fix(k8s): persist Caddy TLS certificates with PVC #981
Open
AFDudley
wants to merge 3 commits from
caddy-pvc-persistence into main
pull from: caddy-pvc-persistence
merge into: cerc-io:main
cerc-io:main
cerc-io:multi-port-service
cerc-io:helm-charts-with-caddy
cerc-io:afd-caddy-ingress
cerc-io:afd
cerc-io:feat/trashscan-explorer-stack
cerc-io:helm-charts-support
cerc-io:vaasl-deploy
cerc-io:roysc/deploy-create-extra-args
cerc-io:zach/atom-payments
cerc-io:zramsay-patch-1
cerc-io:roysc/deploy-create-pass-cluster
cerc-io:zach/update-url
cerc-io:telackey/defaultplatform
cerc-io:telackey/924
cerc-io:telackey/laconicdv1
cerc-io:zach/pin-cli-version
cerc-io:telackey/wagit
cerc-io:add-vega-stack
cerc-io:blast-stack
cerc-io:lotus-stack
cerc-io:roysc/fix-eth-stacks
cerc-io:telackey/na
cerc-io:telackey/fqdn
cerc-io:zach/snowdocs
cerc-io:zach/fixturenet-2d
cerc-io:telackey/wild
cerc-io:dboreham/mobymask-v3-demo-test
cerc-io:zach/fix-for-mars
cerc-io:ci-test
cerc-io:optimism-fix
cerc-io:telackey/envsubst
cerc-io:dboreham/laconicd-k8s
cerc-io:zach/birbit
cerc-io:osmosis
cerc-io:iskay/update-optimism
cerc-io:iskay/plugeth-test-update
cerc-io:iskay/fixturenet-payments-test
cerc-io:iskay/fixturenet-laconicd-test
cerc-io:iskay/fixturenet-eth-test
cerc-io:new-gitea-test
cerc-io:erc20-fix
cerc-io:update-uniswap
cerc-io:tel/1.20
cerc-io:telackey/systest
cerc-io:ng-deny-multiaddr
cerc-io:publish-test
cerc-io:telackey/datanet
3 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
A. F. Dudley
|
1b9204da98 |
Add etcd + PKI extraMounts for offline data recovery
Some checks failed
Lint Checks / Run linter (push) Successful in 4m35s
Lint Checks / Run linter (pull_request) Successful in 7m46s
Deploy Test / Run deploy test suite (pull_request) Successful in 13m51s
K8s Deploy Test / Run deploy test suite on kind/k8s (pull_request) Failing after 18m29s
K8s Deployment Control Test / Run deployment control suite on kind/k8s (pull_request) Successful in 21m22s
Webapp Test / Run webapp test suite (pull_request) Successful in 24m48s
Smoke Test / Run basic test suite (pull_request) Successful in 25m23s
Mount /var/lib/etcd and /etc/kubernetes/pki to host filesystem
so cluster state is preserved for offline recovery. Each deployment
gets its own backup directory keyed by deployment ID.
Directory structure:
data/cluster-backups/{deployment_id}/etcd/
data/cluster-backups/{deployment_id}/pki/
This enables extracting secrets from etcd backups using etcdctl
with the preserved PKI certificates.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
||
|
A. F. Dudley
|
aa88adabc1 |
feat(k8s): support acme-email config for Caddy ingress
Adds support for configuring ACME email for Let's Encrypt certificates in kind deployments. The email can be specified in the spec under network.acme-email and will be used to configure the Caddy ingress controller ConfigMap. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |
||
|
A. F. Dudley
|
bb44145510 |
fix(deploy): merge volumes from stack init() instead of overwriting
Previously, volumes defined in a stack's commands.py init() function were being overwritten by volumes discovered from compose files. This prevented stacks from adding infrastructure volumes like caddy-data that aren't defined in the compose files. Now volumes are merged, with init() volumes taking precedence over compose-discovered defaults. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> |