6.4 KiB
K3s cluster
Name | Usage | Accessibility | Host | DB type | Additional data | Backup configuration | Log management | Status |
---|---|---|---|---|---|---|---|---|
therbron.com | Personal website | Public | Socrates | - | - | - | Not configured | Awaiting configuration |
Traefik | Reverse proxy and load balancer | Public* | Socrates | - | - | - | Not configured | Yes |
Adguard | DNS ad blocker and custom DNS server | Private | Socrates | - | - | - | Not configured | Yes |
Owncloud Infinity Scale | File hosting webUI | Public | Plato | PostgreSQL | Drive files | None | Not configured | Awaiting configuration |
Home assistant | Home automation and monitoring | Private | Pythagoras-a | PostgreSQL | - | None | Not configured | Awaiting configuration |
Vikunja | To-do and Kanban boards | Public | Pythagoras-b | - | - | - | Not configured | Migrate to Gitlab |
Gitlab | Version control system | Public | Pythagoras-b | PostgreSQL | User created content | None | Not configured | Awaiting configuration |
Wiki | Documentation manager | Public | Pythagoras-b | - | - | - | Not configured | Migrate to VuePress and Gitlab |
Vaultwarden | Password manager | Public | Pythagoras-b | PostgreSQL | - | None | Not configured | Awaiting configuration |
Synapse | Matrix server - Message centralizer | Public | Pythagoras-b | PostgreSQL | User medias | None | Not configured | Awaiting configuration |
PaperlessNG | PDF viewer and organiser | Public | Pythagoras-b | PostgreSQL | - | - | Not configured | Research migration into OCIS |
Raspsnir | Bachelor memorial website | Public | Pythagoras-b | PostgreSQL | - | None | Not configured | Awaiting configuration |
Jellyfin | Media streaming | Public | Archimedes | - | - | - | Not configured | Awaiting configuration |
Sonarr | TV shows collection manager | Private | Plato | SQLite** | Internal backups | None | Not configured | Awaiting configuration |
Radarr | Movie collection manager | Private | Plato | SQLite** | Internal backups | None | Not configured | Awaiting configuration |
Jackett | Torrent indexer | Private | Plato | - | ? | None | Not configured | Awaiting configuration |
Deluge | Torrent client | Private | Plato | - | ? | - | Not configured | Awaiting configuration |
Minecraft | Vanilla minecraft server for friends | Public | Archimedes | - | Game map | None | Not configured | Yes |
Satisfactory | Satisfactory server for friends | Public | Archimedes | - | Game map | None | Not configured | Awaiting configuration |
Space engineers | Space engineers server for friends | Public | Archimedes | - | Game map | None | Not configured | Awaiting configuration |
* Configuration panel only available internally
** Current implementation only support SQLite, making manual backups a necessity
Backup management
Databases
All services needing a database to function come with a sidecar pod running a crontab to automate individual database backups. These backups are saved into a longhorn volume, to benefit from general snapshots later one. Each sidecar pod can only mount the backup folder it has been linked with, and cannot see other services' backups.
Additional data
All additional data needing to be backed up is mounted to a longhorn volume, to also benefit from scheduled backups.
Example :
longhorn
└───backups
└───vaultwarden
│ └───<backup_date>.sql
│ │ ...
└───gitlab
└───<backup_date>.sql
│ ...
Completed
- Add TLS certificates for every http applications
TODO
- Change host/deployment specific variables to use environment variables
- Write CI/CD pipeline to create environment loaded files
- Write CI/CD pipeline to deploy cluster
- Setup internal traefik with nodeport as reverse proxy for internal only services
- Setup DB container sidecars for automated backups to Longhorn volume
Look into CockroachDB for redundant databaseJudged too complicated, moving to a 1 to 1 relationship between services and databasesConfigure IP range accessibility through Traefik (Internal vs external services)Impossible because of flannel ip-masq
Notes
Add node to the list of available load balancer
kubectl label node <node-name> svccontroller.k3s.cattle.io/enablelb=true
Install traefik through helm
helm repo add traefik https://helm.traefik.io/traefik
helm repo update
helm install -f helm/traefik/values.yaml traefik traefik/traefik
Install longhorn
kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/master/deploy/longhorn.yaml