how do you manage Data in case of cluster rebuild

khuedoan / homelab

Fully automated homelab from empty disk to running services with a single command.

https://homelab.khuedoan.com

GNU General Public License v3.0

8.06k stars 733 forks source link

how do you manage Data in case of cluster rebuild #46

Closed vincentDcmps closed 2 years ago

vincentDcmps commented 2 years ago

HI I'am new in kubernetes, I ask myself some question on restauration/secret management if you could help me

in case of rebuild cluster how to restore data on database or reuse persistant volume?
if I uninstall and install helm release this will generate new secret not according with database current password how do you manage this?
I can maybe create some custom secret resource to avoid this but what is best method to create this one?

khuedoan commented 2 years ago

Joke aside:

WIP https://github.com/khuedoan/homelab/issues/23 (this is in Beta milestone)
Does that matters if the password (for example ArgoCD admin password) changed? In the feature we would rely on SSO and rarely use the admin user.
WIP https://github.com/khuedoan/homelab/issues/21 (this is in Beta milestone)

khuedoan commented 2 years ago

Yes, auth.existingSecret should work (assuming you're using Bitnami's MySQL chart).

vincentDcmps commented 2 years ago

Yes I see that but I come back on the third question how to store secret outside of kubernetes 😂

khuedoan commented 2 years ago

That's in the third answer, still WIP lol

vincentDcmps commented 2 years ago

In your GitHub I don't see secret use, if I understand you use vault? But you never call any secret In your configuration

khuedoan commented 2 years ago

Yep there's nothing there yet, because it's still in the work :wink:

locmai commented 2 years ago

All of your concerns are fall into one of the following categories:

Cluster/database backup and restore
Secret management #21
Data handling with operations like re-install

As @khuedoan stated that there are some on-going efforts around those stuffs, we just don't have them fully functional at the current state of the project.

The project state that we have right now is: We have a minimal set of secrets that we need for the provisioning and we use them to spin up the whole cluster.

That's it.

For each of those items, we would need to: evaluate the solution, work on it, test it, document it. So I suggest if you need a feature, breaking them down into smaller issue on this GitHub repository, label them as feature request and we could take a look, discuss on the implementation details, keep track on the progress.

vincentDcmps commented 2 years ago

No problem, I'm just trying to understand how the project works. I just wanted to be sure I understood it correctly.

khuedoan commented 2 years ago

Closing as the question is answered.