Simon Kaiser
776920cf14
No clue
|
il y a 3 ans | |
|---|---|---|
| blog-kaisers-info | il y a 3 ans | |
| cloud-kaisers-info | il y a 3 ans | |
| cluster-kaisers-info | il y a 3 ans | |
| docs | il y a 3 ans | |
| gitops-kaisers-info | il y a 3 ans | |
| services-kaisers-info | il y a 3 ans | |
| .DS_Store | il y a 3 ans | |
| .gitignore | il y a 3 ans | |
| README.md | il y a 3 ans | |
| application-blog-kaisers-info.yaml | il y a 3 ans | |
| application-cloud-kaisers-info.yaml | il y a 3 ans | |
| application-cluster-kaisers-info.yaml | il y a 3 ans | |
| application-gitops-kaisers-info.yaml | il y a 3 ans | |
| application-services-kaisers-info.yaml | il y a 3 ans | |
| k8-kaisers-info-sealedsecret.crt | il y a 3 ans | |
| secret-authentik-kaisers-info-secrets.yaml | il y a 3 ans |
README.md
k8s-kaisers-info
All services deployed for kaisers.info as GitOps-capable k8s deployment
Cluster
k3s
curl -sfL https://get.k3s.io | sh -s - server --disable local-storage
CRDs
// version must fit cert-manager in gitops-kaisers-info
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml
ArgoCD
helm install -n argocd argo-cd argo/argo-cd --create-namespace
// Currently not unused: kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj-labs/applicationset/v0.3.0/manifests/install.yaml
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
Cluster
kubectl apply -f application-cluster-kaisers-info.yaml
MISSING: argo cli call to sync applications
kubectl apply -f gitops-kaisers-info/templates/argocd-kaisers-info-secrets-sealed.yaml
GitOps
kubectl apply -f application-gitops-kaisers-info.yaml
Sealed-Secrets
Own Certificates
https://github.com/bitnami-labs/sealed-secrets/blob/main/docs/bring-your-own-certificates.md
export PRIVATEKEY="k8-kaisers-info-sealedsecret.key"
export PUBLICKEY="k8-kaisers-info-sealedsecret.crt"
export NAMESPACE="sealed-secrets"
export SECRETNAME="k8-kaisers-info-sealedsecret"
openssl req -x509 -nodes -newkey rsa:4096 -keyout "$PRIVATEKEY" -out "$PUBLICKEY" -subj "/CN=sealed-secret/O=sealed-secret"
kubectl -n "$NAMESPACE" create secret tls "$SECRETNAME" --cert="$PUBLICKEY" --key="$PRIVATEKEY"
kubectl -n "$NAMESPACE" label secret "$SECRETNAME" sealedsecrets.bitnami.com/sealed-secrets-key=active
kubectl -n "$NAMESPACE" delete pod -l name=app.kubernetes.io/name=sealed-secrets
Sealing a secret
echo -n "PASSWORD" \
| kubectl create secret generic xxx --dry-run=client --from-file=KEY=/dev/stdin -o yaml \
| kubeseal --cert "./${PUBLICKEY}" --controller-namespace=sealed-secrets --controller-name=sealed-secrets --format yaml --merge-into ./secrets/authentik-kaisers-info-automated-install-sealed.yaml
kubectl apply -f sealed-secret.yaml
Services
Services
kubectl apply -f application-services-kaisers-info.yaml
Nextcloud
kubectl apply -f application-cloud-kaisers-info.yaml
Wordpress
kubectl apply -f application-blog-kaisers-info.yaml
https://artifacthub.io/packages/helm/gitea/gitea helm repo add gitea https://dl.gitea.io/charts helm install -n gitea --create-namespace gitea gitea/gitea -f gitea/values.ymal
https://artifacthub.io/packages/helm/argo/argo-cd helm repo add argo https://argoproj.github.io/argo-helm helm install -n argocd --create-namespace argo-cd argo/argo-cd -f argo-cd/values.yaml
https://artifacthub.io/packages/helm/crossplane/crossplane helm repo add crossplane-stable https://charts.crossplane.io/stable helm install -n crossplane --create-namespace crossplane crossplane/crossplane -f crossplane/values.yaml
https://artifacthub.io/packages/helm/goauthentik/authentik helm repo add goauthentik https://charts.goauthentik.io/ helm install -n authentik --create-namespace authentik goauthentik/authentik -f authentik/values.yaml