From f1dd61cecea913f412892162b3aa664a831012f9 Mon Sep 17 00:00:00 2001 From: Danijel Simeunovic Date: Wed, 22 Apr 2026 21:56:43 +0200 Subject: [PATCH] sync --- infra/values/aks-dev/gitea-values.yaml | 2 +- infra/values/aks-dev/grafana-values.yaml | 4 ++++ infra/values/aks-dev/keycloak-values.yaml | 3 +++ infra/values/aks-dev/opencost-values.yaml | 11 ++++------- infra/values/aks-dev/traefik-values.yaml | 13 ++++--------- infra/values/aks-prod/gitea-values.yaml | 2 +- infra/values/aks-prod/grafana-values.yaml | 4 ++++ infra/values/aks-prod/keycloak-values.yaml | 3 +++ infra/values/aks-prod/opencost-values.yaml | 11 ++++------- infra/values/aks-prod/traefik-values.yaml | 14 +++++--------- infra/values/eks-dev/gitea-values.yaml | 2 +- infra/values/eks-dev/grafana-values.yaml | 4 ++++ infra/values/eks-dev/keycloak-values.yaml | 3 +++ infra/values/eks-dev/opencost-values.yaml | 8 +++----- infra/values/eks-dev/traefik-values.yaml | 9 ++++----- infra/values/eks-prod/gitea-values.yaml | 2 +- infra/values/eks-prod/grafana-values.yaml | 4 ++++ infra/values/eks-prod/keycloak-values.yaml | 3 +++ infra/values/eks-prod/opencost-values.yaml | 8 +++----- infra/values/eks-prod/traefik-values.yaml | 10 +++++----- infra/values/gke-dev/gitea-values.yaml | 2 +- infra/values/gke-dev/grafana-values.yaml | 4 ++++ infra/values/gke-dev/keycloak-values.yaml | 3 +++ infra/values/gke-dev/opencost-values.yaml | 13 +++++++------ infra/values/gke-dev/traefik-values.yaml | 13 +++++-------- infra/values/gke-prod/gitea-values.yaml | 2 +- infra/values/gke-prod/grafana-values.yaml | 4 ++++ infra/values/gke-prod/keycloak-values.yaml | 3 +++ infra/values/gke-prod/opencost-values.yaml | 13 +++++++------ infra/values/gke-prod/traefik-values.yaml | 13 +++++-------- 30 files changed, 104 insertions(+), 86 deletions(-) create mode 100644 infra/values/aks-dev/grafana-values.yaml create mode 100644 infra/values/aks-dev/keycloak-values.yaml create mode 100644 infra/values/aks-prod/grafana-values.yaml create mode 100644 infra/values/aks-prod/keycloak-values.yaml create mode 100644 infra/values/eks-dev/grafana-values.yaml create mode 100644 infra/values/eks-dev/keycloak-values.yaml create mode 100644 infra/values/eks-prod/grafana-values.yaml create mode 100644 infra/values/eks-prod/keycloak-values.yaml create mode 100644 infra/values/gke-dev/grafana-values.yaml create mode 100644 infra/values/gke-dev/keycloak-values.yaml create mode 100644 infra/values/gke-prod/grafana-values.yaml create mode 100644 infra/values/gke-prod/keycloak-values.yaml diff --git a/infra/values/aks-dev/gitea-values.yaml b/infra/values/aks-dev/gitea-values.yaml index 5bb20ff..94e9760 100644 --- a/infra/values/aks-dev/gitea-values.yaml +++ b/infra/values/aks-dev/gitea-values.yaml @@ -1,4 +1,4 @@ -# Azure Managed Disk (Premium SSD via CSI driver) +# AKS-specific: Azure managed disk storage class persistence: storageClass: managed-csi-premium postgresql: diff --git a/infra/values/aks-dev/grafana-values.yaml b/infra/values/aks-dev/grafana-values.yaml new file mode 100644 index 0000000..3b10135 --- /dev/null +++ b/infra/values/aks-dev/grafana-values.yaml @@ -0,0 +1,4 @@ +# AKS-specific: Grafana hostname +ingress: + hosts: + - grafana.forteapps.net diff --git a/infra/values/aks-dev/keycloak-values.yaml b/infra/values/aks-dev/keycloak-values.yaml new file mode 100644 index 0000000..f66b945 --- /dev/null +++ b/infra/values/aks-dev/keycloak-values.yaml @@ -0,0 +1,3 @@ +# AKS-specific: Keycloak hostname +ingress: + hostname: id.forteapps.net