Merge pull request #168 from sachajw/main

How to bake an Ortelius Pi minor tweaks
ortelius · Aug 10, 2024 · a413065 · a413065
2 parents 809e760 + a8729ce
commit a413065
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 12 deletions.
diff --git a/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part02.md b/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part02.md
@@ -107,9 +107,9 @@ For DNS I use [NextDNS](https://nextdns.io/) but this is not just DNS its comple
 
 #### Take note
 
-NextDNS is free to a certain amount of DNS queries once you reach that limit resolution stops. Its inexpensive and totally worth it.
+NextDNS is free up to `300,000 queries/month`, once you reach that limit resolution stops.
 
-- Think of a domain name for your environment - mine is `pangarabbit.com`
+- Think of a domain name for your environment mine is `pangarabbit.com`
 - Go to the NextDNS Wiki [here](https://github.com/nextdns/nextdns/wiki)
 - Install the cli on each Pi and on your NAS so that you can SSH into your NAS and install NextDNS
 - Here is a doc on how to configure [SSH](https://kb.synology.com/en-id/DSM/tutorial/How_to_login_to_DSM_with_root_permission_via_SSH_Telnet) for a Synology NAS
@@ -172,7 +172,8 @@ max-inflight-requests 256
 <p></p>
 
 - NextDNS will instantly auto refresh all your NextDNS agents with any configuration changes
-- Great DNS is done!
+
+Great DNS is done!
 
 ### NFS Prep
 

diff --git a/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part03.md b/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part03.md
@@ -77,6 +77,8 @@ In [part 2](https://ortelius.io/blog/2024/04/05/how-to-bake-an-ortelius-pi-part-
 
 In part 3 we will use the [GitOps Methodology](https://opengitops.dev/) to deploy [Cert Manager](https://cert-manager.io/), [NFS CSI Driver](https://github.com/kubernetes-csi/csi-driver-nfs) for Kubernetes to connect to the Synology NAS for centralised dynamic volume storage, [Metallb Load Balancer](https://metallb.universe.tf/), [Traefik Proxy](https://traefik.io/) as the entrypoint for our Microservices and [Ortelius](https://ortelius.io/) the ultimate evidence store using [Gimlet](https://gimlet.io/) as the UI to our GitOps controller [Fluxcd](https://fluxcd.io/).
 
+I have included the full `values.yaml` configuration from the provider to provide an educational element from the early career start to the seasoned engineer. In contrast to this you could just provide your changes thus making less lines of code and a whole lot less scrolling.
+
 ### Roadmap
 
 `storage --> certificate store --> load balancer --> proxy/api gateway --> evidence store --> cloudflare --> observability --> secret store --> zerotier --> everything else`
@@ -85,7 +87,7 @@ In part 3 we will use the [GitOps Methodology](https://opengitops.dev/) to deplo
 
 #### CRDs
 
-[CRDs](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/) are custom resources created in our Kubernetes cluster that add additional functionality and most of the infrastructure components you will be deploying will create CRDs in your Kubernetes cluster.
+[CRDs](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/) are custom resources created in our Kubernetes cluster that add additional functionality and most of the `infrastructure` components you will be deploying will create CRDs in your Kubernetes cluster.
 
 ```shell
 kubectl get crds --all-namespaces
@@ -210,7 +212,8 @@ Gimlet comes in two flavours [Self-Hosted](https://github.com/gimlet-io/gimlet)
 
 #### VS Code Extension
 
-The VS Code extension allows you to get into the guts of your Fluxcd deployment and configuration from within VS Code.
+The VS Code extension allows you to get into the guts of your Fluxcd deployment, Fluxcd configuration and Fluxcd troubleshooting from within VS Code.
+
 <div class="col-left">
 <img src="/images/how-to-bake-an-ortelius-pi/part03/24-fluxcd-vscode-clusters.png" alt="fluxcd vscode clusters"/>
 </div>
@@ -269,6 +272,9 @@ gimlet --version
 
 - Explore more involved installations of Gimlet [here](https://github.com/gimlet-io/gimlet/tree/main/examples)
 - We will be using this easy to deploy one-liner for now
+- Whether you use the cloud or the self-hosted version the interface is the same
+- You won't need to port forward to the UI if you use cloud hosted as the Gimlet folks do the hard work for you
+- As a hint you could enable the `ingress` and set the `ingressClass` to `traefik` and access the interface from your local network e.g. `gimlet.pangarabbit.com` thus negating port forwarding
 
