cd /Volumes/boot/
touch ssh
nano cmdline.txt
cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory
Change default password
sudo nano /etc/dhcpcd.conf
interface eth0
static ip_address=YOUR-IP
static routers=192.168.1.1
static domain_name_servers=8.8.8.8 8.8.4.4
Disable authentication with password
sudo nano /etc/ssh/sshd_config
Reduce graphic to 16 and change hostname
sudo raspi-config
curl -sLS https://get.k3sup.dev | sh
sudo install k3sup /usr/local/bin/
k3sup --help
export SERVER_IP=YOUR-IP
export SSH_KEY_PATH=YOUR-SSH-KEY-PATH
k3sup install --ip $SERVER_IP --user pi --ssh-key $SSH_KEY_PATH
export AGENT_IP=YOUR-AGENT-IP
k3sup join --ip $AGENT_IP --server-ip $SERVER_IP --user pi --ssh-key $SSH_KEY_PATH
kubectl label node $NAME node-role.kubernetes.io/worker=worker
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
helm init --tiller-image=jessestuart/tiller:v2.9.1
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml
kubectl create secret docker-registry gcr-json-key \
--docker-server=eu.gcr.io \
--docker-username=_json_key \
--docker-password="$(cat ./key.json)" \
--docker-email=$EMAIL
sudo curl -sLS https://dl.get-arkade.dev | sudo sh
export SHA=$(head -c 16 /dev/urandom | shasum | cut -d " " -f 1)
export USER=admin
echo $USER > registry-creds.txt
echo $SHA >> registry-creds.txt
docker run --entrypoint htpasswd registry:2 -Bbn admin $SHA > ./htpasswd
helm install stable/docker-registry \
--name private-registry \
--namespace default \
--set persistence.enabled=true \
--set persistence.existingClaim=docker-volume \
--set secrets.htpasswd=$(cat ./htpasswd)
export DOCKER_PASSWORD=YOUR-PASSWORD
export DOCKER_USERNAME=YOUR-USERNAME
export DOCKER_SERVER=YOUR-SERVER
echo $DOCKER_PASSWORD | docker login $SERVER --username $DOCKER_USERNAME --password-stdin
kubectl create secret docker-registry YOUR-REGISTRY-NAME \
--docker-username=$DOCKER_USERNAME \
--docker-password=$DOCKER_PASSWORD \
--docker-server=$DOCKER_SERVER \
--namespace $NAMESPACE
(You will need to apply this configuration for every namespace you want to use)
kubectl edit serviceaccount default -n production
imagePullSecrets:
- name: YOUR-REGISTRY-NAME
curl -SLs https://raw.githubusercontent.com/inlets/inlets-pro-pkg/master/artifacts/client.yaml > client.yaml
- "--connect=wss://EXIT_NODE_IP:8123/connect"
- "--tcp-ports=80,443"
- "--token=AUTHTOKENHERE"
- "--license=LICENSE_JWT_HERE"
curl -SLsf https://github.com/inlets/inlets-pro-pkg/releases/download/0.4.3/inlets-pro-linux > inlets-pro-linux
chmod +x ./inlets-pro-linux
export AUTH_TOKEN=YOUR-TOKEN
sudo ./inlets-pro-linux server \
--auto-tls \
--common-name EXIT_NODE_IP \
--remote-tcp nginx-ingress-controller \
--token $AUTHTOKEN
export AUTHTOKEN=$(head -c 32 /dev/urandom | shasum -a 512)
kubectl get secret $SECRET_NAME --namespace=$ORIGIN_NAMESPACE --export -o yaml |\
kubectl apply --namespace=$TARGET_NAMESPACE -f -