diff --git a/infra/values/aks-dev/opencost-values.yaml b/infra/values/aks-dev/opencost-values.yaml index 98b30cd..64dcfa1 100644 --- a/infra/values/aks-dev/opencost-values.yaml +++ b/infra/values/aks-dev/opencost-values.yaml @@ -1,11 +1,8 @@ -# Azure native pricing via Billing API +# AKS-specific: Azure pricing via Cloud Billing API opencost: exporter: + cloudProviderApiKey: "" customPricing: - enabled: true - provider: azure + enabled: false azure: - subscriptionID: "" # <- populate - clientID: "" - clientSecret: "" - tenantID: "" + secretName: opencost-azure-billing diff --git a/infra/values/aks-dev/traefik-values.yaml b/infra/values/aks-dev/traefik-values.yaml index 7efa198..fd5c882 100644 --- a/infra/values/aks-dev/traefik-values.yaml +++ b/infra/values/aks-dev/traefik-values.yaml @@ -1,16 +1,11 @@ -# Azure AKS — Standard Load Balancer -# Note: Azure Standard LB does not support Proxy Protocol. -# Use externalTrafficPolicy: Local on the Traefik service to preserve -# client IPs, or deploy behind Azure Application Gateway. +# AKS-specific: Azure Load Balancer for Traefik service: annotations: - service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: "/ping" - spec: - externalTrafficPolicy: Local + service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /ping ports: web: forwardedHeaders: - trustedIPs: "10.0.0.0/8,168.63.129.16/32" # <- VNet CIDR + Azure health probe + trustedIPs: "10.0.0.0/8" websecure: forwardedHeaders: - trustedIPs: "10.0.0.0/8,168.63.129.16/32" + trustedIPs: "10.0.0.0/8" diff --git a/infra/values/aks-prod/gitea-values.yaml b/infra/values/aks-prod/gitea-values.yaml index 5bb20ff..d035b5d 100644 --- a/infra/values/aks-prod/gitea-values.yaml +++ b/infra/values/aks-prod/gitea-values.yaml @@ -1,4 +1,4 @@ -# Azure Managed Disk (Premium SSD via CSI driver) +# AKS-specific: Azure managed disk storage class (prod) persistence: storageClass: managed-csi-premium postgresql: diff --git a/infra/values/aks-prod/grafana-values.yaml b/infra/values/aks-prod/grafana-values.yaml new file mode 100644 index 0000000..b1f7504 --- /dev/null +++ b/infra/values/aks-prod/grafana-values.yaml @@ -0,0 +1,4 @@ +# AKS-specific: Grafana hostname (prod) +ingress: + hosts: + - grafana.fortedigital.com diff --git a/infra/values/aks-prod/keycloak-values.yaml b/infra/values/aks-prod/keycloak-values.yaml new file mode 100644 index 0000000..97096e4 --- /dev/null +++ b/infra/values/aks-prod/keycloak-values.yaml @@ -0,0 +1,3 @@ +# AKS-specific: Keycloak hostname (prod) +ingress: + hostname: id.fortedigital.com diff --git a/infra/values/aks-prod/opencost-values.yaml b/infra/values/aks-prod/opencost-values.yaml index 98b30cd..d465129 100644 --- a/infra/values/aks-prod/opencost-values.yaml +++ b/infra/values/aks-prod/opencost-values.yaml @@ -1,11 +1,8 @@ -# Azure native pricing via Billing API +# AKS-specific: Azure pricing via Cloud Billing API (prod) opencost: exporter: + cloudProviderApiKey: "" customPricing: - enabled: true - provider: azure + enabled: false azure: - subscriptionID: "" # <- populate - clientID: "" - clientSecret: "" - tenantID: "" + secretName: opencost-azure-billing diff --git a/infra/values/aks-prod/traefik-values.yaml b/infra/values/aks-prod/traefik-values.yaml index 7efa198..469f276 100644 --- a/infra/values/aks-prod/traefik-values.yaml +++ b/infra/values/aks-prod/traefik-values.yaml @@ -1,16 +1,12 @@ -# Azure AKS — Standard Load Balancer -# Note: Azure Standard LB does not support Proxy Protocol. -# Use externalTrafficPolicy: Local