What's new
Well... i kinda change everything... again.
LAYERING OVER HEAVEN
In a attempt to fix some of the problem i had with my previous setup, i decided to change everything. I'm still using the same tools, but i'm using them differently.
What was the kind of problem if encoutered:
- During some deployment, some helm chart were locking all the deployment process due to a missing secret or other stuff. This was due to the fact that my depency were not well defined and that i was deploying a lot of stuff at the same time.
- One of the probleme was that Zitadel was needed by a lot of other stuff like Harbor, Sonarqube... well all the app that use the SSO. So if Zitadel was not ready, the deployment of all the other app was failing and then kind of interupted the deployment process.
- well... let's talk about tekton, the version used was not the latest and during the upgrade everything broke down due to incompatible change. So i decided to upgrade everything to the latest version. During the upgrade the webhook of tekton refused to stop and overloard the cluster. So i had to force delete the webhook and broke the cluster.
GitOps
The choice has been made to keep it but to change the deployment order/dependency and process. A layering process has been put in place. The idea is to have a layering of the deployment. Each layer is a set of application that are deployed together. The layer are deployed in order of requirement. The layer are:
CNI
What is a CNI ? Well it's a Container Network Interface and it's used to create network for container. I'm using Cilium as my CNI. It's a really good CNI and it's working really well. I'm using it in BGP mode, so i can have a really good network and i can use it to connect my cluster to my home network if needed. The setup is actually really easy but not complete at the moment. What i'm missing:
- Setup the Service Mesh
- Setup the Monitoring
- Setup the Gateway Api - Doc
CSI
What is a CSI ? Well it's a Container Storage Interface and it's used to create storage for container. I'm using Longhorn as my CSI. It's a really good CSI and it's working really well. I'm also using it to backup my data.
Gateway Api
During my search for more observability and security, i found the Gateway Api relatable has a Ingress Killer. Why does the Ingress should be replaced by the GateWay Api? The Gateway Api is more compatible with the CNI and Service Mesh. It's also more secure and flexible by being more configurable. If you want to know more click on the link above.
Upgrade
In order to facilitate my upgrade process, i setup Renovate to handle the upgrade of my dependencies. It's really easy to use and it's working really well. I just need to execute the renovate job daily and it create PR when needed and merge it when i think it's ok.
Well we need everything to be up to date, so i upgraded everything to the latest version available like
- No Upgrade this time
While working on the upgrade part, i ended up thinking that setting up Changelog would be a good thing. So i'm thinking of including cog.
Next to do
- Setup the Service Mesh #71
- Setup the Monitoring/Overservability of Cilium #71
- Migrate to the Gateway Api #70
- Slowly secure the Harbor Cache #55
- Include KEDA and the PodAutoScaller #17
- Préparer l'ajout de nouveaux uttilisateurs #72
- Travailler sur un un équivalent a Tibco BW en passant possiblement par Knative #69
While i was upgrading everything it become obvious that i need to upgrade my use of Github. Then i moved from the old Github Dashboard to the new one. Event if i wasn't writing the doc, i was still working on the project and updating the dashboard and issues.
