Cluster services

  • k3s (cluster software)
  • step-ca (certificate manager)
  • cert-manager (cluster to step gateway)
  • traefik (web proxy/gateway)
  • Prometheus (metrics)
  • Grafana (metrics display)
  • Something for logs
  • Something for alerts?

I want tenants to be able to use mTLS internally, so cert-manager needs two providers, one for step and one for Lets encrypt.

Cluster tenants

  • mail
    • postfix (smtp server)
    • dovecot (imap server and email storage)
    • spamassassin (spam filter)
    • opendkim
    • opendmarc
  • osric.uk
  • shinjuspottery
  • fluffypeople
  • kamelion

Cluster Management

  • helm?

That looks like a bunch of namespaces and then mail has a small collection of pods.

I'd like to give everyone their own ipv6 address, and I can front the web servers with mythics ipv4 proxy, only running mail through native ipv4.

Still, I'm not sure what it gets me. I want to be able to throw up a new service (and take it down later) with close to zero effort. I've newly got that now, but there is a bunch of setup on the server to do.

(I also want to split osric.uk down into a bunch of tiny services, but I'm worried about the overhead of running c# vms)

I think I can setup a helm chat for "deploy to server", and then just change the names. I'll look at that.

To remember your current position in the blog, this page must store some data in this browser.

Are you OK with that?