This is an opinionated take on a relatively simple kubernetes cluster. It can be used to stand up a k3s cluster with automatic TLS encrypted services, using a wildcard domain and certificate. (e.g. https://*.sub.my.domain)
Features:
- Single host
- Let's Encrypt Wildcard certificate
- Simple TLS setup for applications
- Simple authentication setup for applications
- DigitalOcean managed DNS zone, with API token
- DNS wildcard pointed to node IP
- Generic OAuth provider information
- SSH access as yourself to the node IP, with sudo access
- asdf installed (optional)
- mask installed (or manually run the commands in maskfile.md)
Set the following environment variables, I use direnv:
# k3sup defaults to this
export KUBECONFIG=$KUBECONFIG:$PWD/kubeconfig
export FLY_ACME_EMAIL=adam@my.domain
# https://cloud.digitalocean.com/account/api/
export FLY_DO_TOKEN=
export FLY_SUBDOMAIN=sub.my.domain
# get these from your oauth provider
export FLY_OAUTH_AUTH_URL=
export FLY_OAUTH_TOKEN_URL=
export FLY_OAUTH_USER_URL=
export FLY_OAUTH_CLIENT_ID=
export FLY_OAUTH_CLIENT_SECRET=
# mask gen cookiesecret
export FLY_COOKIE_SECRET=
# mask gen signingsecret
export FLY_COOKIE_SIGNING_SECRET=
I recommend asdf, but otherwise you can install the versions of tools listed in .tool-versions
.
asdf install
- install k3s:
mask bootstrap <node IP/name>
- verify cluster connection:
kubectl get nodes
- create the resources:
mask sync
- Open your browser and log in to the traefik dashboard:
https://proxy.sub.my.domain
- Check out kanboard at
https://kanboard.sub.my.domain