infra/kubernetes-deploy-home
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
287 commits 1 branch 0 tags 334 KiB
Find a file
Exact
Roshless 73839d6c13 haproxy ingress: update version
2026-01-09 23:42:12 +01:00
helmcharts haproxy ingress: update version 2026-01-09 23:42:12 +01:00
nothelm vaultwarden: update version 2026-01-09 23:41:20 +01:00
README.md more documentation 2025-08-07 11:59:39 +02:00

README.md

Setup

  1. Install alpine linux
  2. Install k3s
  3. Edit /etc/conf.d/k3s and put K3S_OPTS="--disable=servicelb --disable=traefik"
  4. Enable/start k3s service
  5. Install https://argo-cd.readthedocs.io/en/stable/cli_installation/#download-latest-version
  6. Switch service type to LoadBalancer. (TODO set this inside argocd config??)
  7. Create secret for DNS name kubectl create -n argocd secret tls argocd-server-tls --cert=cert.pem --key=key.pem
  8. Add 1 new project- second one should be picked up automaticcly
  9. Enable shared mount for / (https://web.archive.org/web/20240723175124/https://wiki.alpinelinux.org/wiki/Running_glibc_programs#Distrobox_+_Podman)
project: default
source:
  repoURL: 'https://git.roshless.me/infra/kubernetes-deploy-home.git'
  path: nothelm
  targetRevision: HEAD
  directory:
    recurse: true
    jsonnet: {}
    exclude: '*.md'
destination:
  server: 'https://kubernetes.default.svc'
syncPolicy:
  automated:
    prune: true
    selfHeal: true
  syncOptions:
    - CreateNamespace=true
  1. If helmcharts app is not present- add it manually using helmcharts/templates/root-app.yaml

How to enable TLS on ingresses

  1. Create cert using XCA
  2. Add cert (WITH CA ALSO INSIDE!) and key to K8S secret

kubectl create secret tls ingress--tls --cert=cert.crt --key=key.pem -n <APP_NS>

  1. Make changes to ingress

spec: tls:

  • hosts:
    • .lan secretName: ingress--tls

Longhorn on Alpine

Install dependencies AND run this as root:

mount --make-rshared /

Add to fstab /dev/vg0/lv_root / ext4 rw,relatime,rshared 0 1