docs: update README.md
This commit is contained in:
Rob Watson
parent
909f943f41
commit
cb38db609e
71
README.md
71
README.md
|
|
@ -1,14 +1,27 @@
|
||||||
# Netflux on Kubernetes
|
# Netflux on Kubernetes
|
||||||
|
|
||||||
This is a learning project to migrate the self-hosted services that I host at
|
This repo contains Kubernetes manifests for deploying various self-hosted
|
||||||
netflux.io to Kubernetes.
|
services to the `netflux.io` domain.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
This repository contains the Kubernetes manifests, which are built using
|
All of the manifests are built using [Kustomize](https://kustomize.io/). I
|
||||||
Kustomize. Helm chart dependencies are inflated and managed in this repository
|
avoid Helm charts whenever possible, but when they're needed (Prometheus,
|
||||||
to improve observability. The cluster is deployed to DigitalOcean managed K8S
|
Grafana, etc) the charts are inflated into this repository for visibility and
|
||||||
in production, but can be easily applied to a local cluster for testing.
|
auditability.
|
||||||
|
|
||||||
|
The manifests are deployed to a DigitalOcean managed k8s cluster in production,
|
||||||
|
and can be easily applied to a local cluster for testing and development.
|
||||||
|
|
||||||
|
Of course all this would in many ways be simpler with a docker-compose.yml
|
||||||
|
shipped to a virtual host, which is exactly how everything used to be deployed.
|
||||||
|
This project is mostly a fun learning exercise.
|
||||||
|
|
||||||
|
## Git
|
||||||
|
|
||||||
|
The main git repo is hosted at: https://git.netflux.io/rob/netflux-kubernetes
|
||||||
|
|
||||||
|
It is also mirrored on GitHub: https://github.com/rfwatson/netflux-kubernetes
|
||||||
|
|
||||||
## Building
|
## Building
|
||||||
|
|
||||||
|
|
@ -24,6 +37,14 @@ and applied with:
|
||||||
make dev | kubectl apply -f -
|
make dev | kubectl apply -f -
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Linting
|
||||||
|
|
||||||
|
The manifests are linted with [kube-linter](https://docs.kubelinter.io):
|
||||||
|
|
||||||
|
```
|
||||||
|
kube-linter lint .
|
||||||
|
```
|
||||||
|
|
||||||
## Helm charts
|
## Helm charts
|
||||||
|
|
||||||
When required, helm charts can be inflated with:
|
When required, helm charts can be inflated with:
|
||||||
|
|
@ -33,31 +54,31 @@ When required, helm charts can be inflated with:
|
||||||
make inflate name=prometheus chart=prometheus-community/prometheus
|
make inflate name=prometheus chart=prometheus-community/prometheus
|
||||||
```
|
```
|
||||||
|
|
||||||
An optional values file can be provided in `deploy/base/values/prometheus.yaml` (update the helm chart name accordingly).
|
An optional values file can be provided, e.g. `deploy/base/values/prometheus.yaml`.
|
||||||
|
|
||||||
|
## URLs
|
||||||
|
|
||||||
|
URLs to some of the deployed services:
|
||||||
|
|
||||||
|
* [git.netflux.io](https://git.netflux.io)
|
||||||
|
* [tube.netflux.io](https://tube.netflux.io)
|
||||||
|
* [element.netflux.io](https://element.netflux.io)
|
||||||
|
|
||||||
## Cluster setup
|
## Cluster setup
|
||||||
|
|
||||||
### cert-manager
|
### Development
|
||||||
|
|
||||||
cert-manager should only be installed in production. It is not managed inside this repository.
|
To initialize the local PostgreSQL database:
|
||||||
|
|
||||||
See: https://cert-manager.io/docs/installation/helm/
|
|
||||||
|
|
||||||
```
|
```
|
||||||
helm repo add jetstack https://charts.jetstack.io
|
# Ensure PostgreSQL helm chart is installed (only used in development env):
|
||||||
helm repo up
|
cd deploy
|
||||||
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.8.0 --set installCRDs=true
|
make dev | k apply -l app.kubernetes.io/name=postgresql -f -
|
||||||
|
|
||||||
# create issuers
|
kubectl port-forward dev-postgresql-0 5432
|
||||||
kubectl apply -f cert-manager/issuer-staging.yml
|
psql -h localhost -f ../kind/bin/setup-dev-db.sql
|
||||||
kubectl apply -f cert-manager/issuer-production.yml
|
|
||||||
```
|
```
|
||||||
|
|
||||||
This should be sufficient for cert-manager to issue certificates automatically when the
|
### Additional dependencies
|
||||||
`tls.enabled` value is set to `true`.
|
|
||||||
|
|
||||||
### Manual installations
|
- envfilesubst [link](https://git.netflux.io/rob/envfilesubst)
|
||||||
|
|
||||||
The following installations are not defined in this repo.
|
|
||||||
|
|
||||||
- Telepresence [link](https://www.telepresence.io/docs/latest/quick-start/)
|
|
||||||
|
|
|
||||||
|
|
@ -1,31 +1,3 @@
|
||||||
# Secrets
|
# Secrets
|
||||||
|
|
||||||
TODO: find a way to encrypt these secrets at rest on dev machine.
|
This folder contains secrets mostly used by secretGenerators and configMapGenerators.
|
||||||
|
|
||||||
### exporter-password
|
|
||||||
|
|
||||||
The basic auth password required to access node-exporter endpoints. See ansible-vault.
|
|
||||||
|
|
||||||
### grafana-admin-user, grafana-admin-password
|
|
||||||
|
|
||||||
The credentials used to create the Grafana admin user. See 1password.
|
|
||||||
|
|
||||||
### grafana-config.ini
|
|
||||||
|
|
||||||
The grafana.ini configuration file.
|
|
||||||
|
|
||||||
### invidious-database-url, invidious-database-password
|
|
||||||
|
|
||||||
The credentials for the invidious database. See ansible-vault.
|
|
||||||
|
|
||||||
### gitea-admin-username, gitea-admin-email, gitea-admin-password
|
|
||||||
|
|
||||||
The credentials for the Gitea admin user. See 1password.
|
|
||||||
|
|
||||||
### gitea-config.ini
|
|
||||||
|
|
||||||
The full Gitea app.ini file.
|
|
||||||
|
|
||||||
### drone-database-url, drone-rpc-secret, drone-gitea-client-id, drone-gitea-client-secret
|
|
||||||
|
|
||||||
Drone configuration. See ansible-vault for database credentials.
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue