K8s

TLS termination has been moved off the VPS edge. The VPS has been configured to simply proxy ports 80 and 443 to an nginx ingress on the cluster. Certmanager was configured to provision certificates for the domain from the cluster backend. This means that encrypted http traffic is forwarded across the wireguard tunnel, where it is terminated on ingress to the cluster. This opens up easy options to add “dumb” edge nodes that only need an A record, a wireguard link to the cluster, and suitable nginx stream proxy rules. ...

According to the hugo documentation, the Dockerfile was reworked, and the structure of the docker container now follows the pattern of a hugo builder image and an nginx image that actually runs the static site. FROM hugomods/hugo:exts as builder ARG HUGO_BASEURL ENV HUGO_BASEURL=${HUGO_BASEURL} ARG HUGO_ENV ENV HUGO_ENV=${HUGO_ENV} COPY . /src RUN hugo --minify FROM hugomods/hugo:nginx COPY --from=builder /src/public /site Build with: docker build -t <tag> --build-arg HUGO_BASEURL="https://wicknet.dev" This is cleaner than using hugo itself to serve the files as was done in the quick and dirty first draft. ...

After a few days away, the hugo service was exposed through metallb to the LAN, and reverse proxied via the wicknet.dev frontend server.

Today work began on wrangling the beginnings of a kubernetes deployment for this blog. A simple dockerfile to serve the site, based on the one provided by the hugo team, was deployed to the cluster. After some fiddling with authentication, secrets, and a local tls CA and certificates, the pods are running. They still need to be exposed through the load balancer – a job for tomorrow. Next, a wireguard link, and nginx configuration for proxying from the frontend VPS to the cluster will need to be created. ...

Today, content began to be organized for the blog. The domain, VPS, and ssh access are already setup for wicknet’s front end. Remaining: setup Ye Olde Wireguard Backhaul between home server and frontend. setup k3s deployment to host the blog on the cluster setup k3s deployment to host the email server for the domain on the cluster.