Delmar/kubernetes
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Julieñ
2026-02-18 17:51:44 +01:00
commit 963a8b0464
12 changed files with 848 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
PVC-traefik-certs.yml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: traefik-certs
namespace: kube-system
labels:
app: traefik-ingress
spec:
accessModes:
- ReadWriteMany
storageClassName: longhorn
resources:
requests:
storage: 32Mi

1
auth Normal file
View File

@@ -0,0 +1 @@
admin:$apr1$y4FBYiun$qJureyQW8OywhlnjmELro1

302
check-longhorn.sh Normal file
View File

@@ -0,0 +1,302 @@
#!/bin/bash
export RED='\x1b[0;31m'
export GREEN='\x1b[38;5;22m'
export CYAN='\x1b[36m'
export YELLOW='\x1b[33m'
export NO_COLOR='\x1b[0m'
if [ -z "${LOG_TITLE}" ]; then
LOG_TITLE=''
fi
if [ -z "${LOG_LEVEL}" ]; then
LOG_LEVEL="INFO"
fi
debug() {
if [[ "${LOG_LEVEL}" == "DEBUG" ]]; then
local log_title
if [ -n "${LOG_TITLE}" ]; then
log_title="(${LOG_TITLE})"
else
log_title=''
fi
echo -e "${GREEN}[DEBUG]${log_title} ${NO_COLOR}$1"
fi
}
info() {
if [[ "${LOG_LEVEL}" == "DEBUG" ]] ||\
[[ "${LOG_LEVEL}" == "INFO" ]]; then
local log_title
if [ -n "${LOG_TITLE}" ]; then
log_title="(${LOG_TITLE})"
else
log_title=''
fi
echo -e "${CYAN}[INFO] ${log_title} ${NO_COLOR}$1"
fi
}
warn() {
if [[ "${LOG_LEVEL}" == "DEBUG" ]] ||\
[[ "${LOG_LEVEL}" == "INFO" ]] ||\
[[ "${LOG_LEVEL}" == "WARN" ]]; then
local log_title
if [ -n "${LOG_TITLE}" ]; then
log_title="(${LOG_TITLE})"
else
log_title=''
fi
echo -e "${YELLOW}[WARN] ${log_title} ${NO_COLOR}$1"
fi
}
error() {
if [[ "${LOG_LEVEL}" == "DEBUG" ]] ||\
[[ "${LOG_LEVEL}" == "INFO" ]] ||\
[[ "${LOG_LEVEL}" == "WARN" ]] ||\
[[ "${LOG_LEVEL}" == "ERROR" ]]; then
local log_title
if [ -n "${LOG_TITLE}" ]; then
log_title="(${LOG_TITLE})"
else
log_title=''
fi
echo -e "${RED}[ERROR]${log_title} ${NO_COLOR}$1"
fi
}
detect_node_os()
{
local pod="$1"
OS=`kubectl exec -i $pod -- nsenter --mount=/proc/1/ns/mnt -- bash -c 'grep -E "^ID_LIKE=" /etc/os-release | cut -d= -f2'`
if [[ -z "${OS}" ]]; then
OS=`kubectl exec -i $pod -- nsenter --mount=/proc/1/ns/mnt -- bash -c 'grep -E "^ID=" /etc/os-release | cut -d= -f2'`
fi
echo "$OS"
}
set_packages_and_check_cmd()
{
case $OS in
*"debian"* | *"ubuntu"* )
CHECK_CMD='dpkg -l | grep -w'
PACKAGES=(nfs-common open-iscsi)
;;
*"centos"* | *"fedora"* | *"rocky"* | *"ol"* )
CHECK_CMD='rpm -q'
PACKAGES=(nfs-utils iscsi-initiator-utils)
;;
*"suse"* )
CHECK_CMD='rpm -q'
PACKAGES=(nfs-client open-iscsi)
;;
*"arch"* )
CHECK_CMD='pacman -Q'
PACKAGES=(nfs-utils open-iscsi)
;;
*"gentoo"* )
CHECK_CMD='qlist -I'
PACKAGES=(net-fs/nfs-utils sys-block/open-iscsi)
;;
*)
CHECK_CMD=''
PACKAGES=()
warn "Stop the environment check because '$OS' is not supported in the environment check script."
exit 1
;;
esac
}
check_dependencies() {
local targets=($@)
local allFound=true
for ((i=0; i<${#targets[@]}; i++)); do
local target=${targets[$i]}
if [ "$(which $target)" == "" ]; then
allFound=false
error "Not found: $target"
fi
done
if [ "$allFound" == "false" ]; then
error "Please install missing dependencies."
exit 2
else
info "Required dependencies are installed."
fi
}
create_ds() {
cat <<EOF > $TEMP_DIR/environment_check.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: longhorn-environment-check
name: longhorn-environment-check
spec:
selector:
matchLabels:
app: longhorn-environment-check
template:
metadata:
labels:
app: longhorn-environment-check
spec:
hostPID: true
containers:
- name: longhorn-environment-check
image: alpine:3.12
args: ["/bin/sh", "-c", "sleep 1000000000"]
volumeMounts:
- name: mountpoint
mountPath: /tmp/longhorn-environment-check
mountPropagation: Bidirectional
securityContext:
privileged: true
volumes:
- name: mountpoint
hostPath:
path: /tmp/longhorn-environment-check
EOF
kubectl create -f $TEMP_DIR/environment_check.yaml > /dev/null
}
cleanup() {
info "Cleaning up longhorn-environment-check pods..."
kubectl delete -f $TEMP_DIR/environment_check.yaml > /dev/null
rm -rf $TEMP_DIR
info "Cleanup completed."
}
wait_ds_ready() {
while true; do
local ds=$(kubectl get ds/longhorn-environment-check -o json)
local numberReady=$(echo $ds | jq .status.numberReady)
local desiredNumberScheduled=$(echo $ds | jq .status.desiredNumberScheduled)
if [ "$desiredNumberScheduled" == "$numberReady" ] && [ "$desiredNumberScheduled" != "0" ]; then
info "All longhorn-environment-check pods are ready ($numberReady/$desiredNumberScheduled)."
return
fi
info "Waiting for longhorn-environment-check pods to become ready ($numberReady/$desiredNumberScheduled)..."
sleep 3
done
}
check_mount_propagation() {
local allSupported=true
local pods=$(kubectl -l app=longhorn-environment-check get po -o json)
local ds=$(kubectl get ds/longhorn-environment-check -o json)
local desiredNumberScheduled=$(echo $ds | jq .status.desiredNumberScheduled)
for ((i=0; i<desiredNumberScheduled; i++)); do
local pod=$(echo $pods | jq .items[$i])
local nodeName=$(echo $pod | jq -r .spec.nodeName)
local mountPropagation=$(echo $pod | jq -r '.spec.containers[0].volumeMounts[] | select(.name=="mountpoint") | .mountPropagation')
if [ "$mountPropagation" != "Bidirectional" ]; then
allSupported=false
error "node $nodeName: MountPropagation is disabled"
fi
done
if [ "$allSupported" != "true" ]; then
error "MountPropagation is disabled on at least one node. As a result, CSI driver and Base image cannot be supported."
exit 1
else
info "MountPropagation is enabled."
fi
}
check_package_installed() {
local pods=$(kubectl get pods -o name | grep longhorn-environment-check)
local allFound=true
for pod in ${pods}; do
OS=`detect_node_os $pod`
if [ x"$OS" == x"" ]; then
error "Unable to detect OS on node $node."
exit 2
fi
set_packages_and_check_cmd "$OS"
for ((i=0; i<${#PACKAGES[@]}; i++)); do
local package=${PACKAGES[$i]}
kubectl exec -i $pod -- nsenter --mount=/proc/1/ns/mnt -- timeout 30 bash -c "$CHECK_CMD $package" > /dev/null 2>&1
if [ $? != 0 ]; then
allFound=false
node=`kubectl get ${pod} --no-headers -o=custom-columns=:.spec.nodeName`
error "$package is not found in $node."
fi
done
done
if [ "$allFound" == "false" ]; then
error "Please install missing packages."
exit 2
else
info "Required packages are installed."
fi
}
check_multipathd() {
local pods=$(kubectl get pods -o name | grep longhorn-environment-check)
local allNotFound=true
for pod in ${pods}; do
kubectl exec -t $pod -- nsenter --mount=/proc/1/ns/mnt -- bash -c "systemctl status --no-pager multipathd.service" > /dev/null 2>&1
if [ $? = 0 ]; then
allNotFound=false
node=`kubectl get ${pod} --no-headers -o=custom-columns=:.spec.nodeName`
warn "multipathd is running on $node."
fi
done
if [ "$allNotFound" == "false" ]; then
warn "multipathd would probably result in the Longhorn volume mount failure. Please refer to https://longhorn.io/kb/troubleshooting-volume-with-multipath for more information."
fi
}
check_iscsid() {
local pods=$(kubectl get pods -o name | grep longhorn-environment-check)
local allFound=true
for pod in ${pods}; do
kubectl exec -t $pod -- nsenter --mount=/proc/1/ns/mnt -- bash -c "systemctl status --no-pager iscsid.service" > /dev/null 2>&1
if [ $? != 0 ]; then
allFound=false
node=`kubectl get ${pod} --no-headers -o=custom-columns=:.spec.nodeName`
error "iscsid is not running on $node."
fi
done
if [ "$allFound" == "false" ]; then
exit 2
fi
}
DEPENDENCIES=(kubectl jq mktemp)
check_dependencies ${DEPENDENCIES[@]}
TEMP_DIR=$(mktemp -d)
trap cleanup EXIT
create_ds
wait_ds_ready
check_package_installed
check_iscsid
check_multipathd
check_mount_propagation
exit 0

347
get_helm.sh Executable file
View File

@@ -0,0 +1,347 @@
#!/usr/bin/env bash
# Copyright The Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# The install script is based off of the MIT-licensed script from glide,
# the package manager for Go: https://github.com/Masterminds/glide.sh/blob/master/get
: ${BINARY_NAME:="helm"}
: ${USE_SUDO:="true"}
: ${DEBUG:="false"}
: ${VERIFY_CHECKSUM:="true"}
: ${VERIFY_SIGNATURES:="false"}
: ${HELM_INSTALL_DIR:="/usr/local/bin"}
: ${GPG_PUBRING:="pubring.kbx"}
HAS_CURL="$(type "curl" &> /dev/null && echo true || echo false)"
HAS_WGET="$(type "wget" &> /dev/null && echo true || echo false)"
HAS_OPENSSL="$(type "openssl" &> /dev/null && echo true || echo false)"
HAS_GPG="$(type "gpg" &> /dev/null && echo true || echo false)"
HAS_GIT="$(type "git" &> /dev/null && echo true || echo false)"
HAS_TAR="$(type "tar" &> /dev/null && echo true || echo false)"
# initArch discovers the architecture for this system.
initArch() {
ARCH=$(uname -m)
case $ARCH in
armv5*) ARCH="armv5";;
armv6*) ARCH="armv6";;
armv7*) ARCH="arm";;
aarch64) ARCH="arm64";;
x86) ARCH="386";;
x86_64) ARCH="amd64";;
i686) ARCH="386";;
i386) ARCH="386";;
esac
}
# initOS discovers the operating system for this system.
initOS() {
OS=$(echo `uname`|tr '[:upper:]' '[:lower:]')
case "$OS" in
# Minimalist GNU for Windows
mingw*|cygwin*) OS='windows';;
esac
}
# runs the given command as root (detects if we are root already)
runAsRoot() {
if [ $EUID -ne 0 -a "$USE_SUDO" = "true" ]; then
sudo "${@}"
else
"${@}"
fi
}
# verifySupported checks that the os/arch combination is supported for
# binary builds, as well whether or not necessary tools are present.
verifySupported() {
local supported="darwin-amd64\ndarwin-arm64\nlinux-386\nlinux-amd64\nlinux-arm\nlinux-arm64\nlinux-loong64\nlinux-ppc64le\nlinux-s390x\nlinux-riscv64\nwindows-amd64\nwindows-arm64"
if ! echo "${supported}" | grep -q "${OS}-${ARCH}"; then
echo "No prebuilt binary for ${OS}-${ARCH}."
echo "To build from source, go to https://github.com/helm/helm"
exit 1
fi
if [ "${HAS_CURL}" != "true" ] && [ "${HAS_WGET}" != "true" ]; then
echo "Either curl or wget is required"
exit 1
fi
if [ "${VERIFY_CHECKSUM}" == "true" ] && [ "${HAS_OPENSSL}" != "true" ]; then
echo "In order to verify checksum, openssl must first be installed."
echo "Please install openssl or set VERIFY_CHECKSUM=false in your environment."
exit 1
fi
if [ "${VERIFY_SIGNATURES}" == "true" ]; then
if [ "${HAS_GPG}" != "true" ]; then
echo "In order to verify signatures, gpg must first be installed."
echo "Please install gpg or set VERIFY_SIGNATURES=false in your environment."
exit 1
fi
if [ "${OS}" != "linux" ]; then
echo "Signature verification is currently only supported on Linux."
echo "Please set VERIFY_SIGNATURES=false or verify the signatures manually."
exit 1
fi
fi
if [ "${HAS_GIT}" != "true" ]; then
echo "[WARNING] Could not find git. It is required for plugin installation."
fi
if [ "${HAS_TAR}" != "true" ]; then
echo "[ERROR] Could not find tar. It is required to extract the helm binary archive."
exit 1
fi
}
# checkDesiredVersion checks if the desired version is available.
checkDesiredVersion() {
if [ "x$DESIRED_VERSION" == "x" ]; then
# Get tag from release URL
local latest_release_url="https://get.helm.sh/helm3-latest-version"
local latest_release_response=""
if [ "${HAS_CURL}" == "true" ]; then
latest_release_response=$( curl -L --silent --show-error --fail "$latest_release_url" 2>&1 || true )
