djpbessems/Kubernetes.K3s.installLog
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Files
422b72fe11cee2499f5541520de6a8515196e7f3
Kubernetes.K3s.installLog/README.md
Danny Bessems 422b72fe11 Housekeeping
2025-08-15 14:36:03 +10:00

146 lines
4.9 KiB
Markdown
Raw Blame History

# GitOps repository
### 1) Harvester Hyperconverged Infrastructure
[...]
Configure Harvester HCI nodes through cloud-init (requires node reboot):
```shell
kubectl apply -f system/Harvester/cloudinit-disable-nic-offloading.yaml
```
### 2) Persistent storage
#### 2.1) CSI plugin for SMB (CIFS):
```shell
kubectl apply -f storage/csi-driver-smb/application-csi-driver-smb.yaml
```
#### 2.2) Harvester CSI plugin
See [Harvester CSI Driver](https://docs.harvesterhci.io/v1.5/rancher/csi-driver)
### 3) GitOps
##### 3.1) Install Helm Chart
See [ArgoCD](https://argo-cd.readthedocs.io/en/stable/getting_started/#getting-started):
```shell
helm repo add argo https://argoproj.github.io/argo-helm
helm repo update
helm install argo-cd -n argo-cd --create-namespace argo/argo-cd --values system/ArgoCD/chart-values.yml
```
Retrieve initial password:
```shell
kubectl get secret -n argocd argocd-initial-admin-secret -oyaml | yq e '.data.password | @base64d'
```
Login with username `admin` and the initial password, browse to `User Info` and `Update Password`.
##### 3.1) Adopt through GitOps
```shell
kubectl apply -f system/ArgoCD/application-argo-cd.yaml
```
### 4) Secret management
*Prereq*: latest `kubeseal` [release](https://github.com/bitnami-labs/sealed-secrets/releases)
```shell
kubectl apply -f system/SealedSecrets/application-sealed-secrets-controller.yaml
```
Retrieve public/private keys (*store these on a **secure** location!*):
```shell
kubectl get secret -n kube-system -l sealedsecrets.bitnami.com/sealed-secrets-key -o yaml > BitnamiSealedSecrets.masterkey.yml
```
### 5) Services
##### 5.1) [Gitea](https://gitea.io/) <small>(git repository)</small>
*Required for all other workloads*
```shell
kubectl apply -f services/Gitea/application-gitea.yaml
```
##### 5.2) [Argus]() <small>(release management)</small>
```shell
kubectl apply -f services/Argus/application-argus.yaml
```
##### 5.3) [Authelia]() <small>(single sign-on))</small>
```shell
kubectl apply -f services/Authelia/application-authelia.yaml
```
##### 5.4) [Vaultwarden](https://github.com/dani-garcia/vaultwarden) <small>(password manager)</small>
```shell
kubectl apply -f services/Vaultwarden/application-vaultwarden.yaml
```
##### 5.5) [DDclient](https://github.com/linuxserver/docker-ddclient) <small>(dynamic dns)</small>
```shell
kubectl apply -f services/DDclient/application-ddclient.yaml
```
##### 5.6) [Gotify](https://gotify.net/) <small>(notifications)</small>
```shell
kubectl apply -f services/Gotify/application-gotify.yaml
```
##### 5.7) [Webtop](#) <small>(remote desktop)</small>
```shell
kubectl apply -f services/Webtop/application-webtop.yaml
```
##### 5.8) [Lighttpd](https://www.lighttpd.net/) <small>(webserver)</small>
```shell
kubectl apply -f services/Lighttpd/application-lighttpd.yaml
```
##### 5.9) PVR toolsuite <small>(automated media management)</small>
*API-keys whitelisted in ingressroutes*:
```yaml
spec:
routes:
- match: Host(`<fqdn>`) && (Headers(`X-Api-Key`, `<secret>`) || Query(`apikey`, `<secret>`))
[...]
```
###### 5.9.1) [Jellyfin](#) <small>(media library)</small>
```shell
kubectl apply -f services/PVR/Jellyfin/application-jellyfin.yaml
```
###### 5.9.2) [Jellyseerr](https://sonarr.tv/) <small>(media requests management)</small>
```shell
kubectl apply -f services/PVR/Jellyseerr/application-jellyseerr.yaml
```
###### 5.9.3) [Prowlarr](https://github.com/Prowlarr/Prowlarr) <small>(indexer management)</small>
```shell
kubectl apply -f services/PVR/Prowlarr/application-prowlarr.yaml
```
###### 5.9.4) [Radarr](https://radarr.video/) <small>(movie management)</small>
```shell
kubectl apply -f services/PVR/Radarr/application-radarr.yaml
```
###### 5.9.5) [SABnzbd](https://sabnzbd.org/) <small>(download client)</small>
```shell
kubectl apply -f services/PVR/SABnzbd/application-sabnzbd.yaml
```
###### 5.9.6) [Sonarr](https://sonarr.tv/) <small>(tv management)</small>
```shell
kubectl apply -f services/PVR/Sonarr/application-sonarr.yaml
```
### 6) Miscellaneous
*Various notes/useful links*
* Replacement for [not-yet-deprecated](https://github.com/kubernetes/kubectl/issues/151) `kubectl get all -A`:
kubectl get $(kubectl api-resources --verbs=list -o name | paste -sd, -) --ignore-not-found --all-namespaces
* `DaemonSet` to configure nodes' **sysctl** `fs.inotify.max-user-watches`:
kubectl apply -f system/InotifyMaxWatchers/daemonSet-InotifyMaxWatchers.yml
* Debug DNS lookups within the cluster:
kubectl run -it --rm dnsutils --restart=Never --image=gcr.io/kubernetes-e2e-test-images/dnsutils -- nslookup [-debug] [fqdn]
or
kubectl run -it --rm busybox --restart=Never --image=busybox:1.28 -- nslookup api.github.com [-debug] [fqdn]
* Memory-leak liveness probe:
livenessProbe:
exec:
command:
- sh
- -c
- test $(cat /proc/1/smaps | grep -i pss | awk '{Total+=$2} END {print int(Total/1024)}') -le <limit>
Reference in New Issue View Git Blame Copy Permalink