sascha.dodenhoeft/expertfab-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2f8fb1349c2c8938d3664068b0c0ab59f37dd164
expertfab-infra/docs/k3s.md
Sascha Dodenhöft bbe86c55d9 Initial commit: Infrastructure documentation 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-03 13:46:47 +02:00

4.0 KiB
Raw Blame History

ExpertFab K3s Cluster

Schaubild: ../diagrams/k8s_cluster.png

Cluster-Übersicht

Eigenschaft Wert
Distribution K3s v1.34.6+k3s1
Container Runtime containerd 2.2.2
OS Ubuntu 24.04.4 LTS
Kernel 6.8.0-107-generic
Ingress Traefik (websecure / TLS)
TLS cert-manager + Let's Encrypt
Storage Longhorn (verteiltes Block-Storage)
CNI Flannel
LB MetalLB → 10.42.71.60

Nodes

Name IP Proxmox-VM Proxmox-Host Rolle
efsckubadm 10.42.71.50 efsckubctl efproxcl02n01 control-plane
efsckubnode1 10.42.71.51 efsckubnode1 efproxcl02n02 worker
efsckubnode2 10.42.71.52 efsckubnode02 efproxcl02n01 worker

Namespaces

Namespace Inhalt
erpnext ERPNext + MariaDB + DragonflyDB
paperless Paperless-NGX + PostgreSQL
zitadel Zitadel SSO + PostgreSQL
rabbitmq RabbitMQ + FastAPI
coworkbase Coworkbase
qubicticker Qubic Ticker
longhorn-system Longhorn Storage
cert-manager cert-manager (Let's Encrypt)
metallb-system MetalLB LoadBalancer
kube-system Traefik, CoreDNS, etc.

Ingresses (Traefik)

Host Namespace TLS
expertfab.de erpnext
www.expertfab.de erpnext
docs.expertfab.de paperless
auth.expertfab.de zitadel
api.expertfab.de rabbitmq
coworkbase.de coworkbase
www.coworkbase.de coworkbase
qubicticker.qchief.io qubicticker

ClusterIssuer: letsencrypt
TLS Secret (ERPNext): expertfab-tls

ERPNext Deployment

Komponente Typ Details
Nginx Deployment Frontend, frappeSiteNameHeader=expertfab.de
Gunicorn Deployment Web Workers
Worker default Deployment Background Jobs
Worker short Deployment Kurze Jobs
Worker long Deployment Lange Jobs
MariaDB StatefulSet v10.6, PVC: 3Gi RWO
DragonflyDB cache Deployment Redis-kompatibel
DragonflyDB queue Deployment Redis-kompatibel, PVC: 2Gi RWO (Anmerkung¹)

¹ Helm-Values definieren 2Gi für Queue, tatsächliche PVC zeigt 3Gi Sites-Volume als RWX

Helm Chart: frappe/erpnext 8.0.14
Custom Image: git.expertfab.de/expertfab/customdocker:1.0.2
Apps: erpnext, hrms, payments, webshop, ecommerce_integrations, efrevolutgateway

DNS-Besonderheit (Hairpin-NAT)

OPNsense löst nur www.expertfab.de10.42.71.60 (intern) auf.
expertfab.de (ohne www) → öffentliche IP → von innen nicht erreichbar.

Fix: Frappe host_name = https://www.expertfab.de
Pfad: /home/frappe/frappe-bench/sites/expertfab.de/site_config.json
Betrifft: wkhtmltopdf PDF-Generierung (hängt sonst 120s → 504)

Reference in New Issue View Git Blame Copy Permalink