diff options
-rw-r--r-- | README.md | 29 | ||||
-rw-r--r-- | cluster/prod/app/core/deploy/core.hcl | 2 |
2 files changed, 1 insertions, 30 deletions
@@ -58,35 +58,6 @@ To upgrade NixOS, use the `./upgrade_nixos` script instead (it has the same synt **When adding a node to the cluster:** just do `./deploy_nixos <cluster_name> <name_of_new_node>` -### Deploying Wesher - -We use Wesher to provide an encrypted overlay network between nodes in the cluster. -This is usefull in particular for securing services that are not able to do mTLS, -but as a security-in-depth measure, we make all traffic go through Wesher even when -TLS is done correctly. It is thus mandatory to have a working Wesher installation -in the cluster for it to run correctly. - -First, if no Wesher shared secret key has been generated for this cluster yet, -generate it with: - -``` -./gen_wesher_key <cluster_name> -``` - -This key will be stored in `pass`, so you must have a working `pass` installation -for this script to run correctly. - -Then, deploy the key on all nodes with: - -``` -./deploy_wesher_key <cluster_name> -``` - -This should be done after `./deploy_nixos` has run successfully on all nodes. -You should now have a working Wesher network between all your nodes! - -**When adding a node to the cluster:** just do `./deploy_wesher_key <cluster_name> <name_of_new_node>` - ### Generating and deploying a PKI for Consul and Nomad This is very similar to how we do for Wesher. diff --git a/cluster/prod/app/core/deploy/core.hcl b/cluster/prod/app/core/deploy/core.hcl index 7449740..5c9f9c0 100644 --- a/cluster/prod/app/core/deploy/core.hcl +++ b/cluster/prod/app/core/deploy/core.hcl @@ -90,7 +90,7 @@ EOH } resources { - cpu = 2000 + cpu = 500 memory = 200 } |