Conversation
CasLubbers
requested review from
j-zimnowoda,
merll and
mwildman-akamai
as code owners
| When using an external Git repository (BYO Git), disaster recovery is significantly simplified. The platform configuration is already stored externally, so Gitea backup and restore is not required. To restore the platform, you only need: | ||
|
|
||
| - The age keys (`privateKey` and `publicKey`) used for SOPS encryption. | ||
| - Access to the external Git repository. |
| - The age keys (`privateKey` and `publicKey`) used for SOPS encryption. | ||
| - Access to the external Git repository. | ||
|
|
||
| Make sure to store the age keys securely outside of the cluster. |
There was a problem hiding this comment.
It would be useful to provide a kubectl command to fetch age keys from the cluster.
|
|
||
| ## Prerequisites | ||
|
|
||
| - A Kubernetes cluster with a minimum of 4 nodes with 4 GB of memory each. The recommended setup is 3 nodes with 8 GB of memory each. |
There was a problem hiding this comment.
I find it irrelevant to the future description. The required capacity is rather part of the installation prerequisites. We will lower down the required resource once we introduce GtiOps optional feature.
| ## Prerequisites | ||
|
|
||
| - A Kubernetes cluster with a minimum of 4 nodes with 4 GB of memory each. The recommended setup is 3 nodes with 8 GB of memory each. | ||
| - A Git repository hosted on GitHub or GitLab. |
There was a problem hiding this comment.
An empty git repository accessible from cabernets cluster via the HTTPS protocol.
| To install with BYO Git, disable Gitea and add the Git configuration to your `values.yaml`: | ||
|
|
||
| ```yaml | ||
| apps: |
There was a problem hiding this comment.
are cert-manager, cluster and dns configurations absolutely necessary in this context ?
There was a problem hiding this comment.
Good question, I did not test it without. I actually always test with valid dns and certificates. I have this more setup as an ideal setup.
|
|
||
| ## Disaster recovery with BYO Git | ||
|
|
||
| When using an external Git repository, disaster recovery is significantly simplified. Since the platform configuration is already stored in your external Git provider, there is no need to back up or restore Gitea. To restore the platform, you can re-use the same `values.yaml` from the initial installation. The only addition required is the age keys used for SOPS encryption. |
There was a problem hiding this comment.
The benefits have been already mentioned in the ## Advantages of BYO Git section.
| Add the `privateKey` and `publicKey` to the `kms.sops.age` section of your existing `values.yaml`: | ||
|
|
||
| ```yaml | ||
| kms: |
There was a problem hiding this comment.
For full picture I would again the
otomi:
git:
repoUrl: https://github.com/<owner>/<repo>
username: <git-username>
password: <personal-access-token>
email: <git-email>
branch: main
sops:
age:
privateKey: "<your-age-private-key>"
publicKey: "<your-age-public-key>"
provider: age
so a user have a complete picture. I understand that other values are not necessary because everything else is in the git, isn't it?
There was a problem hiding this comment.
I did not try this. From the top off mind I think it will always first do the helm install. If it does not affect those installations it should work
3 participants
No description provided.