| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | # GitOps repository
 | 
					
						
							| 
									
										
										
										
											2020-12-15 19:54:02 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | ### 1) Harvester Hyperconverged Infrastructure
 | 
					
						
							|  |  |  | [...]   | 
					
						
							| 
									
										
										
										
											2020-09-01 17:44:43 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | Configure Harvester HCI nodes through cloud-init (requires node reboot): | 
					
						
							| 
									
										
										
										
											2021-01-13 12:38:38 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f system/Harvester/cloudinit-disable-nic-offloading.yaml | 
					
						
							| 
									
										
										
										
											2022-04-06 11:41:29 +02:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2020-09-01 17:44:43 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-04-06 11:41:29 +02:00
										 |  |  | ### 2) Persistent storage
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | #### 2.1) CSI plugin for SMB (CIFS):
 | 
					
						
							| 
									
										
										
										
											2021-01-13 12:38:38 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f storage/csi-driver-smb/application-csi-driver-smb.yaml | 
					
						
							| 
									
										
										
										
											2020-11-10 17:37:52 +01:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2020-09-23 15:35:17 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | #### 2.2) Harvester CSI plugin
 | 
					
						
							|  |  |  | See [Harvester CSI Driver](https://docs.harvesterhci.io/v1.5/rancher/csi-driver) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | ### 3) GitOps
 | 
					
						
							|  |  |  | ##### 3.1) Install Helm Chart
 | 
					
						
							|  |  |  | See [ArgoCD](https://argo-cd.readthedocs.io/en/stable/getting_started/#getting-started): | 
					
						
							| 
									
										
										
										
											2021-01-13 12:38:38 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | helm repo add argo https://argoproj.github.io/argo-helm | 
					
						
							|  |  |  | helm repo update | 
					
						
							|  |  |  | helm install argo-cd -n argo-cd --create-namespace argo/argo-cd --values system/ArgoCD/chart-values.yml | 
					
						
							| 
									
										
										
										
											2020-09-01 17:44:43 +02:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | Retrieve initial password: | 
					
						
							| 
									
										
										
										
											2021-01-13 12:38:38 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl get secret -n argocd argocd-initial-admin-secret -oyaml | yq e '.data.password | @base64d' | 
					
						
							| 
									
										
										
										
											2020-11-14 23:57:19 +01:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | Login with username `admin` and the initial password, browse to `User Info` and `Update Password`. | 
					
						
							| 
									
										
										
										
											2023-12-28 10:03:36 +11:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | ##### 3.1) Adopt through GitOps
 | 
					
						
							| 
									
										
										
										
											2021-01-13 12:38:38 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f system/ArgoCD/application-argo-cd.yaml | 
					
						
							| 
									
										
										
										
											2020-09-01 17:44:43 +02:00
										 |  |  | ``` | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | ### 4) Secret management
 | 
					
						
							|  |  |  | *Prereq*: latest `kubeseal` [release](https://github.com/bitnami-labs/sealed-secrets/releases) | 
					
						
							| 
									
										
										
										
											2022-04-05 18:02:18 +02:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f system/SealedSecrets/application-sealed-secrets-controller.yaml | 
					
						
							| 
									
										
										
										
											2022-04-05 18:02:18 +02:00
										 |  |  | ``` | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | Retrieve public/private keys (*store these on a **secure** location!*): | 
					
						
							| 
									
										
										
										
											2022-04-05 18:02:18 +02:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl get secret -n kube-system -l sealedsecrets.bitnami.com/sealed-secrets-key -o yaml > BitnamiSealedSecrets.masterkey.yml | 
					
						
							| 
									
										
										
										
											2022-04-05 18:02:18 +02:00
										 |  |  | ``` | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-04-06 11:41:29 +02:00
										 |  |  | ### 5) Services
 | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | ##### 5.1) [Gitea](https://gitea.io/)    <small>(git repository)</small>
 | 
					
						
							|  |  |  | *Required for all other workloads*   | 
					
						
							| 
									
										
										
										
											2021-01-13 12:38:38 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f services/Gitea/application-gitea.yaml | 
					
						
							| 
									
										
										
										
											2020-09-01 17:44:43 +02:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | 
 | 
					
						
							|  |  |  | ##### 5.2) [Argus]()    <small>(release management)</small>
 | 
					
						
							| 
									
										
										
										
											2021-01-13 12:38:38 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f services/Argus/application-argus.yaml | 
					
						
							| 
									
										
										
										
											2020-09-01 17:44:43 +02:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | ##### 5.3) [Authelia]()    <small>(single sign-on))</small>
 | 
					
						
							| 
									
										
										
										
											2022-01-09 21:12:30 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f services/Authelia/application-authelia.yaml | 
					
						
							| 
									
										
										
										
											2022-01-09 21:12:30 +01:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | ##### 5.4) [Vaultwarden](https://github.com/dani-garcia/vaultwarden)    <small>(password manager)</small>
 | 
					
						
							| 
									
										
										
										
											2021-01-13 12:38:38 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f services/Vaultwarden/application-vaultwarden.yaml | 
					
						
							| 
									
										
										
										
											2020-09-01 17:44:43 +02:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | ##### 5.5) [DDclient](https://github.com/linuxserver/docker-ddclient)	<small>(dynamic dns)</small>
 | 
					
						
							| 
									
										
										
										
											2021-01-13 12:38:38 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f services/DDclient/application-ddclient.yaml | 
					
						
							| 
									
										
										
										
											2020-09-01 17:44:43 +02:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2022-04-06 11:41:29 +02:00
										 |  |  | ##### 5.6) [Gotify](https://gotify.net/)    <small>(notifications)</small>
 | 
					
						
							| 
									
										
										
										
											2021-01-13 12:38:38 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f services/Gotify/application-gotify.yaml | 
					
						
							| 
									
										
										
										
											2020-09-01 17:44:43 +02:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | ##### 5.7) [Webtop](#)    <small>(remote desktop)</small>
 | 
					
						
							| 
									
										
										
										
											2021-01-13 12:38:38 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f services/Webtop/application-webtop.yaml | 
					
						
							| 
									
										
										
										
											2020-09-01 17:44:43 +02:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2022-04-06 11:41:29 +02:00
										 |  |  | ##### 5.8) [Lighttpd](https://www.lighttpd.net/)    <small>(webserver)</small>
 | 
					
						
							| 
									
										
										
										
											2021-01-13 12:38:38 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f services/Lighttpd/application-lighttpd.yaml | 
					
						
							| 
									
										
										
										
											2020-09-01 17:44:43 +02:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | ##### 5.9) PVR toolsuite    <small>(automated media management)</small>
 | 
					
						
							|  |  |  | *API-keys whitelisted in ingressroutes*:   | 
					
						
							|  |  |  | ```yaml | 
					
						
							|  |  |  | spec: | 
					
						
							|  |  |  |   routes: | 
					
						
							|  |  |  |   - match: Host(`<fqdn>`) && (Headers(`X-Api-Key`, `<secret>`) || Query(`apikey`, `<secret>`)) | 
					
						
							|  |  |  |     [...] | 
					
						
							| 
									
										
										
										
											2020-10-16 09:10:23 +02:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | ###### 5.9.1) [Jellyfin](#)    <small>(media library)</small>
 | 
					
						
							| 
									
										
										
										
											2021-01-13 12:38:38 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f services/PVR/Jellyfin/application-jellyfin.yaml | 
					
						
							| 
									
										
										
										
											2020-11-14 23:57:19 +01:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | ###### 5.9.2) [Jellyseerr](https://sonarr.tv/)    <small>(media requests management)</small>
 | 
					
						
							| 
									
										
										
										
											2021-01-13 12:38:38 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f services/PVR/Jellyseerr/application-jellyseerr.yaml | 
					
						
							| 
									
										
										
										
											2020-11-21 15:59:09 +01:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | ###### 5.9.3) [Prowlarr](https://github.com/Prowlarr/Prowlarr)    <small>(indexer management)</small>
 | 
					
						
							| 
									
										
										
										
											2022-01-09 21:12:30 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f services/PVR/Prowlarr/application-prowlarr.yaml | 
					
						
							| 
									
										
										
										
											2022-01-09 21:12:30 +01:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | ###### 5.9.4) [Radarr](https://radarr.video/)    <small>(movie management)</small>
 | 
					
						
							| 
									
										
										
										
											2021-01-13 12:38:38 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f services/PVR/Radarr/application-radarr.yaml | 
					
						
							| 
									
										
										
										
											2020-10-16 09:10:23 +02:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | ###### 5.9.5) [SABnzbd](https://sabnzbd.org/)    <small>(download client)</small>
 | 
					
						
							| 
									
										
										
										
											2021-01-13 12:38:38 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f services/PVR/SABnzbd/application-sabnzbd.yaml | 
					
						
							| 
									
										
										
										
											2020-10-16 09:10:23 +02:00
										 |  |  | ``` | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | ###### 5.9.6) [Sonarr](https://sonarr.tv/)    <small>(tv management)</small>
 | 
					
						
							| 
									
										
										
										
											2021-01-13 12:38:38 +01:00
										 |  |  | ```shell | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | kubectl apply -f services/PVR/Sonarr/application-sonarr.yaml | 
					
						
							| 
									
										
										
										
											2020-10-16 09:10:23 +02:00
										 |  |  | ``` | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-04-06 11:41:29 +02:00
										 |  |  | ### 6) Miscellaneous
 | 
					
						
							| 
									
										
										
										
											2021-06-14 16:42:22 +02:00
										 |  |  | *Various notes/useful links* | 
					
						
							| 
									
										
										
										
											2020-09-01 17:44:43 +02:00
										 |  |  | 
 | 
					
						
							|  |  |  | * Replacement for [not-yet-deprecated](https://github.com/kubernetes/kubectl/issues/151) `kubectl get all -A`: | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-14 16:42:22 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-09-01 17:44:43 +02:00
										 |  |  |       kubectl get $(kubectl api-resources --verbs=list -o name | paste -sd, -) --ignore-not-found --all-namespaces | 
					
						
							| 
									
										
										
										
											2020-11-14 23:57:19 +01:00
										 |  |  | * `DaemonSet` to configure nodes' **sysctl** `fs.inotify.max-user-watches`: | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-14 16:42:22 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-11-14 23:57:19 +01:00
										 |  |  |       kubectl apply -f system/InotifyMaxWatchers/daemonSet-InotifyMaxWatchers.yml | 
					
						
							| 
									
										
										
										
											2021-01-05 14:37:30 +01:00
										 |  |  | * Debug DNS lookups within the cluster: | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-06-14 16:42:22 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-01-05 14:37:30 +01:00
										 |  |  |       kubectl run -it --rm dnsutils --restart=Never --image=gcr.io/kubernetes-e2e-test-images/dnsutils -- nslookup [-debug] [fqdn] | 
					
						
							|  |  |  |   or | 
					
						
							| 
									
										
										
										
											2021-06-14 16:42:22 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-01-05 14:37:30 +01:00
										 |  |  |       kubectl run -it --rm busybox --restart=Never --image=busybox:1.28 -- nslookup api.github.com [-debug] [fqdn] | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  | * Memory-leak liveness probe: | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-06-08 09:25:31 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2025-08-15 14:36:03 +10:00
										 |  |  |       livenessProbe: | 
					
						
							|  |  |  |         exec: | 
					
						
							|  |  |  |           command: | 
					
						
							|  |  |  |             - sh | 
					
						
							|  |  |  |             - -c | 
					
						
							|  |  |  |             - test $(cat /proc/1/smaps | grep -i pss |  awk '{Total+=$2} END {print int(Total/1024)}') -le <limit> |