forked from username/flaskpaste
docs: update for k3s deployment and harbor.mymx.me
This commit is contained in:
Username
@@ -152,7 +152,7 @@ A self-hosted pastebin API that:
|
|||||||
│ CLI register command │ Complete
|
│ CLI register command │ Complete
|
||||||
│ systemd deployment │ Complete (security-hardened)
|
│ systemd deployment │ Complete (security-hardened)
|
||||||
│ Test suite │ 301 tests passing
|
│ Test suite │ 301 tests passing
|
||||||
│ Kubernetes deployment │ Complete (NodePort :30500)
|
│ Kubernetes deployment │ Complete (k3s, NodePort :30500)
|
||||||
│ Harbor registry integration │ Complete (docs only, CI/CD pending)
|
│ Harbor registry integration │ Complete (CI/CD + Trivy scanning)
|
||||||
└─────────────────────────────────┴────────────────────────────────────────────┘
|
└─────────────────────────────────┴────────────────────────────────────────────┘
|
||||||
```
|
```
|
||||||
|
|||||||
2
TODO.md
2
TODO.md
@@ -49,7 +49,7 @@ Unstructured intake buffer for ideas, issues, and observations. Items here are r
|
|||||||
|
|
||||||
## Debt
|
## Debt
|
||||||
|
|
||||||
- Could add more deployment examples (Kubernetes, Ansible role)
|
- Create Ansible deployment role (Kubernetes manifests complete)
|
||||||
|
|
||||||
## External Dependencies
|
## External Dependencies
|
||||||
|
|
||||||
|
|||||||
@@ -203,7 +203,7 @@ spec:
|
|||||||
- name: harbor-creds
|
- name: harbor-creds
|
||||||
containers:
|
containers:
|
||||||
- name: flaskpaste
|
- name: flaskpaste
|
||||||
image: 192.168.122.154:30443/library/flaskpaste:latest
|
image: harbor.mymx.me/library/flaskpaste:latest
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 5000
|
- containerPort: 5000
|
||||||
env:
|
env:
|
||||||
|
|||||||
@@ -14,11 +14,11 @@ Deploy FlaskPaste to a Kubernetes cluster using images from Harbor registry.
|
|||||||
│ Internet → odin (public IP) → WireGuard → mymx HAProxy │
|
│ Internet → odin (public IP) → WireGuard → mymx HAProxy │
|
||||||
│ │ │
|
│ │ │
|
||||||
│ ↓ │
|
│ ↓ │
|
||||||
│ K8s NodePort :30500 │
|
│ K3s NodePort :30500 │
|
||||||
│ │ │
|
│ │ │
|
||||||
│ ┌──────────┼──────────┐ │
|
│ ┌──────────┼──────────┐ │
|
||||||
│ ↓ ↓ ↓ │
|
│ ↓ ↓ ↓ │
|
||||||
│ k8s-master k8s-worker-1 k8s-worker-2 │
|
│ k3s-master k3s-worker-1 k3s-worker-2 │
|
||||||
│ │ │ │ │
|
│ │ │ │ │
|
||||||
│ └──────────┼──────────┘ │
|
│ └──────────┼──────────┘ │
|
||||||
│ ↓ │
|
│ ↓ │
|
||||||
@@ -152,7 +152,7 @@ spec:
|
|||||||
- name: harbor-creds
|
- name: harbor-creds
|
||||||
containers:
|
containers:
|
||||||
- name: flaskpaste
|
- name: flaskpaste
|
||||||
image: 192.168.122.154:30443/library/flaskpaste:latest
|
image: harbor.mymx.me/library/flaskpaste:latest
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 5000
|
- containerPort: 5000
|
||||||
envFrom:
|
envFrom:
|
||||||
@@ -170,13 +170,13 @@ spec:
|
|||||||
cpu: "250m"
|
cpu: "250m"
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /
|
path: /health
|
||||||
port: 5000
|
port: 5000
|
||||||
initialDelaySeconds: 10
|
initialDelaySeconds: 10
|
||||||
periodSeconds: 30
|
periodSeconds: 30
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /
|
path: /health
|
||||||
port: 5000
|
port: 5000
|
||||||
initialDelaySeconds: 5
|
initialDelaySeconds: 5
|
||||||
periodSeconds: 10
|
periodSeconds: 10
|
||||||
@@ -235,10 +235,10 @@ backend backend-flaskpaste
|
|||||||
# Proxy trust secret
|
# Proxy trust secret
|
||||||
http-request set-header X-Proxy-Secret <your-secret-here>
|
http-request set-header X-Proxy-Secret <your-secret-here>
|
||||||
|
|
||||||
# K8s NodePort backends with failover
|
# K3s NodePort backends with failover
|
||||||
server k8s-master 192.168.122.154:30500 check
|
server k3s-master 192.168.122.186:30500 check
|
||||||
server k8s-worker-1 192.168.122.80:30500 check backup
|
server k3s-worker-1 192.168.122.97:30500 check backup
|
||||||
server k8s-worker-2 192.168.122.219:30500 check backup
|
server k3s-worker-2 192.168.122.221:30500 check backup
|
||||||
```
|
```
|
||||||
|
|
||||||
### Verify HAProxy Backend Status
|
### Verify HAProxy Backend Status
|
||||||
@@ -285,7 +285,7 @@ kubectl scale deployment flaskpaste -n flaskpaste --replicas=3
|
|||||||
# Update image
|
# Update image
|
||||||
kubectl set image deployment/flaskpaste \
|
kubectl set image deployment/flaskpaste \
|
||||||
-n flaskpaste \
|
-n flaskpaste \
|
||||||
flaskpaste=192.168.122.154:30443/library/flaskpaste:v2.0.0
|
flaskpaste=harbor.mymx.me/library/flaskpaste:v2.0.0
|
||||||
|
|
||||||
# Watch rollout
|
# Watch rollout
|
||||||
kubectl rollout status deployment/flaskpaste -n flaskpaste
|
kubectl rollout status deployment/flaskpaste -n flaskpaste
|
||||||
@@ -356,7 +356,7 @@ kubectl get deployment flaskpaste -n flaskpaste -o yaml | grep -A5 Probe
|
|||||||
|
|
||||||
```bash
|
```bash
|
||||||
# Test from HAProxy host to NodePort
|
# Test from HAProxy host to NodePort
|
||||||
curl -s http://192.168.122.154:30500/
|
curl -s http://192.168.122.186:30500/health
|
||||||
|
|
||||||
# Check HAProxy backend status
|
# Check HAProxy backend status
|
||||||
echo "show stat" | nc -U /run/haproxy/admin.sock | grep -E "flaskpaste.*(UP|DOWN)"
|
echo "show stat" | nc -U /run/haproxy/admin.sock | grep -E "flaskpaste.*(UP|DOWN)"
|
||||||
|
|||||||
Reference in New Issue
Block a user