commit 963a8b0464a591834b6633954ba27f9e903217aa
Author: julien <jme69@delmar.bzh>
Date:   Wed Feb 18 17:51:44 2026 +0100

    first commit

diff --git a/PVC-traefik-certs.yml b/PVC-traefik-certs.yml
new file mode 100644
index 0000000..23beca1
--- /dev/null
+++ b/PVC-traefik-certs.yml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: traefik-certs
+  namespace: kube-system
+  labels:
+    app: traefik-ingress
+spec:
+  accessModes:
+  - ReadWriteMany
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 32Mi
diff --git a/auth b/auth
new file mode 100644
index 0000000..6be785b
--- /dev/null
+++ b/auth
@@ -0,0 +1 @@
+admin:$apr1$y4FBYiun$qJureyQW8OywhlnjmELro1
diff --git a/check-longhorn.sh b/check-longhorn.sh
new file mode 100644
index 0000000..b146011
--- /dev/null
+++ b/check-longhorn.sh
@@ -0,0 +1,302 @@
+#!/bin/bash
+
+export RED='\x1b[0;31m'
+export GREEN='\x1b[38;5;22m'
+export CYAN='\x1b[36m'
+export YELLOW='\x1b[33m'
+export NO_COLOR='\x1b[0m'
+
+if [ -z "${LOG_TITLE}" ]; then
+  LOG_TITLE=''
+fi
+if [ -z "${LOG_LEVEL}" ]; then
+  LOG_LEVEL="INFO"
+fi
+
+debug() {
+  if [[ "${LOG_LEVEL}" == "DEBUG" ]]; then
+    local log_title
+    if [ -n "${LOG_TITLE}" ]; then
+     log_title="(${LOG_TITLE})"
+    else
+     log_title=''
+    fi
+    echo -e "${GREEN}[DEBUG]${log_title} ${NO_COLOR}$1"
+  fi
+}
+
+info() {
+  if [[ "${LOG_LEVEL}" == "DEBUG" ]] ||\
+     [[ "${LOG_LEVEL}" == "INFO" ]]; then
+    local log_title
+    if [ -n "${LOG_TITLE}" ]; then
+     log_title="(${LOG_TITLE})"
+    else
+     log_title=''
+    fi
+    echo -e "${CYAN}[INFO] ${log_title} ${NO_COLOR}$1"
+  fi
+}
+
+warn() {
+  if [[ "${LOG_LEVEL}" == "DEBUG" ]] ||\
+     [[ "${LOG_LEVEL}" == "INFO" ]] ||\
+     [[ "${LOG_LEVEL}" == "WARN" ]]; then
+    local log_title
+    if [ -n "${LOG_TITLE}" ]; then
+     log_title="(${LOG_TITLE})"
+    else
+     log_title=''
+    fi
+    echo -e "${YELLOW}[WARN] ${log_title} ${NO_COLOR}$1"
+  fi
+}
+
+error() {
+  if [[ "${LOG_LEVEL}" == "DEBUG" ]] ||\
+     [[ "${LOG_LEVEL}" == "INFO" ]] ||\
+     [[ "${LOG_LEVEL}" == "WARN" ]] ||\
+     [[ "${LOG_LEVEL}" == "ERROR" ]]; then
+    local log_title
+    if [ -n "${LOG_TITLE}" ]; then
+     log_title="(${LOG_TITLE})"
+    else
+     log_title=''
+    fi
+    echo -e "${RED}[ERROR]${log_title} ${NO_COLOR}$1"
+  fi
+}
+
+detect_node_os()
+{
+  local pod="$1"
+
+  OS=`kubectl exec -i $pod -- nsenter --mount=/proc/1/ns/mnt -- bash -c 'grep -E "^ID_LIKE=" /etc/os-release | cut -d= -f2'`
+  if [[ -z "${OS}" ]]; then
+    OS=`kubectl exec -i $pod -- nsenter --mount=/proc/1/ns/mnt -- bash -c 'grep -E "^ID=" /etc/os-release | cut -d= -f2'`
+  fi
+  echo "$OS"
+}
+
+set_packages_and_check_cmd()
+{
+  case $OS in
+  *"debian"* | *"ubuntu"* )
+    CHECK_CMD='dpkg -l | grep -w'
+    PACKAGES=(nfs-common open-iscsi)
+    ;;
+  *"centos"* | *"fedora"* | *"rocky"* | *"ol"* )
+    CHECK_CMD='rpm -q'
+    PACKAGES=(nfs-utils iscsi-initiator-utils)
+    ;;
+  *"suse"* )
+    CHECK_CMD='rpm -q'
+    PACKAGES=(nfs-client open-iscsi)
+    ;;
+  *"arch"* )
+    CHECK_CMD='pacman -Q'
+    PACKAGES=(nfs-utils open-iscsi)
+    ;;
+  *"gentoo"* )
+    CHECK_CMD='qlist -I'
+    PACKAGES=(net-fs/nfs-utils sys-block/open-iscsi)
+    ;;
+  *)
+    CHECK_CMD=''
+    PACKAGES=()
+    warn "Stop the environment check because '$OS' is not supported in the environment check script."
