k-space/kube
12
1
Fork 3
Code Issues 64 Pull Requests Wiki Activity

rosdump to kustomize

Browse Source
This commit is contained in:
Rasmus Kallas
2026-01-05 01:00:30 +02:00
parent 872e80a5eb
commit 00dced3730
5 changed files with 25 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rosdump/.gitignore vendored
View File

@@ -1,3 +1,3 @@
rosdump rosdump
rosdump.pub rosdump.pub
ssh_known_hosts known_hosts

49
rosdump/README.md
View File

@@ -14,55 +14,32 @@ We also considered [ytti/oxidized](https://github.com/ytti/oxidized),
but it does not export Prometheus metrics either. but it does not export Prometheus metrics either.
# Deployment ## Manually trigger cronjob
```sh
To apply changes run in this directory:
```
kubectl apply -n rosdump -f application.yml
```
To trigger cronjob:
```
kubectl create job -n rosdump --from=cronjob/rosdump-cronjob rosdump-job-oneshot kubectl create job -n rosdump --from=cronjob/rosdump-cronjob rosdump-job-oneshot
``` ```
For alerting: ## Updating SSH secrets
Secrets live and should be applied through secretspace.
```
absent(kube_cronjob_status_last_successful_time{cronjob="rosdump-cronjob"})
```
# Updating SSH public keys
Whenever Mikrotik targets are added/removed or if their SSH keys change,
use following to apply changes:
```
(for j in $(kubectl get cm -n rosdump rosdump-config -o json | jq -r '.data.targets'); do ssh-keyscan -t rsa $j; done) > ssh_known_hosts
kubectl delete -n rosdump configmap rosdump-known-hosts
kubectl create -n rosdump configmap rosdump-known-hosts --from-file=ssh_known_hosts
```
### known_hosts
Make sure strong crypto is enabled on Mikrotik side: Make sure strong crypto is enabled on Mikrotik side:
``` ```
/ip ssh set strong-crypto=yes allow-none-crypto=no /ip ssh set strong-crypto=yes allow-none-crypto=no
``` ```
For when Mikrotik targets are added/removed and their SSH keys change.
```
(for j in $(kubectl get cm -n rosdump rosdump-config -o json | jq -r '.data.targets'); do ssh-keyscan -t rsa $j; done) > known_hosts
```
# Replacing SSH private key # Replacing SSH private key
The private key is used for both Gitea and Mikrotik targets.
This affects access to both Gitea and Mikrotik targets. Generate new key:
Generate new key and inject it to Kubernetes cluster:
``` ```
rm -fv rosdump rm -fv rosdump rosdump.pub
ssh-keygen -P '' -b 2048 -m PEM -t rsa -f rosdump -C rosdump ssh-keygen -P '' -b 2048 -m PEM -t rsa -f rosdump -C rosdump
kubectl delete -n rosdump secret rosdump-secrets
kubectl create -n rosdump secret generic rosdump-secrets --from-file=ssh_identity=rosdump
``` ```
Proceed to replace the public key in Gitea with one from `rosdump.pub` Proceed to replace the public key in Gitea with `rosdump.pub`.

4
rosdump/application.yml → rosdump/application.yaml
View File

@@ -86,8 +86,8 @@ spec:
- configMap: - configMap:
name: rosdump-known-hosts name: rosdump-known-hosts
items: items:
- key: ssh_known_hosts - key: known_hosts
path: ssh_known_hosts path: known_hosts
- configMap: - configMap:
name: rosdump-config name: rosdump-config
--- ---

9
rosdump/kustomization.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: rosdump
resources:
- ./application.yaml
- ./networkpolicy-base.yaml
- ssh://git@git.k-space.ee/secretspace/kube/rosdump

0
rosdump/networkpolicy-base.yml → rosdump/networkpolicy-base.yaml
View File