Wqrld · August 3, 2025 18:54
diff --git a/ingress-nginx.values.yaml b/ingress-nginx.values.yaml
 controller:
  hostPort:
    enabled: true
  service:
    type: "ClusterIP"
  config:
    annotations-risk-level: "Critical"
    strict-validate-path-type: "false"
  allowSnippetAnnotations: true
  admissionWebhooks:
    allowSnippetAnnotations: true
diff --git a/install.sh b/install.sh
 # The trick is to follow the cri-o docs, instead of starting with docker installed.

 KUBERNETES_VERSION=v1.32
 CRIO_VERSION=v1.32

 # Prepare k8s with cri-o container runtime
 curl -fsSL https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/deb/Release.key |     gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
 echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/deb/ /" |     tee /etc/apt/sources.list.d/kubernetes.list
 curl -fsSL https://download.opensuse.org/repositories/isv:/cri-o:/stable:/$CRIO_VERSION/deb/Release.key |     gpg --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg
 echo "deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://download.opensuse.org/repositories/isv:/cri-o:/stable:/$CRIO_VERSION/deb/ /" |     tee /etc/apt/sources.list.d/cri-o.list
 apt-get update
 apt-get install -y cri-o kubelet kubeadm kubectl
 systemctl start crio.service
 swapoff -a
 modprobe br_netfilter
 echo 'br_netfilter' > /etc/modules-load.d/br_netfilter.conf
 sysctl -w net.ipv4.ip_forward=1

 # Install K9S because it just makes visualizing things nicer
 wget https://github.com/derailed/k9s/releases/download/v0.50.9/k9s_linux_amd64.deb
 dpkg -i k9s_linux_amd64.deb

 # Init cluster
 kubeadm init --pod-network-cidr=10.244.0.0/16 # init with a pod network for your networking plugin
 mkdir -p $HOME/.kube
 cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
 chown $(id -u):$(id -g) $HOME/.kube/config

 # Since we run singlenode, allow having pods on the master node
 kubectl taint nodes --all node-role.kubernetes.io/control-plane-
 kubectl label nodes --all node.kubernetes.io/exclude-from-external-load-balancers-

 # Install a networking plugin
 kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml

 # Install Helm
 curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

 # Install Helm-Diff
 helm plugin install https://github.com/databus23/helm-diff

 # Install Helmfile
 wget https://github.com/helmfile/helmfile/releases/download/v1.1.3/helmfile_1.1.3_linux_amd64.tar.gz
 tar -zxvf helmfile_1.1.3_linux_amd64.tar.gz
 mv helmfile /usr/local/bin

 # Install local path provisioner for persistent storage
 kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/v0.0.32/deploy/local-path-storage.yaml

 # Some pods dont get the local path storage class by default, so make it
 kubectl patch storageclass local-path \
  -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
  
 #  kubectl patch pvc data-ums-provisioning-udm-listener-0 \
 #  -n opendesk \
 #  -p '{"spec": {"storageClassName": "local-path"}}'

 # Install Nginx Ingress controller
 helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
 helm repo update
 helm install quickstart ingress-nginx/ingress-nginx

 # Configure nginx ingress
 helm upgrade quickstart ingress-nginx/ingress-nginx -f ingress-nginx.values.yaml

 # Create Letsencrypt issuer
 kubectl create --edit -f https://raw.githubusercontent.com/cert-manager/website/master/content/docs/tutorials/acme/example/production-issuer.yaml

 # Create Letsencrypt ClusterIssuer
 kubectl create --edit -f https://raw.githubusercontent.com/cert-manager/website/master/content/docs/tutorials/acme/example/production-issuer.yaml

 # Install MetalLB
 kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.15.2/config/manifests/metallb-native.yam

 # Setup MetalLB
 kubectl appply -f pool.yml

 # Download opendesk
 wget https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/archive/v1.6.0/opendesk-v1.6.0.zip
 apt -y install wget
 unzip opendesk-v1.6.0.zip
 cd opendesk-v1.6.0/

 # Configure 
 export MASTER_PASSWORD="your_individual_master_password123"
 nano helmfile/environments/dev/values.yaml.gotmpl

 # Deploy
 helmfile apply -e dev -n default

diff --git a/pool.yml b/pool.yml
 apiVersion: metallb.io/v1beta1
 kind: IPAddressPool
 metadata:
  name: first-pool
  namespace: metallb-system
 spec:
  addresses:
  - 1.1.1.166-1.1.1.168
  - 1.1.1.154-1.1.1.156
diff --git a/values.yaml.gotmpl b/values.yaml.gotmpl
 global:
  domain: "your-master-domain.xyz"

 cluster:
  container:
    engine: "cri-o"
  networking:
    cidr:
      - "10.244.0.0/16"

 persistence:
  storageClassNames:
    RWO: "local-path"

 certificate:
  issuerRef:
    name: "letsencrypt-prod"
	controller:
	hostPort:
	enabled: true
	service:
	type: "ClusterIP"
	config:
	annotations-risk-level: "Critical"
	strict-validate-path-type: "false"
	allowSnippetAnnotations: true
	admissionWebhooks:
	allowSnippetAnnotations: true
	# The trick is to follow the cri-o docs, instead of starting with docker installed.

