shpaq/auricom-home-cluster
1
0
Fork 0
mirror of https://github.com/auricom/home-cluster.git synced 2025-09-17 18:24:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
2053124a42c36910b9c21a0ebea0a7e7ff7759c9
auricom-home-cluster/kubernetes/apps/default/outline
History
auricom 476223f52b refactor: observability/network ks
2025-04-18 20:50:37 +02:00
..
app
feat: webhook
2025-04-16 17:05:37 +02:00
ks.yaml
refactor: observability/network ks
2025-04-18 20:50:37 +02:00
readme.md

readme.md

Documentation

Outline

Redis Sentinel Configuration

  1. Create base64 encoded Redis configuation

     echo -n '{"db":15,"sentinels":[{"host":"redis-node-0.redis-headless.default.svc.cluster.local","port":26379},{"host":"redis-node-1.redis-headless.default.svc.cluster.local","port":26379},{"host":"redis-node-2.redis-headless.default.svc.cluster.local","port":26379}],"name":"redis-master"}' \
    | base64 -w 0

  2. Use this base64 encoded string in the Kubernetes secret

    REDIS_URL: ioredis://eyJkYiI6MTUsInNlbnRpbmVscyI6W3siaG9zdCI6InJlZGlzLW5vZGUtMC5yZWRpcy1oZWFkbGVzcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InJlZGlzLW5vZGUtMS5yZWRpcy1oZWFkbGVzcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwicG9ydCI6MjYzNzl9LHsiaG9zdCI6InJlZGlzLW5vZGUtMi5yZWRpcy1oZWFkbGVzcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwicG9ydCI6MjYzNzl9XSwibmFtZSI6InJlZGlzLW1hc3RlciJ9

S3 Configuration

  1. Create ~/.mc/config.json

    {
  "version": "10",
  "aliases": {
    "minio": {
      "url": "https://s3.<domain>",
      "accessKey": "<access-key>",
      "secretKey": "<secret-key>",
      "api": "S3v4",
      "path": "auto"
    }
  }
}

  2. Create the outline user and password

    mc admin user add minio outline <super-secret-password>

  3. Create the outline bucket

    mc mb minio/outline

  4. Create outline-user-policy.json

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:ListBucket",
        "s3:PutObject",
        "s3:GetObject",
        "s3:DeleteObject"
      ],
      "Effect": "Allow",
      "Resource": ["arn:aws:s3:::outline/*", "arn:aws:s3:::outline"],
      "Sid": ""
    }
  ]
}

  5. Create bucket-policy.json

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": ["*"]
      },
      "Action": ["s3:GetBucketLocation"],
      "Resource": ["arn:aws:s3:::outline"]
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": ["*"]
      },
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::outline"],
      "Condition": {
        "StringEquals": {
          "s3:prefix": ["avatars", "public"]
        }
      }
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": ["*"]
      },
      "Action": ["s3:GetObject"],
      "Resource": [
        "arn:aws:s3:::outline/avatars*",
        "arn:aws:s3:::outline/public*"
      ]
    }
  ]
}

  6. Apply the bucket policies

    mc admin policy add minio outline-private outline-user-policy.json

  7. Associate private policy with the user

    mc admin policy set minio outline-private user=outline

  8. Associate public policy with the bucket

    mc anonymous set-json bucket-policy.json minio/outline