simonkaiser
/
k8s-kaisers-info
Seguir 1
Destacar 0
Cuchillo 0
Código Incidencias 0 Peticiones pull 0 Lanzamientos 0 Wiki Actividad
Sin descripción
144 Commits
1 Rama
Árbol: a2f1d95e1c
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde 'a2f1d95e1c'
${ noResults }
k8s-kaisers-info
Simon Kaiser a2f1d95e1c Secret for Argo hace 3 años
blog-kaisers-info Longhorn for wordpress hace 3 años
cloud-kaisers-info Authentik bootstrapping hace 3 años
docs Fixes dublicate cert-manager ressources hace 3 años
gitops-kaisers-info Secret for Argo hace 3 años
longhorn-kaisers-info Longhorn config for gitea hace 3 años
services-kaisers-info Secrets with argo hace 3 años
.DS_Store Sealed secrets hace 3 años
.gitignore Sealed secrets hace 3 años
README.md Authentik bootstrapping hace 3 años
application-blog-kaisers-info.yaml tls hace 3 años
application-cloud-kaisers-info.yaml Projects hace 3 años
application-gitops-kaisers-info.yaml Projects hace 3 años
application-longhorn-kaisers-info.yaml Adds longhorn hace 3 años
application-services-kaisers-info.yaml Services app hace 3 años
secret-authentik-kaisers-info-secrets.yaml Secrets hace 3 años

README.md

k8s-kaisers-info

All services deployed for kaisers.info as GitOps-capable k8s deployment

Cluster

k3s

curl -sfL https://get.k3s.io | sh -s - server --disable-local-storage

Cert-Manager CRDs

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml

ArgoCD

helm install -n argocd argo-cd argo/argo-cd --create-namespace
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj-labs/applicationset/v0.3.0/manifests/install.yaml
// version must fit cert-manager in gitops-kaisers-info
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

Longhorn

kubectl apply -f application-longhorn-kaisers-info.yaml

GitOps

kubectl apply -f application-gitops-kaisers-info.yaml

Sealed-Secrets

Own Certificates

https://github.com/bitnami-labs/sealed-secrets/blob/main/docs/bring-your-own-certificates.md

export PRIVATEKEY="k8-kaisers-info-sealedsecret.key"
export PUBLICKEY="k8-kaisers-info-sealedsecret.crt"
export NAMESPACE="sealed-secrets"
export SECRETNAME="k8-kaisers-info-sealedsecret"

openssl req -x509 -nodes -newkey rsa:4096 -keyout "$PRIVATEKEY" -out "$PUBLICKEY" -subj "/CN=sealed-secret/O=sealed-secret"
kubectl -n "$NAMESPACE" create secret tls "$SECRETNAME" --cert="$PUBLICKEY" --key="$PRIVATEKEY"
kubectl -n "$NAMESPACE" label secret "$SECRETNAME" sealedsecrets.bitnami.com/sealed-secrets-key=active
kubectl -n "$NAMESPACE" delete pod -l name=app.kubernetes.io/name=sealed-secrets

Sealing a secret


echo -n "PASSWORD" \
    | kubectl create secret generic xxx --dry-run=client --from-file=KEY=/dev/stdin -o yaml \
    | kubeseal --controller-namespace=sealed-secrets --controller-name=sealed-secrets --format yaml --merge-into ./secrets/authentik-kaisers-info-automated-install-sealed.yaml

kubectl apply -f sealed-secret.yaml

Services

Services

kubectl apply -f application-services-kaisers-info.yaml

Nextcloud

kubectl apply -f application-cloud-kaisers-info.yaml

Wordpress

kubectl apply -f application-blog-kaisers-info.yaml

https://artifacthub.io/packages/helm/gitea/gitea helm repo add gitea https://dl.gitea.io/charts helm install -n gitea --create-namespace gitea gitea/gitea -f gitea/values.ymal

https://artifacthub.io/packages/helm/argo/argo-cd helm repo add argo https://argoproj.github.io/argo-helm helm install -n argocd --create-namespace argo-cd argo/argo-cd -f argo-cd/values.yaml

https://artifacthub.io/packages/helm/crossplane/crossplane helm repo add crossplane-stable https://charts.crossplane.io/stable helm install -n crossplane --create-namespace crossplane crossplane/crossplane -f crossplane/values.yaml

https://artifacthub.io/packages/helm/goauthentik/authentik helm repo add goauthentik https://charts.goauthentik.io/ helm install -n authentik --create-namespace authentik goauthentik/authentik -f authentik/values.yaml