k3s

new file:   k3s_config/Planka/postgres_pvc.yaml

.gitignore

@@ -8,6 +8,7 @@
 # Crash log files
 crash.log
 crash.*.log
+.DS_Store
 
 # Exclude all .tfvars files, which are likely to contain sensitive data, such as
 # password, private keys, and other secrets. These should not be part of version 

HELP/METALLIB.md

@@ -0,0 +1,44 @@
+# Настройка MetalLB для K3s с одним внешним IP-адресом
+
+## Шаги по настройке
+
+1. **Проверьте статус Traefik и MetalLB:**
+   ```bash
+   kubectl get svc -n kube-system traefik
+   kubectl get pods -n metallb-system
+   ```
+
+2. **Установка MetalLB (если не установлен):**
+   ```bash
+   kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/main/config/manifests/metallb-native.yaml
+   ```
+
+3. **Создайте файл конфигурации `metallb-config.yaml` с указанием внешнего IP-адреса:**
+   ```yaml
+   apiVersion: metallb.io/v1beta1
+   kind: IPAddressPool
+   metadata:
+     name: my-single-ip-pool
+     namespace: metallb-system
+   spec:
+     addresses:
+     - <ваш-внешний-IP-адрес>  # Укажите здесь ваш внешний IP-адрес
+   ---
+   apiVersion: metallb.io/v1beta1
+   kind: L2Advertisement
+   metadata:
+     name: my-l2-advertisement
+     namespace: metallb-system
+   spec: {}
+   ```
+
+   Примените конфигурацию:
+   ```bash
+   kubectl apply -f metallb-config.yaml
+   ```
+
+## Заметки
+- Убедитесь, что ваш сервер позволяет доступ к указанному IP-адресу на соответствующих портах.
+- IP-адрес должен быть статическим и доступным для использования.
+
+Следуя этим шагам, вы настроите MetalLB для работы с указанным внешним IP-адресом в кластере K3s.

HELP/Traefik.md

@@ -0,0 +1,2 @@
+Редактирование конфиго (порты и тд)
+kubectl edit svc PODNAME -n NAMESPACE

HELP/play.md

@@ -0,0 +1,47 @@
+```markdown
+# Homelab K3s Deployment Guide
+
+## Шаги установки и развертывания
+
+1. Перейдите в директорию Terraform:
+   ```bash
+   cd /homelab_k3s/Terraform/
+   ```
+
+2. Примените конфигурации Terraform:
+   ```bash
+   terraform apply --var-file=variables.tfvars --parallelism=1
+   ```
+
+3. Вернитесь в корневую директорию:
+   ```bash
+   cd ..
+   ```
+
+4. Создайте виртуальное окружение для Ansible:
+   ```bash
+   python3.12 -m venv ansible_env
+   ```
+
+5. Активируйте виртуальное окружение:
+   ```bash
+   source ansible_env/bin/activate
+   ```
+
+6. Запустите Ansible playbook:
+   ```bash
+   ansible-playbook -i inventory/my-cluster/hosts.ini site.yml -u root --private-key=/root/homelab-k3s/Terraform/key/id_rsa
+   ```
+
+7. Скопируйте конфигурацию k3s на локальный компьютер:
+   ```bash
+   scp root@192.168.0.109:/etc/rancher/k3s/k3s.yaml ~/.kube/config
+   ```
+
+## Примечания
+- Убедитесь, что все файлы и ключи доступны и корректно настроены.
+- После копирования файла `k3s.yaml` проверьте доступность кластера с помощью команды:
+  ```bash
+  kubectl get nodes
+  ```
+```

HELP/Полезное.md

@@ -0,0 +1,5 @@
+Изменение LoadBalancer
+
+```bash
+kubectl patch svc [NAME] -n [NAMESPACE] -p '{"spec": {"type": "LoadBalancer"}}'
+```

HELP/Пример.MD

@@ -0,0 +1,188 @@
+# Инструкция по установке Planka в K3s с использованием Traefik и MetalLB
+
+## 1. Установка MetalLB
+```bash
+kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.14.8/config/manifests/metallb-native.yaml
+```
+
+## 2. Настройка пула IP-адресов для MetalLB
+Создайте файл `metallb-config.yaml`:
+```yaml
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: planka-pool
+  namespace: metallb-system
+spec:
+  addresses:
+    - 192.168.1.240-192.168.1.250
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: planka-advertisement
+  namespace: metallb-system
+spec:
+  ipAddressPools:
+    - planka-pool
+```
+Примените конфигурацию:
+```bash
+kubectl apply -f metallb-config.yaml
+```
+
+## 3. Создание пространства имен
+```bash
+kubectl create namespace planka
+```
+
+## 4. Развертывание PostgreSQL
+Создайте файл `postgres.yaml`:
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  namespace: planka
+spec:
+  ports:
+    - port: 5432
+  selector:
+    app: postgres
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres
+  namespace: planka
+spec:
+  containers:
+    - name: postgres
+      image: postgres:13
+      env:
+        - name: POSTGRES_DB
+          value: planka
+        - name: POSTGRES_USER
+          value: plankauser
+        - name: POSTGRES_PASSWORD
+          value: plankapassword
+      volumeMounts:
+        - name: postgres-storage
+          mountPath: /var/lib/postgresql/data
+  volumes:
+    - name: postgres-storage
+      persistentVolumeClaim:
+        claimName: postgres-pvc
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: postgres-pvc
+  namespace: planka
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+```
+Примените манифест:
+```bash
+kubectl apply -f postgres.yaml
+```
+
+## 5. Создание секрета с учетными данными администратора
+Создайте файл `planka-admin-secret.yaml`:
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: planka-admin-secret
+  namespace: planka
+type: Opaque
+data:
+  DEFAULT_ADMIN_EMAIL: YWRtaW5AZXhhbXBsZS5jb20=
+  DEFAULT_ADMIN_PASSWORD: WW91clNlY3VyZVBhc3N3b3Jk
+  DEFAULT_ADMIN_NAME: QWRtaW4=
+  DEFAULT_ADMIN_USERNAME: YWRtaW4=
+```
+Примените секрет:
+```bash
+kubectl apply -f planka-admin-secret.yaml
+```
+
+## 6. Развертывание Planka
+Создайте файл `planka.yaml`:
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: planka
+  namespace: planka
+  annotations:
+    metallb.universe.tf/address-pool: planka-pool
+spec:
+  type: LoadBalancer
+  ports:
+    - port: 80
+      targetPort: 1337
+  selector:
+    app: planka
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: planka
+  namespace: planka
+spec:
+  containers:
+    - name: planka
+      image: meltyshev/planka:latest
+      env:
+        - name: DATABASE_URL
+          value: postgres://plankauser:plankapassword@postgres.planka.svc.cluster.local:5432/planka
+        - name: SECRET_KEY
+          value: your-secret-key
+      envFrom:
+        - secretRef:
+            name: planka-admin-secret
+      ports:
+        - containerPort: 1337
+```
+Примените манифест:
+```bash
+kubectl apply -f planka.yaml
+```
+
+## 7. Настройка Ingress для доступа через Traefik
+Создайте файл `ingress.yaml`:
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: planka-ingress
+  namespace: planka
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: web
+spec:
+  rules:
+    - host: planka.your-domain.com
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: planka
+                port:
+                  number: 80
+```
+Примените манифест:
+```bash
+kubectl apply -f ingress.yaml
+```
+
+## 8. Настройка DNS
+Убедитесь, что ваш домен `planka.your-domain.com` указывает на IP-адрес, выделенный MetalLB.
+
+**Готово!** Теперь Planka установлена и доступна через ваш домен в кластере K3s.

