87 lines
3.1 KiB
Markdown
87 lines
3.1 KiB
Markdown
# 🚀 DevOps Infrastructure Deployment Status
|
|
|
|
## ✅ Deployed Services (Phase 1)
|
|
|
|
| Service | Container ID | IP | Ports | Status | URL | Notes |
|
|
|---------|-------------|-----|-------|--------|-----|-------|
|
|
| **Traefik** | Auto | 10.10.30.18 | 8080 | ✅ Running | http://10.10.30.18:8080 | Gateway/Reverse Proxy |
|
|
| **Gitea** | 101 | 10.10.30.120 | 3000 | ✅ Running | http://10.10.30.120:3000 | Git + CI/CD + Packages (SQLite) |
|
|
| **Docker Registry** | b1e155e920e6 | 10.10.30.121 | 5000 | ✅ Running | http://10.10.30.121:5000 | Private Docker images |
|
|
| **Registry UI** | Auto | 10.10.30.121 | 8080 | ✅ Running | http://10.10.30.121:8080 | Registry web interface |
|
|
| **Portainer** | 065fd8cfa26b | 10.10.30.121 | 9000 | ✅ Running | http://10.10.30.121:9000 | Docker management |
|
|
| **Portainer Agent** | 3a2831b9a481 | 10.10.30.121 | 9001 | ✅ Running | - | Docker agent |
|
|
| **Vault** | Auto | 10.10.30.121 | 8200 | ✅ Running | http://10.10.30.121:8200 | Secrets management (token: myroot) |
|
|
|
|
## 🔧 Working Docker Commands
|
|
|
|
### Registry with CORS fix:
|
|
```bash
|
|
docker run -d \
|
|
--name registry \
|
|
--restart=always \
|
|
-p 5000:5000 \
|
|
-v /opt/registry-data:/var/lib/registry \
|
|
-e REGISTRY_HTTP_HEADERS_ACCESS-CONTROL-ALLOW-ORIGIN='[http://10.10.30.121:8080]' \
|
|
-e REGISTRY_HTTP_HEADERS_ACCESS-CONTROL-ALLOW-METHODS='[HEAD,GET,OPTIONS,DELETE]' \
|
|
-e REGISTRY_HTTP_HEADERS_ACCESS-CONTROL-ALLOW-CREDENTIALS='[true]' \
|
|
-e REGISTRY_HTTP_HEADERS_ACCESS-CONTROL-ALLOW-HEADERS='[Authorization,Accept,Cache-Control]' \
|
|
registry:2.8
|
|
```
|
|
|
|
### Registry UI:
|
|
```bash
|
|
docker run -d \
|
|
--name registry-ui \
|
|
--restart=always \
|
|
-p 8080:80 \
|
|
-e REGISTRY_TITLE="DevOps Docker Registry" \
|
|
-e REGISTRY_URL="http://10.10.30.121:5000" \
|
|
-e REGISTRY_SINGLE="true" \
|
|
joxit/docker-registry-ui:latest
|
|
```
|
|
|
|
### Vault (dev mode):
|
|
```bash
|
|
docker run -d \
|
|
--name vault \
|
|
--restart=always \
|
|
-p 8200:8200 \
|
|
-e VAULT_DEV=1 \
|
|
-e VAULT_DEV_ROOT_TOKEN_ID=myroot \
|
|
hashicorp/vault:latest \
|
|
vault server -dev -dev-listen-address="0.0.0.0:8200"
|
|
```
|
|
|
|
## ⏳ Next Phase Services (To Deploy)
|
|
|
|
| Service | Planned IP | Ports | Purpose |
|
|
|---------|-----------|-------|---------|
|
|
| **Nexus** | 10.10.30.40 | 8081 | Artifacts, PyPI/npm proxy |
|
|
| **Prometheus** | 10.10.30.70 | 9090 | Metrics collection |
|
|
| **Grafana** | 10.10.30.80 | 3000 | Monitoring dashboards |
|
|
|
|
## 🎯 Target Project: MikroTik Telegram Bot
|
|
|
|
**Source:** `mikrotik_home/telegram_bot/`
|
|
**Goal:** Full CI/CD pipeline for auto-deployment
|
|
|
|
## 📊 Infrastructure Resources
|
|
|
|
**Proxmox Host:**
|
|
- RAM: 62GB (plenty available)
|
|
- CPU: 16 cores
|
|
- Network: 10.10.30.0/24 (ProxmoxLAN)
|
|
- Gateway: 10.10.30.1
|
|
|
|
**Current Usage:** ~7GB RAM, ~12 CPU cores
|
|
|
|
## 🔑 Key Learnings
|
|
|
|
1. **SQLite better than MySQL** for Gitea in LXC
|
|
2. **CORS headers required** for Registry UI
|
|
3. **Community-scripts work well** for base deployments
|
|
4. **Portainer Agent vs Server** distinction important
|
|
5. **Registry UI better than Portainer registries** (free)
|
|
6. **SonarQube requires PostgreSQL** - complex for MVP
|
|
7. **Vault dev mode perfect** for testing
|
|
8. **Gitea packages eliminate need** for separate Nexus |