Update docs
This commit is contained in:
parent
34c5db7a41
commit
678c5d4e2a
GPG Key ID:
03B27509E17EFDC8
14
docs/technical/inter-pod-networking.md
Normal file
14
docs/technical/inter-pod-networking.md
Normal file
@ -0,0 +1,14 @@
|
||||
# Interpod networking
|
||||
|
||||
## In the same namespace
|
||||
|
||||
The name of a service from some other node when they are in the same namespace is
|
||||
just the name of the service.
|
||||
|
||||
## Across namespaces
|
||||
|
||||
The name follows the format,
|
||||
|
||||
```
|
||||
<service-name>.<namespace>.svc.cluster.local
|
||||
```
|
||||
@ -8,3 +8,19 @@ of the state of the NFS server.
|
||||
>
|
||||
> Longhorn is really cool, but I hate using it. It causes so many headaches trying
|
||||
> to set it up. Really thankful it exists, but just use an NFS share if you can.
|
||||
|
||||
## Configuration
|
||||
|
||||
So once you have the helm release installed and you have run the ansible
|
||||
script to bootstrap the nodes with a drive that is formatted and mounted
|
||||
(probably to `/media/longhorn`) you need to configure each node to use that.
|
||||
|
||||
First disable all scheduling on all nodes. Delete all volumes (if there are any).
|
||||
Set each default disk to scheduling false and eviction request true. Then delete it.
|
||||
|
||||
Next add a drive with root path at whatever you configured (probably `/media/longhorn`).
|
||||
Just wait, it will take it some time to show the full space. Your goal is
|
||||
to have the same amount of space on all nodes (its like RAID 0 in that way).
|
||||
|
||||
After that turn back on scheduling and you are good to go.
|
||||
|
||||
|
||||
13
docs/technical/pgadmin.md
Normal file
13
docs/technical/pgadmin.md
Normal file
@ -0,0 +1,13 @@
|
||||
# PGAdmin
|
||||
|
||||
PGAdmin is a web based interface for postgresql. I use it to make sure I don't have to
|
||||
have dbeaver or something similar installed to check on the database.
|
||||
|
||||
Install into the `postgresql` namespace. Use the normal helm chart.
|
||||
|
||||
## Default Values
|
||||
|
||||
The chart takes in the password in the environment. Because I am lazy I set a default
|
||||
password in plaintext. Due to this both being an internal facing service only,
|
||||
as well as being able to change it quickly, I have opted to leave it as such.
|
||||
Just go in and change the password after you login.
|
||||
12
docs/technical/postgresql.md
Normal file
12
docs/technical/postgresql.md
Normal file
@ -0,0 +1,12 @@
|
||||
# Postgresql
|
||||
|
||||
Postgresql is the rdbms that I use.
|
||||
|
||||
Use the `postgresql` namespace, and add the helm chart.
|
||||
|
||||
## Custom container image
|
||||
|
||||
One thing that is different from the vanilla install is the use of my custom
|
||||
[postgresql image](https://git.clortox.com/Infrastructure/Gluttony-Cluster-Postgresql).
|
||||
|
||||
It just contains `pgvector`, originally for use with Immich.
|
||||
39
docs/technical/seal-a-secret.md
Normal file
39
docs/technical/seal-a-secret.md
Normal file
@ -0,0 +1,39 @@
|
||||
# Seal a secret
|
||||
|
||||
How to seal a secret with [Sealed Secrets](./sealed-secrets.md).
|
||||
|
||||
## Create generic secret
|
||||
|
||||
First just create the normal secret. Follow something of this format
|
||||
|
||||
```yaml
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: postgresql-default-credentials
|
||||
namespace: postgresql
|
||||
type: Opaque
|
||||
data:
|
||||
password: ""
|
||||
postgres-password: ""
|
||||
username: ""
|
||||
```
|
||||
|
||||
## Seal the secret
|
||||
|
||||
Make sure you have kubseal installed. This is working with kubseal `0.23.0`.
|
||||
|
||||
```bash
|
||||
kubeseal --controller-namespace sealed-secret \
|
||||
--controller-name sealed-secrets \
|
||||
--format yaml < secret.yaml > sealed-secret.yaml
|
||||
```
|
||||
|
||||
## ERROR cannot get sealed secret service
|
||||
|
||||
The `controller-name` and `controller-namespace` paramaters are misleading, they are
|
||||
the name and namespace of the sealed-secrets service. Check the service with,
|
||||
|
||||
```bash
|
||||
kubectl get services -n sealed-secrets
|
||||
```
|
||||
@ -56,3 +56,12 @@ one every 30 days (configurable value).
|
||||
*All secrets* are valid for decrypting secrets in the git repo. If you want it to decrypt
|
||||
older stuff, add the older cert as outlined above.
|
||||
|
||||
## Fetch Current Cert
|
||||
|
||||
To grab the current cert, run
|
||||
|
||||
```bash
|
||||
kubeseal --fetch-cert \
|
||||
--controller-namespace sealed-secrets \
|
||||
--controller-name sealed-secrets-865dc66876-74smf
|
||||
```
|
||||
|
||||
@ -22,13 +22,19 @@ nav:
|
||||
- Technical:
|
||||
- Overview: technical/index.md
|
||||
- Conventions: technical/conventions.md
|
||||
- Infrastructure:
|
||||
- Tier 0 (Infrastructure):
|
||||
- MetalLB: technical/metallb.md
|
||||
- Sealed Secrets: technical/sealed-secrets.md
|
||||
- Nvidia Operator: technical/nvidia.md
|
||||
- Longhorn: technical/longhorn.md
|
||||
- Tier 1 (Dependencies):
|
||||
- Postgresql: technical/postgresql.md
|
||||
- PGAdmin: technical/pgadmin.md
|
||||
#- Tier 2 (User Apps):
|
||||
- Misc:
|
||||
- NFS: technical/nfs-storage.md
|
||||
- Seal-a-secret: technical/seal-a-secret.md
|
||||
- Networking: technical/inter-pod-networking.md
|
||||
|
||||
theme:
|
||||
name: material
|
||||
|
||||
Loading…
Reference in New Issue
Block a user