services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

various tweaks and fixes

Browse Source
This commit is contained in:
Reese Wells
2024-06-06 20:41:43 -04:00
parent 406b17c7d8
commit 642c0011ff
13 changed files with 155 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
FedoraServer.md
View File

@@ -13,6 +13,7 @@ quick.
- [Install K3S](#install-k3s) - [Install K3S](#install-k3s)
- [Database Backups](#database-backups) - [Database Backups](#database-backups)
- [Expanding Root Partition](#expanding-root-partition) - [Expanding Root Partition](#expanding-root-partition)
- [Arping IP Address](#arping-ip-address)
- [Optional Steps](#optional-steps) - [Optional Steps](#optional-steps)
- [Certbot for Cockpit](#certbot-for-cockpit) - [Certbot for Cockpit](#certbot-for-cockpit)
@@ -106,14 +107,16 @@ our own components.
"traefik" \ "traefik" \
"--disable" \ "--disable" \
"local-storage" \ "local-storage" \
"--disable" \
"servicelb" \
"--disable" \ "--disable" \
"coredns" \ "coredns" \
"--disable" \
"servicelb" \
"--cluster-dns" \ "--cluster-dns" \
"10.43.0.10" \ "10.43.0.10" \
"--tls-san" \ "--tls-san" \
"kube.reeselink.com" \ "kube.reeselink.com" \
"--tls-san" \
"kube.reeseapps.com" \
3. Join each server node 3. Join each server node
@@ -159,6 +162,13 @@ lvextend -l +100%FREE fedora
xfs_growfs /dev/mapper/fedora-root xfs_growfs /dev/mapper/fedora-root
``` ```
## Arping IP Address
```bash
echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
arping -I bridge0 -U -s 10.1.2.102 10.1.0.1
```
## Optional Steps ## Optional Steps
### Certbot for Cockpit ### Certbot for Cockpit

2
ansible/inventory.yaml
View File

@@ -9,7 +9,7 @@ kubernetes:
colors: colors:
hosts: hosts:
# orange: orange:
yellow: yellow:
apt: apt:

138
coredns-values.yaml
View File

@@ -4,14 +4,16 @@
image: image:
repository: coredns/coredns repository: coredns/coredns
tag: "1.11.1" # Overrides the image tag whose default is the chart appVersion.
tag: ""
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets. ## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace. ## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## ##
pullSecrets: []
# pullSecrets: # pullSecrets:
# - myRegistryKeySecretName # - name: myRegistryKeySecretName
replicaCount: 1 replicaCount: 1
@@ -23,29 +25,10 @@ resources:
cpu: 100m cpu: 100m
memory: 128Mi memory: 128Mi
## Create HorizontalPodAutoscaler object.
##
# autoscaling:
# minReplicas: 1
# maxReplicas: 10
# metrics:
# - type: Resource
# resource:
# name: cpu
# targetAverageUtilization: 60
# - type: Resource
# resource:
# name: memory
# targetAverageUtilization: 60
rollingUpdate: rollingUpdate:
maxUnavailable: 1 maxUnavailable: 1
maxSurge: 25% maxSurge: 25%
# Under heavy load it takes more that standard time to remove Pod endpoint from a cluster.
# This will delay termination of our pod by `preStopSleep`. To make sure kube-proxy has
# enough time to catch up.
# preStopSleep: 5
terminationGracePeriodSeconds: 30 terminationGracePeriodSeconds: 30
podAnnotations: {} podAnnotations: {}
@@ -67,9 +50,11 @@ prometheus:
service: service:
clusterIP: "10.43.0.10" clusterIP: "10.43.0.10"
# clusterIPs: []
# loadBalancerIP: "" # loadBalancerIP: ""
# externalIPs: [] # externalIPs: []
# externalTrafficPolicy: "" # externalTrafficPolicy: ""
# ipFamilyPolicy: ""
# The name of the Service # The name of the Service
# If not set, a name is generated using the fullname template # If not set, a name is generated using the fullname template
name: "" name: ""
@@ -97,6 +82,16 @@ isClusterService: true
# Optional priority class to be used for the coredns pods. Used for autoscaler if autoscaler.priorityClassName not set. # Optional priority class to be used for the coredns pods. Used for autoscaler if autoscaler.priorityClassName not set.
priorityClassName: "" priorityClassName: ""
# Configure the pod level securityContext.
podSecurityContext: {}
# Configure SecurityContext for Pod.
# Ensure that required linux capability to bind port number below 1024 is assigned (`CAP_NET_BIND_SERVICE`).
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
# Default zone is what Kubernetes recommends: # Default zone is what Kubernetes recommends:
# https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#coredns-configmap-options # https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#coredns-configmap-options
servers: servers:
