readme: Document all changes and challenges
This commit is contained in:
xeruf
parent
6f09c1fe5a
commit
d3466cfd78
88
README.md
88
README.md
|
|
@ -1,23 +1,46 @@
|
||||||
# Example repository for customizing a Stackspin cluster
|
# Stackspin Outwards - Stackspout
|
||||||
|
|
||||||
Example boilerplate for a custom [flux](https://fluxcd.io/) repository
|
This repository extends [Stackspin](https://open.greenhost.net/stackspin/stackspin)
|
||||||
which can be added to a [Stackspin](https://stackspin.net) cluster.
|
with extra applications and overrides
|
||||||
The main use-case is to add additional applications
|
to make it more commercially/professionally interesting.
|
||||||
which are not integrated into Stackspin (yet).
|
Once stabilized, the aim is to contribute as much upstream as possible.
|
||||||
|
|
||||||
For a more advanced example
|
Stackspout is used in day-to-day business
|
||||||
see the [flux2-kustomize-helm-example](https://github.com/fluxcd/flux2-kustomize-helm-example)
|
with a 2-digit user number,
|
||||||
repository.
|
so all experiments happen carefully.
|
||||||
This repo's directory structure is similar to the `flux2-kustomize-helm-example`
|
|
||||||
one.
|
|
||||||
|
|
||||||
## Basic configuration
|
## Customizations
|
||||||
|
|
||||||
We'll start with a very basic configuration:
|
### Overrides
|
||||||
|
- Adds many Nextcloud extensions and some configuration
|
||||||
|
- Add Email Auth back to Zulip
|
||||||
|
|
||||||
* It uses a public git repo
|
### New Applications
|
||||||
* No secrets are included
|
> subdomain: Service (helmrepo, if not provided by the service authors)
|
||||||
* No forking/modifications needed, install as it is
|
#### Stable including Single-Sign-On
|
||||||
|
- dev: Gitea
|
||||||
|
- do: Vikunja (k8s-at-home)
|
||||||
|
#### In Development
|
||||||
|
- people: SuiteCRM (bitnami repo)
|
||||||
|
- time: Kimai (robjuz repo)
|
||||||
|
#### Planned
|
||||||
|
- meet: Jitsi Meet
|
||||||
|
- wiki: Wiki (maybe wikijs, but I'd like something that integrated with Nextcloud and Markdown/Orgdown)
|
||||||
|
#### Ideas
|
||||||
|
- link: URL Shortener
|
||||||
|
- Bonfire
|
||||||
|
|
||||||
|
### Issues to tackle
|
||||||
|
#### Structurally
|
||||||
|
- generate_secrets.py was copied from Stackpin
|
||||||
|
- all apps except gitea lack pvcs
|
||||||
|
#### Functionally
|
||||||
|
- Nextcloud too slow - add Redis
|
||||||
|
- Preconfigure user settings in Nextcloud, Vikunja and more
|
||||||
|
|
||||||
|
## Installation
|
||||||
|
|
||||||
|
> Warning: Lots of experiments happening here!
|
||||||
|
|
||||||
Apply it to your cluster:
|
Apply it to your cluster:
|
||||||
|
|
||||||
|
|
@ -25,40 +48,13 @@ Apply it to your cluster:
|
||||||
basic/install.sh
|
basic/install.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
List the resource created by this flux repo:
|
List the resource related to this repo:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
kubectl -n stackspout get gitrepositories
|
kubectl get gitrepositories -A
|
||||||
kubectl -n stackspout get kustomizations
|
kubectl get kustomization -A -o=jsonpath='{.items[?(@.spec.sourceRef.name=="stackspout")].metadata.name}'
|
||||||
kubectl -n stackspout get helmreleases
|
kubectl -n stackspout get helmreleases
|
||||||
kubectl -n stackspout get pods
|
kubectl -n stackspout get pods
|
||||||
```
|
```
|
||||||
|
|
||||||
## Customizations
|
But there are also ConfigMaps, Secrets, StatefulSets, PVCs, Helmrepos and all that stuff...
|
||||||
|
|
||||||
- Nextcloud apps overrides
|
|
||||||
- Gitea installed
|
|
||||||
|
|
||||||
## What's next ?
|
|
||||||
|
|
||||||
There are two ways of using a custom flux repo to host your custom config/apps
|
|
||||||
on a Stackspin cluster.
|
|
||||||
|
|
||||||
### A) Manage secrets manually
|
|
||||||
|
|
||||||
This approach is easier to start with,
|
|
||||||
because you don't need to configure your cluster to handle encrypted secrets
|
|
||||||
and access to a private git repository.
|
|
||||||
|
|
||||||
* Fork this repository into a public git repo, cloneable via `https://`
|
|
||||||
|
|
||||||
### Everything in version control, including secrets
|
|
||||||
|
|
||||||
* Fork this repository into a private git repo, cloneable via `ssh://`
|
|
||||||
* [Configure flux to use ssh instead of https for cloning](https://fluxcd.io/docs/components/source/gitrepositories/#ssh-authentication)
|
|
||||||
* You shouln't rely solely on transport encryption for your git repository
|
|
||||||
but rather end-to-end encrypt your secrets.
|
|
||||||
Different methods are available for flux:
|
|
||||||
* [Sops](https://fluxcd.io/docs/guides/mozilla-sops/)
|
|
||||||
[Sops section in flux2-kustomize-helm-example](https://github.com/fluxcd/flux2-kustomize-helm-example#encrypt-kubernetes-secrets)
|
|
||||||
* [Sealed Secrets](https://fluxcd.io/docs/guides/sealed-secrets/)
|
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,6 @@ flux create kustomization stackspout \
|
||||||
--prune=true \
|
--prune=true \
|
||||||
--interval=30m
|
--interval=30m
|
||||||
|
|
||||||
python $STACKSPIN/install/generate_secrets.py vikunja
|
python $(dirname "$0")/../generate_secrets.py vikunja
|
||||||
python $STACKSPIN/install/generate_secrets.py gitea
|
python $(dirname "$0")/../generate_secrets.py gitea
|
||||||
python $(dirname "$0")/../generate_secrets.py suitecrm
|
python $(dirname "$0")/../generate_secrets.py suitecrm
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue