Installation du cluster Kubernetes K3S
Publié : 29 mars 2021, 21:50
Bonjour,
Voici la liste de commande qui m'ont permis de mettre en place mon cluster Kubernetes :
PS : Le mot de passe pour pihole et pihole2 sont à modifier par vos mot de passe personnels et les noms des FS sont a adapter selon vos besoins.
Installation des paquets requis
Installation de HELM
Installation de K3S
Install MetalLB - Kubernetes Load Balancer
Installation nginx-ingress
Installation certmanager
Créer un fichier cert-manager-values.yaml qui contient
Puis taper les commandes suivantes
La base de notre cluster étant maintenant installé nous allons pouvoir installer nos applications.
Installation nextcloud
Créer le fichier nextcloud.persistentvolume.yml
Créer le fichier nextcloud.persistentvolumeclaim.yml
Enfin créer le fichier nextcloud.values.yml
Puis passer les commandes suivantes
Installation Pihole
Installation Bitwarden
Installation Openvpn
Voici la liste de commande qui m'ont permis de mettre en place mon cluster Kubernetes :
PS : Le mot de passe pour pihole et pihole2 sont à modifier par vos mot de passe personnels et les noms des FS sont a adapter selon vos besoins.
Installation des paquets requis
Code : Tout sélectionner
sudo apt install wget curl -y
Code : Tout sélectionner
wget https://get.helm.sh/helm-v3.4.1-linux-amd64.tar.gz
tar -zxvf helm*.tar.gz
sudo mv linux-*/helm /usr/local/bin/helm
## config HELM
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
## Ajout du repo stable pour helm
helm repo add stable https://charts.helm.sh/stable
Code : Tout sélectionner
## Variable denvironnemnts :
export K3S_KUBECONFIG_MODE="644"
export INSTALL_K3S_EXEC=" --no-deploy servicelb --no-deploy traefik"
## installation K3S master
curl -sfL https://get.k3s.io | sh -
sudo chown $USER:$USER /etc/rancher/k3s/k3s.yaml
## affichage des pods
kubectl get pod -A -o wide
Code : Tout sélectionner
helm install metallb stable/metallb --namespace kube-system --set configInline.address-pools[0].name=default --set configInline.address-pools[0].protocol=layer2 --set configInline.address-pools[0].addresses[0]=192.168.0.240-192.168.0.250
## affichage des pods
kubectl get pod -A -o wide
Code : Tout sélectionner
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install nginx-ingress ingress-nginx/ingress-nginx --namespace kube-system --set defaultBackend.enabled=false
## affichage des pods
kubectl get pod -A -o wide
## affichage de svc
kubectl get services -n kube-system -l app=nginx-ingress -o wide
Créer un fichier cert-manager-values.yaml qui contient
Code : Tout sélectionner
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-staging
spec:
acme:
email: votre@mail.fr
server: https://acme-staging-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-staging
solvers:
- http01:
ingress:
class: nginx
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-prod
spec:
acme:
email: votre@mail.fr
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: letsencrypt-prod
solvers:
- http01:
ingress:
class: nginx
Code : Tout sélectionner
kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.4/cert-manager.yaml
##affichage des pods certmanager
kubectl get pods --namespace cert-manager
kubectl apply -f cert-manager-values.yaml
Installation nextcloud
Créer le fichier nextcloud.persistentvolume.yml
Code : Tout sélectionner
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: "nextcloud-nas"
labels:
type: "local"
spec:
storageClassName: "manual"
capacity:
storage: "50Gi"
accessModes:
- ReadWriteOnce
hostPath:
path: "/mnt/nas/nextcloud"
---
Code : Tout sélectionner
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
namespace: "nextcloud"
name: "nextcloud-nas"
spec:
storageClassName: "manual"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "50Gi"
---
Code : Tout sélectionner
## Official nextcloud image version
## ref: https://hub.docker.com/r/library/nextcloud/tags/
##
image:
repository: nextcloud
tag: 20.0.8-apache
pullPolicy: IfNotPresent
# pullSecrets:
# - myRegistrKeySecretName
nameOverride: ""
fullnameOverride: ""
# Number of replicas to be deployed
replicaCount: 1
## Allowing use of ingress controllers
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
enabled: false
annotations: {}
# nginx.ingress.kubernetes.io/proxy-body-size: 4G
# kubernetes.io/tls-acme: "true"
# certmanager.k8s.io/cluster-issuer: letsencrypt-prod
# nginx.ingress.kubernetes.io/server-snippet: |-
# server_tokens off;
# proxy_hide_header X-Powered-By;
# rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
# rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
# rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
# location = /.well-known/carddav {
# return 301 $scheme://$host/remote.php/dav;
# }
# location = /.well-known/caldav {
# return 301 $scheme://$host/remote.php/dav;
# }
# location = /robots.txt {
# allow all;
# log_not_found off;
# access_log off;
# }
# location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
# deny all;
# }
# location ~ ^/(?:autotest|occ|issue|indie|db_|console) {
# deny all;
# }
# tls:
# - secretName: nextcloud-tls
# hosts:
# - nextcloud.kube.home
labels: {}
# Allow configuration of lifecycle hooks
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
lifecycle: {}
# postStartCommand: []
# preStopCommand: []
nextcloud:
host: nextcloud.domain.com
username: admin
password: votremotdepasse
update: 0
datadir: /var/www/html/data
tableprefix:
persistence:
subPath:
mail:
enabled: true
fromAddress: "mail@gmail.com"
domain: gmail.com
smtp:
host: smtp.gmail.com
secure: ssl
port: 465
authtype: LOGIN
name: "votrecompte"
password: "votremotdepasse"
# PHP Configuration files
# Will be injected in /usr/local/etc/php/conf.d
phpConfigs: {}
# Default config files
# IMPORTANT: Will be used only if you put extra configs, otherwise default will come from nextcloud itself
# Default confgurations can be found here: https://github.com/nextcloud/docker/tree/master/16.0/apache/config
defaultConfigs:
# To protect /var/www/html/config
.htaccess: true
# Redis default configuration
redis.config.php: true
# Apache configuration for rewrite urls
apache-pretty-urls.config.php: true
# Define APCu as local cache
apcu.config.php: true
# Apps directory configs
apps.config.php: true
# Used for auto configure database
autoconfig.php: true
# SMTP default configuration
smtp.config.php: true
# Extra config files created in /var/www/html/config/
# ref: https://docs.nextcloud.com/server/15/admin_manual/configuration_server/config_sample_php_parameters.html#multiple-config-php-file
configs: {}
# For example, to use S3 as primary storage
# ref: https://docs.nextcloud.com/server/13/admin_manual/configuration_files/primary_storage.html#simple-storage-service-s3
#
# configs:
# s3.config.php: |-
# <?php
# $CONFIG = array (
# 'objectstore' => array(
# 'class' => '\\OC\\Files\\ObjectStore\\S3',
# 'arguments' => array(
# 'bucket' => 'my-bucket',
# 'autocreate' => true,
# 'key' => 'xxx',
# 'secret' => 'xxx',
# 'region' => 'us-east-1',
# 'use_ssl' => true
# )
# )
# );
## Strategy used to replace old pods
## IMPORTANT: use with care, it is suggested to leave as that for upgrade purposes
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
strategy:
type: Recreate
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 1
# maxUnavailable: 0
##
## Extra environment variables
extraEnv:
# - name: SOME_SECRET_ENV
# valueFrom:
# secretKeyRef:
# name: nextcloud
# key: secret_key
# Extra mounts for the pods. Example shown is for connecting a legacy NFS volume
# to NextCloud pods in Kubernetes. This can then be configured in External Storage
extraVolumes:
# - name: nfs
# nfs:
# server: "10.0.0.1"
# path: "/nextcloud_data"
# readOnly: false
extraVolumeMounts:
# - name: nfs
# mountPath: "/legacy_data"
nginx:
## You need to set an fpm version of the image for nextcloud if you want to use nginx!
enabled: false
image:
repository: nginx
tag: alpine
pullPolicy: IfNotPresent
config:
# This generates the default nginx config as per the nextcloud documentation
default: true
# custom: |-
# worker_processes 1;..
resources: {}
internalDatabase:
enabled: true
name: nextcloud
##
## External database configuration
##
externalDatabase:
enabled: false
## Supported database engines: mysql or postgresql
type: mysql
## Database host
host:
## Database user
user: nextcloud
## Database password
password:
## Database name
database: nextcloud
## Use a existing secret
existingSecret:
enabled: false
# secretName: nameofsecret
# usernameKey: username
# passwordKey: password
##
## MariaDB chart configuration
##
mariadb:
## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters
enabled: false
db:
name: nextcloud
user: nextcloud
password: changeme
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
enabled: false
accessMode: ReadWriteOnce
size: 8Gi
redis:
enabled: false
usePassword: false
## Cronjob to execute Nextcloud background tasks
## ref: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/background_jobs_configuration.html#cron-jobs
##
cronjob:
enabled: false
# Nexcloud image is used as default but only curl is needed
image: {}
# repository: nextcloud
# tag: 16.0.3-apache
# pullPolicy: IfNotPresent
# pullSecrets:
# - myRegistrKeySecretName
# Every 15 minutes
# Note: Setting this to any any other value than 15 minutes might
# cause issues with how nextcloud background jobs are executed
schedule: "*/15 * * * *"
annotations: {}
# Set curl's insecure option if you use e.g. self-signed certificates
curlInsecure: false
failedJobsHistoryLimit: 5
successfulJobsHistoryLimit: 2
# If not set, nextcloud deployment one will be set
# resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# If not set, nextcloud deployment one will be set
# nodeSelector: {}
# If not set, nextcloud deployment one will be set
# tolerations: []
# If not set, nextcloud deployment one will be set
# affinity: {}
service:
type: ClusterIP
port: 8080
loadBalancerIP: nil
nodePort: nil
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
# Nextcloud Data (/var/www/html)
enabled: true
annotations: {}
## nextcloud data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
existingClaim: nextcloud-nas
accessMode: ReadWriteOnce
size: 50Gi
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
## Liveness and readiness probe values
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes
##
livenessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
readinessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 15
timeoutSeconds: 5
failureThreshold: 3
successThreshold: 1
## Enable pod autoscaling using HorizontalPodAutoscaler
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
##
hpa:
enabled: false
cputhreshold: 60
minPods: 1
maxPods: 10
nodeSelector: {}
# beta.kubernetes.io/arch: arm
tolerations: []
affinity: {}
## Prometheus Exporter / Metrics
##
metrics:
enabled: false
replicaCount: 1
# The metrics exporter needs to know how you serve Nextcloud either http or https
https: false
timeout: 5s
image:
repository: xperimental/nextcloud-exporter
tag: v0.3.0
pullPolicy: IfNotPresent
## Metrics exporter resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
# resources: {}
## Metrics exporter pod Annotation and Labels
# podAnnotations: {}
# podLabels: {}
service:
type: ClusterIP
## Use serviceLoadBalancerIP to request a specific static IP,
## otherwise leave blank
# loadBalancerIP:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9205"
labels: {}
Code : Tout sélectionner
sudo mkdir -p /mnt/nas/nextcloud
kubectl create namespace nextcloud
kubectl apply -f nextcloud.persistentvolume.yml
kubectl get pv
kubectl apply -f nextcloud.persistentvolumeclaim.yml
kubectl get pvc -n nextcloud
helm repo add nextcloud https://nextcloud.github.io/helm/
helm repo update
helm install nextcloud nextcloud/nextcloud --namespace nextcloud --values nextcloud.values.yml
kubectl get pods -n nextcloud
kubectl apply -f nextcloud.ingress.yml
kubectl get services -n nextcloud -o wide
Code : Tout sélectionner
sudo mkdir -p /mnt/nas/pihole
kubectl create namespace pihole
kubectl apply -f pihole.persistentvolume.yml
kubectl get pv
kubectl apply -f pihole.persistentvolumeclaim.yml
kubectl get pvc -n pihole
kubectl create secret generic pihole-secret --from-literal="password=votremotdepasse" --namespace pihole
helm repo add mojo2600 https://mojo2600.github.io/pihole-kubernetes/
helm repo update
helm install pihole mojo2600/pihole --namespace pihole --values pihole.values.yml
kubectl get pods -n pihole -o wide
kubectl get services -n pihole -o wide
Code : Tout sélectionner
sudo mkdir -p /mnt/nas/bitwarden
kubectl create namespace bitwarden
kubectl apply -f bitwarden.persistentvolume.yml
kubectl get pv
kubectl apply -f bitwarden.persistentvolumeclaim.yml
kubectl get pvc -n bitwarden
helm install bitwarden ~/workspace/bitwarden-k8s --namespace bitwarden --values bitwarden.values.yml
Code : Tout sélectionner
helm repo add k8s-ovpn https://raw.githubusercontent.com/suda/k8s-ovpn-chart/master/charts
helm repo update
sudo mkdir -p /mnt/nas/data # Répertoire qui contiens des fichiers dont mes fichiers de conf vpn généré via la procédure https://github.com/suda/k8s-ovpn-chart
cd /mnt/nas/data/k8s-ovpn-chart/
export VPN_HOSTNAME=vpn.votredomaine.com
export NAMESPACE=ovpn
./bin/set-secrets