@@ -124,12 +119,6 @@ servers:
# Serves a /metrics endpoint on :9153, required for serviceMonitor # Serves a /metrics endpoint on :9153, required for serviceMonitor
- name: prometheus - name: prometheus
parameters: 0.0.0.0:9153 parameters: 0.0.0.0:9153
- name: file
parameters: /etc/coredns/democratic-csi-server.reeselink.db democratic-csi-server.reeselink.com
- name: file
parameters: /etc/coredns/democratic-csi-client.reeselink.db democratic-csi-client.reeselink.com
- name: file
parameters: /etc/coredns/driveripper.reeselink.db driveripper.reeselink.com
- name: forward - name: forward
parameters: . /etc/resolv.conf parameters: . /etc/resolv.conf
- name: cache - name: cache
@@ -192,14 +181,23 @@ readinessProbe:
affinity: {} affinity: {}
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#topologyspreadconstraint-v1-core # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#topologyspreadconstraint-v1-core
# for example: # and supports Helm templating.
# For example:
# topologySpreadConstraints: # topologySpreadConstraints:
# - maxSkew: 1 # - labelSelector:
# topologyKey: zone # matchLabels:
# whenUnsatisfiable: DoNotSchedule # app.kubernetes.io/name: '{{ template "coredns.name" . }}'
# labelSelector: # app.kubernetes.io/instance: '{{ .Release.Name }}'
# matchLabels: # topologyKey: topology.kubernetes.io/zone
# foo: bar # maxSkew: 1
# whenUnsatisfiable: ScheduleAnyway
# - labelSelector:
# matchLabels:
# app.kubernetes.io/name: '{{ template "coredns.name" . }}'
# app.kubernetes.io/instance: '{{ .Release.Name }}'
# topologyKey: kubernetes.io/hostname
# maxSkew: 1
# whenUnsatisfiable: ScheduleAnyway
topologySpreadConstraints: [] topologySpreadConstraints: []
# Node labels for pod assignment # Node labels for pod assignment
@@ -219,29 +217,20 @@ tolerations: []
podDisruptionBudget: {} podDisruptionBudget: {}
# configure custom zone files as per https://coredns.io/2017/05/08/custom-dns-entries-for-kubernetes/ # configure custom zone files as per https://coredns.io/2017/05/08/custom-dns-entries-for-kubernetes/
zoneFiles: # zoneFiles:
- filename: democratic-csi-server.reeselink.db # - filename: local.db
domain: democratic-csi-server.reeselink.com # domain: driveripper.reeselink.com
contents: | # contents: |
democratic-csi-server.reeselink.com. IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600 # driveripper.reeselink.com. IN SOA sns.dns.icann.com. noc.dns.icann.com. 2015082541 7200 3600 1209600 3600
democratic-csi-server.reeselink.com. IN NS b.iana-servers.net. # driveripper.reeselink.com. IN NS b.iana-servers.net.
democratic-csi-server.reeselink.com. IN NS a.iana-servers.net. # driveripper.reeselink.com. IN NS a.iana-servers.net.
democratic-csi-server.reeselink.com. IN A 172.20.0.1 # driveripper.reeselink.com. IN A 172.20.0.1
- filename: democratic-csi-client.reeselink.db
domain: democratic-csi-client.reeselink.com
contents: |
democratic-csi-client.reeselink.com. IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
democratic-csi-client.reeselink.com. IN NS b.iana-servers.net.
democratic-csi-client.reeselink.com. IN NS a.iana-servers.net.
democratic-csi-client.reeselink.com. IN A 127.0.0.1
- filename: driveripper.reeselink.db
domain: driveripper.reeselink.com
contents: |
driveripper.reeselink.com. IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
driveripper.reeselink.com. IN NS b.iana-servers.net.
driveripper.reeselink.com. IN NS a.iana-servers.net.
driveripper.reeselink.com. IN A 172.20.0.1
# optional array of sidecar containers
extraContainers: []
# - name: some-container-name
# image: some-image:latest
# imagePullPolicy: Always
# optional array of extra volumes to create # optional array of extra volumes to create
extraVolumes: [] extraVolumes: []
# - name: some-volume-name # - name: some-volume-name
@@ -256,8 +245,10 @@ extraVolumeMounts: []
extraSecrets: [] extraSecrets: []
# - name: etcd-client-certs # - name: etcd-client-certs
# mountPath: /etc/coredns/tls/etcd # mountPath: /etc/coredns/tls/etcd
# defaultMode: 420
# - name: some-fancy-secret # - name: some-fancy-secret
# mountPath: /etc/wherever # mountPath: /etc/wherever
# defaultMode: 440
# To support legacy deployments using CoreDNS with the "k8s-app: kube-dns" label selectors. # To support legacy deployments using CoreDNS with the "k8s-app: kube-dns" label selectors.
# See https://github.com/coredns/helm/blob/master/charts/coredns/README.md#adopting-existing-coredns-resources # See https://github.com/coredns/helm/blob/master/charts/coredns/README.md#adopting-existing-coredns-resources
@@ -270,7 +261,27 @@ customLabels: {}
