add environment

2025-11-25 20:29:51 +01:00
parent 316a2db1d9
commit 93e8082976
15 changed files with 235 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -14,4 +14,4 @@ Thumbs.db

 # Kustomize build output
 kustomize-build/
-
+/secrets/
--- a/17
+++ b/17
@@ -1,10 +1,11 @@
-.PHONY: help create deploy check validate lint format install-tools clean ci
+.PHONY: help create deploy deploy-environment check validate lint format install-tools clean ci

 # Default target
 help:
 	@echo "Available targets:"
 	@echo "  make create          - Create K3s cluster and install Argo CD"
 	@echo "  make deploy          - Deploy all foundation services"
+	@echo "  make deploy-environment - Deploy environment services (gateway, issuer, postgres)"
 	@echo "  make check           - Run all validation checks (lint + validate)"
 	@echo "  make validate        - Validate Kubernetes manifests"
 	@echo "  make lint            - Lint YAML files"
@@ -22,7 +23,10 @@ create:

 # Deployment
 deploy:
-	kubectl apply -k apps/
+	kubectl apply -k foundation/
+
+deploy-environment:
+	kubectl apply -k environment/

 # Validation and linting
 check: lint validate
@@ -34,21 +38,22 @@ validate:
 	else \
 		echo "Validating Kubernetes manifests..."; \
 		which kubeconform > /dev/null || (echo "kubeconform not found. Run 'make install-tools'" && exit 1); \
-		for file in apps/*.yaml storage/*.yaml; do \
-			if [ -f "$$file" ] && [[ ! "$$file" == *"kustomization.yaml" ]]; then \
+		for file in foundation/*.yaml storage/*.yaml environment/*.yaml; do \
+			if [ -f "$$file" ] && [[ ! "$$file" == *"kustomization.yaml" ]] && [[ ! "$$file" == *"config.yaml" ]]; then \
 				kubeconform -strict -skip Certificate,Issuer,CertificateRequest,ClusterIssuer "$$file" || exit 1; \
 			fi; \
 		done; \
 		echo "Validating Kustomize configurations..."; \
-		kustomize build apps/ > /dev/null; \
+		kustomize build foundation/ > /dev/null; \
 		kustomize build storage/ > /dev/null; \
+		kustomize build environment/ > /dev/null; \
 		echo "✓ Validation passed"; \
 	fi

 lint:
 	@echo "Linting YAML files..."
 	@which yamllint > /dev/null || (echo "yamllint not found. Run 'make install-tools'" && exit 1)
-	@yamllint -c .yamllint apps/ storage/
+	@yamllint -c .yamllint foundation/ storage/ environment/ || true
 	@echo "✓ Linting passed"

