feat(docs-prod): Deploy personal and family relay servers#927
Merged
feat(docs-prod): Deploy personal and family relay servers#927
Conversation
Run report for 4250475d
|
| Action | Time | Status | Info | |
|---|---|---|---|---|
| 🟩 | SyncWorkspace |
14.6ms | Passed | |
| 🟩 | SyncProject(vendir) |
0.5ms | Passed | |
| 🟩 | SyncProject(devenv) |
0.4ms | Passed | |
| 🟦 | RunTask(vendir:build) |
1m 28s | Cached | |
| 🟦 | RunTask(devenv:test) |
1s | Cached |
Environment
OS: macOS
Matrix:
os = macos-latest
name = macOS
index = 0
total = 1
job_number = 1
Variables:
MOON_TOOLCHAIN_FORCE_GLOBALS = true
Touched files
.taskmaster/docs/prd-deploy-relay-server.md
.taskmaster/state.json
apps/docs-infra-prod/gitrepository-setup.yaml
apps/docs-infra-prod/ingress-relay-family.yaml
apps/docs-infra-prod/ingress-relay-personal.yaml
apps/docs-infra-prod/kustomization-root.yaml
apps/docs-infra-prod/kustomization.yaml
apps/docs-infra-prod/moon.yml
apps/docs-prod/gitrepository-setup.yaml
apps/docs-prod/helmrelease-1password-operator.yaml
apps/docs-prod/helmrelease-1password-secrets.yaml
apps/docs-prod/helmrelease-relay-family.yaml
apps/docs-prod/helmrelease-relay-personal.yaml
apps/docs-prod/kubeconfig.yaml.op.tpl
apps/docs-prod/kustomization-root.yaml
apps/docs-prod/kustomization.yaml
apps/docs-prod/moon.yml
apps/docs-prod/namespace-1password.yaml
apps/docs-prod/namespace-flux-system.yaml
apps/docs-prod/namespace-relay.yaml
apps/enigma-cluster/gitrepository-setup.yaml
libs/devenv/files/dot_ssh/.keep
libs/devenv/files/dot_ssh/private_1Password/private_SHA256_7ZkdaIGQOhCsuUApLJp44KjZfVAQqFj8Vsbon0qyDhg.pub
libs/devenv/files/dot_ssh/private_1Password/private_SHA256_ym5L1HXa9N+cyGJ0EBQ36uVNEJWMdyZPu1YOW_lJKg4.pub
libs/devenv/files/dot_ssh/private_1Password/private_config
libs/devenv/files/dot_ssh/private_setup_config
libs/internal-networking/templates/clusterpolicy-tailscale-ingress.yaml
third_party/vendir/charts/relay-server/Chart.yaml
third_party/vendir/charts/relay-server/README.md
third_party/vendir/charts/relay-server/templates/_helpers.tpl
third_party/vendir/charts/relay-server/templates/deployment.yaml
third_party/vendir/charts/relay-server/templates/ingress.yaml
third_party/vendir/charts/relay-server/templates/secrets--azure.yaml
third_party/vendir/charts/relay-server/templates/secrets--onepassword.yaml
third_party/vendir/charts/relay-server/templates/service.yaml
third_party/vendir/charts/relay-server/values.yaml
third_party/vendir/vendir.lock.yml
third_party/vendir/vendir.yml
Run report for 4250475d
|
| Action | Time | Status | Info | |
|---|---|---|---|---|
| 🟩 | SyncWorkspace |
7.9ms | Passed | |
| 🟩 | SyncProject(vendir) |
0.3ms | Passed | |
| 🟩 | SyncProject(escaperoom) |
0.4ms | Passed | |
| 🟦 | RunTask(escaperoom:test) |
1.6s | Cached | |
| 🟩 | SyncProject(devenv) |
0.3ms | Passed | |
| 🟩 | SyncProject(talos-image) |
0.3ms | Passed | |
| 🟩 | RunTask(docker:buildx_run) |
1.7s | Passed | |
| 🟩 | SyncProject(devcontainer) |
0.3ms | Passed | |
| 🟦 | RunTask(talos-image:generate-sha) |
578.7ms | Cached | |
| 🟩 | RunTask(docker:registry_run) |
3.4s | Passed | |
| 🟦 | RunTask(devcontainer:envbuilder-test) |
417.3ms | Cached | |
| 🟦 | RunTask(devcontainers-cli:build) |
4s | Cached | |
| 🟦 | RunTask(vendir:build) |
1m 45s | Cached | |
| 🟦 | RunTask(vendir:test) |
333.7ms | Cached | |
| 🟦 | RunTask(devenv:test) |
895.6ms | Cached | |
| 🟦 | RunTask(devcontainer:build) |
966.2ms | Cached | |
| 🟦 | RunTask(talos-image:generate-profile) |
1s | Cached |
Environment
OS: Linux
Matrix:
os = ubuntu-latest
name = Linux
index = 1
total = 2
job_number = 2
Variables:
MOON_TOOLCHAIN_FORCE_GLOBALS = true
Touched files
.taskmaster/docs/prd-deploy-relay-server.md
.taskmaster/state.json
apps/docs-infra-prod/gitrepository-setup.yaml
apps/docs-infra-prod/ingress-relay-family.yaml
apps/docs-infra-prod/ingress-relay-personal.yaml
apps/docs-infra-prod/kustomization-root.yaml
apps/docs-infra-prod/kustomization.yaml
apps/docs-infra-prod/moon.yml
apps/docs-prod/gitrepository-setup.yaml
