cd
/
k8s-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
k8s-config/notes.md

122 lines
3.2 KiB
Markdown
Raw Blame History

# Notes
Install:
1. Set up wireguard.
2. Download k3s install script from website.
3. For master:
`./k3s.sh`
4. For node:
`curl -sfL https://get.k3s.io | K3S_URL=https://myserver:6443 K3S_TOKEN=mynodetoken sh -`
"The value to use for K3S_TOKEN is stored at /var/lib/rancher/k3s/server/node-token"
5. Install kubectl on laptop.
6. Copy `/etc/rancher/k3s/k3s.yaml` to laptop and change localhost IP to wireguard IP.
7. `kubectl cluster-info`
8. Install tkn CLI.
`https://tekton.dev/docs/cli/`
I installed manually.
4. Apply dns updates and rollout restart of codedns:
`kubectl rollout restart -n kube-system deployment/coredns`
Install Tekton:
```
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
kubectl apply --filename https://storage.googleapis.com/tekton-releases/triggers/latest/interceptors.yaml
```
Set up local registry on master.
(I didn't document this process.)
Tell k3s about it:
```sudo vim /etc/rancher/k3s/registries.yaml```
```
configs:
"192.168.1.128:8443":
auth:
username: k3s
password: password
tls:
ca_file: /home/jimmy/registry/certs/domain.crt
```
Restart k3s.
Apply rest of the CRDs.
# SSH Secrets
1. `ssh-keygen -t ecdsa -f ./deploy_key`
2. `ssh-keyscan packages.jpace121.net > ./deploy_known_hosts`
3. `cat deploy-credentials.yaml`
```
apiVersion: v1
kind: Secret
metadata:
name: deploy-credentials
type: Opaque
data:
id_ecdsa: <base64 -w 0 .. >
known_hosts: <base64 -w 0 ..>
```
# Set up Tekton Dashboard:
```
curl -sL https://raw.githubusercontent.com/tektoncd/dashboard/main/scripts/release-installer | \
bash -s -- install latest --read-only
```
Port forward locally:
```
kubectl port-forward -n tekton-pipelines service/tekton-dashboard 9097:9097
```
# NFS
Server: CentOS 9
Set up:
```
sudo dnf install nfs-utils vim
sudo mkdir /srv/nfs
sudo chown jimmy:jimmy /srv/nfs
sudo chmod 777 /srv/nfs/
```
Put into `/etc/exports`:
```
/srv/nfs 192.168.1.0/24(rw,root_squash)
```
Start everything:
```
systemctl enable --now rpcbind
systemctl enable --now nfs-server
firewall-cmd --permanent --add-service nfs
firewall-cmd --reload
systemctl restart nfs-server
```
Test on Debian:
```
sudo apt install nfs-common
sudo mkdir -p /mnt/nfs
sudo mount 192.168.1.149:/srv/nfs /mnt/nfs
```
On the k3s nodes:
```
sudo apt install nfs-common
```
Install to the cluster:
```
helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
--set nfs.server=192.168.1.149 \
--set nfs.path=/srv/nfs
```
# Future Ideas
If we later want to do this on an overlay network:
3. For master:
`INSTALL_K3S_EXEC="server --node-ip '10.100.100.5' --advertise-address '10.100.100.5' --flannel-iface 'wg0'" ./k3s.sh`
4. For node:
`INSTALL_K3S_EXEC="agent --server 'https://10.100.100.5:6443' --token 'K3S_TOKEN' --node-ip '10.100.100.?' --advertise-address '10.100.100.?' --flannel-iface 'wg0'" ./k3s.sh`
Reference in New Issue View Git Blame Copy Permalink