k-space/kube
9
1
Fork 3
Code Issues 32 Pull Requests Activity
Kubernetes manifests of services running on k-space.ee domains (mirrored to https://gitlab.com/k-space/kube)
392 Commits 5 Branches 0 Tags 1.8 MiB
Markdown 100%
43c9b3aa93
Go to file
rasmus 43c9b3aa93 argo config drift: woodpecker
2024-08-03 05:35:31 +03:00
ansible doc: Reword backlink warning 2024-08-03 04:27:31 +03:00
argocd signs: deploy with argo 2024-08-03 04:27:31 +03:00
asterisk asterisk: update network policy 2023-10-09 13:45:23 +03:00
bind docs: commit todo items 2024-07-30 11:03:00 +03:00
camtiler doc: Reword backlink warning 2024-08-03 04:27:31 +03:00
cert-manager Upgrade cert-manager 2024-07-28 10:37:34 +03:00
cnpg-system Upgrade CloudNativePG to 1.23.2 2024-07-26 17:35:42 +03:00
dragonfly-operator-system Add DragonflyDB operator 2024-07-26 17:46:45 +03:00
elastic-system attempt to get kibana working 2024-07-28 20:22:08 +03:00
etherpad Upgrade Etherpad 2024-07-27 08:31:56 +03:00
freescout migrate to new passmower 2024-07-27 03:17:24 +03:00
gitea migrate gitea to new passmower 2024-07-27 22:57:01 +03:00
grafana migrate grafana to new passmower and external db 2024-07-27 23:08:29 +03:00
hackerspace argo config drift: doorboy 2024-08-03 04:27:31 +03:00
harbor fix and update harbor install 2024-07-28 20:22:08 +03:00
kube-system kube-system: Remove noisy KubernetesJobSlowCompletion alert 2023-08-28 20:55:28 +03:00
kubernetes-dashboard migrate to new passmower 2024-07-27 03:17:24 +03:00
local-path-storage Initial commit 2022-08-25 11:22:50 +03:00
logging Updates and cleanups 2023-08-29 09:29:36 +03:00
logmower migrate to new passmower 2024-07-27 03:17:24 +03:00
longhorn-system migrate to new passmower 2024-07-27 03:17:24 +03:00
metallb-system Upgrade MetalLB 2024-07-27 08:30:53 +03:00
minio-clusters use gcr mirror for images with full docker.io path 2024-04-28 05:01:02 +03:00
mongodb-operator mongodb: use mirror.gcr.io 2024-02-19 05:24:09 +02:00
monitoring docs: mega refactor 2024-07-30 10:51:34 +03:00
mysql-clusters migrate to new passmower 2024-07-27 03:17:24 +03:00
nextcloud migrate to new passmower 2024-07-27 03:17:24 +03:00
nyancat nyancat: Move to internal IP 2023-05-18 22:54:50 +03:00
oidc-gateway Make login url clickable in emails 2024-07-28 18:42:38 +00:00
openebs add openebs-localpath 2024-07-27 22:57:01 +03:00
opensearch-operator Add OpenSearch operator 2024-07-27 08:42:16 +03:00
passmower fixup auth2 → auth rename 2024-08-03 04:27:20 +03:00
playground playground: Initial commit 2022-10-14 00:14:35 +03:00
postgres-clusters migrate to new passmower 2024-07-27 03:17:24 +03:00
prometheus-operator Update Prometheus operator 2024-07-25 19:17:24 +03:00
redis-clusters use gcr mirror for images with full docker.io path 2024-04-28 05:01:02 +03:00
reloader Initial commit 2022-08-25 11:22:50 +03:00
ripe87 ripe87: add ripe87.k-space.ee website 2023-11-19 16:45:51 +02:00
rosdump rosdump: Easier to navigate commit messages 2023-08-26 08:54:04 +03:00
shared mongoexpress: fix usage 2024-02-22 12:43:20 +02:00
signs Add redirects sign.k-space.ee, members.k-space.ee 2024-08-03 04:27:31 +03:00
tigera-operator Upgrade Calico 2024-07-28 10:38:25 +03:00
traefik migrate to new passmower 2024-07-27 03:17:24 +03:00
whoami-oidc debug 2024-02-12 09:29:00 +02:00
wiki migrate wiki to new passmower 2024-07-27 22:57:01 +03:00
wildduck fixup auth2 → auth rename 2024-08-03 04:27:20 +03:00
woodpecker argo config drift: woodpecker 2024-08-03 05:35:31 +03:00
.drone.yml Initial commit 2022-08-25 11:22:50 +03:00
.gitignore Add Ansible tasks to update authorized SSH keys 2024-07-19 14:08:51 +03:00
ansible.cfg Fix ansible.cfg 2024-07-28 01:42:55 +03:00
cluster-role-bindings.yml Deprecate Authelia 2023-07-28 12:23:29 +03:00
CLUSTER.md docs: mega refactor 2024-07-30 10:51:34 +03:00
CONTRIBUTORS.md chore: add eaas as contributor 2024-07-30 14:15:13 +03:00
known_hosts mv to ansible/ 2024-07-27 23:55:16 +03:00
kube-apiserver.j2 manage kube-apiserver manifest with ansible 2024-07-27 22:57:01 +03:00
LICENSE.md Initial commit 2022-08-25 11:22:50 +03:00
README.md doc: readme tip + todo for argo 'user-facing' doc 2024-08-03 04:27:31 +03:00
SLACK.md docs: Slack bots 2024-07-30 10:32:57 +03:00
storage-class.yaml monitoring: Switch Prometheus to local path provisioner 2023-09-23 11:55:56 +03:00