customAnnotations: {} customAnnotations: {}
## Alternative configuration for HPA deployment if wanted ## Alternative configuration for HPA deployment if wanted
# ## Create HorizontalPodAutoscaler object.
##
# hpa:
# enabled: false
# minReplicas: 1
# maxReplicas: 10
# metrics:
# metrics:
# - type: Resource
# resource:
# name: memory
# target:
# type: Utilization
# averageUtilization: 60
# - type: Resource
# resource:
# name: cpu
# target:
# type: Utilization
# averageUtilization: 60
hpa: hpa:
enabled: false enabled: false
minReplicas: 1 minReplicas: 1
@@ -296,6 +307,9 @@ autoscaler:
# If true does not allow single points of failure to form # If true does not allow single points of failure to form
preventSinglePointFailure: true preventSinglePointFailure: true
# Annotations for the coredns proportional autoscaler pods
podAnnotations: {}
## Optionally specify some extra flags to pass to cluster-proprtional-autoscaler. ## Optionally specify some extra flags to pass to cluster-proprtional-autoscaler.
## Useful for e.g. the nodelabels flag. ## Useful for e.g. the nodelabels flag.
# customFlags: # customFlags:
@@ -309,8 +323,9 @@ autoscaler:
## Secrets must be manually created in the namespace. ## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## ##
pullSecrets: []
# pullSecrets: # pullSecrets:
# - myRegistryKeySecretName # - name: myRegistryKeySecretName
# Optional priority class to be used for the autoscaler pods. priorityClassName used if not set. # Optional priority class to be used for the autoscaler pods. priorityClassName used if not set.
priorityClassName: "" priorityClassName: ""
@@ -349,7 +364,14 @@ autoscaler:
failureThreshold: 3 failureThreshold: 3
successThreshold: 1 successThreshold: 1
# optional array of sidecar containers
extraContainers: []
# - name: some-container-name
# image: some-image:latest
# imagePullPolicy: Always
deployment: deployment:
skipConfig: false
enabled: true enabled: true
name: "" name: ""
## Annotations for the coredns deployment ## Annotations for the coredns deployment

2
helm/nextcloud/values.yaml
View File

@@ -1,5 +1,5 @@
nextcloud: nextcloud:
image: nextcloud:28.0.1 image: nextcloud:27.1.9
domain: nextcloud.reeseapps.com domain: nextcloud.reeseapps.com
html: html:
storageClassName: zfs-iscsi-enc1 storageClassName: zfs-iscsi-enc1

6
nextcloud/README.md
View File

@@ -21,6 +21,12 @@ docker run \
nextcloud/all-in-one:latest nextcloud/all-in-one:latest
``` ```
## Trusted Proxy
```bash
docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set trusted_proxies 2 --value="10.1.0.0/16"
```
## Uninstall ## Uninstall
```bash ```bash

7
nodes/README.md Normal file
View File

@@ -0,0 +1,7 @@
# Kubernetes Node Ansible
## Update Hosts
```bash
ansible-playbook -i ansible/inventory.yaml nodes/update_hosts.yaml
```

3
nodes/hosts Normal file
View File

@@ -0,0 +1,3 @@
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.20.0.1 democratic-csi-server.reeselink.com

13
nodes/update_hosts.yaml Normal file
View File

@@ -0,0 +1,13 @@
- name: Update /etc/hosts
hosts: kubernetes
become: true
become_user: root
become_method: sudo
tasks:
- name: Copy /etc/hosts
ansible.builtin.copy:
src: ./hosts
dest: /etc/hosts
owner: root
group: root
mode: '0644'

22
orange_yellow.md Normal file
View File

@@ -0,0 +1,22 @@
# Orange and Yellow Servers
## Services
1. Both servers run all quadlets in `podman/`
2. Both servers run the same nginx config in `nginx/`
## VMs
1. Orange runs unifi-external
2. Yellow runs nextcloud-aio
## Pihole
- Orange is ad-blocking
- Yellow is caching
## Load Balancing
- Orange handles all traffic from outside the network
- Yellow handles all internal traffic
- Both are capable of handling all traffic, port forwarding rule determines which is up

5
podman/README.md
View File

@@ -66,7 +66,10 @@ podman run \
### Cloudflared ### Cloudflared
Creates a DOH proxy for pihole. Just set the pihole upstream to `10.1.203.197#5053`. https://docs.pi-hole.net/guides/dns/cloudflared/
Creates a DOH proxy for pihole. Just set the pihole upstream to `10.1.203.197#5053` (yellow) or
`10.1.200.253#5053` (orange).
```bash ```bash
podman run \ podman run \