README.md

@@ -2,5 +2,12 @@
 
 terraform apply --var-file=variables.tfvars --parallelism=1
 
+cd ..
+
+python3.12 -m venv ansible_env
+
+source ansible_env/bin/activate
+
 ansible-playbook -i inventory/my-cluster/hosts.ini site.yml -u root --private-key=/root/homelab-k3s/Terraform/key/id_rsa
 
+scp root@192.168.0.109:/etc/rancher/k3s/k3s.yaml ~/.kube/config

cloud-init/master.yml

@@ -1,9 +0,0 @@
-#cloud-config
-users:
-  - name: root
-    ssh-authorized-keys:
-      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDItH73+vTvxxgMlv8vzpRt59KeKykYGhMhOCt+uWxbsuhjPvXRQC6dCwuDLy8heiYFO8bklOiLxLtz3GBOtp4OcjVRkgS7L4+qUn8QkAaJPQeEUuKADrCpxxLz0rYsgLo9WvQ9HS/WS15wmMHbSufGjXjhApZ3VODMyrtdaDOoyKm+YMahxY577TkX3yIdv3+yENPhP+rNdcWxFKYvEzOz2XACvq81fxfcYLN5opPbz+UILnQSyxI+TxZtzq3icPQAsVXPmZGBbryiSk3e5tFhE7ORkw1I2QG4CBEPZx+gAhbO0p3sCcdpLF7z4HxaGzJKpy6V8JxZHmLJCgQeSsgaeP3OvTU/lgsWw6xphEpQqJmb9dMjtJMyV8I/PxrLPP9ikh5tcqlXENLXSc6V4BkI1NUJZhYm0sYPcWW2ZeYy6gGzYiSgu3wqzqf0yG9j8NnMtdyvBLMhNKasqfd0CRK+CQ3apMghC68X7JK7CDA/edjfl2MA/QJ2ZoYBBzyXd9vUJgMlyZaxXG9NIA7rU88OZTmS+43y1BRNlkXh231EjtH7h25n+nYxYInFtFWbbi1liORxVO622Y4YnCdTJFoyiFGsuzSaDYfjRMzSHOjnUlUVsqYHPIfH6h/ZH5vVrAMihnIhqJDbi1rLtZVx0GsmpXMAWAee2oi4rEcEynydMQ== gba404@gmail.com
-    lock_passwd: false
-    passwd: $1$/bB7Q1vR$Nz4PtA52uDdF6.pc.haec/
-package_update: true
-package_upgrade: true

inventory/group_vars/all.yml

@@ -7,7 +7,7 @@ extra_agent_args: ""
 copy_kubeconfig: true
 metallb: true
 metallb_version: "v0.14.8"
-metallb_range: "192.168.0.110-192.168.0.112"
+metallb_range: "78.37.179.200-78.37.179.200"
 argocd: false
 argocd_service_type: LoadBalancer
 dns_servers: []

inventory/my-cluster/group_vars/all.yml

@@ -1,14 +0,0 @@
-k3s_version: v1.30.6+k3s1
-ansible_user: root
-systemd_dir: /etc/systemd/system
-master_ip: "{{ hostvars[groups['master'][0]]['ansible_host'] | default(groups['master'][0]) }}"
-extra_server_args: "--write-kubeconfig-mode=644"
-extra_agent_args: ""
-copy_kubeconfig: true
-metallb: true
-metallb_version: "v0.14.8"
-metallb_range: "192.168.0.110-192.168.0.112"
-argocd: false
-argocd_service_type: LoadBalancer
-dns_servers: []
-ansible_python_interpreter: /usr/bin/python3

