1
0
Fork 0
mirror of https://code.forgejo.org/infrastructure/documentation synced 2024-12-23 05:13:52 +00:00
Commit graph

46 commits

Author SHA1 Message Date
Earl Warren 8947b16ce6
helpers to prepare a k8s node on Hetzner 2024-10-20 10:49:17 +02:00
earl-warren 4f90ea7af5 Merge pull request 'allow everything between cluster nodes' (#33) from earl-warren/documentation:wip-disaster into main
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/33
2024-10-19 12:05:34 +00:00
Earl Warren f1d4913ebc
allow everything between cluster nodes
The script will set the same firewall on all nodes.

Closes infrastructure/documentation#32
2024-10-19 13:57:23 +02:00
earl-warren c1bef01310 Merge pull request 'add disaster recovery instructions' (#31) from earl-warren/documentation:wip-disaster into main
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/31
2024-10-19 10:31:27 +00:00
Earl Warren 2e13b2dbbe
add disaster recovery instructions 2024-10-19 12:29:49 +02:00
Earl Warren 1bb649913c
fine tune installation instructions 2024-10-19 12:28:50 +02:00
earl-warren 2ca85bed21 Merge pull request 'Allocate a dedicated IP to NFS server' (#30) from earl-warren/documentation:wip-disaster into main
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/30
2024-10-18 09:21:38 +00:00
Earl Warren 7957c93471
Allocate a dedicated IP to NFS server
So that it can be moved around from one machine to another.
2024-10-18 11:20:31 +02:00
earl-warren 20b07cacbd Merge pull request 'have DRBD be up at boot' (#29) from earl-warren/documentation:wip-disaster into main
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/29
2024-10-18 08:57:39 +00:00
Earl Warren 6c6def6da2
have DRBD be up at boot
one less manual operation
2024-10-18 10:53:12 +02:00
earl-warren a8cfb2a1c8 Merge pull request 'hetzner k8s controler is not compatible with server API' (#27) from earl-warren/documentation:wip-firewall into main
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/27
2024-10-17 19:08:42 +00:00
Earl Warren dcadf2fd7f
hetzner k8s controler is not compatible with server API
it is for the cloud API only
2024-10-17 21:08:00 +02:00
earl-warren 679177673d Merge pull request 'k8s firewall' (#26) from earl-warren/documentation:wip-firewall into main
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/26
2024-10-17 19:06:36 +00:00
Earl Warren ab3221ab89
k8s ufw firewall 2024-10-17 20:52:06 +02:00
Earl Warren d9420f8ac4
k8s: hetzner firewall is not good enough 2024-10-17 20:24:22 +02:00
earl-warren e732428516 Merge pull request 'use IPv6 local address, not link local' (#25) from earl-warren/documentation:wip-ipv6 into main
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/25
2024-10-17 17:05:31 +00:00
Earl Warren b3cfba4952
use IPv6 local address, not link local
https://en.wikipedia.org/wiki/Unique_local_address
2024-10-17 17:15:47 +02:00
earl-warren 016fd14241 Merge pull request 'use and create a NFS backed PVC' (#21) from earl-warren/documentation:wip-nfs into main
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/21
2024-10-17 13:00:33 +00:00
Earl Warren 8f0c9c17b9
re-order section for reseting the cluster
so that they can be applied in order
2024-10-17 14:55:46 +02:00
Earl Warren 644faf989e
force nfs version 4
It is equivalent to -t nfs4 except there is no way to specify this
on mount and it has to be done via options
2024-10-17 14:23:19 +02:00
Earl Warren 3f79d6d365
allow 10.0.0.0/8 in the firewall 2024-10-17 13:36:16 +02:00
Earl Warren b5f7d949ab
nfs mounts must not be sync
This is a 10x performance hit.

