root/homelab-k3s
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: root:main
Branches Tags
root:main
root:pve
root:origin
root:k3s
..
compare: root:origin
Branches Tags
root:main
root:pve
root:origin
root:k3s

No commits in common. "main" and "origin" have entirely different histories.
main ... origin

28 changed files with 28 additions and 766 deletions
Show Stats Expand all files Collapse all files

2
HELP/Traefik.md
View File

@ -1,2 +0,0 @@
Редактирование конфиго (порты и тд)
kubectl edit svc PODNAME -n NAMESPACE

47
HELP/play.md
View File

@ -1,47 +0,0 @@
```markdown
# Homelab K3s Deployment Guide
## Шаги установки и развертывания
1. Перейдите в директорию Terraform:
```bash
cd /homelab_k3s/Terraform/
```
2. Примените конфигурации Terraform:
```bash
terraform apply --var-file=variables.tfvars --parallelism=1
```
3. Вернитесь в корневую директорию:
```bash
cd ..
```
4. Создайте виртуальное окружение для Ansible:
```bash
python3.12 -m venv ansible_env
```
5. Активируйте виртуальное окружение:
```bash
source ansible_env/bin/activate
```
6. Запустите Ansible playbook:
```bash
ansible-playbook -i inventory/my-cluster/hosts.ini site.yml -u root --private-key=/root/homelab-k3s/Terraform/key/id_rsa
```
7. Скопируйте конфигурацию k3s на локальный компьютер:
```bash
scp root@192.168.0.109:/etc/rancher/k3s/k3s.yaml ~/.kube/config
```
## Примечания
- Убедитесь, что все файлы и ключи доступны и корректно настроены.
- После копирования файла `k3s.yaml` проверьте доступность кластера с помощью команды:
```bash
kubectl get nodes
```
```

5
HELP/Полезное.md
View File

@ -1,5 +0,0 @@
Изменение LoadBalancer
```bash
kubectl patch svc [NAME] -n [NAMESPACE] -p '{"spec": {"type": "LoadBalancer"}}'
```

188
HELP/Пример.MD
View File

@ -1,188 +0,0 @@
# Инструкция по установке Planka в K3s с использованием Traefik и MetalLB
## 1. Установка MetalLB
```bash
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.14.8/config/manifests/metallb-native.yaml
```
## 2. Настройка пула IP-адресов для MetalLB
Создайте файл `metallb-config.yaml`:
```yaml
apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
name: planka-pool
namespace: metallb-system
spec:
addresses:
- 192.168.1.240-192.168.1.250
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
name: planka-advertisement
namespace: metallb-system
spec:
ipAddressPools:
- planka-pool
```
Примените конфигурацию:
```bash
kubectl apply -f metallb-config.yaml
```
## 3. Создание пространства имен
```bash
kubectl create namespace planka
```
## 4. Развертывание PostgreSQL
Создайте файл `postgres.yaml`:
```yaml
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: planka
spec:
ports:
- port: 5432
selector:
app: postgres
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres
namespace: planka
spec:
containers:
- name: postgres
image: postgres:13
env:
- name: POSTGRES_DB
value: planka
- name: POSTGRES_USER
value: plankauser
- name: POSTGRES_PASSWORD
value: plankapassword
volumeMounts:
- name: postgres-storage
mountPath: /var/lib/postgresql/data
volumes:
- name: postgres-storage
persistentVolumeClaim:
claimName: postgres-pvc
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-pvc
namespace: planka
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
```
Примените манифест:
```bash
kubectl apply -f postgres.yaml
```
## 5. Создание секрета с учетными данными администратора
Создайте файл `planka-admin-secret.yaml`:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: planka-admin-secret
namespace: planka
type: Opaque
data:
DEFAULT_ADMIN_EMAIL: YWRtaW5AZXhhbXBsZS5jb20=
DEFAULT_ADMIN_PASSWORD: WW91clNlY3VyZVBhc3N3b3Jk
DEFAULT_ADMIN_NAME: QWRtaW4=
DEFAULT_ADMIN_USERNAME: YWRtaW4=
```
Примените секрет:
```bash
kubectl apply -f planka-admin-secret.yaml
```
## 6. Развертывание Planka
Создайте файл `planka.yaml`:
```yaml
apiVersion: v1
kind: Service
metadata:
name: planka
namespace: planka
annotations:
metallb.universe.tf/address-pool: planka-pool
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 1337
selector:
app: planka
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: planka
namespace: planka
spec:
containers:
- name: planka
image: meltyshev/planka:latest
env:
- name: DATABASE_URL
value: postgres://plankauser:plankapassword@postgres.planka.svc.cluster.local:5432/planka
- name: SECRET_KEY
value: your-secret-key
envFrom:
- secretRef:
name: planka-admin-secret
ports:
- containerPort: 1337
```
Примените манифест:
```bash
kubectl apply -f planka.yaml
```
## 7. Настройка Ingress для доступа через Traefik
Создайте файл `ingress.yaml`:
```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: planka-ingress
namespace: planka
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- host: planka.your-domain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: planka
port:
number: 80
```
Примените манифест:
```bash
kubectl apply -f ingress.yaml
```
## 8. Настройка DNS
Убедитесь, что ваш домен `planka.your-domain.com` указывает на IP-адрес, выделенный MetalLB.
**Готово!** Теперь Planka установлена и доступна через ваш домен в кластере K3s.

27
HELP/METALLIB.md → METALLIB.md
View File

@ -37,6 +37,33 @@
kubectl apply -f metallb-config.yaml kubectl apply -f metallb-config.yaml
``` ```
4. **Создайте сервис типа LoadBalancer:**
Создайте файл `service.yaml` со следующим содержимым:
```yaml
apiVersion: v1
kind: Service
metadata:
name: external-service
spec:
selector:
app: my-app
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer
```
Примените манифест:
```bash
kubectl apply -f service.yaml
```
5. **Проверьте, что сервис получил внешний IP:**
```bash
kubectl get svc external-service
```
## Заметки ## Заметки
- Убедитесь, что ваш сервер позволяет доступ к указанному IP-адресу на соответствующих портах. - Убедитесь, что ваш сервер позволяет доступ к указанному IP-адресу на соответствующих портах.
- IP-адрес должен быть статическим и доступным для использования. - IP-адрес должен быть статическим и доступным для использования.

7
README.md
View File

@ -2,12 +2,5 @@
terraform apply --var-file=variables.tfvars --parallelism=1 terraform apply --var-file=variables.tfvars --parallelism=1
cd ..
python3.12 -m venv ansible_env
source ansible_env/bin/activate
ansible-playbook -i inventory/my-cluster/hosts.ini site.yml -u root --private-key=/root/homelab-k3s/Terraform/key/id_rsa ansible-playbook -i inventory/my-cluster/hosts.ini site.yml -u root --private-key=/root/homelab-k3s/Terraform/key/id_rsa
scp root@192.168.0.109:/etc/rancher/k3s/k3s.yaml ~/.kube/config

0
k3s_config/Grafana/ingress.yaml
View File

41
k3s_config/Localai/localai-deploy.yaml
View File

@ -1,41 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: localai
labels:
app: localai
spec:
replicas: 1
selector:
matchLabels:
app: localai
template:
metadata:
labels:
app: localai
spec:
containers:
- name: localai
image: quay.io/go-skynet/local-ai:v2.22.1-ffmpeg
ports:
- containerPort: 8080
volumeMounts:
- mountPath: /models
name: model-volume
volumes:
- name: model-volume
persistentVolumeClaim:
claimName: localai-pvc
---
apiVersion: v1
kind: Service
metadata:
name: localai-service
spec:
type: LoadBalancer
selector:
app: localai
ports:
- protocol: TCP
port: 80
targetPort: 8080

18
k3s_config/Localai/localai-ingres.yaml
View File

@ -1,18 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: localai-ingress
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- host: localai.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: localai-service
port:
number: 80

11
k3s_config/Localai/localai-pvc.yaml
View File

@ -1,11 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: localai-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: longhorn

60
k3s_config/Localai/values.yaml
View File

@ -1,60 +0,0 @@
deployment:
image:
repository: quay.io/go-skynet/local-ai
tag: latest-cpu
env:
threads: 4
context_size: 512
modelsPath: "/models"
prompt_templates:
image: busybox
pullPolicy: IfNotPresent
imagePullSecrets: []
resources:
{}
modelsConfigs:
{}
promptTemplates:
{}
initContainers: []
sidecarContainers: []
persistence:
models:
enabled: true
storageClass: "longhorn"
accessModes:
- ReadWriteMany
size: 10Gi
globalMount: /models
output:
enabled: true
storageClass: "longhorn"
accessModes:
- ReadWriteMany
size: 5Gi
globalMount: /tmp/generated
service:
type: LoadBalancer
port: 80
annotations: {}
ingress:
enabled: false
hosts:
- host: localai.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
nodeSelector: {}
tolerations: []
affinity: {}