on the Traefik service to preserve -# client IPs, or deploy behind Azure Application Gateway. +# AKS-specific: Azure Load Balancer for Traefik (prod) service: annotations: - service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: "/ping" - spec: - externalTrafficPolicy: Local + service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /ping + service.beta.kubernetes.io/azure-load-balancer-internal: "false" ports: web: forwardedHeaders: - trustedIPs: "10.0.0.0/8,168.63.129.16/32" # <- VNet CIDR + Azure health probe + trustedIPs: "10.0.0.0/8" websecure: forwardedHeaders: - trustedIPs: "10.0.0.0/8,168.63.129.16/32" + trustedIPs: "10.0.0.0/8" diff --git a/infra/values/eks-dev/gitea-values.yaml b/infra/values/eks-dev/gitea-values.yaml index 597af4f..c55964f 100644 --- a/infra/values/eks-dev/gitea-values.yaml +++ b/infra/values/eks-dev/gitea-values.yaml @@ -1,4 +1,4 @@ -# AWS EBS gp3 storage class (requires EBS CSI driver) +# EKS-specific: gp3 storage class persistence: storageClass: gp3 postgresql: diff --git a/infra/values/eks-dev/grafana-values.yaml b/infra/values/eks-dev/grafana-values.yaml new file mode 100644 index 0000000..e5d932e --- /dev/null +++ b/infra/values/eks-dev/grafana-values.yaml @@ -0,0 +1,4 @@ +# EKS-specific: Grafana hostname +ingress: + hosts: + - grafana.forteapps.net diff --git a/infra/values/eks-dev/keycloak-values.yaml b/infra/values/eks-dev/keycloak-values.yaml new file mode 100644 index 0000000..ee027eb --- /dev/null +++ b/infra/values/eks-dev/keycloak-values.yaml @@ -0,0 +1,3 @@ +# EKS-specific: Keycloak hostname +ingress: + hostname: id.forteapps.net diff --git a/infra/values/eks-dev/opencost-values.yaml b/infra/values/eks-dev/opencost-values.yaml index 93ff67a..efd110a 100644 --- a/infra/values/eks-dev/opencost-values.yaml +++ b/infra/values/eks-dev/opencost-values.yaml @@ -1,12 +1,10 @@ -# AWS native pricing via Cost and Usage Reports +# EKS-specific: AWS pricing via Cost and Usage Report opencost: exporter: + cloudProviderApiKey: "" customPricing: - enabled: true - provider: aws + enabled: false aws: - service_key_name: "" # <- populate or use IRSA - service_key_secret: "" spot_data_region: "" spot_data_bucket: "" spot_data_prefix: "" diff --git a/infra/values/eks-dev/traefik-values.yaml b/infra/values/eks-dev/traefik-values.yaml index 34306f7..1390d17 100644 --- a/infra/values/eks-dev/traefik-values.yaml +++ b/infra/values/eks-dev/traefik-values.yaml @@ -1,14 +1,13 @@ -# AWS EKS — NLB with Proxy Protocol v2 for real client IPs +# EKS-specific: AWS NLB for Traefik service: annotations: - service.beta.kubernetes.io/aws-load-balancer-type: "external" - service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" - service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" + service.beta.kubernetes.io/aws-load-balancer-type: nlb + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" ports: web: proxyProtocol: - trustedIPs: "10.0.0.0/8" # <- adjust to your VPC CIDR + trustedIPs: "10.0.0.0/8" forwardedHeaders: trustedIPs: "10.0.0.0/8" websecure: diff --git a/infra/values/eks-prod/gitea-values.yaml b/infra/values/eks-prod/gitea-values.yaml index 597af4f..7aae415 100644 --- a/infra/values/eks-prod/gitea-values.yaml +++ b/infra/values/eks-prod/gitea-values.yaml @@ -1,4 +1,4 @@ -# AWS EBS gp3 storage class (requires EBS CSI driver) +# EKS-specific: gp3 storage class (prod) persistence: storageClass: gp3 postgresql: diff --git a/infra/values/eks-prod/grafana-values.yaml b/infra/values/eks-prod/grafana-values.yaml new file