feat(infra): k3s foundation — cert-manager, Longhorn config, in-cluster data tier
ci / typecheck (map[dir:apps/website name:website]) (push) Failing after 10m58s
ci / typecheck (map[dir:apps/portal name:portal]) (push) Failing after 11m56s
ci / typecheck (map[dir:apps/booking name:booking]) (push) Failing after 14m0s
ci / typecheck (map[dir:services/platform-api name:platform-api]) (push) Has been cancelled
ci / test (push) Has been cancelled
ci / typecheck (map[dir:apps/website name:website]) (push) Failing after 10m58s
ci / typecheck (map[dir:apps/portal name:portal]) (push) Failing after 11m56s
ci / typecheck (map[dir:apps/booking name:booking]) (push) Failing after 14m0s
ci / typecheck (map[dir:services/platform-api name:platform-api]) (push) Has been cancelled
ci / test (push) Has been cancelled
Adds the production cluster foundation (authored + applied live on node1): - cert-manager via the k3s HelmChart controller + letsencrypt staging/prod ClusterIssuers (HTTP-01 / Traefik). - Longhorn config for single-node (values: replica=1, default StorageClass, Retain) + backup-to-Hetzner-Object-Storage credential template. - In-cluster data tier (dezky-data): Postgres 16 (with Authentik+OCIS DB init), MongoDB 7, Redis 7 as StatefulSets on Longhorn, + secret template. - bootstrap.sh: install open-iscsi/nfs-common + enable iscsid (Longhorn prereq). - RUNBOOK.md: full reproducible node1 build order. Real secrets are generated on-box and kept in Bitwarden — never in git.
This commit is contained in:
Ronni Baslund
@@ -0,0 +1,28 @@
|
||||
# Longhorn backup target credentials → Hetzner Object Storage (S3-compatible).
|
||||
# Template — fill + apply OUT-OF-BAND, never commit real keys. Store the keys
|
||||
# in Bitwarden.
|
||||
#
|
||||
# 1. Create a bucket (e.g. dezky-longhorn) + an S3 key pair in Hetzner Cloud
|
||||
# Console → Object Storage. Note the endpoint, e.g.:
|
||||
# Falkenstein https://fsn1.your-objectstorage.com
|
||||
# Nuremberg https://nbg1.your-objectstorage.com
|
||||
# Helsinki https://hel1.your-objectstorage.com
|
||||
# 2. Fill this and apply:
|
||||
# kubectl apply -f /tmp/longhorn-backup-secret.yaml
|
||||
# 3. Set the backup target (UI: Settings → General, or in values.yaml):
|
||||
# Backup Target: s3://dezky-longhorn@fsn1/
|
||||
# Backup Target Credential: longhorn-backup-secret
|
||||
# (The "@fsn1" region tag is just a label for non-AWS S3; the real endpoint
|
||||
# comes from AWS_ENDPOINTS below.)
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: longhorn-backup-secret
|
||||
namespace: longhorn-system
|
||||
type: Opaque
|
||||
stringData:
|
||||
AWS_ACCESS_KEY_ID: REPLACE_hetzner_s3_access_key
|
||||
AWS_SECRET_ACCESS_KEY: REPLACE_hetzner_s3_secret_key
|
||||
AWS_ENDPOINTS: https://fsn1.your-objectstorage.com
|
||||
# Hetzner Object Storage uses virtual-hosted-style addressing.
|
||||
VIRTUAL_HOSTED_STYLE: "true"
|
||||
Reference in New Issue
Block a user