inventory/my-cluster/hosts.ini

@@ -1,11 +0,0 @@
-[master]
-192.168.0.109 ansible_ssh_private_key_file=/root/homelab-k3s/Terraform/key/id_rsa
-
-[node]
-192.168.0.110 ansible_ssh_private_key_file=/root/homelab-k3s/Terraform/key/id_rsa
-192.168.0.111 ansible_ssh_private_key_file=/root/homelab-k3s/Terraform/key/id_rsa
-192.168.0.112 ansible_ssh_private_key_file=/root/homelab-k3s/Terraform/key/id_rsa
-
-[k3s_cluster:children]
-master
-node

k3s_config/Localai/localai-deploy.yaml

@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: localai
+  labels:
+    app: localai
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: localai
+  template:
+    metadata:
+      labels:
+        app: localai
+    spec:
+      containers:
+      - name: localai
+        image: quay.io/go-skynet/local-ai:v2.22.1-ffmpeg
+        ports:
+        - containerPort: 8080
+        volumeMounts:
+        - mountPath: /models
+          name: model-volume
+      volumes:
+      - name: model-volume
+        persistentVolumeClaim:
+          claimName: localai-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: localai-service
+spec:
+  type: LoadBalancer
+  selector:
+    app: localai
+  ports:
+  - protocol: TCP
+    port: 80
+    targetPort: 8080

k3s_config/Localai/localai-ingres.yaml

@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: localai-ingress
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: web
+spec:
+  rules:
+  - host: localai.local
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: localai-service
+            port:
+              number: 80

k3s_config/Localai/localai-pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: localai-pvc
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: longhorn

k3s_config/Localai/values.yaml

@@ -0,0 +1,60 @@
+deployment:
+  image:
+    repository: quay.io/go-skynet/local-ai
+    tag: latest-cpu
+  env:
+    threads: 4
+    context_size: 512
+  modelsPath: "/models"
+  prompt_templates:
+    image: busybox
+  pullPolicy: IfNotPresent
+  imagePullSecrets: []
+
+resources:
+  {}
+
+modelsConfigs:
+  {}
+
+promptTemplates:
+  {}
+
+initContainers: []
+sidecarContainers: []
+
+persistence:
+  models:
+    enabled: true
+    storageClass: "longhorn"
+    accessModes:
+      - ReadWriteMany
+    size: 10Gi
+    globalMount: /models
+  output:
+    enabled: true
+    storageClass: "longhorn"
+    accessModes:
+      - ReadWriteMany
+    size: 5Gi
+    globalMount: /tmp/generated
+
+service:
+  type: LoadBalancer
+  port: 80
+  annotations: {}
+
+ingress:
+  enabled: false
+  hosts:
+    - host: localai.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

k3s_config/Planka/ingress.yaml

@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: planka-ingress
+  namespace: planka
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: web
+spec:
+  rules:
+    - host: planka.intr
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: planka
+                port:
+                  number: 80

k3s_config/Planka/planka-admin-secret.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: planka-admin-secret
+  namespace: planka
+type: Opaque
+data:
+  DEFAULT_ADMIN_EMAIL: Z2JhNDA0QGdtYWlsLmNvbQ==
+  DEFAULT_ADMIN_PASSWORD: ODE0OA==
+  DEFAULT_ADMIN_NAME: cm9vdA==
+  DEFAULT_ADMIN_USERNAME: cm9vdA==

k3s_config/Planka/planka-service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: planka
+  namespace: planka
+spec:
+  selector:
+    app: planka
+  type: LoadBalancer
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 1337
+

k3s_config/Planka/planka.yaml

@@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: planka
+  namespace: planka
+spec:
+  selector:
+    matchLabels:
+      app: planka
+  template:
+    metadata:
+      labels:
+        app: planka
+    spec:
+      containers:
+        - name: planka
+          image: ghcr.io/plankanban/planka:latest
+          env:
+            - name: DATABASE_URL
+              value: postgres://plankauser:8148@postgres.planka.svc.cluster.local:5432/planka
+            - name: SECRET_KEY
+              value: jdkdslsdklsdklskd
+            - name: BASE_URL
+              value: "http://planka.intr"
+          envFrom:
+            - secretRef:
+                name: planka-admin-secret
+          ports:
+            - containerPort: 1337

k3s_config/Planka/postgres_deployment.yaml

@@ -0,0 +1,52 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgres
+  namespace: planka
+spec:
+  ports:
+    - port: 5432
+  selector:
+    app: postgres
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgres
+  namespace: planka
+spec:
+  selector:
+    matchLabels:
+      app: postgres
+  template:
+    metadata:
+      labels:
+        app: postgres
+    spec:
+      securityContext:
+        fsGroup: 999
+      containers:
+        - name: postgres
+          image: postgres:13
+          env:
+            - name: POSTGRES_DB
+              value: "planka"
+            - name: POSTGRES_USER
+              value: "plankauser"
+            - name: POSTGRES_PASSWORD
+              value: "8148"
+            - name: PGDATA
+              value: "/var/lib/postgresql/data/pgdata"
+          ports:
+            - containerPort: 5432
+          volumeMounts:
+            - name: postgres-storage
+              mountPath: "/var/lib/postgresql/data"
+          securityContext:
+            runAsUser: 999  # Пользователь, от имени которого запускается процесс
+            runAsGroup: 999  # Группа, от имени которой запускается процесс
+            allowPrivilegeEscalation: false
+      volumes:
+        - name: postgres-storage
+          persistentVolumeClaim:
+            claimName: postgres-pvc

k3s_config/Planka/postgres_pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: postgres-pvc
+  namespace: planka
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: longhorn

k3s_config/coredns.yaml

@@ -0,0 +1,28 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns
+  namespace: kube-system
+data:
+  Corefile: |
+    .:53 {
+        errors
+        health
+        ready
+        kubernetes cluster.local in-addr.arpa ip6.arpa {
+          pods insecure
+          fallthrough in-addr.arpa ip6.arpa
+        }
+        hosts /etc/coredns/NodeHosts {
+          ttl 60
+          reload 15s
+          fallthrough
+        }
+        prometheus :9153
+        forward . 8.8.8.8 1.1.1.1
+        cache 30
+        loop
+        reload
+        loadbalance
+        import /etc/coredns/custom/*.override
+    }

k3s_config/metallb-config.yaml

@@ -0,0 +1,16 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: my-ip-pool
+  namespace: metallb-system
+spec:
+  addresses:
+  - 192.168.0.150-192.168.0.180  # Укажите здесь диапазон, доступный в вашей сети
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: my-l2-advertisement
+  namespace: metallb-system
+spec: {}
+

k3s_config/nextcloud/mariadb-deployment.yaml

@@ -0,0 +1,51 @@
+# mariadb-deployment.yaml (обновленный)
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: mariadb
+  namespace: nextcloud
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: mariadb
+  template:
+    metadata:
+      labels:
+        app: mariadb
+    spec:
+      containers:
+      - name: mariadb
+        image: mariadb:10.5
+        env:
+        - name: MYSQL_ROOT_PASSWORD
+          value: "8148"
+        - name: MYSQL_DATABASE
+          value: nextcloud
+        - name: MYSQL_USER
+          value: nextcloud_user
+        - name: MYSQL_PASSWORD
+          value: "1488"
+        ports:
+        - containerPort: 3306
+          name: mariadb
+        volumeMounts:
+        - mountPath: /var/lib/mysql
+          name: mariadb-data
+      volumes:
+      - name: mariadb-data
+        persistentVolumeClaim:
+          claimName: mariadb-pvc
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: mariadb-service
+  namespace: nextcloud
+spec:
+  selector:
+    app: mariadb
+  ports:
+    - port: 3306
+      targetPort: 3306
+  clusterIP: None

k3s_config/nextcloud/mariadb-pvc.yaml

@@ -0,0 +1,13 @@
+# mariadb-pvc.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: mariadb-pvc
+  namespace: nextcloud
+spec:
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 5Gi  # Укажите необходимый размер хранилища

