demiters/microk8s.sh

## microk8s.sh
#!/bin/bash

# Installs microk8s and enables addons:
#   dns, ingress, helm3 (essential)
#   dashboard (cluster monitoring)
#   registry (private Docker registry)

# Installs and configures essential helm charts:
#   external-dns (automating setting of dns records)
#   cert-manager (automating issuing of https certificates)

# Assumes previously set shell aliases: https://gist.github.com/demiters/c322d99db658e37ba30c8f13ba8b434b

# Insert DigitalOcean personal access token
DO_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

# Install microk8s snap
sudo snap install microk8s --classic --channel=1.18/stable

# Enable essential addons
microk8s enable dns dashboard helm3 ingress registry

# Install and configure external-dns helm chart
h repo add bitnami https://charts.bitnami.com/bitnami
h repo update
cat <<EOF | h install external-dns bitnami/external-dns -f -
rbac:
  create: true
provider: digitalocean
digitalocean:
  apiToken: ${DO_TOKEN}
interval: "1m"
policy: sync
EOF

# Install cert-manager helm chart
h repo add jetstack https://charts.jetstack.io
h repo update
k create namespace cert-manager
h install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --version v0.15.2 \
  --set installCRDs=true \
  --set ingressShim.defaultIssuerName=letsencrypt-prod \
  --set ingressShim.defaultIssuerKind=ClusterIssuer \
  --set ingressShim.defaultIssuerGroup=cert-manager.io

# Configure Let's Encrypt cert issuer
cat <<EOF | k apply -f -
apiVersion: cert-manager.io/v1alpha2
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: name@example.com
    privateKeySecretRef:
      name: letsencrypt-prod-secret
    solvers:
    - selector: {}
    - http01:
        ingress:
          class: nginx
---
EOF

# TODO: Configure private Docker registry
# TODO: Deploy Ingresses for monitoring services
	#!/bin/bash

	# Installs microk8s and enables addons:
	# dns, ingress, helm3 (essential)
	# dashboard (cluster monitoring)
	# registry (private Docker registry)

	# Installs and configures essential helm charts:
	# external-dns (automating setting of dns records)
	# cert-manager (automating issuing of https certificates)

	# Assumes previously set shell aliases: https://gist.github.com/demiters/c322d99db658e37ba30c8f13ba8b434b

	# Insert DigitalOcean personal access token
	DO_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

	# Install microk8s snap
	sudo snap install microk8s --classic --channel=1.18/stable

	# Enable essential addons
	microk8s enable dns dashboard helm3 ingress registry

	# Install and configure external-dns helm chart
	h repo add bitnami https://charts.bitnami.com/bitnami
	h repo update
	cat <<EOF \| h install external-dns bitnami/external-dns -f -
	rbac:
	create: true
	provider: digitalocean
	digitalocean:
	apiToken: ${DO_TOKEN}
	interval: "1m"
	policy: sync
	EOF

	# Install cert-manager helm chart
	h repo add jetstack https://charts.jetstack.io
	h repo update
	k create namespace cert-manager
	h install cert-manager jetstack/cert-manager \
	--namespace cert-manager \
	--version v0.15.2 \
	--set installCRDs=true \
	--set ingressShim.defaultIssuerName=letsencrypt-prod \
	--set ingressShim.defaultIssuerKind=ClusterIssuer \
	--set ingressShim.defaultIssuerGroup=cert-manager.io

	# Configure Let's Encrypt cert issuer
	cat <<EOF \| k apply -f -
	apiVersion: cert-manager.io/v1alpha2
	kind: ClusterIssuer
	metadata:
	name: letsencrypt-prod
	spec:
	acme:
	server: https://acme-v02.api.letsencrypt.org/directory
	email: name@example.com
	privateKeySecretRef:
	name: letsencrypt-prod-secret
	solvers:
	- selector: {}
	- http01:
	ingress:
	class: nginx
	---
	EOF

	# TODO: Configure private Docker registry
	# TODO: Deploy Ingresses for monitoring services