Compare commits
6 Commits
2c23ac85ce
...
wip/traefi
| Author | SHA1 | Date | |
|---|---|---|---|
|
a9ea233c15 | ||
|
|
bc69332ca5 | ||
|
|
37fc96023a | ||
|
|
24e56c658a | ||
|
|
bb5add7a10 | ||
|
|
7e47ce2787 |
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1 +1,2 @@
|
||||
.env.local
|
||||
traefik-values.yaml
|
||||
@@ -10,6 +10,7 @@ export K3S_ENABLE_REGISTRY := env("K3S_ENABLE_REGISTRY", "true")
|
||||
export SERVER_IP := env("K3S_SERVER_IP","192.168.178.45")
|
||||
export AGENT_IP := env("K3S_AGENT_IP","192.168.178.75")
|
||||
export USER := env("K3S_USER","basti")
|
||||
export LONGHORN_NAMESPACE := env("LONGHORN_NAMESPACE","longhorn-system")
|
||||
|
||||
[private]
|
||||
default:
|
||||
@@ -146,3 +147,75 @@ configure-registry:
|
||||
echo "Restarting k3s to apply registry configuration..."
|
||||
ssh "${K8S_MASTER_NODE_NAME}" "sudo systemctl restart k3s"
|
||||
echo "✓ Registry configuration applied"
|
||||
|
||||
|
||||
stop:
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
START_TIME=$(date +%s)
|
||||
elapsed() {
|
||||
echo "$(($(date +%s) - START_TIME))s"
|
||||
}
|
||||
nodenames=$(kubectl get nodes -o=jsonpath="{.items[*]['metadata.name']}")
|
||||
for node in ${nodenames}; do
|
||||
kubectl drain "${node}" --ignore-daemonsets --delete-emptydir-data --force --disable-eviction --grace-period=60 --timeout=180s 2>&1 || true
|
||||
kubectl cordon "${node}"
|
||||
echo "Node ${node} stopped."
|
||||
done
|
||||
echo "Drain complete. Nodes are cordoned and drained."
|
||||
|
||||
if helm status longhorn -n ${LONGHORN_NAMESPACE} &>/dev/null; then
|
||||
echo "[$(elapsed)] Waiting for Longhorn volumes to be detached..."
|
||||
TIMEOUT=90
|
||||
ELAPSED=0
|
||||
while [ $ELAPSED -lt $TIMEOUT ]; do
|
||||
|
||||
ATTACHED=$(kubectl get volumes.longhorn.io -n ${LONGHORN_NAMESPACE} -o json 2>/dev/null | \
|
||||
jq -r '.items[] | select(.status.state == "attached") | .metadata.name' 2>/dev/null || true)
|
||||
|
||||
if [ -z "$ATTACHED" ]; then
|
||||
echo "[$(elapsed)] ✓ All Longhorn volumes detached successfully"
|
||||
break
|
||||
fi
|
||||
|
||||
ATTACHED_COUNT=$(echo "$ATTACHED" | grep -c . || echo 0)
|
||||
echo " Still waiting for $ATTACHED_COUNT volume(s) to detach..."
|
||||
sleep 2
|
||||
ELAPSED=$((ELAPSED + 2))
|
||||
done
|
||||
if [ $ELAPSED -ge $TIMEOUT ]; then
|
||||
echo "[$(elapsed)] ⚠ Warning: Timeout waiting for volumes to detach"
|
||||
fi
|
||||
fi
|
||||
|
||||
for node in ${nodenames}; do
|
||||
echo "[$(elapsed)] Stopping and disabling k3s service..."
|
||||
ssh "${node}" "sudo systemctl stop k3s 2>/dev/null || true"
|
||||
ssh "${node}" "sudo systemctl disable k3s 2>/dev/null || true"
|
||||
done
|
||||
|
||||
start:
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
is_schedulable() {
|
||||
node_name="$1"
|
||||
! kubectl get node "$node_name" -o jsonpath='{.spec.unschedulable}' 2>/dev/null | grep -q "true"
|
||||
}
|
||||
|
||||
nodenames=$(kubectl get nodes -o=jsonpath="{.items[*]['metadata.name']}")
|
||||
|
||||
|
||||
for node in ${nodenames}; do
|
||||
echo "Starting k3s service on ${node}..."
|
||||
|
||||
if is_schedulable "$node"; then
|
||||
echo "✓ Node $node is already schedulable"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "Uncordoning node $node..."
