From 6cfa51ae412fb31727b29dec41dd71dc46ca43de Mon Sep 17 00:00:00 2001 From: Tanguy Herbron Date: Sat, 21 Dec 2024 22:51:46 +0100 Subject: [PATCH] docs: Update readme --- README.md | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 67b9b2c..7dddf24 100644 --- a/README.md +++ b/README.md @@ -4,19 +4,19 @@ | Name | Description | Operator | Prometheus integration | | ------------------------------------------------------------------------ | ----------------------------- | -------- | ---------------------- | -| [Traefik](https://doc.traefik.io/traefik/providers/kubernetes-ingress/) | Kubernetes Ingress Controller | No | Configured | +| [Nginx](https://docs.nginx.com/nginx-ingress-controller/) | Kubernetes Ingress Controller | No | Configured | | [Prometheus](https://github.com/prometheus-operator/prometheus-operator) | Metrics scraping | Yes | Configured | | [ArgoCD](https://argo-cd.readthedocs.io/en/stable/) | Declarative GitOps CD | No | Configured | -| [Longhorn](https://longhorn.io/) | Distributed block storage | No | Not configured | +| [Longhorn](https://longhorn.io/) | Distributed block storage | No | Configured | | [MetalLB](https://metallb.universe.tf/) | Vare metal load-balancer | No | Not configured | -| [CloudNativePG](https://cloudnative-pg.io/) | PostgreSQL operator | Yes | Not configured | +| [CloudNativePG](https://cloudnative-pg.io/) | PostgreSQL operator | Yes | Configured | | [SOPS](https://github.com/isindir/sops-secrets-operator) | Secret management | Yes | Not configured | ## Services | Name | Usage | Accessibility | Host | DB type | Additional data | Backup configuration | Loki integration | Prometheus integration | Secret management | Status | Standalone migration | | ----------------------- | ------------------------------------ | ---------------- | ---------- | ---------- | -------------------- | ---------------------- | ---------------- | ---------------------- | ---------------------- | ----------------------------- | --------------------- | -| Traefik | Reverse proxy and load balancer | Public & Private | [All] | - | - | - | Configured | Configured | - | Completed5 | Backbone | +| Nginx | Reverse proxy and load balancer | Public & Private | [Ingresses]| - | - | - | Configured | Configured | - | Completed5 | Backbone | | ArgoCD | Declarative GitOPS CD | Private | [Workers] | - | - | - | Configured | Configured | - | Completed | Backbone | | Vaultwarden | Password manager | Public | [Workers] | PostgreSQL | - | - | Configured | Not available | Configured | Completed | Completed | | Gitea | Version control system | Public | [Workers] | PostgreSQL | User created content | Configured9 | Configured | Configured | Configured | Completed4 | Completed | @@ -43,7 +43,7 @@ | PaperlessNG | PDF viewer and organiser | Public | [Workers] | PostgreSQL | - | - | Not configured | Not configured | - | Research migration into OCIS | Awaiting | \* Configuration panel only available internally
-** Current implementation only support SQLite, making manual backups a necessity
+\*\* Current implementation only support SQLite, making manual backups a necessity
4 Configuration completed, awaiting data migration from Gitlab
5 Missing dashboard configuration
6 Done through volume backup, because not possible otherwise
@@ -81,10 +81,10 @@ longhorn - ~~Move Prometheus connection management to ServiceMonitors instead of ConfigMap~~ - ~~Configure Alertmanager with basic webhook (discord)~~ - ~~Configure Prometheus alerts~~ -- Schedule longhorn S3 backups -- Schedule CloudNativePG S3 backups +- ~~Schedule longhorn S3 backups~~ +- ~~Schedule CloudNativePG S3 backups~~ - ~~Restrict `metrics` endpoint on public services~~ See Gitea repository for example -- Move from NFS to S3 mounts for NAS volumes +- ~~Move from NFS to S3 mounts for NAS volumes~~ - ~~Migrate Vaultwarden to PostgreSQL instead of MariaDB~~ - ~~Deploy PostgresQL cluster using operator for database HA and easy maintenance~~ - To be tested properly - Change host/deployment specific variables to use environment variables (using Kustomize) @@ -93,7 +93,7 @@ longhorn - ~~Setup internal traefik with nodeport as reverse proxy for internal only services~~ Done through double ingress class and LB - ~~Setup DB container sidecars for automated backups to Longhorn volume~~ - ~~Setup secrets configuration through CI/CD variable injection (using Kustomize)~~ Environment modified by SOPS implementation -- Figure out SOPS secret injection for absent namespaces +- ~~Figure out SOPS secret injection for absent namespaces~~ - ~~Explore permission issues when issuing OVH API keys (not working for wildcard and `beta.halia.dev` subdomain)~~ Supposedly done - Setup default users for deployments - ~~Setup log and metric monitoring~~ @@ -103,8 +103,10 @@ longhorn - ~~Move secrets to separate, private Git repository ?~~ Done with SOPS - ~~Configure NFS connection for media library~~ - ~~Research IPv6 configuration for outsider node~~ Impossible in Denmark while using YouSee as an ISP for now (no IPv6 support) -- Write small script for auto installation of the cluster, to split API calls into 2 stages (solves MetalLB API not found error) -- Migrate ingresses to traefik kind instead of k8s kind +- ~~Write small script for auto installation of the cluster, to split API calls into 2 stages (solves MetalLB API not found error)~~ +- ~~Migrate ingresses to traefik kind instead of k8s kind~~ Migrated to Nginx ingress controller +- Implement Redis operator and document all services using Redis +- ~~Implement Kustomization file and bootstrap loading for cloudnativepg s3 secret~~ ## Notes @@ -137,6 +139,10 @@ This ansible script could create one (or more) additional client(s) depending on Cf : https://docs.k3s.io/advanced#auto-deploying-manifests~~ After furhter reflection, it doesn't make sense to have Deluge being part of the cluster. It will be moved to the NAS, as it can run only when the NAS is running. This will also ease the whole VPN configuration. +### Longhorn backup configuration +Backup target : `s3://halis@eu-west-1/longhorn/` +Backup target credential secret : `minio-secrets` + ### Development domains To access a service publicly when developing, the domain name should be _.beta.halia.dev @@ -157,3 +163,10 @@ Inject the AGE key in the cluster to allow the operator to decrypt secrets : ``` kubectl create secret generic age-key --from-file= -n sops ``` + +### Transfer files +`kubectl cp : ` + +## Doing +- Migrate Netbird installation to K8s manifests +- Migrate nodes to Netbird network