docs: move more of the main readme to mooo-docs and remove now-irrelevant ingress org file
This commit is contained in:
parent
77c6917c69
commit
6d5a47e644
SSH key fingerprint:
SHA256:1LWgQT3QPHIT29plS8jjXc3S1FcE/4oGvsx3Efxs6Uc
2 changed files with 8 additions and 150 deletions
94
README.md
94
README.md
|
|
@ -4,7 +4,7 @@
|
|||
<div align="center">
|
||||
<img src="https://helm.sh/img/helm.svg" align="center" width="144px" height="144px"/>
|
||||
<h3>Minimal and Opinionated Helm Charts</h3>
|
||||
<p><i>... powered by a Norwegian bear 🐻</i></p>
|
||||
<p><i>... powered by a Norwegian whales and bears</i></p>
|
||||
</div>
|
||||
|
||||
<p> </p>
|
||||
|
|
@ -30,7 +30,13 @@ Below you'll find an overview of the charts and an intro to get you started.
|
|||
|
||||
🟢 [Matrix Synapse](charts/matrix-synapse): An end-to-end encrypted, open source (not free) and UX-friendly alternative to Slack, Teams and Mattermost. I currently have simplified and use this. Based on the chart by ananace.
|
||||
|
||||
🟢 [Matrix Synapse](charts/sliding-sync-proxy): A proxy to Matrix servers for the new Element X client.
|
||||
🟢 [Sliding Sync Proxy](charts/sliding-sync-proxy): A proxy to Matrix servers for the new Element X client.
|
||||
|
||||
🟢 [Matrix Authentication Service](charts/matrix-authentication-service): Matrix auth system implementing MSC3861
|
||||
|
||||
🟢 [Maubot](charts/maubot): Matrix bot system.
|
||||
|
||||
🟢 [nfty.sh](charts/nfty-sh): Push notification server for clients and phones.
|
||||
|
||||
🟢 [Dispatch](charts/dispatch): A incident management and coordination system developed by Netflix.
|
||||
|
||||
|
|
@ -38,96 +44,12 @@ Below you'll find an overview of the charts and an intro to get you started.
|
|||
|
||||
🚧 [Attic](charts/attic): Nix Binary Cache server that reduces the time to compile and distribute builds ([intro post](https://discourse.nixos.org/t/introducing-attic-a-self-hostable-nix-binary-cache-server/24343))
|
||||
|
||||
🚧 [Matrix Authentication Service](charts/matrix-authentication-service): Matrix auth system implementing MSC3861
|
||||
|
||||
🚧 [Maubot](charts/maubot): Matrix bot system.
|
||||
|
||||
🚧 [nfty.sh](charts/nfty-sh): Push notification server for clients and phones.
|
||||
|
||||
🚧 [Element Call](charts/element-call): WebRTC server for calls and video using Matrix for signalling. Not functional atm.
|
||||
|
||||
⚠️ [Conduit](charts/conduit): An efficient and self-contained Matrix server using an embedded RocksDB database. Currently I use Synapse instead.
|
||||
|
||||
⚠️ [Netbox](charts/netbox): Modeling and docs for IP address management (IPAM) and datacenter infrastructure management (DCIM). This deploys ok but has a few moving parts.
|
||||
|
||||
### Requirements
|
||||
|
||||
You may need to bring your own:
|
||||
|
||||
- S3 compatible object storage
|
||||
- Block storage
|
||||
- PostgreSQL, such as Cloudnative-PG
|
||||
- Redis-compatible server, such as Dragonfly
|
||||
|
||||
All tests are run on the latest version of Kubernetes and Helm and no consideration is taken to vendor-specific implementations.
|
||||
|
||||
### Principles
|
||||
|
||||
So what makes this repo different from others? It is KISS-Safe of course.
|
||||
|
||||
- Secrets and ingresses are defined external from the chart
|
||||
- Expect that an ingress terminates external connection and TLS
|
||||
- Object storage over block storage when possible
|
||||
- Never rely on vendor-specific components
|
||||
- Prefer open source
|
||||
- No plaintext secrets - be sane
|
||||
- Leaving room for initContainers
|
||||
- Use as few values as possible in values.yaml (making sane choices)
|
||||
- Use external databases and transports
|
||||
- Configure for OIDC when possible
|
||||
- The values file should be possible to read up on in minutes
|
||||
- Only support the current major version of Kubernetes and application
|
||||
- Enable service accounts
|
||||
- Use semver for versioning
|
||||
- Charts should install on a small scale by default
|
||||
- Charts are validated for structure, security and syntax before compilation
|
||||
- Regardless of journey level everyone should be able to read or learn the chart
|
||||
|
||||
Some of these principles are implicit and means you'll have to deploy with e.g. kustomize to get going.
|
||||
|
||||
If you see a chart that does not comply with these principles, please open an issue.
|
||||
|
||||
### 🧑💻 Usage
|
||||
|
||||
#### Exploration
|
||||
|
||||
You can explore this repo by using the following commands if you have the Kubernetes package manager installed:
|
||||
|
||||
```shell
|
||||
# add the package source
|
||||
helm repo add 252 https://charts.253.no
|
||||
# or update the repo
|
||||
helm repo update 252
|
||||
|
||||
# search for a specific chart
|
||||
helm search repo dispatch
|
||||
# or list all available charts
|
||||
helm search repo 252 -l
|
||||
|
||||
# show configuration options
|
||||
helm show values 252/dispatch
|
||||
|
||||
# install a chart
|
||||
helm install dispatch helm-charts/charts/dispatch --namespace=toolbox
|
||||
````
|
||||
|
||||
#### As-code with FluxCD
|
||||
|
||||
First take care to setup the chart:
|
||||
|
||||
```yaml
|
||||
apiVersion: source.toolkit.fluxcd.io/v1beta2
|
||||
kind: HelmRepository
|
||||
metadata:
|
||||
name: 252-charts
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 15m
|
||||
url: https://charts.253.no
|
||||
```
|
||||
|
||||
A reference kustomization directory is shown in [./kustomization-components](./kustomization-components).
|
||||
|
||||
## 🤩 Licenses and Gratitude
|
||||
|
||||
Parts of the repo was inspired by [ananace](https://gitlab.com/ananace/charts) (some parts imported and rewritten).
|
||||
|
|
|
|||
|
|
@ -1,64 +0,0 @@
|
|||
#+TITLE: Ingress
|
||||
#+DATE: 2023-10-20
|
||||
|
||||
The charts maintains the internal networking and you wire the connection to the outside world.
|
||||
I use two ingress classes: Tailscale and nginx, and you can wire a service by adding to kustomization
|
||||
and [[https://fluxcd.io/][flux]] e.g. like the following.
|
||||
|
||||
** Nginx
|
||||
|
||||
To expose publicly via nginx:
|
||||
|
||||
#+BEGIN_SRC yaml
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: matrix-synapse-ingress
|
||||
namespace: messaging
|
||||
annotations:
|
||||
external-dns.alpha.kubernetes.io/target: ingress.${PUBLIC_DOMAIN}
|
||||
spec:
|
||||
ingressClassName: nginx
|
||||
rules:
|
||||
- http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: matrix-synapse
|
||||
port:
|
||||
number: 8008
|
||||
tls:
|
||||
- hosts:
|
||||
- matrix
|
||||
#+END_SRC
|
||||
|
||||
** Tailscale
|
||||
|
||||
To use the [[https://tailscale.com/kb/1236/kubernetes-operator/][Tailscale operator]]:
|
||||
|
||||
#+BEGIN_SRC yaml
|
||||
---
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: hajimari-ingress
|
||||
namespace: home
|
||||
spec:
|
||||
ingressClassName: tailscale
|
||||
rules:
|
||||
- http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: hajimari
|
||||
port:
|
||||
number: 3000
|
||||
tls:
|
||||
- hosts:
|
||||
- apps
|
||||
#+END_SRC
|
||||
Reference in a new issue