docs: write about ESO, MinIO and JupyterHub
This commit is contained in:
Masaki Yatsu
@@ -236,9 +236,11 @@ sudo apt-get install nfs-common
|
|||||||
just longhorn::install
|
just longhorn::install
|
||||||
```
|
```
|
||||||
|
|
||||||
### HashiCorp Vault - Secrets Management
|
### HashiCorp Vault - Secrets Management (Optional but Recommended)
|
||||||
|
|
||||||
Vault provides centralized secrets management for the entire cluster.
|
Vault provides centralized secrets management for the entire cluster. While optional, its installation is recommended as it enhances security and simplifies credential management.
|
||||||
|
|
||||||
|
When you install Vault, the External Secrets Operator is also deployed. This operator synchronizes secrets from Vault to Kubernetes Secrets, allowing your applications to seamlessly access credentials and sensitive data stored in Vault through standard Kubernetes Secret resources.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
just vault::install
|
just vault::install
|
||||||
|
|||||||
31
README.md
31
README.md
@@ -9,8 +9,10 @@ A Kubernetes development stack for self-hosted environments, designed to run on
|
|||||||
- **Kubernetes Distribution**: k3s lightweight Kubernetes
|
- **Kubernetes Distribution**: k3s lightweight Kubernetes
|
||||||
- **Storage**: Longhorn distributed block storage
|
- **Storage**: Longhorn distributed block storage
|
||||||
- **Identity & Access**: Keycloak for OIDC authentication
|
- **Identity & Access**: Keycloak for OIDC authentication
|
||||||
- **Secrets Management**: HashiCorp Vault
|
- **Secrets Management**: HashiCorp Vault with External Secrets Operator
|
||||||
- **Database**: PostgreSQL cluster
|
- **Database**: PostgreSQL cluster
|
||||||
|
- **Object Storage**: MinIO S3-compatible storage
|
||||||
|
- **Data Science**: JupyterHub for collaborative notebooks
|
||||||
- **Remote Access**: Cloudflare Tunnel for secure internet connectivity
|
- **Remote Access**: Cloudflare Tunnel for secure internet connectivity
|
||||||
- **Automation**: Just task runner with templated configurations
|
- **Automation**: Just task runner with templated configurations
|
||||||
|
|
||||||
@@ -68,6 +70,7 @@ Centralized secrets management offering:
|
|||||||
- Secure secret storage
|
- Secure secret storage
|
||||||
- Dynamic secrets generation
|
- Dynamic secrets generation
|
||||||
- Encryption as a service
|
- Encryption as a service
|
||||||
|
- Integration with External Secrets Operator for automatic Kubernetes Secret synchronization
|
||||||
|
|
||||||
### Keycloak
|
### Keycloak
|
||||||
|
|
||||||
@@ -84,6 +87,32 @@ Production-ready relational database for:
|
|||||||
- Keycloak data storage
|
- Keycloak data storage
|
||||||
- Application databases
|
- Application databases
|
||||||
|
|
||||||
|
### External Secrets Operator
|
||||||
|
|
||||||
|
Kubernetes operator for syncing secrets from external systems:
|
||||||
|
|
||||||
|
- Automatically syncs secrets from Vault to Kubernetes Secrets
|
||||||
|
- Supports multiple secret backends
|
||||||
|
- Provides secure secret rotation and lifecycle management
|
||||||
|
|
||||||
|
### MinIO
|
||||||
|
|
||||||
|
S3-compatible object storage system providing:
|
||||||
|
|
||||||
|
- High-performance distributed object storage
|
||||||
|
- AWS S3 API compatibility
|
||||||
|
- Erasure coding for data protection
|
||||||
|
- Multi-tenancy support
|
||||||
|
|
||||||
|
### JupyterHub
|
||||||
|
|
||||||
|
Multi-user platform for interactive computing:
|
||||||
|
|
||||||
|
- Collaborative Jupyter notebook environment
|
||||||
|
- Integrated with Keycloak for OIDC authentication
|
||||||
|
- Persistent storage for user workspaces
|
||||||
|
- Support for multiple kernels and environments
|
||||||
|
|
||||||
## Common Operations
|
## Common Operations
|
||||||
|
|
||||||
### User Management
|
### User Management
|
||||||
|
|||||||
Reference in New Issue
Block a user