Go to file
2022-09-10 03:44:23 +02:00
.gitlab/agents Add dev-env kubernetes agent 2022-05-27 22:27:30 +02:00
adguard Holyday tmp 2022-06-24 20:43:24 +02:00
dashboard Update kubernetes dashboard to be accessible from localhost, waiting for TLS 2022-05-15 21:43:20 +02:00
helm Holyday tmp 2022-06-24 20:43:24 +02:00
longhorn Holyday tmp 2022-06-24 20:43:24 +02:00
minecraft Add working minecraft configuration 2022-06-06 18:41:15 +02:00
nginx Holyday tmp 2022-06-24 20:43:24 +02:00
ocis Holyday tmp 2022-06-24 20:43:24 +02:00
res Add longhorn storage classes 2022-06-06 18:40:29 +02:00
vaultwarden Add vaultwarden backup strategy 2022-09-10 03:44:23 +02:00
.gitlab-ci.yml Test gitlab integration 2022-05-28 14:05:44 +02:00
README.md Add dev cluster setup documentation 2022-09-10 03:44:07 +02:00

K3s cluster

Name Usage Accessibility Host DB type Additional data Backup configuration Log management Status
therbron.com Personal website Public Socrates - - - Not configured Awaiting configuration
Traefik Reverse proxy and load balancer Public* Socrates - - - Not configured Yes
Adguard DNS ad blocker and custom DNS server Private Socrates - - - Not configured Yes
Owncloud Infinity Scale File hosting webUI Public Plato PostgreSQL Drive files None Not configured Awaiting configuration
Home assistant Home automation and monitoring Private Pythagoras-a PostgreSQL - None Not configured Awaiting configuration
Vikunja To-do and Kanban boards Public Pythagoras-b - - - Not configured Migrate to Gitlab
Gitlab Version control system Public Pythagoras-b PostgreSQL User created content None Not configured Awaiting configuration
Wiki Documentation manager Public Pythagoras-b - - - Not configured Migrate to VuePress and Gitlab
Vaultwarden Password manager Public Pythagoras-b PostgreSQL - None Not configured Awaiting configuration
Synapse Matrix server - Message centralizer Public Pythagoras-b PostgreSQL User medias None Not configured Awaiting configuration
PaperlessNG PDF viewer and organiser Public Pythagoras-b PostgreSQL - - Not configured Research migration into OCIS
Raspsnir Bachelor memorial website Public Pythagoras-b PostgreSQL - None Not configured Awaiting configuration
Jellyfin Media streaming Public Archimedes - - - Not configured Awaiting configuration
Sonarr TV shows collection manager Private Plato SQLite** Internal backups None Not configured Awaiting configuration
Radarr Movie collection manager Private Plato SQLite** Internal backups None Not configured Awaiting configuration
Jackett Torrent indexer Private Plato - ? None Not configured Awaiting configuration
Deluge Torrent client Private Plato - ? - Not configured Awaiting configuration
Minecraft Vanilla minecraft server for friends Public Archimedes - Game map None Not configured Yes
Satisfactory Satisfactory server for friends Public Archimedes - Game map None Not configured Awaiting configuration
Space engineers Space engineers server for friends Public Archimedes - Game map None Not configured Awaiting configuration

* Configuration panel only available internally
** Current implementation only support SQLite, making manual backups a necessity

Backup management

Databases

All services needing a database to function come with a sidecar pod running a crontab to automate individual database backups. These backups are saved into a longhorn volume, to benefit from general snapshots later one. Each sidecar pod can only mount the backup folder it has been linked with, and cannot see other services' backups.

Additional data

All additional data needing to be backed up is mounted to a longhorn volume, to also benefit from scheduled backups.

Example :

longhorn
└───backups
    └───vaultwarden
    │   └───<backup_date>.sql
    │   │   ...
    └───gitlab
        └───<backup_date>.sql
        │   ...

Completed

  • Add TLS certificates for every http applications

TODO

  • Change host/deployment specific variables to use environment variables
  • Write CI/CD pipeline to create environment loaded files
  • Write CI/CD pipeline to deploy cluster
  • Setup internal traefik with nodeport as reverse proxy for internal only services
  • Setup DB container sidecars for automated backups to Longhorn volume
  • Setup secrets configuration through CI/CD variable injection
  • Look into CockroachDB for redundant database Judged too complicated, moving to a 1 to 1 relationship between services and databases
  • Configure IP range accessibility through Traefik (Internal vs external services) Impossible because of flannel ip-masq

Notes

Cluster base setup

Add node to the list of available load balancer kubectl label node <node-name> svccontroller.k3s.cattle.io/enablelb=true

Setup OVH configuration kubectl apply -f ovh-config.yaml

Install traefik through helm

helm repo add traefik https://helm.traefik.io/traefik
helm repo update
helm install -f helm/traefik/values.yaml traefik traefik/traefik

Setup SSL certificates

kubectl apply -f ovh-config.yaml

Install longhorn

kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/master/deploy/longhorn.yaml

Add longhorn storage classes kubectl apply -f res