From 6942355d439d2c4e3a1628a6b104ac9b98c6e6e5 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Sun, 16 Oct 2022 11:04:36 +0200 Subject: [PATCH] update readme.md --- README.md | 29 --------------------------- cluster/prod/app/core/deploy/core.hcl | 2 +- 2 files changed, 1 insertion(+), 30 deletions(-) diff --git a/README.md b/README.md index ef3f082..11b0346 100644 --- a/README.md +++ b/README.md @@ -58,35 +58,6 @@ To upgrade NixOS, use the `./upgrade_nixos` script instead (it has the same synt **When adding a node to the cluster:** just do `./deploy_nixos ` -### Deploying Wesher - -We use Wesher to provide an encrypted overlay network between nodes in the cluster. -This is usefull in particular for securing services that are not able to do mTLS, -but as a security-in-depth measure, we make all traffic go through Wesher even when -TLS is done correctly. It is thus mandatory to have a working Wesher installation -in the cluster for it to run correctly. - -First, if no Wesher shared secret key has been generated for this cluster yet, -generate it with: - -``` -./gen_wesher_key -``` - -This key will be stored in `pass`, so you must have a working `pass` installation -for this script to run correctly. - -Then, deploy the key on all nodes with: - -``` -./deploy_wesher_key -``` - -This should be done after `./deploy_nixos` has run successfully on all nodes. -You should now have a working Wesher network between all your nodes! - -**When adding a node to the cluster:** just do `./deploy_wesher_key ` - ### Generating and deploying a PKI for Consul and Nomad This is very similar to how we do for Wesher. diff --git a/cluster/prod/app/core/deploy/core.hcl b/cluster/prod/app/core/deploy/core.hcl index 7449740..5c9f9c0 100644 --- a/cluster/prod/app/core/deploy/core.hcl +++ b/cluster/prod/app/core/deploy/core.hcl @@ -90,7 +90,7 @@ EOH } resources { - cpu = 2000 + cpu = 500 memory = 200 }