35 lines
1.5 KiB
Markdown
35 lines
1.5 KiB
Markdown
# Hetzner single-node overlay
|
|
|
|
This overlay turns the shared platform and `unrip` project bases into a concrete first-node bootstrap target for the Terraform-provisioned k3s VM.
|
|
|
|
## Before apply
|
|
Create real secret material from the examples:
|
|
|
|
```bash
|
|
cp deploy/k8s/overlays/hetzner-single-node/secrets/unrip.env.example deploy/k8s/overlays/hetzner-single-node/secrets/unrip.env
|
|
cp deploy/k8s/overlays/hetzner-single-node/secrets/forgejo.env.example deploy/k8s/overlays/hetzner-single-node/secrets/forgejo.env
|
|
cp deploy/k8s/overlays/hetzner-single-node/secrets/registry.htpasswd.example deploy/k8s/overlays/hetzner-single-node/secrets/registry.htpasswd
|
|
```
|
|
|
|
Update:
|
|
- ingress hosts in `ingress-hosts.patch.yaml`
|
|
- ACME email in `issuer-email.patch.yaml`
|
|
- project secret values in `secrets/unrip.env`
|
|
- Forgejo secret values in `secrets/forgejo.env`
|
|
- registry htpasswd in `secrets/registry.htpasswd`
|
|
|
|
## Apply
|
|
```bash
|
|
kubectl apply -k deploy/k8s/overlays/hetzner-single-node
|
|
```
|
|
|
|
## What gets installed
|
|
- shared platform namespaces for registry, ingress, cert-manager, and Forgejo
|
|
- project namespace `unrip`
|
|
- Redpanda plus a topic bootstrap job inside `unrip`
|
|
- app worker deployments referencing `unrip-secrets`
|
|
- Forgejo and Forgejo runner referencing `forgejo-secrets`
|
|
- private registry protected by htpasswd from `registry-secrets`
|
|
- nginx ingress and ACME issuers for TLS
|
|
|
|
For future projects, do not reuse `unrip`; create a new project namespace and matching `<project>-config`, `<project>-secrets`, and `<project>-registry-creds` resources.
|