Public GitOps repository for showing how I run my services on k3s
https://tobru.ch/
_apps | ||
cert-manager | ||
drone | ||
k8up | ||
monitoring | ||
mosquitto | ||
owntracks | ||
pylokid | ||
sealed-secrets | ||
stakater-reloader | ||
tobru-ch | ||
README.md |
GitOps for tbrnt k3s hosting
Repo structure
- Each subdirectory is a namespace
_apps
is the meta directory for Argo CD apps- Another private repo contains stuff in a more
approachable format, f.e. for dealing with
updating sealed-secrets:
gitops-tbrnt-private
Usage
Argo CD
Access
Either
sudo -E kubefwd svc -n argocd
and then https://argocd-server/
or
kubectl port-forward svc/argocd-server -n argocd 8080:443
and
then https://localhost:8080/
CLI
argocd login argocd-server
argocd app list
argocd app sync <name>
Kubeseal (Sealed Secrets)
See README of apps. Basically:
kubeseal --controller-namespace sealed-secrets -o yaml -n MYNS < ../../gitops-tbrnt-private/MYNS/MYSECRET.yaml > MYSECRET-secret.yaml
Bootstrap GitOps
After installing k3s, do:
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
TODO:
- private key restore
- initial app provisioning
- ...
k3s on Alpine
- Install k3s:
apk add k3s cni-plugins iptables wireguard-virt wireguard-tools-wg
- Enable cgroups:
rc-update add cgroups default
- Adapt service file
/etc/init.d/k3s
:
#!/sbin/openrc-run
export PATH=/usr/share/cni-plugins/bin:$PATH
name="k3s"
command="/usr/bin/k3s"
command_args="$K3S_OPTS"
command_background="yes"
output_log="/var/log/k3s.log"
error_log="/var/log/k3s.err"
start_stop_daemon_args="server"
pidfile="/run/k3s.pid"
depend() {
need net
after firewall
}
Helpful links:
- https://rancher.com/docs/k3s/latest/en/advanced/#additional-preparation-for-alpine-linux-setup
- https://github.com/rancher/k3s/issues/660
Configure Wireguard
/etc/network/interfaces
auto wg0
iface wg0 inet static
address 10.42.42.16
netmask 255.255.255.0
pre-up ip link add dev wg0 type wireguard
pre-up wg setconf wg0 /etc/wireguard/wg0.conf
post-up ip route add 10.42.42.0/24 dev wg0
post-down ip link delete dev wg0