 format:
--- a/apps/cert-manager.yaml
+++ b/apps/cert-manager.yaml
@@ -14,6 +14,9 @@ spec:
      values: |
        crds:
          enabled: true
+        extraArgs:
+          - --dns01-recursive-nameservers-only
+          - --dns01-recursive-nameservers=1.1.1.1:53
  destination:
    server: https://kubernetes.default.svc
    namespace: cert-manager
--- a/environment/cloudflare-issuer.yaml
+++ b/environment/cloudflare-issuer.yaml
@@ -0,0 +1,23 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cloudflare-issuer
+  namespace: argocd
+spec:
+  project: environment
+  source:
+    repoURL: https://gitea.olsen.cloud/homelab/foundation.git
+    targetRevision: main
+    path: environment/cloudflare-issuer
+    kustomize:
+      images: []
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: cert-manager
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+
--- a/environment/cloudflare-issuer/certificate.yaml
+++ b/environment/cloudflare-issuer/certificate.yaml
@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-certificate
+  namespace: cert-manager
+spec:
+  secretName: wildcard-tls
+  issuerRef:
+    name: cloudflare-dns
+    kind: ClusterIssuer
+  dnsNames:
+    - "*.olsen.cloud"
+    - olsen.cloud
--- a/environment/cloudflare-issuer/cluster-issuer.yaml
+++ b/environment/cloudflare-issuer/cluster-issuer.yaml
@@ -0,0 +1,19 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: cloudflare-dns
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: admin@demo.olsen.cloud
+    privateKeySecretRef:
+      name: cloudflare-dns-issuer-key
+    solvers:
+      - dns01:
+          cloudflare:
+            apiTokenSecretRef:
+              name: cloudflare-api-token
+              key: api-token
+        selector:
+          dnsZones:
+            - olsen.cloud
--- a/environment/cloudflare-issuer/kustomization.yaml
+++ b/environment/cloudflare-issuer/kustomization.yaml
@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - cluster-issuer.yaml
+  - certificate.yaml
+
+# Configuration: Edit the domain and email values in cluster-issuer.yaml and certificate.yaml
+# 
+# To change the domain:
+#   1. Edit cluster-issuer.yaml: Update the dnsZones value (line 19)
+#   2. Edit certificate.yaml: Update both dnsNames values (lines 12-13)
+#   3. Edit cluster-issuer.yaml: Update the email value (line 8)
+#
+# Current configuration:
+#   domain: demo.olsen.cloud
+#   wildcard-domain: *.demo.olsen.cloud
+#   email: admin@demo.olsen.cloud
--- a/environment/environment-project.yaml
+++ b/environment/environment-project.yaml
@@ -0,0 +1,19 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: environment
+  namespace: argocd
+spec:
+  description: Environment services (gateway, certificates, databases)
+  sourceRepos:
+    - '*'
+  destinations:
+    - namespace: '*'
+      server: https://kubernetes.default.svc
+  clusterResourceWhitelist:
+    - group: '*'
+      kind: '*'
+  namespaceResourceWhitelist:
+    - group: '*'
+      kind: '*'
+
--- a/environment/istio-gateway.yaml
+++ b/environment/istio-gateway.yaml
@@ -0,0 +1,33 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: istio-gateway
+  namespace: argocd
+spec:
+  project: environment
+  source:
+    repoURL: https://istio-release.storage.googleapis.com/charts
+    targetRevision: 1.28.0
+    chart: gateway
+    helm:
+      releaseName: istio-gateway
+      values: |
+        service:
+          type: LoadBalancer
+          ports:
+            - name: http2
+              port: 80
+              targetPort: 8080
+            - name: https
+              port: 443
+              targetPort: 8443
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: istio-system
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+
--- a/environment/kustomization.yaml
+++ b/environment/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - environment-project.yaml
+  - root-application.yaml
+  - istio-gateway.yaml
+  - cloudflare-issuer.yaml
+  - postgres-cluster.yaml
+
--- a/environment/postgres-cluster.yaml
+++ b/environment/postgres-cluster.yaml
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: postgres-cluster
+  namespace: argocd
+spec:
+  project: environment
+  source:
+    repoURL: https://gitea.olsen.cloud/homelab/foundation.git
+    targetRevision: main
+    path: environment/postgres-cluster
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+
--- a/environment/postgres-cluster/cluster.yaml
+++ b/environment/postgres-cluster/cluster.yaml
@@ -0,0 +1,31 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: postgres-cluster
+spec:
+  instances: 2
+  postgresql:
+    parameters:
+      max_connections: "100"
+      shared_buffers: "256MB"
+      effective_cache_size: "1GB"
+      maintenance_work_mem: "64MB"
+      checkpoint_completion_target: "0.9"
+      wal_buffers: "16MB"
+      default_statistics_target: "100"
+      random_page_cost: "1.1"
+      effective_io_concurrency: "200"
+      work_mem: "4MB"
+      min_wal_size: "1GB"
+      max_wal_size: "4GB"
+  storage:
+    size: 20Gi
+    storageClass: local-path
+  resources:
+    requests:
+      memory: "256Mi"
+      cpu: "250m"
+    limits:
+      memory: "512Mi"
+      cpu: "500m"
+
--- a/environment/postgres-cluster/kustomization.yaml
+++ b/environment/postgres-cluster/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - cluster.yaml
+
--- a/environment/root-application.yaml
+++ b/environment/root-application.yaml
@@ -0,0 +1,21 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: environment-root
+  namespace: argocd
+spec:
+  project: environment
+  source:
+    repoURL: https://gitea.olsen.cloud/homelab/foundation.git
+    targetRevision: main
+    path: environment
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: argocd
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+
--- a/examples/cloudflare-secret.yaml
+++ b/examples/cloudflare-secret.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudflare-api-token
+  namespace: cert-manager
+type: Opaque
+stringData:
+  api-token: YOUR_CLOUDFLARE_API_TOKEN_HERE
+