k3s_config/nextcloud/nextcloud-deployment.yaml

@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nextcloud
+  namespace: nextcloud
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nextcloud
+  template:
+    metadata:
+      labels:
+        app: nextcloud
+    spec:
+      containers:
+      - name: nextcloud
+        image: nextcloud:stable
+        ports:
+        - containerPort: 80
+        volumeMounts:
+        - mountPath: /var/www/html
+          name: nextcloud-data
+        env:
+        - name: MYSQL_HOST
+          value: "mariadb-service"
+        - name: MYSQL_DATABASE
+          value: "nextcloud"
+        - name: MYSQL_USER
+          value: "nextcloud_user"
+        - name: MYSQL_PASSWORD
+          value: "1488"
+      volumes:
+      - name: nextcloud-data
+        persistentVolumeClaim:
+          claimName: nextcloud-pvc

k3s_config/nextcloud/nextcloud-ingress.yaml

@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: nextcloud-ingress
+  namespace: nextcloud
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: web
+spec:
+  rules:
+  - host: nextcloud.intr     # Укажите ваш домен
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: nextcloud-service
+            port:
+              number: 80

k3s_config/nextcloud/nextcloud-pvc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nextcloud-pvc
+  namespace: nextcloud
+spec:
+  storageClassName: longhorn
+  accessModes:
+    - ReadWriteMany
+  resources:
+    requests:
+      storage: 10Gi

k3s_config/nextcloud/nextcloud-service.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nextcloud-service
+  namespace: nextcloud
+spec:
+  type: LoadBalancer  # Или используйте 'NodePort', если 'LoadBalancer' недоступен
+  selector:
+    app: nextcloud
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+

k3s_config/role-binding.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kubernetes-dashboard-global-access
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin  # Полный доступ ко всем ресурсам в кластере
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: kubernetes-dashboard
+

k3s_config/traefik/traefik-acme-pvc.yaml

@@ -0,0 +1,13 @@
+# traefik-acme-pvc.yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: traefik-acme-pvc
+  namespace: kube-system
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn # Убедитесь, что используете правильный StorageClass
+  resources:
+    requests:
+      storage: 3Gi

k3s_config/traefik/traefik-values.yaml

@@ -0,0 +1,50 @@
+# traefik-values.yaml
+
+deployment:
+  podAnnotations:
+    prometheus.io/port: "8082"
+    prometheus.io/scrape: "true"
+
+global:
+  systemDefaultRegistry: ""
+
+image:
+  repository: rancher/mirrored-library-traefik
+  tag: 2.11.10
+
+priorityClassName: system-cluster-critical
+
+providers:
+  kubernetesIngress:
+    publishedService:
+      enabled: true
+
+service:
+  type: LoadBalancer
+  ipFamilyPolicy: PreferDualStack
+  ports:
+    web:
+      port: 8000
+      exposedPort: 8000
+    websecure:
+      port: 8443
+      exposedPort: 8443
+
+certificatesResolvers:
+  myresolver:
+    acme:
+      email: gba404@gmail.com # Замените на ваш email
+      storage: /letsencrypt/acme.json
+      httpChallenge:
+        entryPoint: web
+
+persistence:
+  enabled: true
+  existingClaim: traefik-acme-pvc
+  # Если хотите создать новый PVC через Helm, используйте следующие параметры:
+  accessMode: ReadWriteOnce
+  size: 3Gi
+  storageClass: longhorn
+
+additionalArguments:
+  - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"

