demiters · July 24, 2020 13:24
diff --git a/microk8s.sh b/microk8s.sh
 #!/bin/bash

 # Installs microk8s and enables addons:
 #   dns, ingress, helm3 (essential)
 #   dashboard (cluster monitoring)
 #   registry (private Docker registry)

 # Installs and configures essential helm charts:
 #   external-dns (automating setting of dns records)
 #   cert-manager (automating issuing of https certificates)

 # Assumes previously set shell aliases: https://gist.github.com/demiters/c322d99db658e37ba30c8f13ba8b434b

 # Insert DigitalOcean personal access token
 DO_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

 # Install microk8s snap
 sudo snap install microk8s --classic --channel=1.18/stable

 # Enable essential addons
 microk8s enable dns dashboard helm3 ingress registry

 # Install and configure external-dns helm chart
 h repo add bitnami https://charts.bitnami.com/bitnami
 h repo update
 cat <<EOF | h install external-dns bitnami/external-dns -f -
 rbac:
  create: true
 provider: digitalocean
 digitalocean:
  apiToken: ${DO_TOKEN}
 interval: "1m"
 policy: sync
 EOF

 # Install cert-manager helm chart
 h repo add jetstack https://charts.jetstack.io
 h repo update
 k create namespace cert-manager
 h install cert-manager jetstack/cert-manager \
  --namespace cert-manager \
  --version v0.15.2 \
  --set installCRDs=true \
  --set ingressShim.defaultIssuerName=letsencrypt-prod \
  --set ingressShim.defaultIssuerKind=ClusterIssuer \
  --set ingressShim.defaultIssuerGroup=cert-manager.io

 # Configure Let's Encrypt cert issuer
 cat <<EOF | k apply -f -
 apiVersion: cert-manager.io/v1alpha2
 kind: ClusterIssuer
 metadata:
  name: letsencrypt-prod
 spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: [email protected]
    privateKeySecretRef:
      name: letsencrypt-prod-secret
    solvers:
    - selector: {}
    - http01:
        ingress:
          class: nginx
 ---
 EOF

 # TODO: Configure private Docker registry
 # TODO: Deploy Ingresses for monitoring services
	#!/bin/bash

	# Installs microk8s and enables addons:
	# dns, ingress, helm3 (essential)
	# dashboard (cluster monitoring)
	# registry (private Docker registry)

	# Installs and configures essential helm charts:
	# external-dns (automating setting of dns records)
	# cert-manager (automating issuing of https certificates)

	# Assumes previously set shell aliases: https://gist.github.com/demiters/c322d99db658e37ba30c8f13ba8b434b

	# Insert DigitalOcean personal access token
	DO_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

	# Install microk8s snap
	sudo snap install microk8s --classic --channel=1.18/stable

	# Enable essential addons
	microk8s enable dns dashboard helm3 ingress registry

	# Install and configure external-dns helm chart
	h repo add bitnami https://charts.bitnami.com/bitnami
	h repo update
	cat <<EOF \| h install external-dns bitnami/external-dns -f -
	rbac:
	create: true
	provider: digitalocean
	digitalocean:
	apiToken: ${DO_TOKEN}
	interval: "1m"
	policy: sync
	EOF

	# Install cert-manager helm chart
	h repo add jetstack https://charts.jetstack.io
	h repo update
	k create namespace cert-manager
	h install cert-manager jetstack/cert-manager \
	--namespace cert-manager \
	--version v0.15.2 \
	--set installCRDs=true \
	--set ingressShim.defaultIssuerName=letsencrypt-prod \
	--set ingressShim.defaultIssuerKind=ClusterIssuer \
	--set ingressShim.defaultIssuerGroup=cert-manager.io

	# Configure Let's Encrypt cert issuer
	cat <<EOF \| k apply -f -
	apiVersion: cert-manager.io/v1alpha2
	kind: ClusterIssuer
	metadata:
	name: letsencrypt-prod
	spec:
	acme:
	server: https://acme-v02.api.letsencrypt.org/directory
	email: [email protected]
	privateKeySecretRef:
	name: letsencrypt-prod-secret
	solvers:
	- selector: {}
	- http01:
	ingress:
	class: nginx
	---
	EOF

	# TODO: Configure private Docker registry
	# TODO: Deploy Ingresses for monitoring services