From 707c22eae73c4aaa6a065cac8d70aeeb2639b95b Mon Sep 17 00:00:00 2001 From: Jose Diaz-Gonzalez Date: Sat, 20 Jan 2024 05:49:29 -0500 Subject: [PATCH] chore: update docs concerning network requests --- docs/deployment/schedulers/k3s.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/docs/deployment/schedulers/k3s.md b/docs/deployment/schedulers/k3s.md index 8bafa8f99..0ee1d1fce 100644 --- a/docs/deployment/schedulers/k3s.md +++ b/docs/deployment/schedulers/k3s.md @@ -33,7 +33,15 @@ Initialize the cluster in single-node mode. This will start k3s on the Dokku nod dokku scheduler-k3s:initialize ``` -The above command will initialize a cluster with an automatically generated token for authentication. This token should be stored securely for later recovery, and can be displayed with via the `scheduler-k3s:report` command: +The above command will initialize a cluster with the following configuration: + +- etcd distributed backing store +- Wireguard as the networking flannel +- K3s automatic upgrader +- Longhorn distributed block storage +- Traefik configured to run on all nodes in the cluster + +Additionally, an internal token for authentication will be automatically generated. This token should be stored securely for later recovery, and can be displayed with via the `scheduler-k3s:report` command: ```shell dokku scheduler-k3s:report --global @@ -89,6 +97,9 @@ dokku scheduler:set --global selected k3s At this point, all app deploys will be performed against the k3s cluster. +> [!NOTE] +> HTTP requests for apps can be performed against any node in the cluster. Without extra configuration, many other ports may also be available on the host. For security reasons, it may be desirable to place the k3s cluster behind one or more TCP load balancers while shutting off traffic to all cluster ports. Please consult your hosting provider for more information on how to provision a TCP load balancer and shut off all ports other than 22/80/443 access to the outside world. + ### Running a multi-cluster node > [!WARNING]