It is reasonable to mount NFS in async. Just like with locally mounted
disk, there is a risk of data loss. But since it honors requests to
sync, the application is in control of when it matters. An
application (database, git, forgejo even) would have a bad design if,
for instance, it returned success on a write operation without issuing
a sync.
2024-10-17 13:36:16 +02:00
Earl Warren 40513d541a
nfs: define a root so that nfsv4 is used instead of nfsv3 2024-10-17 13:36:16 +02:00
Earl Warren f76d6ea2a9
use and create a NFS backed PVC 2024-10-17 13:36:16 +02:00
earl-warren 184f9045d1 Merge pull request 'nginx stream reverse proxy: use default timeout' (#24) from earl-warren/documentation:wip-nginx into main
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/24
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-10-13 12:37:11 +00:00
Earl Warren dfb473fd00
nginx stream reverse proxy: use default timeout
3s is too short for connect timeout when the user it manually typing a password

http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_connect_timeout
2024-10-13 14:51:16 +03:00
earl-warren 98bf0f94a9 Merge pull request 'k8s: the ipv6 range for nodes must not conflict with cluster/service' (#23) from earl-warren/documentation:wip-k8s-ipv6 into main
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/23
2024-10-06 10:40:51 +00:00
Earl Warren f70e35d1e8
k8s: simplify installation instructions 2024-10-06 12:38:53 +02:00
Earl Warren efedb1db3c
k8s: the ipv6 range for nodes must not conflict with cluster/service 2024-10-06 12:13:57 +02:00
earl-warren aeda8706d3 Merge pull request 'note on Hetzner firewall' (#17) from earl-warren/documentation:wip-k8s-network into main
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/17
2024-10-05 10:25:12 +00:00
earl-warren bed22adf2b Merge pull request 'k8s three nodes cluster' (#19) from earl-warren/documentation:wip-k8s-cluster into main
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/19
2024-10-05 10:25:00 +00:00
earl-warren be0278a40e Merge pull request 'setup NFS to use the DRBD volume' (#20) from earl-warren/documentation:wip-nfs into main
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/20
2024-10-05 10:24:47 +00:00
Earl Warren 7ec8e13b84
setup NFS to use the DRBD volume
Closes #2
2024-10-05 12:23:22 +02:00
Earl Warren fb8209f378
k8s three nodes cluster
Closes #18
2024-10-05 12:07:33 +02:00
Earl Warren a503942e6a
note on Hetzner firewall 2024-10-05 12:00:12 +02:00
earl-warren 3b892d0830 Merge pull request 'permanently redirect port 80 to 443' (#16) from earl-warren/documentation:wip-k8s-network into main
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/16
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-10-01 09:14:00 +00:00
Earl Warren e7c40323a2
permanently redirect port 80 to 443
Closes #14
2024-10-01 11:12:59 +02:00
earl-warren b6a17d46ab Merge pull request 'hetzner{05,06} k8s node & network configuration' (#13) from earl-warren/documentation:wip-k8s-network into main
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/13
2024-09-29 15:59:27 +00:00
Earl Warren 015327b5e3
hetzner{05,06} k8s node & network configuration 2024-09-29 17:52:24 +02:00
earl-warren 743251c733 Merge pull request 'nginx configuration for rate limiting crawlers' (#9) from earl-warren/documentation:wip-rate into main
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/9
2024-09-19 05:43:12 +00:00
Earl Warren 52d46196dd
nginx configuration for rate limiting crawlers
Fixes: #8
2024-09-18 15:51:10 +02:00
earl-warren 891af11fd5 Merge pull request 'ssh port forwarding via nginx stream for code.forgejo.org' (#7) from earl-warren/documentation:wip-forwarding into main
Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/7
2024-09-17 09:41:35 +00:00
Earl Warren 5b4570e204
ssh port forwarding via nginx stream for code.forgejo.org
Fixes: #6
2024-09-17 08:51:04 +02:00
Earl Warren f77193590b
add link to the mirror 2024-09-16 16:41:36 +02:00
Earl Warren bd6143997c
migrate from the Forgejo documentation 2024-09-14 13:47:16 +02:00
earl-warren a4704558a7 Initial commit 2024-09-14 11:43:39 +00:00