ivanch/haven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7d8813708479cd77afc66e0c10a4fd9eac46c2db
haven/SETUP.md
Jose Henrique a00fe926e8 small improvements
2025-10-04 21:05:48 -03:00

71 lines
2.0 KiB
Markdown
Raw Blame History

## Install nfs-subdir-external-provisioner
```bash
helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
--set nfs.server=<NFS_SERVER> \
--set nfs.path=/export/config \
--set storageClass.name=nfs-client \
--set storageClass.pathPattern='${.PVC.namespace}/${.PVC.annotations.nfs.io/storage-path}'
```
Make it default by:
```bash
current_default=$(kubectl get storageclass -o jsonpath='{.items[?(@.metadata.annotations.storageclass\.kubernetes\.io/is-default-class=="true")].metadata.name}')
if [ -n "$current_default" ]; then
kubectl annotate storageclass "$current_default" storageclass.kubernetes.io/is-default-class- --overwrite
fi
kubectl annotate storageclass nfs-client storageclass.kubernetes.io/is-default-class=true --overwrite
```
PVC Usage:
```yaml
apiVersion: storage.k8s.io/v1
kind: PersistentVolumeClaim
metadata:
name: app-config
namespace: default
annotations:
nfs.io/storage-path: "app-config"
spec:
storageClassName: "nfs-client"
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
```
## Install MetalLB
```bash
kubectl create ns metallb-system
helm repo add metallb https://metallb.github.io/metallb
helm install metallb metallb/metallb --namespace metallb-system
```
Configure MetalLB with the config map from [metallb-system/address-pool.yaml](metallb-system/address-pool.yaml), and apply it:
```bash
kubectl apply -f metallb-system/address-pool.yaml
```
## Install cert-manager
```bash
kubectl create namespace cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.1/cert-manager.yaml
```
Create the private key for local CA:
```bash
openssl genrsa -out ca.key 4096
```
Create the root certificate (valid for 10 years):
```bash
openssl req -x509 -new -nodes -key ca.key -sha256 -days 3650 -out ca.crt -subj "/CN=Homelab CA"
```
Create secret and ClusterIssuer
```bash
kubectl create secret tls internal-ca-secret --cert=ca.crt --key=ca.key -n cert-manager
kubectl apply -f certs/internal-issuer.yaml
```
Reference in New Issue View Git Blame Copy Permalink