elif [ "${HAS_WGET}" == "true" ]; then
latest_release_response=$( wget "$latest_release_url" -q -O - 2>&1 || true )
fi
TAG=$( echo "$latest_release_response" | grep '^v[0-9]' )
if [ "x$TAG" == "x" ]; then
printf "Could not retrieve the latest release tag information from %s: %s\n" "${latest_release_url}" "${latest_release_response}"
exit 1
fi
else
TAG=$DESIRED_VERSION
fi
}
# checkHelmInstalledVersion checks which version of helm is installed and
# if it needs to be changed.
checkHelmInstalledVersion() {
if [[ -f "${HELM_INSTALL_DIR}/${BINARY_NAME}" ]]; then
local version=$("${HELM_INSTALL_DIR}/${BINARY_NAME}" version --template="{{ .Version }}")
if [[ "$version" == "$TAG" ]]; then
echo "Helm ${version} is already ${DESIRED_VERSION:-latest}"
return 0
else
echo "Helm ${TAG} is available. Changing from version ${version}."
return 1
fi
else
return 1
fi
}
# downloadFile downloads the latest binary package and also the checksum
# for that binary.
downloadFile() {
HELM_DIST="helm-$TAG-$OS-$ARCH.tar.gz"
DOWNLOAD_URL="https://get.helm.sh/$HELM_DIST"
CHECKSUM_URL="$DOWNLOAD_URL.sha256"
HELM_TMP_ROOT="$(mktemp -dt helm-installer-XXXXXX)"
HELM_TMP_FILE="$HELM_TMP_ROOT/$HELM_DIST"
HELM_SUM_FILE="$HELM_TMP_ROOT/$HELM_DIST.sha256"
echo "Downloading $DOWNLOAD_URL"
if [ "${HAS_CURL}" == "true" ]; then
curl -SsL "$CHECKSUM_URL" -o "$HELM_SUM_FILE"
curl -SsL "$DOWNLOAD_URL" -o "$HELM_TMP_FILE"
elif [ "${HAS_WGET}" == "true" ]; then
wget -q -O "$HELM_SUM_FILE" "$CHECKSUM_URL"
wget -q -O "$HELM_TMP_FILE" "$DOWNLOAD_URL"
fi
}
# verifyFile verifies the SHA256 checksum of the binary package
# and the GPG signatures for both the package and checksum file
# (depending on settings in environment).
verifyFile() {
if [ "${VERIFY_CHECKSUM}" == "true" ]; then
verifyChecksum
fi
if [ "${VERIFY_SIGNATURES}" == "true" ]; then
verifySignatures
fi
}
# installFile installs the Helm binary.
installFile() {
HELM_TMP="$HELM_TMP_ROOT/$BINARY_NAME"
mkdir -p "$HELM_TMP"
tar xf "$HELM_TMP_FILE" -C "$HELM_TMP"
HELM_TMP_BIN="$HELM_TMP/$OS-$ARCH/helm"
echo "Preparing to install $BINARY_NAME into ${HELM_INSTALL_DIR}"
runAsRoot cp "$HELM_TMP_BIN" "$HELM_INSTALL_DIR/$BINARY_NAME"
echo "$BINARY_NAME installed into $HELM_INSTALL_DIR/$BINARY_NAME"
}
# verifyChecksum verifies the SHA256 checksum of the binary package.
verifyChecksum() {
printf "Verifying checksum... "
local sum=$(openssl sha1 -sha256 ${HELM_TMP_FILE} | awk '{print $2}')
local expected_sum=$(cat ${HELM_SUM_FILE})
if [ "$sum" != "$expected_sum" ]; then
echo "SHA sum of ${HELM_TMP_FILE} does not match. Aborting."
exit 1
fi
echo "Done."
}
# verifySignatures obtains the latest KEYS file from GitHub main branch
# as well as the signature .asc files from the specific GitHub release,
# then verifies that the release artifacts were signed by a maintainer's key.
verifySignatures() {
printf "Verifying signatures... "
local keys_filename="KEYS"
local github_keys_url="https://raw.githubusercontent.com/helm/helm/main/${keys_filename}"
if [ "${HAS_CURL}" == "true" ]; then
curl -SsL "${github_keys_url}" -o "${HELM_TMP_ROOT}/${keys_filename}"
elif [ "${HAS_WGET}" == "true" ]; then
wget -q -O "${HELM_TMP_ROOT}/${keys_filename}" "${github_keys_url}"
fi
local gpg_keyring="${HELM_TMP_ROOT}/keyring.gpg"
local gpg_homedir="${HELM_TMP_ROOT}/gnupg"
mkdir -p -m 0700 "${gpg_homedir}"
local gpg_stderr_device="/dev/null"
if [ "${DEBUG}" == "true" ]; then
gpg_stderr_device="/dev/stderr"
fi
gpg --batch --quiet --homedir="${gpg_homedir}" --import "${HELM_TMP_ROOT}/${keys_filename}" 2> "${gpg_stderr_device}"
gpg --batch --no-default-keyring --keyring "${gpg_homedir}/${GPG_PUBRING}" --export > "${gpg_keyring}"
local github_release_url="https://github.com/helm/helm/releases/download/${TAG}"
if [ "${HAS_CURL}" == "true" ]; then
curl -SsL "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" -o "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc"
curl -SsL "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" -o "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc"
elif [ "${HAS_WGET}" == "true" ]; then
wget -q -O "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc"
wget -q -O "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" "${github_release_url}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc"
fi
local error_text="If you think this might be a potential security issue,"
error_text="${error_text}\nplease see here: https://github.com/helm/community/blob/master/SECURITY.md"
local num_goodlines_sha=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)')
if [[ ${num_goodlines_sha} -lt 2 ]]; then
echo "Unable to verify the signature of helm-${TAG}-${OS}-${ARCH}.tar.gz.sha256!"
echo -e "${error_text}"
exit 1
fi
local num_goodlines_tar=$(gpg --verify --keyring="${gpg_keyring}" --status-fd=1 "${HELM_TMP_ROOT}/helm-${TAG}-${OS}-${ARCH}.tar.gz.asc" 2> "${gpg_stderr_device}" | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)')
if [[ ${num_goodlines_tar} -lt 2 ]]; then
echo "Unable to verify the signature of helm-${TAG}-${OS}-${ARCH}.tar.gz!"
echo -e "${error_text}"
exit 1
fi
echo "Done."
}
# fail_trap is executed if an error occurs.
fail_trap() {
result=$?
if [ "$result" != "0" ]; then
if [[ -n "$INPUT_ARGUMENTS" ]]; then
echo "Failed to install $BINARY_NAME with the arguments provided: $INPUT_ARGUMENTS"
help
else
echo "Failed to install $BINARY_NAME"
fi
echo -e "\tFor support, go to https://github.com/helm/helm."
fi
cleanup
exit $result
}
# testVersion tests the installed client to make sure it is working.
testVersion() {
set +e
HELM="$(command -v $BINARY_NAME)"
if [ "$?" = "1" ]; then
echo "$BINARY_NAME not found. Is $HELM_INSTALL_DIR on your "'$PATH?'
exit 1
fi
set -e
}
# help provides possible cli installation arguments
help () {
echo "Accepted cli arguments are:"
echo -e "\t[--help|-h ] ->> prints this help"
echo -e "\t[--version|-v <desired_version>] . When not defined it fetches the latest release tag from the Helm CDN"
echo -e "\te.g. --version v3.0.0 or -v canary"
echo -e "\t[--no-sudo] ->> install without sudo"
}
# cleanup temporary files to avoid https://github.com/helm/helm/issues/2977
cleanup() {
if [[ -d "${HELM_TMP_ROOT:-}" ]]; then
rm -rf "$HELM_TMP_ROOT"
fi
}
# Execution
#Stop execution on any error
trap "fail_trap" EXIT
set -e
# Set debug if desired
if [ "${DEBUG}" == "true" ]; then
set -x
fi
# Parsing input arguments (if any)
export INPUT_ARGUMENTS="${@}"
set -u
while [[ $# -gt 0 ]]; do
case $1 in
'--version'|-v)
shift
if [[ $# -ne 0 ]]; then
export DESIRED_VERSION="${1}"
if [[ "$1" != "v"* ]]; then
echo "Expected version arg ('${DESIRED_VERSION}') to begin with 'v', fixing..."
export DESIRED_VERSION="v${1}"
fi
else
echo -e "Please provide the desired version. e.g. --version v3.0.0 or -v canary"
exit 0
fi
;;
'--no-sudo')
USE_SUDO="false"
;;
'--help'|-h)
help
exit 0
;;
*) exit 1
;;
esac
shift
done
set +u
initArch
initOS
verifySupported
checkDesiredVersion
if ! checkHelmInstalledVersion; then
downloadFile
verifyFile
installFile
fi
testVersion
cleanup

18
headlamp-ingress.yml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: headlamp-ingress
namespace: kube-system
annotations:
spec.ingressClassName: traefik
spec:
rules:
- http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: headlamp
port:
number: 8080

BIN
k3sup Executable file
View File

Binary file not shown.

18
kubeconfig Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJlRENDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdGMyVnkKZG1WeUxXTmhRREUzTnpFek16a3pNakV3SGhjTk1qWXdNakUzTVRRME1qQXhXaGNOTXpZd01qRTFNVFEwTWpBeApXakFqTVNFd0h3WURWUVFEREJock0zTXRjMlZ5ZG1WeUxXTmhRREUzTnpFek16a3pNakV3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFTQm5mcUdBa0pRaS9pSnNwRFc3YjRseUtYQWtGUk9kZGt0cndGMzhTVm4KN2NtOFZRNjltd1lTVXUxYzBRMDd0SUZ2M3VXSlg4cE9wY2Z1MUZaUTZJL1FvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVW5yZTZ1NnkyQ1VpcUZZVGNRWGYvCjBVZ0MyL2N3Q2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loQU9NaTh0TGg3NythL25aK1BkWnhGZ3RoT1lOQnFBcUIKUXU4NVllaTAvRWo2QWlFQXV6TGh1cWNqdW1tbFRnb1pMRFhOc3RmSWlhdllobWdxNHpOU1l6SnM5Skk9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
server: https://192.168.1.14:6443
name: default
contexts:
- context:
cluster: default
user: default
name: default
current-context: default
kind: Config
users:
- name: default
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJrVENDQVRlZ0F3SUJBZ0lJS3lPbkxmWlhsRUl3Q2dZSUtvWkl6ajBFQXdJd0l6RWhNQjhHQTFVRUF3d1kKYXpOekxXTnNhV1Z1ZEMxallVQXhOemN4TXpNNU16SXhNQjRYRFRJMk1ESXhOekUwTkRJd01Wb1hEVEkzTURJeApOekUwTkRJd01Wb3dNREVYTUJVR0ExVUVDaE1PYzNsemRHVnRPbTFoYzNSbGNuTXhGVEFUQmdOVkJBTVRESE41CmMzUmxiVHBoWkcxcGJqQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VIQTBJQUJFQVZkbFoxeHJqZVRTc3gKbVQ5L1BRK2t2enJvWUlSa3lqWHEvcnpuUmt2MXlPUVRGWDFkWEFiQ3pvRm5SRGFFczYxdzY1QmxFMklHWWZHZwpTNmErQS9PalNEQkdNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRkJRY0RBakFmCkJnTlZIU01FR0RBV2dCUk9ReXBOKzNPRzFjMUIvRm44TEphVWYyMlNXVEFLQmdncWhrak9QUVFEQWdOSUFEQkYKQWlFQWpEU3MyL0Y0dkZ3NVJ1cHlTZ0ZmWlVvcWJ0TVQ4MFVrNlZFRkdJcmF5MndDSUVUVXVLSGd4cFdVVmhXaQpMa1F4Yk4zMFNyZ3BpeFV6amlRdU1KaXdzME1mCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJkekNDQVIyZ0F3SUJBZ0lCQURBS0JnZ3Foa2pPUFFRREFqQWpNU0V3SHdZRFZRUUREQmhyTTNNdFkyeHAKWlc1MExXTmhRREUzTnpFek16a3pNakV3SGhjTk1qWXdNakUzTVRRME1qQXhXaGNOTXpZd01qRTFNVFEwTWpBeApXakFqTVNFd0h3WURWUVFEREJock0zTXRZMnhwWlc1MExXTmhRREUzTnpFek16a3pNakV3V1RBVEJnY3Foa2pPClBRSUJCZ2dxaGtqT1BRTUJCd05DQUFSTjZ4S0VIZkdTQVpjR3Q4aVB4ci9LUEJCUUJiTTZES3JhN29NUGM2UG0KVnJKZnVwTzJwUkhIZTZrSnhlYlp4TTlpbnBKOFBqaURrT1BzT3IxMEVkcEtvMEl3UURBT0JnTlZIUThCQWY4RQpCQU1DQXFRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVVRrTXFUZnR6aHRYTlFmeFovQ3lXCmxIOXRrbGt3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUloQUs1Q1NVUVlqT0w4Q21ySGtxVityU1RRTVZHN3I5UHoKb0YyNUdzaXNKMElDQWlBeko2WlZPNU1QRmFHV0VCMW5Lb2k3VGdBWWhMS25ncUVDV2tCcDJoSlRlUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUlDNWtpMEdNbTZWeGg0U3VKVTRQWnZlY0JaaGNpcURPNllRTHc5S3B3SjNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFUUJWMlZuWEd1TjVOS3pHWlAzODlENlMvT3VoZ2hHVEtOZXIrdk9kR1MvWEk1Qk1WZlYxYwpCc0xPZ1dkRU5vU3pyWERya0dVVFlnWmg4YUJMcHI0RDh3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=

41
longhorn-ingress.yml Normal file
View File

@@ -0,0 +1,41 @@
---
apiVersion: v1
kind: Secret
metadata:
name: longhorn-basic-auth-secret
namespace: longhorn-system
data:
users: |2
YWRtaW46JGFwcjEkMmp5TzMwYmskRE5IV0VEQW1VQXFVajVGOHNvdXNVMAoK
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: longhorn-basic-auth-middleware
namespace: longhorn-system
spec:
basicAuth:
secret: longhorn-basic-auth-secret
realm: "Longhorn Dashboard"
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: longhorn-ingress
namespace: kube-system
annotations:
spec.ingressClassName: traefik
traefik.ingress.kubernetes.io/router.middlewares: longhorn-system-longhorn-basic-auth-middleware@kubernetescrd
spec:
rules:
- http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: longhorn-frontend
port:
number: 80

19
metallb-config.yml Normal file
View File

@@ -0,0 +1,19 @@
---
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: default-pool
namespace: metallb-system
spec:
addresses:
- 192.168.1.21-192.168.1.40
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: default
namespace: metallb-system
spec:
ipAddressPools:
- default-pool

19
tls.crt Normal file
View File

@@ -0,0 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDGzCCAgOgAwIBAgIUO28WNMsoOHSHneD3kEBrSh5j1zcwDQYJKoZIhvcNAQEL
BQAwHTEbMBkGA1UEAwwSKi5kb2NrZXIubG9jYWxob3N0MB4XDTI2MDIxODE0MzEz
NloXDTI3MDIxODE0MzEzNlowHTEbMBkGA1UEAwwSKi5kb2NrZXIubG9jYWxob3N0
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo1lpjGckFievdWut4Q3Y
Y4LmXcsv2vNabZwCUMwY81DoxcfjmqiwpBV3WMhB6Yww0Y4Ub+3jc8rLEVEfD/8Z
XHeWSPTXsv1vxnEtY7rrV/WLFPJ9/cQjy3XB9TPkg4R2Pm1XgUXbuWBHovL3WuLC
hF0qjd2j2q2IVcHUMDRW+bxwiTIJVUvvZ27TvC/VM/qQ99xvbMConAM7FMlqo3FR
SSw1lkx38AZiWX0YMbHiMjJNA60Nbsone1IMQPzzmleqgqLtJ9ksi/O4/OEoAOUy
iY6k6kbVvE9/Vf0N5LTydgCHScKCtzm7zFWrq6SaYYXRPIEQJiI9wD266wRqNgwk
LwIDAQABo1MwUTAdBgNVHQ4EFgQUsi4lJq86MqJn/0ZuEHXiyQ5AIe8wHwYDVR0j
BBgwFoAUsi4lJq86MqJn/0ZuEHXiyQ5AIe8wDwYDVR0TAQH/BAUwAwEB/zANBgkq
hkiG9w0BAQsFAAOCAQEAS6ThEKdbr8hSJRRjgCbr9G/3K+9M1tvELZ4sAec9uPFq
WSA5yexTfB6Cfh5CfI5AsHVesBVjVtY+ec9KUaC9HCnFu7sQA1stGRXWBD8xmeP8
rrjcRlR9GKEJw6DC69HUPE3gJCDPO/mIjwSnlSPypAcu9+/eeciT4j3q932LYtrJ
PhesyF4+2FgsrmAKpqdjzH04NnBznObtd3X3kPDkTigdWjKUQGPxUPI8uU4Whvy1
Hj/LKhx7tE81v22Chaj/ECzmdnBlZ1S6puUEz4+/TZpGkklDW0hQjGtr5tN86Pzd
b3GipVeDGFWXImYjcqWB/jbIM5J/gLqBYzhph1jy3Q==
-----END CERTIFICATE-----

28
tls.key Normal file
View File

@@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCjWWmMZyQWJ691
a63hDdhjguZdyy/a81ptnAJQzBjzUOjFx+OaqLCkFXdYyEHpjDDRjhRv7eNzyssR
UR8P/xlcd5ZI9Ney/W/GcS1juutX9YsU8n39xCPLdcH1M+SDhHY+bVeBRdu5YEei
8vda4sKEXSqN3aParYhVwdQwNFb5vHCJMglVS+9nbtO8L9Uz+pD33G9swKicAzsU
yWqjcVFJLDWWTHfwBmJZfRgxseIyMk0DrQ1uyid7UgxA/POaV6qCou0n2SyL87j8
4SgA5TKJjqTqRtW8T39V/Q3ktPJ2AIdJwoK3ObvMVaurpJphhdE8gRAmIj3APbrr
BGo2DCQvAgMBAAECggEAOZekPaL916vdUn6JG0C46vjzhN1HPaCwYNXxARC8uUjt
ERKVXmmcgfWpkw1kI9ZQPgokjYQnviMhbrUVyRuNkwr82zMsO8jcWHB96twz7tq9
U0DeCBNX9XvKy0ulBXO2BvOhNwxs2FKoXzzf1lT99RIuFz+ubkLhvy6sQ+SoR7tG
szNhWZCObR9+NagybeyEgt1i6SUtkLVQSojMeeFCh6Dait9FIrXmrRywyRnYuUpF
JxAtoHlPST8LfDmvrj4tcaxkA+g+OLoE+p1P2DDS2EC/9JRMCzlmsEijyVqtV40R
xDi6L5CySvZARGpl9DpMCXz0k12GXr57jv34cl6O6QKBgQDb8j1T0hEzuicRYX1A
vkCN8b9kBhQXqxywJG2jBQ8Iw7sRMny2PtpHtTSrpLlfyMO4pdLqUo3G9vWXSJOy
Pwd0IBDdVcuNC2YiyhZybmJzzxGoixU8cJ8oGaymk1e9xp6DXq0KILk2JFQ9DilG
8ClTFMgerqzOnlaasHKTJAnGmQKBgQC+ICdI40rGmr2ClMUXmiwIjyhuSwZupwEL
RSsU0OyftxxrCf1TMzlquiNSNluvrJO9Vs7Bu+5h8KlcMzCJZkiCp8t4xoAXW0e7
AeE49xt+HqGny67w9Bp1KfD0wQ2gtEDNVW67KiqBWauLSqnTlpWbu7keqnuJPjNY
06qXcdUmBwKBgHKJIwaTTgHx3oZejis458UDLveXcr8gjD/tuGo8KCgYRUIfWHJP
KLxO0K7RiPcoRUPSlpMPimUiFaJCWSdpSyhdymp4UxeP6BAVzLqqYPqNylRKmTRw
MXFgbVgRQo/A7qrakqHDiK95G6Tvyu72AY8SM2RG8hZmvhKv7/pPugeBAoGAMgRR
cWpiLJdezbCHnSrw9Jt8vm88VPXYX3el2scPyQCqGDq7ixzJuRsY2bL1MeULxN7G
a88d6mQemePZm/vtjXnJHI/T+NEJsNfQwWS4tdgnHPaHoloFb9dFzY3QIPvqpFoa
VGDGZ9sINw/AV6qg1yRukfO1pihX58FfepH2yhcCgYAFTLOblHpCvLWP7VtiXCf0
tiSdMV1Be4XR5HqzjwFkBtBxPKxm+WOW7can0hRrrnXTwnJ8geedEYTrYkgNG8Ae
Kqj1jCyPen68OuOvZe+7tXc7JN4W7l/VQL6TY/nj/ogQ4f/XSoa2VnqFZGvgC/mA
55fOoPLPuUSY/leVNuzCXA==
-----END PRIVATE KEY-----

41
traefik-ingress.yml Normal file
View File

@@ -0,0 +1,41 @@
---
apiVersion: v1
kind: Secret
metadata:
name: traefik-basic-auth-secret
namespace: kube-system
data:
users: |2
YWRtaW46JGFwcjEkMmp5TzMwYmskRE5IV0VEQW1VQXFVajVGOHNvdXNVMAoK
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: traefik-basic-auth-middleware
namespace: kube-system
spec:
basicAuth:
secret: traefik-basic-auth-secret
realm: "Traefik Dashboard"
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: traefik-ingress
namespace: kube-system
annotations:
spec.ingressClassName: traefik
traefik.ingress.kubernetes.io/router.middlewares: kube-system-traefik-basic-auth-middleware@kubernetescrd
spec:
rules:
- http:
paths:
- pathType: Prefix
path: "/"
backend:
service:
name: traefik-dashboard
port:
number: 8080