5
truenas-iscsi-enc0.yaml
View File

@@ -29,9 +29,10 @@ driver:
httpConnection: httpConnection:
protocol: https protocol: https
host: driveripper.reeselink.com host: driveripper.reeselink.com
port: 8443 port: 443
apiKey: "" apiKey: ""
allowInsecure: true allowInsecure: false
apiVersion: 2
zfs: zfs:
datasetProperties: datasetProperties:
"org.freenas:description": "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}/{{ parameters.[csi.storage.k8s.io/pvc/name] }}" "org.freenas:description": "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}/{{ parameters.[csi.storage.k8s.io/pvc/name] }}"

4
truenas-iscsi-enc1.yaml
View File

@@ -29,9 +29,9 @@ driver:
httpConnection: httpConnection:
protocol: https protocol: https
host: driveripper.reeselink.com host: driveripper.reeselink.com
port: 8443 port: 443
apiKey: "" apiKey: ""
allowInsecure: true allowInsecure: false
zfs: zfs:
datasetProperties: datasetProperties:
"org.freenas:description": "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}/{{ parameters.[csi.storage.k8s.io/pvc/name] }}" "org.freenas:description": "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}/{{ parameters.[csi.storage.k8s.io/pvc/name] }}"

2
truenas-nfs-enc1.yaml
View File

@@ -25,7 +25,7 @@ driver:
httpConnection: httpConnection:
protocol: https protocol: https
host: driveripper.reeselink.com host: driveripper.reeselink.com
port: 8443 port: 443
apiKey: "" apiKey: ""
allowInsecure: true allowInsecure: true
zfs: zfs: