ronnibaslund/dezky
1
0
Fork 0
Code Issues 37 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
c6b6f8faeca759c2ecf7fc0018089295600a7440
dezky/infrastructure/production/fleet/longhorn/values.yaml
T
Ronni Baslund 153d7053ca
ci / typecheck (map[dir:apps/website name:website]) (push) Failing after 10m58s
Details
ci / typecheck (map[dir:apps/portal name:portal]) (push) Failing after 11m56s
Details
ci / typecheck (map[dir:apps/booking name:booking]) (push) Failing after 14m0s
Details
ci / typecheck (map[dir:services/platform-api name:platform-api]) (push) Has been cancelled
Details
ci / test (push) Has been cancelled
Details
feat(infra): k3s foundation — cert-manager, Longhorn config, in-cluster data tier 
Adds the production cluster foundation (authored + applied live on node1):
- cert-manager via the k3s HelmChart controller + letsencrypt staging/prod
  ClusterIssuers (HTTP-01 / Traefik).
- Longhorn config for single-node (values: replica=1, default StorageClass,
  Retain) + backup-to-Hetzner-Object-Storage credential template.
- In-cluster data tier (dezky-data): Postgres 16 (with Authentik+OCIS DB init),
  MongoDB 7, Redis 7 as StatefulSets on Longhorn, + secret template.
- bootstrap.sh: install open-iscsi/nfs-common + enable iscsid (Longhorn prereq).
- RUNBOOK.md: full reproducible node1 build order.

Real secrets are generated on-box and kept in Bitwarden — never in git.
2026-06-08 18:39:31 +02:00

43 lines
1.8 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Longhorn Helm values — single-node config for the dezky AX41 (node1).
# You install Longhorn; feed it these values, e.g.:
#
# helm repo add longhorn https://charts.longhorn.io && helm repo update
# helm install longhorn longhorn/longhorn \
# -n longhorn-system --create-namespace \
# --version 1.12.0 -f values.yaml
#
# (Or paste this into Rancher → Apps → Longhorn → Edit YAML.)
#
# Host prereq (added to bootstrap.sh): open-iscsi + a running iscsid + nfs-common
# on EVERY node. Verify: `systemctl is-active iscsid` → active.
defaultSettings:
# Single node → 1 replica. No cross-node redundancy yet (durability is the
# same as local disk, but you gain snapshots + off-box backups). Bump to 23
# once you add nodes and Longhorn will rebalance.
defaultReplicaCount: 1
# Replica data lives here on the AX41 NVMe.
defaultDataPath: /var/lib/longhorn
# Don't pack the disk to 100%.
storageMinimalAvailablePercentage: 15
storageOverProvisioningPercentage: 100
# Tidy up orphaned replicas automatically.
orphanResourceAutoDeletion: "replica-data"
# ── Backups → Hetzner Object Storage (set after creating the bucket+secret;
# see README). Can also be set in the UI under Settings → General. ──
# backupTarget: s3://dezky-longhorn@fsn1/
# backupTargetCredentialSecret: longhorn-backup-secret
persistence:
# Make Longhorn the DEFAULT StorageClass so PVCs land on it automatically.
# ALSO unset local-path's default flag (one default only — see README).
defaultClass: true
defaultClassReplicaCount: 1
# Databases: keep the volume if a PVC is deleted, until you reclaim it by hand.
reclaimPolicy: Retain
# The Longhorn UI is full storage admin — keep its Ingress OFF until you decide
# how to protect it (IP allowlist at Traefik, or behind Authentik forward-auth).
ingress:
enabled: false
Reference in New Issue View Git Blame Copy Permalink