k8s

A collection of Kubernetes objects for my home setup

Notes

kubeadm

kubeadm init --config kubeadm-init.conf --upload-certs
# run control plane join command printed by kubeadm on additional masters

CNI: Cilium

cilium install --helm-values=cilium-values.yaml

Untaint master/control-plane

kubectl taint nodes --all node-role.kubernetes.io/master-
kubectl taint nodes --all node-role.kubernetes.io/control-plane-

Wait for coredns/control plane running

kubectl get pod --all-namespaces -owide --watch

metallb

kubectl apply -f 00-namespace.yaml -f metallb-system

Sealed secrets

kubectl apply -f /path/to/kubeseal-secret-key
kubectl apply -f kube-system/kubeseal

flux

kubectl apply -f flux
fluxctl --k8s-fwd-ns flux identity  # add key to GitHub with write access
# wait a bit for repo clone
fluxctl --k8s-fwd-ns flux sync

Un/ignoring resources with flux

# Ignore
kubectl annotate <resource> "flux.weave.works/ignore"

# Unignore
kubectl annotate <resource> "flux.weave.works/ignore"-

# Ignore all in namespace
# (doesn't seem like there is --all-namespaces for this.)
kubectl -n default annotate all --all "flux.weave.works/ignore"

# Unignore all in namespace
kubectl -n default annotate all --all "flux.weave.works/ignore"-

See fluxcd/flux#1211 for more

TODO

• Translate notes section into a bootstrap shell script
• Update bootstrap for Cilium CNI
• Cilium kubeproxy-free setup to preserve source IPs coming in via metallb (more on DSR)
• Use Flux/HelmRelease CRDs better

Thanks

• Lots of inspiration drawn from nicolerenee/k8s-state. Particularly: iscsi, flux, and sealed secrets.