No description
Find a file
Sebastian Mark 0dce5c72f2 break: switch from k3s to k0s
- replace k3s with k0s
  - remove argocd-init.yml
  - remove pb_install.yml
  - add docker-compose.yml for k0s setup
  - add k0s-config.yaml for k0s configuration
  - add metallb loadbalancer
    - add metallb ip pool
  - add openebs local storage
- update README

🤖
2024-09-03 08:24:27 +02:00
_templates REFACTOR: merge templates into one 2022-04-17 19:00:24 +02:00
bin Revert "feat: add renovate-bot cronjob" 2023-07-29 17:44:54 +02:00
manifests break: switch from k3s to k0s 2024-09-03 08:24:27 +02:00
.gitignore FEAT: get kubeconfig after k3s installation 2022-05-01 20:04:05 +02:00
.renovaterc.json break: switch from k3s to k0s 2024-09-03 08:24:27 +02:00
docker-compose.yml break: switch from k3s to k0s 2024-09-03 08:24:27 +02:00
k0s-config.yaml break: switch from k3s to k0s 2024-09-03 08:24:27 +02:00
logo.png FEAT: add logo 2021-11-30 14:49:29 +01:00
README.md break: switch from k3s to k0s 2024-09-03 08:24:27 +02:00

k0s Kubernetes + Baseline

Run (k0s + baseline)

docker compose up

Get kubeconfig

docker compose exec -it k0s k0s kubeconfig admin

Notes

openebs

When running in docker /run/udev/ does not exist, but is required by openebs. Simple fix is docker compose exec -it k0s mkdir /run/udev/

ArgoCD

To retrieve the initial admin password use kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

To change the password follow Argocd account update password.

Linode

PROXY protocol needs to be enabled for ingress-nginx to see the clients IP in ingress log.

Add the PROXY protocol annotation to the ingress-nginx service:

annotations:
    service.beta.kubernetes.io/linode-loadbalancer-proxy-protocol: v2

Update the ingress-nginx ConfigMap to make nginx expect PROXY protocol data:

data:
  use-proxy-protocol: "true"

cert-manager

However, when you have the PROXY protocol enabled, the external load balancer does modify the traffic, prepending the PROXY line before each TCP connection. If you connect directly to the web server internally, bypassing the external load balancer, then it will receive traffic without the PROXY line.

This is particularly a problem when using cert-manager for provisioning SSL certificates.

After enabling the PROXY protocol cert-manager is unable to perform a self check ("propagation check failed", "failed to perform self check GET request").

hairpin-proxy adds PROXY protocol support for internal-to-LoadBalancer traffic for Kubernetes Ingress users, specifically for cert-manager self-checks (no further configuration needed).