|
2 days ago | |
---|---|---|
_apps | 2 months ago | |
_test | 10 months ago | |
argocd | 2 weeks ago | |
botkube | 1 month ago | |
cert-manager | 7 months ago | |
docspell | 2 weeks ago | |
drone | 2 months ago | |
goldilocks | 8 months ago | |
graphs | 1 week ago | |
influxdb | 1 month ago | |
ioteer | 9 months ago | |
ipapi | 9 months ago | |
jitsi | 5 months ago | |
k8up | 9 months ago | |
kube-cleanup-operator | 7 months ago | |
kube-system | 2 months ago | |
monitoring | 3 months ago | |
mosquitto | 2 months ago | |
owntracks | 2 weeks ago | |
pylokid | 1 year ago | |
renovate | 10 months ago | |
sealed-secrets | 7 months ago | |
stakater-reloader | 2 weeks ago | |
statping | 3 months ago | |
system-upgrade-controller | 8 months ago | |
tbrntmon | 2 weeks ago | |
tobru-ch | 2 days ago | |
.drone.yml | 10 months ago | |
README.md | 10 months ago | |
renovate.json | 11 months ago |
_apps
is the meta directory for Argo CD appsgitops-tbrnt-private
_tests
contains some Open Policy Agent rego
files which are used in the Drone CI pipeline
to validate configuration.Either
sudo -E kubefwd svc -n argocd
and then https://argocd-server/
or
kubectl port-forward svc/argocd-server -n argocd 8080:443
and
then https://localhost:8080/
argocd login argocd-server
argocd app list
argocd app sync <name>
See README of apps. Basically:
kubeseal --controller-namespace sealed-secrets -o yaml -n MYNS < ../../gitops-tbrnt-private/MYNS/MYSECRET.yaml > MYSECRET-secret.yaml
After installing k3s, do:
# install Argo CD
kubectl create ns argocd
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
kubectl get pods -n argocd -l app.kubernetes.io/name=argocd-server -o name | cut -d'/' -f 2
argocd login argocd-server
# Restore Sealed Secrets secret key
kubectl create ns sealed-secrets
kubectl apply -f ../gitops-tbrnt-private/sealed-secrets/master-key.yaml
# Instantiate Argo Root App
kubectl apply -f _apps/apps.yaml
# Let Argo CD do it's job
argocd app sync apps
argocd app sync sealed-secrets
argocd app sync -l app.kubernetes.io/instance=apps
TODO:
Basically follow the Alpine wiki.
Then install prerequisites and some essential packages:
apk add \
vim \
iptables \
wireguard-virt \
bash \
curl
Needs community
repo enabled in /etc/apk/repositories
.
Tweak Sysctl in /etc/sysctl.conf
:
fs.inotify.max_user_instances = 8192
fs.inotify.max_user_watches = 524288
Via k3sup:
k3sup install \
--ip=185.95.218.11 \
--user=root \
--local-path=~/.kube/config_knurrli2 \
--sudo=false \
--k3s-extra-args='--tls-san knurrli.tobrunet.ch --cluster-cidr 10.44.0.0/16 --flannel-backend wireguard'
Paths
/var/lib/rancher/k3s/storage/
/etc/rancher/k3s/
/var/lib/rancher/k3s/server/manifests/
Links
/etc/network/interfaces
auto wg0
iface wg0 inet static
address 10.42.42.16
netmask 255.255.255.0
pre-up ip link add dev wg0 type wireguard
pre-up wg setconf wg0 /etc/wireguard/wg0.conf
post-up ip route add 10.42.42.0/24 dev wg0
post-down ip link delete dev wg0