README.md

k-space.ee infrastructure

Kubernetes manifests, Ansible playbooks, and documentation for K-SPACE services.

Jump to docs: inventory-app / cameras / doors / list of apps // all infra / network / retro / non-infra

Tip: Search the repo for kind: xyz for examples.

Supporting services

  • Build Git repositories with Woodpecker.
  • Passmower: Authz with kind: OIDCClient (or kind: OIDCMiddlewareClient1).
  • Traefik2: Expose services with kind: Service + kind: Ingress (TLS and DNS included).

Additional

  • bind: Manage additional DNS records with kind: DNSEndpoint.
  • Prometheus: Collect metrics with kind: PodMonitor (alerts with kind: PrometheusRule).
  • Slack bots and Kubernetes CLUSTER.md itself.

Databases / -stores:

  • KeyDB: kind: KeydbClaim (replaces Redis3)
  • Dragonfly: kind: Dragonfly (replaces Redis3)
  • Longhorn: storageClassName: longhorn (filesystem storage)
  • Mongo4: kind: MongoDBCommunity (NAS* inventory-mongodb)
  • Minio S3: kind: MinioBucketClaim with class: dedicated (NAS*: class: external)
  • MariaDB*: search for mysql, mariadb5 (replaces MySQL)
  • Postgres*: hardcoded to harbor/application.yml

* External, hosted directly on nas.k-space.ee

This page is referenced by wiki front page as the technical documentation for infra.

  1. Applications should use OpenID Connect (kind: OIDCClient) for authentication, whereever possible. If not possible, use kind: OIDCMiddlewareClient client, which will provide authentication via a Traefik middleware (traefik.ingress.kubernetes.io/router.middlewares: passmower-proxmox@kubernetescrd). Sometimes you might use both for extra security. ↩︎

  2. No nginx annotations! Use kind: Ingress instead. IngressRoute is not used as it doesn't support external-dns out of the box. ↩︎

  3. Redis has been replaced as redis-operatori couldn't handle itself: didn't reconcile after reboots, master URI was empty, and clients complained about missing masters. ArgoCD still hosts its own Redis. ↩︎

  4. Mongo problems: Incompatible with rawfile csi (wiredtiger.wt corrupts), complicated resizing (PVCs from statefulset PVC template). ↩︎

  5. As of 2024-07-30 used by auth, authelia, bitwarden, etherpad, freescout, git, grafana, nextcloud, wiki, woodpecker ↩︎