Commit 1b91ebbb authored by Justin Gauthier's avatar Justin Gauthier

update documentation

parent 0f7d20f5
......@@ -39,4 +39,4 @@ Kubernetes Cluster configuration and services documentation, with example source
* [OAuth2-Proxy](docs/services/services.md#oauth2-proxy)
* [Next Steps](docs/services/services.md#next-steps)
* [Current Services](https://gitlab.com/just.insane/kubernetes/blob/master/docs/services.md#current-services-in-lab)
* [New Services](docs/services/services.md#new-services)
\ No newline at end of file
* [New Services](docs/services/services.md#new-services)
# Configuration
## Table of Contents
<!-- @import "[TOC]" {cmd="toc" depthFrom=2 depthTo=6 orderedList=false} -->
<!-- code_chunk_output -->
* [Table of Contents](#table-of-contents)
* [Install Helm](#install-helm)
* [Install NFS-Client](#install-nfs-client)
* [Install MetalLB](#install-metallb)
* [Install Consul](#install-consul)
* [~~Install Traefik~~](#~~install-traefik~~)
* [Install Nginx-Ingress](#install-nginx-ingress)
* [Install Cert-Manager](#install-cert-manager)
* [Create Production Issuer](#create-production-issuer)
* [Create Cloudflare API Key Secret](#create-cloudflare-api-key-secret)
* [Create Default Certificate](#create-default-certificate)
* [Create ingress for Consul and Dashboard](#create-ingress-for-consul-and-dashboard)
* [Next Steps](#next-steps)
<!-- /code_chunk_output -->
## Install Helm
* NOTE: If using the supplied inventory, Helm is automatically installed via [addons.md](../../src/installation/inventory/Justin-Tech/group_vars/k8s-cluster/addons.yml).
......
# Installation
## Table of Contents
<!-- @import "[TOC]" {cmd="toc" depthFrom=2 depthTo=6 orderedList=false} -->
<!-- code_chunk_output -->
* [Table of Contents](#table-of-contents)
* [Server Installation](#server-installation)
* [Host Configuration and Kubernetes Cluster installation](#host-configuration-and-kubernetes-cluster-installation)
* [Login with username and password](#login-with-username-and-password)
* [Create dashboard user and retrieve access token](#create-dashboard-user-and-retrieve-access-token)
<!-- /code_chunk_output -->
## Server Installation
1. Install CentOS 7 DVD from USB
......
# Upgrading
<!-- @import "[TOC]" {cmd="toc" depthFrom=2 depthTo=6 orderedList=false} -->
<!-- code_chunk_output -->
* [Upgrading via Kubespray](#upgrading-via-kubespray)
* [Description](#description)
* [Unsafe upgrade example](#unsafe-upgrade-example)
* [Graceful upgrade](#graceful-upgrade)
* [Upgrade order](#upgrade-order)
* [Upgrade considerations](#upgrade-considerations)
* [Component-based upgrades](#component-based-upgrades)
<!-- /code_chunk_output -->
## Upgrading via Kubespray
Documentation regrading upgrading the cluster via Kubespray can be found [here](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/upgrades.md).
......
# Services
<!-- @import "[TOC]" {cmd="toc" depthFrom=2 depthTo=6 orderedList=false} -->
<!-- code_chunk_output -->
* [Guacamole](#guacamole)
* [Keycloak](#keycloak)
* [Ansible/AWX](#ansibleawx)
* [PostgreSQL](#postgresql)
* [Home Assistant](#home-assistant)
* [Atlassian Jira](#atlassian-jira)
* [Atlassian Confluence](#atlassian-confluence)
* [Nextcloud](#nextcloud)
* [Plex](#plex)
* [OAuth2-Proxy](#oauth2-proxy)
* [Next Steps](#next-steps)
* [Current Services (in lab)](#current-services-in-lab)
* [New Services](#new-services)
<!-- /code_chunk_output -->
## Guacamole
1. Clone the Guacamole Helm chart [https://github.com/Just-Insane/apache-guacamole-helm-chart](https://github.com/Just-Insane/apache-guacamole-helm-chart)
......
......@@ -16,8 +16,8 @@ spec:
- "*.corp.justin-tech.com"
keySize: 4096
keyAlgorithm: rsa
organization:
- "Justin-Tech"
# organization:
# - "Justin-Tech"
acme:
config:
- dns01:
......@@ -25,4 +25,4 @@ spec:
domains:
- justin-tech.com
- "*.justin-tech.com"
- "*.corp.justin-tech.com"
\ No newline at end of file
- "*.corp.justin-tech.com"
......@@ -80,7 +80,7 @@ podDnsConfig:
nodeSelector: {}
ingressShim: {}
ingressShim:
defaultIssuerName: "letsencrypt-production"
defaultIssuerKind: "ClusterIssuer"
# defaultACMEChallengeType: ""
......@@ -117,4 +117,4 @@ affinity: {}
# operator: Equal
# value: master
# effect: NoSchedule
tolerations: []
\ No newline at end of file
tolerations: []
Subproject commit eae83992abdacf9ca5f377ca7d50f59142b21e16
Subproject commit 40e7c472b7ce0ffbdaa867f4cb6dc1aa0459b778
......@@ -20,49 +20,6 @@ replicaCount: 1
ingress:
enabled: true
annotations: {}
# nginx.ingress.kubernetes.io/proxy-body-size: 4G
# kubernetes.io/tls-acme: "true"
# certmanager.k8s.io/cluster-issuer: letsencrypt-prod
# nginx.ingress.kubernetes.io/server-snippet: |-
# add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
# add_header X-Robots-Tag none;
# add_header X-Download-Options noopen;
# add_header X-Permitted-Cross-Domain-Policies none;
# add_header X-Content-Type-Options nosniff;
# add_header X-XSS-Protection "1; mode=block";
# add_header Referrer-Policy no-referrer;
# rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
# rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
# rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json;
# location = /.well-known/carddav {
# return 301 $scheme://$host/remote.php/dav;
# }
# location = /.well-known/caldav {
# return 301 $scheme://$host/remote.php/dav;
# }
# location = /robots.txt {
# allow all;
# log_not_found off;
# access_log off;
# }
# location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
# try_files $uri /index.php$request_uri;
# # Optional: Don't log access to other assets
# access_log off;
# }
# location / {
# rewrite ^ /index.php$request_uri;
# }
# location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
# deny all;
# }
# location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
# deny all;
# }
# tls:
# - secretName: nextcloud-tls
# hosts:
# - nextcloud.kube.home
nextcloud:
host: nextcloud.corp.justin-tech.com
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment