sascha.dodenhoeft/expertfab-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: Infrastructure documentation

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Sascha Dodenhöft
2026-05-03 13:46:47 +02:00
commit bbe86c55d9
9 changed files with 568 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
docs/k3s.md Normal file
View File

@@ -0,0 +1,96 @@
# ExpertFab K3s Cluster
**Schaubild:** [../diagrams/k8s_cluster.png](../diagrams/k8s_cluster.png)
---
## Cluster-Übersicht
| Eigenschaft | Wert |
|-------------------|----------------------------------|
| Distribution | K3s v1.34.6+k3s1 |
| Container Runtime | containerd 2.2.2 |
| OS | Ubuntu 24.04.4 LTS |
| Kernel | 6.8.0-107-generic |
| Ingress | Traefik (websecure / TLS) |
| TLS | cert-manager + Let's Encrypt |
| Storage | Longhorn (verteiltes Block-Storage)|
| CNI | Flannel |
| LB | MetalLB → 10.42.71.60 |
---
## Nodes
| Name | IP | Proxmox-VM | Proxmox-Host | Rolle |
|---------------|--------------|---------------|---------------|---------------|
| efsckubadm | 10.42.71.50 | efsckubctl | efproxcl02n01 | control-plane |
| efsckubnode1 | 10.42.71.51 | efsckubnode1 | efproxcl02n02 | worker |
| efsckubnode2 | 10.42.71.52 | efsckubnode02 | efproxcl02n01 | worker |
---
## Namespaces
| Namespace | Inhalt |
|------------------|-----------------------------------------|
| `erpnext` | ERPNext + MariaDB + DragonflyDB |
| `paperless` | Paperless-NGX + PostgreSQL |
| `zitadel` | Zitadel SSO + PostgreSQL |
| `rabbitmq` | RabbitMQ + FastAPI |
| `coworkbase` | Coworkbase |
| `qubicticker` | Qubic Ticker |
| `longhorn-system`| Longhorn Storage |
| `cert-manager` | cert-manager (Let's Encrypt) |
| `metallb-system` | MetalLB LoadBalancer |
| `kube-system` | Traefik, CoreDNS, etc. |
---
## Ingresses (Traefik)
| Host | Namespace | TLS |
|-----------------------------|--------------|-----|
| expertfab.de | erpnext | ✓ |
| www.expertfab.de | erpnext | ✓ |
| docs.expertfab.de | paperless | ✓ |
| auth.expertfab.de | zitadel | ✓ |
| api.expertfab.de | rabbitmq | ✓ |
| coworkbase.de | coworkbase | ✓ |
| www.coworkbase.de | coworkbase | ✓ |
| qubicticker.qchief.io | qubicticker | ✓ |
**ClusterIssuer:** `letsencrypt`
**TLS Secret (ERPNext):** `expertfab-tls`
---
## ERPNext Deployment
| Komponente | Typ | Details |
|--------------------|------------|--------------------------------------------|
| Nginx | Deployment | Frontend, `frappeSiteNameHeader=expertfab.de` |
| Gunicorn | Deployment | Web Workers |
| Worker default | Deployment | Background Jobs |
| Worker short | Deployment | Kurze Jobs |
| Worker long | Deployment | Lange Jobs |
| MariaDB | StatefulSet| v10.6, PVC: 3Gi RWO |
| DragonflyDB cache | Deployment | Redis-kompatibel |
| DragonflyDB queue | Deployment | Redis-kompatibel, PVC: 2Gi RWO (Anmerkung¹)|
> ¹ Helm-Values definieren 2Gi für Queue, tatsächliche PVC zeigt 3Gi Sites-Volume als RWX
**Helm Chart:** frappe/erpnext 8.0.14
**Custom Image:** git.expertfab.de/expertfab/customdocker:1.0.2
**Apps:** erpnext, hrms, payments, webshop, ecommerce_integrations, efrevolutgateway
---
## DNS-Besonderheit (Hairpin-NAT)
OPNsense löst nur `www.expertfab.de``10.42.71.60` (intern) auf.
`expertfab.de` (ohne www) → öffentliche IP → von innen nicht erreichbar.
**Fix:** Frappe `host_name` = `https://www.expertfab.de`
**Pfad:** `/home/frappe/frappe-bench/sites/expertfab.de/site_config.json`
**Betrifft:** wkhtmltopdf PDF-Generierung (hängt sonst 120s → 504)