simonkaiser
/
k8s-kaisers-info
Obserwuj 1
Gwiazdka 0
Forkuj 0
Kod Problemy 0 Pull Requests 0 Wydania 0 Wiki Aktywność
Brak opisu
136 Commity
1 Gałąź
Drzewo: 0473ff48f9
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z '0473ff48f9'
${ noResults }
k8s-kaisers-info
Simon Kaiser 0473ff48f9 Sealed secrets 3 lat temu
blog-kaisers-info Longhorn for wordpress 3 lat temu
cloud-kaisers-info Nextcloud config 3 lat temu
docs Fixes dublicate cert-manager ressources 3 lat temu
gitops-kaisers-info Sealed secrets 3 lat temu
longhorn-kaisers-info Longhorn config for gitea 3 lat temu
services-kaisers-info Sealed secrets 3 lat temu
.DS_Store Sealed secrets 3 lat temu
.gitignore Sealed secrets 3 lat temu
README.md Sealed secrets 3 lat temu
application-blog-kaisers-info.yaml tls 3 lat temu
application-cloud-kaisers-info.yaml Projects 3 lat temu
application-gitops-kaisers-info.yaml Projects 3 lat temu
application-longhorn-kaisers-info.yaml Adds longhorn 3 lat temu
application-services-kaisers-info.yaml Services app 3 lat temu

README.md

k8s-kaisers-info

All services deployed for kaisers.info as GitOps-capable k8s deployment

Cluster

k3s

curl -sfL https://get.k3s.io | sh -s - server --disable-local-storage

Cert-Manager CRDs

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml

ArgoCD

helm install -n argocd argo-cd argo/argo-cd --create-namespace
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj-labs/applicationset/v0.3.0/manifests/install.yaml
// version must fit cert-manager in gitops-kaisers-info
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

Longhorn

kubectl apply -f application-longhorn-kaisers-info.yaml

GitOps

kubectl apply -f application-gitops-kaisers-info.yaml

Sealed-Secrets

Own Certificates

https://github.com/bitnami-labs/sealed-secrets/blob/main/docs/bring-your-own-certificates.md

export PRIVATEKEY="k8-kaisers-info-sealedsecret.key"
export PUBLICKEY="k8-kaisers-info-sealedsecret.crt"
export NAMESPACE="sealed-secrets"
export SECRETNAME="k8-kaisers-info-sealedsecret"

openssl req -x509 -nodes -newkey rsa:4096 -keyout "$PRIVATEKEY" -out "$PUBLICKEY" -subj "/CN=sealed-secret/O=sealed-secret"
kubectl -n "$NAMESPACE" create secret tls "$SECRETNAME" --cert="$PUBLICKEY" --key="$PRIVATEKEY"
kubectl -n "$NAMESPACE" label secret "$SECRETNAME" sealedsecrets.bitnami.com/sealed-secrets-key=active
kubectl -n "$NAMESPACE" delete pod -l name=app.kubernetes.io/name=sealed-secrets 
kubectl -n "$NAMESPACE" logs -l name=sealed-secrets-controller

Sealing a secret

kubeseal --cert "./${PUBLICKEY}" --scope cluster-wide < mysecret.yaml | kubectl apply -f-

Services

Services

kubectl apply -f application-services-kaisers-info.yaml

Nextcloud

kubectl apply -f application-cloud-kaisers-info.yaml

Wordpress

kubectl apply -f application-blog-kaisers-info.yaml

https://artifacthub.io/packages/helm/gitea/gitea helm repo add gitea https://dl.gitea.io/charts helm install -n gitea --create-namespace gitea gitea/gitea -f gitea/values.ymal

https://artifacthub.io/packages/helm/argo/argo-cd helm repo add argo https://argoproj.github.io/argo-helm helm install -n argocd --create-namespace argo-cd argo/argo-cd -f argo-cd/values.yaml

https://artifacthub.io/packages/helm/crossplane/crossplane helm repo add crossplane-stable https://charts.crossplane.io/stable helm install -n crossplane --create-namespace crossplane crossplane/crossplane -f crossplane/values.yaml

https://artifacthub.io/packages/helm/goauthentik/authentik helm repo add goauthentik https://charts.goauthentik.io/ helm install -n authentik --create-namespace authentik goauthentik/authentik -f authentik/values.yaml