127 lines
5.1 KiB
Bash
127 lines
5.1 KiB
Bash
#!/bin/bash
|
|
|
|
echo -e " \033[33;2m __ _ _ ___ \033[0m"
|
|
echo -e " \033[33;2m \ \(_)_ __ ___( )__ / _ \__ _ _ __ __ _ __ _ ___ \033[0m"
|
|
echo -e " \033[33;2m \ \ | '_ \` _ \/ __| / /_\/ _\` | '__/ _\` |/ _\` |/ _ \ \033[0m"
|
|
echo -e " \033[33;2m /\_/ / | | | | | \__ \ / /_\\ (_| | | | (_| | (_| | __/ \033[0m"
|
|
echo -e " \033[33;2m \___/|_|_| |_| |_|___/ \____/\__,_|_| \__,_|\__, |\___| \033[0m"
|
|
echo -e " \033[33;2m |___/ \033[0m"
|
|
echo -e " \033[36;2m Traefik, Cert-Manager, and PiHole \033[0m"
|
|
echo -e " \033[32;2m \033[0m"
|
|
echo -e " \033[32;2m https://youtube.com/@jims-garage \033[0m"
|
|
echo -e " \033[32;2m \033[0m"
|
|
|
|
# ENSURE THAT YOU COPY AND AMEND YOUR YAML FILES FIRST!!!
|
|
# THE SCRIPT EXPECTS THE FILES TO BE IN ~/Helm/Traefik/ & ~/Manifest/Crowdsec & ~/Manifest/PiHole etc
|
|
# RUN THIS SCRIPT FROM THE HOME DIRECTORY
|
|
|
|
# Script created from Official Documentation available at: https://cert-manager.io/docs/tutorials/acme/nginx-ingress/
|
|
# and https://github.com/traefik/traefik-helm-chart
|
|
|
|
# Step 0: Clone repository
|
|
DESTINATION=~/Helm/Traefik
|
|
if [ ! -d "`eval echo ${DESTINATION//>}`" ]; then
|
|
sudo apt install unzip -y
|
|
mkdir jimsgarage
|
|
mkdir Helm
|
|
mkdir Manifest
|
|
curl -L -o master.zip https://github.com/JamesTurland/JimsGarage/archive/refs/heads/main.zip
|
|
unzip master.zip -d ~/jimsgarage
|
|
cp -r ~/jimsgarage/JimsGarage-main/Kubernetes/Traefik-PiHole/* ~/
|
|
rm master.zip
|
|
rm -r ~/jimsgarage
|
|
echo -e " \033[32;5mRepo cloned - EDIT FILES!!!\033[0m"
|
|
exit
|
|
else
|
|
echo -e " \033[32;5mRepo already exists, continuing...\033[0m"
|
|
fi
|
|
|
|
# Step 1: Check dependencies
|
|
# Helm
|
|
if ! command -v helm version &> /dev/null
|
|
then
|
|
echo -e " \033[31;5mHelm not found, installing\033[0m"
|
|
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
|
|
chmod 700 get_helm.sh
|
|
./get_helm.sh
|
|
else
|
|
echo -e " \033[32;5mHelm already installed\033[0m"
|
|
fi
|
|
# Kubectl
|
|
if ! command -v kubectl version &> /dev/null
|
|
then
|
|
echo -e " \033[31;5mKubectl not found, installing\033[0m"
|
|
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
|
|
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
|
|
else
|
|
echo -e " \033[32;5mKubectl already installed\033[0m"
|
|
fi
|
|
|
|
# Step 2: Add Helm Repos
|
|
helm repo add traefik https://helm.traefik.io/traefik
|
|
helm repo add emberstack https://emberstack.github.io/helm-charts # required to share certs for CrowdSec
|
|
helm repo add crowdsec https://crowdsecurity.github.io/helm-charts
|
|
helm repo update
|
|
|
|
# Step 3: Create Traefik namespace
|
|
kubectl create namespace traefik
|
|
|
|
# Step 4: Install Traefik
|
|
helm install --namespace=traefik traefik traefik/traefik -f ~/Helm/Traefik/values.yaml
|
|
|
|
# Step 5: Check Traefik deployment
|
|
kubectl get svc -n traefik
|
|
kubectl get pods -n traefik
|
|
|
|
# Step 6: Apply Middleware
|
|
kubectl apply -f ~/Helm/Traefik/default-headers.yaml
|
|
|
|
# Step 7: Create Secret for Traefik Dashboard
|
|
kubectl apply -f ~/Helm/Traefik/Dashboard/secret-dashboard.yaml
|
|
|
|
# Step 8: Apply Middleware
|
|
kubectl apply -f ~/Helm/Traefik/Dashboard/middleware.yaml
|
|
|
|
# Step 9: Apply Ingress to Access Service
|
|
kubectl apply -f ~/Helm/Traefik/Dashboard/ingress.yaml
|
|
|
|
# Step 10: Install Cert-Manager (should already have this with Rancher deployment)
|
|
# Check if we already have it by querying namespace
|
|
namespaceStatus=$(kubectl get ns cert-manager -o json | jq .status.phase -r)
|
|
if [ $namespaceStatus == "Active" ]
|
|
then
|
|
echo -e " \033[32;5mCert-Manager already installed, upgrading with new values.yaml...\033[0m"
|
|
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.1/cert-manager.crds.yaml
|
|
helm upgrade \
|
|
cert-manager \
|
|
jetstack/cert-manager \
|
|
--namespace cert-manager \
|
|
--values ~/Helm/Traefik/Cert-Manager/values.yaml
|
|
else
|
|
echo "Cert-Manager is not present, installing..."
|
|
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.2/cert-manager.crds.yaml
|
|
helm repo add jetstack https://charts.jetstack.io
|
|
helm repo update
|
|
helm install cert-manager jetstack/cert-manager \
|
|
--namespace cert-manager \
|
|
--create-namespace \
|
|
--version v1.13.2
|
|
fi
|
|
|
|
# Step 11: Apply secret for certificate (Cloudflare)
|
|
kubectl apply -f ~/Helm/Traefik/Cert-Manager/Issuers/secret-cf-token.yaml
|
|
|
|
# Step 12: Apply production certificate issuer (technically you should use the staging to test as per documentation)
|
|
kubectl apply -f ~/Helm/Traefik/Cert-Manager/Issuers/letsencrypt-production.yaml
|
|
|
|
# Step 13: Apply production certificate
|
|
kubectl apply -f ~/Helm/Traefik/Cert-Manager/Certificates/Production/jimsgarage-production.yaml
|
|
|
|
# Step 14: Create PiHole namespace
|
|
kubectl create namespace pihole
|
|
|
|
# Step 15: Deploy PiHole
|
|
kubectl apply -f ~/Manifest/PiHole
|
|
|
|
echo -e " \033[32;5mScript finished. Be sure to create PVC for PiHole in Longhorn UI\033[0m"
|