Skip to content

redcraft-org/redcraft_kubernetes

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
bastion
bastion
 
 
cert-manager
cert-manager
 
 
mariadb
mariadb
 
 
mongodb
mongodb
 
 
namespaces
namespaces
 
 
rcsm-cron-tasks
rcsm-cron-tasks
 
 
redis
redis
 
 
wireguard
wireguard
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

RedCraft.org Kubernetes infrastructure

Why

Why Kubernetes?

Kubernetes is an excellent way of deploying an infrastructure with multiple environments with containers.

Why are persistant volumes not with the services?

Because you might want to do a kubectl delete -f <name>-service.yaml without deleting your data :)

How to deploy

Requirements

kubectl

Create environments

Create namespace environment (production/staging/testing): kubectl apply -f namespaces/<environment>.yaml

Deploy certificate issuer

Deploy cert-manager: kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.7.1/cert-manager.yaml

⚠️ If you're not deploying a service for RedCraft.org, please replace the email address in cert-manager/cert-manager.yaml ⚠️

Deploy certificate issuer: kubectl apply -f cert-manager/certificate-issuer.yaml

Deploy databases

For these examples, you'll need to specify the namespace by replacing <environment> for each environment.

MariaDB

Create secret: kubectl create secret generic mariadb --namespace=<environment> --from-literal=password=<password>

Create persistent volume: kubectl apply -f mariadb/mariadb-pv.yaml --namespace=<environment>

Deploy service: kubectl apply -f mariadb/mariadb-service.yaml --namespace=<environment>

MongoDB

Create persistent volume: kubectl apply -f mongodb/mongodb-pv.yaml --namespace=<environment>

Deploy service: kubectl apply -f mongodb/mongodb-service.yaml --namespace=<environment>

Redis

Deploy service: kubectl apply -f redis/redis-service.yaml --namespace=<environment>

Deploy Bastion

Bastion is used as an SSH relay to access internal services and databases. We use bastion and github-authorized-keys from Cloud Posse to do so, and use our GitHub public keys to connect to the cluster.

Create namespace: kubectl apply -f namespaces/bastion.yaml

Create secret: kubectl create secret generic bastion --namespace=bastion --from-literal=github_organization=<organization> --from-literal=github_team=<team_name> --from-literal=github_api_token=<api_token>

Create persistent volume: kubectl apply -f bastion/bastion-pv.yaml

Deploy service: kubectl apply -f bastion/bastion-service.yaml

⚠️ You might have to delete and re-apply the service at the first deploy in order for Bastion to work properly

Deploy Wireguard

Wireguard is used to connect external servers to Kubernetes' services.

Create namespace: kubectl apply -f namespaces/wireguard.yaml

Create persistent volume: kubectl apply -f wireguard/wireguard-pv.yaml

Deploy service: kubectl apply -f wireguard/wireguard-service.yaml

Retrieve peer1 config file: kubectl -n wireguard exec wireguard -- cat /config/peer1/peer1.conf > ~/peer1.conf

peer1 for the packer image: kubectl -n wireguard exec wireguard -- cat /config/peer1/peer1.conf > ../redcraft_packer/images/redcraft-minecraft/config/wireguard.conf

Retrieve peer2 config file: kubectl -n wireguard exec wireguard -- cat /config/peer2/peer2.conf > ~/peer2.conf

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published