Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/rgl/k3s-vagrant

k3s k8s cluster playground
https://github.com/rgl/k3s-vagrant

k3s k8s kubernetes

Last synced: 13 days ago
JSON representation

k3s k8s cluster playground

Host: GitHub
URL: https://github.com/rgl/k3s-vagrant
Owner: rgl
Created: 2019-07-16T23:41:21.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2024-08-14T07:32:31.000Z (3 months ago)
Last Synced: 2024-10-04T11:59:18.713Z (about 1 month ago)
Topics: k3s, k8s, kubernetes
Language: Shell
Homepage:
Size: 628 KB
Stars: 58
Watchers: 3
Forks: 25
Open Issues: 1
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# About

This is a [k3s](https://github.com/k3s-io/k3s) kubernetes cluster playground wrapped in a Vagrant environment.

# Usage

Configure the host machine `hosts` file with:

```
10.11.0.4 registry.example.test
10.11.0.30 s.example.test
10.11.0.50 traefik.example.test
10.11.0.50 kubernetes-dashboard.example.test
10.11.0.50 kubernetes-hello.example.test
10.11.0.50 argocd.example.test
```

Install the base [Debian 12 (Bookworm) vagrant box](https://github.com/rgl/debian-vagrant).

Optionally, start the [rgl/gitlab-vagrant](https://github.com/rgl/gitlab-vagrant) environment at `../gitlab-vagrant`. If you do this, this environment will have the [gitlab-runner helm chart](https://docs.gitlab.com/runner/install/kubernetes.html) installed in the k8s cluster.

Optionally, connect the environment to the physical network through the host `br-lan` bridge. The environment assumes that the host bridge was configured as:

```bash
sudo -i
# review the configuration in the files at /etc/netplan and replace them all
# with a single configuration file:
ls -laF /etc/netplan
upstream_interface=eth0
upstream_mac=$(ip link show $upstream_interface | perl -ne '/ether ([^ ]+)/ && print $1')
cat >/etc/netplan/00-config.yaml < tmp/kubernetes-hello.yml
kubectl apply -f tmp/kubernetes-hello.yml
kubectl rollout status daemonset/kubernetes-hello
kubectl get ingresses,services,pods,daemonset
kubernetes_hello_ip="$(kubectl get ingress/kubernetes-hello -o json | jq -r .status.loadBalancer.ingress[0].ip)"
kubernetes_hello_fqdn="$(kubectl get ingress/kubernetes-hello -o json | jq -r .spec.rules[0].host)"
kubernetes_hello_url="http://$kubernetes_hello_fqdn"
echo "kubernetes_hello_url: $kubernetes_hello_url"
curl --resolve "$kubernetes_hello_fqdn:80:$kubernetes_hello_ip" "$kubernetes_hello_url"
kubectl delete -f tmp/kubernetes-hello.yml
```

Access the example `nginx` ArgoCD application service (managed by ArgoCD as the
[`nginx` ArgoCD Application](argocd/main.tf)):

```bash
nginx_ip="$(kubectl get service/nginx -o json | jq -r .status.loadBalancer.ingress[0].ip)"
nginx_url="http://$nginx_ip"
echo "nginx_url: $nginx_url"
curl "$nginx_url"
```

List this repository dependencies (and which have newer versions):

```bash
GITHUB_COM_TOKEN='YOUR_GITHUB_PERSONAL_TOKEN' ./renovate.sh
```

## Traefik Dashboard

Access the Traefik Dashboard at:

https://traefik.example.test/dashboard/

## Rancher Server

Access the Rancher Server at:

https://s.example.test:6443

**NB** This is a proxy to the k8s API server (which is running in port 6444).

**NB** You must use the client certificate that is inside the `tmp/admin.conf`,
`tmp/*.pem`, or `/etc/rancher/k3s/k3s.yaml` (inside the `s1` machine) file.

Access the rancher server using the client certificate with httpie:

```bash
http \
--verify tmp/default-ca-crt.pem \
--cert tmp/default-crt.pem \
--cert-key tmp/default-key.pem \
https://s.example.test:6443
```

Or with curl:

```bash
curl \
--cacert tmp/default-ca-crt.pem \
--cert tmp/default-crt.pem \
--key tmp/default-key.pem \
https://s.example.test:6443
```

## Kubernetes Dashboard

Access the Kubernetes Dashboard at:

https://kubernetes-dashboard.example.test

Then select `Token` and use the contents of `tmp/admin-token.txt` as the token.

You can also launch the kubernetes API server proxy in background:

```bash
export KUBECONFIG=$PWD/tmp/admin.conf
kubectl proxy &
```

And access the kubernetes dashboard at:

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

## K9s Dashboard

The [K9s](https://github.com/derailed/k9s) console UI dashboard is also
installed in the server node. You can access it by running:

```bash
vagrant ssh s1
sudo su -l
k9s
```

## Zot Registry

The [Zot Registry](https://zotregistry.dev) is installed in the registry
node and can be accessed at:

http://registry.example.test

## Argo CD

Get the `admin` user password:

```bash
echo "Argo CD admin password: $(cat tmp/argocd-admin-password.txt)"
```

Access the web interface:

https://argocd.example.test

Show the configuration:

```bash
kubectl get -n argocd configmap/argocd-cmd-params-cm -o yaml
```

## Crossplane

Set the AWS credentials secret:

```bash
# NB for testing purposes, you can copy these from the AWS Management Console.
cat >tmp/aws-credentials.txt <<'EOF'
[default]
aws_access_key_id =
aws_secret_access_key =
#aws_session_token =
EOF
export KUBECONFIG=$PWD/tmp/admin.conf
kubectl delete secret/aws-credentials \
--namespace crossplane-system
kubectl create secret generic aws-credentials \
--namespace crossplane-system \
--from-file credentials=tmp/aws-credentials.txt
```

Create an S3 bucket:

```bash
# see https://marketplace.upbound.io/providers/upbound/provider-aws-s3/v1.11.0/resources/s3.aws.upbound.io/Bucket/v1beta2
# NB Bucket is cluster scoped.
# see kubectl get crd buckets.s3.aws.upbound.io -o yaml
export KUBECONFIG=$PWD/tmp/admin.conf
kubectl create -f - <<'EOF'
apiVersion: s3.aws.upbound.io/v1beta2
kind: Bucket
metadata:
name: crossplane-hello-world
spec:
forProvider:
region: eu-west-1
tags:
owner: rgl
providerConfigRef:
name: default
EOF
```

List the created bucket:

```bash
kubectl get buckets
```

Describe the created bucket:

```bash
kubectl describe bucket/crossplane-hello-world
```

Using the AWS CLI, list the S3 buckets:

```bash
AWS_CONFIG_FILE=tmp/aws-credentials.txt aws s3 ls
```

Delete the created bucket:

```bash
kubectl delete bucket/crossplane-hello-world
```

# Notes

* k3s has a custom k8s authenticator module that does user authentication from `/var/lib/rancher/k3s/server/cred/passwd`.

# Reference

* [k3s Installation and Configuration Options](https://rancher.com/docs/k3s/latest/en/installation/install-options/)
* [k3s Advanced Options and Configuration](https://rancher.com/docs/k3s/latest/en/advanced/)
* [k3s Under the Hood: Building a Product-grade Lightweight Kubernetes Distro (KubeCon NA 2019)](https://www.youtube.com/watch?v=-HchRyqNtkU)