daemon-reload && systemctl enable nftables.service'

kubernetes_install:
ssh ${HOST} 'export INSTALL_K3S_EXEC=" --disable servicelb --disable traefik --disable local-storage --disable-cloud-controller --disable-network-policy --advertise-address 10.200.200.1 "; \
curl -sfL https://get.k3s.io | sh -'
#ssh ${HOST} "cat /etc/systemd/system/k3s.service" | diff - k8s/k3s.serivce \
|| (scp k8s/k3s.service ${HOST}:/etc/systemd/system/k3s.service && ssh ${HOST} 'systemctl daemon-reload && systemctl restart k3s.service')

k8s:
#helm3 repo add stable https://kubernetes-charts.storage.googleapis.com/
#helm3 repo update
kubectl apply -k k8s/nginx
kubectl apply --validate=false -f k8s/cert-manager-v1.10.0.yml
kubectl apply -k k8s/cert-manager
kubectl apply -f k8s/lets-encrypt-issuer.yml
kubectl create secret generic gandi-api-token --namespace cert-manager \
--from-literal=api-token="$(sops -d --extract '["apirest"]["key"]' secrets/gandi.yml)"
kubectl delete secret gandi-credentials --namespace cert-manager || exit 0
kubectl create secret generic gandi-credentials --namespace cert-manager \
--from-literal=api-token="$(shell sops -d --extract '["apirest"]["key"]' secrets/gandi.yml)"
helm upgrade --install cert-manager-webhook-gandi cert-manager-webhook-gandi \
--repo https://bwolf.github.io/cert-manager-webhook-gandi \
--version v0.2.0 \
--namespace cert-manager \
--set features.apiPriorityAndFairness=true \
--set logLevel=2
-f k8s/cert-manager-webhook-gandi.yaml

email:
sops -d --output secrets_decrypted/dovecot.yml secrets/dovecot.yml
Expand Down Expand Up @@ -123,9 +117,6 @@ wireguard:


pihole:
sops exec-env secrets/wireguard.yml 'cp pihole/wg0.conf secrets_decrypted/; for i in $$(env | grep _KEY | cut -d = -f1); do sed -i "s#__$${i}__#$${!i}#g" secrets_decrypted/wg0.conf ; done'
rsync --rsync-path="sudo rsync" secrets_decrypted/wg0.conf ${RASPBERRY}:/etc/wireguard/wg0.conf
ssh ${RASPBERRY} 'sudo systemctl enable wg-quick@wg0; sudo systemctl restart wg-quick@wg0'
kubectl apply -f pihole/pihole.yml

minio:
Expand Down
14 changes: 11 additions & 3 deletions app/couber.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ spec:
spec:
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
tolerations:
- key: "kubernetes.io/hostname"
operator: "Equal"
value: "server"
containers:
- name: couber
image: ghcr.io/erebe/couber:latest
Expand Down Expand Up @@ -56,7 +60,7 @@ spec:
clusterIP: None
type: ClusterIP
---
apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: couber-ingress
Expand All @@ -74,6 +78,7 @@ metadata:
}
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: "nginx"
tls:
- hosts:
- coub.erebe.eu
Expand All @@ -83,6 +88,9 @@ spec:
http:
paths:
- path: /
pathType: Prefix
backend:
serviceName: couber
servicePort: 8081
service:
name: couber
port:
number: 8081
19 changes: 13 additions & 6 deletions app/warpgate.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ spec:
- key: kubernetes.io/hostname
operator: In
values:
- minio-48e6a175
- minio
containers:
- name: warpgate
image: ghcr.io/warp-tech/warpgate:v0.7.4
Expand Down Expand Up @@ -72,7 +72,7 @@ spec:
clusterIP: None
type: ClusterIP
---
apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: warpgate-ingress
Expand All @@ -82,6 +82,7 @@ metadata:
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: "nginx"
tls:
- hosts:
- "warp.erebe.eu"
Expand All @@ -92,13 +93,19 @@ spec:
http:
paths:
- path: /
pathType: Prefix
backend:
serviceName: warpgate
servicePort: 8888
service:
name: warpgate
port:
number: 8888
- host: "*.warp.erebe.eu"
http:
paths:
- path: /
pathType: Prefix
backend:
serviceName: warpgate
servicePort: 8888
service:
name: warpgate
port:
number: 8888
14 changes: 11 additions & 3 deletions app/wstunnel.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ spec:
spec:
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
tolerations:
- key: "kubernetes.io/hostname"
operator: "Equal"
value: "server"
containers:
- name: wstunnel
image: ghcr.io/erebe/wstunnel:latest
Expand Down Expand Up @@ -45,7 +49,7 @@ spec:
clusterIP: None
type: ClusterIP
---
apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: wstunnel-ingress
Expand All @@ -57,6 +61,7 @@ metadata:
nginx.ingress.kubernetes.io/connection-proxy-header: "upgrade"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: "nginx"
tls:
- hosts:
- ws.erebe.eu
Expand All @@ -66,6 +71,9 @@ spec:
http:
paths:
- path: /
pathType: Prefix
backend:
serviceName: wstunnel
servicePort: http
service:
name: wstunnel
port:
name: http
4 changes: 4 additions & 0 deletions backup/backup-cron.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@ spec:
spec:
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
tolerations:
- key: "kubernetes.io/hostname"
operator: "Equal"
value: "server"
containers:
- name: backup
image: alpine
Expand Down
2 changes: 1 addition & 1 deletion backup/backup-minio.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ spec:
- key: kubernetes.io/hostname
operator: In
values:
- minio-48e6a175
- minio
containers:
- name: backup
image: alpine
Expand Down
16 changes: 12 additions & 4 deletions dashy/dashy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,18 @@ spec:
- key: kubernetes.io/hostname
operator: In
values:
- minio-48e6a175
- minio
containers:
- name: dashy
image: docker.io/lissy93/dashy:2.1.1
imagePullPolicy: IfNotPresent
env:
- name: HOST
value: "::"
- name: PORT
value: "8080"
- name: NODE_ENV
value: "PRODUCTION"
ports:
- containerPort: 8080
name: http
Expand Down Expand Up @@ -74,14 +78,15 @@ spec:
clusterIP: None
type: ClusterIP
---
apiVersion: extensions/v1beta1
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashy-ingress
annotations:
kubernetes.io/ingress.class: "nginx"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
ingressClassName: "nginx"
tls:
- hosts:
- board.erebe.eu
Expand All @@ -91,6 +96,9 @@ spec:
http:
paths:
- path: /
pathType: Prefix
backend:
serviceName: dashy
servicePort: 8080
service:
name: dashy
port:
number: 8080
4 changes: 4 additions & 0 deletions email/deployment.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,10 @@ spec:
spec:
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
tolerations:
- key: "kubernetes.io/hostname"
operator: "Equal"
value: "server"
containers:
- name: mail
image: ghcr.io/erebe/email:latest
Expand Down
Loading

0 comments on commit 86f05ba

Please sign in to comment.