From 225a76742f2cf35f971295a84c5d37265c134bd9 Mon Sep 17 00:00:00 2001 From: ducoterra Date: Mon, 17 Aug 2020 11:37:15 -0400 Subject: [PATCH] add monitor and pihole --- README.md | 67 +++++++++++++++++++++++----- monitor/.helmignore | 23 ++++++++++ monitor/Chart.yaml | 23 ++++++++++ monitor/templates/deploy.yaml | 49 ++++++++++++++++++++ monitor/templates/ingress.yaml | 13 ++++++ monitor/templates/service.yaml | 14 ++++++ monitor/values.yaml | 79 +++++++++++++++++++++++++++++++++ pihole/.helmignore | 23 ++++++++++ pihole/Chart.yaml | 23 ++++++++++ pihole/templates/configmap.yaml | 21 +++++++++ pihole/templates/deploy.yaml | 45 +++++++++++++++++++ pihole/templates/ingress.yaml | 13 ++++++ pihole/templates/pv.yaml | 17 +++++++ pihole/templates/pvc.yaml | 15 +++++++ pihole/templates/secret.yaml | 11 +++++ pihole/templates/service.yaml | 24 ++++++++++ pihole/values.yaml | 79 +++++++++++++++++++++++++++++++++ 17 files changed, 528 insertions(+), 11 deletions(-) create mode 100644 monitor/.helmignore create mode 100644 monitor/Chart.yaml create mode 100644 monitor/templates/deploy.yaml create mode 100644 monitor/templates/ingress.yaml create mode 100644 monitor/templates/service.yaml create mode 100644 monitor/values.yaml create mode 100644 pihole/.helmignore create mode 100644 pihole/Chart.yaml create mode 100644 pihole/templates/configmap.yaml create mode 100644 pihole/templates/deploy.yaml create mode 100644 pihole/templates/ingress.yaml create mode 100644 pihole/templates/pv.yaml create mode 100644 pihole/templates/pvc.yaml create mode 100644 pihole/templates/secret.yaml create mode 100644 pihole/templates/service.yaml create mode 100644 pihole/values.yaml diff --git a/README.md b/README.md index 93006fc..c593d87 100644 --- a/README.md +++ b/README.md @@ -99,6 +99,61 @@ To uninstall /usr/local/bin/k3s-uninstall.sh ``` +To drain a node (for maintenance) + +```bash +export NODE= +kubectl drain $NODE --ignore-daemonsets --delete-local-data +``` + +### Create an NFS pv and pvc + +pv.yaml + +```yaml +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ .Release.Name }} + annotations: + "helm.sh/resource-policy": keep +spec: + storageClassName: {{ .Release.Name }} + accessModes: + - ReadWriteOnce + capacity: + storage: 100Gi + nfs: + server: freenas + path: "/mnt/enc0/pi/pihole" +``` + +pvc.yaml + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }} + annotations: + "helm.sh/resource-policy": keep +spec: + storageClassName: {{ .Release.Name }} + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi +``` + +### Disable local-storage + +```bash +'--disable=local-storage' \ +systemctl daemon-reload +service k3s restart +``` + ### Install Docker ```bash @@ -111,18 +166,8 @@ sudo apt-get remove python-configparser sudo pip3 -v install docker-compose ``` -### Add NFS for local-storage - -Disable local-path: - -```bash -echo 'freenas:/mnt/enc0/pi /var/lib/rancher/k3s/storage nfs noexec,nosuid,nofail 0 0' >> /etc/fstab -mkdir -p /var/lib/rancher/k3s/storage -mount -a -``` - ### Pihole password ```bash echo $(kubectl get secret pihole --output=jsonpath='{.data.WEBPASSWORD}' | base64 --decode) -``` \ No newline at end of file +``` diff --git a/monitor/.helmignore b/monitor/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/monitor/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/monitor/Chart.yaml b/monitor/Chart.yaml new file mode 100644 index 0000000..b837a17 --- /dev/null +++ b/monitor/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: monitor +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: 1.16.0 diff --git a/monitor/templates/deploy.yaml b/monitor/templates/deploy.yaml new file mode 100644 index 0000000..23ecf8e --- /dev/null +++ b/monitor/templates/deploy.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ .Release.Name }} + spec: + nodeSelector: + kubernetes.io/hostname: {{ .Release.Name }} + containers: + - name: glances + image: hub.ducoterra.net/ducoterra/glances:arm64 + ports: + - containerPort: 61208 + resources: + requests: + memory: 128Mi + cpu: 250m + limits: + memory: 512Mi + cpu: 500m + - name: iperf + image: hub.ducoterra.net/ducoterra/iperf:arm64 + tty: true + stdin: true + ports: + - containerPort: 5201 + resources: + requests: + memory: 128Mi + cpu: 250m + limits: + memory: 512Mi + cpu: 500m + - name: stress + image: hub.ducoterra.net/ducoterra/stress:arm64 + resources: + requests: + memory: 128Mi + cpu: 250m + limits: + memory: 512Mi + cpu: "4" \ No newline at end of file diff --git a/monitor/templates/ingress.yaml b/monitor/templates/ingress.yaml new file mode 100644 index 0000000..62b4445 --- /dev/null +++ b/monitor/templates/ingress.yaml @@ -0,0 +1,13 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ .Release.Name }} +spec: + rules: + - host: {{ .Release.Name }} + http: + paths: + - path: / + backend: + serviceName: {{ .Release.Name }} + servicePort: 61208 \ No newline at end of file diff --git a/monitor/templates/service.yaml b/monitor/templates/service.yaml new file mode 100644 index 0000000..1b885c1 --- /dev/null +++ b/monitor/templates/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }} +spec: + selector: + app: {{ .Release.Name }} + ports: + - name: iperf + port: 5201 + targetPort: 5201 + - name: glances + port: 61208 + targetPort: 61208 \ No newline at end of file diff --git a/monitor/values.yaml b/monitor/values.yaml new file mode 100644 index 0000000..dd990ac --- /dev/null +++ b/monitor/values.yaml @@ -0,0 +1,79 @@ +# Default values for monitor. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/pihole/.helmignore b/pihole/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/pihole/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/pihole/Chart.yaml b/pihole/Chart.yaml new file mode 100644 index 0000000..8c177bc --- /dev/null +++ b/pihole/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +name: pihole +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: 1.16.0 diff --git a/pihole/templates/configmap.yaml b/pihole/templates/configmap.yaml new file mode 100644 index 0000000..083e4a8 --- /dev/null +++ b/pihole/templates/configmap.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }} +data: + ADMIN_EMAIL: 'ducoterra' + TZ: 'America/Chicago' + DNS1: '1.1.1.1' + DNS2: '1.0.0.1' + DNSSEC: 'true' + duconet.conf: | + address=/.localhost/127.0.0.1 + address=/.freenas.ducoterra.net/3.14.3.101 + address=/.pihole.ducoterra.net/3.14.3.102 + address=/.red/3.14.3.102 + address=/.grey/3.14.3.103 + address=/.gold/3.14.3.104 + address=/.green/3.14.3.105 + address=/.blue/3.14.3.106 + address=/.purple/3.14.3.107 + address=/.ducoterra.net/3.14.3.100 diff --git a/pihole/templates/deploy.yaml b/pihole/templates/deploy.yaml new file mode 100644 index 0000000..234b0a9 --- /dev/null +++ b/pihole/templates/deploy.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ .Release.Name }} + spec: + containers: + - name: pihole + image: pihole/pihole:latest + ports: + - containerPort: 53 + - containerPort: 80 + envFrom: + - configMapRef: + name: {{ .Release.Name }} + - secretRef: + name: {{ .Release.Name }} + resources: + requests: + memory: 128Mi + cpu: 250m + limits: + memory: 512Mi + cpu: 500m + volumeMounts: + - name: data + mountPath: /etc/pihole + - name: dnsmasq + mountPath: /etc/dnsmasq.d/duconet.conf + subPath: duconet.conf + volumes: + - name: data + persistentVolumeClaim: + claimName: {{ .Release.Name }} + - name: dnsmasq + configMap: + name: {{ .Release.Name }} diff --git a/pihole/templates/ingress.yaml b/pihole/templates/ingress.yaml new file mode 100644 index 0000000..d578152 --- /dev/null +++ b/pihole/templates/ingress.yaml @@ -0,0 +1,13 @@ +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ .Release.Name }} +spec: + rules: + - host: pihole.ducoterra.net + http: + paths: + - path: / + backend: + serviceName: web-{{ .Release.Name }} + servicePort: 80 \ No newline at end of file diff --git a/pihole/templates/pv.yaml b/pihole/templates/pv.yaml new file mode 100644 index 0000000..cc4d0dd --- /dev/null +++ b/pihole/templates/pv.yaml @@ -0,0 +1,17 @@ +{{ if .Release.IsInstall }} +apiVersion: v1 +kind: PersistentVolume +metadata: + name: {{ .Release.Name }} + annotations: + "helm.sh/resource-policy": keep +spec: + storageClassName: pihole + accessModes: + - ReadWriteOnce + capacity: + storage: 100Gi + nfs: + server: freenas + path: "/mnt/enc0/pi/pihole" +{{ end }} \ No newline at end of file diff --git a/pihole/templates/pvc.yaml b/pihole/templates/pvc.yaml new file mode 100644 index 0000000..e00d402 --- /dev/null +++ b/pihole/templates/pvc.yaml @@ -0,0 +1,15 @@ +{{ if .Release.IsInstall }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }} + annotations: + "helm.sh/resource-policy": keep +spec: + storageClassName: pihole + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 100Gi +{{ end }} \ No newline at end of file diff --git a/pihole/templates/secret.yaml b/pihole/templates/secret.yaml new file mode 100644 index 0000000..5c22069 --- /dev/null +++ b/pihole/templates/secret.yaml @@ -0,0 +1,11 @@ +{{ if and .Values.secret .Release.IsInstall }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }} + annotations: + "helm.sh/resource-policy": keep +type: generic +data: + WEBPASSWORD: {{ randAlphaNum 64 | b64enc | quote }} +{{ end }} \ No newline at end of file diff --git a/pihole/templates/service.yaml b/pihole/templates/service.yaml new file mode 100644 index 0000000..99749c4 --- /dev/null +++ b/pihole/templates/service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }} +spec: + selector: + app: {{ .Release.Name }} + ports: + - name: dns + protocol: UDP + port: 53 + targetPort: 53 + type: LoadBalancer +--- +apiVersion: v1 +kind: Service +metadata: + name: web-{{ .Release.Name }} +spec: + selector: + app: {{ .Release.Name }} + ports: + - port: 80 + targetPort: 80 \ No newline at end of file diff --git a/pihole/values.yaml b/pihole/values.yaml new file mode 100644 index 0000000..31885db --- /dev/null +++ b/pihole/values.yaml @@ -0,0 +1,79 @@ +# Default values for pihole. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {}