Dustin
92497004be
If there is an issue with the in-cluster database server, accessing the Kubernetes API becomes impossible by normal means. This is because the Kubernetes API uses Authelia for authentication and authorization, and Authelia relies on the in-cluster database server. To solve this chicken-and-egg scenario, I've set up a dedicated PostgreSQL database server on a virtual machine, totally external to the Kubernetes cluster. With this commit, I have changed the Authelia configuration to point at this new database server. The contents of the new database server were restored from a backup from the in-cluster server, so of Authelia's state was migrated automatically. Thus, updating the configuration is all that is necessary to switch to using it. The new server uses certificate-based authentication. In order for Authelia to access it, it needs a certificate issued by the _postgresql-ca_ ClusterIssuer, managed by _cert-manager_. Although the environment variables for pointing to the certificate and private key are not listed explicitly in the Authelia documentation, their names can be inferred from the configuration document schema and work as expected. |
||
|---|---|---|
| argocd | ||
| authelia | ||
| autoscaler | ||
| cert-manager | ||
| collectd | ||
| dch-root-ca | ||
| dch-webhooks | ||
| device-plugins | ||
| docker-distribution | ||
| dynk8s-provisioner | ||
| firefly-iii | ||
| fleetlock | ||
| grafana | ||
| home-assistant | ||
| hudctrl | ||
| ingress | ||
| invoice-ninja | ||
| jenkins | ||
| keyserv | ||
| kitchen | ||
| loki-ca | ||
| metrics | ||
| ntfy | ||
| paperless-ngx | ||
| photoframesvc | ||
| phpipam | ||
| postgresql | ||
| prometheus_speedtest | ||
| promtail | ||
| rent-reminder | ||
| restic-exporter | ||
| scanservjs | ||
| sealed-secrets | ||
| setup | ||
| sshca | ||
| step-ca | ||
| storage | ||
| victoria-metrics | ||
| websites | ||
| xactfetch | ||
| README.md | ||
README.md
Dustin's Kubernetes Cluster
This repository contains resources for deploying and managing my on-premises Kubernetes cluster
Cluster Setup
The cluster primarily consists of libvirt/QEMU+KVM virtual machines. The Control Plane nodes are VMs, as are the x86_64 worker nodes. Eventually, I would like to add Raspberry Pi or Pine64 machines as aarch64 nodes.
All machines run Fedora, using only Fedora builds of the Kubernetes components
(kubeadm, kubectl, and kubeadm).
See Cluster Setup for details.
Jenkins Agents
One of the main use cases for the Kubernetes cluster is to provide dynamic agents for Jenkins. Using the Kubernetes Plugin, Jenkins will automatically launch worker nodes as Kubernetes pods.
See Jenkins Kubernetes Integration for details.
Persistent Storage
Persistent storage for pods is provided by Longhorn. Longhorn runs within the cluster and provisions storage on worker nodes to make available to pods over iSCSI.
See Persistent Storage Using Longorn for details.