apps/docs-prod/helmrelease-1password-operator.yaml
apps/docs-prod/helmrelease-1password-secrets.yaml
apps/docs-prod/helmrelease-relay-family.yaml
apps/docs-prod/helmrelease-relay-personal.yaml
apps/docs-prod/kubeconfig.yaml.op.tpl
apps/docs-prod/kustomization-root.yaml
apps/docs-prod/kustomization.yaml
apps/docs-prod/moon.yml
apps/docs-prod/namespace-1password.yaml
apps/docs-prod/namespace-flux-system.yaml
apps/docs-prod/namespace-relay.yaml
apps/enigma-cluster/gitrepository-setup.yaml
libs/devenv/files/dot_ssh/.keep
libs/devenv/files/dot_ssh/private_1Password/private_SHA256_7ZkdaIGQOhCsuUApLJp44KjZfVAQqFj8Vsbon0qyDhg.pub
libs/devenv/files/dot_ssh/private_1Password/private_SHA256_ym5L1HXa9N+cyGJ0EBQ36uVNEJWMdyZPu1YOW_lJKg4.pub
libs/devenv/files/dot_ssh/private_1Password/private_config
libs/devenv/files/dot_ssh/private_setup_config
libs/internal-networking/templates/clusterpolicy-tailscale-ingress.yaml
third_party/vendir/charts/relay-server/Chart.yaml
third_party/vendir/charts/relay-server/README.md
third_party/vendir/charts/relay-server/templates/_helpers.tpl
third_party/vendir/charts/relay-server/templates/deployment.yaml
third_party/vendir/charts/relay-server/templates/ingress.yaml
third_party/vendir/charts/relay-server/templates/secrets--azure.yaml
third_party/vendir/charts/relay-server/templates/secrets--onepassword.yaml
third_party/vendir/charts/relay-server/templates/service.yaml
third_party/vendir/charts/relay-server/values.yaml
third_party/vendir/vendir.lock.yml
third_party/vendir/vendir.yml
Run report for 4250475d
|
| Action | Time | Status | Info | |
|---|---|---|---|---|
| 🟩 | SyncWorkspace |
7.8ms | Passed | |
| 🟩 | SyncProject(vendir) |
0.3ms | Passed | |
| 🟩 | RunTask(docker:buildx_run) |
1.8s | Passed | |
| 🟩 | SyncProject(devenv) |
0.3ms | Passed | |
| 🟩 | SyncProject(talos-image) |
0.3ms | Passed | |
| 🟩 | SyncProject(devcontainer) |
0.2ms | Passed | |
| 🟦 | RunTask(talos-image:generate-sha) |
513.6ms | Cached | |
| 🟦 | RunTask(devcontainers-cli:build) |
3.5s | Cached | |
| 🟩 | RunTask(docker:registry_run) |
3.7s | Passed | |
| 🟦 | RunTask(devcontainer:envbuilder-test) |
309.4ms | Cached | |
| 🟦 | RunTask(vendir:build) |
1m 4s | Cached | |
| 🟦 | RunTask(vendir:test) |
332.6ms | Cached | |
| 🟦 | RunTask(devenv:test) |
897.2ms | Cached | |
| 🟦 | RunTask(devcontainer:build) |
967.9ms | Cached | |
| 🟦 | RunTask(talos-image:generate-profile) |
1s | Cached | |
| 🟦 | RunTask(devcontainer:test) |
420.6ms | Cached |
Environment
OS: Linux
Matrix:
os = ubuntu-latest
name = Linux
index = 0
total = 2
job_number = 1
Variables:
MOON_TOOLCHAIN_FORCE_GLOBALS = true
Touched files
.taskmaster/docs/prd-deploy-relay-server.md
.taskmaster/state.json
apps/docs-infra-prod/gitrepository-setup.yaml
apps/docs-infra-prod/ingress-relay-family.yaml
apps/docs-infra-prod/ingress-relay-personal.yaml
apps/docs-infra-prod/kustomization-root.yaml
apps/docs-infra-prod/kustomization.yaml
apps/docs-infra-prod/moon.yml
apps/docs-prod/gitrepository-setup.yaml
apps/docs-prod/helmrelease-1password-operator.yaml
apps/docs-prod/helmrelease-1password-secrets.yaml
apps/docs-prod/helmrelease-relay-family.yaml
apps/docs-prod/helmrelease-relay-personal.yaml
apps/docs-prod/kubeconfig.yaml.op.tpl
apps/docs-prod/kustomization-root.yaml
apps/docs-prod/kustomization.yaml
apps/docs-prod/moon.yml
apps/docs-prod/namespace-1password.yaml
apps/docs-prod/namespace-flux-system.yaml
apps/docs-prod/namespace-relay.yaml
apps/enigma-cluster/gitrepository-setup.yaml
libs/devenv/files/dot_ssh/.keep
libs/devenv/files/dot_ssh/private_1Password/private_SHA256_7ZkdaIGQOhCsuUApLJp44KjZfVAQqFj8Vsbon0qyDhg.pub
libs/devenv/files/dot_ssh/private_1Password/private_SHA256_ym5L1HXa9N+cyGJ0EBQ36uVNEJWMdyZPu1YOW_lJKg4.pub
libs/devenv/files/dot_ssh/private_1Password/private_config
libs/devenv/files/dot_ssh/private_setup_config
libs/internal-networking/templates/clusterpolicy-tailscale-ingress.yaml
third_party/vendir/charts/relay-server/Chart.yaml
third_party/vendir/charts/relay-server/README.md
third_party/vendir/charts/relay-server/templates/_helpers.tpl
third_party/vendir/charts/relay-server/templates/deployment.yaml
third_party/vendir/charts/relay-server/templates/ingress.yaml
third_party/vendir/charts/relay-server/templates/secrets--azure.yaml
third_party/vendir/charts/relay-server/templates/secrets--onepassword.yaml
third_party/vendir/charts/relay-server/templates/service.yaml
third_party/vendir/charts/relay-server/values.yaml
third_party/vendir/vendir.lock.yml
third_party/vendir/vendir.yml
- Update FluxCD resources to use cozy-fluxcd namespace instead of flux-system (cozy-stack uses cozy-fluxcd for FluxCD components) - Point GitRepository to mg/feat/deploy-relay-server branch for testing - Reduce resource requests to fit single-node cluster: - 1password-connect: 50m CPU each container - relay: 100m CPU - Remove namespace-flux-system.yaml since cozy-fluxcd already exists - Remove namespace-1password.yaml (created by HelmRelease install.createNamespace) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Use 1Password secret key names: accessKey, secretKey (not AWS_*) - Configure S3 endpoint: https://s3.enigma.vgijssel.nl - Set bucket name from cozystack: bucket-7f79c3ba-4dd7-42f1-9844-1e17302da678 - Enable path-style S3 access for cozystack compatibility Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The service is named relay-relay-relay-server (release-chart-name-component) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Service a859be7d9613a4208832d8d7c03e0293 is the KubeVirt CCM mirrored service for the relay LoadBalancer in cluster-docs-infra-prod. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The relay-server chart has a bug where the service uses fullname for selector (relay-relay-relay-server) but the deployment uses Chart.Name for pod labels (relay-server). Add postRenderer patch to fix selector. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Replace single relay server with two independent instances: - personal.relay.enigma.vgijssel.nl for individual use - family.relay.enigma.vgijssel.nl for shared household access Changes: - Split helmrelease-relay.yaml into helmrelease-relay-personal.yaml and helmrelease-relay-family.yaml with distinct configurations - Update 1Password secrets to provision separate credentials for each relay - Create separate Ingress manifests for each relay domain - Update kustomization.yaml files to reference new resources Note: Ingress backend service names have placeholders that need to be updated after deployment when KubeVirt CCM creates mirrored services. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Both personal and family relay servers share the same S3 bucket, so they can use the same 1Password credentials item. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The Helm chart hardcodes deployment name as 'relay-server'. Use postRenderers to patch deployment names to 'relay-personal' and 'relay-family' so both can coexist in the same namespace. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Fix postRenderer patches to target correct service names (relay-relay-personal-relay-server, relay-relay-family-relay-server) - Update ingress backends with mirrored LoadBalancer service names Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add internal-networking=true label to relay ingresses so ExternalDNS will create DNS records in CloudFlare for personal.relay and family.relay subdomains. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
…ames Tailscale DNS labels cannot contain dots. Update the Kyverno policy to replace dots with dashes after removing the domain suffix. Example: personal.relay.enigma.vgijssel.nl -> personal-relay Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Temporarily point to mg/feat/deploy-relay-server branch to test internal-networking Kyverno policy updates. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
mvgijssel
force-pushed
the
mg/feat/deploy-relay-server
branch
from
f21f1be to
4250475
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.