Conversation

Notices

1. Embed this notice
   Mauricio Teixeira 🇧🇷🇺🇲 (badnetmask@hachyderm.io)'s status on Saturday, 04-Jan-2025 13:48:16 JST Mauricio Teixeira 🇧🇷🇺🇲

   in reply to

   • Rachel

   @rachel
   How do you issue certs? LE with public DNS?

   (btw, you remind me I need to look at renovate bot)

   • Embed this notice
     Rachel (rachel@transitory.social)'s status on Saturday, 04-Jan-2025 13:48:21 JST Rachel

     Cluster Rebuild Status :ablobcatbongokeyboard:
     
     Completed:
     * Talos cluster, with almost sane configs
     * Cilium with BGP LB, ingress, hubble, gateway-api
     * frr bgp-ospf bridge
     * external-dns
     * cert-manager w/ dns challenge
     * cloudnative-pg operator
     * nfs-subdir storage
     * keycloak operator
     * keycloak realm/client management via terraform (because the operator is lacking tbh)
     * Keycloak ream with google auth (only for existing users) and webauthn/passkey login options
     * Forgejo
     
     Upcoming:
     * Organize and move repo into Forgejo
     * ArgoCD
     * Pull infra into argo
     * Configure renovate against forgejo
     * Configure a pile of missing smtp configs
     * Forgejo GPG signing
     * Fix Cilium shared ingress
     * migrates local-only apps to new cluster
     
     Unanswered questions:
     * CI Runners in Forgejo? Use alternative CI engine?
     * Secret management? May skip it -- may not be worth it given the smaller number of secrets
     * Storage migration? Ceph/Rook
     
     #HomeLab #Kuberetes #HomeLab #Kuberetes