# ExpertFab – K3s Cluster **Schaubild:** [../diagrams/k8s_cluster.png](../diagrams/k8s_cluster.png) --- ## Cluster-Übersicht | Eigenschaft | Wert | |-------------------|----------------------------------| | Distribution | K3s v1.34.6+k3s1 | | Container Runtime | containerd 2.2.2 | | OS | Ubuntu 24.04.4 LTS | | Kernel | 6.8.0-107-generic | | Ingress | Traefik (websecure / TLS) | | TLS | cert-manager + Let's Encrypt | | Storage | Longhorn (verteiltes Block-Storage)| | CNI | Flannel | | LB | MetalLB → 10.42.71.60 | --- ## Nodes | Name | IP | Proxmox-VM | Proxmox-Host | Rolle | |---------------|--------------|---------------|---------------|---------------| | efsckubadm | 10.42.71.50 | efsckubctl | efproxcl02n01 | control-plane | | efsckubnode1 | 10.42.71.51 | efsckubnode1 | efproxcl02n02 | worker | | efsckubnode2 | 10.42.71.52 | efsckubnode02 | efproxcl02n01 | worker | --- ## Namespaces | Namespace | Inhalt | |------------------|-----------------------------------------| | `erpnext` | ERPNext + MariaDB + DragonflyDB | | `paperless` | Paperless-NGX + PostgreSQL | | `zitadel` | Zitadel SSO + PostgreSQL | | `rabbitmq` | RabbitMQ + FastAPI | | `coworkbase` | Coworkbase | | `qubicticker` | Qubic Ticker | | `longhorn-system`| Longhorn Storage | | `cert-manager` | cert-manager (Let's Encrypt) | | `metallb-system` | MetalLB LoadBalancer | | `kube-system` | Traefik, CoreDNS, etc. | --- ## Ingresses (Traefik) | Host | Namespace | TLS | |-----------------------------|--------------|-----| | expertfab.de | erpnext | ✓ | | www.expertfab.de | erpnext | ✓ | | docs.expertfab.de | paperless | ✓ | | auth.expertfab.de | zitadel | ✓ | | api.expertfab.de | rabbitmq | ✓ | | coworkbase.de | coworkbase | ✓ | | www.coworkbase.de | coworkbase | ✓ | | qubicticker.qchief.io | qubicticker | ✓ | **ClusterIssuer:** `letsencrypt` **TLS Secret (ERPNext):** `expertfab-tls` --- ## ERPNext Deployment | Komponente | Typ | Details | |--------------------|------------|--------------------------------------------| | Nginx | Deployment | Frontend, `frappeSiteNameHeader=expertfab.de` | | Gunicorn | Deployment | Web Workers | | Worker default | Deployment | Background Jobs | | Worker short | Deployment | Kurze Jobs | | Worker long | Deployment | Lange Jobs | | MariaDB | StatefulSet| v10.6, PVC: 3Gi RWO | | DragonflyDB cache | Deployment | Redis-kompatibel | | DragonflyDB queue | Deployment | Redis-kompatibel, PVC: 2Gi RWO (Anmerkung¹)| > ¹ Helm-Values definieren 2Gi für Queue, tatsächliche PVC zeigt 3Gi Sites-Volume als RWX **Helm Chart:** frappe/erpnext 8.0.14 **Custom Image:** git.expertfab.de/expertfab/customdocker:1.0.2 **Apps:** erpnext, hrms, payments, webshop, ecommerce_integrations, efrevolutgateway --- ## DNS-Besonderheit (Hairpin-NAT) OPNsense löst nur `www.expertfab.de` → `10.42.71.60` (intern) auf. `expertfab.de` (ohne www) → öffentliche IP → von innen nicht erreichbar. **Fix:** Frappe `host_name` = `https://www.expertfab.de` **Pfad:** `/home/frappe/frappe-bench/sites/expertfab.de/site_config.json` **Betrifft:** wkhtmltopdf PDF-Generierung (hängt sonst 120s → 504)