Merge pull request #2 from CrashenX/setup_updates

Update networking and setup
CrashenX · Apr 21, 2019 · ae6158a · ae6158a
2 parents 0c20eba + f8d9149
commit ae6158a
Show file tree

Hide file tree

Showing 8 changed files with 62 additions and 76 deletions.
diff --git a/README.md b/README.md
@@ -1,51 +1,60 @@
-# microk8s
+# homelab
 
-## Enable addons
+## Setup
 
-At a minimum you'll probably want:
+### Install Kubernetes
 
-- dns
-- ingress
-- storage
+Tested with (on Ubuntu Server 18.04):
 
-The list of addons and instructions on enabling can be found in the
-[docs](https://github.com/ubuntu/microk8s#kubernetes-addons).
+- [microk8s](https://microk8s.io/)
+    - Can be installed during Ubuntu Server 18.04 installation or with `snap`
+    - Add `alias kubectl='microk8s.kubectl'` to bashrc
+    - NB: All DNS requests will show from 10.1.1.1 (docker bridge)
 
-## Setting up Helm / Tiller
+### Set up Helm / Tiller (with TLS)
 
     sudo snap install helm --classic
-    cd helm/; ./setup.sh  # Setup tiller with tls
-    helm --tiller-namespace=tiller ls --tls  # Verify working
+    pushd helm/
+    SUBJ="/C=US/ST=State/L=City/O=A Corp/OU=Security/CN=example.com" ./setup.sh
+    popd
 
-### Typing less
-
-Add this to your bashrc:
+Add this function to your bashrc (it saves typing and is used later on):
 
     shelm () {
             ( helm --tiller-namespace=tiller "$@" --tls )
     }
 
 NB: You might want to logout and back in to reload bashrc
 
-Verify it works:
+    shelm ls  # Verify working
+
+### Setup MetalLB
 
-    shelm ls
+    # NB: Your Start and End IPs must be in same subnet as your
+    #     clients and outside the DHCP lease range.
+    STARTIP=<192.168.x.n>
+    ENDIP=<192.168.x.n+m>
+    echo "Your IP range is: $STARTIP-$ENDIP"
+    shelm install stable/metallb \
+        --name metallb \
+        --set rbac.create=true \
+        --set configInline.address-pools[0].name="my-ip-space" \
+        --set configInline.address-pools[0].protocol="layer2" \
+        --set configInline.address-pools[0].addresses="{$STARTIP-$ENDIP}"
 
-## Setting up nginx ingress controller
+### Setup nginx ingress controller
 
-    shelm install stable/nginx-ingress --name my-nginx --set rbac.create=true
+    shelm install stable/nginx-ingress --name nginx --set rbac.create=true
 
 ## Setting up Pi-hole
 
-    IFACE='eno1'  # set to server's inbound interface
-    read -d "\n" PHIPV4 PHIPV6 <<<$(ip a show $IFACE | grep inet | awk '{ print $2 }' | sed -e 's/\/.*//')
-    echo -e "$PHIPV4\n$PHIPV6"  # verify correct IPs
-    cd helm/charts/pihole
+    PHIPV4=$(kubectl get service nginx-nginx-ingress-controller -o json | jq -r '.status.loadBalancer.ingress[0].ip')
+    echo "PHIPV4=$PHIPV4"  # verify correct IPs
+    pushd helm/charts/pihole
     curl https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt > files/whitelist.txt
     curl https://v.firebog.net/hosts/lists.php?type=nocross > files/adlists.list
-    shelm install . --namespace=pihole \
-       --set host.ipv4=$PHIPV4 \
-       # --set host.ipv6=$PHIPV6  # don't set if link-local address
+    shelm install . --name pihole --namespace=pihole --set host.ipv4=$PHIPV4
+    popd
 
 ## Gotchas
 

diff --git a/helm/charts/pihole/Chart.yaml b/helm/charts/pihole/Chart.yaml
@@ -1,5 +1,5 @@
 apiVersion: v1
-appVersion: "0.0.1"
-description: Pi-hole over HTTPS
+appVersion: "4.4.2-1"
+description: Pi-hole
 name: pihole
-version: 0.0.1
+version: 0.0.2
diff --git a/helm/charts/pihole/templates/cm-dnsmasq.yaml b/helm/charts/pihole/templates/cm-dnsmasq.yaml
diff --git a/helm/charts/pihole/templates/deployment.yaml b/helm/charts/pihole/templates/deployment.yaml
@@ -32,13 +32,7 @@ spec:
             memory: 1Gi
         env:
         - name: 'ServerIP'
-          value: {{ required "A valid .Values.host.ipv4 entry required!" .Values.host.ipv4 }}
-        {{ if .Values.host.ipv6 }}
-        - name: 'ServerIPv6'
-          value: {{ .Values.host.ipv6 }}
-        - name: 'IPv6'
-          value: True
-        {{ end }}
+          value: {{ required "A valid .Values.host.ipv4 entry is required." .Values.host.ipv4 }}
         - name: 'DNS1'
           value: '1.1.1.1'
         - name: 'DNS2'
@@ -66,22 +60,13 @@ spec:
           - mountPath: "/etc/pihole"
             name: {{ template "pihole.fullname" . }}-pvc
             subPath: "pihole"
-          - mountPath: "/etc/dnsmasq.d"
-            name: {{ template "pihole.fullname" . }}-pvc
-            subPath: "dnsmasq"
-          - mountPath: "/etc/dnsmasq.d/02-custom.conf"
-            name: {{ template "pihole.fullname" . }}-dnsmasq
-            subPath: 02-custom.conf
           - mountPath: "/etc/pihole/whitelist.txt"
             name: {{ template "pihole.fullname" . }}-lists
             subPath: whitelist.txt
           - mountPath: "/etc/pihole/adlists.list"
             name: {{ template "pihole.fullname" . }}-lists
             subPath: adlists.list
       volumes:
-        - name: {{ template "pihole.fullname" . }}-dnsmasq
-          configMap:
-            name: {{ template "pihole.fullname" . }}-dnsmasq
         - name: {{ template "pihole.fullname" . }}-lists
           configMap:
             name: {{ template "pihole.fullname" . }}-lists

diff --git a/helm/charts/pihole/templates/service-udp.yaml b/helm/charts/pihole/templates/service-udp.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "pihole.fullname" . }}-udp
+  labels:
+    app: {{ template "pihole.name" . }}
+    chart: {{ template "pihole.chart" . }}
+    heritage: {{ .Release.Service }}
+    release: {{ .Release.Name }}
+spec:
+  externalTrafficPolicy: Local
+  type: "LoadBalancer"
+  ports:
+  - name: dns-udp
+    port: 53
+    targetPort: dns-udp
+    protocol: UDP
+  selector:
+    app: {{ template "pihole.fullname" . }}
diff --git a/helm/charts/pihole/templates/service.yaml b/helm/charts/pihole/templates/service.yaml
@@ -21,18 +21,5 @@ spec:
     port: 53
     targetPort: dns
     protocol: TCP
-  - name: dns-udp
-    port: 53
-    targetPort: dns-udp
-    protocol: UDP
-  - name: client-udp
-    port: 67
-    targetPort: client-udp
-    protocol: UDP
-  externalIPs:
-  - {{ required "A valid .Values.host.ipv4 entry required!" .Values.host.ipv4 }}
-  {{ if .Values.host.ipv6 }}
-  - {{ .Values.host.ipv6 }}
-  {{ end }}
   selector:
     app: {{ template "pihole.fullname" . }}
diff --git a/helm/charts/pihole/values.yaml b/helm/charts/pihole/values.yaml
@@ -4,4 +4,3 @@ image:
   tag: 4.2.2-1_amd64
 host:
   # ipv4: required
-  # ipv6: optional
diff --git a/helm/setup.sh b/helm/setup.sh
@@ -1,12 +1,11 @@
-microk8s.kubectl create namespace tiller
-microk8s.kubectl create -f rbac-config.yaml
+microk8s.kubectl create namespace tiller || kubectl create namespace tiller
+microk8s.kubectl create -f rbac-config.yaml || kubectl create -f rbac-config.yaml
 openssl genrsa -out ./ca.key.pem 4096
-cp /etc/ssl/openssl.cnf openssl-with-ca.cnf
-openssl req -key ca.key.pem -new -x509 -days 14 -sha256 -out ca.cert.pem -extensions v3_ca -config openssl-with-ca.cnf
+openssl req -key ca.key.pem -new -x509 -days 14 -sha256 -out ca.cert.pem -extensions v3_ca -subj "$SUBJ"
 openssl genrsa -out ./tiller.key.pem 4096
 openssl genrsa -out ./helm.key.pem 4096
-openssl req -key tiller.key.pem -new -sha256 -out tiller.csr.pem
-openssl req -key helm.key.pem -new -sha256 -out helm.csr.pem
+openssl req -key tiller.key.pem -new -sha256 -out tiller.csr.pem -subj "$SUBJ"
+openssl req -key helm.key.pem -new -sha256 -out helm.csr.pem -subj "$SUBJ"
 openssl x509 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in tiller.csr.pem -out tiller.cert.pem -days 14
 openssl x509 -req -CA ca.cert.pem -CAkey ca.key.pem -CAcreateserial -in helm.csr.pem -out helm.cert.pem -days 14
 mkdir $(helm home); cp ca.cert.pem $(helm home)/ca.pem; cp helm.cert.pem $(helm home)/cert.pem; cp helm.key.pem $(helm home)/key.pem