Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity

feature/multicluster
Some checks failed
Deploy Gitea Pages / build-and-deploy (push) Failing after 5s
Details

Browse Source 
Co-authored-by: Danijel Simeunovic <danijel.simeunovic@trumf.no>
Reviewed-on: #4
Reviewed-by: gitea_admin <admin@forteapps.net>
This commit was merged in pull request #4.
This commit is contained in:
Danijel Simeunovic
2026-04-18 18:14:00 +00:00
parent 72a65f0e06
commit 03a0d7c9ae
72 changed files with 574 additions and 326 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
infra/cert-manager-application.yaml → infra/base/cert-manager-application.yaml
View File

0
infra/cluster-resources-application.yaml → infra/base/cluster-resources-application.yaml
View File

2
infra/enterprise-apps.yaml → infra/base/enterprise-apps.yaml
View File

@@ -18,7 +18,7 @@ spec:
source:
repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
targetRevision: HEAD
path: apps
path: apps/overlays/upc-dev
destination:
server: https://kubernetes.default.svc
namespace: apps

2
infra/fluent-bit.yaml → infra/base/fluent-bit.yaml
View File

@@ -21,7 +21,7 @@ spec:
helm:
releaseName: fluent-bit
valueFiles:
- $values/infra/values/fluent-bit-values.yaml
- $values/infra/values/base/fluent-bit-values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
targetRevision: HEAD

2
infra/gitea-actions.yaml → infra/base/gitea-actions.yaml
View File

@@ -21,7 +21,7 @@ spec:
helm:
releaseName: gitea-actions
valueFiles:
- $values/infra/values/gitea-actions-values.yaml
- $values/infra/values/base/gitea-actions-values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
targetRevision: HEAD

2
infra/gitea.yaml → infra/base/gitea.yaml
View File

@@ -21,7 +21,7 @@ spec:
helm:
releaseName: gitea
valueFiles:
- $values/infra/values/gitea-values.yaml
- $values/infra/values/base/gitea-values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
targetRevision: HEAD

0
infra/grafana-dashboards.yaml → infra/base/grafana-dashboards.yaml
View File

3
infra/grafana.yaml → infra/base/grafana.yaml
View File

@@ -21,7 +21,8 @@ spec:
helm:
releaseName: grafana
valueFiles:
- $values/infra/values/grafana-values.yaml
- $values/infra/values/base/grafana-values.yaml
- $values/infra/values/upc-dev/grafana-values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
targetRevision: HEAD

3
infra/keycloak.yaml → infra/base/keycloak.yaml
View File

@@ -21,7 +21,8 @@ spec:
helm:
releaseName: keycloak
valueFiles:
- $values/infra/values/keycloak-values.yaml
- $values/infra/values/base/keycloak-values.yaml
- $values/infra/values/upc-dev/keycloak-values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
targetRevision: HEAD

23
infra/base/kustomization.yaml Normal file
View File

@@ -0,0 +1,23 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- traefik-application.yaml
- keycloak.yaml
- grafana.yaml
- cert-manager-application.yaml
- kyverno.yaml
- sealedsecrets.yaml
- prometheus.yaml
- loki.yaml
- fluent-bit.yaml
- trivy.yaml
- enterprise-apps.yaml
- cluster-resources-application.yaml
- kyverno-policies.yaml
- secrets.yaml
- gitea.yaml
- gitea-actions.yaml
- renovate.yaml
- tempo.yaml
- grafana-dashboards.yaml
- network-policies-application.yaml

0
infra/kyverno-policies.yaml → infra/base/kyverno-policies.yaml
View File

0
infra/kyverno.yaml → infra/base/kyverno.yaml
View File

2
infra/loki.yaml → infra/base/loki.yaml
View File

@@ -21,7 +21,7 @@ spec:
helm:
releaseName: loki
valueFiles:
- $values/infra/values/loki-values.yaml
- $values/infra/values/base/loki-values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
targetRevision: HEAD

0
infra/network-policies-application.yaml → infra/base/network-policies-application.yaml
View File

2
infra/prometheus.yaml → infra/base/prometheus.yaml
View File

@@ -21,7 +21,7 @@ spec:
helm:
releaseName: prometheus
valueFiles:
- $values/infra/values/prometheus-values.yaml
- $values/infra/values/base/prometheus-values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
targetRevision: HEAD

2
infra/renovate.yaml → infra/base/renovate.yaml
View File

@@ -21,7 +21,7 @@ spec:
helm:
releaseName: renovate
valueFiles:
- $values/infra/values/renovate-values.yaml
- $values/infra/values/base/renovate-values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
targetRevision: HEAD

0
infra/sealedsecrets.yaml → infra/base/sealedsecrets.yaml
View File

2
infra/secrets.yaml → infra/base/secrets.yaml
View File

@@ -18,7 +18,7 @@ spec:
project: default
source:
repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
path: secrets
path: secrets/upc-dev
destination:
server: https://kubernetes.default.svc
namespace: secrets

2
infra/tempo.yaml → infra/base/tempo.yaml
View File

@@ -21,7 +21,7 @@ spec:
helm:
releaseName: tempo
valueFiles:
- $values/infra/values/tempo-values.yaml
- $values/infra/values/base/tempo-values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
targetRevision: HEAD

29
infra/opencost.yaml → infra/base/traefik-application.yaml
View File

@@ -1,13 +1,20 @@
apiVersion: v1
kind: Namespace
metadata:
name: traefik-system
annotations:
argocd.argoproj.io/sync-wave: "-1"
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: opencost
name: traefik
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "1"
labels:
app.kubernetes.io/name: opencost
app.kubernetes.io/part-of: monitoring
app.kubernetes.io/name: traefik
app.kubernetes.io/part-of: platform
app.kubernetes.io/managed-by: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
@@ -15,27 +22,29 @@ spec:
project: default
sources:
- repoURL: https://opencost.github.io/opencost-helm-chart
chart: opencost
targetRevision: "1.42.0"
- repoURL: https://traefik.github.io/charts
chart: traefik
targetRevision: "28.0.0"
helm:
releaseName: opencost
releaseName: traefik
valueFiles:
- $values/infra/values/opencost-values.yaml
- $values/infra/values/base/traefik-values.yaml
- $values/infra/values/upc-dev/traefik-values.yaml
- repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
- repoURL: git@github.com:fortedigital/sturdy-adventure.git
targetRevision: HEAD
ref: values
destination:
server: https://kubernetes.default.svc
namespace: monitoring
namespace: traefik-system
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- Validate=true

0
infra/trivy.yaml → infra/base/trivy.yaml
View File

7
infra/overlays/upc-dev/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
# No patches needed — base already has "upc-dev" paths
# upc-dev is the default/base cluster

50
infra/overlays/upc-prod/kustomization.yaml Normal file
View File

@@ -0,0 +1,50 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
patches:
# Traefik: swap upc-dev → upc-prod in valueFiles
- target:
kind: Application
name: traefik
patch: |
- op: replace
path: /spec/sources/0/helm/valueFiles/1
value: $values/infra/values/upc-prod/traefik-values.yaml
# Keycloak: swap upc-dev → upc-prod
- target:
kind: Application
name: keycloak
patch: |
- op: replace
path: /spec/sources/0/helm/valueFiles/1
value: $values/infra/values/upc-prod/keycloak-values.yaml
# Grafana: swap upc-dev → upc-prod
- target:
kind: Application
name: grafana
patch: |
- op: replace
path: /spec/sources/0/helm/valueFiles/1
value: $values/infra/values/upc-prod/grafana-values.yaml
# Secrets: change path to upc-prod
- target:
kind: Application
name: secrets
patch: |
- op: replace
path: /spec/source/path
value: secrets/upc-prod
# Enterprise-apps: point to upc-prod overlay
- target:
kind: Application
name: enterprise-apps
patch: |
- op: replace
path: /spec/source/path
value: apps/overlays/upc-prod