	KUBERNETES_VERSION=v1.32
	CRIO_VERSION=v1.32

	# Prepare k8s with cri-o container runtime
	curl -fsSL https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/deb/Release.key \| gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
	echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/$KUBERNETES_VERSION/deb/ /" \| tee /etc/apt/sources.list.d/kubernetes.list
	curl -fsSL https://download.opensuse.org/repositories/isv:/cri-o:/stable:/$CRIO_VERSION/deb/Release.key \| gpg --dearmor -o /etc/apt/keyrings/cri-o-apt-keyring.gpg
	echo "deb [signed-by=/etc/apt/keyrings/cri-o-apt-keyring.gpg] https://download.opensuse.org/repositories/isv:/cri-o:/stable:/$CRIO_VERSION/deb/ /" \| tee /etc/apt/sources.list.d/cri-o.list
	apt-get update
	apt-get install -y cri-o kubelet kubeadm kubectl
	systemctl start crio.service
	swapoff -a
	modprobe br_netfilter
	echo 'br_netfilter' > /etc/modules-load.d/br_netfilter.conf
	sysctl -w net.ipv4.ip_forward=1

	# Install K9S because it just makes visualizing things nicer
	wget https://github.com/derailed/k9s/releases/download/v0.50.9/k9s_linux_amd64.deb
	dpkg -i k9s_linux_amd64.deb

	# Init cluster
	kubeadm init --pod-network-cidr=10.244.0.0/16 # init with a pod network for your networking plugin
	mkdir -p $HOME/.kube
	cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
	chown $(id -u):$(id -g) $HOME/.kube/config

	# Since we run singlenode, allow having pods on the master node
	kubectl taint nodes --all node-role.kubernetes.io/control-plane-
	kubectl label nodes --all node.kubernetes.io/exclude-from-external-load-balancers-

	# Install a networking plugin
	kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml

	# Install Helm
	curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 \| bash

	# Install Helm-Diff
	helm plugin install https://github.com/databus23/helm-diff

	# Install Helmfile
	wget https://github.com/helmfile/helmfile/releases/download/v1.1.3/helmfile_1.1.3_linux_amd64.tar.gz
	tar -zxvf helmfile_1.1.3_linux_amd64.tar.gz
	mv helmfile /usr/local/bin

	# Install local path provisioner for persistent storage
	kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/v0.0.32/deploy/local-path-storage.yaml

	# Some pods dont get the local path storage class by default, so make it
	kubectl patch storageclass local-path \
	-p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'

	# kubectl patch pvc data-ums-provisioning-udm-listener-0 \
	# -n opendesk \
	# -p '{"spec": {"storageClassName": "local-path"}}'

	# Install Nginx Ingress controller
	helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
	helm repo update
	helm install quickstart ingress-nginx/ingress-nginx

	# Configure nginx ingress
	helm upgrade quickstart ingress-nginx/ingress-nginx -f ingress-nginx.values.yaml

	# Create Letsencrypt issuer
	kubectl create --edit -f https://raw.githubusercontent.com/cert-manager/website/master/content/docs/tutorials/acme/example/production-issuer.yaml

	# Create Letsencrypt ClusterIssuer
	kubectl create --edit -f https://raw.githubusercontent.com/cert-manager/website/master/content/docs/tutorials/acme/example/production-issuer.yaml

	# Install MetalLB
	kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.15.2/config/manifests/metallb-native.yam

	# Setup MetalLB
	kubectl appply -f pool.yml

	# Download opendesk
	wget https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/archive/v1.6.0/opendesk-v1.6.0.zip
	apt -y install wget
	unzip opendesk-v1.6.0.zip
	cd opendesk-v1.6.0/

	# Configure
	export MASTER_PASSWORD="your_individual_master_password123"
	nano helmfile/environments/dev/values.yaml.gotmpl

	# Deploy
	helmfile apply -e dev -n default
	apiVersion: metallb.io/v1beta1
	kind: IPAddressPool
	metadata:
	name: first-pool
	namespace: metallb-system
	spec:
	addresses:
	- 1.1.1.166-1.1.1.168
	- 1.1.1.154-1.1.1.156
	global:
	domain: "your-master-domain.xyz"

	cluster:
	container:
	engine: "cri-o"
	networking:
	cidr:
	- "10.244.0.0/16"

	persistence:
	storageClassNames:
	RWO: "local-path"

	certificate:
	issuerRef:
	name: "letsencrypt-prod"