From ae1c60cee354a686589d0f80ea0617429c39cb9d Mon Sep 17 00:00:00 2001 From: Danijel Simeunovic Date: Sat, 18 Apr 2026 19:26:51 +0200 Subject: [PATCH] multi-cluster --- README.md | 38 +++-- ...-apps-eu.yaml => _app-of-apps-upc-dev.yaml | 2 +- ...apps-us.yaml => _app-of-apps-upc-prod.yaml | 2 +- apps/base/dot-ai-stack.yaml | 2 +- apps/overlays/eu/kustomization.yaml | 7 - apps/overlays/upc-dev/kustomization.yaml | 7 + .../{us => upc-prod}/kustomization.yaml | 4 +- docs/DEVELOPER-GUIDE.md | 4 +- docs/GITOPS-ARCHITECTURE.md | 146 ++++++++++-------- docs/OPERATIONS-RUNBOOK.md | 63 ++++---- docs/README.md | 4 +- docs/REFERENCE.md | 19 +-- infra/base/enterprise-apps.yaml | 2 +- infra/{ => base}/gitea-actions.yaml | 2 +- infra/{ => base}/gitea.yaml | 2 +- infra/{ => base}/grafana-dashboards.yaml | 0 infra/base/grafana.yaml | 2 +- infra/base/keycloak.yaml | 2 +- infra/base/kustomization.yaml | 6 + .../network-policies-application.yaml | 0 infra/{ => base}/renovate.yaml | 2 +- infra/base/secrets.yaml | 2 +- infra/{ => base}/tempo.yaml | 2 +- infra/base/traefik-application.yaml | 2 +- infra/overlays/eu/kustomization.yaml | 7 - infra/overlays/upc-dev/kustomization.yaml | 7 + .../{us => upc-prod}/kustomization.yaml | 20 +-- .../{ => base}/gitea-actions-values.yaml | 0 infra/values/{ => base}/gitea-values.yaml | 0 infra/values/{ => base}/opencost-values.yaml | 0 infra/values/{ => base}/renovate-values.yaml | 0 infra/values/{ => base}/tempo-values.yaml | 0 .../values/{eu => upc-dev}/argocd-values.yaml | 0 .../{eu => upc-dev}/dot-ai-stack-values.yaml | 0 .../{eu => upc-dev}/grafana-values.yaml | 0 .../{eu => upc-dev}/keycloak-values.yaml | 0 .../{eu => upc-dev}/traefik-values.yaml | 0 .../{us => upc-prod}/argocd-values.yaml | 0 .../{us => upc-prod}/dot-ai-stack-values.yaml | 0 .../{us => upc-prod}/grafana-values.yaml | 0 .../{us => upc-prod}/keycloak-values.yaml | 0 .../{us => upc-prod}/traefik-values.yaml | 0 .../argocd-mcp-credentials.yaml | 0 .../argocdmcp-auth-oidc-sealed.yaml | 0 secrets/{eu => upc-dev}/dot-ai-secrets.yaml | 0 .../forte10x-app-credentials-sealed.yaml | 0 .../keycloak-credentials-sealed.yaml | 0 .../{eu => upc-dev}/musicman-credentials.yaml | 0 48 files changed, 200 insertions(+), 156 deletions(-) rename _app-of-apps-eu.yaml => _app-of-apps-upc-dev.yaml (95%) rename _app-of-apps-us.yaml => _app-of-apps-upc-prod.yaml (95%) delete mode 100644 apps/overlays/eu/kustomization.yaml create mode 100644 apps/overlays/upc-dev/kustomization.yaml rename apps/overlays/{us => upc-prod}/kustomization.yaml (67%) rename infra/{ => base}/gitea-actions.yaml (94%) rename infra/{ => base}/gitea.yaml (95%) rename infra/{ => base}/grafana-dashboards.yaml (100%) rename infra/{ => base}/network-policies-application.yaml (100%) rename infra/{ => base}/renovate.yaml (94%) rename infra/{ => base}/tempo.yaml (94%) delete mode 100644 infra/overlays/eu/kustomization.yaml create mode 100644 infra/overlays/upc-dev/kustomization.yaml rename infra/overlays/{us => upc-prod}/kustomization.yaml (60%) rename infra/values/{ => base}/gitea-actions-values.yaml (100%) rename infra/values/{ => base}/gitea-values.yaml (100%) rename infra/values/{ => base}/opencost-values.yaml (100%) rename infra/values/{ => base}/renovate-values.yaml (100%) rename infra/values/{ => base}/tempo-values.yaml (100%) rename infra/values/{eu => upc-dev}/argocd-values.yaml (100%) rename infra/values/{eu => upc-dev}/dot-ai-stack-values.yaml (100%) rename infra/values/{eu => upc-dev}/grafana-values.yaml (100%) rename infra/values/{eu => upc-dev}/keycloak-values.yaml (100%) rename infra/values/{eu => upc-dev}/traefik-values.yaml (100%) rename infra/values/{us => upc-prod}/argocd-values.yaml (100%) rename infra/values/{us => upc-prod}/dot-ai-stack-values.yaml (100%) rename infra/values/{us => upc-prod}/grafana-values.yaml (100%) rename infra/values/{us => upc-prod}/keycloak-values.yaml (100%) rename infra/values/{us => upc-prod}/traefik-values.yaml (100%) rename secrets/{eu => upc-dev}/argocd-mcp-credentials.yaml (100%) rename secrets/{eu => upc-dev}/argocdmcp-auth-oidc-sealed.yaml (100%) rename secrets/{eu => upc-dev}/dot-ai-secrets.yaml (100%) rename secrets/{eu => upc-dev}/forte10x-app-credentials-sealed.yaml (100%) rename secrets/{eu => upc-dev}/keycloak-credentials-sealed.yaml (100%) rename secrets/{eu => upc-dev}/musicman-credentials.yaml (100%) diff --git a/README.md b/README.md index 1dea06c..9095ee0 100644 --- a/README.md +++ b/README.md @@ -83,20 +83,26 @@ This repository contains the complete GitOps configuration for our Kubernetes cl ├── bootstrap.sh # Cluster initialization script ├── _app-of-apps.yaml # Root ArgoCD Application (App-of-Apps pattern) │ -├── infra/ # Infrastructure ArgoCD Applications -│ ├── enterprise-apps.yaml # Manages all apps in apps/ folder -│ ├── traefik-application.yaml -│ ├── cert-manager-application.yaml -│ ├── kyverno.yaml -│ ├── prometheus.yaml -│ ├── grafana.yaml -│ ├── loki.yaml -│ ├── tempo.yaml -│ ├── fluent-bit.yaml -│ ├── trivy.yaml -│ ├── sealedsecrets.yaml -│ ├── renovate.yaml +├── infra/ # Infrastructure ArgoCD Applications (Kustomize multi-cluster) +│ ├── base/ # Base ArgoCD Application manifests (EU defaults) +│ │ ├── kustomization.yaml +│ │ ├── traefik-application.yaml +│ │ ├── keycloak.yaml +│ │ ├── grafana.yaml +│ │ ├── gitea.yaml +│ │ ├── gitea-actions.yaml +│ │ ├── tempo.yaml +│ │ ├── renovate.yaml +│ │ ├── ... # All other Application manifests +│ │ └── secrets.yaml +│ ├── overlays/ # Per-cluster overrides +│ │ ├── upc-dev/ # UpCloud Dev cluster (uses base as-is) +│ │ └── upc-prod/ # UpCloud Prod cluster (patches value paths) +│ ├── dashboards/ # Grafana dashboard ConfigMaps │ └── values/ # Helm value overrides +│ ├── base/ # Shared values (all clusters) +│ ├── upc-dev/ # UpCloud Dev-specific values +│ └── upc-prod/ # UpCloud Prod-specific values │ ├── apps/ # Business Applications │ ├── mcp10x.yaml @@ -355,7 +361,7 @@ kubectl patch application myapp -n argocd \ ## 📖 Key Concepts ### App-of-Apps Pattern -`_app-of-apps.yaml` is the root Application that manages all other Applications in `infra/`. Each YAML in `infra/` becomes a child Application managed by ArgoCD. +`_app-of-apps.yaml` is the root Application that manages all other Applications in `infra/`. Kustomize overlays in `infra/overlays/{upc-dev,upc-prod}/` render the base Applications with per-cluster patches (e.g., swapping value file paths from `upc-dev` to `upc-prod`). ### Multi-Source Pattern Applications reference both: @@ -454,14 +460,14 @@ Documentation lives in `docs/`. To update: ### Current Environment - **Provider**: UpCloud Managed Kubernetes - **Environment**: Production (internal use only) -- **Cluster**: Single cluster +- **Clusters**: Multi-cluster (upc-dev, upc-prod) via Kustomize overlays - **Auth**: Disabled for ArgoCD (internal access) - **Backup**: None (cluster rebuildable via GitOps) ### Known Limitations - No automated backups (yet) - Secret rotation not automated -- Single cluster (no multi-cluster setup) +- Multi-cluster limited to upc-dev and upc-prod environments - DNS management is manual **Future improvements**: See [Operations Runbook - Disaster Recovery](docs/OPERATIONS-RUNBOOK.md#disaster-recovery) diff --git a/_app-of-apps-eu.yaml b/_app-of-apps-upc-dev.yaml similarity index 95% rename from _app-of-apps-eu.yaml rename to _app-of-apps-upc-dev.yaml index f38ebde..b352c3d 100644 --- a/_app-of-apps-eu.yaml +++ b/_app-of-apps-upc-dev.yaml @@ -20,7 +20,7 @@ spec: source: repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git targetRevision: HEAD - path: infra/overlays/eu + path: infra/overlays/upc-dev destination: server: https://kubernetes.default.svc namespace: default diff --git a/_app-of-apps-us.yaml b/_app-of-apps-upc-prod.yaml similarity index 95% rename from _app-of-apps-us.yaml rename to _app-of-apps-upc-prod.yaml index 95317b3..f5ccaca 100644 --- a/_app-of-apps-us.yaml +++ b/_app-of-apps-upc-prod.yaml @@ -20,7 +20,7 @@ spec: source: repoURL: git@github.com:fortedigital/sturdy-adventure.git targetRevision: HEAD - path: infra/overlays/us + path: infra/overlays/upc-prod destination: server: https://kubernetes.default.svc namespace: default diff --git a/apps/base/dot-ai-stack.yaml b/apps/base/dot-ai-stack.yaml index f322e35..3fd1284 100644 --- a/apps/base/dot-ai-stack.yaml +++ b/apps/base/dot-ai-stack.yaml @@ -35,7 +35,7 @@ spec: releaseName: dot-ai-stack valueFiles: - $values/infra/values/base/dot-ai-stack-values.yaml - - $values/infra/values/eu/dot-ai-stack-values.yaml + - $values/infra/values/upc-dev/dot-ai-stack-values.yaml - repoURL: git@github.com:fortedigital/sturdy-adventure.git targetRevision: HEAD diff --git a/apps/overlays/eu/kustomization.yaml b/apps/overlays/eu/kustomization.yaml deleted file mode 100644 index ea393bf..0000000 --- a/apps/overlays/eu/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- ../../base - -# No patches needed — base already has "eu" paths -# EU is the default/base cluster diff --git a/apps/overlays/upc-dev/kustomization.yaml b/apps/overlays/upc-dev/kustomization.yaml new file mode 100644 index 0000000..1895aac --- /dev/null +++ b/apps/overlays/upc-dev/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../base + +# No patches needed — base already has "upc-dev" paths +# upc-dev is the default/base cluster diff --git a/apps/overlays/us/kustomization.yaml b/apps/overlays/upc-prod/kustomization.yaml similarity index 67% rename from apps/overlays/us/kustomization.yaml rename to apps/overlays/upc-prod/kustomization.yaml index 0c93339..79e912b 100644 --- a/apps/overlays/us/kustomization.yaml +++ b/apps/overlays/upc-prod/kustomization.yaml @@ -4,11 +4,11 @@ resources: - ../../base patches: -# dot-ai-stack: swap eu → us +# dot-ai-stack: swap upc-dev → upc-prod - target: kind: Application name: dot-ai-stack patch: | - op: replace path: /spec/sources/0/helm/valueFiles/1 - value: $values/infra/values/us/dot-ai-stack-values.yaml + value: $values/infra/values/upc-prod/dot-ai-stack-values.yaml diff --git a/docs/DEVELOPER-GUIDE.md b/docs/DEVELOPER-GUIDE.md index 27b7ddc..9a2f127 100644 --- a/docs/DEVELOPER-GUIDE.md +++ b/docs/DEVELOPER-GUIDE.md @@ -1364,7 +1364,7 @@ Existing clients (like Gitea) are defined directly in `forte-realm.json` inside #### Step 1: Add Client to Realm Config -In `infra/values/keycloak-values.yaml`, add a new entry to the `clients` array in `forte-realm.json`: +In `infra/values/base/keycloak-values.yaml`, add a new entry to the `clients` array in `forte-realm.json`: ```json { @@ -1404,7 +1404,7 @@ existingSecret: myapp-oidc-credentials ```bash cd ~/dev/k8s/launchpad -git add infra/values/keycloak-values.yaml +git add infra/values/base/keycloak-values.yaml git commit -m "Add myapp Keycloak client with auto-sync" git push ``` diff --git a/docs/GITOPS-ARCHITECTURE.md b/docs/GITOPS-ARCHITECTURE.md index e663979..c1e3207 100644 --- a/docs/GITOPS-ARCHITECTURE.md +++ b/docs/GITOPS-ARCHITECTURE.md @@ -16,7 +16,7 @@ This Kubernetes cluster uses a **GitOps approach** powered by **ArgoCD**, where ### Key Characteristics - **Environment**: Production (internal use only) -- **Cluster Type**: Single cluster, single environment +- **Cluster Type**: Multi-cluster (upc-dev, upc-prod) via Kustomize overlays - **GitOps Tool**: ArgoCD - **Deployment Pattern**: App-of-Apps - **Secret Management**: Sealed Secrets (kubeseal) @@ -62,8 +62,8 @@ This Kubernetes cluster uses a **GitOps approach** powered by **ArgoCD**, where │ ▼ ┌────────────────────────────────┐ - │ Kubernetes Cluster │ - │ (UpCloud Managed) │ + │ Kubernetes Clusters │ + │ (UpCloud: upc-dev, upc-prod) │ │ │ │ ┌──────────────────────────┐ │ │ │ ArgoCD │ │ @@ -116,74 +116,68 @@ This Kubernetes cluster uses a **GitOps approach** powered by **ArgoCD**, where ``` launchpad/ ├── bootstrap.sh # Cluster initialization script -├── _app-of-apps.yaml # Root ArgoCD Application (App-of-Apps pattern) +├── _app-of-apps-upc-dev.yaml # Root ArgoCD Application (upc-dev cluster) +├── _app-of-apps-upc-prod.yaml # Root ArgoCD Application (upc-prod cluster) │ -├── infra/ # Infrastructure ArgoCD Applications -│ ├── enterprise-apps.yaml # Parent app managing all apps in apps/ -│ ├── cluster-resources-application.yaml -│ ├── traefik-application.yaml -│ ├── cert-manager-application.yaml -│ ├── kyverno.yaml -│ ├── kyverno-policies.yaml -│ ├── prometheus.yaml -│ ├── grafana.yaml -│ ├── loki.yaml -│ ├── tempo.yaml -│ ├── fluent-bit.yaml -│ ├── trivy.yaml -│ ├── sealedsecrets.yaml -│ ├── secrets.yaml +├── infra/ # Infrastructure ArgoCD Applications (Kustomize) +│ ├── base/ # Base Application manifests (upc-dev defaults) +│ │ ├── kustomization.yaml +│ │ ├── traefik-application.yaml +│ │ ├── keycloak.yaml +│ │ ├── grafana.yaml +│ │ ├── gitea.yaml +│ │ ├── gitea-actions.yaml +│ │ ├── tempo.yaml +│ │ ├── renovate.yaml +│ │ ├── ... # All other Application manifests +│ │ └── secrets.yaml +│ ├── overlays/ # Per-cluster overrides +│ │ ├── upc-dev/ # UpCloud Dev (uses base as-is) +│ │ └── upc-prod/ # UpCloud Prod (patches value paths) +│ ├── dashboards/ # Grafana dashboard ConfigMaps │ └── values/ # Helm value overrides for infra -│ ├── argocd-values.yaml -│ ├── prometheus-values.yaml -│ ├── grafana-values.yaml -│ ├── loki-values.yaml -│ ├── tempo-values.yaml -│ └── fluent-bit-values.yaml +│ ├── base/ # Shared values (all clusters) +│ │ ├── traefik-values.yaml +│ │ ├── keycloak-values.yaml +│ │ ├── grafana-values.yaml +│ │ ├── prometheus-values.yaml +│ │ ├── gitea-values.yaml +│ │ └── ... +│ ├── upc-dev/ # upc-dev cluster-specific values +│ │ ├── traefik-values.yaml +│ │ ├── keycloak-values.yaml +│ │ └── grafana-values.yaml +│ └── upc-prod/ # upc-prod cluster-specific values +│ ├── traefik-values.yaml +│ ├── keycloak-values.yaml +│ └── grafana-values.yaml │ -├── apps/ # Business Application ArgoCD manifests -│ ├── mcp10x.yaml # MCP 10X application -│ ├── musicman.yaml # Music Man application -│ ├── dot-ai-stack.yaml # Dot AI Stack -│ └── argo-mcp.yaml # ArgoCD MCP server +├── apps/ # Business Application ArgoCD manifests (Kustomize) +│ ├── base/ # Base app manifests +│ │ ├── kustomization.yaml +│ │ ├── dot-ai-stack.yaml +│ │ └── ... +│ └── overlays/ +│ ├── upc-dev/ # Uses base as-is +│ └── upc-prod/ # Patches value paths │ ├── cluster-resources/ # Cluster-wide Kubernetes resources -│ ├── cert-manager-namespace.yaml -│ ├── secrets-namespace.yaml -│ ├── letsencrypt-issuer.yaml # Let's Encrypt ClusterIssuer -│ ├── kyverno-config.yaml -│ ├── argocd-notifications-secret-sealed.yaml -│ ├── forte10x-repo-credentials-sealed.yaml -│ ├── mcp10x-repo-credentials-sealed.yaml +│ ├── ... │ └── policies/ # Kyverno policies -│ ├── deployment-verifier.yaml -│ ├── label-checker.yaml -│ ├── bare-pod-cleaner.yaml -│ ├── replicaset-cleaner.yaml -│ ├── default-ns-blocker.yaml -│ ├── secret-cloner.yaml -│ └── auth-sidecar-injector.yaml │ -├── secrets/ # Application secrets (sealed) -│ ├── argocd-mcp-credentials.yaml -│ ├── dot-ai-secrets.yaml -│ ├── mcp10x-credentials-sealed.yaml -│ └── musicman-credentials.yaml +├── secrets/ # Application secrets (sealed, per-cluster) +│ └── upc-dev/ # Secrets for upc-dev cluster │ ├── private/ # Local-only files (NOT in Git) -│ ├── *.yaml # Unsealed secrets -│ └── *.sh # Helper scripts │ └── docs/ # Documentation - ├── GITOPS-ARCHITECTURE.md # This file - ├── DEVELOPER-GUIDE.md - ├── OPERATIONS-RUNBOOK.md - └── REFERENCE.md ``` **Key Points**: -- `_app-of-apps.yaml` is the root Application that ArgoCD monitors -- `infra/enterprise-apps.yaml` auto-discovers all apps in `apps/` folder +- `_app-of-apps-upc-dev.yaml` and `_app-of-apps-upc-prod.yaml` are the per-cluster root Applications +- Kustomize overlays in `infra/overlays/` render base Applications with per-cluster patches +- Helm values