159
infra/traefik-application.yaml
View File

@@ -1,159 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: traefik-system
annotations:
argocd.argoproj.io/sync-wave: "-1"
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: traefik
namespace: argocd
annotations:
argocd.argoproj.io/sync-wave: "1"
labels:
app.kubernetes.io/name: traefik
app.kubernetes.io/part-of: platform
app.kubernetes.io/managed-by: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: https://traefik.github.io/charts
chart: traefik
targetRevision: "28.0.0"
helm:
values: |
metrics:
addInternals: true
tracing:
otlp:
enabled: true
logs:
general:
level: DEBUG
access:
format: json
enabled: true
additionalArguments:
- "--tracing.otlp.http.endpoint=http://tempo.monitoring.svc.cluster.local:4318/v1/traces"
providers:
kubernetesIngress:
publishedService: # Fixes ArgoCD health checks for LoadBalancer services
enabled: true
deployment:
replicas: 2
ingressRoute:
dashboard:
enabled: true
# Optional: specify entrypoint
entrypoint: traefik
api:
dashboard: true
debug: false
service:
type: LoadBalancer
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.priority: "42"
traefik.ingress.kubernetes.io/router.tls: "true"
service.beta.kubernetes.io/upcloud-load-balancer-config: |
{
"frontends": [
{
"name": "web",
"mode": "tcp"
},
{
"name": "websecure",
"mode": "tcp"
},
{
"name": "giteassh",
"mode": "tcp"
}
],
"backends": [
{
"name": "web",
"properties": {
"outbound_proxy_protocol": "v2"
}
},
{
"name": "websecure",
"properties": {
"outbound_proxy_protocol": "v2"
}
},
{
"name": "giteassh"
}
]
}
ingressClass:
enabled: true
isDefaultClass: true
# Configure entry points
ports:
metrics:
expose:
default: true
observability:
accessLogs: true
metrics: true
tracing: true
traceVerbosity: detailed
web:
proxyProtocol:
trustedIPs: "172.16.1.0/24"
forwardedHeaders:
trustedIPs: "172.16.1.0/24"
http:
redirections:
entrypoint:
to: websecure
scheme: https
websecure:
proxyProtocol:
trustedIPs: "172.16.1.0/24"
forwardedHeaders:
trustedIPs: "172.16.1.0/24"
observability:
accessLogs: true
metrics: true
tracing: true
giteassh:
port: 2222
expose:
default: true
exposedPort: 2222
protocol: TCP
destination:
server: https://kubernetes.default.svc
namespace: traefik-system
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- Validate=true
- ServerSideApply=true

6
infra/values/argocd-values.yaml → infra/values/base/argocd-values.yaml
View File

@@ -1,5 +1,3 @@
global:
domain: argocd.127.0.0.1.nip.io
configs:
secret:
createSecret: true
@@ -22,10 +20,6 @@ notifications:
secret:
create: false
# Shared context variables available in all templates
context:
clusterName: "dev-fd-no-svg1"
# Define notification templates
templates:
template.app-syncing: |

11
infra/values/base/dot-ai-stack-values.yaml Normal file
View File

@@ -0,0 +1,11 @@
dot-ai:
ingress:
enabled: true
className: traefik
dot-ai-ui:
uiAuth:
secretRef:
name: dot-ai-secrets
ingress:
enabled: true
className: traefik

0
infra/values/fluent-bit-values.yaml → infra/values/base/fluent-bit-values.yaml
View File

0
infra/values/gitea-actions-values.yaml → infra/values/base/gitea-actions-values.yaml
View File

0
infra/values/gitea-values.yaml → infra/values/base/gitea-values.yaml
View File

2
infra/values/grafana-values.yaml → infra/values/base/grafana-values.yaml
View File

@@ -1,7 +1,5 @@
ingress:
enabled: true
hosts:
- grafana.127.0.0.1.nip.io
resources:
requests:
cpu: 50m

2
infra/values/keycloak-values.yaml → infra/values/base/keycloak-values.yaml
View File

@@ -1,5 +1,4 @@
# Bitnami Keycloak Helm Chart Values
# Host: id.forteapps.net
# Chart version: 25.2.0
image:
@@ -15,7 +14,6 @@ auth:
ingress:
enabled: true
hostname: id.forteapps.net
tls: true
ingressClassName: traefik
annotations:

0
infra/values/loki-values.yaml → infra/values/base/loki-values.yaml
View File

0
infra/values/opencost-values.yaml → infra/values/base/opencost-values.yaml
View File

0
infra/values/prometheus-values.yaml → infra/values/base/prometheus-values.yaml
View File

0
infra/values/renovate-values.yaml → infra/values/base/renovate-values.yaml
View File

0
infra/values/tempo-values.yaml → infra/values/base/tempo-values.yaml
View File

50
infra/values/base/traefik-values.yaml Normal file
View File

@@ -0,0 +1,50 @@
providers:
kubernetesIngress:
publishedService: # Fixes ArgoCD health checks for LoadBalancer services
enabled: true
deployment:
replicas: 2
ingressRoute:
dashboard:
enabled: true
# Optional: specify entrypoint
entrypoint: traefik
api:
dashboard: true
debug: false
service:
type: LoadBalancer
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.priority: "42"
traefik.ingress.kubernetes.io/router.tls: "true"
ingressClass:
enabled: true
isDefaultClass: true
# Configure entry points
ports:
metrics:
expose:
default: true
observability:
accessLogs: true
metrics: true
tracing: true
traceVerbosity: detailed
web:
http:
redirections:
entrypoint:
to: websecure
scheme: https
websecure:
observability:
accessLogs: true
metrics: true
tracing: true

5
infra/values/upc-dev/argocd-values.yaml Normal file
View File

@@ -0,0 +1,5 @@
global:
domain: argocd.127.0.0.1.nip.io
notifications:
context:
clusterName: "dev-fd-eu-no-svg1"

8
infra/values/upc-dev/dot-ai-stack-values.yaml Normal file
View File

@@ -0,0 +1,8 @@
dot-ai:
ingress:
host: kubemcp.forteapps.net
webUI:
baseUrl: http://kubemcpui.forteapps.net
dot-ai-ui:
ingress:
host: kubemcpui.forteapps.net

3
infra/values/upc-dev/grafana-values.yaml Normal file
View File

@@ -0,0 +1,3 @@
ingress:
hosts:
- grafana.forteapps.net

2
infra/values/upc-dev/keycloak-values.yaml Normal file
View File

@@ -0,0 +1,2 @@
ingress:
hostname: id.forteapps.net

40
infra/values/upc-dev/traefik-values.yaml Normal file
View File

@@ -0,0 +1,40 @@
service:
annotations:
service.beta.kubernetes.io/upcloud-load-balancer-config: |
{
"frontends": [
{
"name": "web",
"mode": "tcp"
},
{
"name": "websecure",
"mode": "tcp"
}
],
"backends": [
{
"name": "web",
"properties": {
"outbound_proxy_protocol": "v2"
}
},
{
"name": "websecure",
"properties": {
"outbound_proxy_protocol": "v2"
}
}
]
}
ports:
web:
proxyProtocol:
trustedIPs: "172.16.1.0/24"
forwardedHeaders:
trustedIPs: "172.16.1.0/24"
websecure:
proxyProtocol:
trustedIPs: "172.16.1.0/24"
forwardedHeaders:
trustedIPs: "172.16.1.0/24"

5
infra/values/upc-prod/argocd-values.yaml Normal file
View File

@@ -0,0 +1,5 @@
global:
domain: argocd.us.forteapps.net
notifications:
context:
clusterName: "dev-fd-us-east1"

8
infra/values/upc-prod/dot-ai-stack-values.yaml Normal file
View File

@@ -0,0 +1,8 @@
dot-ai:
ingress:
host: kubemcp.us.forteapps.net
webUI:
baseUrl: http://kubemcpui.us.forteapps.net
dot-ai-ui:
ingress:
host: kubemcpui.us.forteapps.net

3
infra/values/upc-prod/grafana-values.yaml Normal file
View File

@@ -0,0 +1,3 @@
ingress:
hosts:
- grafana.us.forteapps.net

2
infra/values/upc-prod/keycloak-values.yaml Normal file
View File

@@ -0,0 +1,2 @@
ingress:
hostname: id.us.forteapps.net

13
infra/values/upc-prod/traefik-values.yaml Normal file
View File

@@ -0,0 +1,13 @@
service:
annotations: {}
ports:
web:
proxyProtocol:
trustedIPs: "10.0.0.0/16"
forwardedHeaders:
trustedIPs: "10.0.0.0/16"
websecure:
proxyProtocol:
trustedIPs: "10.0.0.0/16"
forwardedHeaders:
trustedIPs: "10.0.0.0/16"