From e979b7b0d2c76511047003ba1404552b0b5877b3 Mon Sep 17 00:00:00 2001
From: Sacha Wharton <32266273+sachajw@users.noreply.github.com>
Date: Sat, 10 Aug 2024 13:24:02 +0200
Subject: [PATCH 1/6] =?UTF-8?q?=F0=9F=9B=A0=20NEW:=20minor=20tweaks?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../en/blog/contributors/how-to-bake-an-ortelius-pi-part02.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part02.md b/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part02.md
index d0cd37d7..ee0b320d 100644
--- a/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part02.md
+++ b/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part02.md
@@ -107,7 +107,7 @@ For DNS I use [NextDNS](https://nextdns.io/) but this is not just DNS its comple
#### Take note
-NextDNS is free to a certain amount of DNS queries once you reach that limit resolution stops. Its inexpensive and totally worth it.
+NextDNS is free up to `300,000 queries/month`, once you reach that limit resolution stops.
- Think of a domain name for your environment - mine is `pangarabbit.com`
- Go to the NextDNS Wiki [here](https://github.com/nextdns/nextdns/wiki)
From 9272a55d2941ff8f921af77d02fe1b58cd1cbab4 Mon Sep 17 00:00:00 2001
From: Sacha Wharton <32266273+sachajw@users.noreply.github.com>
Date: Sat, 10 Aug 2024 13:27:17 +0200
Subject: [PATCH 2/6] =?UTF-8?q?=F0=9F=9B=A0=20NEW:=20minor=20tweaks?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../en/blog/contributors/how-to-bake-an-ortelius-pi-part02.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part02.md b/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part02.md
index ee0b320d..e53f9298 100644
--- a/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part02.md
+++ b/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part02.md
@@ -109,7 +109,7 @@ For DNS I use [NextDNS](https://nextdns.io/) but this is not just DNS its comple
NextDNS is free up to `300,000 queries/month`, once you reach that limit resolution stops.
-- Think of a domain name for your environment - mine is `pangarabbit.com`
+- Think of a domain name for your environment mine is `pangarabbit.com`
- Go to the NextDNS Wiki [here](https://github.com/nextdns/nextdns/wiki)
- Install the cli on each Pi and on your NAS so that you can SSH into your NAS and install NextDNS
- Here is a doc on how to configure [SSH](https://kb.synology.com/en-id/DSM/tutorial/How_to_login_to_DSM_with_root_permission_via_SSH_Telnet) for a Synology NAS
From 1b26cb3e8a2adec1c746b93f39a5b8f7d1326161 Mon Sep 17 00:00:00 2001
From: Sacha Wharton <32266273+sachajw@users.noreply.github.com>
Date: Sat, 10 Aug 2024 13:38:31 +0200
Subject: [PATCH 3/6] =?UTF-8?q?=F0=9F=9B=A0=20NEW:=20minor=20tweaks?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../contributors/how-to-bake-an-ortelius-pi-part02.md | 3 ++-
.../contributors/how-to-bake-an-ortelius-pi-part03.md | 9 +++++++--
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part02.md b/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part02.md
index e53f9298..61ba4686 100644
--- a/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part02.md
+++ b/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part02.md
@@ -172,7 +172,8 @@ max-inflight-requests 256
- NextDNS will instantly auto refresh all your NextDNS agents with any configuration changes
-- Great DNS is done!
+
+Great DNS is done!
### NFS Prep
diff --git a/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part03.md b/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part03.md
index 17b8bb42..168a7b76 100644
--- a/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part03.md
+++ b/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part03.md
@@ -77,6 +77,8 @@ In [part 2](https://ortelius.io/blog/2024/04/05/how-to-bake-an-ortelius-pi-part-
In part 3 we will use the [GitOps Methodology](https://opengitops.dev/) to deploy [Cert Manager](https://cert-manager.io/), [NFS CSI Driver](https://github.com/kubernetes-csi/csi-driver-nfs) for Kubernetes to connect to the Synology NAS for centralised dynamic volume storage, [Metallb Load Balancer](https://metallb.universe.tf/), [Traefik Proxy](https://traefik.io/) as the entrypoint for our Microservices and [Ortelius](https://ortelius.io/) the ultimate evidence store using [Gimlet](https://gimlet.io/) as the UI to our GitOps controller [Fluxcd](https://fluxcd.io/).
+I have included the full `values.yaml` configuration from the provider to provide an educational element from the early career start to the seasoned engineer. In contrast to this you could just provide your changes thus making less lines of code and a whole lot less scrolling.
+
### Roadmap
`storage --> certificate store --> load balancer --> proxy/api gateway --> evidence store --> cloudflare --> observability --> secret store --> zerotier --> everything else`
@@ -85,7 +87,7 @@ In part 3 we will use the [GitOps Methodology](https://opengitops.dev/) to deplo
#### CRDs
-[CRDs](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/) are custom resources created in our Kubernetes cluster that add additional functionality and most of the infrastructure components you will be deploying will create CRDs in your Kubernetes cluster.
+[CRDs](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/) are custom resources created in our Kubernetes cluster that add additional functionality and most of the `infrastructure` components you will be deploying will create CRDs in your Kubernetes cluster.
```shell
kubectl get crds --all-namespaces
@@ -210,7 +212,8 @@ Gimlet comes in two flavours [Self-Hosted](https://github.com/gimlet-io/gimlet)
#### VS Code Extension
-The VS Code extension allows you to get into the guts of your Fluxcd deployment and configuration from within VS Code.
+The VS Code extension allows you to get into the guts of your Fluxcd deployment, Fluxcd configuration and Fluxcd troubleshooting from within VS Code.
+
@@ -269,6 +272,8 @@ gimlet --version
- Explore more involved installations of Gimlet [here](https://github.com/gimlet-io/gimlet/tree/main/examples)
- We will be using this easy to deploy one-liner for now
+- Whether you use the cloud or the self-hosted version the interface is the same
+- You won't need to port forward to the UI if you use cloud hosted as the Gimlet folks do the hard work for you
```shell
kubectl apply -f https://raw.githubusercontent.com/gimlet-io/gimlet/main/deploy/gimlet.yaml
From b663e00a888d8c4ceb87f3b58afbf1c7f9ac3de5 Mon Sep 17 00:00:00 2001
From: Sacha Wharton <32266273+sachajw@users.noreply.github.com>
Date: Sat, 10 Aug 2024 13:44:16 +0200
Subject: [PATCH 4/6] =?UTF-8?q?=F0=9F=9B=A0=20NEW:=20minor=20tweaks?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../en/blog/contributors/how-to-bake-an-ortelius-pi-part03.md | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part03.md b/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part03.md
index 168a7b76..1f18814b 100644
--- a/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part03.md
+++ b/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part03.md
@@ -274,6 +274,7 @@ gimlet --version
- We will be using this easy to deploy one-liner for now
- Whether you use the cloud or the self-hosted version the interface is the same
- You won't need to port forward to the UI if you use cloud hosted as the Gimlet folks do the hard work for you
+- As a hint you could enable the `ingress` and set the `ingressClass` to `traefik` and access the interface from your local network e.g. `gimlet.pangarabbit.com` thus negating port forwarding
```shell
kubectl apply -f https://raw.githubusercontent.com/gimlet-io/gimlet/main/deploy/gimlet.yaml
@@ -3983,7 +3984,7 @@ Well done for making it this far! We have made it to the point where we can depl
- Ortelius docs [here](https://docs.ortelius.io/guides/)
- Ortelius Helm Chart on ArtifactHub [here](https://artifacthub.io/packages/helm/ortelius/ortelius)
-Ortelius currently consists of the following Microservices. The one we are most interested in at this point is `ms-nginx` which is the gateway to all the backing microservices for Ortelius. We are going to deploy Ortelius using Gimlet and Fluxcd then configure Traefik to send requests to `ms-nginx` which should allow us to load the Ortelius frontend.
+The Microservice we are most interested in is `ms-nginx` which is the gateway to all the backing microservices for Ortelius. We are going to deploy Ortelius using Gimlet and Fluxcd then configure Traefik to send requests to `ms-nginx` which should allow us to load the Ortelius frontend.
#### Ortelius Microservice GitHub repos
From 490805292cb83fca900fef6abb47c1fd1f45d458 Mon Sep 17 00:00:00 2001
From: Sacha Wharton <32266273+sachajw@users.noreply.github.com>
Date: Sat, 10 Aug 2024 13:46:39 +0200
Subject: [PATCH 5/6] =?UTF-8?q?=F0=9F=9B=A0=20NEW:=20minor=20tweaks?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../en/blog/contributors/how-to-bake-an-ortelius-pi-part03.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part03.md b/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part03.md
index 1f18814b..7e0f1f3d 100644
--- a/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part03.md
+++ b/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part03.md
@@ -4025,7 +4025,7 @@ metadata:
namespace: infrastructure
spec:
interval: 60m
- timeout: 10m # Helps to mitigate "Context deadline exceeded" https://fluxcd.io/flux/components/helm/helmreleases/#timeout
+ timeout: 10m
releaseName: ortelius
chart:
spec:
@@ -4107,7 +4107,7 @@ You should now be able to reach the Ortelius frontend in your browser using the
### Conclusion
-By this stage you should have three Pi's each with MicroK8s, NFS CSI Driver, Cert Manager, Traefik, Ortelius and a NFS server up and running. Stay tuned for Part 4 where we unleash LetsEncrypt with Cloudflare for automatic certificate renewal to provide certificate and TLS services.
+By this stage you should have three Pi's each with MicroK8s, NFS CSI Driver, Cert Manager, Traefik, Ortelius and a NFS server up and running. Stay tuned for Part 4 where we unleash Cloudflare, LetsEncrypt with Traefik for automatic certificate renewal to provide secure services behind a single entrypoint.
Happy alien hunting.......
From 863d0ff21712a34841e0f8a25b057d3c3ba03916 Mon Sep 17 00:00:00 2001
From: Sacha Wharton <32266273+sachajw@users.noreply.github.com>
Date: Sat, 10 Aug 2024 13:51:48 +0200
Subject: [PATCH 6/6] =?UTF-8?q?=F0=9F=9B=A0=20NEW:=20minor=20tweaks?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../blog/contributors/how-to-bake-an-ortelius-pi-part04.md | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part04.md b/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part04.md
index 4ee7acb8..8413ae09 100644
--- a/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part04.md
+++ b/content/en/blog/contributors/how-to-bake-an-ortelius-pi-part04.md
@@ -30,8 +30,6 @@ In part 4 we will setup [Cloudflare](https://www.cloudflare.com/en-gb/), [LetsEn
### Roadmap
-I have tried to put things in a logical order for deployment like this:
-
`cloudflare --> observability --> secret store --> zerotier --> everything else`
### Cloudflare | Connectivity Cloud
@@ -140,7 +138,7 @@ Cloudflare strongly recommends using Full or Full (strict) modes to prevent mali
- Clicking on `Edge Certificates` you will see that the kind folks at Cloudflare have provided you with a certificate for free also known as `Universal SSL`
-Attention: Let's Encrypt's chain of trust will be changing on September 2024. Universal SSL certificates will be automatically switched to a more compatible certificate authority. Review our [documentation](https://developers.cloudflare.com/ssl/reference/migration-guides/lets-encrypt-chain/#lets-encrypt-chain-update) for details and to understand the impacts on other certificate types.
+Attention: Let's Encrypt's chain of trust will be changing on September 2024. Universal SSL certificates will be automatically switched to a more compatible certificate authority. Review our [documentation](https://developers.cloudflare.com/ssl/reference/migration-guides/lets-encrypt-chain/#lets-encrypt-chain-update) for details and to understand the impacts on other certificate types.
@@ -192,7 +190,7 @@ Attention: Let's Encrypt's chain of trust will be changing on September 2024. Un
-Great we should have a functional certificate which will be auto renewed and we can use Traefik as the single point for secure connections.
+Great we should have a functional certificate which will be auto renewed and we can use Traefik as the single point of entry for secure connections.
### Traefik
@@ -192,7 +190,7 @@ Attention: Let's Encrypt's chain of trust will be changing on September 2024. Un