factory/doc/adr

Bases

Fondamentaux

• Setup DNS, OS, ...
• docker & k3s
• main components
  • setup volume, nfs, k8s provisioner
  • setup postgres
  • setup gitea
    • setup mail alert
• setup gitea runners, Argo CD
  • sync git repo with github/gitlab
  • docker hub
  • gitea packages
• devsecops tools
  • hashicorp vault
  • terrakube
  • prometheus/grafana
  • ansible AWX
• setup hello world web app
  • manage postgres credentials
  • protect public endpoint (crowdsec)

Note

Reference: Arcodange Factory Ansible Collection

Important

duckdns.org offre un sous domaine de duckdns.org gratuitement ainsi que des (sous-)sous domaines. Avec notre token on peut valider le challenge DNS de letsencrypt (pour du SSL gratuit) et configurer un cron job pour mettre à jour l'ip publique référencée par notre sous-domaine.

%%{init: { 'logLevel': 'debug', 'theme': 'base' } }%%
flowchart
    net[Internet]
    subgraph "Local Network (livebox)"
        net_rules{network rules}
        subgraph pi1
            subgraph Docker_pi1[Docker]
                %%subgraph Traefik
                %%    :web80
                %%    :websecure443
                %%end
                gitea_action_runner
            end
            subgraph k3s_server[K3S Master]
                %% Traefik -.-> K3S_Traefik
                subgraph K3S_Traefik
                    subdomain_git[/git.arcodange.duckdns.org/]
                end
                Pods[hello world web app]
                ArgoCD
            end
        end
        subgraph pi2
            subgraph Docker_pi2[Docker]
                subgraph gitea_network
                    subgraph postgres_service
                    end
                    subgraph gitea_service
                    end
                end
            end
            subgraph HardDisk[Hard Disk]
                pg_data[pg_data partition]
                gitea_data[gitea_data partition]
                nfs_data[NFS_data partition]
                K3S_storage_provisioner --o nfs_data
            end
            subgraph k3s_agent[K3S Agent]
                Pods'[hello world web app]
            end
        end
    end

    postgres_service --o pg_data
    gitea_service --o gitea_data

    net -. "http(s)://(*.)arcodange.duckdns.org" .- net_rules -. :<i>443/80</i> .-> K3S_Traefik
    %% Traefik

    subdomain_git -.-> gitea_service

    classDef k3s fill:#fff,stroke:#f0f,stroke-width:1px;
    classDef storage fill:#999,stroke:#000,stroke-width:2px;

    class HardDisk storage;
    class k3s_server,k3s_agent,K3S_storage_provisioner k3s;