forgejo/infrastructure-documentation

mirror of https://code.forgejo.org/infrastructure/documentation synced 2024-11-22 03:21:10 +00:00

Author	SHA1	Message	Date
Earl Warren	31044c9588	move k8s Move to https://code.forgejo.org/infrastructure/k8s-cluster With no change at all.	2024-10-23 17:12:53 +02:00
earl-warren	25a23554a9	Merge pull request 'k8s forgejo instance helpers' (#39 ) from earl-warren/documentation:wip-k8s-forgejo into main Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/39 Reviewed-by: Michael Kriese <michael.kriese@gmx.de>	2024-10-23 14:48:12 +00:00
Earl Warren	5f8969ee0e	@viceice review comments	2024-10-22 18:54:06 +02:00
Earl Warren	92f39f169d	next.forgejo.org: block depending on user agent	2024-10-22 18:13:27 +02:00
Earl Warren	f5861bf000	traefik: apply forgejo-ratelimit once	2024-10-22 18:13:27 +02:00
Earl Warren	e0f3e624bc	move versions to file variable for renovate convenience	2024-10-22 17:09:55 +02:00
Earl Warren	60ddffb514	traefik: switch to manual install and pinning of v3	2024-10-22 17:09:55 +02:00
Earl Warren	0f9b5ff8e2	next.forgejo.org: no more than 10 request per second	2024-10-22 15:26:10 +02:00
Earl Warren	b40fd5bd3c	traefik: bump log to INFO so that it shows which middleware are loaded and how they are interpreted	2024-10-22 12:59:28 +02:00
Earl Warren	6ca6d676d8	traefik: display the user agent in the access logs	2024-10-22 12:59:28 +02:00
Earl Warren	804b76931d	otherwise it will probably be single stack after a complete rebuild	2024-10-22 12:59:28 +02:00
Earl Warren	1f13f6699e	metallb provides just one IP for v6 & v4, not a range	2024-10-22 12:59:28 +02:00
Earl Warren	0ee041fb98	use traefik as a reverse proxy for ssh too It is more uniform. It also allows to set externalTrafficPolicy: Local with the benefit of logging the ip of the incoming connection.	2024-10-22 12:59:28 +02:00
Earl Warren	de28b83d38	pin k3s version & traefik version	2024-10-22 12:59:28 +02:00
Earl Warren	e28e53589a	enable traefik access logs	2024-10-22 12:59:28 +02:00
Earl Warren	8f0057787a	k8s forgejo instance helpers	2024-10-22 12:59:28 +02:00
earl-warren	f84b863480	Merge pull request 'maintenance and disaster recovery for k8s from the TOC' (#38 ) from earl-warren/documentation:wip-k8s-forgejo into main Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/38	2024-10-20 09:52:33 +00:00
Earl Warren	85b658a645	maintenance and disaster recovery for k8s from the TOC	2024-10-20 11:47:52 +02:00
earl-warren	d2fe8a0be5	Merge pull request 'install a Forgejo instance in the k8s cluster' (#37 ) from earl-warren/documentation:wip-k8s-forgejo into main Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/37	2024-10-20 09:38:34 +00:00
Earl Warren	2f652df670	install a Forgejo instance in the k8s cluster	2024-10-20 11:36:57 +02:00
earl-warren	4a54adf37f	Merge pull request 'k8s: reference the scripts and add an intro' (#36 ) from earl-warren/documentation:wip-split into main Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/36	2024-10-20 09:32:39 +00:00
Earl Warren	e75adbbb82	k8s: reference the scripts and add an intro	2024-10-20 11:31:03 +02:00
earl-warren	b1822816e7	Merge pull request 'split the README into separate files for clarity' (#35 ) from earl-warren/documentation:wip-split into main Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/35	2024-10-20 09:27:25 +00:00
Earl Warren	731d2931be	split the README into separate files for clarity	2024-10-20 11:26:15 +02:00
earl-warren	ebb3667a42	Merge pull request 'helpers to prepare a k8s node on Hetzner' (#34 ) from earl-warren/documentation:wip-scripts into main Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/34	2024-10-20 09:02:47 +00:00
Earl Warren	8947b16ce6	helpers to prepare a k8s node on Hetzner	2024-10-20 10:49:17 +02:00
earl-warren	4f90ea7af5	Merge pull request 'allow everything between cluster nodes' (#33 ) from earl-warren/documentation:wip-disaster into main Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/33	2024-10-19 12:05:34 +00:00
Earl Warren	f1d4913ebc	allow everything between cluster nodes The script will set the same firewall on all nodes. Closes infrastructure/documentation#32	2024-10-19 13:57:23 +02:00
earl-warren	c1bef01310	Merge pull request 'add disaster recovery instructions' (#31 ) from earl-warren/documentation:wip-disaster into main Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/31	2024-10-19 10:31:27 +00:00
Earl Warren	2e13b2dbbe	add disaster recovery instructions	2024-10-19 12:29:49 +02:00
Earl Warren	1bb649913c	fine tune installation instructions	2024-10-19 12:28:50 +02:00
earl-warren	2ca85bed21	Merge pull request 'Allocate a dedicated IP to NFS server' (#30 ) from earl-warren/documentation:wip-disaster into main Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/30	2024-10-18 09:21:38 +00:00
Earl Warren	7957c93471	Allocate a dedicated IP to NFS server So that it can be moved around from one machine to another.	2024-10-18 11:20:31 +02:00
earl-warren	20b07cacbd	Merge pull request 'have DRBD be up at boot' (#29 ) from earl-warren/documentation:wip-disaster into main Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/29	2024-10-18 08:57:39 +00:00
Earl Warren	6c6def6da2	have DRBD be up at boot one less manual operation	2024-10-18 10:53:12 +02:00
earl-warren	a8cfb2a1c8	Merge pull request 'hetzner k8s controler is not compatible with server API' (#27 ) from earl-warren/documentation:wip-firewall into main Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/27	2024-10-17 19:08:42 +00:00
Earl Warren	dcadf2fd7f	hetzner k8s controler is not compatible with server API it is for the cloud API only	2024-10-17 21:08:00 +02:00
earl-warren	679177673d	Merge pull request 'k8s firewall' (#26 ) from earl-warren/documentation:wip-firewall into main Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/26	2024-10-17 19:06:36 +00:00
Earl Warren	ab3221ab89	k8s ufw firewall	2024-10-17 20:52:06 +02:00
Earl Warren	d9420f8ac4	k8s: hetzner firewall is not good enough	2024-10-17 20:24:22 +02:00
earl-warren	e732428516	Merge pull request 'use IPv6 local address, not link local' (#25 ) from earl-warren/documentation:wip-ipv6 into main Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/25	2024-10-17 17:05:31 +00:00
Earl Warren	b3cfba4952	use IPv6 local address, not link local https://en.wikipedia.org/wiki/Unique_local_address	2024-10-17 17:15:47 +02:00
earl-warren	016fd14241	Merge pull request 'use and create a NFS backed PVC' (#21 ) from earl-warren/documentation:wip-nfs into main Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/21	2024-10-17 13:00:33 +00:00
Earl Warren	8f0c9c17b9	re-order section for reseting the cluster so that they can be applied in order	2024-10-17 14:55:46 +02:00
Earl Warren	644faf989e	force nfs version 4 It is equivalent to -t nfs4 except there is no way to specify this on mount and it has to be done via options	2024-10-17 14:23:19 +02:00
Earl Warren	3f79d6d365	allow 10.0.0.0/8 in the firewall	2024-10-17 13:36:16 +02:00
Earl Warren	b5f7d949ab	nfs mounts must not be sync This is a 10x performance hit. It is reasonable to mount NFS in async. Just like with locally mounted disk, there is a risk of data loss. But since it honors requests to sync, the application is in control of when it matters. An application (database, git, forgejo even) would have a bad design if, for instance, it returned success on a write operation without issuing a sync.	2024-10-17 13:36:16 +02:00
Earl Warren	40513d541a	nfs: define a root so that nfsv4 is used instead of nfsv3	2024-10-17 13:36:16 +02:00
Earl Warren	f76d6ea2a9	use and create a NFS backed PVC	2024-10-17 13:36:16 +02:00
earl-warren	184f9045d1	Merge pull request 'nginx stream reverse proxy: use default timeout' (#24 ) from earl-warren/documentation:wip-nginx into main Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/24 Reviewed-by: Michael Kriese <michael.kriese@gmx.de>	2024-10-13 12:37:11 +00:00

1 2

71 commits