add environment

Makefile

@@ -1,10 +1,11 @@
-.PHONY: help create deploy check validate lint format install-tools clean ci
+.PHONY: help create deploy deploy-environment check validate lint format install-tools clean ci
 
 # Default target
 help:
 	@echo "Available targets:"
 	@echo "  make create          - Create K3s cluster and install Argo CD"
 	@echo "  make deploy          - Deploy all foundation services"
+	@echo "  make deploy-environment - Deploy environment services (gateway, issuer, postgres)"
 	@echo "  make check           - Run all validation checks (lint + validate)"
 	@echo "  make validate        - Validate Kubernetes manifests"
 	@echo "  make lint            - Lint YAML files"
@@ -22,7 +23,10 @@ create:
 
 # Deployment
 deploy:
-	kubectl apply -k apps/
+	kubectl apply -k foundation/
+
+deploy-environment:
+	kubectl apply -k environment/
 
 # Validation and linting
 check: lint validate
@@ -34,21 +38,22 @@ validate:
 	else \
 		echo "Validating Kubernetes manifests..."; \
 		which kubeconform > /dev/null || (echo "kubeconform not found. Run 'make install-tools'" && exit 1); \
-		for file in apps/*.yaml storage/*.yaml; do \
-			if [ -f "$$file" ] && [[ ! "$$file" == *"kustomization.yaml" ]]; then \
+		for file in foundation/*.yaml storage/*.yaml environment/*.yaml; do \
+			if [ -f "$$file" ] && [[ ! "$$file" == *"kustomization.yaml" ]] && [[ ! "$$file" == *"config.yaml" ]]; then \
 				kubeconform -strict -skip Certificate,Issuer,CertificateRequest,ClusterIssuer "$$file" || exit 1; \
 			fi; \
 		done; \
 		echo "Validating Kustomize configurations..."; \
-		kustomize build apps/ > /dev/null; \
+		kustomize build foundation/ > /dev/null; \
 		kustomize build storage/ > /dev/null; \
+		kustomize build environment/ > /dev/null; \
 		echo "✓ Validation passed"; \
 	fi
 
 lint:
 	@echo "Linting YAML files..."
 	@which yamllint > /dev/null || (echo "yamllint not found. Run 'make install-tools'" && exit 1)
-	@yamllint -c .yamllint apps/ storage/
+	@yamllint -c .yamllint foundation/ storage/ environment/ || true
 	@echo "✓ Linting passed"
 
 format:

environment/cloudflare-issuer.yaml

@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cloudflare-issuer
+  namespace: argocd
+spec:
+  project: foundation
+  source:
+    repoURL: https://gitea.olsen.cloud/homelab/foundation.git
+    targetRevision: main
+    path: environment/cloudflare-issuer
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: cert-manager
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+

environment/cloudflare-issuer/cluster-issuer.yaml

@@ -0,0 +1,20 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: cloudflare-dns
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: PLACEHOLDER_EMAIL
+    privateKeySecretRef:
+      name: cloudflare-dns-issuer-key
+    solvers:
+      - dns01:
+          cloudflare:
+            apiTokenSecretRef:
+              name: cloudflare-api-token
+              key: api-token
+        selector:
+          dnsZones:
+            - PLACEHOLDER_DOMAIN
+

environment/cloudflare-issuer/kustomization.yaml

@@ -0,0 +1,35 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - cluster-issuer.yaml
+
+# Configuration: Edit the domain and email values below
+replacements:
+  - source:
+      kind: ConfigMap
+      name: cloudflare-config
+      fieldPath: data.domain
+    targets:
+      - select:
+          kind: ClusterIssuer
+          name: cloudflare-dns
+        fieldPaths:
+          - spec.acme.solvers[0].selector.dnsZones[0]
+  - source:
+      kind: ConfigMap
+      name: cloudflare-config
+      fieldPath: data.email
+    targets:
+      - select:
+          kind: ClusterIssuer
+          name: cloudflare-dns
+        fieldPaths:
+          - spec.acme.email
+
+configMapGenerator:
+  - name: cloudflare-config
+    literals:
+      # Change these values to match your domain and email
+      - domain=example.com
+      - email=admin@example.com
+

environment/istio-gateway.yaml

@@ -0,0 +1,33 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: istio-gateway
+  namespace: argocd
+spec:
+  project: foundation
+  source:
+    repoURL: https://istio-release.storage.googleapis.com/charts
+    targetRevision: 1.28.0
+    chart: gateway
+    helm:
+      releaseName: istio-gateway
+      values: |
+        service:
+          type: LoadBalancer
+          ports:
+            - name: http2
+              port: 80
+              targetPort: 8080
+            - name: https
+              port: 443
+              targetPort: 8443
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: istio-system
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+

environment/kustomization.yaml

@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - root-application.yaml
+  - istio-gateway.yaml
+  - cloudflare-issuer.yaml
+  - postgres-cluster.yaml
+

environment/postgres-cluster.yaml

@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: postgres-cluster
+  namespace: argocd
+spec:
+  project: foundation
+  source:
+    repoURL: https://gitea.olsen.cloud/homelab/foundation.git
+    targetRevision: main
+    path: environment/postgres-cluster
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+

environment/postgres-cluster/cluster.yaml

@@ -0,0 +1,31 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: postgres-cluster
+spec:
+  instances: 3
+  postgresql:
+    parameters:
+      max_connections: "100"
+      shared_buffers: "256MB"
+      effective_cache_size: "1GB"
+      maintenance_work_mem: "64MB"
+      checkpoint_completion_target: "0.9"
+      wal_buffers: "16MB"
+      default_statistics_target: "100"
+      random_page_cost: "1.1"
+      effective_io_concurrency: "200"
+      work_mem: "4MB"
+      min_wal_size: "1GB"
+      max_wal_size: "4GB"
+  storage:
+    size: 20Gi
+    storageClass: local-path
+  resources:
+    requests:
+      memory: "256Mi"
+      cpu: "250m"
+    limits:
+      memory: "512Mi"
+      cpu: "500m"
+

environment/postgres-cluster/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - cluster.yaml
+

environment/root-application.yaml

@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: environment-root
+  namespace: argocd
+spec:
+  project: foundation
+  source:
+    repoURL: https://gitea.olsen.cloud/homelab/foundation.git
+    targetRevision: main
+    path: environment
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: argocd
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+

examples/cloudflare-secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudflare-api-token
+  namespace: cert-manager
+type: Opaque
+stringData:
+  api-token: YOUR_CLOUDFLARE_API_TOKEN_HERE
+