# k3sx

Install k3s on given ssh remotes via k3sup and setup additional components for a proper production cluster.

## Prerequesites

To proceed, you need one or more exposed remote Linux hosts, which you can access via public IPv4 and can login to as a privileged user via a private key.

## Setup

### 1. Supply all inputs

#### Set environment variables for SSH

In [None]:
# user name and ssh key for login on your remotes
%env SSH_USER=root
%env SSH_KEY=~/.ssh/id_rsa

#### Create txt files and fill them with the IPv4 addresses of your remotes

One IP per line

In [None]:
%%bash

touch ./server-ips.txt
touch ./agent-ips.txt

if command -v code &> /dev/null
then 
    code ./server-ips.txt
    code ./agent-ips.txt
fi

#### Copy values.yaml template to root and fill in all parameters

In [None]:
%%bash

if [ ! -f ./values.yaml ]; 
then
    cp ./chart/values.yaml ./values.yaml
fi

if command -v code &> /dev/null
then 
    code ./values.yaml
fi

### 2. Install CLI tools

#### Quick install via Homebrew

Install [brew](https://brew.sh/) if you don't have it yet: 

```bash 
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
``` 

This requires sudo and must be done outside of this notebook.

In [None]:
%%bash
brew install kubernetes-cli int128/kubelogin/kubelogin helm k3sup fluxcd/tap/flux vcluster cilium-cli

### 3. Setup k3s on all given ssh remotes

In [None]:
%%bash

helm template k3sx ./charts/k3sx --values ./values.yaml --set k3s_setup_run=true --output-dir ./rendered

In [None]:
%%bash

for SERVER in $(cat ./server-ips.txt)
do
    ssh-keygen -f "$HOME/.ssh/known_hosts" -R "$SERVER"
    scp -o StrictHostKeyChecking=no -i $SSH_KEY ./rendered/k3sx/templates/k3s-config.yaml $SSH_USER@$SERVER:~/
    ssh -i $SSH_KEY $SSH_USER@$SERVER "echo 'PubkeyAcceptedKeyTypes=+ssh-rsa' >> /etc/ssh/sshd_config & service sshd restart"
    k3sup install --ip $SERVER --user $SSH_USER --ssh-key $SSH_KEY --k3s-extra-args '--config ~/k3s-config.yaml'
    export JOIN_SERVER=$SERVER
done

In [None]:
%%bash
for AGENT in $(cat ./agent-ips.txt)
do
    ssh-keygen -f "$HOME/.ssh/known_hosts" -R $AGENT
    scp -o StrictHostKeyChecking=no -i $SSH_KEY ./rendered/k3sx/templates/k3s-config.yaml $SSH_USER@$AGENT:~/
    ssh -i $SSH_KEY $SSH_USER@$AGENT "echo 'PubkeyAcceptedKeyTypes=+ssh-rsa' >> /etc/ssh/sshd_config & service sshd restart"
    k3sup join --ip $AGENT --server-ip 49.12.239.191 --user $SSH_USER --ssh-key $SSH_KEY # --k3s-extra-args '--config ~/k3s-config.yaml'
done

In [None]:
%env KUBECONFIG=./kubeconfig

In [None]:
%%bash
kubectl get node -o wide

### 4. [Bootstrap FluxCD](https://fluxcd.io/docs/installation/#bootstrap) 

In [None]:
%%bash
flux install --export | kubectl apply -f- 
# or flux install, if it works

### Install charts one by one

In [None]:
%%bash
kubectl apply -f ./rendered/k3sx/templates/config/repos.yaml

In [None]:
%%bash
kubectl apply -f ./rendered/k3sx/templates/apps/nginx-ingress.yaml

In [None]:
%%bash
kubectl apply -f ./rendered/k3sx/templates/config/admin_rbac.yaml

In [None]:
%%bash
kubectl apply -f ./rendered/k3sx/templates/apps/cert-manager.yaml

In [None]:
%%bash
kubectl apply -f ./rendered/k3sx/templates/apps/dex.yaml

In [None]:
%%bash
kubectl apply -f ./rendered/k3sx/templates/apps/external-dns.yaml

In [None]:
%%bash
kubectl apply -f ./rendered/k3sx/templates/apps/oauth2-proxy.yaml

In [None]:
%%bash
kubectl apply -f ./rendered/k3sx/templates/apps/longhorn.yaml

In [None]:
%%bash
kubectl apply -f ./rendered/k3sx/templates/config/backup-job.yaml

In [None]:
%%bash
kubectl apply -f ./rendered/k3sx/templates/apps/k8s-dashboard.yaml

In [None]:
%%bash
kubectl apply -f ./rendered/k3sx/templates/apps/weave-gitops.yaml

In [None]:
%%bash
flux logs --follow --level=error --all-namespaces

In [None]:
%%bash 
kubectl get pods --all-namespaces -o wide

#### Alternative

If you wish to have the entire cluster be controlled my a single GitOps repo, instead do [`flux bootstrap github`](https://fluxcd.io/docs/installation/#github-and-github-enterprise) for automatically setting up a GitOps repo on GitHub or [`flux bootstrap git`](https://fluxcd.io/docs/installation/#generic-git-server) for using an existing GitOps repo with an arbitrary provider.

### 5. Install the infrastructure chart

**NOTE:** If you chose to setup a GitOps repo for the entire cluster in the previous step, create and commit respective YAML definitions of [GitRepository](https://fluxcd.io/docs/guides/helmreleases/#git-repository) and [HelmRelease](https://fluxcd.io/docs/guides/helmreleases/#define-a-helm-release) resources to your repo instead of using the CLI commands shown below.

#### Create a GitRepository source from this repo

In [None]:
%%bash

flux create source git k3sx \
  --url=https://github.com/lorenzo-w/k3sx \
  --branch=main

#### Create a HelmRelease with values from ./values.yaml

In [None]:
%%bash

flux create hr k3sx \
  --source=GitRepository/k3sx \
  --chart=./chart \
  --values=./values.yaml

### 6. [Change the default StorageClass](https://kubernetes.io/docs/tasks/administer-cluster/change-default-storage-class/) to Longhorn

In [None]:
%%bash

kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"false"}}}'
kubectl patch storageclass longhorn -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'

### 7. Optional: Setup one or more [vclusters](https://www.vcluster.com/docs/getting-started/deployment)

In [None]:
%%bash

kubectl create namespace vcluster-1
vcluster create vcluster-1 -n vcluster-1 --expose