 ```shell
 kubectl apply -f https://raw.githubusercontent.com/gimlet-io/gimlet/main/deploy/gimlet.yaml
@@ -3978,7 +3984,7 @@ Well done for making it this far! We have made it to the point where we can depl
 - Ortelius docs [here](https://docs.ortelius.io/guides/)
 - Ortelius Helm Chart on ArtifactHub [here](https://artifacthub.io/packages/helm/ortelius/ortelius)
 
-Ortelius currently consists of the following Microservices. The one we are most interested in at this point is `ms-nginx` which is the gateway to all the backing microservices for Ortelius. We are going to deploy Ortelius using Gimlet and Fluxcd then configure Traefik to send requests to `ms-nginx` which should allow us to load the Ortelius frontend.
+The Microservice we are most interested in is `ms-nginx` which is the gateway to all the backing microservices for Ortelius. We are going to deploy Ortelius using Gimlet and Fluxcd then configure Traefik to send requests to `ms-nginx` which should allow us to load the Ortelius frontend.
 
 #### Ortelius Microservice GitHub repos
 
@@ -4019,7 +4025,7 @@ metadata:
   namespace: infrastructure
 spec:
   interval: 60m
-  timeout: 10m # Helps to mitigate "Context deadline exceeded"  https://fluxcd.io/flux/components/helm/helmreleases/#timeout
+  timeout: 10m
   releaseName: ortelius
   chart:
     spec:
@@ -4101,7 +4107,7 @@ You should now be able to reach the Ortelius frontend in your browser using the
 
 ### Conclusion
 
-By this stage you should have three Pi's each with MicroK8s, NFS CSI Driver, Cert Manager, Traefik, Ortelius and a NFS server up and running. Stay tuned for Part 4 where we unleash LetsEncrypt with Cloudflare for automatic certificate renewal to provide certificate and TLS services.
+By this stage you should have three Pi's each with MicroK8s, NFS CSI Driver, Cert Manager, Traefik, Ortelius and a NFS server up and running. Stay tuned for Part 4 where we unleash Cloudflare, LetsEncrypt with Traefik for automatic certificate renewal to provide secure services behind a single entrypoint.
 
 Happy alien hunting.......
 

diff --git a/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part04.md b/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part04.md
@@ -30,8 +30,6 @@ In part 4 we will setup [Cloudflare](https://www.cloudflare.com/en-gb/), [LetsEn
 
 ### Roadmap
 
-I have tried to put things in a logical order for deployment like this:
-
 `cloudflare --> observability --> secret store --> zerotier --> everything else`
 
 ### Cloudflare | Connectivity Cloud
@@ -140,7 +138,7 @@ Cloudflare strongly recommends using Full or Full (strict) modes to prevent mali
 
 - Clicking on `Edge Certificates` you will see that the kind folks at Cloudflare have provided you with a certificate for free also known as `Universal SSL`
 
-Attention: Let's Encrypt's chain of trust will be changing on September 2024. Universal SSL certificates will be automatically switched to a more compatible certificate authority. Review our [documentation](https://developers.cloudflare.com/ssl/reference/migration-guides/lets-encrypt-chain/#lets-encrypt-chain-update) for details and to understand the impacts on other certificate types.
+<strong>Attention:</strong> Let's Encrypt's chain of trust will be changing on September 2024. Universal SSL certificates will be automatically switched to a more compatible certificate authority. Review our [documentation](https://developers.cloudflare.com/ssl/reference/migration-guides/lets-encrypt-chain/#lets-encrypt-chain-update) for details and to understand the impacts on other certificate types.
 
 <div class="col-left">
 <img src="/images/how-to-bake-an-ortelius-pi/part04/12-cf-edge-certificates-button.png" alt="cf edge certificates button"/>
@@ -192,7 +190,7 @@ Attention: Let's Encrypt's chain of trust will be changing on September 2024. Un
 </div>
 <p></p>
 
-Great we should have a functional certificate which will be auto renewed and we can use Traefik as the single point for secure connections.
+Great we should have a functional certificate which will be auto renewed and we can use Traefik as the single point of entry for secure connections.
 
 ### Traefik