Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 01b3d3bc65d3a381eda181cdbb3ebed9cfdb7399 / . / scripts / homelab / installer / ingress-nginx.sh
blob: 98ba8f60bd0bd73fa290848788b3d705941275ef [file] [log] [blame]
giolekvae4f767b2021-10-06 16:44:20 +0400[diff] [blame]1#!/bin/sh
2
giolekva86980ef2021-10-08 19:35:08 +0400[diff] [blame]3# helm upgrade --create-namespace \
4# --namespace ingress-nginx \
5# nginx ingress-nginx/ingress-nginx \
6# --version 4.0.3 \
giolekva5cd32162021-11-05 20:10:19 +0400[diff] [blame]7# --set fullnameOverride=nginx \
giolekva86980ef2021-10-08 19:35:08 +0400[diff] [blame]8# --set controller.service.type=LoadBalancer \
9# --set controller.ingressClassByName=true \
10# --set controller.ingressClassResource.name=nginx \
11# --set controller.ingressClassResource.enabled=true \
12# --set controller.ingressClassResource.default=true \
13# --set controller.ingressClassResource.controllerValue="k8s.io/ingress-nginx" \
14# --set controller.extraArgs.default-ssl-certificate=ingress-nginx/cert-wildcard.lekva.me \
15# --set controller.config.proxy-body-size="100M" \
16# --set tcp.25="app-maddy/maddy:25" \
17# --set tcp.143="app-maddy/maddy:143" \
18# --set tcp.993="app-maddy/maddy:993" \
19# --set tcp.587="app-maddy/maddy:587" \
20# --set tcp.465="app-maddy/maddy:465"
giolekvae4f767b2021-10-06 16:44:20 +0400[diff] [blame]21
22# kubectl create configmap \
23# -n ingress-nginx-private \
giolekvae4f767b2021-10-06 16:44:20 +0400[diff] [blame]24# lighthouse-config \
giolekvab0f9c4f2021-10-20 12:53:50 +0400[diff] [blame]25# --from-file ../../core/nebula/lighthouse.yaml
giolekvac4e512f2021-10-24 10:38:35 +0400[diff] [blame]26# kubectl create configmap \
27# -n ingress-nginx-private \
28# nodes-lighthouse-config \
29# --from-file installer/nodes-lighthouse.yaml
giolekvae4f767b2021-10-06 16:44:20 +0400[diff] [blame]30
giolekva4a021b12021-11-03 18:12:45 +0400[diff] [blame]31# kubectl apply -f installer/nodes-infrastructure.yaml
giolekva86980ef2021-10-08 19:35:08 +0400[diff] [blame]32
33
34# kubectl apply -f installer/lighthouse-node.yaml
35
giolekva4a021b12021-11-03 18:12:45 +0400[diff] [blame]36helm upgrade --create-namespace \
37 --namespace ingress-nginx-private \
38 nginx ingress-nginx/ingress-nginx \
39 --version 4.0.3 \
40 --set fullnameOverride=nginx-private \
41 --set controller.service.type=ClusterIP \
42 --set controller.ingressClassByName=true \
43 --set controller.ingressClassResource.name=nginx-private \
44 --set controller.ingressClassResource.enabled=true \
45 --set controller.ingressClassResource.default=false \
46 --set controller.ingressClassResource.controllerValue="k8s.io/ingress-nginx-private" \
47 --set controller.extraVolumes[0].name="lighthouse-cert" \
48 --set controller.extraVolumes[0].secret.secretName="node-lighthouse-cert" \
49 --set controller.extraVolumes[1].name=config \
50 --set controller.extraVolumes[1].configMap.name=lighthouse-config \
51 --set controller.extraContainers[0].name=lighthouse \
52 --set controller.extraContainers[0].image=giolekva/nebula:latest \
53 --set controller.extraContainers[0].imagePullPolicy=IfNotPresent \
54 --set controller.extraContainers[0].securityContext.capabilities.add[0]=NET_ADMIN \
55 --set controller.extraContainers[0].securityContext.privileged=true \
56 --set controller.extraContainers[0].ports[0].name=nebula \
57 --set controller.extraContainers[0].ports[0].containerPort=4242 \
58 --set controller.extraContainers[0].ports[0].protocol=UDP \
59 --set controller.extraContainers[0].command[0]="nebula" \
60 --set controller.extraContainers[0].command[1]="--config=/etc/nebula/config/lighthouse.yaml" \
61 --set controller.extraContainers[0].volumeMounts[0].name=lighthouse-cert \
62 --set controller.extraContainers[0].volumeMounts[0].mountPath=/etc/nebula/lighthouse \
63 --set controller.extraContainers[0].volumeMounts[1].name=config \
64 --set controller.extraContainers[0].volumeMounts[1].mountPath=/etc/nebula/config \
65 --set controller.config.bind-address="111.0.0.1" \
66 --set controller.config.proxy-body-size="0" \
67 --set udp.53="app-pihole/pihole-dns-udp:53" \
68 --set tcp.53="app-pihole/pihole-dns-tcp:53"
giolekva86980ef2021-10-08 19:35:08 +0400[diff] [blame]69
70 # # --set controller.extraVolumes[1].name=ca-cert \
71 # # --set controller.extraVolumes[1].configMap.name=ca-cert \
72
73 # # --set controller.extraContainers[0].volumeMounts[1].name=ca-cert \
74 # # --set controller.extraContainers[0].volumeMounts[1].mountPath=/etc/nebula/ca \
giolekvab0f9c4f2021-10-20 12:53:50 +0400[diff] [blame]75
76# kubectl apply -f installer/ingress-nginx-private-lightouse-service.yaml