janek
/
stackspout
1
0
Fork 0
Code Issues Pull Requests Releases Activity

readme: Document all changes and challenges

This commit is contained in:
xeruf 2022-07-09 02:25:01 +02:00
parent 6f09c1fe5a
commit d3466cfd78
2 changed files with 44 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
README.md
View File

@ -1,23 +1,46 @@
# Example repository for customizing a Stackspin cluster
# Stackspin Outwards - Stackspout
Example boilerplate for a custom [flux](https://fluxcd.io/) repository
which can be added to a [Stackspin](https://stackspin.net) cluster.
The main use-case is to add additional applications
which are not integrated into Stackspin (yet).
This repository extends [Stackspin](https://open.greenhost.net/stackspin/stackspin)
with extra applications and overrides
to make it more commercially/professionally interesting.
Once stabilized, the aim is to contribute as much upstream as possible.
For a more advanced example
see the [flux2-kustomize-helm-example](https://github.com/fluxcd/flux2-kustomize-helm-example)
repository.
This repo's directory structure is similar to the `flux2-kustomize-helm-example`
one.
Stackspout is used in day-to-day business
with a 2-digit user number,
so all experiments happen carefully.
## Basic configuration
## Customizations
We'll start with a very basic configuration:
### Overrides
- Adds many Nextcloud extensions and some configuration
- Add Email Auth back to Zulip
* It uses a public git repo
* No secrets are included
* No forking/modifications needed, install as it is
### New Applications
> subdomain: Service (helmrepo, if not provided by the service authors)
#### Stable including Single-Sign-On
- dev: Gitea
- do: Vikunja (k8s-at-home)
#### In Development
- people: SuiteCRM (bitnami repo)
- time: Kimai (robjuz repo)
#### Planned
- meet: Jitsi Meet
- wiki: Wiki (maybe wikijs, but I'd like something that integrated with Nextcloud and Markdown/Orgdown)
#### Ideas
- link: URL Shortener
- Bonfire
### Issues to tackle
#### Structurally
- generate_secrets.py was copied from Stackpin
- all apps except gitea lack pvcs
#### Functionally
- Nextcloud too slow - add Redis
- Preconfigure user settings in Nextcloud, Vikunja and more
## Installation
> Warning: Lots of experiments happening here!
Apply it to your cluster:
@ -25,40 +48,13 @@ Apply it to your cluster:
basic/install.sh
```
List the resource created by this flux repo:
List the resource related to this repo:
```sh
kubectl -n stackspout get gitrepositories
kubectl -n stackspout get kustomizations
kubectl get gitrepositories -A
kubectl get kustomization -A -o=jsonpath='{.items[?(@.spec.sourceRef.name=="stackspout")].metadata.name}'
kubectl -n stackspout get helmreleases
kubectl -n stackspout get pods
```
## Customizations
- Nextcloud apps overrides
- Gitea installed
## What's next ?
There are two ways of using a custom flux repo to host your custom config/apps
on a Stackspin cluster.
### A) Manage secrets manually
This approach is easier to start with,
because you don't need to configure your cluster to handle encrypted secrets
and access to a private git repository.
* Fork this repository into a public git repo, cloneable via `https://`
### Everything in version control, including secrets
* Fork this repository into a private git repo, cloneable via `ssh://`
* [Configure flux to use ssh instead of https for cloning](https://fluxcd.io/docs/components/source/gitrepositories/#ssh-authentication)
* You shouln't rely solely on transport encryption for your git repository
but rather end-to-end encrypt your secrets.
Different methods are available for flux:
* [Sops](https://fluxcd.io/docs/guides/mozilla-sops/)
[Sops section in flux2-kustomize-helm-example](https://github.com/fluxcd/flux2-kustomize-helm-example#encrypt-kubernetes-secrets)
* [Sealed Secrets](https://fluxcd.io/docs/guides/sealed-secrets/)
But there are also ConfigMaps, Secrets, StatefulSets, PVCs, Helmrepos and all that stuff...

4
basic/install.sh
View File

@ -15,6 +15,6 @@ flux create kustomization stackspout \
--prune=true \
--interval=30m
python $STACKSPIN/install/generate_secrets.py vikunja
python $STACKSPIN/install/generate_secrets.py gitea
python $(dirname "$0")/../generate_secrets.py vikunja
python $(dirname "$0")/../generate_secrets.py gitea
python $(dirname "$0")/../generate_secrets.py suitecrm