j0nl1/k3s-config.md

## k3s-config.md

      
    Raw
  

              k3s-config.md
            
          
    K3S CONFIGUARTION

1. Raspberry Configuration

After flashing

cd /Volumes/boot/
touch ssh
nano cmdline.txt
cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory


Change default password

Network Configuration

sudo nano /etc/dhcpcd.conf
interface eth0
static ip_address=YOUR-IP
static routers=192.168.1.1
static domain_name_servers=8.8.8.8 8.8.4.4

SSH Configuration


Disable authentication with password

sudo nano /etc/ssh/sshd_config

Raspbian Configuration


Reduce graphic to 16 and change hostname

sudo raspi-config

2. K3SUP Installation

K3SUP installation

curl -sLS https://get.k3sup.dev | sh
sudo install k3sup /usr/local/bin/
k3sup --help

Configure Master Node

export SERVER_IP=YOUR-IP
export SSH_KEY_PATH=YOUR-SSH-KEY-PATH
k3sup install --ip $SERVER_IP --user pi --ssh-key $SSH_KEY_PATH

Configure Worker Node

export AGENT_IP=YOUR-AGENT-IP
k3sup join --ip $AGENT_IP --server-ip $SERVER_IP --user pi --ssh-key $SSH_KEY_PATH

Labeling Worker Node

kubectl label node $NAME node-role.kubernetes.io/worker=worker

3. Helm Configuration

Helm installation

curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
helm init --tiller-image=jessestuart/tiller:v2.9.1
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

4. Cluster Configuration

NGINX-Ingress

helm install ingress-nginx ingress-nginx/ingress-nginx

CertManager

kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml

Private Registry

kubectl create secret docker-registry gcr-json-key \
--docker-server=eu.gcr.io \
--docker-username=_json_key \
--docker-password="$(cat ./key.json)" \
--docker-email=$EMAIL

5. Optionals

Arkade Installation alternative to helm

sudo curl -sLS https://dl.get-arkade.dev | sudo sh

Docker private registry

export SHA=$(head -c 16 /dev/urandom | shasum | cut -d " " -f 1)
export USER=admin

echo $USER > registry-creds.txt
echo $SHA >> registry-creds.txt

docker run --entrypoint htpasswd registry:2 -Bbn admin $SHA > ./htpasswd

helm install stable/docker-registry \
--name private-registry \
--namespace default \
--set persistence.enabled=true \
--set persistence.existingClaim=docker-volume \
--set secrets.htpasswd=$(cat ./htpasswd)

export DOCKER_PASSWORD=YOUR-PASSWORD
export DOCKER_USERNAME=YOUR-USERNAME
export DOCKER_SERVER=YOUR-SERVER

echo $DOCKER_PASSWORD | docker login $SERVER --username $DOCKER_USERNAME --password-stdin

kubectl create secret docker-registry YOUR-REGISTRY-NAME \
    --docker-username=$DOCKER_USERNAME \
    --docker-password=$DOCKER_PASSWORD \
    --docker-server=$DOCKER_SERVER \
    --namespace $NAMESPACE

(You will need to apply this configuration for every namespace you want to use)
kubectl edit serviceaccount default -n production
imagePullSecrets:
- name: YOUR-REGISTRY-NAME

Configure Inlets Pro Deployment

curl -SLs https://raw.githubusercontent.com/inlets/inlets-pro-pkg/master/artifacts/client.yaml > client.yaml
- "--connect=wss://EXIT_NODE_IP:8123/connect"
- "--tcp-ports=80,443"
- "--token=AUTHTOKENHERE"
- "--license=LICENSE_JWT_HERE"

Configure Inlets Pro Server

curl -SLsf https://github.com/inlets/inlets-pro-pkg/releases/download/0.4.3/inlets-pro-linux > inlets-pro-linux
chmod +x ./inlets-pro-linux

export AUTH_TOKEN=YOUR-TOKEN
sudo ./inlets-pro-linux server \
    --auto-tls \
    --common-name EXIT_NODE_IP \
    --remote-tcp nginx-ingress-controller \
    --token $AUTHTOKEN

6. Tips

Generate random token

export AUTHTOKEN=$(head -c 32 /dev/urandom | shasum -a 512)

Copy secrets between namespace

kubectl get secret $SECRET_NAME --namespace=$ORIGIN_NAMESPACE --export -o yaml |\
kubectl apply --namespace=$TARGET_NAMESPACE -f -