Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Wiki Activity

forte prod

Browse Source
This commit is contained in:
Danijel Simeunovic
2026-06-12 16:44:44 +02:00
parent 9297398d56
commit 0fc1be3a8a
16 changed files with 210 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.tofu/scripts/setup-cluster.sh
+1
View File
@@ -15,6 +15,7 @@ Usage: $0 <cluster> [options]
Clusters: aks-dev | aks-prod | eks-dev | eks-prod Clusters: aks-dev | aks-prod | eks-dev | eks-prod
gke-dev | gke-prod | upc-dev | upc-prod gke-dev | gke-prod | upc-dev | upc-prod
forte-group
<platform>-workload (for workload clusters) <platform>-workload (for workload clusters)
Options: Options:
_app-of-apps-forte-group.yaml
+32
View File
@@ -0,0 +1,32 @@
apiVersion: v1
kind: Namespace
metadata:
name: monitoring
annotations:
argocd.argoproj.io/sync-wave: "-1"
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: infrastructure-apps
namespace: argocd
labels:
app.kubernetes.io/name: infrastructure-apps
app.kubernetes.io/part-of: platform
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git
targetRevision: HEAD
path: infra/overlays/forte-group
destination:
server: https://kubernetes.default.svc
namespace: default
syncPolicy:
automated:
prune: true
selfHeal: true
syncOptions:
- CreateNamespace=true
apps/base/kustomization.yaml → apps/overlays/forte-group/kustomization.yaml
+3 -5
View File
@@ -1,8 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- dot-ai-stack - ../../base/mcp10x
- mcp10x - ../../base/ts-mcp
- musicman
- ts-mcp
- argo-mcp
apps/overlays/upc-dev/kustomization.yaml
+12 -6
View File
@@ -1,13 +1,19 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ../../base - ../../base/musicman
- ../../base/dot-ai-stack
- ../../base/argo-mcp
- forte-drop-postgresql - forte-drop-postgresql
- forte-drop - forte-drop
- forte-drop-mcp - forte-drop-mcp
# No patches needed — base apps already default to "upc-dev" value paths patches:
# (upc-dev is the default/base cluster). # dot-ai-stack: swap upc-dev → forte-group
# forte-drop (postgres + web + mcp) and dbunk-demo are upc-dev-only apps — their - target:
# values hardcode upc-dev hosts (drop.forteapps.net etc.) and must not sync to kind: Application
# upc-prod, so they live here in the overlay rather than in apps/base/. name: dot-ai-stack
patch: |
- op: replace
path: /spec/sources/0/helm/valueFiles/1
value: $values/infra/values/upc-dev/dot-ai-stack-values.yaml
apps/overlays/upc-prod/kustomization.yaml
-10
View File
@@ -2,13 +2,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
resources: resources:
- ../../base - ../../base
patches:
# dot-ai-stack: swap upc-dev → upc-prod
- target:
kind: Application
name: dot-ai-stack
patch: |
- op: replace
path: /spec/sources/0/helm/valueFiles/1
value: $values/infra/values/upc-prod/dot-ai-stack-values.yaml
bootstrap.sh
+1 -1
View File
@@ -3,7 +3,7 @@
# in case of $'\r': command not found error, run command below first # in case of $'\r': command not found error, run command below first
# sed -i 's/\r$//' ./bootstrap.sh # sed -i 's/\r$//' ./bootstrap.sh
CLUSTER="${1:?Usage: ./bootstrap.sh <cluster> (upc-dev|upc-prod|aks-dev|aks-prod|eks-dev|eks-prod|gke-dev|gke-prod)}" CLUSTER="${1:?Usage: ./bootstrap.sh <cluster> (upc-dev|upc-prod|forte-group|aks-dev|aks-prod|eks-dev|eks-prod|gke-dev|gke-prod)}"
echo "running $0 for cluster: ${CLUSTER}..." echo "running $0 for cluster: ${CLUSTER}..."
