This commit is contained in:
Nico Schottelius 2021-07-20 00:00:46 +02:00
parent 90396d973b
commit ae57db2936

View file

@ -13,13 +13,14 @@ This project is testing, deploying and using IPv6 only k8s clusters.
* ceph with rook (cephfs, rbd) * ceph with rook (cephfs, rbd)
* letsencrypt (nginx, certbot, homemade) * letsencrypt (nginx, certbot, homemade)
* k8s test on arm64 * k8s test on arm64
* CI/CD using flux
* Chart repository (chartmuseum)
## Not (yet) working or tested ## Not (yet) working or tested
* virtualisation (VMs, kubevirt) * virtualisation (VMs, kubevirt)
* network policies * network policies
* prometheus in the cluster * Prometheus for the cluster
* -argocd (?) for CI and upgrades- using flux
* Maybe LoadBalancer support (our ClusterIP already does that though) * Maybe LoadBalancer support (our ClusterIP already does that though)
* (Other) DNS entrys for services * (Other) DNS entrys for services
* Internal backup / snapshots * Internal backup / snapshots
@ -242,6 +243,8 @@ referes to an external load balancer that
## Secrets ## Secrets
### Generating them inside the cluster
Handled via https://github.com/mittwald/kubernetes-secret-generator Handled via https://github.com/mittwald/kubernetes-secret-generator
``` ```
@ -263,7 +266,36 @@ data:
username: c29tZXVzZXI= username: c29tZXVzZXI=
``` ```
This will add a password into it. Password only will * Advantage: passwords are only in the cluster
* Disadvantage: passwords are only in the cluster
## CI/CD
### What we want
* Package everything into one git repository (charts, kustomize, etc.)
* Be usable for multiple clusters
* Easily apply cross cluster
### What we don't want / what is problematic
* Uploading charts to something like chartmuseum
* Is redundant - we have a version in git
* Is manual (could probably be automated)
### ArgoCD
Looks too big, too complex, too complicated.
### FluxCD2
Looks ok, handling of helm is ok, but does not feel intuitive. Seems
to be more orientated on "kustomizing helm charts".
### Helmfile
[helmfile](https://github.com/roboll/helmfile/) seems to do most of
what we need.
## The IPv4 "problem" ## The IPv4 "problem"