Production
Prerequisites
Kubernetes
You must have access to a Kubernetes cluster. I run Proxmox on bare metal, then Ubuntu Server in VMs. The Ubuntu VMs are joined together with k3sup.
Terraform
Terraform is used in production to manage DNS records and the Cloudflare Tunnel. By default it uses the local
terraform backend but you can switch to another (like using Terraform Cloud or remote S3) which is safer.
Cloudflare
Transfer your domain to Cloudflare if you have not already.
Customizing
We are now ready to begin tailoring the cluster configuration to our own.
Domain
Replace all instances of mbund.org
with your domain, and also change the referenced repo. For example, change the following highlighted lines:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
external-dns.alpha.kubernetes.io/target: homelab-tunnel.mbund.org
external-dns.alpha.kubernetes.io/cloudflare-proxied: "true"
hajimari.io/enable: false
hosts:
- host: &host home.mbund.org
It would be best to do a massive Ctrl+F on the repository to replace all instances of mbund.org
with your domain. Then double check that there are no more remaining mbund
s in the repo.
Terraform Variables
Fill in the required variables for Terraform to manage your DNS and Tunnel.
cloudflare_email = "..."
cloudflare_account_id = "..."
cloudflare_api_key = "..." # Global API Key
Bootstrap
KUBECONFIG
Make sure your KUBECONFIG
environment variable is pointed at your correct kubeconfig
file, and that you can run kubectl get node
on the cluster you want.
Run the bootstrap
task, then the terraform
task sequentially with the following command:
The terraform
task will wait for the required namespaces to exist before continuing, so the terminal might be taken up idling for a while.
Even after Terraform has applied, it still might need a few more minutes for services to start up.
Explore
You should start to be able to visit your services. An important place to start is argocd.your.domain
to check on the health of your services.
Troubleshooting
If every service does not deploy immediately you may want to port forward ArgoCD locally. This has a high chance of working since it does not need the whole networking chain working. Visit http://localhost:9000 after exposing ArgoCD.
Also, since Longhorn is never exposed, you may want to take a quick look at it just to make sure everything is okay by port forwarding it to your machine. Visit http://localhost:9001 after exposing Longhorn.
Secrets
Get access to secrets by using some task scripts:
Newlines
Some terminals might show a newline character in the password like nZ6hzMpShZvf5AVS⏎
, but simply ignore it when using the password.