ungleich-k8s/apps/fnux-playground/README.md

53 lines
1.8 KiB
Markdown
Raw Normal View History

# Fnux's playground
Tests made by Timothée for ungleich.
## OpenLDAP
Simple chart based on [Osixia's OpenLDAP
image](https://github.com/osixia/docker-openldap). A TLS certificate is
automatically generated via Let'sEncrypt, but renewal is not handled yet.
TODO: handle TLS certificate renewal.
NOTE: replication with the osixia image is somewhat broken, see:
https://github.com/osixia/docker-openldap/issues/203
-> Worked around the issue with https://github.com/ungleich/docker-openldap/commit/3c7c9ece1e67bce0bfe1fdb66a63f5c8c59359f4
```
kubectl create secret generic ldap1-openldap --from-literal=LDAP_ADMIN_PASSWORD=secretsecretsectet
helm install ldap1 ./openldap -f ldapN.fnux-playground.yaml
helm install ldap2 ./openldap -f ldapN.fnux-playground.yaml
```
## Matrix Synapse
Matrix Homeserver setup based on [Ananace's Helm
charts](https://github.com/osixia/docker-openldap). I exchanged a few mails
with him, he's nice!
Note: we need to wire up some network policy to firewall the various components.
Note: there's some configuration and secret management to work on!
Note: there's a missing bit for IPv6 support (https://gitlab.com/ananace/charts/-/merge_requests/15)
```
helm repo add ananace-charts https://ananace.gitlab.io/charts
helm repo update
helm install matrix ananace-charts/matrix-synapse --set serverName=matrix.fnux-playground.svc.c1.k8s.ooo --set wellknown.enabled=true -f matrix.fnux-playground.yaml
```
## Ingress
Ingress is used by the matrix-synapse chart to distribute requests across
synapse workers. We could do it ourselve (just generate a NGINX container from
synapse's config) but there's already ingress logic around, which do this for
us...
```
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx
```