4.4 KiB
4.4 KiB
Fog
Like the cloud but local.
Required tools
- talosctl (https://www.talos.dev/v1.9/talos-guides/install/talosctl/ )
- kubectl (https://kubernetes.io/docs/tasks/tools/#kubectl )
- helm (https://helm.sh/ )
- helmfile (https://helmfile.readthedocs.io/en/latest/ )
- bitwarded secrets CLI (https://bitwarden.com/help/secrets-manager-cli/ )
Talos Cluster
Hardware
- HP ProDesk 400 G3 (x3)
- Seagate Iron Wolf 2Tb (x2)
- Western Digital Red Pro 2Tb
- Sabrent HDD Docking Station (3x)
- Switch
- Ecoflow River 3 Plus
- Ecoflow River 3
- Router
- Modem
HP ProDesk check list
Using refurbished hardware is an adventure in configuration, make sure some things are standard before starting.
- Secure boot is off
- BIOS password disabled
- Enable restore after power outage
Generate config
bws secret get <talos-secret-id> -o json | jq .value --raw-output > talos/secrets.yaml
talosctl gen config fog https://192.168.1.43:6443 \
--with-secrets talos/secrets.yaml \
--config-patch @talos/machine_patch.yaml \
--config-patch-control-plane @talos/cluster_patch.yaml \
--config-patch-control-plane @talos/remove_node_label_patch.yaml
Add node to talos cluster
talosctl apply-config [--insecure] -n <ips> controlplane.yaml
Update context
talosctl config node 192.168.1.38 192.168.1.43 192.168.1.39
Kubeconfig
talosctl kubeconfig --nodes 192.168.1.43
Applications
metrics
kubectl apply -f https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
Apply and upgrade
check for updates:
bws run 'helmfile deps'
apply changes:
bws run 'helmfile apply'
Extras
Ceph
kubectl label namespace rook-ceph pod-security.kubernetes.io/enforce=privileged
k8up
This requires some CRDs which can be installed via:
kubectl apply -f https://github.com/k8up-io/k8up/releases/download/k8up-4.8.4/k8up-crd.yaml --server-side
Traefik
kubectl create secret generic digitalocean-api-key --from-literal=token=$DIGITAL_OCEAN_API_TOKEN
Postgres
copy secret over to goatchat namespace
kubectl get secrets -n datastore postgres-pguser-synapse -o json | jq 'del(.metadata.resourceVersion,.metadata.uid,.metadata.ownerReferences) | .metadata.creationTimestamp=null,.metadata.namespace="goatchat"' | kubectl apply -f -
synapse
kubectl create secret generic goatchatca-signingkey --from-literal=signing.key=$GOATCHAT_SYNAPSE_SIGNING_KEY
Ghost Blogs
I got tired of fighting the docker container so I manually overrode the config.production.json
which looks like
{
"url": <url>,
"server": {
"port": 2368,
"host": "::"
},
"mail": {
"transport": "SMTP",
"options": {
"host": "smtp.sendgrid.net",
"service": "SendGrid",
"port": 465,
"secure": true,
"tls": {
"requireTLS": true
}
}
},
"logging": {
"transports": [
"file",
"stdout"
]
},
"process": "local",
"paths": {
"contentPath": "/opt/bitnami/ghost/content"
},
"database": {
"client": "mysql",
"connection": {
"host": "mariadb.datastore.svc.cluster.local",
"port": 3306,
"user": <user>,
"password": <password>,
"database": <database>
}
}
}
kngot Create db and user
CREATE DATABASE kgnot_ghost;
grant all privileges on kgnot_ghost.* to kgnot_ghost@'10.%.%.%' identified by '$KGNOT_MYSQL_PASSWORD';
Install app
kubectl create secret generic ghost-kgnot-user-secret --from-literal=ghost-password=$KGNOT_GHOST_USER_PASSWORD
kubectl create secret generic ghost-kgnot-db-secret --from-literal=mysql-password=$KGNOT_MYSQL_PASSWORD
kubectl create secret generic kgnot-smtp-password --from-literal=smtp-password=$KNGOT_SMTP_PASSWORD
53ll Create db and user
CREATE DATABASE 53ll_ghost;
grant all privileges on 53ll_ghost.* to 53ll_ghost@'10.%.%.%' identified by '$GHOST_53LL_MYSQL_PASSWORD';
Install app
kubectl create secret generic ghost-53ll-user-secret --from-literal=ghost-password=$GHOST_53LL_USER_PASSWORD
kubectl create secret generic ghost-53ll-db-secret --from-literal=mysql-password=$GHOST_53LL_MYSQL_PASSWORD
kubectl create secret generic 53ll-smtp-password --from-literal=smtp-password=$GHOST_53LL_SMTP_PASSWORD