Repo to track my setup and deployment of my K3S Cluster. This is in no ways "ideal" or "production ready" but it works for me
- [1] https://github.com/ChristianLempa/cheat-sheets/blob/main/kubernetes/k3s.md
- [2] https://www.putorius.net/custom-motd-login-screen-linux.html
Create 5 nodes, we'll be doing 3 control planes with etcd and 2 agents
Current setup is as follows:
| Node | Hostname | Static IP |
|---|---|---|
| 01 | k3s01 | 10.10.99.201 |
| 02 | k3s02 | 10.10.99.202 |
| 03 | k3s03 | 10.10.99.203 |
| 04 | k3s04 | 10.10.99.204 |
| 05 | k3s05 | 10.10.99.205 |
sudo qm create 8000 --name "ubuntu-cloudinit" --ostype l26 \
--memory 1024 \
--agent 1 \
--bios ovmf --machine q35 --efidisk0 local-ceph-01:0,pre-enrolled-keys=0 \
--cpu host --socket 1 --cores 1 \
--vga serial0 --serial0 socket \
--net0 virtio,bridge=vmbr0
sudo qm importdisk 8000 mantic-server-cloudimg-amd64.img local-ceph-01
sudo qm set 8000 --scsihw virtio-scsi-pci --virtio0 local-ceph-01:vm-8000-disk-1,discard=on
sudo qm set 8000 --boot order=virtio0
sudo qm set 8000 --ide2 local-ceph-01:cloudinit
sudo qm set 8000 --cicustom "vendor=local:snippets/vendor.yaml"
sudo qm set 8000 --tags template,23.10,cloudinit,ubuntu
sudo qm set 8000 --ciuser root
sudo qm set 8000 --cipassword $(openssl passwd -6 $CLEARTEXT_PASSWORD)
sudo qm set 8000 --sshkeys ~/.ssh/authorized_keys
sudo qm set 8000 --ipconfig0 ip=dhcp
qm clone 8000 201 --name k3s-02 --full
qm clone 8000 202 --name k3s-02 --full
qm clone 8000 203 --name k3s-03 --full
qm clone 8000 204 --name k3s-04 --full
qm clone 8000 205 --name k3s-05 --full
qm resize 201 virtio0 +12.5G
qm resize 202 virtio0 +12.5G
qm resize 203 virtio0 +12.5G
qm resize 204 virtio0 +12.5G
qm resize 205 virtio0 +12.5GCreated a cloud init drive and set some parametes so we could clone the drives. Gave each node 16GB
- use ansible for node setup
On one of the nodes there was issues pinging so ran the following:
cd /var/lib/dpkg/info/ && sudo apt install --reinstall $(grep -l 'setcap' * | sed -e 's/\.[^.]*$//g' | sort --unique)- Register IP 10.10.99.4 under the LAB VLAN as a VIP
- Create 5 static IPs based on the MAC address of the above
see storage/Readme.md
Setting up the 3 control planes with etcd and 2 agents in one cluster
On Node 01 (K3S-01) run the following
openssl rand -hex 10 > k3s_secret.txt
You will need to copy that file or create it on each node and copy the contents over.
curl -sfL https://get.k3s.io | K3S_TOKEN=`cat k3s_secret.txt` sh -s - server \
--cluster-init \
--disable=servicelbcurl -sfL https://get.k3s.io | K3S_TOKEN=`cat k3s_secret.txt` sh -s - server \
--server https://10.10.99.201:6443 \
--disable=servicelbAgents
curl -sfL https://get.k3s.io | K3S_TOKEN=`cat k3s_secret.txt` sh -s - agent \
--server https://10.10.99.201:6443kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.14.4/config/manifests/metallb-native.yaml
Apply networking in the following order
-
metallb (README exists) -
traefik (to override some default values) -
ingress and cert manager, read README there to make sure you're good
TODO
| COMPLETE | TASK |
|---|---|
| FALSE | move secrets out of files and into its own secrets.yaml/ .env |
| FALSE | redeploy all iceboxed apps |
| FALSE | commit to github all the changes since years ago |
Deployment Checklist
- Persistent Volume Claim has suffix "-pvc"
- Service has suffix "-pvc"
- Ingress Route has suffix "-ing-r
Apps Checklist
| APP | DE-ICED | DEPLOYMENT | PVC | Service | Ingress Route |
|---|---|---|---|---|---|
| grafana | NEW | TRUE | TRUE | TRUE | TRUE |
| nginx | NEW | FALSE | FALSE | FALSE | FALSE |
| nzbhydra2 | NEW | FALSE | FALSE | FALSE | FALSE |
| overseer | NEW | FALSE | FALSE | FALSE | FALSE |
| plex | TRUE | FALSE | FALSE | FALSE | FALSE |
| radarr | TRUE | FALSE | FALSE | FALSE | FALSE |
| sabnzbd | TRUE | FALSE | FALSE | FALSE | FALSE |
| deluge | FALSE | FALSE | FALSE | FALSE | FALSE |
| duskbot | FALSE | FALSE | FALSE | FALSE | FALSE |
| jackett | FALSE | FALSE | FALSE | FALSE | FALSE |
| minecraft | FALSE | FALSE | FALSE | FALSE | FALSE |
| tautulli | FALSE | FALSE | FALSE | FALSE | FALSE |
| unifi | FALSE | FALSE | FALSE | FALSE | FALSE |
| unmanic | FALSE | FALSE | FALSE | FALSE | FALSE |
External App Ingress Routes
| APP | ROUTED |
|---|---|
| HAOS | FALSE |
| PIHOLE | TRUE |
| UNIFI | TRUE |
| PVE | FALSE |
| PFSENSE | FALSE |
| TRUENAS | TRUENAS |
| DELL SW | FALSE |
| MIKROTIK | FALSE |