Merge branch 'k3s' of kemonine/docs into master
This commit is contained in:
commit
2ae72130ce
|
@ -0,0 +1,84 @@
|
|||
# k3s
|
||||
|
||||
For those looking to deploy k3s ([http://k3s.io/](http://k3s.io/)) the below notes should help get it setup and quickly deployed.
|
||||
|
||||
# Inspiration / Further Reading
|
||||
|
||||
- [https://github.com/kubernetes/dashboard](https://github.com/kubernetes/dashboard)
|
||||
- [https://kubernetes.io/docs/concepts/](https://kubernetes.io/docs/concepts/)
|
||||
- [https://kubernetes.io/docs/tasks/](https://kubernetes.io/docs/tasks/)
|
||||
- [https://kubernetes.io/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume/](https://kubernetes.io/docs/tutorials/stateful-application/mysql-wordpress-persistent-volume/)
|
||||
- [https://helm.sh/docs/using_helm/#quickstart](https://helm.sh/docs/using_helm/#quickstart)
|
||||
- [https://helm.sh/docs/using_helm/#installing-helm](https://helm.sh/docs/using_helm/#installing-helm)
|
||||
- [https://github.com/helm/chartmuseum](https://github.com/helm/chartmuseum)
|
||||
- [https://github.com/helm/monocular](https://github.com/helm/monocular)
|
||||
- [https://github.com/jessestuart/tiller-multiarch](https://github.com/jessestuart/tiller-multiarch)
|
||||
- [https://github.com/kubeapps/kubeapps](https://github.com/kubeapps/kubeapps)
|
||||
- [https://github.com/kubeapps/kubeapps/issues/929](https://github.com/kubeapps/kubeapps/issues/929)
|
||||
- [https://github.com/kubeapps/kubeapps/blob/master/Makefile]
|
||||
- [https://github.com/chartmuseum/ui](https://github.com/chartmuseum/ui)
|
||||
- [https://github.com/helm/chartmuseum](https://github.com/helm/chartmuseum)
|
||||
- [https://github.com/rancher/k3s/issues/81](https://github.com/rancher/k3s/issues/81)
|
||||
|
||||
# Quick Deployment
|
||||
|
||||
## Armbian Install / Setup
|
||||
|
||||
1. Install Armbian
|
||||
1. Login and run through first login steps
|
||||
1. ```apt update && apt install htop nload iotop vim nano tmux && apt upgrade```
|
||||
1. ```systemctl reboot```
|
||||
|
||||
## Run tmux as root
|
||||
|
||||
### Prep
|
||||
|
||||
```
|
||||
cat > admin-user.yaml <<EOF
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: admin-user
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: admin-user
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: cluster-admin
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: admin-user
|
||||
namespace: kube-system
|
||||
EOF
|
||||
|
||||
```
|
||||
|
||||
### Session 1
|
||||
|
||||
1. ```curl -sfL https://get.k3s.io | sh -```
|
||||
1. ```journalctl -fu k3s```
|
||||
|
||||
### Session 2
|
||||
|
||||
1. ```k3s kubectl get node``` -- This should eventually give output
|
||||
1. ``` kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.0/src/deploy/recommended/kubernetes-dashboard-arm.yaml```
|
||||
1. ```kubectl apply -f admin-user.yaml```
|
||||
1. ```kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')```
|
||||
|
||||
### Session 3
|
||||
|
||||
1. ```cp /etc/rancher/k3s/k3s.yaml ~/.kube/config```
|
||||
1. ```curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash```
|
||||
1. ```helm init --tiller-image=jessestuart/tiller```
|
||||
1. ```helm repo add bitnami https://charts.bitnami.com/bitnami```
|
||||
1. ```helm install --name kubeapps --namespace kubeapps bitnami/kubeapps```
|
||||
|
||||
### Local Machine
|
||||
|
||||
1. Setup proxy per the "Accessing cluster from outside section" section at [https://github.com/rancher/k3s/blob/master/README.md](https://github.com/rancher/k3s/blob/master/README.md)
|
||||
1. Access dashboard at [http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/](http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/)
|
||||
|
|
@ -53,41 +53,8 @@ sudo su postgres -c 'psql -f config/setup_db.psql'
|
|||
|
||||
``` bash
|
||||
|
||||
cat > /root/pleroma.sh <<EOF
|
||||
#!/bin/bash
|
||||
|
||||
ARCH=\`arch\`
|
||||
if [ \$ARCH == "aarch64" ]
|
||||
then
|
||||
ARCH="arm64v8"
|
||||
else
|
||||
ARCH="arm32v7"
|
||||
fi
|
||||
|
||||
docker pull registry.lollipopcloud.solutions/\$ARCH/pleroma:latest
|
||||
docker rm -f pleroma
|
||||
|
||||
# If customizing the following example volumes should guide the way
|
||||
# -v /var/pleroma/custom.d/priv/static/instance:/app/pleroma/priv/static/instance \
|
||||
# -v /var/pleroma/custom.d/priv/static/favicon.png:/app/pleroma/priv/static/favicon.png \
|
||||
# -v /var/pleroma/custom.d/priv/static/static/black_background.jpg:/app/pleroma/priv/static/static/black_background.jpg \
|
||||
# -v /var/pleroma/custom.d/priv/static/static/config.json:/app/pleroma/priv/static/static/config.json \
|
||||
# -v /var/pleroma/custom.d/priv/static/static/logo.png:/app/pleroma/priv/static/static/logo.png \
|
||||
# -v /var/pleroma/uploads:/app/pleroma/uploads \
|
||||
# -v /var/pleroma/config/prod.secret.exs:/app/pleroma/config/prod.secret.exs \
|
||||
|
||||
docker run \\
|
||||
--name pleroma \\
|
||||
--restart unless-stopped \\
|
||||
--net docker-private \\
|
||||
--ip 172.30.12.22 \\
|
||||
-e TZ=UTC \\
|
||||
-e DEBUG=1 \\
|
||||
-v /var/pleroma/uploads:/app/pleroma/uploads \\
|
||||
-v /var/pleroma/config/prod.secret.exs:/app/pleroma/config/prod.secret.exs \\
|
||||
registry.lollipopcloud.solutions/\$ARCH/pleroma:latest
|
||||
|
||||
EOF
|
||||
wget -O pleroma.sh https://git.lollipopcloud.solutions/lollipop-docker/pleroma/raw/branch/master/run.sh
|
||||
chmod a+x pleroma.sh
|
||||
|
||||
```
|
||||
|
||||
|
|
|
@ -45,33 +45,8 @@ plm search init
|
|||
|
||||
``` bash
|
||||
|
||||
cat > /root/plume.sh <<EOF
|
||||
#!/bin/bash
|
||||
|
||||
ARCH=\`arch\`
|
||||
if [ \$ARCH == "aarch64" ]
|
||||
then
|
||||
ARCH="arm64v8"
|
||||
else
|
||||
ARCH="arm32v7"
|
||||
fi
|
||||
|
||||
docker pull registry.lollipopcloud.solutions/\$ARCH/plume:latest
|
||||
docker rm -f plume
|
||||
|
||||
docker run \\
|
||||
--name plume \\
|
||||
--restart unless-stopped \\
|
||||
--net docker-private \\
|
||||
--ip 172.30.12.21 \\
|
||||
-e TZ=UTC \\
|
||||
-e DEBUG=1 \\
|
||||
-v /var/plume/static/media:/app/static/media \\
|
||||
-v /var/plume/.env:/app/.env \\
|
||||
-v /var/plume/search_index:/app/search_index \\
|
||||
registry.lollipopcloud.solutions/\$ARCH/plume:latest
|
||||
|
||||
EOF
|
||||
wget -O plume.sh https://git.lollipopcloud.solutions/lollipop-docker/plume/raw/branch/master/run.sh
|
||||
chmod a+x plume.sh
|
||||
|
||||
```
|
||||
|
||||
|
|
|
@ -41,46 +41,7 @@ Setup a generic script that'll auto update Traefik and launch it. You should onl
|
|||
mkdir -p /var/traefik/acme
|
||||
touch /var/traefik/acme/acme.json
|
||||
chmod 600 /var/traefik/acme/acme.json
|
||||
|
||||
cat > /root/traefik.sh << EOF
|
||||
#!/bin/bash
|
||||
|
||||
ARCH=\`arch\`
|
||||
if [ \$ARCH == "aarch64" ]
|
||||
then
|
||||
ARCH="arm64v8"
|
||||
else
|
||||
ARCH="arm32v7"
|
||||
fi
|
||||
|
||||
docker pull registry.lollipopcloud.solutions/\$ARCH/traefik:latest
|
||||
|
||||
docker stop traefik
|
||||
docker rm traefik
|
||||
|
||||
##########
|
||||
change -e ACME_DNS_PROVIDER to match one from https://docs.traefik.io/configuration/acme/#provider if using DNS ACME challenges
|
||||
add -e options for each variable for your chosen dns provider
|
||||
don’t include CF_API vars in portainer template
|
||||
need to create /var/traefik/acme/acme.json with 600 perms ahead of container run
|
||||
change --logLevel=DEBUG via -e? if so: set to ERROR by default
|
||||
label docs for templates: https://docs.traefik.io/configuration/backends/docker/#labels-overriding-default-behavior
|
||||
##########
|
||||
|
||||
docker run -it \\
|
||||
-e TZ=UTC \\
|
||||
-e DEBUG=1 \\
|
||||
-e ACME_EMAIL="user@domain.tld" \\
|
||||
-e ACME_DNS_PROVIDER="--acme.dnschallenge.provider=cloudflare" \\
|
||||
-e CF_API_EMAIL="user@domain.tld" \\
|
||||
-e CF_API_KEY=big_string \\
|
||||
-v /var/traefik:/etc/traefik \\
|
||||
-v /var/run/docker.sock:/var/run/docker.sock \\
|
||||
registry.lollipopcloud.solutions/\$ARCH/traefik:latest \\
|
||||
--api --docker --logLevel=DEBUG --defaultentrypoints=http,https --entrypoints="Name:http address::80 Redirect.EntryPoint:https" --entrypoints="Name:https address::443 TLS" --acme=true --acme.acmelogging=true --acme.storage=/etc/traefik/acme/acme.json --acme.tlsconfig=true --acme.entrypoint=https --acme.httpchallenge.entrypoint=http --acme.email=$ACME_EMAIL --acme.onhostrule=true --acme.httpchallenge=true $ACME_DNS_PROVIDER
|
||||
|
||||
EOF
|
||||
|
||||
wget -O traefik.sh https://git.lollipopcloud.solutions/lollipop-docker/traefik/raw/branch/master/run.sh
|
||||
chmod a+x /root/traefik.sh
|
||||
|
||||
```
|
||||
|
|
Reference in New Issue