JM Robles jmrobles

## rancher-container.sh
docker run -d --restart=unless-stopped \
  -p 80:80 -p 443:443 \
  -v /root/rancher:/var/lib/rancher \
  --name rancher-server \
  rancher/rancher:latest \
  --acme-domain <YOUR-DOMAIN-FOR-RANCHER-SERVER>

## csi-hetzner-secret.yaml
# secret.yml
apiVersion: v1
kind: Secret
metadata:
  name: hcloud-csi
  namespace: kube-system
stringData:
  token: YOURTOKEN

## installing-docker.sh
apt-get update
apt install -y docker.io
systemctl start docker

## install-metallb.sh
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/namespace.yaml
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/metallb.yaml
# On first install only
kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"

## setup-metallb.sh
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
    name: config
data:
   config: |
     address-pools:
     - name: default
       protocol: layer2

## deployment-service-kuard.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kuard
  namespace: app
spec:
  selector:
    matchLabels:
      app: kuard
  replicas: 1

## sandbox-le-issuer.yaml
apiVersion: cert-manager.io/v1alpha2
   kind: Issuer
   metadata:
     name: letsencrypt-staging
     namespace: app
   spec:
     acme:
       # The ACME server URL
       server: https://acme-staging-v02.api.letsencrypt.org/directory
       # Email address used for ACME registration

## prod-le-issuer.yaml
apiVersion: cert-manager.io/v1alpha2
   kind: Issuer
   metadata:
     name: letsencrypt-prod
     namespace: app
   spec:
     acme:
       # The ACME server URL
       server: https://acme-v02.api.letsencrypt.org/directory
       # Email address used for ACME registration

## deployment-service-kuard.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kuard
  namespace: app
spec:
  selector:
    matchLabels:
      app: kuard
  replicas: 1

## ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: kuard
  annotations:
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/issuer: "letsencrypt-staging"

spec:
  tls:
	docker run -d --restart=unless-stopped \
	-p 80:80 -p 443:443 \
	-v /root/rancher:/var/lib/rancher \
	--name rancher-server \
	rancher/rancher:latest \
	--acme-domain <YOUR-DOMAIN-FOR-RANCHER-SERVER>
	# secret.yml
	apiVersion: v1
	kind: Secret
	metadata:
	name: hcloud-csi
	namespace: kube-system
	stringData:
	token: YOURTOKEN
	apt-get update
	apt install -y docker.io
	systemctl start docker
	kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/namespace.yaml
	kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.9.3/manifests/metallb.yaml
	# On first install only
	kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)"
	cat <<EOF \| kubectl apply -f -
	apiVersion: v1
	kind: ConfigMap
	metadata:
	name: config
	data:
	config: \|
	address-pools:
	- name: default
	protocol: layer2
	apiVersion: apps/v1
	kind: Deployment
	metadata:
	name: kuard
	namespace: app
	spec:
	selector:
	matchLabels:
	app: kuard
	replicas: 1
	apiVersion: cert-manager.io/v1alpha2
	kind: Issuer
	metadata:
	name: letsencrypt-staging
	namespace: app
	spec:
	acme:
	# The ACME server URL
	server: https://acme-staging-v02.api.letsencrypt.org/directory
	# Email address used for ACME registration
	apiVersion: extensions/v1beta1
	kind: Ingress
	metadata:
	name: kuard
	annotations:
	kubernetes.io/ingress.class: "nginx"
	cert-manager.io/issuer: "letsencrypt-staging"

	spec:
	tls: