From d3466cfd7854a8a2e3b9fbb718666b8a87c92313 Mon Sep 17 00:00:00 2001 From: xeruf <27jf@pm.me> Date: Sat, 9 Jul 2022 02:25:01 +0200 Subject: [PATCH] readme: Document all changes and challenges --- README.md | 88 +++++++++++++++++++++++------------------------- basic/install.sh | 4 +-- 2 files changed, 44 insertions(+), 48 deletions(-) diff --git a/README.md b/README.md index c54389c..ceea569 100644 --- a/README.md +++ b/README.md @@ -1,23 +1,46 @@ -# Example repository for customizing a Stackspin cluster +# Stackspin Outwards - Stackspout -Example boilerplate for a custom [flux](https://fluxcd.io/) repository -which can be added to a [Stackspin](https://stackspin.net) cluster. -The main use-case is to add additional applications -which are not integrated into Stackspin (yet). +This repository extends [Stackspin](https://open.greenhost.net/stackspin/stackspin) +with extra applications and overrides +to make it more commercially/professionally interesting. +Once stabilized, the aim is to contribute as much upstream as possible. -For a more advanced example -see the [flux2-kustomize-helm-example](https://github.com/fluxcd/flux2-kustomize-helm-example) -repository. -This repo's directory structure is similar to the `flux2-kustomize-helm-example` -one. +Stackspout is used in day-to-day business +with a 2-digit user number, +so all experiments happen carefully. -## Basic configuration +## Customizations -We'll start with a very basic configuration: +### Overrides +- Adds many Nextcloud extensions and some configuration +- Add Email Auth back to Zulip -* It uses a public git repo -* No secrets are included -* No forking/modifications needed, install as it is +### New Applications +> subdomain: Service (helmrepo, if not provided by the service authors) +#### Stable including Single-Sign-On +- dev: Gitea +- do: Vikunja (k8s-at-home) +#### In Development +- people: SuiteCRM (bitnami repo) +- time: Kimai (robjuz repo) +#### Planned +- meet: Jitsi Meet +- wiki: Wiki (maybe wikijs, but I'd like something that integrated with Nextcloud and Markdown/Orgdown) +#### Ideas +- link: URL Shortener +- Bonfire + +### Issues to tackle +#### Structurally +- generate_secrets.py was copied from Stackpin +- all apps except gitea lack pvcs +#### Functionally +- Nextcloud too slow - add Redis +- Preconfigure user settings in Nextcloud, Vikunja and more + +## Installation + +> Warning: Lots of experiments happening here! Apply it to your cluster: @@ -25,40 +48,13 @@ Apply it to your cluster: basic/install.sh ``` -List the resource created by this flux repo: +List the resource related to this repo: ```sh -kubectl -n stackspout get gitrepositories -kubectl -n stackspout get kustomizations +kubectl get gitrepositories -A +kubectl get kustomization -A -o=jsonpath='{.items[?(@.spec.sourceRef.name=="stackspout")].metadata.name}' kubectl -n stackspout get helmreleases kubectl -n stackspout get pods ``` -## Customizations - -- Nextcloud apps overrides -- Gitea installed - -## What's next ? - -There are two ways of using a custom flux repo to host your custom config/apps -on a Stackspin cluster. - -### A) Manage secrets manually - -This approach is easier to start with, -because you don't need to configure your cluster to handle encrypted secrets -and access to a private git repository. - -* Fork this repository into a public git repo, cloneable via `https://` - -### Everything in version control, including secrets - -* Fork this repository into a private git repo, cloneable via `ssh://` -* [Configure flux to use ssh instead of https for cloning](https://fluxcd.io/docs/components/source/gitrepositories/#ssh-authentication) -* You shouln't rely solely on transport encryption for your git repository - but rather end-to-end encrypt your secrets. - Different methods are available for flux: - * [Sops](https://fluxcd.io/docs/guides/mozilla-sops/) - [Sops section in flux2-kustomize-helm-example](https://github.com/fluxcd/flux2-kustomize-helm-example#encrypt-kubernetes-secrets) - * [Sealed Secrets](https://fluxcd.io/docs/guides/sealed-secrets/) +But there are also ConfigMaps, Secrets, StatefulSets, PVCs, Helmrepos and all that stuff... diff --git a/basic/install.sh b/basic/install.sh index c9744f5..e9a96a2 100755 --- a/basic/install.sh +++ b/basic/install.sh @@ -15,6 +15,6 @@ flux create kustomization stackspout \ --prune=true \ --interval=30m -python $STACKSPIN/install/generate_secrets.py vikunja -python $STACKSPIN/install/generate_secrets.py gitea +python $(dirname "$0")/../generate_secrets.py vikunja +python $(dirname "$0")/../generate_secrets.py gitea python $(dirname "$0")/../generate_secrets.py suitecrm