Cluster services

• k3s (cluster software)
• step-ca (certificate manager)
• cert-manager (cluster to step gateway)
• traefik (web proxy/gateway)
• Prometheus (metrics)
• Grafana (metrics display)
• Something for logs
• Something for alerts?

I want tenants to be able to use mTLS internally, so cert-manager needs two providers, one for step and one for Lets encrypt.

Cluster tenants

• mail
  • postfix (smtp server)
  • dovecot (imap server and email storage)
  • spamassassin (spam filter)
  • opendkim
  • opendmarc
• osric.uk
• shinjuspottery
• fluffypeople
• kamelion

Cluster Management

• helm?

That looks like a bunch of namespaces and then mail has a small collection of pods.

I'd like to give everyone their own ipv6 address, and I can front the web servers with mythics ipv4 proxy, only running mail through native ipv4.

Still, I'm not sure what it gets me. I want to be able to throw up a new service (and take it down later) with close to zero effort. I've newly got that now, but there is a bunch of setup on the server to do.

(I also want to split osric.uk down into a bunch of tiny services, but I'm worried about the overhead of running c# vms)

I think I can setup a helm chat for "deploy to server", and then just change the names. I'll look at that.