# Notes

Install:

1. Set up wireguard.
2. Download k3s install script from website.
3. For master:
   `./k3s.sh`
4. For node:
   `curl -sfL https://get.k3s.io | K3S_URL=https://myserver:6443 K3S_TOKEN=mynodetoken sh -`
   "The value to use for K3S_TOKEN is stored at /var/lib/rancher/k3s/server/node-token"
5. Install kubectl on laptop.
6. Copy `/etc/rancher/k3s/k3s.yaml` to laptop and change localhost IP to wireguard IP.
7. `kubectl cluster-info`
8. Install tkn CLI.
   `https://tekton.dev/docs/cli/`
   I installed manually.
4. Apply dns updates and rollout restart of codedns:
   `kubectl rollout restart -n kube-system deployment/coredns`

Install Tekton:
```
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml
```
Set up local registry on master.
(I didn't document this process.)

Tell k3s about it:
```sudo vim /etc/rancher/k3s/registries.yaml```
```
configs:
  "192.168.1.128:8443":
    auth:
      username: k3s
      password: password
    tls:
      ca_file: /home/jimmy/registry/certs/domain.crt

```
Restart k3s.

Apply rest of the CRDs.

# SSH Secrets

1. `ssh-keygen -t ecdsa -f ./deploy_key`
2. `ssh-keyscan packages.jpace121.net > ./deploy_known_hosts`
3. `cat deploy-credentials.yaml`
   ```
    apiVersion: v1
    kind: Secret
    metadata:
        name: deploy-credentials
    type: Opaque
    data:
        id_ecdsa: <base64 -w 0 .. >
        known_hosts: <base64 -w 0 ..>
  ```

# Set up Tekton Dashboard:
```
curl -sL https://raw.githubusercontent.com/tektoncd/dashboard/main/scripts/release-installer | \
   bash -s -- install latest --read-only
```
Port forward locally:
```
kubectl port-forward -n tekton-pipelines service/tekton-dashboard 9097:9097
```

# NFS

Server: CentOS 9
Set up:
```
sudo dnf install nfs-utils vim
sudo mkdir /srv/nfs
sudo chown jimmy:jimmy /srv/nfs
sudo chmod 777 /srv/nfs/
```
Put into `/etc/exports`:
```
/srv/nfs    192.168.1.0/24(rw,root_squash)
```
Start everything:
```
systemctl enable --now rpcbind
systemctl enable --now nfs-server
firewall-cmd --permanent --add-service nfs
firewall-cmd --reload
systemctl restart nfs-server
```

Test on Debian:
```
sudo apt install nfs-common
sudo mkdir -p /mnt/nfs
sudo mount 192.168.1.149:/srv/nfs /mnt/nfs
```

On the k3s nodes:
```
sudo apt install nfs-common
```

Install to the cluster:
```
helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
  --set nfs.server=192.168.1.149 \
  --set nfs.path=/srv/nfs
```

# Future Ideas

If we later want to do this on an overlay network:
3. For master:
   `INSTALL_K3S_EXEC="server --node-ip '10.100.100.5' --advertise-address '10.100.100.5' --flannel-iface 'wg0'" ./k3s.sh`
4. For node:
   `INSTALL_K3S_EXEC="agent --server 'https://10.100.100.5:6443' --token 'K3S_TOKEN' --node-ip '10.100.100.?' --advertise-address '10.100.100.?' --flannel-iface 'wg0'" ./k3s.sh`