diff --git a/infra/overlays/upc-dev/forte-drop-minio/forte-drop-minio.yaml b/infra/overlays/upc-dev/forte-drop-minio/forte-drop-minio.yaml new file mode 100644 index 0000000..f8afb0e --- /dev/null +++ b/infra/overlays/upc-dev/forte-drop-minio/forte-drop-minio.yaml @@ -0,0 +1,40 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: forte-drop-minio + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "0" + labels: + app.kubernetes.io/name: forte-drop-minio + app.kubernetes.io/part-of: apps + app.kubernetes.io/managed-by: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + source: + repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git + targetRevision: HEAD + path: infra/overlays/upc-dev/forte-drop-minio/resources + + destination: + server: https://kubernetes.default.svc + namespace: forte-drop + + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=true + - Validate=true + - ServerSideApply=true + + ignoreDifferences: + - group: apps + kind: StatefulSet + jsonPointers: + - /spec/volumeClaimTemplates diff --git a/infra/overlays/upc-dev/forte-drop-minio/kustomization.yaml b/infra/overlays/upc-dev/forte-drop-minio/kustomization.yaml new file mode 100644 index 0000000..edb8209 --- /dev/null +++ b/infra/overlays/upc-dev/forte-drop-minio/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- forte-drop-minio.yaml diff --git a/infra/overlays/upc-dev/forte-drop-minio/resources/kustomization.yaml b/infra/overlays/upc-dev/forte-drop-minio/resources/kustomization.yaml new file mode 100644 index 0000000..30fb6c0 --- /dev/null +++ b/infra/overlays/upc-dev/forte-drop-minio/resources/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- minio.yaml +- forte-drop-minio-creds-sealed.yaml diff --git a/infra/overlays/upc-dev/forte-drop-minio/resources/minio.yaml b/infra/overlays/upc-dev/forte-drop-minio/resources/minio.yaml new file mode 100644 index 0000000..51bde97 --- /dev/null +++ b/infra/overlays/upc-dev/forte-drop-minio/resources/minio.yaml @@ -0,0 +1,146 @@ +apiVersion: v1 +kind: Service +metadata: + name: forte-drop-minio + namespace: forte-drop + labels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: forte-drop + app.kubernetes.io/component: object-storage +spec: + type: ClusterIP + ports: + - name: http-api + port: 9000 + targetPort: http-api + - name: http-console + port: 9001 + targetPort: http-console + selector: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: forte-drop +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: forte-drop-minio + namespace: forte-drop + labels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: forte-drop + app.kubernetes.io/component: object-storage +spec: + serviceName: forte-drop-minio + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: forte-drop + template: + metadata: + labels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: forte-drop + app.kubernetes.io/component: object-storage + spec: + containers: + - name: minio + image: quay.io/minio/minio:latest + args: + - server + - /data + - --console-address + - :9001 + ports: + - name: http-api + containerPort: 9000 + - name: http-console + containerPort: 9001 + env: + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: forte-drop-minio-creds + key: root-user + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: forte-drop-minio-creds + key: root-password + volumeMounts: + - name: data + mountPath: /data + livenessProbe: + httpGet: + path: /minio/health/live + port: http-api + initialDelaySeconds: 30 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /minio/health/ready + port: http-api + initialDelaySeconds: 5 + periodSeconds: 5 + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 1Gi + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + storageClassName: upcloud-block-storage-maxiops + resources: + requests: + storage: 20Gi +--- +# Bootstrap job — creates the 'drops' bucket once MinIO is reachable. +# Idempotent: `mc mb --ignore-existing` skips if bucket already exists. +apiVersion: batch/v1 +kind: Job +metadata: + name: forte-drop-minio-bootstrap + namespace: forte-drop + labels: + app.kubernetes.io/name: minio + app.kubernetes.io/instance: forte-drop + app.kubernetes.io/component: bootstrap + annotations: + argocd.argoproj.io/hook: PostSync + argocd.argoproj.io/hook-delete-policy: HookSucceeded +spec: + backoffLimit: 5 + template: + spec: + restartPolicy: OnFailure + containers: + - name: mc + image: quay.io/minio/mc:latest + env: + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: forte-drop-minio-creds + key: root-user + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: forte-drop-minio-creds + key: root-password + command: + - sh + - -c + - | + set -e + until mc alias set local http://forte-drop-minio:9000 "$MINIO_ROOT_USER" "$MINIO_ROOT_PASSWORD" 2>/dev/null; do + echo "waiting for minio..." + sleep 2 + done + mc mb --ignore-existing local/drops + echo "bucket 'drops' ready" diff --git a/infra/overlays/upc-dev/forte-drop-postgresql/forte-drop-postgresql.yaml b/infra/overlays/upc-dev/forte-drop-postgresql/forte-drop-postgresql.yaml new file mode 100644 index 0000000..31be7e1 --- /dev/null +++ b/infra/overlays/upc-dev/forte-drop-postgresql/forte-drop-postgresql.yaml @@ -0,0 +1,45 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: forte-drop +--- +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: forte-drop-postgresql + namespace: argocd + annotations: + argocd.argoproj.io/sync-wave: "0" + labels: + app.kubernetes.io/name: forte-drop-postgresql + app.kubernetes.io/part-of: apps + app.kubernetes.io/managed-by: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + + source: + repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git + targetRevision: HEAD + path: infra/overlays/upc-dev/forte-drop-postgresql/resources + + destination: + server: https://kubernetes.default.svc + namespace: forte-drop + + syncPolicy: + automated: + prune: true + selfHeal: true + allowEmpty: false + syncOptions: + - CreateNamespace=true + - Validate=true + - ServerSideApply=true + + ignoreDifferences: + - group: apps + kind: StatefulSet + jsonPointers: + - /spec/volumeClaimTemplates diff --git a/infra/overlays/upc-dev/forte-drop-postgresql/kustomization.yaml b/infra/overlays/upc-dev/forte-drop-postgresql/kustomization.yaml new file mode 100644 index 0000000..28749fb --- /dev/null +++ b/infra/overlays/upc-dev/forte-drop-postgresql/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- forte-drop-postgresql.yaml diff --git a/infra/overlays/upc-dev/forte-drop-postgresql/resources/kustomization.yaml b/infra/overlays/upc-dev/forte-drop-postgresql/resources/kustomization.yaml new file mode 100644 index 0000000..681bbcf --- /dev/null +++ b/infra/overlays/upc-dev/forte-drop-postgresql/resources/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- postgresql.yaml +- forte-drop-pg-creds-sealed.yaml diff --git a/infra/overlays/upc-dev/forte-drop-postgresql/resources/postgresql.yaml b/infra/overlays/upc-dev/forte-drop-postgresql/resources/postgresql.yaml new file mode 100644 index 0000000..c1b26d1 --- /dev/null +++ b/infra/overlays/upc-dev/forte-drop-postgresql/resources/postgresql.yaml @@ -0,0 +1,99 @@ +apiVersion: v1 +kind: Service +metadata: + name: forte-drop-postgresql + namespace: forte-drop + labels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: forte-drop + app.kubernetes.io/component: database +spec: + type: ClusterIP + ports: + - name: tcp-postgresql + port: 5432 + targetPort: tcp-postgresql + selector: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: forte-drop +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: forte-drop-postgresql + namespace: forte-drop + labels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: forte-drop + app.kubernetes.io/component: database +spec: + serviceName: forte-drop-postgresql + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: forte-drop + template: + metadata: + labels: + app.kubernetes.io/name: postgresql + app.kubernetes.io/instance: forte-drop + app.kubernetes.io/component: database + spec: + containers: + - name: postgresql + image: postgres:16-alpine + ports: + - name: tcp-postgresql + containerPort: 5432 + env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: forte-drop-pg-creds + key: pgusername + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: forte-drop-pg-creds + key: pgpassword + - name: POSTGRES_DB + value: drops + - name: PGDATA + value: /var/lib/postgresql/data/pgdata + volumeMounts: + - name: data + mountPath: /var/lib/postgresql/data + livenessProbe: + exec: + command: + - sh + - -c + - pg_isready -U "$POSTGRES_USER" -d drops + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + exec: + command: + - sh + - -c + - pg_isready -U "$POSTGRES_USER" -d drops + initialDelaySeconds: 5 + periodSeconds: 5 + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + cpu: 500m + memory: 512Mi + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + storageClassName: upcloud-block-storage-maxiops + resources: + requests: + storage: 5Gi diff --git a/infra/overlays/upc-dev/kustomization.yaml b/infra/overlays/upc-dev/kustomization.yaml index fac7510..f36009e 100644 --- a/infra/overlays/upc-dev/kustomization.yaml +++ b/infra/overlays/upc-dev/kustomization.yaml @@ -4,6 +4,8 @@ resources: - ../../base - vaultwarden-postgresql - vaultwarden +- forte-drop-postgresql +- forte-drop-minio # No patches needed — base already has "upc-dev" paths # upc-dev is the default/base cluster