baschno/kubern-everything
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: baschno:bb5add7a108d2fda189cc472e66e529c01e827a5
Branches Tags
baschno:master baschno:wip/traefik-needs-update baschno:wip/VPA baschno:wip/certmgr baschno:just
...
compare: baschno:wip/traefik-needs-update
Branches Tags
baschno:master baschno:wip/traefik-needs-update baschno:wip/VPA baschno:wip/certmgr baschno:just

4 Commits
bb5add7a10 ... wip/traefi

Author SHA1 Message Date
baschno
a9ea233c15 fixing traefik chart deployment! 2026-04-03 10:45:50 +02:00
baschno
bc69332ca5 working state 2026-04-02 21:14:53 +02:00
baschno
37fc96023a Adding show ports 2026-04-02 21:13:46 +02:00
baschno
24e56c658a advance setup 2026-04-02 21:13:14 +02:00
5 changed files with 98 additions and 40 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1 +1,2 @@
.env.local .env.local
traefik-values.yaml

78
01_Basic_Setup/justfile
View File

@@ -157,39 +157,65 @@ stop:
echo "$(($(date +%s) - START_TIME))s" echo "$(($(date +%s) - START_TIME))s"
} }
nodenames=$(kubectl get nodes -o=jsonpath="{.items[*]['metadata.name']}") nodenames=$(kubectl get nodes -o=jsonpath="{.items[*]['metadata.name']}")
# for node in ${nodenames}; do for node in ${nodenames}; do
# kubectl drain "${node}" --ignore-daemonsets --delete-emptydir-data --force --disable-eviction --grace-period=60 --timeout=180s 2>&1 || true kubectl drain "${node}" --ignore-daemonsets --delete-emptydir-data --force --disable-eviction --grace-period=60 --timeout=180s 2>&1 || true
# kubectl cordon "${node}" kubectl cordon "${node}"
# echo "Node ${node} stopped." echo "Node ${node} stopped."
# done done
# echo "Drain complete. Nodes are cordoned and drained." echo "Drain complete. Nodes are cordoned and drained."
# if helm status longhorn -n ${LONGHORN_NAMESPACE} &>/dev/null; then if helm status longhorn -n ${LONGHORN_NAMESPACE} &>/dev/null; then
# echo "[$(elapsed)] Waiting for Longhorn volumes to be detached..." echo "[$(elapsed)] Waiting for Longhorn volumes to be detached..."
# TIMEOUT=90 TIMEOUT=90
# ELAPSED=0 ELAPSED=0
# while [ $ELAPSED -lt $TIMEOUT ]; do while [ $ELAPSED -lt $TIMEOUT ]; do
# ATTACHED=$(kubectl get volumes.longhorn.io -n ${LONGHORN_NAMESPACE} -o json 2>/dev/null | \ ATTACHED=$(kubectl get volumes.longhorn.io -n ${LONGHORN_NAMESPACE} -o json 2>/dev/null | \
# jq -r '.items[] | select(.status.state == "attached") | .metadata.name' 2>/dev/null || true) jq -r '.items[] | select(.status.state == "attached") | .metadata.name' 2>/dev/null || true)
# if [ -z "$ATTACHED" ]; then if [ -z "$ATTACHED" ]; then
# echo "[$(elapsed)] ✓ All Longhorn volumes detached successfully" echo "[$(elapsed)] ✓ All Longhorn volumes detached successfully"
# break break
# fi fi
# ATTACHED_COUNT=$(echo "$ATTACHED" | grep -c . || echo 0) ATTACHED_COUNT=$(echo "$ATTACHED" | grep -c . || echo 0)
# echo " Still waiting for $ATTACHED_COUNT volume(s) to detach..." echo " Still waiting for $ATTACHED_COUNT volume(s) to detach..."
# sleep 2 sleep 2
# ELAPSED=$((ELAPSED + 2)) ELAPSED=$((ELAPSED + 2))
# done done
# if [ $ELAPSED -ge $TIMEOUT ]; then if [ $ELAPSED -ge $TIMEOUT ]; then
# echo "[$(elapsed)] ⚠ Warning: Timeout waiting for volumes to detach" echo "[$(elapsed)] ⚠ Warning: Timeout waiting for volumes to detach"
# fi fi
# fi fi
for node in ${nodenames}; do for node in ${nodenames}; do
echo "[$(elapsed)] Stopping and disabling k3s service..." echo "[$(elapsed)] Stopping and disabling k3s service..."
ssh "${node}" "sudo systemctl stop k3s 2>/dev/null || true" ssh "${node}" "sudo systemctl stop k3s 2>/dev/null || true"
ssh "${node}" "sudo systemctl disable k3s 2>/dev/null || true" ssh "${node}" "sudo systemctl disable k3s 2>/dev/null || true"
done done
start:
#!/bin/bash
set -euo pipefail
is_schedulable() {
node_name="$1"
! kubectl get node "$node_name" -o jsonpath='{.spec.unschedulable}' 2>/dev/null | grep -q "true"
}
nodenames=$(kubectl get nodes -o=jsonpath="{.items[*]['metadata.name']}")
for node in ${nodenames}; do
echo "Starting k3s service on ${node}..."
if is_schedulable "$node"; then
echo "✓ Node $node is already schedulable"
exit 0
fi
echo "Uncordoning node $node..."
kubectl uncordon "$node" 2>&1 || true
echo "Wait for every node to become Ready..."
done

16
07_KubePrometheusStack/justfile
View File

@@ -24,15 +24,19 @@ install:
--wait \ --wait \
-f kube-stack-config-values.yaml -f kube-stack-config-values.yaml
echo "kubectl port-forward svc/kube-prometheus-stack-grafana 8080:80 -n ${PROMETHEUS_NAMESPACE}" just KubePrometheusStack::show-ports
echo "kubectl port-forward svc/kube-prometheus-stack-prometheus 9090 -n ${PROMETHEUS_NAMESPACE}"
echo "kubectl port-forward svc/kube-prometheus-stack-alertmanager 9093 -n ${PROMETHEUS_NAMESPACE}"
echo "Get Grafana Password:"
echo "kubectl get secret --namespace monitoring -l app.kubernetes.io/component=admin-secret -o jsonpath=\"{.items[0].data.admin-password}\" | base64 --decode ; echo"
gomplate -f ./grafana-certificate.gomplate.yaml | kubectl apply -f - gomplate -f ./grafana-certificate.gomplate.yaml | kubectl apply -f -
uninstall: uninstall:
helm uninstall kube-prometheus-stack -n ${PROMETHEUS_NAMESPACE} helm uninstall kube-prometheus-stack -n ${PROMETHEUS_NAMESPACE}
show-ports:
@echo "kubectl port-forward svc/kube-prometheus-stack-grafana 8080:80 -n ${PROMETHEUS_NAMESPACE}"
@echo "kubectl port-forward svc/kube-prometheus-stack-prometheus 9090 -n ${PROMETHEUS_NAMESPACE}"
@echo "kubectl port-forward svc/kube-prometheus-stack-alertmanager 9093 -n ${PROMETHEUS_NAMESPACE}"
@echo "Get Grafana Password:"
@echo "kubectl get secret --namespace monitoring -l app.kubernetes.io/component=admin-secret -o jsonpath=\"{.items[0].data.admin-user}\" | base64 --decode ; echo"
@echo "kubectl get secret --namespace monitoring -l app.kubernetes.io/component=admin-secret -o jsonpath=\"{.items[0].data.admin-password}\" | base64 --decode ; echo"

9
Traefik/justfile
View File

@@ -2,6 +2,7 @@ set fallback:=true
export CERT_MANAGER_NAMESPACE := env("CERT_MANAGER_NAMESPACE", "cert-manager") export CERT_MANAGER_NAMESPACE := env("CERT_MANAGER_NAMESPACE", "cert-manager")
export TRAEFIK_NAMESPACE := env("TRAEFIK_NAMESPACE", "traefik") export TRAEFIK_NAMESPACE := env("TRAEFIK_NAMESPACE", "traefik")
export TRAEFIK_CHART_VERSION := env("TRAEFIK_CHART_VERSION", "v39.0.7")
add-helm-repos: add-helm-repos:
helm repo add traefik https://helm.traefik.io/traefik --force-update helm repo add traefik https://helm.traefik.io/traefik --force-update
@@ -15,11 +16,14 @@ install:
just add-helm-repos just add-helm-repos
gomplate -f traefik-values-gomplate.yaml -o traefik-values.yaml
helm upgrade traefik traefik/traefik \ helm upgrade traefik traefik/traefik \
--install \ --install \
--cleanup-on-fail \ --cleanup-on-fail \
--namespace ${TRAEFIK_NAMESPACE} \ --namespace ${TRAEFIK_NAMESPACE} \
--create-namespace \ --create-namespace \
--version ${TRAEFIK_CHART_VERSION} \
--values traefik-values.yaml --values traefik-values.yaml
helm upgrade cert-manager jetstack/cert-manager \ helm upgrade cert-manager jetstack/cert-manager \
@@ -60,3 +64,8 @@ status:
echo "" echo ""
echo "CRDs:" echo "CRDs:"
kubectl get crd | grep cert-manager.io kubectl get crd | grep cert-manager.io
ingressroute:
#!/bin/bash
set -euo pipefail
gomplate -f traefik-ingressroute-gomplate.yaml | kubectl apply -f -

24
Traefik/traefik-values-gomplate.yaml
View File

@@ -1,15 +1,33 @@
additionalArguments:
- "--serversTransport.insecureSkipVerify=true"
- "--log.level=INFO"
deployment:
enabled: true
replicas: 1
annotations: {}
podAnnotations: {}
additionalContainers: []
initContainers: []
ports: ports:
web: web:
http:
redirections: redirections:
entryPoint: entryPoint:
to: websecure to: websecure
scheme: https websecure:
http:
tls:
enabled: true
logs: logs:
general: general:
level: DEBUG level: DEBUG
ingressRoute: ingressRoute:
dashboard: dashboard:
enabled: true enabled: true
entryPoints: [web, websecure]
matchRule: Host(`traefik-dashboard.{{ .Env.EXTERNAL_DOMAIN }}`) matchRule: Host(`traefik-dashboard.{{ .Env.EXTERNAL_DOMAIN }}`)
entryPoints:
- websecure