From 6bf8d75310ae3ea654eca9b24875b0780f06604b Mon Sep 17 00:00:00 2001 From: "Guillaume B.B. Van Hemmen" Date: Thu, 19 Dec 2024 17:18:36 +0100 Subject: [PATCH] #0000 - Add scripts and configurations for Kubernetes cluster setup This commit includes Helm-based installation scripts for MetalLB, Traefik, Cert-Manager, and External DNS, along with their necessary configurations. Updates to cert-manager YAML ensure production-ready naming and namespace adjustments. These changes aim to streamline the deployment and management of Kubernetes services with simplified automation. --- cert-manager.yaml | 6 +++--- metallb-ressources.yaml | 17 +++++++++++++++++ scripts/00_install_metalLB.sh | 11 +++++++++++ scripts/01_install_traefik.sh | 30 ++++++++++++++++++++++++++++++ scripts/03_install_cert_manager.sh | 11 +++++++++++ scripts/04_install_external_dns.sh | 26 ++++++++++++++++++++++++++ 6 files changed, 98 insertions(+), 3 deletions(-) create mode 100644 metallb-ressources.yaml create mode 100644 scripts/00_install_metalLB.sh create mode 100644 scripts/01_install_traefik.sh create mode 100644 scripts/03_install_cert_manager.sh create mode 100644 scripts/04_install_external_dns.sh diff --git a/cert-manager.yaml b/cert-manager.yaml index 9c0ad06..6d4aabc 100644 --- a/cert-manager.yaml +++ b/cert-manager.yaml @@ -1,8 +1,8 @@ apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: - name: acme-lets-encrypt-http - namespace: cert-issuer + name: letsencrypt-production + namespace: cert-manager spec: acme: email: acme@van-hemmen.com @@ -10,7 +10,7 @@ spec: server: https://acme-v02.api.letsencrypt.org/directory privateKeySecretRef: # if not existing, it will register a new account and stores it - name: production-issuer-account-key + name: letsencrypt-production solvers: - http01: # The ingressClass used to create the necessary ingress routes diff --git a/metallb-ressources.yaml b/metallb-ressources.yaml new file mode 100644 index 0000000..711b485 --- /dev/null +++ b/metallb-ressources.yaml @@ -0,0 +1,17 @@ +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: ovh-ip-pool + namespace: metallb-system +spec: + addresses: + - 5.196.149.159/32 + - 5.196.149.200/32 + - 5.196.149.203/32 +--- +apiVersion: metallb.io/v1beta1 +kind: L2Advertisement +metadata: + name: l2-advertisement + namespace: metallb-system +spec: { } diff --git a/scripts/00_install_metalLB.sh b/scripts/00_install_metalLB.sh new file mode 100644 index 0000000..c2a9bf6 --- /dev/null +++ b/scripts/00_install_metalLB.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +set -ex + +helm repo add metallb https://metallb.github.io/metallb +helm repo update + +kubectl create namespace metallb-system +kubectl label namespace metallb-system pod-security.kubernetes.io/enforce=privileged + +helm install metallb metallb/metallb --namespace metallb-system diff --git a/scripts/01_install_traefik.sh b/scripts/01_install_traefik.sh new file mode 100644 index 0000000..fe070f6 --- /dev/null +++ b/scripts/01_install_traefik.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +set -ex + +# This script installs Traefik using Helm, with MetalLB load balancer configuration. +# Ensure you pass the IP from the MetalLB pool as an argument when running the script. + +# Check if an argument (IP address) is provided +if [ -z "$1" ]; then + echo "Error: Missing argument for the MetalLB IP." + echo "Usage: $0 " + echo "Please provide an IP address from the MetalLB pool as a parameter." + exit 1 +fi + +METALLB_IP=$1 + +# Adding the Traefik Helm repo +helm repo add traefik https://traefik.github.io/charts +helm repo update + +# Creating the Traefik namespace +kubectl create namespace traefik +# Uncomment the line below to enable privileged pod security policy for the namespace +kubectl label namespace traefik pod-security.kubernetes.io/enforce=privileged + +# Installing Traefik with the MetalLB IP specified +helm install traefik traefik/traefik --namespace traefik \ + --set service.type=LoadBalancer \ + --set service.loadBalancerIP=$METALLB_IP diff --git a/scripts/03_install_cert_manager.sh b/scripts/03_install_cert_manager.sh new file mode 100644 index 0000000..8b1a3af --- /dev/null +++ b/scripts/03_install_cert_manager.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +set -ex + +helm repo add jetstack https://charts.jetstack.io +helm repo update + +kubectl create namespace cert-manager + +helm install cert-manager jetstack/cert-manager --namespace cert-manager \ + --set installCRDs=true diff --git a/scripts/04_install_external_dns.sh b/scripts/04_install_external_dns.sh new file mode 100644 index 0000000..098b81a --- /dev/null +++ b/scripts/04_install_external_dns.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +set -ex + +# Check if the Cloudflare API token is provided as an argument +if [ -z "$1" ]; then + echo "Error: Missing Cloudflare API token." + echo "Usage: $0 " + echo "You must provide your Cloudflare API token as a parameter to run this script." + exit 1 +fi + +CLOUDFLARE_API_TOKEN=$1 + +# Add the Bitnami Helm repository +helm repo add bitnami https://charts.bitnami.com/bitnami +helm repo update + +# Create the namespace for external DNS +kubectl create namespace external-dns + +# Install the external-dns chart with the provided Cloudflare API token +helm install external-dns bitnami/external-dns --namespace external-dns \ + --set provider=cloudflare \ + --set cloudflare.apiToken="$CLOUDFLARE_API_TOKEN" \ + --set txtOwnerId=external-dns