You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Benjamin 3e95caea93
add ref for the ansible project, fix typo
2 years ago
deployments update kustomize mechanism, fix deployment scripts, introduce ability to use a private or public docker registry 2 years ago
.gitignore Initial commit 2 years ago
LICENSE Initial commit 2 years ago add ref for the ansible project, fix typo 2 years ago


this repo will install the services below on top of a running kubernetes cluster from helm templates and kustomize overlays

it glues together helm and kustomize with bash.


  • metallb
  • traefik
  • prometheus
  • grafana
  • kibana
  • elasticsearch
  • filebeat
  • metrics-server
  • kube-state-metrics
  • rook with ceph as persistence
  • minio
  • falco

to be added in the future:

  • istio
  • vault or different password store


getting started

create the namespaces in the cluster

cd deployments


set your own domain, because in all charts it is set to cloud.lab

it takes the domain as the first argument. you can check success with e.g. grafana in the charts dir. it will change from to in the values.yml


i am using a private harbor registry, where i am downloading my docker images to the cluster. If you want to use your own, then change to your liking. If you don't have a private registry just execute the script which will remove the prefix and you will download from the internet again, no extra steps required.


set the dhcp range for the metallb cluster in the file charts/metallb/values.yml on line: 26 and point the A-records or a wildcard to the adresses you specified in your router/firewall.

deploy the cluster services

create rook persistence


create the elasticsearch cluster


create the other deployments from helm template.

the script will create the charts-templated folder and the subdirectories for you


deploy them with


access the services

you can reach the following services via ingress:

  • grafana.your-domain
user: admin
password: password
  • kibana.your-domain
user: elastic
kubectl -n logging get secret elasticsearch-es-elastic-user -o=jsonpath='{.data.elastic}' | base64 --decode
  • minio.your-domain

  • traefik.your-domain

services below are not reachable via ingress and only with port-forwarding

ceph manager dashboard go to https://localhost:8443

kubectl -n rook-ceph port-forward svc/rook-ceph-mgr-dashboard 8443:8443
user: admin
kubectl -n rook-ceph get secret rook-ceph-dashboard-password -o jsonpath="{['data']['password']}" | base64 --decode && echo

prometheus server dashboard go to http://localhost:8080

kubectl -n monitoring port-forward svc/prometheus-server 8080:80


all contributions are welcome