+    exit 1
+    ;;
+   esac
+}
+
+check_dependencies() {
+  local targets=($@)
+
+  local allFound=true
+  for ((i=0; i<${#targets[@]}; i++)); do
+    local target=${targets[$i]}
+    if [ "$(which $target)" == "" ]; then
+      allFound=false
+      error "Not found: $target"
+    fi
+  done
+  if [ "$allFound" == "false" ]; then
+    error "Please install missing dependencies."
+    exit 2
+  else
+    info "Required dependencies are installed."
+  fi
+}
+
+create_ds() {
+cat <<EOF > $TEMP_DIR/environment_check.yaml
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    app: longhorn-environment-check
+  name: longhorn-environment-check
+spec:
+  selector:
+    matchLabels:
+      app: longhorn-environment-check
+  template:
+    metadata:
+      labels:
+        app: longhorn-environment-check
+    spec:
+      hostPID: true
+      containers:
+      - name: longhorn-environment-check
+        image: alpine:3.12
+        args: ["/bin/sh", "-c", "sleep 1000000000"]
+        volumeMounts:
+        - name: mountpoint
+          mountPath: /tmp/longhorn-environment-check
+          mountPropagation: Bidirectional
+        securityContext:
+          privileged: true
+      volumes:
+      - name: mountpoint
+        hostPath:
+            path: /tmp/longhorn-environment-check
+EOF
+  kubectl create -f $TEMP_DIR/environment_check.yaml > /dev/null
+}
+
+cleanup() {
+  info "Cleaning up longhorn-environment-check pods..."
+  kubectl delete -f $TEMP_DIR/environment_check.yaml > /dev/null
+  rm -rf $TEMP_DIR
+  info "Cleanup completed."
+}
+
+wait_ds_ready() {
+  while true; do
+    local ds=$(kubectl get ds/longhorn-environment-check -o json)
+    local numberReady=$(echo $ds | jq .status.numberReady)
+    local desiredNumberScheduled=$(echo $ds | jq .status.desiredNumberScheduled)
+
+    if [ "$desiredNumberScheduled" == "$numberReady" ] && [ "$desiredNumberScheduled" != "0" ]; then
+      info "All longhorn-environment-check pods are ready ($numberReady/$desiredNumberScheduled)."
+      return
+    fi
+
+    info "Waiting for longhorn-environment-check pods to become ready ($numberReady/$desiredNumberScheduled)..."
+    sleep 3
+  done
+}
+
+check_mount_propagation() {
+  local allSupported=true
+  local pods=$(kubectl -l app=longhorn-environment-check get po -o json)
+
+  local ds=$(kubectl get ds/longhorn-environment-check -o json)
+  local desiredNumberScheduled=$(echo $ds | jq .status.desiredNumberScheduled)
+
+  for ((i=0; i<desiredNumberScheduled; i++)); do
+    local pod=$(echo $pods | jq .items[$i])
+    local nodeName=$(echo $pod | jq -r .spec.nodeName)
+    local mountPropagation=$(echo $pod | jq -r '.spec.containers[0].volumeMounts[] | select(.name=="mountpoint") | .mountPropagation')
+
+    if [ "$mountPropagation" != "Bidirectional" ]; then
+      allSupported=false
+      error "node $nodeName: MountPropagation is disabled"
+    fi
+  done
+
+  if [ "$allSupported" != "true" ]; then
+    error "MountPropagation is disabled on at least one node. As a result, CSI driver and Base image cannot be supported."
+    exit 1
+  else
+    info "MountPropagation is enabled."
+  fi
+}
+
+check_package_installed() {
+  local pods=$(kubectl get pods -o name | grep longhorn-environment-check)
+
+  local allFound=true
+
+  for pod in ${pods}; do
+    OS=`detect_node_os $pod`
+    if [ x"$OS" == x"" ]; then
+      error "Unable to detect OS on node $node."
+      exit 2
+    fi
+
+    set_packages_and_check_cmd "$OS"
+
+    for ((i=0; i<${#PACKAGES[@]}; i++)); do
+      local package=${PACKAGES[$i]}
+
+      kubectl exec -i $pod -- nsenter --mount=/proc/1/ns/mnt -- timeout 30 bash -c "$CHECK_CMD $package" > /dev/null 2>&1
+      if [ $? != 0 ]; then
+        allFound=false
+        node=`kubectl get ${pod} --no-headers -o=custom-columns=:.spec.nodeName`
+        error "$package is not found in $node."
+      fi
+    done
+  done
+
+  if [ "$allFound" == "false" ]; then
+    error "Please install missing packages."
+    exit 2
+  else
+    info "Required packages are installed."
+  fi
+}
+
+check_multipathd() {
+  local pods=$(kubectl get pods -o name | grep longhorn-environment-check)
+  local allNotFound=true
+
+  for pod in ${pods}; do
+    kubectl exec -t $pod -- nsenter --mount=/proc/1/ns/mnt -- bash -c "systemctl status --no-pager multipathd.service" > /dev/null 2>&1
+    if [ $? = 0 ]; then
+      allNotFound=false
+      node=`kubectl get ${pod} --no-headers -o=custom-columns=:.spec.nodeName`
+      warn "multipathd is running on $node."
+    fi
+  done
+
+  if [ "$allNotFound" == "false" ]; then
+    warn "multipathd would probably result in the Longhorn volume mount failure. Please refer to https://longhorn.io/kb/troubleshooting-volume-with-multipath for more information."
+  fi
+}
+
+check_iscsid() {
+  local pods=$(kubectl get pods -o name | grep longhorn-environment-check)
+  local allFound=true
+
+  for pod in ${pods}; do
+    kubectl exec -t $pod -- nsenter --mount=/proc/1/ns/mnt -- bash -c "systemctl status --no-pager iscsid.service" > /dev/null 2>&1
+
+    if [ $? != 0 ]; then
+      allFound=false
+      node=`kubectl get ${pod} --no-headers -o=custom-columns=:.spec.nodeName`
+      error "iscsid is not running on $node."
+    fi
+  done
+
+  if [ "$allFound" == "false" ]; then
+    exit 2
+  fi
+}
+
+DEPENDENCIES=(kubectl jq mktemp)
+check_dependencies ${DEPENDENCIES[@]}
+
+TEMP_DIR=$(mktemp -d)
+
+trap cleanup EXIT
+create_ds
+wait_ds_ready
+check_package_installed
+check_iscsid
+check_multipathd
+check_mount_propagation
+
+exit 0
+
diff --git a/get_helm.sh b/get_helm.sh
new file mode 100755
index 0000000..5f265a5
--- /dev/null
+++ b/get_helm.sh
@@ -0,0 +1,347 @@
+#!/usr/bin/env bash
+
+# Copyright The Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# The install script is based off of the MIT-licensed script from glide,
+# the package manager for Go: https://github.com/Masterminds/glide.sh/blob/master/get
+
+: ${BINARY_NAME:="helm"}
+: ${USE_SUDO:="true"}
+: ${DEBUG:="false"}
+: ${VERIFY_CHECKSUM:="true"}
+: ${VERIFY_SIGNATURES:="false"}
+: ${HELM_INSTALL_DIR:="/usr/local/bin"}
+: ${GPG_PUBRING:="pubring.kbx"}
+
+HAS_CURL="$(type "curl" &> /dev/null && echo true || echo false)"
+HAS_WGET="$(type "wget" &> /dev/null && echo true || echo false)"
+HAS_OPENSSL="$(type "openssl" &> /dev/null && echo true || echo false)"
+HAS_GPG="$(type "gpg" &> /dev/null && echo true || echo false)"
+HAS_GIT="$(type "git" &> /dev/null && echo true || echo false)"
+HAS_TAR="$(type "tar" &> /dev/null && echo true || echo false)"
+
+# initArch discovers the architecture for this system.
+initArch() {
+  ARCH=$(uname -m)
+  case $ARCH in
+    armv5*) ARCH="armv5";;
+    armv6*) ARCH="armv6";;
+    armv7*) ARCH="arm";;
+    aarch64) ARCH="arm64";;
+    x86) ARCH="386";;
+    x86_64) ARCH="amd64";;
+    i686) ARCH="386";;
+    i386) ARCH="386";;
+  esac
+}
+
+# initOS discovers the operating system for this system.
+initOS() {
+  OS=$(echo `uname`|tr '[:upper:]' '[:lower:]')
+
+  case "$OS" in
+    # Minimalist GNU for Windows
+    mingw*|cygwin*) OS='windows';;
+  esac
+}
+
+# runs the given command as root (detects if we are root already)
+runAsRoot() {
+  if [ $EUID -ne 0 -a "$USE_SUDO" = "true" ]; then
+    sudo "${@}"
+  else
+    "${@}"
+  fi
+}
+
+# verifySupported checks that the os/arch combination is supported for
+# binary builds, as well whether or not necessary tools are present.
+verifySupported() {
+  local supported="darwin-amd64\ndarwin-arm64\nlinux-386\nlinux-amd64\nlinux-arm\nlinux-arm64\nlinux-loong64\nlinux-ppc64le\nlinux-s390x\nlinux-riscv64\nwindows-amd64\nwindows-arm64"
+  if ! echo "${supported}" | grep -q "${OS}-${ARCH}"; then
+    echo "No prebuilt binary for ${OS}-${ARCH}."
+    echo "To build from source, go to https://github.com/helm/helm"
+    exit 1
+  fi
+
+  if [ "${HAS_CURL}" != "true" ] && [ "${HAS_WGET}" != "true" ]; then
+    echo "Either curl or wget is required"
+    exit 1
+  fi
+
+  if [ "${VERIFY_CHECKSUM}" == "true" ] && [ "${HAS_OPENSSL}" != "true" ]; then
+    echo "In order to verify checksum, openssl must first be installed."
+    echo "Please install openssl or set VERIFY_CHECKSUM=false in your environment."
+    exit 1
+  fi
+
+  if [ "${VERIFY_SIGNATURES}" == "true" ]; then
+    if [ "${HAS_GPG}" != "true" ]; then
+      echo "In order to verify signatures, gpg must first be installed."
+      echo "Please install gpg or set VERIFY_SIGNATURES=false in your environment."
+      exit 1
+    fi
+    if [ "${OS}" != "linux" ]; then
+      echo "Signature verification is currently only supported on Linux."
+      echo "Please set VERIFY_SIGNATURES=false or verify the signatures manually."
+      exit 1
+    fi
+  fi
+
+  if [ "${HAS_GIT}" != "true" ]; then
+    echo "[WARNING] Could not find git. It is required for plugin installation."
+  fi
+
+  if [ "${HAS_TAR}" != "true" ]; then
+    echo "[ERROR] Could not find tar. It is required to extract the helm binary archive."
+    exit 1
+  fi
+}
+
+# checkDesiredVersion checks if the desired version is available.
+checkDesiredVersion() {
+  if [ "x$DESIRED_VERSION" == "x" ]; then
+    # Get tag from release URL
+    local latest_release_url="https://get.helm.sh/helm3-latest-version"
+    local latest_release_response=""
+    if [ "${HAS_CURL}" == "true" ]; then
+      latest_release_response=$( curl -L --silent --show-error --fail "$latest_release_url" 2>&1 || true )
+    elif [ "${HAS_WGET}" == "true" ]; then
+      latest_release_response=$( wget "$latest_release_url" -q -O - 2>&1 || true )
+    fi
+    TAG=$( echo "$latest_release_response" | grep '^v[0-9]' )
+    if [ "x$TAG" == "x" ]; then
+      printf "Could not retrieve the latest release tag information from %s: %s\n" "${latest_release_url}" "${latest_release_response}"
+      exit 1
+    fi
+  else
+    TAG=$DESIRED_VERSION
+  fi
+}
+
+# checkHelmInstalledVersion checks which version of helm is installed and
+# if it needs to be changed.
+checkHelmInstalledVersion() {
+  if [[ -f "${HELM_INSTALL_DIR}/${BINARY_NAME}" ]]; then
+    local version=$("${HELM_INSTALL_DIR}/${BINARY_NAME}" version --template="{{ .Version }}")
+    if [[ "$version" == "$TAG" ]]; then
+      echo "Helm ${version} is already ${DESIRED_VERSION:-latest}"
+      return 0
+    else
+      echo "Helm ${TAG} is available. Changing from version ${version}."
+      return 1
+    fi
+  else
+    return 1
+  fi
+}
+
+# downloadFile downloads the latest binary package and also the checksum
+# for that binary.
+downloadFile() {
+  HELM_DIST="helm-$TAG-$OS-$ARCH.tar.gz"
+  DOWNLOAD_URL="https://get.helm.sh/$HELM_DIST"
+  CHECKSUM_URL="$DOWNLOAD_URL.sha256"
+  HELM_TMP_ROOT="$(mktemp -dt helm-installer-XXXXXX)"
+  HELM_TMP_FILE="$HELM_TMP_ROOT/$HELM_DIST"
+  HELM_SUM_FILE="$HELM_TMP_ROOT/$HELM_DIST.sha256"
+  echo "Downloading $DOWNLOAD_URL"
+  if [ "${HAS_CURL}" == "true" ]; then
+    curl -SsL "$CHECKSUM_URL" -o "$HELM_SUM_FILE"
+    curl -SsL "$DOWNLOAD_URL" -o "$HELM_TMP_FILE"
+  elif [ "${HAS_WGET}" == "true" ]; then
+    wget -q -O "$HELM_SUM_FILE" "$CHECKSUM_URL"
+    wget -q -O "$HELM_TMP_FILE" "$DOWNLOAD_URL"
+  fi
+}
+
+# verifyFile verifies the SHA256 checksum of the binary package
+# and the GPG signatures for both the package and checksum file
+# (depending on settings in environment).
+verifyFile() {
+  if [ "${VERIFY_CHECKSUM}" == "true" ]; then
+    verifyChecksum
+  fi
+  if [ "${VERIFY_SIGNATURES}" == "true" ]; then
+    verifySignatures
+  fi
+}
+
+# installFile installs the Helm binary.
+installFile() {
+  HELM_TMP="$HELM_TMP_ROOT/$BINARY_NAME"
+  mkdir -p "$HELM_TMP"
+  tar xf "$HELM_TMP_FILE" -C "$HELM_TMP"
+  HELM_TMP_BIN="$HELM_TMP/$OS-$ARCH/helm"
+  echo "Preparing to install $BINARY_NAME into ${HELM_INSTALL_DIR}"
+  runAsRoot cp "$HELM_TMP_BIN" "$HELM_INSTALL_DIR/$BINARY_NAME"
+  echo "$BINARY_NAME installed into $HELM_INSTALL_DIR/$BINARY_NAME"
+}
+
+# verifyChecksum verifies the SHA256 checksum of the binary package.
+verifyChecksum() {
+  printf "Verifying checksum... "
+  local sum=$(openssl sha1 -sha256 ${HELM_TMP_FILE} | awk '{print $2}')
+  local expected_sum=$(cat ${HELM_SUM_FILE})
+  if [ "$sum" != "$expected_sum" ]; then
+    echo "SHA sum of ${HELM_TMP_FILE} does not match. Aborting."
+    exit 1
+  fi
+  echo "Done."
+}
+
+# verifySignatures obtains the latest KEYS file from GitHub main branch
+# as well as the signature .asc files from the specific GitHub release,
+# then verifies that the release artifacts were signed by a maintainer's key.
+verifySignatures() {
+  printf "Verifying signatures... "
+  local keys_filename="KEYS"
+  local github_keys_url="https://raw.githubusercontent.com/helm/helm/main/${keys_filename}"
+  if [ "${HAS_CURL}" == "true" ]; then
+    curl -SsL "${github_keys_url}" -o "${HELM_TMP_ROOT}/${keys_filename}"
+  elif [ "${HAS_WGET}" == "true" ]; then
+    wget -q -O "${HELM_TMP_ROOT}/${keys_filename}" "${github_keys_url}"
+  fi
+  local gpg_keyring="${HELM_TMP_ROOT}/keyring.gpg"
+  local gpg_homedir="${HELM_TMP_ROOT}/gnupg"
+  mkdir -p -m 0700 "${gpg_homedir}"
+  local gpg_stderr_device="/dev/null"
+  if [ "${DEBUG}" == "true" ]; then
+    gpg_stderr_device="/dev/stderr"
+  fi
+  gpg --batch --quiet --homedir="${gpg_homedir}" --import "${HELM_TMP_ROOT}/${keys_filename}" 2> "${gpg_stderr_device}"
+  gpg --batch --no-default-keyring --keyring "${gpg_homedir}/${GPG_PUBRING}" --export > "${gpg_keyring}"
+  local github_release_url="https://github.com/helm/helm/releases/download/${TAG}"
+  if [ "${HAS_CURL}" == "true" ]; then
+    curl -SsL "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" -o "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc"
+    curl -SsL "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" -o "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc"
+  elif [ "${HAS_WGET}" == "true" ]; then
+    wget -q -O "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc"
+    wget -q -O "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc"
+  fi
+  local error_text="If you think this might be a potential security issue,"
+  error_text="${error_text}\nplease see here: https://github.com/helm/community/blob/master/SECURITY.md"
+  local num_goodlines_sha=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)')
+  if [[ ${num_goodlines_sha} -lt 2 ]]; then
+    echo "Unable to verify the signature of helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256!"
+    echo -e "${error_text}"
+    exit 1
+  fi
+  local num_goodlines_tar=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)')
+  if [[ ${num_goodlines_tar} -lt 2 ]]; then
+    echo "Unable to verify the signature of helm-${TAG}-${OS}-${ARCH}.tar.gz!"
+    echo -e "${error_text}"
+    exit 1
+  fi
+  echo "Done."
+}
+
+# fail_trap is executed if an error occurs.
+fail_trap() {
+  result=$?
+  if [ "$result" != "0" ]; then
+    if [[ -n "$INPUT_ARGUMENTS" ]]; then
+      echo "Failed to install $BINARY_NAME with the arguments provided: $INPUT_ARGUMENTS"
+      help
+    else
+      echo "Failed to install $BINARY_NAME"
+    fi
+    echo -e "\tFor support, go to https://github.com/helm/helm."
+  fi
+  cleanup
+  exit $result
+}
+
+# testVersion tests the installed client to make sure it is working.
+testVersion() {
+  set +e
+  HELM="$(command -v $BINARY_NAME)"
+  if [ "$?" = "1" ]; then
+    echo "$BINARY_NAME not found. Is $HELM_INSTALL_DIR on your "'$PATH?'
+    exit 1
+  fi
+  set -e
+}
+
+# help provides possible cli installation arguments
+help () {
+  echo "Accepted cli arguments are:"
+  echo -e "\t[--help|-h ] ->> prints this help"
+  echo -e "\t[--version|-v <desired_version>] . When not defined it fetches the latest release tag from the Helm CDN"
+  echo -e "\te.g. --version v3.0.0 or -v canary"
+  echo -e "\t[--no-sudo]  ->> install without sudo"
+}
+
+# cleanup temporary files to avoid https://github.com/helm/helm/issues/2977
+cleanup() {
+  if [[ -d "${HELM_TMP_ROOT:-}" ]]; then
+    rm -rf "$HELM_TMP_ROOT"
+  fi
+}
+
+# Execution
+
+#Stop execution on any error
+trap "fail_trap" EXIT
+set -e
+
+# Set debug if desired
+if [ "${DEBUG}" == "true" ]; then
+  set -x
+fi
+
+# Parsing input arguments (if any)
+export INPUT_ARGUMENTS="${@}"
+set -u
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    '--version'|-v)
+       shift
+       if [[ $# -ne 0 ]]; then
+           export DESIRED_VERSION="${1}"
+           if [[ "$1" != "v"* ]]; then
+               echo "Expected version arg ('${DESIRED_VERSION}') to begin with 'v', fixing..."
+               export DESIRED_VERSION="v${1}"
+           fi
+       else
+           echo -e "Please provide the desired version. e.g. --version v3.0.0 or -v canary"
+           exit 0
+       fi
+       ;;
+    '--no-sudo')
+       USE_SUDO="false"
+       ;;
+    '--help'|-h)
+       help
+       exit 0
+       ;;
+    *) exit 1
+       ;;
+  esac
+  shift
+done
+set +u
+
+initArch
+initOS
+verifySupported
+checkDesiredVersion
+if ! checkHelmInstalledVersion; then
+  downloadFile
+  verifyFile
+  installFile
+fi
+testVersion
+cleanup
diff --git a/headlamp-ingress.yml b/headlamp-ingress.yml
new file mode 100644
index 0000000..f061c98
--- /dev/null
+++ b/headlamp-ingress.yml
@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: headlamp-ingress
+  namespace: kube-system
+  annotations:
+    spec.ingressClassName: traefik
+spec:
+  rules:
+  - http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: headlamp
+            port:
+              number: 8080
diff --git a/k3sup b/k3sup
new file mode 100755
index 0000000..c1c91be
Binary files /dev/null and b/k3sup differ
diff --git a/kubeconfig b/kubeconfig
new file mode 100644
index 0000000..f073566
--- /dev/null
+++ b/kubeconfig
@@ -0,0 +1,18 @@
+apiVersion: v1
+clusters:
+- cluster:
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJlRENDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTnpFek16a3pNakV3SGhjTk1qWXdNakUzTVRRME1qQXhXaGNOTXpZd01qRTFNVFEwTWpBeApXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTnpFek16a3pNakV3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFTQm5mcUdBa0pRaS9pSnNwRFc3YjRseUtYQWtGUk9kZGt0cndGMzhTVm4KN2NtOFZRNjltd1lTVXUxYzBRMDd0SUZ2M3VXSlg4cE9wY2Z1MUZaUTZJL1FvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVW5yZTZ1NnkyQ1VpcUZZVGNRWGYvCjBVZ0MyL2N3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loQU9NaTh0TGg3NythL25aK1BkWnhGZ3RoT1lOQnFBcUIKUXU4NVllaTAvRWo2QWlFQXV6TGh1cWNqdW1tbFRnb1pMRFhOc3RmSWlhdllobWdxNHpOU1l6SnM5Skk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+    server: https://192.168.1.14:6443
+  name: default
+contexts:
+- context:
+    cluster: default
+    user: default
+  name: default
+current-context: default
+kind: Config
+users:
+- name: default
+  user:
+    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrVENDQVRlZ0F3SUJBZ0lJS3lPbkxmWlhsRUl3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOemN4TXpNNU16SXhNQjRYRFRJMk1ESXhOekUwTkRJd01Wb1hEVEkzTURJeApOekUwTkRJd01Wb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJFQVZkbFoxeHJqZVRTc3gKbVQ5L1BRK2t2enJvWUlSa3lqWHEvcnpuUmt2MXlPUVRGWDFkWEFiQ3pvRm5SRGFFczYxdzY1QmxFMklHWWZHZwpTNmErQS9PalNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCUk9ReXBOKzNPRzFjMUIvRm44TEphVWYyMlNXVEFLQmdncWhrak9QUVFEQWdOSUFEQkYKQWlFQWpEU3MyL0Y0dkZ3NVJ1cHlTZ0ZmWlVvcWJ0TVQ4MFVrNlZFRkdJcmF5MndDSUVUVXVLSGd4cFdVVmhXaQpMa1F4Yk4zMFNyZ3BpeFV6amlRdU1KaXdzME1mCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUzTnpFek16a3pNakV3SGhjTk1qWXdNakUzTVRRME1qQXhXaGNOTXpZd01qRTFNVFEwTWpBeApXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUzTnpFek16a3pNakV3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFSTjZ4S0VIZkdTQVpjR3Q4aVB4ci9LUEJCUUJiTTZES3JhN29NUGM2UG0KVnJKZnVwTzJwUkhIZTZrSnhlYlp4TTlpbnBKOFBqaURrT1BzT3IxMEVkcEtvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVVRrTXFUZnR6aHRYTlFmeFovQ3lXCmxIOXRrbGt3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUs1Q1NVUVlqT0w4Q21ySGtxVityU1RRTVZHN3I5UHoKb0YyNUdzaXNKMElDQWlBeko2WlZPNU1QRmFHV0VCMW5Lb2k3VGdBWWhMS25ncUVDV2tCcDJoSlRlUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+    client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUlDNWtpMEdNbTZWeGg0U3VKVTRQWnZlY0JaaGNpcURPNllRTHc5S3B3SjNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFUUJWMlZuWEd1TjVOS3pHWlAzODlENlMvT3VoZ2hHVEtOZXIrdk9kR1MvWEk1Qk1WZlYxYwpCc0xPZ1dkRU5vU3pyWERya0dVVFlnWmg4YUJMcHI0RDh3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
diff --git a/longhorn-ingress.yml b/longhorn-ingress.yml
new file mode 100644
index 0000000..274e6aa
--- /dev/null
+++ b/longhorn-ingress.yml
@@ -0,0 +1,41 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: longhorn-basic-auth-secret
+  namespace: longhorn-system
+data:
+  users: |2
+    YWRtaW46JGFwcjEkMmp5TzMwYmskRE5IV0VEQW1VQXFVajVGOHNvdXNVMAoK
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: longhorn-basic-auth-middleware
+  namespace: longhorn-system
+spec:
+  basicAuth:
+    secret: longhorn-basic-auth-secret
+    realm: "Longhorn Dashboard"
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: longhorn-ingress
+  namespace: kube-system
+  annotations:
+    spec.ingressClassName: traefik
+    traefik.ingress.kubernetes.io/router.middlewares: longhorn-system-longhorn-basic-auth-middleware@kubernetescrd
+spec:
+  rules:
+  - http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: longhorn-frontend
+            port:
+              number: 80
diff --git a/metallb-config.yml b/metallb-config.yml
new file mode 100644
index 0000000..59a10ed
--- /dev/null
+++ b/metallb-config.yml
@@ -0,0 +1,19 @@
+---
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: default-pool
+  namespace: metallb-system
+spec:
+  addresses:
+  - 192.168.1.21-192.168.1.40
+
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: default
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+  - default-pool
diff --git a/tls.crt b/tls.crt
new file mode 100644
index 0000000..b2514a4
--- /dev/null
+++ b/tls.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDGzCCAgOgAwIBAgIUO28WNMsoOHSHneD3kEBrSh5j1zcwDQYJKoZIhvcNAQEL
+BQAwHTEbMBkGA1UEAwwSKi5kb2NrZXIubG9jYWxob3N0MB4XDTI2MDIxODE0MzEz
+NloXDTI3MDIxODE0MzEzNlowHTEbMBkGA1UEAwwSKi5kb2NrZXIubG9jYWxob3N0
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1lpjGckFievdWut4Q3Y
+Y4LmXcsv2vNabZwCUMwY81DoxcfjmqiwpBV3WMhB6Yww0Y4Ub+3jc8rLEVEfD/8Z
+XHeWSPTXsv1vxnEtY7rrV/WLFPJ9/cQjy3XB9TPkg4R2Pm1XgUXbuWBHovL3WuLC
+hF0qjd2j2q2IVcHUMDRW+bxwiTIJVUvvZ27TvC/VM/qQ99xvbMConAM7FMlqo3FR
+SSw1lkx38AZiWX0YMbHiMjJNA60Nbsone1IMQPzzmleqgqLtJ9ksi/O4/OEoAOUy
+iY6k6kbVvE9/Vf0N5LTydgCHScKCtzm7zFWrq6SaYYXRPIEQJiI9wD266wRqNgwk
+LwIDAQABo1MwUTAdBgNVHQ4EFgQUsi4lJq86MqJn/0ZuEHXiyQ5AIe8wHwYDVR0j
+BBgwFoAUsi4lJq86MqJn/0ZuEHXiyQ5AIe8wDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAQEAS6ThEKdbr8hSJRRjgCbr9G/3K+9M1tvELZ4sAec9uPFq
+WSA5yexTfB6Cfh5CfI5AsHVesBVjVtY+ec9KUaC9HCnFu7sQA1stGRXWBD8xmeP8
+rrjcRlR9GKEJw6DC69HUPE3gJCDPO/mIjwSnlSPypAcu9+/eeciT4j3q932LYtrJ
+PhesyF4+2FgsrmAKpqdjzH04NnBznObtd3X3kPDkTigdWjKUQGPxUPI8uU4Whvy1
+Hj/LKhx7tE81v22Chaj/ECzmdnBlZ1S6puUEz4+/TZpGkklDW0hQjGtr5tN86Pzd
+b3GipVeDGFWXImYjcqWB/jbIM5J/gLqBYzhph1jy3Q==
+-----END CERTIFICATE-----
diff --git a/tls.key b/tls.key
new file mode 100644
index 0000000..48aa1f8
--- /dev/null
+++ b/tls.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCjWWmMZyQWJ691
+a63hDdhjguZdyy/a81ptnAJQzBjzUOjFx+OaqLCkFXdYyEHpjDDRjhRv7eNzyssR
+UR8P/xlcd5ZI9Ney/W/GcS1juutX9YsU8n39xCPLdcH1M+SDhHY+bVeBRdu5YEei
+8vda4sKEXSqN3aParYhVwdQwNFb5vHCJMglVS+9nbtO8L9Uz+pD33G9swKicAzsU
+yWqjcVFJLDWWTHfwBmJZfRgxseIyMk0DrQ1uyid7UgxA/POaV6qCou0n2SyL87j8
+4SgA5TKJjqTqRtW8T39V/Q3ktPJ2AIdJwoK3ObvMVaurpJphhdE8gRAmIj3APbrr
+BGo2DCQvAgMBAAECggEAOZekPaL916vdUn6JG0C46vjzhN1HPaCwYNXxARC8uUjt
+ERKVXmmcgfWpkw1kI9ZQPgokjYQnviMhbrUVyRuNkwr82zMsO8jcWHB96twz7tq9
+U0DeCBNX9XvKy0ulBXO2BvOhNwxs2FKoXzzf1lT99RIuFz+ubkLhvy6sQ+SoR7tG
+szNhWZCObR9+NagybeyEgt1i6SUtkLVQSojMeeFCh6Dait9FIrXmrRywyRnYuUpF
+JxAtoHlPST8LfDmvrj4tcaxkA+g+OLoE+p1P2DDS2EC/9JRMCzlmsEijyVqtV40R
+xDi6L5CySvZARGpl9DpMCXz0k12GXr57jv34cl6O6QKBgQDb8j1T0hEzuicRYX1A
+vkCN8b9kBhQXqxywJG2jBQ8Iw7sRMny2PtpHtTSrpLlfyMO4pdLqUo3G9vWXSJOy
+Pwd0IBDdVcuNC2YiyhZybmJzzxGoixU8cJ8oGaymk1e9xp6DXq0KILk2JFQ9DilG
+8ClTFMgerqzOnlaasHKTJAnGmQKBgQC+ICdI40rGmr2ClMUXmiwIjyhuSwZupwEL
+RSsU0OyftxxrCf1TMzlquiNSNluvrJO9Vs7Bu+5h8KlcMzCJZkiCp8t4xoAXW0e7
+AeE49xt+HqGny67w9Bp1KfD0wQ2gtEDNVW67KiqBWauLSqnTlpWbu7keqnuJPjNY
+06qXcdUmBwKBgHKJIwaTTgHx3oZejis458UDLveXcr8gjD/tuGo8KCgYRUIfWHJP
+KLxO0K7RiPcoRUPSlpMPimUiFaJCWSdpSyhdymp4UxeP6BAVzLqqYPqNylRKmTRw
+MXFgbVgRQo/A7qrakqHDiK95G6Tvyu72AY8SM2RG8hZmvhKv7/pPugeBAoGAMgRR
+cWpiLJdezbCHnSrw9Jt8vm88VPXYX3el2scPyQCqGDq7ixzJuRsY2bL1MeULxN7G
+a88d6mQemePZm/vtjXnJHI/T+NEJsNfQwWS4tdgnHPaHoloFb9dFzY3QIPvqpFoa
+VGDGZ9sINw/AV6qg1yRukfO1pihX58FfepH2yhcCgYAFTLOblHpCvLWP7VtiXCf0
+tiSdMV1Be4XR5HqzjwFkBtBxPKxm+WOW7can0hRrrnXTwnJ8geedEYTrYkgNG8Ae
+Kqj1jCyPen68OuOvZe+7tXc7JN4W7l/VQL6TY/nj/ogQ4f/XSoa2VnqFZGvgC/mA
+55fOoPLPuUSY/leVNuzCXA==
+-----END PRIVATE KEY-----
diff --git a/traefik-ingress.yml b/traefik-ingress.yml
new file mode 100644
index 0000000..0129e68
--- /dev/null
+++ b/traefik-ingress.yml
@@ -0,0 +1,41 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: traefik-basic-auth-secret
+  namespace: kube-system
+data:
+  users: |2
+    YWRtaW46JGFwcjEkMmp5TzMwYmskRE5IV0VEQW1VQXFVajVGOHNvdXNVMAoK
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: traefik-basic-auth-middleware
+  namespace: kube-system
+spec:
+  basicAuth:
+    secret: traefik-basic-auth-secret
+    realm: "Traefik Dashboard"
+
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: traefik-ingress
+  namespace: kube-system
+  annotations:
+    spec.ingressClassName: traefik
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-traefik-basic-auth-middleware@kubernetescrd
+spec:
+  rules:
+  - http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: traefik-dashboard
+            port:
+              number: 8080