Useful Tips for Server Management

Setup

1. Copy setup script for server:

scp ./setup.sh root@<ip>:/root/

2. Allow script execution:

chmod +x setup.sh

3. And run:

./setup.sh

About K3s

Just adapt inventory.yml to something like this:

k3s_cluster:
  children:
    server:
      hosts:
        almalinux:
          ansible_host: <ip>
          ansible_user: ansible
          ansible_become: yes
          ansible_become_method: sudo
          ansible_become_user: root
          ansible_ssh_private_key_file: ~/.ssh/id_ansible

  vars:
    k3s_version: v1.31.12+k3s1
    opt_tls_san:
      - <ip>
      - <domain>

And then:

ansible-playbook playbooks/site.yml -i inventory.yml --ask-become-pass

Kubeconfig

1. Obtain read permission for kubeconfig:

mkdir -p ~/.kube
sudo cp /etc/rancher/k3s/k3s.yaml ~/.kube/config
sudo chown $(id -u):$(id -g) ~/.kube/config
chmod 600 ~/.kube/config

2. Add the following to ~/.bashrc:

export KUBECONFIG=$HOME/.kube/config

Helm installation

Simple run the playbook:

ansible-playbook playbooks/helm.yaml --ask-become-pass

Drone CI

1. Add the Drone Helm Chart repository:

kubectl create namespace drone
helm repo add drone https://charts.drone.io
helm repo update

2. Go to GitHub Settings -> Developer Settings -> OAuth Apps -> New OAuth App.

3. In the form, Homepage URL must match the server IP http://drone.<domain> and the callback to the login route http://drone.<domain>/login.

4. Set Drone secrets on the server:

kubectl create secret generic drone-secrets \
  --namespace drone \
  --from-literal=DRONE_RPC_SECRET=$(openssl rand -hex 16) \
  --from-literal=DRONE_CONFIG_SECRET=$(openssl rand -hex 16) \
  --from-literal=DRONE_GITHUB_CLIENT_ID=<drone_client_id> \
  --from-literal=DRONE_GITHUB_CLIENT_SECRET=<drone_client_secret>

Drone Server

5. Download the chart:

helm pull drone/drone --untar

6. Set Drone configurations:

cd drone
cat <<-EOF > ./drone-values.yaml
ingress:
  enabled: true
  hosts:
    - host: drone.<domain>
      paths:
        - path: /
          pathType: ImplementationSpecific

env:
  DRONE_SERVER_HOST: "drone.<domain>"
  DRONE_SERVER_PROTO: "http"

extraSecretNamesForEnvFrom:
  - drone-secrets
EOF

7. Install Drone Server:

helm install drone drone/drone \
  --namespace drone \
  --values drone-values.yaml

8. When necessary to update:

helm upgrade drone drone/drone \
  --namespace drone \
  --values drone-values.yaml

Drone Docker Runner

9. Download the chart:

helm pull drone/drone-runner-docker --untar

10. Set Drone configurations

cd drone-runner-docker
cat <<-EOF > ./drone-values.yaml
env:
  DRONE_RPC_PROTO: "http"
  DRONE_RPC_HOST: "drone.<domain>"
  DRONE_RUNNER_NAME: "docker-runner"

extraSecretNamesForEnvFrom:
  - drone-secrets
EOF

11. Install Drone Docker Runner:

helm install drone-runner-docker drone/drone-runner-docker \
  --namespace drone \
  --values drone-values.yaml

12. When necessary to update:

helm upgrade drone-runner-docker drone/drone-runner-docker \
  --namespace drone \
  --values drone-values.yaml

Drone Configuration Extension

13. Go to GitHub Settings -> Developer Settings -> Personal access tokens -> Tokens (classic) -> Generate new token (classic)

14. Select scopes "repo" and "read:packages".

15. Set Container Registry access secrets:

kubectl create secret docker-registry ghcr-secrets \
  --namespace drone \
  --docker-server=ghcr.io \
  --docker-username=<username> \
  --docker-password=<accessToken>

16. To verify the exposed addresses:

kubectl get ingress -n drone

Troubleshooting

Resolution of external domains on a local network

1. Prevent cloud-init from overwriting network configurations:

sudo vi /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg

network:
  config: disabled

2. Remove localhost from the list of DNS search domains:

sudo vi /etc/resolv.conf

--- /etc/resolv.conf
+++ /etc/resolv.conf
@@ -1,5 +1,4 @@
 ; Created by cloud-init automatically, do not edit.
 ;
-search localhost
 nameserver 1.1.1.1
 nameserver 8.8.4.4

3. Reboot to apply the changes:

$ sudo reboot