Earl Warren
fff8a9c2d8
obsolete the LXC/DRBD/nginx stack
...
It all migrated to k8s
2024-11-26 12:30:42 +00:00
Earl Warren
5abb755a06
add aburayama @ codeberg in the host pool
2024-11-07 14:37:58 +01:00
Earl Warren
e0b2aa4488
hetzner{01,04} are removed from the pool of machines
2024-11-05 17:35:23 +01:00
Earl Warren
31044c9588
move k8s
...
Move to https://code.forgejo.org/infrastructure/k8s-cluster
With no change at all.
2024-10-23 17:12:53 +02:00
Earl Warren
85b658a645
maintenance and disaster recovery for k8s from the TOC
2024-10-20 11:47:52 +02:00
Earl Warren
2f652df670
install a Forgejo instance in the k8s cluster
2024-10-20 11:36:57 +02:00
Earl Warren
731d2931be
split the README into separate files for clarity
2024-10-20 11:26:15 +02:00
Earl Warren
8947b16ce6
helpers to prepare a k8s node on Hetzner
2024-10-20 10:49:17 +02:00
Earl Warren
f1d4913ebc
allow everything between cluster nodes
...
The script will set the same firewall on all nodes.
Closes infrastructure/documentation#32
2024-10-19 13:57:23 +02:00
Earl Warren
2e13b2dbbe
add disaster recovery instructions
2024-10-19 12:29:49 +02:00
Earl Warren
1bb649913c
fine tune installation instructions
2024-10-19 12:28:50 +02:00
Earl Warren
7957c93471
Allocate a dedicated IP to NFS server
...
So that it can be moved around from one machine to another.
2024-10-18 11:20:31 +02:00
Earl Warren
6c6def6da2
have DRBD be up at boot
...
one less manual operation
2024-10-18 10:53:12 +02:00
Earl Warren
dcadf2fd7f
hetzner k8s controler is not compatible with server API
...
it is for the cloud API only
2024-10-17 21:08:00 +02:00
Earl Warren
ab3221ab89
k8s ufw firewall
2024-10-17 20:52:06 +02:00
Earl Warren
d9420f8ac4
k8s: hetzner firewall is not good enough
2024-10-17 20:24:22 +02:00
Earl Warren
b3cfba4952
use IPv6 local address, not link local
...
https://en.wikipedia.org/wiki/Unique_local_address
2024-10-17 17:15:47 +02:00
Earl Warren
8f0c9c17b9
re-order section for reseting the cluster
...
so that they can be applied in order
2024-10-17 14:55:46 +02:00
Earl Warren
644faf989e
force nfs version 4
...
It is equivalent to -t nfs4 except there is no way to specify this
on mount and it has to be done via options
2024-10-17 14:23:19 +02:00
Earl Warren
3f79d6d365
allow 10.0.0.0/8 in the firewall
2024-10-17 13:36:16 +02:00
Earl Warren
b5f7d949ab
nfs mounts must not be sync
...
This is a 10x performance hit.
It is reasonable to mount NFS in async. Just like with locally mounted
disk, there is a risk of data loss. But since it honors requests to
sync, the application is in control of when it matters. An
application (database, git, forgejo even) would have a bad design if,
for instance, it returned success on a write operation without issuing
a sync.
2024-10-17 13:36:16 +02:00
Earl Warren
40513d541a
nfs: define a root so that nfsv4 is used instead of nfsv3
2024-10-17 13:36:16 +02:00
Earl Warren
f76d6ea2a9
use and create a NFS backed PVC
2024-10-17 13:36:16 +02:00
Earl Warren
dfb473fd00
nginx stream reverse proxy: use default timeout
...
3s is too short for connect timeout when the user it manually typing a password
http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_connect_timeout
2024-10-13 14:51:16 +03:00
Earl Warren
f70e35d1e8
k8s: simplify installation instructions
2024-10-06 12:38:53 +02:00
Earl Warren
efedb1db3c
k8s: the ipv6 range for nodes must not conflict with cluster/service
2024-10-06 12:13:57 +02:00
earl-warren
aeda8706d3
Merge pull request 'note on Hetzner firewall' ( #17 ) from earl-warren/documentation:wip-k8s-network into main
...
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/17
2024-10-05 10:25:12 +00:00
earl-warren
bed22adf2b
Merge pull request 'k8s three nodes cluster' ( #19 ) from earl-warren/documentation:wip-k8s-cluster into main
...
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/19
2024-10-05 10:25:00 +00:00
Earl Warren
7ec8e13b84
setup NFS to use the DRBD volume
...
Closes #2
2024-10-05 12:23:22 +02:00
Earl Warren
fb8209f378
k8s three nodes cluster
...
Closes #18
2024-10-05 12:07:33 +02:00
Earl Warren
a503942e6a
note on Hetzner firewall
2024-10-05 12:00:12 +02:00
Earl Warren
e7c40323a2
permanently redirect port 80 to 443
...
Closes #14
2024-10-01 11:12:59 +02:00
Earl Warren
015327b5e3
hetzner{05,06} k8s node & network configuration
2024-09-29 17:52:24 +02:00
Earl Warren
52d46196dd
nginx configuration for rate limiting crawlers
...
Fixes: #8
2024-09-18 15:51:10 +02:00
Earl Warren
5b4570e204
ssh port forwarding via nginx stream for code.forgejo.org
...
Fixes: #6
2024-09-17 08:51:04 +02:00
Earl Warren
f77193590b
add link to the mirror
2024-09-16 16:41:36 +02:00
Earl Warren
bd6143997c
migrate from the Forgejo documentation
2024-09-14 13:47:16 +02:00
earl-warren
a4704558a7
Initial commit
2024-09-14 11:43:39 +00:00