are split: `values/base/` (shared) + `values/upc-dev/` or `values/upc-prod/` (cluster-specific) +- `apps/` follows the same base/overlays pattern for business applications - Changes pushed to this repo trigger automatic syncs in ArgoCD - `private/` folder contains local-only files (Git-ignored) @@ -295,7 +289,7 @@ app-repository/ ### The App-of-Apps Pattern ``` -_app-of-apps.yaml (Root) +_app-of-apps-{upc-dev,upc-prod}.yaml (Root, per cluster) │ ├── infrastructure-apps (manages infra/) │ ├── cluster-resources-application @@ -315,10 +309,10 @@ _app-of-apps.yaml (Root) ``` **How It Works**: -1. Bootstrap script installs ArgoCD and applies `_app-of-apps.yaml` -2. ArgoCD creates the root Application which monitors `infra/` folder -3. Each YAML in `infra/` becomes a child Application -4. `enterprise-apps.yaml` monitors `apps/` folder and auto-discovers applications +1. Bootstrap script installs ArgoCD and applies `_app-of-apps-upc-dev.yaml` (or `upc-prod`) +2. ArgoCD creates the root Application which monitors the appropriate `infra/overlays/` folder +3. Kustomize renders base Applications with cluster-specific patches +4. `enterprise-apps` Application monitors the cluster's `apps/overlays/` folder 5. ArgoCD continuously syncs (every 60s) and auto-heals drift ### Sync Waves & Ordering @@ -363,6 +357,34 @@ spec: - Easy to update all apps by changing the chart - Environment-specific values isolated in separate repo +### Multi-Cluster Pattern + +Kustomize overlays enable deploying the same Applications across clusters with different configurations: + +```yaml +# infra/base/ contains default (upc-dev) Applications +# Helm values are layered: base + cluster-specific +valueFiles: +- $values/infra/values/base/traefik-values.yaml # Shared config +- $values/infra/values/upc-dev/traefik-values.yaml # Cluster-specific + +# infra/overlays/upc-prod/kustomization.yaml patches the second valueFile +patches: +- target: + kind: Application + name: traefik + patch: | + - op: replace + path: /spec/sources/0/helm/valueFiles/1 + value: $values/infra/values/upc-prod/traefik-values.yaml +``` + +**Benefits**: +- Single source of truth for Application definitions +- Cluster-specific values isolated per overlay +- Easy to add new clusters by creating a new overlay +- Base values shared across all clusters reduce duplication + --- ## CI/CD Pipeline diff --git a/docs/OPERATIONS-RUNBOOK.md b/docs/OPERATIONS-RUNBOOK.md index 9ff6f9f..822ba97 100644 --- a/docs/OPERATIONS-RUNBOOK.md +++ b/docs/OPERATIONS-RUNBOOK.md @@ -207,7 +207,7 @@ kubectl get secrets -n argocd -l argocd.argoproj.io/secret-type=repository # Settings → Repositories → Should show "Successful" status # Test by creating an application -kubectl apply -f _app-of-apps.yaml +kubectl apply -f _app-of-apps-upc-dev.yaml # or _app-of-apps-upc-prod.yaml # Check application sync status kubectl get applications -n argocd @@ -1352,13 +1352,13 @@ kubectl get deployment argocd-server -n argocd \ -o jsonpath='{.spec.template.spec.containers[0].image}' # Update version in values -vim infra/values/argocd-values.yaml +vim infra/values/base/argocd-values.yaml # Or upgrade via Helm directly helm upgrade argocd argo-cd \ --repo https://argoproj.github.io/argo-helm \ --namespace argocd \ - --values infra/values/argocd-values.yaml \ + --values infra/values/base/argocd-values.yaml \ --version 6.0.0 # New version # Verify @@ -1454,8 +1454,8 @@ kubectl top pods --all-namespaces --sort-by=cpu Example: Adding Redis ```bash -# 1. Create application manifest -cat > infra/redis-application.yaml < infra/base/redis-application.yaml < infra/values/base/redis-values.yaml < -n keycloak -o jsonpath='{.metadata.ann **Configuration**: ```yaml -# infra/renovate.yaml + infra/values/renovate-values.yaml +# infra/base/renovate.yaml + infra/values/base/renovate-values.yaml cronjob: schedule: "@daily" concurrencyPolicy: Forbid diff --git a/infra/base/enterprise-apps.yaml b/infra/base/enterprise-apps.yaml index d843b39..40763cb 100644 --- a/infra/base/enterprise-apps.yaml +++ b/infra/base/enterprise-apps.yaml @@ -18,7 +18,7 @@ spec: source: repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git targetRevision: HEAD - path: apps/overlays/eu + path: apps/overlays/upc-dev destination: server: https://kubernetes.default.svc namespace: apps diff --git a/infra/gitea-actions.yaml b/infra/base/gitea-actions.yaml similarity index 94% rename from infra/gitea-actions.yaml rename to infra/base/gitea-actions.yaml index 1531d69..ae29f29 100644 --- a/infra/gitea-actions.yaml +++ b/infra/base/gitea-actions.yaml @@ -21,7 +21,7 @@ spec: helm: releaseName: gitea-actions valueFiles: - - $values/infra/values/gitea-actions-values.yaml + - $values/infra/values/base/gitea-actions-values.yaml - repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git targetRevision: HEAD diff --git a/infra/gitea.yaml b/infra/base/gitea.yaml similarity index 95% rename from infra/gitea.yaml rename to infra/base/gitea.yaml index f0c5209..ba806f5 100644 --- a/infra/gitea.yaml +++ b/infra/base/gitea.yaml @@ -21,7 +21,7 @@ spec: helm: releaseName: gitea valueFiles: - - $values/infra/values/gitea-values.yaml + - $values/infra/values/base/gitea-values.yaml - repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git targetRevision: HEAD diff --git a/infra/grafana-dashboards.yaml b/infra/base/grafana-dashboards.yaml similarity index 100% rename from infra/grafana-dashboards.yaml rename to infra/base/grafana-dashboards.yaml diff --git a/infra/base/grafana.yaml b/infra/base/grafana.yaml index 5f18399..3e17373 100644 --- a/infra/base/grafana.yaml +++ b/infra/base/grafana.yaml @@ -22,7 +22,7 @@ spec: releaseName: grafana valueFiles: - $values/infra/values/base/grafana-values.yaml - - $values/infra/values/eu/grafana-values.yaml + - $values/infra/values/upc-dev/grafana-values.yaml - repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git targetRevision: HEAD diff --git a/infra/base/keycloak.yaml b/infra/base/keycloak.yaml index ded2964..a3234d8 100644 --- a/infra/base/keycloak.yaml +++ b/infra/base/keycloak.yaml @@ -22,7 +22,7 @@ spec: releaseName: keycloak valueFiles: - $values/infra/values/base/keycloak-values.yaml - - $values/infra/values/eu/keycloak-values.yaml + - $values/infra/values/upc-dev/keycloak-values.yaml - repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git targetRevision: HEAD diff --git a/infra/base/kustomization.yaml b/infra/base/kustomization.yaml index adb38e1..e60eb3c 100644 --- a/infra/base/kustomization.yaml +++ b/infra/base/kustomization.yaml @@ -15,3 +15,9 @@ resources: - cluster-resources-application.yaml - kyverno-policies.yaml - secrets.yaml +- gitea.yaml +- gitea-actions.yaml +- renovate.yaml +- tempo.yaml +- grafana-dashboards.yaml +- network-policies-application.yaml diff --git a/infra/network-policies-application.yaml b/infra/base/network-policies-application.yaml similarity index 100% rename from infra/network-policies-application.yaml rename to infra/base/network-policies-application.yaml diff --git a/infra/renovate.yaml b/infra/base/renovate.yaml similarity index 94% rename from infra/renovate.yaml rename to infra/base/renovate.yaml index bc1d34e..4cf87e4 100644 --- a/infra/renovate.yaml +++ b/infra/base/renovate.yaml @@ -21,7 +21,7 @@ spec: helm: releaseName: renovate valueFiles: - - $values/infra/values/renovate-values.yaml + - $values/infra/values/base/renovate-values.yaml - repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git targetRevision: HEAD diff --git a/infra/base/secrets.yaml b/infra/base/secrets.yaml index 0e14c6a..7eb57f9 100644 --- a/infra/base/secrets.yaml +++ b/infra/base/secrets.yaml @@ -18,7 +18,7 @@ spec: project: default source: repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git - path: secrets/eu + path: secrets/upc-dev destination: server: https://kubernetes.default.svc namespace: secrets diff --git