From 72d570731d0f2306f522111c25e11866d107cf1e Mon Sep 17 00:00:00 2001 From: Chris Oloff Date: Wed, 1 Jan 2025 17:35:32 +0200 Subject: [PATCH 1/4] update README --- README.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index d6739bf..1359fa1 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,8 @@ using Docker, with the intention to efficiently deploy to a k3s or k8s cluster u # How to Use +## How to Configure in .github/workflows/main.yaml + ```yaml jobs: deploy_staging: @@ -15,11 +17,20 @@ jobs: with: kust_config: kustomize/overlays/testing env: - K3S_YAML: ${{ secrets.K3S_YAML }} + K3S_YAML: ${{ secrets.K3S_YAML }} # assuming that K3S_YAML is defined in a README, see also below - name: Check output of previous step (kinda dummy) run: echo "The start time was ${{ steps.deploy.outputs.time }}" ``` +## How to Setup K3S_YAML + +We assume you use k3s. Otherwise, use comparable kubectl configuration. + +- Grab k3s.yaml (\`/etc/rancher/k3s/k3s.yaml\`), copy it to /tmp/ and make it readable for you, then copy it from the master node of the k3s cluster: `scp your-node-123.uber5.com:/tmp/k3s.yaml /tmp/` +- Change the `server` entry to use its public DNS name +- Insert `tls-server-name: worker1` underneath the `server` key. The value (`worker1` in this case) needs to be one of the names that are in the cert. If you get it wrong, the error message in the pipeline will tell you. +- encode k3s.yaml with `base64 -i /tmp/k3s.yaml -o /tmp/encoded`, and set it as the value for a secret `K3S_YAML` in gitea for the repository under "Settings > Actions > Secrets" + # Open Questions - We use [kustomize](https://kustomize.io/). Is this overkill? As the complexity of deployments is not that high, usually, this may be more technical complexity than necessary. We could go back to using plain kubernetes manifests, and just have different ones for staging and prod. From c3df0a72d33ed9e40a694f480037cda545f36692 Mon Sep 17 00:00:00 2001 From: Chris Oloff Date: Fri, 20 Feb 2026 18:05:12 +0200 Subject: [PATCH 2/4] add experimental script to create K3S_YAML secrets on forgejo faster --- encode-k3s-yaml.sh | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100755 encode-k3s-yaml.sh diff --git a/encode-k3s-yaml.sh b/encode-k3s-yaml.sh new file mode 100755 index 0000000..e4d0e1f --- /dev/null +++ b/encode-k3s-yaml.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +echo "Provide the public DNS name or IP address of the k3s server:" +read -r server_url + +workdir = $(mktemp -d /tmp/encode-k3s-yaml.XXXXXX) +cd $workdir +echo "Working directory: $workdir" +pwd +cp /etc/rancher/k3s/k3s.yaml ./ + +# update server url +sed -i "s/127.0.0.1/$server_url/g" k3s.yaml + +# append tls-server-name: kubernetes after 'server:' line +sed -i "/server:/a\ \ \ \ tls-server-name: kubernetes" k3s.yaml + +# base64 encode the yaml file +base64 -w 0 -i k3s.yaml > k3s.yaml.b64 + +echo "Base64 encoded k3s.yaml for use as K3S_YAML for deployment scripts:" +cat k3s.yaml.b64 + From 593eb9036958df6a53a411209beabad40aa0df1e Mon Sep 17 00:00:00 2001 From: Chris Oloff Date: Fri, 20 Feb 2026 18:10:01 +0200 Subject: [PATCH 3/4] script to create K3S_YAML secrets, updated --- encode-k3s-yaml.sh | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/encode-k3s-yaml.sh b/encode-k3s-yaml.sh index e4d0e1f..ffbcf79 100755 --- a/encode-k3s-yaml.sh +++ b/encode-k3s-yaml.sh @@ -1,9 +1,24 @@ #!/usr/bin/env bash -echo "Provide the public DNS name or IP address of the k3s server:" -read -r server_url +# Define a function to read from the terminal +read_from_terminal() { + # Check if a tty is available + if [[ -t 0 ]]; then + # Use 'read -p' if standard input is an interactive terminal + read -p "$1" user_input + else + printf "\n" > /dev/tty + # If not interactive (e.g. piped), read from /dev/tty + # The '< /dev/tty' redirects input for 'read' to the terminal device + read -p "$1" user_input < /dev/tty + fi + echo "$user_input" +} + +server_url=$(read_from_terminal "Server URL (public DNS name or IP address for the k3s server): ") + +workdir=$(mktemp -d /tmp/encode-k3s-yaml.XXXXXX) -workdir = $(mktemp -d /tmp/encode-k3s-yaml.XXXXXX) cd $workdir echo "Working directory: $workdir" pwd From a196f63893fba9575d494cfcb9e58e3b8d968a11 Mon Sep 17 00:00:00 2001 From: Chris Oloff Date: Fri, 20 Feb 2026 18:34:55 +0200 Subject: [PATCH 4/4] script to create K3S_YAML secrets, updated (2) --- README.md | 2 ++ encode-k3s-yaml.sh | 2 ++ 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index 1359fa1..b91d78e 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,8 @@ jobs: We assume you use k3s. Otherwise, use comparable kubectl configuration. +Do it all in one command (experimental): `wget -q -O - https://source.c3.uber5.com/uber5-public/gha-deploy-to-k3s/raw/branch/main/encode-k3s-yaml.sh | bash` + - Grab k3s.yaml (\`/etc/rancher/k3s/k3s.yaml\`), copy it to /tmp/ and make it readable for you, then copy it from the master node of the k3s cluster: `scp your-node-123.uber5.com:/tmp/k3s.yaml /tmp/` - Change the `server` entry to use its public DNS name - Insert `tls-server-name: worker1` underneath the `server` key. The value (`worker1` in this case) needs to be one of the names that are in the cert. If you get it wrong, the error message in the pipeline will tell you. diff --git a/encode-k3s-yaml.sh b/encode-k3s-yaml.sh index ffbcf79..b62a312 100755 --- a/encode-k3s-yaml.sh +++ b/encode-k3s-yaml.sh @@ -36,3 +36,5 @@ base64 -w 0 -i k3s.yaml > k3s.yaml.b64 echo "Base64 encoded k3s.yaml for use as K3S_YAML for deployment scripts:" cat k3s.yaml.b64 +# cleanup +rm -rf $workdir