19
k3s_config/Planka/ingress.yaml
View File

@ -1,19 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: planka-ingress
namespace: planka
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- host: planka.intr
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: planka
port:
number: 80

11
k3s_config/Planka/planka-admin-secret.yaml
View File

@ -1,11 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: planka-admin-secret
namespace: planka
type: Opaque
data:
DEFAULT_ADMIN_EMAIL: Z2JhNDA0QGdtYWlsLmNvbQ==
DEFAULT_ADMIN_PASSWORD: ODE0OA==
DEFAULT_ADMIN_NAME: cm9vdA==
DEFAULT_ADMIN_USERNAME: cm9vdA==

14
k3s_config/Planka/planka-service.yaml
View File

@ -1,14 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: planka
namespace: planka
spec:
selector:
app: planka
type: LoadBalancer
ports:
- protocol: TCP
port: 80
targetPort: 1337

29
k3s_config/Planka/planka.yaml
View File

@ -1,29 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: planka
namespace: planka
spec:
selector:
matchLabels:
app: planka
template:
metadata:
labels:
app: planka
spec:
containers:
- name: planka
image: ghcr.io/plankanban/planka:latest
env:
- name: DATABASE_URL
value: postgres://plankauser:8148@postgres.planka.svc.cluster.local:5432/planka
- name: SECRET_KEY
value: jdkdslsdklsdklskd
- name: BASE_URL
value: "http://planka.intr"
envFrom:
- secretRef:
name: planka-admin-secret
ports:
- containerPort: 1337

52
k3s_config/Planka/postgres_deployment.yaml
View File

@ -1,52 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: postgres
namespace: planka
spec:
ports:
- port: 5432
selector:
app: postgres
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: postgres
namespace: planka
spec:
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
securityContext:
fsGroup: 999
containers:
- name: postgres
image: postgres:13
env:
- name: POSTGRES_DB
value: "planka"
- name: POSTGRES_USER
value: "plankauser"
- name: POSTGRES_PASSWORD
value: "8148"
- name: PGDATA
value: "/var/lib/postgresql/data/pgdata"
ports:
- containerPort: 5432
volumeMounts:
- name: postgres-storage
mountPath: "/var/lib/postgresql/data"
securityContext:
runAsUser: 999 # Пользователь, от имени которого запускается процесс
runAsGroup: 999 # Группа, от имени которой запускается процесс
allowPrivilegeEscalation: false
volumes:
- name: postgres-storage
persistentVolumeClaim:
claimName: postgres-pvc

12
k3s_config/Planka/postgres_pvc.yaml
View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: postgres-pvc
namespace: planka
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: longhorn

28
k3s_config/coredns.yaml
View File

@ -1,28 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |
.:53 {
errors
health
ready
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
hosts /etc/coredns/NodeHosts {
ttl 60
reload 15s
fallthrough
}
prometheus :9153
forward . 8.8.8.8 1.1.1.1
cache 30
loop
reload
loadbalance
import /etc/coredns/custom/*.override
}

2
k3s_config/metallb-config.yaml
View File

@ -5,7 +5,7 @@ metadata:
namespace: metallb-system namespace: metallb-system
spec: spec:
addresses: addresses:
- 192.168.0.150-192.168.0.180 # Укажите здесь диапазон, доступный в вашей сети - 78.37.179.200-78.37.179.200 # Укажите здесь диапазон, доступный в вашей сети
--- ---
apiVersion: metallb.io/v1beta1 apiVersion: metallb.io/v1beta1
kind: L2Advertisement kind: L2Advertisement