a/infra/tempo.yaml b/infra/base/tempo.yaml similarity index 94% rename from infra/tempo.yaml rename to infra/base/tempo.yaml index 1ce4fbb..0a0c09b 100644 --- a/infra/tempo.yaml +++ b/infra/base/tempo.yaml @@ -21,7 +21,7 @@ spec: helm: releaseName: tempo valueFiles: - - $values/infra/values/tempo-values.yaml + - $values/infra/values/base/tempo-values.yaml - repoURL: ssh://git@git.forteapps.net:2222/Forte/launchpad.git targetRevision: HEAD diff --git a/infra/base/traefik-application.yaml b/infra/base/traefik-application.yaml index b502e56..eb9fd2c 100644 --- a/infra/base/traefik-application.yaml +++ b/infra/base/traefik-application.yaml @@ -29,7 +29,7 @@ spec: releaseName: traefik valueFiles: - $values/infra/values/base/traefik-values.yaml - - $values/infra/values/eu/traefik-values.yaml + - $values/infra/values/upc-dev/traefik-values.yaml - repoURL: git@github.com:fortedigital/sturdy-adventure.git targetRevision: HEAD diff --git a/infra/overlays/eu/kustomization.yaml b/infra/overlays/eu/kustomization.yaml deleted file mode 100644 index ea393bf..0000000 --- a/infra/overlays/eu/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- ../../base - -# No patches needed — base already has "eu" paths -# EU is the default/base cluster diff --git a/infra/overlays/upc-dev/kustomization.yaml b/infra/overlays/upc-dev/kustomization.yaml new file mode 100644 index 0000000..1895aac --- /dev/null +++ b/infra/overlays/upc-dev/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- ../../base + +# No patches needed — base already has "upc-dev" paths +# upc-dev is the default/base cluster diff --git a/infra/overlays/us/kustomization.yaml b/infra/overlays/upc-prod/kustomization.yaml similarity index 60% rename from infra/overlays/us/kustomization.yaml rename to infra/overlays/upc-prod/kustomization.yaml index 902ae74..ebfc179 100644 --- a/infra/overlays/us/kustomization.yaml +++ b/infra/overlays/upc-prod/kustomization.yaml @@ -4,47 +4,47 @@ resources: - ../../base patches: -# Traefik: swap eu → us in valueFiles +# Traefik: swap upc-dev → upc-prod in valueFiles - target: kind: Application name: traefik patch: | - op: replace path: /spec/sources/0/helm/valueFiles/1 - value: $values/infra/values/us/traefik-values.yaml + value: $values/infra/values/upc-prod/traefik-values.yaml -# Keycloak: swap eu → us +# Keycloak: swap upc-dev → upc-prod - target: kind: Application name: keycloak patch: | - op: replace path: /spec/sources/0/helm/valueFiles/1 - value: $values/infra/values/us/keycloak-values.yaml + value: $values/infra/values/upc-prod/keycloak-values.yaml -# Grafana: swap eu → us +# Grafana: swap upc-dev → upc-prod - target: kind: Application name: grafana patch: | - op: replace path: /spec/sources/0/helm/valueFiles/1 - value: $values/infra/values/us/grafana-values.yaml + value: $values/infra/values/upc-prod/grafana-values.yaml -# Secrets: change path to us +# Secrets: change path to upc-prod - target: kind: Application name: secrets patch: | - op: replace path: /spec/source/path - value: secrets/us + value: secrets/upc-prod -# Enterprise-apps: point to us overlay +# Enterprise-apps: point to upc-prod overlay - target: kind: Application name: enterprise-apps patch: | - op: replace path: /spec/source/path - value: apps/overlays/us + value: apps/overlays/upc-prod diff --git a/infra/values/gitea-actions-values.yaml b/infra/values/base/gitea-actions-values.yaml similarity index 100% rename from infra/values/gitea-actions-values.yaml rename to infra/values/base/gitea-actions-values.yaml diff --git a/infra/values/gitea-values.yaml b/infra/values/base/gitea-values.yaml similarity index 100% rename from infra/values/gitea-values.yaml rename to infra/values/base/gitea-values.yaml diff --git a/infra/values/opencost-values.yaml b/infra/values/base/opencost-values.yaml similarity index 100% rename from infra/values/opencost-values.yaml rename to infra/values/base/opencost-values.yaml diff --git a/infra/values/renovate-values.yaml b/infra/values/base/renovate-values.yaml similarity index 100% rename from infra/values/renovate-values.yaml rename to infra/values/base/renovate-values.yaml diff --git a/infra/values/tempo-values.yaml b/infra/values/base/tempo-values.yaml similarity index 100% rename from infra/values/tempo-values.yaml rename to infra/values/base/tempo-values.yaml diff --git a/infra/values/eu/argocd-values.yaml b/infra/values/upc-dev/argocd-values.yaml similarity index 100% rename from infra/values/eu/argocd-values.yaml rename to infra/values/upc-dev/argocd-values.yaml diff --git a/infra/values/eu/dot-ai-stack-values.yaml b/infra/values/upc-dev/dot-ai-stack-values.yaml similarity index 100% rename from infra/values/eu/dot-ai-stack-values.yaml rename to infra/values/upc-dev/dot-ai-stack-values.yaml diff --git a/infra/values/eu/grafana-values.yaml b/infra/values/upc-dev/grafana-values.yaml similarity index 100% rename from infra/values/eu/grafana-values.yaml rename to infra/values/upc-dev/grafana-values.yaml diff --git a/infra/values/eu/keycloak-values.yaml b/infra/values/upc-dev/keycloak-values.yaml similarity index 100% rename from infra/values/eu/keycloak-values.yaml rename to infra/values/upc-dev/keycloak-values.yaml diff --git a/infra/values/eu/traefik-values.yaml b/infra/values/upc-dev/traefik-values.yaml similarity index 100% rename from infra/values/eu/traefik-values.yaml rename to infra/values/upc-dev/traefik-values.yaml diff --git a/infra/values/us/argocd-values.yaml b/infra/values/upc-prod/argocd-values.yaml similarity index 100% rename from infra/values/us/argocd-values.yaml rename to infra/values/upc-prod/argocd-values.yaml diff --git a/infra/values/us/dot-ai-stack-values.yaml b/infra/values/upc-prod/dot-ai-stack-values.yaml similarity index 100% rename from infra/values/us/dot-ai-stack-values.yaml rename to infra/values/upc-prod/dot-ai-stack-values.yaml diff --git a/infra/values/us/grafana-values.yaml b/infra/values/upc-prod/grafana-values.yaml similarity index 100% rename from infra/values/us/grafana-values.yaml rename to infra/values/upc-prod/grafana-values.yaml diff --git a/infra/values/us/keycloak-values.yaml b/infra/values/upc-prod/keycloak-values.yaml similarity index 100% rename from infra/values/us/keycloak-values.yaml rename to infra/values/upc-prod/keycloak-values.yaml diff --git a/infra/values/us/traefik-values.yaml b/infra/values/upc-prod/traefik-values.yaml similarity index 100% rename from infra/values/us/traefik-values.yaml rename to infra/values/upc-prod/traefik-values.yaml diff --git a/secrets/eu/argocd-mcp-credentials.yaml b/secrets/upc-dev/argocd-mcp-credentials.yaml similarity index 100% rename from secrets/eu/argocd-mcp-credentials.yaml rename to secrets/upc-dev/argocd-mcp-credentials.yaml diff --git a/secrets/eu/argocdmcp-auth-oidc-sealed.yaml b/secrets/upc-dev/argocdmcp-auth-oidc-sealed.yaml similarity index 100% rename from secrets/eu/argocdmcp-auth-oidc-sealed.yaml rename to secrets/upc-dev/argocdmcp-auth-oidc-sealed.yaml diff --git a/secrets/eu/dot-ai-secrets.yaml b/secrets/upc-dev/dot-ai-secrets.yaml similarity index 100% rename from secrets/eu/dot-ai-secrets.yaml rename to secrets/upc-dev/dot-ai-secrets.yaml diff --git a/secrets/eu/forte10x-app-credentials-sealed.yaml b/secrets/upc-dev/forte10x-app-credentials-sealed.yaml similarity index 100% rename from secrets/eu/forte10x-app-credentials-sealed.yaml rename to secrets/upc-dev/forte10x-app-credentials-sealed.yaml diff --git a/secrets/eu/keycloak-credentials-sealed.yaml b/secrets/upc-dev/keycloak-credentials-sealed.yaml similarity index 100% rename from secrets/eu/keycloak-credentials-sealed.yaml rename to secrets/upc-dev/keycloak-credentials-sealed.yaml diff --git a/secrets/eu/musicman-credentials.yaml b/secrets/upc-dev/musicman-credentials.yaml similarity index 100% rename from secrets/eu/musicman-credentials.yaml rename to secrets/upc-dev/musicman-credentials.yaml