init

2026-02-19 11:34:13 +00:00
commit f243f440c3
191 changed files with 6183 additions and 0 deletions
--- a/ansible/roles/k8s/readme/install-netbird.md
+++ b/ansible/roles/k8s/readme/install-netbird.md
@@ -0,0 +1,288 @@
+```bash
+helm repo add jaconi https://charts.jaconi.io
+helm repo update
+```
+
+```bash
+fullnameOverride: "netbird"
+
+config:
+  database:
+    DB_TYPE: postgres
+    HOST: postgres-postgresql.postgres.svc.cluster.local
+    PORT: 5432
+    NAME: netbird
+    USER: netbird_user
+    PASSWD: password
+
+relay:
+  enabled: true
+  config:
+    NB_EXPOSED_ADDRESS: "netbird-relay.netbird.svc.cluster.local:33080"
+
+signal:
+  enabled: true
+
+management:
+  enabled: true
+  config:
+    NETBIRD_SIGNAL_URI: "netbird-signal.netbird.svc.cluster.local:10000"
+    NETBIRD_SIGNAL_PROTOCOL: "https"
+    NETBIRD_RELAY_DOMAIN: "netbird-relay.netbird.svc.cluster.local"
+    NETBIRD_RELAY_PORT: "33080"
+    NETBIRD_STUN_URI: "stun:netbird-signal.netbird.svc.cluster.local:3478"
+    NETBIRD_TURN_URI: "turn:netbird-signal.netbird.svc.cluster.local:3478"
+
+dashboard:
+  enabled: true
+  service:
+    type: ClusterIP
+  ingress:
+    enabled: false
+```
+
+```bash
+openssl rand -hex 32 
+
+kubectl create secret generic netbird-relay-secret \
+  -n netbird \
+  --from-literal=netbird-relay-secret-key="8626c1ed1c8cfcb13df6c65819042771a2bf7a280c16f0ba54abea8cde7b560d"
+
+```
+
+```bash
+helm install netbird jaconi/netbird \
+  -n netbird \
+  --create-namespace \
+  -f netbird-values.yaml
+
+or 
+
+helm upgrade netbird jaconi/netbird \
+  -n netbird \
+  -f netbird-values.yaml
+```
+
+```bash
+kubectl -n netbird get pods
+kubectl -n netbird get svc
+kubectl -n netbird get ingress
+```
+
+<!-- dashboard -->
+```bash
+vim netbird-dashboard-deployment.yaml
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netbird-dashboard
+  namespace: netbird
+  labels:
+    app: netbird-dashboard
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: netbird-dashboard
+  template:
+    metadata:
+      labels:
+        app: netbird-dashboard
+    spec:
+      containers:
+        - name: dashboard
+          image: netbirdio/dashboard:0.45.1
+          ports:
+            - containerPort: 80
+          env:
+            - name: NB_MANAGEMENT_API_ENDPOINT
+              value: "http://netbird.local:30830"
+```
+
+```bash
+vim netbird-dashboard-service.yaml
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: netbird-dashboard
+  namespace: netbird
+spec:
+  selector:
+    app: netbird-dashboard
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+  type: ClusterIP
+```
+
+```bash
+vim netbird-dashboard-ingress.yaml
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: netbird-dashboard
+  namespace: netbird
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: netbird.local
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: netbird-dashboard
+                port:
+                  number: 80
+
+
+```
+
+```bash
+kubectl apply -f netbird-dashboard-deployment.yaml
+kubectl apply -f netbird-dashboard-service.yaml
+kubectl apply -f netbird-dashboard-ingress.yaml
+```
+
+```bash
+C:\Windows\System32\drivers\etc\hosts
+```
+
+# k8s
+
+```bash
+vim netbird-application.yaml 
+
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: netbird                    # как будет называться приложение в ArgoCD
+  namespace: argocd                # namespace, где установлен ArgoCD
+spec:
+  project: default
+
+  source:
+    repoURL: https://charts.jaconi.io   # тот самый helm repo
+    chart: netbird                      # имя чарта
+    targetRevision: "*"                 # можно зафиксировать версию, пока пусть будет любая
+    helm:
+      releaseName: netbird              # как будто ты делал "helm install netbird ..."
+      values: |-
+        fullnameOverride: "netbird"
+
+        config:
+          database:
+            DB_TYPE: postgres
+            HOST: postgres-postgresql.postgres.svc.cluster.local
+            PORT: 5432
+            NAME: netbird
+            USER: netbird_user
+            PASSWD: password
+
+        relay:
+          enabled: true
+          config:
+            NB_EXPOSED_ADDRESS: "netbird-relay.netbird.svc.cluster.local:33080"
+
+        signal:
+          enabled: true
+
+        management:
+          enabled: true
+          config:
+            NETBIRD_SIGNAL_URI: "netbird-signal.netbird.svc.cluster.local:10000"
+            NETBIRD_SIGNAL_PROTOCOL: "https"
+            NETBIRD_RELAY_DOMAIN: "netbird-relay.netbird.svc.cluster.local"
+            NETBIRD_RELAY_PORT: "33080"
+            NETBIRD_STUN_URI: "stun:netbird-signal.netbird.svc.cluster.local:3478"
+            NETBIRD_TURN_URI: "turn:netbird-signal.netbird.svc.cluster.local:3478"
+
+        dashboard:
+          enabled: true
+          service:
+            type: ClusterIP
+          ingress:
+            enabled: true
+            className: nginx
+            hosts:
+              - host: netbird.local
+                paths:
+                  - path: /
+                    pathType: Prefix
+
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: netbird               # сюда чарты будут ставиться
+
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+
+kubectl apply -f netbird-application.yaml -n argocd
+```
+
+```bash
+kubectl create namespace netbird || true
+
+kubectl create secret generic netbird-relay-secret \
+  -n netbird \
+  --from-literal=netbird-relay-secret-key="8626c1ed1c8cfcb13df6c65819042771a2bf7a280c16f0ba54abea8cde7b560d"
+```
+
+```bash
+helm repo add jaconi https://charts.jaconi.io
+helm repo update
+
+vim netbird-dashboard-values.yaml
+
+image:
+  # Версия образа UI; есть тег v2.22.2 на Docker Hub
+  # см. netbirdio/dashboard:v2.22.2 :contentReference[oaicite:2]{index=2}
+  tag: v2.22.2
+
+auth:
+  # OIDC-провайдер (например, Keycloak)
+  authority: https://keycloak.example.com/realms/homelab
+  audience: netbird
+  clientID: netbird
+  supportedScopes: >
+    openid profile email offline_access netbird-api
+
+netbird:
+  # HTTP API management-сервиса NetBird (тот же, к которому коннектятся клиенты)
+  managementApiEndpoint: https://netbird.example.com
+  # gRPC endpoint того же сервиса
+  managementGrpcApiEndpoint: https://netbird.example.com
+
+ingress:
+  enabled: true
+  className: nginx
+  annotations:
+    # Пример для cert-manager, можно убрать если не используешь
+    cert-manager.io/cluster-issuer: letsencrypt
+  hosts:
+    - host: netbird.example.com
+      paths:
+        - path: /
+          pathType: Prefix
+  tls:
+    - secretName: netbird-tls-certificate
+      hosts:
+        - netbird.example.com
+
+# namespace можно выбрать любой, но обычно используют netbird
+kubectl create namespace netbird --dry-run=client -o yaml | kubectl apply -f -
+
+helm install netbird-dashboard jaconi/netbird-dashboard \
+  --namespace netbird \
+  --values netbird-dashboard-values.yaml
+
+```