51
k3s_config/nextcloud/mariadb-deployment.yaml
View File

@ -1,51 +0,0 @@
# mariadb-deployment.yaml (обновленный)
apiVersion: apps/v1
kind: Deployment
metadata:
name: mariadb
namespace: nextcloud
spec:
replicas: 1
selector:
matchLabels:
app: mariadb
template:
metadata:
labels:
app: mariadb
spec:
containers:
- name: mariadb
image: mariadb:10.5
env:
- name: MYSQL_ROOT_PASSWORD
value: "8148"
- name: MYSQL_DATABASE
value: nextcloud
- name: MYSQL_USER
value: nextcloud_user
- name: MYSQL_PASSWORD
value: "1488"
ports:
- containerPort: 3306
name: mariadb
volumeMounts:
- mountPath: /var/lib/mysql
name: mariadb-data
volumes:
- name: mariadb-data
persistentVolumeClaim:
claimName: mariadb-pvc
---
apiVersion: v1
kind: Service
metadata:
name: mariadb-service
namespace: nextcloud
spec:
selector:
app: mariadb
ports:
- port: 3306
targetPort: 3306
clusterIP: None

13
k3s_config/nextcloud/mariadb-pvc.yaml
View File

@ -1,13 +0,0 @@
# mariadb-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mariadb-pvc
namespace: nextcloud
spec:
storageClassName: longhorn
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi # Укажите необходимый размер хранилища

36
k3s_config/nextcloud/nextcloud-deployment.yaml
View File

@ -1,36 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextcloud
namespace: nextcloud
spec:
replicas: 1
selector:
matchLabels:
app: nextcloud
template:
metadata:
labels:
app: nextcloud
spec:
containers:
- name: nextcloud
image: nextcloud:stable
ports:
- containerPort: 80
volumeMounts:
- mountPath: /var/www/html
name: nextcloud-data
env:
- name: MYSQL_HOST
value: "mariadb-service"
- name: MYSQL_DATABASE
value: "nextcloud"
- name: MYSQL_USER
value: "nextcloud_user"
- name: MYSQL_PASSWORD
value: "1488"
volumes:
- name: nextcloud-data
persistentVolumeClaim:
claimName: nextcloud-pvc

19
k3s_config/nextcloud/nextcloud-ingress.yaml
View File

@ -1,19 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nextcloud-ingress
namespace: nextcloud
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
rules:
- host: nextcloud.intr # Укажите ваш домен
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nextcloud-service
port:
number: 80

12
k3s_config/nextcloud/nextcloud-pvc.yaml
View File

@ -1,12 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nextcloud-pvc
namespace: nextcloud
spec:
storageClassName: longhorn
accessModes:
- ReadWriteMany
resources:
requests:
storage: 10Gi

14
k3s_config/nextcloud/nextcloud-service.yaml
View File

@ -1,14 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: nextcloud-service
namespace: nextcloud
spec:
type: LoadBalancer # Или используйте 'NodePort', если 'LoadBalancer' недоступен
selector:
app: nextcloud
ports:
- protocol: TCP
port: 80
targetPort: 80

13
k3s_config/role-binding.yaml
View File

@ -1,13 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-global-access
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin # Полный доступ ко всем ресурсам в кластере
subjects:
- kind: ServiceAccount
name: default
namespace: kubernetes-dashboard

13
k3s_config/traefik/traefik-acme-pvc.yaml
View File

@ -1,13 +0,0 @@
# traefik-acme-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: traefik-acme-pvc
namespace: kube-system
spec:
accessModes:
- ReadWriteOnce
storageClassName: longhorn # Убедитесь, что используете правильный StorageClass
resources:
requests:
storage: 3Gi

50
k3s_config/traefik/traefik-values.yaml
View File

@ -1,50 +0,0 @@
# traefik-values.yaml
deployment:
podAnnotations:
prometheus.io/port: "8082"
prometheus.io/scrape: "true"
global:
systemDefaultRegistry: ""
image:
repository: rancher/mirrored-library-traefik
tag: 2.11.10
priorityClassName: system-cluster-critical
providers:
kubernetesIngress:
publishedService:
enabled: true
service:
type: LoadBalancer
ipFamilyPolicy: PreferDualStack
ports:
web:
port: 8000
exposedPort: 8000
websecure:
port: 8443
exposedPort: 8443
certificatesResolvers:
myresolver:
acme:
email: gba404@gmail.com # Замените на ваш email
storage: /letsencrypt/acme.json
httpChallenge:
entryPoint: web
persistence:
enabled: true
existingClaim: traefik-acme-pvc
# Если хотите создать новый PVC через Helm, используйте следующие параметры:
accessMode: ReadWriteOnce
size: 3Gi
storageClass: longhorn
additionalArguments:
- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"