2024-07-30 07:51:34 +00:00
# k-space.ee infrastructure
Kubernetes manifests, Ansible [playbooks ](ansible/README.md ), and documentation for K-SPACE services.
2022-08-16 09:40:54 +00:00
2024-07-30 07:51:34 +00:00
- Repo is deployed with [ArgoCD ](https://argocd.k-space.ee ). For `kubectl` access, see [CLUSTER.md ](CLUSTER.md#kubectl ).
- Debugging Kubernetes [on Wiki ](https://wiki.k-space.ee/en/hosting/debugging-kubernetes )
- Need help? → [`#kube` ](https://k-space-ee.slack.com/archives/C02EYV1NTM2 )
2022-08-16 09:40:54 +00:00
2024-07-30 07:51:34 +00:00
Jump to docs: [inventory-app ](hackerspace/README.md ) / [cameras ](camtiler/README.md ) / [doors ](https://wiki.k-space.ee/en/hosting/doors ) / [list of apps ](https://auth.k-space.ee ) // [all infra ](ansible/inventory.yml ) / [network ](https://wiki.k-space.ee/en/hosting/network/sensitive ) / [retro ](https://wiki.k-space.ee/en/hosting/retro ) / [non-infra ](https://wiki.k-space.ee )
2022-08-16 09:40:54 +00:00
2024-07-30 07:51:34 +00:00
## Supporting services
- Build [Git ](https://git.k-space.ee ) repositories with [Woodpecker ](https://woodpecker.k-space.ee ).
- Passmower: Authz with `kind: OIDCMiddlewareClient` (or `kind: OIDCClient` [^authz]).
- Traefik[^nonginx]: Expose services with `kind: Service` + `kind: Ingress` (TLS and DNS **included** ).
2022-08-16 09:40:54 +00:00
2024-07-30 07:51:34 +00:00
### Additional
- bind: Manage _additional_ DNS records with `kind: DNSEndpoint` .
- [Prometheus ](https://wiki.k-space.ee/en/hosting/monitoring ): Collect metrics with `kind: PodMonitor` (alerts with `kind: PrometheusRule` ).
- [Slack bots ](SLACK.md ) and Kubernetes [CLUSTER.md ](CLUSTER.md ) itself.
2022-08-16 09:40:54 +00:00
2024-07-30 07:51:34 +00:00
[^nonginx]: No nginx annotations! Use `kind: Ingress` instead. `IngressRoute` is not used as it doesn't support [`external-dns` ](bind/README.md ) out of the box.
2024-07-30 09:40:01 +00:00
[^authz]: Applications should use OpenID Connect (`kind: OIDCClient`) for authentication, whereever possible. If not possible, use `kind: OIDCMiddlewareClient` client, which will provide authentication via a Traefik middleware (`traefik.ingress.kubernetes.io/router.middlewares: passmower-proxmox@kubernetescrd`). Sometimes you might use both for extra security.
2022-08-16 09:40:54 +00:00
2024-07-30 07:51:34 +00:00
### Databases / -stores:
- KeyDB: `kind: KeydbClaim` (replaces Redis[^redisdead])
- Dragonfly: `kind: Dragonfly` (replaces Redis[^redisdead])
- Longhorn: `storageClassName: longhorn` (filesystem storage)
- Mongo[^mongoproblems]: `kind: MongoDBCommunity` (NAS* `inventory-mongodb` )
- Minio S3: `kind: MinioBucketClaim` with `class: dedicated` (NAS*: `class: external` )
- MariaDB*: search for `mysql` , `mariadb` [^mariadb] (replaces MySQL)
- Postgres*: hardcoded to [harbor/application.yml ](harbor/application.yml )
2022-08-16 09:40:54 +00:00
2024-07-30 07:51:34 +00:00
\* External, hosted directly on [nas.k-space.ee ](https://wiki.k-space.ee/en/hosting/storage )
2022-08-16 09:40:54 +00:00
2024-07-30 07:51:34 +00:00
[^mariadb]: As of 2024-07-30 used by auth, authelia, bitwarden, etherpad, freescout, git, grafana, nextcloud, wiki, woodpecker
2022-08-16 09:40:54 +00:00
2024-07-30 07:51:34 +00:00
[^redisdead]: Redis has been replaced as redis-operatori couldn't handle itself: didn't reconcile after reboots, master URI was empty, and clients complained about missing masters. ArgoCD still hosts its own Redis.
2022-08-16 09:40:54 +00:00
2024-07-30 07:51:34 +00:00
[^mongoproblems]: Mongo problems: Incompatible with rawfile csi (wiredtiger.wt corrupts), complicated resizing (PVCs from statefulset PVC template).
2022-08-16 09:40:54 +00:00
2024-07-30 07:51:34 +00:00
***
_This page is referenced by wiki [front page ](https://wiki.k-space.ee ) as **the** technical documentation for infra._