|
||||
kubectl uncordon "$node" 2>&1 || true
|
||||
|
||||
echo "Wait for every node to become Ready..."
|
||||
done
|
||||
12
07_KubePrometheusStack/grafana-certificate.gomplate.yaml
Normal file
12
07_KubePrometheusStack/grafana-certificate.gomplate.yaml
Normal file
@@ -0,0 +1,12 @@
|
||||
apiVersion: cert-manager.io/v1
|
||||
kind: Certificate
|
||||
metadata:
|
||||
name: grafana-ingress-certificate
|
||||
namespace: {{.Env.PROMETHEUS_NAMESPACE}}
|
||||
spec:
|
||||
secretName: grafana-certificate-secret
|
||||
issuerRef:
|
||||
name: cloudflare-cluster-issuer
|
||||
kind: ClusterIssuer
|
||||
dnsNames:
|
||||
- {{.Env.GRAFANA_HOST}}
|
||||
@@ -1,7 +1,7 @@
|
||||
set fallback := true
|
||||
|
||||
export PROMETHEUS_NAMESPACE := env("PROMETHEUS_NAMESPACE", "monitoring")
|
||||
#export GRAFANA_HOST := env("GRAFANA_HOST")
|
||||
export GRAFANA_HOST := env("GRAFANA_HOST", "")
|
||||
|
||||
[private]
|
||||
default:
|
||||
@@ -14,23 +14,29 @@ add-helm-repo:
|
||||
|
||||
|
||||
install:
|
||||
@just add-helm-repo
|
||||
just add-helm-repo
|
||||
|
||||
gomplate -f kube-stack-config-values-gomplate.yaml -o kube-stack-config-values.yaml
|
||||
gomplate -f kube-stack-config-values.gomplate.yaml -o kube-stack-config-values.yaml
|
||||
|
||||
@helm upgrade --cleanup-on-fail --install kube-prometheus-stack prometheus-community/kube-prometheus-stack \
|
||||
--namespace ${PROMETHEUS_NAMESPACE} \
|
||||
--create-namespace \
|
||||
--debug \
|
||||
--wait \
|
||||
-f kube-stack-config-values.yaml
|
||||
|
||||
echo "kubectl port-forward svc/prometheus-grafana 8080:80 -n monitoring"
|
||||
echo "kubectl port-forward svc/prometheus-kube-prometheus-prometheus 9090 -n monitoring"
|
||||
echo "kubectl port-forward svc/prometheus-kube-prometheus-alertmanager 9093 -n monitoring"
|
||||
just KubePrometheusStack::show-ports
|
||||
|
||||
gomplate -f ./grafana-certificate.gomplate.yaml | kubectl apply -f -
|
||||
|
||||
echo "Get Grafana Password:"
|
||||
echo "kubectl get secret --namespace monitoring -l app.kubernetes.io/component=admin-secret -o jsonpath=\"{.items[0].data.admin-password}\" | base64 --decode ; echo"
|
||||
|
||||
uninstall:
|
||||
helm uninstall kube-prometheus-stack -n ${PROMETHEUS_NAMESPACE}
|
||||
|
||||
show-ports:
|
||||
@echo "kubectl port-forward svc/kube-prometheus-stack-grafana 8080:80 -n ${PROMETHEUS_NAMESPACE}"
|
||||
@echo "kubectl port-forward svc/kube-prometheus-stack-prometheus 9090 -n ${PROMETHEUS_NAMESPACE}"
|
||||
@echo "kubectl port-forward svc/kube-prometheus-stack-alertmanager 9093 -n ${PROMETHEUS_NAMESPACE}"
|
||||
|
||||
@echo "Get Grafana Password:"
|
||||
@echo "kubectl get secret --namespace monitoring -l app.kubernetes.io/component=admin-secret -o jsonpath=\"{.items[0].data.admin-user}\" | base64 --decode ; echo"
|
||||
@echo "kubectl get secret --namespace monitoring -l app.kubernetes.io/component=admin-secret -o jsonpath=\"{.items[0].data.admin-password}\" | base64 --decode ; echo"
|
||||
|
||||
@@ -1,13 +0,0 @@
|
||||
grafana:
|
||||
enabled: true
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: traefik
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
hosts:
|
||||
- {{ .Env.GRAFANA_HOST }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ .Env.GRAFANA_HOST }}
|
||||
@@ -0,0 +1,23 @@
|
||||
grafana:
|
||||
enabled: true
|
||||
|
||||
ingress:
|
||||
enabled: true
|
||||
ingressClassName: traefik
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||
hosts:
|
||||
- {{ .Env.GRAFANA_HOST }}
|
||||
tls:
|
||||
- secretName: grafana-certificate-secret
|
||||
- hosts:
|
||||
- {{ .Env.GRAFANA_HOST }}
|
||||
annotations:
|
||||
traefik.ingress.kubernetes.io/router.tls: "true"
|
||||
traefik.ingress.kubernetes.io/router.tls.certresolver: "" # empty = use secretName, not its own resolver
|
||||
|
||||
grafana.ini:
|
||||
server:
|
||||
domain: {{ .Env.GRAFANA_HOST }}
|
||||
root_url: https://{{ .Env.GRAFANA_HOST }}
|
||||
serve_from_sub_path: false
|
||||
@@ -1,2 +0,0 @@
|
||||
grafana:
|
||||
enabled: true
|
||||
@@ -2,6 +2,7 @@ set fallback:=true
|
||||
|
||||
export CERT_MANAGER_NAMESPACE := env("CERT_MANAGER_NAMESPACE", "cert-manager")
|
||||
export TRAEFIK_NAMESPACE := env("TRAEFIK_NAMESPACE", "traefik")
|
||||
export TRAEFIK_CHART_VERSION := env("TRAEFIK_CHART_VERSION", "v39.0.7")
|
||||
|
||||
add-helm-repos:
|
||||
helm repo add traefik https://helm.traefik.io/traefik --force-update
|
||||
@@ -15,11 +16,14 @@ install:
|
||||
|
||||
just add-helm-repos
|
||||
|
||||
gomplate -f traefik-values-gomplate.yaml -o traefik-values.yaml
|
||||
|
||||
helm upgrade traefik traefik/traefik \
|
||||
--install \
|
||||
--cleanup-on-fail \
|
||||
--namespace ${TRAEFIK_NAMESPACE} \
|
||||
--create-namespace \
|
||||
--version ${TRAEFIK_CHART_VERSION} \
|
||||
--values traefik-values.yaml
|
||||
|
||||
helm upgrade cert-manager jetstack/cert-manager \
|
||||
@@ -60,3 +64,8 @@ status:
|
||||
echo ""
|
||||
echo "CRDs:"
|
||||
kubectl get crd | grep cert-manager.io
|
||||
|
||||
ingressroute:
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
gomplate -f traefik-ingressroute-gomplate.yaml | kubectl apply -f -
|
||||
@@ -1,15 +1,33 @@
|
||||
additionalArguments:
|
||||
- "--serversTransport.insecureSkipVerify=true"
|
||||
- "--log.level=INFO"
|
||||
|
||||
deployment:
|
||||
enabled: true
|
||||
replicas: 1
|
||||
annotations: {}
|
||||
podAnnotations: {}
|
||||
additionalContainers: []
|
||||
initContainers: []
|
||||
|
||||
ports:
|
||||
web:
|
||||
http:
|
||||
redirections:
|
||||
entryPoint:
|
||||
to: websecure
|
||||
scheme: https
|
||||
websecure:
|
||||
http:
|
||||
tls:
|
||||
enabled: true
|
||||
|
||||
logs:
|
||||
general:
|
||||
level: DEBUG
|
||||
|
||||
ingressRoute:
|
||||
dashboard:
|
||||
enabled: true
|
||||
entryPoints: [web, websecure]
|
||||
matchRule: Host(`traefik-dashboard.{{ .Env.EXTERNAL_DOMAIN }}`)
|
||||
|
||||
entryPoints:
|
||||
- websecure
|
||||
|
||||
@@ -19,7 +19,7 @@ helm upgrade --install prometheus prometheus-community/kube-prometheus-stack \
|
||||
|
||||
Accessing UIs via PortForwarding
|
||||
```
|
||||
kubectl port-forward svc/prometheus-grafana 8080:80 -n monitoring
|
||||
kubectl port-forward svc/kube-prometheus-stack-grafana 8080:80 -n monitoring
|
||||
kubectl port-forward svc/prometheus-kube-prometheus-prometheus 9090 -n monitoring
|
||||
kubectl port-forward svc/prometheus-kube-prometheus-alertmanager 9093 -n monitoring
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user