Skip to content

dream-aim-deliver/kubesat-planckster

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

111 Commits
.github/workflows
.github/workflows
 
 
infrastructure/base
infrastructure/base
 
 
releases
releases
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

kubesat-planckster

Kernel Planckster MinIO Configuration

After flux has initially reconciled this repository with you cluster, the kernel planckster pods will not start. You need to go to the MinIO console and generate a new access key and secret key. You can save the credentials in a Kubernetes secret.

Create a new file called minio-secret-patch.yaml with the following content:

apiVersion: v1
kind: Secret
metadata:
  name: kp-minio-credentials
  namespace: sda
type: Opaque
stringData:
  accesskey: <accessKey>
  secretkey: <secretKey>

You can then apply the secret to the cluster with the following command:

kubectl apply -f minio-secret-patch.yaml

Creating a new tunnel/route via Cloudflare

Create a new tunnel from scratch

To expose a new serivce from the cluster to the internet, you need to create a new Cloudflare tunnel you can use the scripts/cloudflare-tunnel.sh script to create a new tunnel.

./scripts/cloudflare-tunnel.sh <tunnel-name>

This script will generate a secret in /releases/production/secrets directory cotnaining the tunnel credentials.

Please make sure you encrypt the secret before committing it to the repository.

DO NOT FORGET TO EXPOSE THE SECRET AND THE MANIFESTS in the corresponding kustomization.yaml files.

Exposing a service

To expose a service, you need to create a new route for the tunnel. You can use the following command to create a new route:

Please update the ingress section of the configuration file in releases/production/cloudflared/config.yaml to include the new route.

Also, add a DNS record for every route you wish to configure

cloudflared tunnel route dns <tunnel-name> <sub-domain>.devmaany.com

Push the changes to the repository and the tunnel will be updated automatically.

Configuration of MinIO tenant

You can go to the MinIO Operator Console and create a new tenant if the tenant helm chart has not already created one for you. For this tenant. Then you need to port-forward the tenant console, and create a new new client. You must copy Access Key and Secret Key. The access credentials need to be set in the kp-minio-credentials secret in the sda namespace.

** NOTE: currently the kp-credential secret is managed externally from flux. Modify it directly with kubectl and restart the kernel planckster deployment for the changes to take effect.**

Current Status: Minio Operator

In order to allow public uploads and downloads based on signed-url's generated by MinIO, we are creating a cloudflare tunnel route to point to the MinIO Tenant's API service. Additionally, Kernel needs to be configured to use the public URL of the MinIO Tenant. See the production configuration for the current setup.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages