Blame - scripts/homelab/k3s-install.sh - pcloud

blob: 71233a7af9ed6fb6cdc8982e63e9063f22eb5e50 [file] [log] [blame]

giolekva	415c276	2021-07-23 23:42:58 +0400	[diff] [blame]	1	#!/bin/sh
				2
				3	# # # helm repo add cilium https://helm.cilium.io/
				4	# # # helm repo add rook-release https://charts.rook.io/release
				5
				6	# helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
				7	# helm repo add jetstack https://charts.jetstack.io
				8	# helm repo add longhorn https://charts.longhorn.io
				9	# helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
				10	# helm repo add mojo2600 https://mojo2600.github.io/pihole-kubernetes/
				11	# # helm repo add kube-state-metrics https://kubernetes.github.io/kube-state-metrics
				12	# # helm repo add grafana https://grafana.github.io/helm-charts
				13	# helm repo update
				14
				15	# ssh -t pcloud@192.168.0.111 "k3s-agent-uninstall.sh"
				16	# ssh -t pcloud@192.168.0.112 "k3s-agent-uninstall.sh"
				17	# ssh -t pcloud@192.168.0.113 "k3s-uninstall.sh"
				18	# ssh -t pcloud@192.168.0.111 "sudo shutdown -r"
				19	# ssh -t pcloud@192.168.0.112 "sudo shutdown -r"
				20	# ssh -t pcloud@192.168.0.113 "sudo shutdown -r"
				21	# ping 192.168.0.113
				22
				23	# k3sup install \
				24	# --k3s-channel stable \
				25	# --cluster \
				26	# --user pcloud \
				27	# --ip 192.168.0.111 \
				28	# --k3s-extra-args "--node-taint pcloud=role:NoSchedule --disable traefik --disable local-storage --disable servicelb --kube-proxy-arg proxy-mode=ipvs --kube-proxy-arg ipvs-strict-arp --flannel-backend host-gw"
				29	# # --k3s-extra-args "--disable-kube-proxy --disable traefik --disable local-storage --disable servicelb --flannel-backend=none"
				30
				31	# k3sup join \
				32	# --k3s-channel stable \
				33	# --ip 192.168.0.112 \
				34	# --user pcloud \
				35	# --server-user pcloud \
				36	# --server-ip 192.168.0.111
				37
				38	# k3sup join \
				39	# --k3s-channel stable \
				40	# --ip 192.168.0.113 \
				41	# --user pcloud \
				42	# --server-user pcloud \
				43	# --server-ip 192.168.0.111
				44
				45	# kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.10.2/manifests/namespace.yaml
				46	# kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.10.2/manifests/metallb.yaml
				47	# # On first install only
				48	# kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
				49	# kubectl apply -f metallb-config.yaml
				50
				51
				52
				53	# # # kubectl apply -f bgp-config.yaml
				54	# # helm install cilium cilium/cilium \
				55	# # --version 1.10.2 \
				56	# # --namespace kube-system \
				57	# # --set hubble.relay.enabled=true \
				58	# # --set hubble.ui.enabled=true \
				59	# # --set kubeProxyReplacement=strict \
				60	# # --set k8sServiceHost=192.168.0.113 \
				61	# # --set k8sServicePort=6443 \
				62	# # --set policyEnforcementMode=never \
				63	# # --set nodePort.enabled=true
				64	# # # --set bgp.enabled=true \
				65	# # # --set bgp.announce.loadbalancerIP=true \
				66
				67
				68	# # kubectl create ns cilium-test
				69	# # kubectl apply --namespace=cilium-test -f https://raw.githubusercontent.com/cilium/cilium/v1.10.2/examples/kubernetes/connectivity-check/connectivity-check.yaml
				70
				71
				72	# # helm install --create-namespace \
				73	# # --namespace rook-ceph \
				74	# # rook-ceph rook-1.6.7/cluster/charts/rook-ceph \
				75	# # --set image.tag=v1.6.7
				76
				77	# # kubectl apply -f ceph-cluster.yaml
				78	# # # kubectl -n rook-ceph patch cephcluster rook-ceph --type merge -p '{"spec":{"cleanupPolicy":{"confirmation":"yes-really-destroy-data"}}}'
				79	# # # ceph config set mgr mgr/dashboard/server_addr 0.0.0.0
				80
				81
				82	# helm install --create-namespace \
				83	# --namespace ingress-nginx \
				84	# nginx ingress-nginx/ingress-nginx \
				85	# --set fullNameOverride=nginx \
				86	# --set controller.service.type=LoadBalancer \
				87	# --set controller.setAsDefaultIngress=true \
giolekva	415c276	2021-07-23 23:42:58 +0400	[diff] [blame]	88	# --set controller.extraArgs.default-ssl-certificate=ingress-nginx/cert-wildcard.lekva.me
				89
giolekva	c40b13d	2021-08-02 22:49:25 +0400	[diff] [blame]	90	# helm install --create-namespace \
				91	# --namespace ingress-nginx-private \
				92	# nginx ingress-nginx/ingress-nginx \
				93	# --set fullnameOverride=nginx-private \
				94	# --set controller.service.type=LoadBalancer \
				95	# --set controller.setAsDefaultIngress=false \
				96	# --set controller.ingressClass=nginx-private
giolekva	415c276	2021-07-23 23:42:58 +0400	[diff] [blame]	97
				98	# helm install --create-namespace \
				99	# --namespace cert-manager \
				100	# cert-manager jetstack/cert-manager \
				101	# --version v1.4.0 \
				102	# --set installCRDs=true
				103
				104	# kubectl apply -f ../../apps/rpuppy/install.yaml
				105
				106
				107	# helm install --create-namespace \
				108	# --namespace longhorn-system \
				109	# longhorn longhorn/longhorn \
				110	# --set defaultSettings.defaultDataPath=/pcloud-storage/longhorn \
				111	# --set persistence.defaultClassReplicaCount=2 \
				112	# --set ingress.enabled=true \
giolekva	c40b13d	2021-08-02 22:49:25 +0400	[diff] [blame]	113	# --set ingress.ingressClassName=nginx-private \
				114	# --set ingress.tls=true \
giolekva	415c276	2021-07-23 23:42:58 +0400	[diff] [blame]	115	# --set ingress.host=longhorn.pcloud \
giolekva	c40b13d	2021-08-02 22:49:25 +0400	[diff] [blame]	116	# --set ingress.annotations."cert-manager\.io/cluster-issuer"="selfsigned-ca" \
				117	# --set ingress.annotations."acme\.cert-manager\.io/http01-edit-in-place"="\"true\""
giolekva	415c276	2021-07-23 23:42:58 +0400	[diff] [blame]	118
				119	# kubectl apply -f ~/dev/src/socialme-go/install.yaml
				120
				121	# # # TODO retention days
				122	# # helm install --create-namespace \
				123	# # --namespace prometheus \
				124	# # prometheys prometheus-community/prometheus \ # TODO prometheys
				125	# # --set alertmanager.ingress.enabled=true \
				126	# # --set alertmanager.ingress.ingressClassName=nginx \
				127	# # --set alertmanager.ingress.hosts={alertmanager.prometheus.pcloud} \
				128	# # --set alertmanager.ingress.annotations."nginx\.ingress\.kubernetes\.io/ssl-redirect"="\"false\"" \
				129	# # --set server.ingress.enabled=true \
				130	# # --set server.ingress.ingressClassName=nginx \
				131	# # --set server.ingress.hosts={prometheus.pcloud} \
				132	# # --set server.ingress.annotations."nginx\.ingress\.kubernetes\.io/ssl-redirect"="\"false\"" \
				133	# # --set server.persistentVolume.size=100Gi \
				134	# # --set pushgateway.ingress.enabled=true \
				135	# # --set pushgateway.ingress.ingressClassName=nginx \
				136	# # --set pushgateway.ingress.hosts={pushgateway.prometheus.pcloud} \
				137	# # --set pushgateway.ingress.annotations."nginx\.ingress\.kubernetes\.io/ssl-redirect"="\"false\"" \
				138	# # --set pushgateway.persistentVolume.enabled=true
				139
				140	# # helm install --create-namespace \
				141	# # --namespace grafana \
				142	# # --set ingress.enabled=true \
				143	# # --set ingress.ingressClassName=nginx \
				144	# # --set ingress.hosts={grafana.pcloud} \
				145	# # --set ingress.annotations."nginx\.ingress\.kubernetes\.io/ssl-redirect"="\"false\"" \
				146	# # --set persistence.enabled=true \
				147	# # --set persistence.size=50Gi
				148
				149	# helm install --create-namespace \
				150	# --namespace prometheus-system \
				151	# prometheus prometheus-community/kube-prometheus-stack \
				152	# --set alertmanager.ingress.enabled=true \
				153	# --set alertmanager.ingress.ingressClassName=nginx \
				154	# --set alertmanager.ingress.hosts={alertmanager.prometheus.pcloud} \
				155	# --set alertmanager.ingress.annotations."nginx\.ingress\.kubernetes\.io/ssl-redirect"="\"false\"" \
				156	# --set alertmanager.ingress.pathType=Prefix \
				157	# --set grafana.ingress.enabled=true \
				158	# --set grafana.ingress.ingressClassName=nginx \
				159	# --set grafana.ingress.hosts={grafana.prometheus.pcloud} \
				160	# --set grafana.ingress.annotations."nginx\.ingress\.kubernetes\.io/ssl-redirect"="\"false\"" \
				161	# --set grafana.ingress.pathType=Prefix \
				162	# --set prometheus.ingress.enabled=true \
				163	# --set prometheus.ingress.ingressClassName=nginx \
				164	# --set prometheus.ingress.hosts={prometheus.pcloud} \
				165	# --set prometheus.ingress.annotations."nginx\.ingress\.kubernetes\.io/ssl-redirect"="\"false\"" \
				166	# --set prometheus.ingress.pathType=Prefix
				167
giolekva	eb3b6a8	2021-07-31 17:49:24 +0400	[diff] [blame]	168	# # kubectl apply -f ../../apps/pihole/install.yaml
giolekva	13c3ffc	2021-09-25 17:25:26 +0400	[diff] [blame^]	169	# helm install --create-namespace \
				170	# --namespace pihole \
				171	# pihole mojo2600/pihole \
				172	# --set persistentVolumeClaim.enabled=true \
				173	# --set persistentVolumeClaim.size="5Gi" \
				174	# --set ingress.enabled=true \
				175	# --set ingress.hosts={"pihole.pcloud"} \
				176	# --set ingress.tls[0].hosts[0]="pihole.pcloud" \
				177	# --set ingress.tls[0].secretName="cert-pihole.pcloud" \
				178	# --set ingress.annotations."kubernetes\.io/ingress\.class"="nginx-private" \
				179	# --set ingress.annotations."cert-manager\.io/cluster-issuer"="selfsigned-ca" \
				180	# --set ingress.annotations."acme\.cert-manager\.io/http01-edit-in-place"="\"true\"" \
				181	# --set serviceDhcp.enabled=false \
				182	# --set serviceDns.type=LoadBalancer \
				183	# --set serviceWeb.type=ClusterIP \
				184	# --set serviceWeb.https.enabled=false \
				185	# --set virtualHost="pihole.pcloud"
giolekva	415c276	2021-07-23 23:42:58 +0400	[diff] [blame]	186
				187	# kubectl apply -f cert-manager-webhook-gandi/rbac.yaml
giolekva	13c3ffc	2021-09-25 17:25:26 +0400	[diff] [blame^]	188	# helm install --namespace cert-manager \
giolekva	415c276	2021-07-23 23:42:58 +0400	[diff] [blame]	189	# cert-manager-webhook-gandi ./cert-manager-webhook-gandi/deploy/cert-manager-webhook-gandi \
				190	# --set image.repository=giolekva/cert-manager-webhook-gandi \
				191	# --set image.tag=latest \
				192	# --set image.pullPolicy=Always \
				193	# --set logLevel=2
				194
				195	# kubectl apply -f cluster-issuer.yaml
giolekva	24f6405	2021-07-26 16:09:43 +0400	[diff] [blame]	196
giolekva	eb3b6a8	2021-07-31 17:49:24 +0400	[diff] [blame]	197	# kubectl apply -f ../../apps/maddy/install.yaml
				198	# kubectl apply -f maddy-config.yaml
giolekva	13c3ffc	2021-09-25 17:25:26 +0400	[diff] [blame^]	199	## maddyctl -config /etc/maddy/config/maddy.conf creds create *****@lekva.me
				200	## maddyctl -config /etc/maddy/config/maddy.conf imap-acct create *****@lekva.me
				201
				202	# kubectl apply -f ../../apps/nebula/install.yaml
				203	# kubectl create configmap \
				204	# -n app-nebula \
				205	# lighthouse-cert \
				206	# --from-file ../../apps/nebula/lighthouse-cert/
				207	# kubectl create configmap \
				208	# -n app-nebula \
				209	# ca-cert \
				210	# --from-file ../../apps/nebula/ca-cert/ca.crt
				211	# kubectl create configmap \
				212	# -n app-nebula \
				213	# lighthouse-config \
				214	# --from-file ../../apps/nebula/lighthouse.yaml
				215
				216	kubectl apply -f ../../apps/matrix/install.yaml
				217	# kubectl create configmap \
				218	# -n app-matrix \
				219	# config \
				220	# --from-file ../../apps/matrix/homeserver.yaml
				221	# kubectl apply -f www.yaml
				222	##kubectl rollout restart deployment/nginx -n www
				223	## kubectl cp app-matrix/matrix-7dd48659c9-p5mpq:/data/homeserver.yaml $(pwd)/../../apps/matrix/homeserver.yaml
				224	## Modify homeserver.yaml and copy back
				225
				226
				227	## kubectl -n ingress-nginx get secret cert-wildcard.lekva.me -o yaml > cert-wildcard.lekva.me.yaml
				228	## kubectl apply -f cert-wildcard.lekva.me.yaml -n app-matrix