You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
chris 5eb79cac28 hetzner draft 1 year ago
setup hetzner draft 1 year ago
README.md hetzner-kube ips 1 year ago
admin-role.yaml dashboard def 2 years ago
admin-user.yaml dashboard def 2 years ago
ansible-haproxy.yaml nginx-ingress 2 years ago
certmanager-default.yaml certmanager 1 year ago
certmanager-manifest.yaml certmanager 1 year ago
haproxy.cfg move nodeports for nginx 1 year ago
helm-wordpress.yaml WP 2 years ago
k8spress.yaml redo k8spress 1 year ago
kubernetes-dashboard.yaml dashboard def 2 years ago
letsencrypt-prod.yaml issuer 1 year ago
letsencrypt-staging.yaml issuer 1 year ago
nginx-ingress.yaml fix daemonset selector 1 year ago
nginx-nodeport.yaml move nodeports for nginx 1 year ago
rook-block.yaml rook 2 years ago
rook-cluster.yaml move ceph directory on hosts 1 year ago
rook-filesystem.yaml rook 2 years ago
rook-object.yaml rook 2 years ago
staticpage-ingress-ssl.yaml staticpage exmpl 1 year ago
staticpage-ingress.yaml staticpage exmpl 1 year ago
staticpage.yaml staticpage exmpl 1 year ago
tiller.yaml helm 2 years ago

README.md

Cluster playground

patch & install hetzner-kube

docker pull golang
docker run --rm -ti --name=golang golang bash
git clone https://github.com/xetys/hetzner-kube
cd hetzner-kube
sed -i s'/kubernetes-cni/kubernetes-cni=0.6.0-00/' pkg/clustermanager/provision_node.go
go build

docker cp golang:/go/hetzner-kube/hetzner-kube .local/bin/hetzner-kube
chmod +x .local/bin/hetzner-kube

setup cluster

hetzner-kube cluster create --name k8s-test --node-cidr 10.42.23.0/24 --ssh-key melpomene (-w 3)
hetzner-kube cluster kubeconfig k8s-test
kubectl cluster-info

helm

install kubernetes-helm from your package manager…

kubectl apply -f tiller.yaml
helm init --service-account tiller

rook.io

helm repo add rook-beta https://charts.rook.io/beta
helm install --namespace rook-ceph-system rook-beta/rook-ceph
kubectl apply -f rook-cluster.yaml
kubectl apply -f rook-block.yaml
kubectl patch storageclass rook-ceph-block -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
kubectl apply -f rook-filesystem.yaml
kubectl apply -f rook-object.yaml

dashboard

kubectl apply -f kubernetes-dashboard.yaml

kubectl apply -f admin-user.yaml
kubectl apply -f admin-role.yaml

kubectl -n kube-system get secret | grep admin-user | cut -d' ' -f1
kubectl -n kube-system describe secret admin-user-token-...

kubectl proxy

http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

nginx-ingress

kubectl apply -f nginx-ingress.yaml
kubectl apply -f nginx-nodeport.yaml

frontend LB variante 1

scp haproxy.conf root@ssh root@$(hetzner-kube cluster master-ip k8s-test):
ssh root@$(hetzner-kube cluster master-ip k8s-test)
apt install -y haproxy 
mv haproxy.cfg /etc/haproxy/haproxy.cfg
systemctl restart haproxy

frontend LB variante 2

ssh root@$(hetzner-kube cluster master-ip k8s-test) apt install -y python
ansible-playbook -i "$(hetzner-kube cluster master-ip k8s-test)," -u root ansible-haproxy.yaml

static page

kubectl apply -f staticpage.yaml
kubectl proxy
http://localhost:8001/api/v1/namespaces/testsite/pods/http:static-nginx:/proxy/#!

add ingress

kubectl apply -f staticpage-ingress.yaml

set up SSL

kubectl create namespace cert-manager
kubectl label namespace cert-manager certmanager.k8s.io/disable-validation=true
kubectl apply -f certmanager-manifest.yaml

create issuers

adapt email!
kubectl apply -f letsencrypt-staging.yaml
kubectl apply -f letsencrypt-prod.yaml

default issuer

kubectl apply -f certmanager-default.yaml

add ssl to testsite

kubectl apply -f staticpage-ingress-ssl.yaml

test deployment

kubectl apply -f k8spress.yaml
(adapt hostname!)

teardown

hetzner-kube cluster delete k8s-test