snippets/cloud_init_master_0.yml

@@ -1,10 +0,0 @@
-#cloud-config
-hostname: k3s-master-0
-users:
-  - name: root
-    ssh-authorized-keys:
-      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDItH73+vTvxxgMlv8vzpRt59KeKykYGhMhOCt+uWxbsuhjPvXRQC6dCwuDLy8heiYFO8bklOiLxLtz3GBOtp4OcjVRkgS7L4+qUn8QkAaJPQeEUuKADrCpxxLz0rYsgLo9WvQ9HS/WS15wmMHbSufGjXjhApZ3VODMyrtdaDOoyKm+YMahxY577TkX3yIdv3+yENPhP+rNdcWxFKYvEzOz2XACvq81fxfcYLN5opPbz+UILnQSyxI+TxZtzq3icPQAsVXPmZGBbryiSk3e5tFhE7ORkw1I2QG4CBEPZx+gAhbO0p3sCcdpLF7z4HxaGzJKpy6V8JxZHmLJCgQeSsgaeP3OvTU/lgsWw6xphEpQqJmb9dMjtJMyV8I/PxrLPP9ikh5tcqlXENLXSc6V4BkI1NUJZhYm0sYPcWW2ZeYy6gGzYiSgu3wqzqf0yG9j8NnMtdyvBLMhNKasqfd0CRK+CQ3apMghC68X7JK7CDA/edjfl2MA/QJ2ZoYBBzyXd9vUJgMlyZaxXG9NIA7rU88OZTmS+43y1BRNlkXh231EjtH7h25n+nYxYInFtFWbbi1liORxVO622Y4YnCdTJFoyiFGsuzSaDYfjRMzSHOjnUlUVsqYHPIfH6h/ZH5vVrAMihnIhqJDbi1rLtZVx0GsmpXMAWAee2oi4rEcEynydMQ== gba404@gmail.com
-    lock_passwd: false
-    passwd: $1$/bB7Q1vR$Nz4PtA52uDdF6.pc.haec/
-package_update: true
-package_upgrade: true

snippets/cloud_init_worker_0.yml

@@ -1,10 +0,0 @@
-#cloud-config
-hostname: k3s-worker-0
-users:
-  - name: root
-    ssh-authorized-keys:
-      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDItH73+vTvxxgMlv8vzpRt59KeKykYGhMhOCt+uWxbsuhjPvXRQC6dCwuDLy8heiYFO8bklOiLxLtz3GBOtp4OcjVRkgS7L4+qUn8QkAaJPQeEUuKADrCpxxLz0rYsgLo9WvQ9HS/WS15wmMHbSufGjXjhApZ3VODMyrtdaDOoyKm+YMahxY577TkX3yIdv3+yENPhP+rNdcWxFKYvEzOz2XACvq81fxfcYLN5opPbz+UILnQSyxI+TxZtzq3icPQAsVXPmZGBbryiSk3e5tFhE7ORkw1I2QG4CBEPZx+gAhbO0p3sCcdpLF7z4HxaGzJKpy6V8JxZHmLJCgQeSsgaeP3OvTU/lgsWw6xphEpQqJmb9dMjtJMyV8I/PxrLPP9ikh5tcqlXENLXSc6V4BkI1NUJZhYm0sYPcWW2ZeYy6gGzYiSgu3wqzqf0yG9j8NnMtdyvBLMhNKasqfd0CRK+CQ3apMghC68X7JK7CDA/edjfl2MA/QJ2ZoYBBzyXd9vUJgMlyZaxXG9NIA7rU88OZTmS+43y1BRNlkXh231EjtH7h25n+nYxYInFtFWbbi1liORxVO622Y4YnCdTJFoyiFGsuzSaDYfjRMzSHOjnUlUVsqYHPIfH6h/ZH5vVrAMihnIhqJDbi1rLtZVx0GsmpXMAWAee2oi4rEcEynydMQ== gba404@gmail.com
-    lock_passwd: false
-    passwd: $1$/bB7Q1vR$Nz4PtA52uDdF6.pc.haec/
-package_update: true
-package_upgrade: true

snippets/cloud_init_worker_1.yml

@@ -1,10 +0,0 @@
-#cloud-config
-hostname: k3s-worker-1
-users:
-  - name: root
-    ssh-authorized-keys:
-      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDItH73+vTvxxgMlv8vzpRt59KeKykYGhMhOCt+uWxbsuhjPvXRQC6dCwuDLy8heiYFO8bklOiLxLtz3GBOtp4OcjVRkgS7L4+qUn8QkAaJPQeEUuKADrCpxxLz0rYsgLo9WvQ9HS/WS15wmMHbSufGjXjhApZ3VODMyrtdaDOoyKm+YMahxY577TkX3yIdv3+yENPhP+rNdcWxFKYvEzOz2XACvq81fxfcYLN5opPbz+UILnQSyxI+TxZtzq3icPQAsVXPmZGBbryiSk3e5tFhE7ORkw1I2QG4CBEPZx+gAhbO0p3sCcdpLF7z4HxaGzJKpy6V8JxZHmLJCgQeSsgaeP3OvTU/lgsWw6xphEpQqJmb9dMjtJMyV8I/PxrLPP9ikh5tcqlXENLXSc6V4BkI1NUJZhYm0sYPcWW2ZeYy6gGzYiSgu3wqzqf0yG9j8NnMtdyvBLMhNKasqfd0CRK+CQ3apMghC68X7JK7CDA/edjfl2MA/QJ2ZoYBBzyXd9vUJgMlyZaxXG9NIA7rU88OZTmS+43y1BRNlkXh231EjtH7h25n+nYxYInFtFWbbi1liORxVO622Y4YnCdTJFoyiFGsuzSaDYfjRMzSHOjnUlUVsqYHPIfH6h/ZH5vVrAMihnIhqJDbi1rLtZVx0GsmpXMAWAee2oi4rEcEynydMQ== gba404@gmail.com
-    lock_passwd: false
-    passwd: $1$/bB7Q1vR$Nz4PtA52uDdF6.pc.haec/
-package_update: true
-package_upgrade: true

snippets/cloud_init_worker_2.yml

@@ -1,10 +0,0 @@
-#cloud-config
-hostname: k3s-worker-2
-users:
-  - name: root
-    ssh-authorized-keys:
-      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDItH73+vTvxxgMlv8vzpRt59KeKykYGhMhOCt+uWxbsuhjPvXRQC6dCwuDLy8heiYFO8bklOiLxLtz3GBOtp4OcjVRkgS7L4+qUn8QkAaJPQeEUuKADrCpxxLz0rYsgLo9WvQ9HS/WS15wmMHbSufGjXjhApZ3VODMyrtdaDOoyKm+YMahxY577TkX3yIdv3+yENPhP+rNdcWxFKYvEzOz2XACvq81fxfcYLN5opPbz+UILnQSyxI+TxZtzq3icPQAsVXPmZGBbryiSk3e5tFhE7ORkw1I2QG4CBEPZx+gAhbO0p3sCcdpLF7z4HxaGzJKpy6V8JxZHmLJCgQeSsgaeP3OvTU/lgsWw6xphEpQqJmb9dMjtJMyV8I/PxrLPP9ikh5tcqlXENLXSc6V4BkI1NUJZhYm0sYPcWW2ZeYy6gGzYiSgu3wqzqf0yG9j8NnMtdyvBLMhNKasqfd0CRK+CQ3apMghC68X7JK7CDA/edjfl2MA/QJ2ZoYBBzyXd9vUJgMlyZaxXG9NIA7rU88OZTmS+43y1BRNlkXh231EjtH7h25n+nYxYInFtFWbbi1liORxVO622Y4YnCdTJFoyiFGsuzSaDYfjRMzSHOjnUlUVsqYHPIfH6h/ZH5vVrAMihnIhqJDbi1rLtZVx0GsmpXMAWAee2oi4rEcEynydMQ== gba404@gmail.com
-    lock_passwd: false
-    passwd: $1$/bB7Q1vR$Nz4PtA52uDdF6.pc.haec/
-package_update: true
-package_upgrade: true