https://github.com/pyrrha/home-cluster
My cluster
https://github.com/pyrrha/home-cluster
helm iac infra kubernetes
Last synced: 7 months ago
JSON representation
My cluster
- Host: GitHub
- URL: https://github.com/pyrrha/home-cluster
- Owner: Pyrrha
- Created: 2022-07-22T11:37:11.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2024-04-10T23:27:46.000Z (about 2 years ago)
- Last Synced: 2024-04-11T02:09:12.352Z (about 2 years ago)
- Topics: helm, iac, infra, kubernetes
- Language: Smarty
- Homepage:
- Size: 434 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Home Cluster
## Installation
> [!WARNING]
> If using root user, use `su -` instead of `su` to enable /etc/profile file reading.
- Begin by configuring host:
```sh
cat <`
- Untaint control-plane:
```sh
kubectl taint nodes --all node-role.kubernetes.io/control-plane-
```
- Install [Tigera operator](https://docs.tigera.io/calico/latest/getting-started/kubernetes/quickstart) for Calico
- Apply CRDs and operator (ensure using latest version):
```sh
wget https://raw.githubusercontent.com/projectcalico/calico/v3.29.3/manifests/tigera-operator.yaml > component-config/tigera-operator/tigera-operator.yaml
kubectl create -f component-config/tigera-operator/tigera-operator.yaml
```
- Retrieve configuration and adapt the ipPool's CIDR:
```sh
curl https://raw.githubusercontent.com/projectcalico/calico/v3.29.3/manifests/custom-resources.yaml > component-config/calico/custom-resources.yaml
vim component-config/calico/custom-resources.yaml # set CIDR to the same of kubeadm.yaml file: 10.96.0.0/12
kubectl create -f component-config/calico/custom-resources.yaml
```
- Deploy `sealed-secrets`:
```sh
helm upgrade -n sealed-secrets --create-namespace --install --dependency-update sealed-secrets component-config/sealed-secrets -f component-config/sealed-secrets/values.yaml
```
- Generate secrets:
```sh
# ArgoCD
kubeseal --controller-namespace sealed-secrets --controller-name sealed-secrets -o yaml -n argocd < component-config/argocd/my_secret.yaml > component-config/argocd/templates/secrets.yaml
# IP
kubeseal --controller-namespace sealed-secrets --controller-name sealed-secrets -o yaml -n kube-system < component-config/ip/my_secret.yaml > component-config/ip/cloudflare-api-key.yaml
# Database
kubeseal --controller-namespace sealed-secrets --controller-name sealed-secrets -o yaml -n database < component-config/database/my_secret.yaml > component-config/database/templates/database.yaml
# Keycloak
kubeseal --controller-namespace sealed-secrets --controller-name sealed-secrets -o yaml -n keycloak < component-config/keycloak/my_secret.yaml > component-config/keycloak/templates/secrets.yaml
```
- Commit secrets to deploy them with ArgoCD
- Deploy ArgoCD:
```sh
helm upgrade -n argocd --create-namespace --install --dependency-update argocd component-config/argocd -f component-config/argocd/values.yaml
```
- Join cluster with other nodes
- Apply app-of-apps.yaml:
```sh
kubectl apply -f argo-config/applications/app-of-apps.yaml
```
- It will automaticaly create all other applications
- Keycloak should automatically recover from data present in database. Otherwise:
- Connect to [auth portal](https://auth-admin.dietz.dev) and create a new realm named `dietz`
- Import backup realms 😉
- Configure Kubernetes to use OIDC provider:
- Open `vim /etc/kubernetes/manifests/kube-apiserver.yaml`
- Copy the following content:
```yaml
- --oidc-issuer-url=https://auth.dietz.dev/realms/dietz
- --oidc-client-id=kubernetes
- --oidc-groups-claim=groups
- --oidc-username-claim=email
```
- Configure `kubectl` to use OIDC provider:
```sh
kubectl oidc-login setup \
--oidc-issuer-url=https://auth.dietz.dev/realms/dietz \
--oidc-client-id=kubernetes \
--oidc-client-secret=
```
- Follow instructions to configure `kubectl` to use OIDC provider
- Finally, for conveniance: `kubectl config set-context oidc@home --cluster kubernetes --user oidc`