#0000 - Add scripts and configurations for Kubernetes cluster setup

This commit includes Helm-based installation scripts for MetalLB, Traefik, Cert-Manager, and External DNS, along with their necessary configurations. Updates to cert-manager YAML ensure production-ready naming and namespace adjustments. These changes aim to streamline the deployment and management of Kubernetes services with simplified automation.

cert-manager.yaml

@@ -1,8 +1,8 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: acme-lets-encrypt-http
+  name: letsencrypt-production
-  namespace: cert-issuer
+  namespace: cert-manager
 spec:
   acme:
     email: acme@van-hemmen.com
@@ -10,7 +10,7 @@ spec:
     server: https://acme-v02.api.letsencrypt.org/directory
     privateKeySecretRef:
       # if not existing, it will register a new account and stores it
-      name: production-issuer-account-key
+      name: letsencrypt-production
     solvers:
       - http01:
           # The ingressClass used to create the necessary ingress routes

metallb-ressources.yaml

@@ -0,0 +1,17 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: ovh-ip-pool
+  namespace: metallb-system
+spec:
+  addresses:
+    - 5.196.149.159/32
+    - 5.196.149.200/32
+    - 5.196.149.203/32
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: l2-advertisement
+  namespace: metallb-system
+spec: { }

scripts/00_install_metalLB.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -ex
+
+helm repo add metallb https://metallb.github.io/metallb
+helm repo update
+
+kubectl create namespace metallb-system
+kubectl label namespace metallb-system pod-security.kubernetes.io/enforce=privileged
+
+helm install metallb metallb/metallb --namespace metallb-system

scripts/01_install_traefik.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+
+set -ex
+
+# This script installs Traefik using Helm, with MetalLB load balancer configuration.
+# Ensure you pass the IP from the MetalLB pool as an argument when running the script.
+
+# Check if an argument (IP address) is provided
+if [ -z "$1" ]; then
+  echo "Error: Missing argument for the MetalLB IP."
+  echo "Usage: $0 <METALLB_IP>"
+  echo "Please provide an IP address from the MetalLB pool as a parameter."
+  exit 1
+fi
+
+METALLB_IP=$1
+
+# Adding the Traefik Helm repo
+helm repo add traefik https://traefik.github.io/charts
+helm repo update
+
+# Creating the Traefik namespace
+kubectl create namespace traefik
+# Uncomment the line below to enable privileged pod security policy for the namespace
+kubectl label namespace traefik pod-security.kubernetes.io/enforce=privileged
+
+# Installing Traefik with the MetalLB IP specified
+helm install traefik traefik/traefik --namespace traefik \
+  --set service.type=LoadBalancer \
+  --set service.loadBalancerIP=$METALLB_IP

scripts/03_install_cert_manager.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -ex
+
+helm repo add jetstack https://charts.jetstack.io
+helm repo update
+
+kubectl create namespace cert-manager
+
+helm install cert-manager jetstack/cert-manager --namespace cert-manager \
+  --set installCRDs=true

scripts/04_install_external_dns.sh

@@ -0,0 +1,26 @@
+#!/bin/bash
+
+set -ex
+
+# Check if the Cloudflare API token is provided as an argument
+if [ -z "$1" ]; then
+  echo "Error: Missing Cloudflare API token."
+  echo "Usage: $0 <Cloudflare-API-Token>"
+  echo "You must provide your Cloudflare API token as a parameter to run this script."
+  exit 1
+fi
+
+CLOUDFLARE_API_TOKEN=$1
+
+# Add the Bitnami Helm repository
+helm repo add bitnami https://charts.bitnami.com/bitnami
+helm repo update
+
+# Create the namespace for external DNS
+kubectl create namespace external-dns
+
+# Install the external-dns chart with the provided Cloudflare API token
+helm install external-dns bitnami/external-dns --namespace external-dns \
+  --set provider=cloudflare \
+  --set cloudflare.apiToken="$CLOUDFLARE_API_TOKEN" \
+  --set txtOwnerId=external-dns