DEV cluster settings documentation

implementations-line/systems/technical-infrastructure/CYDEL01-cybdev02.md

@@ -90,6 +90,17 @@ journalctl -u rancher-system-agent -f
 ## Monitoring & Logging
 
 ## Networking
+- Update of __/etc/hosts__ file check (e.g DHCP mode from network system) or static ip address.
+  Ensure your system can resolve its hostname by updating the /etc/hosts file with the IP address and the new hostname via command:
+```
+  sudo vi /etc/hosts
+
+  # Add a line: server-desired-hostname
+  # Local K8s application extended hostnames
+  192.168.30.13 cybdev02.cybnity.tech
+  # Cluster exposed API Endpoint FQDN (configuration managed in Rancher)
+  192.168.30.13 dev.cybnity.tech
+```
 
 ## Security
 
@@ -124,6 +135,21 @@ On cluster eligible to remote management:
 - Set the cluster-admin privileges for Rancher user via the command proposed by Rancher Registration section
 - From cluster to control, execute the registration command proposed by Rancher (e.g via kubectl on existing DEV cluster) to import it into Rancher management system
 
+## Kubernetes tools usage
+When a K8S client is used, the automatic installed RKE2 CLI is hosted in __/var/lib/rancher/rke2/bin__ folder, and the kubeconfig location (automatically installed in __/etc/rancher/rke2__ folder) shall be identified during any CLI command execution.
+
+For example:
+```
+# Show started nodes
+/var/lib/rancher/rke2/bin/kubectl --kubeconfig=/etc/rancher/rke2/rke2.yaml get nodes
+
+# Show deployed pods
+/var/lib/rancher/rke2/bin/kubectl --kubeconfig=/etc/rancher/rke2/rke2.yaml get nodes -A
+
+# Show errors relative to pods instantiation
+/var/lib/rancher/rke2/bin/kubectl --kubeconfig=/etc/rancher/rke2/rke2.yaml get pods -v=10
+```
+
 # APPLICATION SERVICES
 
 #

implementations-line/systems/technical-infrastructure/CYDEL01-cybsup01.md

@@ -252,9 +252,21 @@ Distributes and S3-compatible storage system deployed on Linux OS for commond bl
 ## Monitoring & Logging
 
 ## Networking
+By default, NetworkManager (configuration file at __/etc/NetworkManager/NetworkManager.conf__) is started by Ubuntu (and mananing dynamic resolv.conf update) and status can be checked via command: `sudo systemctl status systemd-resolved`.
+
+- Creation of extended CoreDNS configuration via added file `/var/lib/rancher/rke2/server/manifests/rke2-coredns-config.yaml` including:
+```
+
+```
+
 ### Container Network Interface (CNI)
 Canal solution is deployed as CNI plugin.
 
+### External FQDN visibility
+By default, pods deployed into the cluster can't reach external server based on DNS (e.g Internet server name; external network server based on a FQDN and/or dns hostname).
+
+Creation of a CoreDNS configuration file allowing visibility of external machines (e.g Support cluster machine from the DEV cluster isolated network), extending the default coredns config file automatically created by the Support server during the RKE2 dynamic agent installation
+
 ## Security
 ### Rancher Backup
 Automated backup solution ensuring auto-save of Rancher instance into a scheduled approach, to file versions allowing restoration in case of Rancher container disaster.
@@ -460,7 +472,10 @@ kubectl -n cattle-system get deploy rancher
         dnsNames:
         - cybnity.tech
         - cybsup01.cybnity.tech
+        - cybdev01.cybnity.tech
+        - cybdev02.cybnity.tech
         - sup.cybnity.tech
+        - dev.cybnity.tech
       ```
       - Apply resource for instantiation in cluster via command `kubectl apply -f rke2-trust-cybnity-tech-issuer.yaml` and verify good creation of ClusterIssuer and Certificate into the cluster
       - Remove created objects in cluster, and move the manifest file into `/var/lib/rancher/rke2/server/manifests/` for automatic binding by RKE2

implementations-line/systems/technical-infrastructure/CYDEL01-ubuntu-installation.md

@@ -24,7 +24,6 @@ Based on default version defined by the Ubuntu LTS server version installed.
 ## AppArmor
 Installed by default by Ubuntu Linux server LTS version. See [AppArmor configuration doc](https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#security-improvements) for help.
 
-
 ## Ubuntu Linux Server
 - Installation of Ubuntu LTS server version (e.g from bootable USB stick)
   - define boot and OS dedicated partitions for OS directories and mounting points
@@ -79,7 +78,7 @@ After installation, storage layout and filesystem layout shall be shown (via `ls
 
   - to make change without closing the terminal via command `exec bash`
 
-- Update of /etc/hosts file check (e.g DHCP mode from network system) or static ip address.
+- Update of __/etc/hosts__ file check (e.g DHCP mode from network system) or static ip address.
   Ensure your system can resolve its hostname by updating the /etc/hosts file with the IP address and the new hostname via command:
 ```
   sudo vi /etc/hosts
@@ -96,6 +95,13 @@ After installation, storage layout and filesystem layout shall be shown (via `ls
 
 ```
 
+### Timezone
+Change permanently the OS's timezone used as reference according to the server location, via commands:
+```
+sudo ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime
+sudo dpkg-reconfigure -f noninteractive tzdata
+```
+
 ## Networking
 - Check detected network card via commands:
 ```
@@ -274,11 +280,21 @@ ping <external server name>.<domain name>
   - on server, execute `poweroff` to stop the machine
   - on another station, wake it up with a magic packet send (e.g on mac over command execution `wakeonlan <<MAC ADDRESS>>`)
 
-### Timezone
-Change permanently the OS's timezone used as reference according to the server location, via commands:
+### Firewall
+- Check status of default Ubuntu installed firewall via command: `sudo ufw status`
+- and disable when not needed.
+
+### Routing
+Openining of 6443 tcp port using iptables (see [RKE doc](https://rke.docs.rancher.com/os#ports)) via command:
 ```
-sudo ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime
-sudo dpkg-reconfigure -f noninteractive tzdata
+# Open TCP/6443 for all
+sudo iptables -A INPUT -p tcp --dport 6443 -j ACCEPT
+```
+
+### SSH Server configuration
+Add TCP forwarding capability to the SSH server via modification of the `/etc/ssh/sshd_config` file which shall include line:
+```
+AllowTcpForwarding yes
 ```
 
 #

implementations-line/systems/technical-infrastructure/CYDEL01.md

@@ -34,8 +34,8 @@ This area of technical components and/or services are dedicated to support the o
 
 ## DEVELOPMENT
 This area of technical components and/or resources are dedicated to centralized development activities as shared CYBNITY software suite development cluster (e.g allowing developers of application components to merge and test CYBNITY software components that are versioned over the STAGING branch and/or that need temporary deployment from a development feature branch):
-- [CYDEL02 - Development cluster primary server](CYDEL01-cybdev02.md)
-- [CYDEL01 - Development cluster worker server](CYDEL01-cybdev01.md)
+- [CYDEL01 - Development cluster DEV01 server](CYDEL01-cybdev01.md)
+- [CYDEL01 - Development cluster DEV02 server](CYDEL01-cybdev02.md)
 
 ## VALIDATION INFRASTRUCTURE