clusters/forte-group.yaml
+12
View File
@@ -0,0 +1,12 @@
# Cluster config reference — values must match the corresponding overlay files.
# Read by bootstrap.sh at install time; NOT auto-propagated to ArgoCD value files.
clusterName: prod-fd-no-svg1 # → infra/values/forte-group/argocd-values.yaml (notifications.context.clusterName)
domain: fortedigital.com # → infra/values/base/gitea-values.yaml, renovate-values.yaml, keycloak-values.yaml (subdomains)
argocdDomain: argocd.127.0.0.1.nip.io # → infra/values/forte-group/argocd-values.yaml (global.domain)
grafanaDomain: grafana.fortedigital.com # → infra/values/forte-group/grafana-values.yaml (ingress.hosts)
keycloakDomain: id.fortedigital.com # → infra/values/forte-group/keycloak-values.yaml (ingress.hostname)
dotaiDomain: kubemcp.fortedigital.com # → infra/values/forte-group/dot-ai-stack-values.yaml (dot-ai.ingress.host)
dotaiUiDomain: kubemcpui.fortedigital.com # → infra/values/forte-group/dot-ai-stack-values.yaml (dot-ai-ui.ingress.host)
letsencryptEmail: danijel.simeunovic@fortedigital.com # → cluster-resources/letsencrypt-issuer.yaml (spec.acme.email)
trustedIPs: "172.16.1.0/24" # → infra/values/forte-group/traefik-values.yaml (ports.*.trustedIPs)
cloudProvider: upcloud # → determines overlay directory and cloud-specific LB/storage annotations
infra/overlays/forte-group/kustomization.yaml
+61
View File
@@ -0,0 +1,61 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base/cert-manager-application
- ../../base/cluster-resources-application
- ../../base/enterprise-apps
- ../../base/fluent-bit
- ../../base/gitea
- ../../base/gitea-actions
- ../../base/grafana
- ../../base/grafana-dashboards
- ../../base/homepage
- ../../base/karpor
- ../../base/keycloak
- ../../base/kyverno
- ../../base/kyverno-policies
- ../../base/loki
- ../../base/opencost
- ../../base/prometheus
- ../../base/renovate
- ../../base/sealedsecrets
- ../../base/tempo
- ../../base/traefik-application
- ../../base/vault
patches:
# Traefik: swap upc-dev → forte-group
- target:
kind: Application
name: traefik
patch: |
- op: replace
path: /spec/sources/0/helm/valueFiles/1
value: $values/infra/values/forte-group/traefik-values.yaml
# Grafana: swap upc-dev → forte-group
- target:
kind: Application
name: grafana
patch: |
- op: replace
path: /spec/sources/0/helm/valueFiles/1
value: $values/infra/values/forte-group/grafana-values.yaml
# OpenCost: swap upc-dev → forte-group
- target:
kind: Application
name: opencost
patch: |
- op: replace
path: /spec/sources/0/helm/valueFiles/1
value: $values/infra/values/forte-group/opencost-values.yaml
# Gitea: swap upc-dev → forte-group
- target:
kind: Application
name: gitea
patch: |
- op: replace
path: /spec/sources/0/helm/valueFiles/1
value: $values/infra/values/forte-group/gitea-values.yaml
infra/overlays/upc-dev/kustomization.yaml
-9
View File
@@ -28,12 +28,3 @@ resources:
# No patches needed — base already has "upc-dev" paths # No patches needed — base already has "upc-dev" paths
# upc-dev is the default/base cluster # upc-dev is the default/base cluster
patches:
- target:
kind: Application
name: databunker
patch: |
- op: add
path: /spec/sources/0/helm/valueFiles/-
value: $values/infra/values/upc-dev/databunker-values.yaml
infra/values/forte-group/argocd-values.yaml
+5
View File
@@ -0,0 +1,5 @@
global:
domain: argocd.fortedigital.com
notifications:
context:
clusterName: "prod-fd-no-svg1"
infra/values/forte-group/gitea-values.yaml
+50
View File
@@ -0,0 +1,50 @@
# UpCloud storage class for Gitea and its embedded PostgreSQL
persistence:
storageClass: upcloud-block-storage-maxiops
postgresql:
primary:
persistence:
storageClass: upcloud-block-storage-maxiops
gitea:
# -- Gitea app.ini configuration
config:
APP_NAME: "Forte Git"
server:
DOMAIN: source.forteapps.net
ROOT_URL: https://source.forteapps.net
SSH_DOMAIN: source.forteapps.net
# -- Ingress via Traefik with Let's Encrypt TLS
ingress:
enabled: true
className: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
gethomepage.dev/enabled: "true"
gethomepage.dev/name: "Gitea"
gethomepage.dev/description: "Git hosting & CI/CD"
gethomepage.dev/group: "DevOps"
gethomepage.dev/icon: "gitea"
gethomepage.dev/href: "https://source.forteapps.net"
gethomepage.dev/widget.type: "gitea"
gethomepage.dev/widget.url: "https://source.forteapps.net"
gethomepage.dev/widget.key: "{{HOMEPAGE_VAR_GITEA_TOKEN}}"
hosts:
- host: source.forteapps.net
paths:
- path: /
pathType: Prefix
tls:
- secretName: gitea-tls
hosts:
- source.forteapps.net
# -- Git repository storage
persistence:
enabled: true
size: 20Gi
accessModes:
- ReadWriteOnce
infra/values/forte-group/grafana-values.yaml
+3
View File
@@ -0,0 +1,3 @@
ingress:
hosts:
- grafana.fortedigital.com
infra/values/forte-group/keycloak-values.yaml
+2
View File
@@ -0,0 +1,2 @@
ingress:
hostname: id.forteapps.com
infra/values/forte-group/opencost-values.yaml
+15
View File
@@ -0,0 +1,15 @@
# UpCloud custom pricing (no native OpenCost integration)
opencost:
exporter:
customPricing:
enabled: true
provider: custom
costModel:
description: "UpCloud 4-node cluster pricing"
CPU: "5.86"
RAM: "1.46"
GPU: "0"
storage: "0.34"
zoneNetworkEgress: "0"
regionNetworkEgress: "0"
internetNetworkEgress: "0"
infra/values/forte-group/traefik-values.yaml
+13
View File
@@ -0,0 +1,13 @@
service:
annotations: {}
ports:
web:
proxyProtocol:
trustedIPs: "10.0.0.0/16"
forwardedHeaders:
trustedIPs: "10.0.0.0/16"
websecure:
proxyProtocol:
trustedIPs: "10.0.0.0/16"
forwardedHeaders:
trustedIPs: "10.0.0.0/16"
infra/values/upc-prod/dot-ai-stack-values.yaml
-8
View File
@@ -1,8 +0,0 @@
dot-ai:
ingress:
host: kubemcp.fortedigital.com
webUI:
baseUrl: http://kubemcpui.fortedigital.com
dot-ai-ui:
ingress:
host: kubemcpui.fortedigital.com