feature/multi-cloud (#14)

Co-authored-by: Danijel Simeunovic <danijel.simeunovic@fortedigital.com> Reviewed-on: #14
2026-04-24 08:48:53 +00:00
parent 65598c9297
commit 8505481291
102 changed files with 1715 additions and 147 deletions
--- a/infra/values/aks-dev/gitea-values.yaml
+++ b/infra/values/aks-dev/gitea-values.yaml
@@ -0,0 +1,7 @@
+# AKS-specific: Azure managed disk storage class
+persistence:
+  storageClass: managed-csi-premium
+postgresql:
+  primary:
+    persistence:
+      storageClass: managed-csi-premium
--- a/infra/values/aks-dev/grafana-values.yaml
+++ b/infra/values/aks-dev/grafana-values.yaml
@@ -0,0 +1,4 @@
+# AKS-specific: Grafana hostname
+ingress:
+  hosts:
+  - grafana.forteapps.net
--- a/infra/values/aks-dev/keycloak-values.yaml
+++ b/infra/values/aks-dev/keycloak-values.yaml
@@ -0,0 +1,3 @@
+# AKS-specific: Keycloak hostname
+ingress:
+  hostname: id.forteapps.net
--- a/infra/values/aks-dev/opencost-values.yaml
+++ b/infra/values/aks-dev/opencost-values.yaml
@@ -0,0 +1,8 @@
+# AKS-specific: Azure pricing via Cloud Billing API
+opencost:
+  exporter:
+    cloudProviderApiKey: ""
+    customPricing:
+      enabled: false
+    azure:
+      secretName: opencost-azure-billing
--- a/infra/values/aks-dev/traefik-values.yaml
+++ b/infra/values/aks-dev/traefik-values.yaml
@@ -0,0 +1,11 @@
+# AKS-specific: Azure Load Balancer for Traefik
+service:
+  annotations:
+    service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /ping
+ports:
+  web:
+    forwardedHeaders:
+      trustedIPs: "10.0.0.0/8"
+  websecure:
+    forwardedHeaders:
+      trustedIPs: "10.0.0.0/8"
--- a/infra/values/aks-prod/gitea-values.yaml
+++ b/infra/values/aks-prod/gitea-values.yaml
@@ -0,0 +1,7 @@
+# AKS-specific: Azure managed disk storage class (prod)
+persistence:
+  storageClass: managed-csi-premium
+postgresql:
+  primary:
+    persistence:
+      storageClass: managed-csi-premium
--- a/infra/values/aks-prod/grafana-values.yaml
+++ b/infra/values/aks-prod/grafana-values.yaml
@@ -0,0 +1,4 @@
+# AKS-specific: Grafana hostname (prod)
+ingress:
+  hosts:
+  - grafana.fortedigital.com
--- a/infra/values/aks-prod/keycloak-values.yaml
+++ b/infra/values/aks-prod/keycloak-values.yaml
@@ -0,0 +1,3 @@
+# AKS-specific: Keycloak hostname (prod)
+ingress:
+  hostname: id.fortedigital.com
--- a/infra/values/aks-prod/opencost-values.yaml
+++ b/infra/values/aks-prod/opencost-values.yaml
@@ -0,0 +1,8 @@
+# AKS-specific: Azure pricing via Cloud Billing API (prod)
+opencost:
+  exporter:
+    cloudProviderApiKey: ""
+    customPricing:
+      enabled: false
+    azure:
+      secretName: opencost-azure-billing
--- a/infra/values/aks-prod/traefik-values.yaml
+++ b/infra/values/aks-prod/traefik-values.yaml
@@ -0,0 +1,12 @@
+# AKS-specific: Azure Load Balancer for Traefik (prod)
+service:
+  annotations:
+    service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /ping
+    service.beta.kubernetes.io/azure-load-balancer-internal: "false"
+ports:
+  web:
+    forwardedHeaders:
+      trustedIPs: "10.0.0.0/8"
+  websecure:
+    forwardedHeaders:
+      trustedIPs: "10.0.0.0/8"
--- a/infra/values/base/gitea-values.yaml
+++ b/infra/values/base/gitea-values.yaml
@@ -130,7 +130,6 @@ persistence:
  size: 10Gi
  accessModes:
  - ReadWriteOnce
-  storageClass: upcloud-block-storage-maxiops

 # -- Recreate strategy to avoid Multi-Attach errors with RWO volumes
 strategy:
@@ -156,7 +155,6 @@ postgresql:
    persistence:
      enabled: true
      size: 8Gi
-      storageClass: upcloud-block-storage-maxiops
    resources:
      requests:
        cpu: 100m
--- a/infra/values/base/opencost-values.yaml
+++ b/infra/values/base/opencost-values.yaml
@@ -10,18 +10,8 @@ opencost:
        serviceName: prometheus-server
        namespaceName: monitoring
        port: 80
-    customPricing:
-      enabled: true
-      provider: custom
-      costModel:
-        description: "UpCloud 4-node cluster pricing"
-        CPU: "5.86"
-        RAM: "1.46"
-        GPU: "0"
-        storage: "0.34"
-        zoneNetworkEgress: "0"
-        regionNetworkEgress: "0"
-        internetNetworkEgress: "0"
+    # Cloud-specific pricing is in per-cluster value overrides
+    # (e.g. infra/values/upc-dev/opencost-values.yaml)
  ui:
    enabled: false
 service:
--- a/infra/values/eks-dev/gitea-values.yaml
+++ b/infra/values/eks-dev/gitea-values.yaml
@@ -0,0 +1,7 @@
+# EKS-specific: gp3 storage class
+persistence:
+  storageClass: gp3
+postgresql:
+  primary:
+    persistence:
+      storageClass: gp3
--- a/infra/values/eks-dev/grafana-values.yaml
+++ b/infra/values/eks-dev/grafana-values.yaml
@@ -0,0 +1,4 @@
+# EKS-specific: Grafana hostname
+ingress:
+  hosts:
+  - grafana.forteapps.net
--- a/infra/values/eks-dev/keycloak-values.yaml
+++ b/infra/values/eks-dev/keycloak-values.yaml
@@ -0,0 +1,3 @@
+# EKS-specific: Keycloak hostname
+ingress:
+  hostname: id.forteapps.net
--- a/infra/values/eks-dev/opencost-values.yaml
+++ b/infra/values/eks-dev/opencost-values.yaml
@@ -0,0 +1,11 @@
+# EKS-specific: AWS pricing via Cost and Usage Report
+opencost:
+  exporter:
+    cloudProviderApiKey: ""
+    customPricing:
+      enabled: false
+    aws:
+      spot_data_region: ""
+      spot_data_bucket: ""
+      spot_data_prefix: ""
+      account_id: ""
--- a/infra/values/eks-dev/traefik-values.yaml
+++ b/infra/values/eks-dev/traefik-values.yaml
@@ -0,0 +1,17 @@
+# EKS-specific: AWS NLB for Traefik
+service:
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-type: nlb
+    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
+ports:
+  web:
+    proxyProtocol:
+      trustedIPs: "10.0.0.0/8"
+    forwardedHeaders:
+      trustedIPs: "10.0.0.0/8"
+  websecure:
+    proxyProtocol:
+      trustedIPs: "10.0.0.0/8"
+    forwardedHeaders:
+      trustedIPs: "10.0.0.0/8"
--- a/infra/values/eks-prod/gitea-values.yaml
+++ b/infra/values/eks-prod/gitea-values.yaml
@@ -0,0 +1,7 @@
+# EKS-specific: gp3 storage class (prod)
+persistence:
+  storageClass: gp3
+postgresql:
+  primary:
+    persistence:
+      storageClass: gp3
--- a/infra/values/eks-prod/grafana-values.yaml
+++ b/infra/values/eks-prod/grafana-values.yaml
@@ -0,0 +1,4 @@
+# EKS-specific: Grafana hostname (prod)
+ingress:
+  hosts:
+  - grafana.fortedigital.com
--- a/infra/values/eks-prod/keycloak-values.yaml
+++ b/infra/values/eks-prod/keycloak-values.yaml
@@ -0,0 +1,3 @@
+# EKS-specific: Keycloak hostname (prod)
+ingress:
+  hostname: id.fortedigital.com
--- a/infra/values/eks-prod/opencost-values.yaml
+++ b/infra/values/eks-prod/opencost-values.yaml
@@ -0,0 +1,11 @@
+# EKS-specific: AWS pricing via Cost and Usage Report (prod)
+opencost:
+  exporter:
+    cloudProviderApiKey: ""
+    customPricing:
+      enabled: false
+    aws:
+      spot_data_region: ""
+      spot_data_bucket: ""
+      spot_data_prefix: ""
+      account_id: ""
--- a/infra/values/eks-prod/traefik-values.yaml
+++ b/infra/values/eks-prod/traefik-values.yaml
@@ -0,0 +1,18 @@
+# EKS-specific: AWS NLB for Traefik (prod)
+service:
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-type: nlb
+    service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
+    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
+    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+ports:
+  web:
+    proxyProtocol:
+      trustedIPs: "10.0.0.0/8"
+    forwardedHeaders:
+      trustedIPs: "10.0.0.0/8"
+  websecure:
+    proxyProtocol:
+      trustedIPs: "10.0.0.0/8"
+    forwardedHeaders:
+      trustedIPs: "10.0.0.0/8"
--- a/infra/values/gke-dev/gitea-values.yaml
+++ b/infra/values/gke-dev/gitea-values.yaml
@@ -0,0 +1,7 @@
+# GKE-specific: SSD persistent disk storage class
+persistence:
+  storageClass: premium-rwo
+postgresql:
+  primary:
+    persistence:
+      storageClass: premium-rwo
--- a/infra/values/gke-dev/grafana-values.yaml
+++ b/infra/values/gke-dev/grafana-values.yaml
@@ -0,0 +1,4 @@
+# GKE-specific: Grafana hostname
+ingress:
+  hosts:
+  - grafana.forteapps.net
--- a/infra/values/gke-dev/keycloak-values.yaml
+++ b/infra/values/gke-dev/keycloak-values.yaml
@@ -0,0 +1,3 @@
+# GKE-specific: Keycloak hostname
+ingress:
+  hostname: id.forteapps.net
--- a/infra/values/gke-dev/opencost-values.yaml
+++ b/infra/values/gke-dev/opencost-values.yaml
@@ -0,0 +1,10 @@
+# GKE-specific: GCP pricing via BigQuery billing export
+opencost:
+  exporter:
+    cloudProviderApiKey: ""
+    customPricing:
+      enabled: false
+    google:
+      key: ""
+      project_id: ""
+      billing_account: ""
--- a/infra/values/gke-dev/traefik-values.yaml
+++ b/infra/values/gke-dev/traefik-values.yaml
@@ -0,0 +1,12 @@
+# GKE-specific: Google Cloud Load Balancer for Traefik
+service:
+  annotations:
+    cloud.google.com/neg: '{"ingress":true}'
+    networking.gke.io/load-balancer-type: External
+ports:
+  web:
+    forwardedHeaders:
+      trustedIPs: "10.0.0.0/8"
+  websecure:
+    forwardedHeaders:
+      trustedIPs: "10.0.0.0/8"
--- a/infra/values/gke-prod/gitea-values.yaml
+++ b/infra/values/gke-prod/gitea-values.yaml
@@ -0,0 +1,7 @@
+# GKE-specific: SSD persistent disk storage class (prod)
+persistence:
+  storageClass: premium-rwo
+postgresql:
+  primary:
+    persistence:
+      storageClass: premium-rwo
--- a/infra/values/gke-prod/grafana-values.yaml
+++ b/infra/values/gke-prod/grafana-values.yaml
@@ -0,0 +1,4 @@
+# GKE-specific: Grafana hostname (prod)
+ingress:
+  hosts:
+  - grafana.fortedigital.com
--- a/infra/values/gke-prod/keycloak-values.yaml
+++ b/infra/values/gke-prod/keycloak-values.yaml
@@ -0,0 +1,3 @@
+# GKE-specific: Keycloak hostname (prod)
+ingress:
+  hostname: id.fortedigital.com
--- a/infra/values/gke-prod/opencost-values.yaml
+++ b/infra/values/gke-prod/opencost-values.yaml
@@ -0,0 +1,10 @@
+# GKE-specific: GCP pricing via BigQuery billing export (prod)
+opencost:
+  exporter:
+    cloudProviderApiKey: ""
+    customPricing:
+      enabled: false
+    google:
+      key: ""
+      project_id: ""
+      billing_account: ""
--- a/infra/values/gke-prod/traefik-values.yaml
+++ b/infra/values/gke-prod/traefik-values.yaml
@@ -0,0 +1,12 @@
+# GKE-specific: Google Cloud Load Balancer for Traefik (prod)
+service:
+  annotations:
+    cloud.google.com/neg: '{"ingress":true}'
+    networking.gke.io/load-balancer-type: External
+ports:
+  web:
+    forwardedHeaders:
+      trustedIPs: "10.0.0.0/8"
+  websecure:
+    forwardedHeaders:
+      trustedIPs: "10.0.0.0/8"
--- a/infra/values/upc-dev/gitea-values.yaml
+++ b/infra/values/upc-dev/gitea-values.yaml
@@ -0,0 +1,7 @@
+# UpCloud storage class for Gitea and its embedded PostgreSQL
+persistence:
+  storageClass: upcloud-block-storage-maxiops
+postgresql:
+  primary:
+    persistence:
+      storageClass: upcloud-block-storage-maxiops
--- a/infra/values/upc-dev/opencost-values.yaml
+++ b/infra/values/upc-dev/opencost-values.yaml
@@ -0,0 +1,15 @@
+# UpCloud custom pricing (no native OpenCost integration)
+opencost:
+  exporter:
+    customPricing:
+      enabled: true
+      provider: custom
+      costModel:
+        description: "UpCloud 4-node cluster pricing"
+        CPU: "5.86"
+        RAM: "1.46"
+        GPU: "0"
+        storage: "0.34"
+        zoneNetworkEgress: "0"
+        regionNetworkEgress: "0"
+        internetNetworkEgress: "0"
--- a/infra/values/upc-prod/gitea-values.yaml
+++ b/infra/values/upc-prod/gitea-values.yaml
@@ -0,0 +1,7 @@
+# UpCloud storage class for Gitea and its embedded PostgreSQL
+persistence:
+  storageClass: upcloud-block-storage-maxiops
+postgresql:
+  primary:
+    persistence:
+      storageClass: upcloud-block-storage-maxiops
--- a/infra/values/upc-prod/opencost-values.yaml
+++ b/infra/values/upc-prod/opencost-values.yaml
@@ -0,0 +1,15 @@
+# UpCloud custom pricing (no native OpenCost integration)
+opencost:
+  exporter:
+    customPricing:
+      enabled: true
+      provider: custom
+      costModel:
+        description: "UpCloud 4-node cluster pricing"
+        CPU: "5.86"
+        RAM: "1.46"
+        GPU: "0"
+        storage: "0.34"
+        zoneNetworkEgress: "0"
+        regionNetworkEgress: "0"
+        internetNetworkEgress: "0"