mode 100644 index 0000000..2034392 --- /dev/null +++ b/infra/values/eks-prod/grafana-values.yaml @@ -0,0 +1,4 @@ +# EKS-specific: Grafana hostname (prod) +ingress: + hosts: + - grafana.fortedigital.com diff --git a/infra/values/eks-prod/keycloak-values.yaml b/infra/values/eks-prod/keycloak-values.yaml new file mode 100644 index 0000000..9797896 --- /dev/null +++ b/infra/values/eks-prod/keycloak-values.yaml @@ -0,0 +1,3 @@ +# EKS-specific: Keycloak hostname (prod) +ingress: + hostname: id.fortedigital.com diff --git a/infra/values/eks-prod/opencost-values.yaml b/infra/values/eks-prod/opencost-values.yaml index 93ff67a..ac86a76 100644 --- a/infra/values/eks-prod/opencost-values.yaml +++ b/infra/values/eks-prod/opencost-values.yaml @@ -1,12 +1,10 @@ -# AWS native pricing via Cost and Usage Reports +# EKS-specific: AWS pricing via Cost and Usage Report (prod) opencost: exporter: + cloudProviderApiKey: "" customPricing: - enabled: true - provider: aws + enabled: false aws: - service_key_name: "" # <- populate or use IRSA - service_key_secret: "" spot_data_region: "" spot_data_bucket: "" spot_data_prefix: "" diff --git a/infra/values/eks-prod/traefik-values.yaml b/infra/values/eks-prod/traefik-values.yaml index 34306f7..fd64496 100644 --- a/infra/values/eks-prod/traefik-values.yaml +++ b/infra/values/eks-prod/traefik-values.yaml @@ -1,14 +1,14 @@ -# AWS EKS — NLB with Proxy Protocol v2 for real client IPs +# EKS-specific: AWS NLB for Traefik (prod) service: annotations: - service.beta.kubernetes.io/aws-load-balancer-type: "external" - service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" - service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing" + service.beta.kubernetes.io/aws-load-balancer-type: nlb + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" + service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true" ports: web: proxyProtocol: - trustedIPs: "10.0.0.0/8" # <- adjust to your VPC CIDR + trustedIPs: "10.0.0.0/8" forwardedHeaders: trustedIPs: "10.0.0.0/8" websecure: diff --git a/infra/values/gke-dev/gitea-values.yaml b/infra/values/gke-dev/gitea-values.yaml index b825aee..04ec9aa 100644 --- a/infra/values/gke-dev/gitea-values.yaml +++ b/infra/values/gke-dev/gitea-values.yaml @@ -1,4 +1,4 @@ -# GCP Persistent Disk (SSD via CSI driver) +# GKE-specific: SSD persistent disk storage class persistence: storageClass: premium-rwo postgresql: diff --git a/infra/values/gke-dev/grafana-values.yaml b/infra/values/gke-dev/grafana-values.yaml new file mode 100644 index 0000000..db36770 --- /dev/null +++ b/infra/values/gke-dev/grafana-values.yaml @@ -0,0 +1,4 @@ +# GKE-specific: Grafana hostname +ingress: + hosts: + - grafana.forteapps.net diff --git a/infra/values/gke-dev/keycloak-values.yaml b/infra/values/gke-dev/keycloak-values.yaml new file mode 100644 index 0000000..4c67591 --- /dev/null +++ b/infra/values/gke-dev/keycloak-values.yaml @@ -0,0 +1,3 @@ +# GKE-specific: Keycloak hostname +ingress: + hostname: id.forteapps.net diff --git a/infra/values/gke-dev/opencost-values.yaml b/infra/values/gke-dev/opencost-values.yaml index f3ea481..6534718 100644 --- a/infra/values/gke-dev/opencost-values.yaml +++ b/infra/values/gke-dev/opencost-values.yaml @@ -1,9 +1,10 @@ -# GCP native pricing via Cloud Billing API +# GKE-specific: GCP pricing via BigQuery billing export opencost: exporter: + cloudProviderApiKey: "" customPricing: - enabled: true - provider: gcp - gcp: - projectID: "" # <- populate with your GCP project ID - key: "" # <- or use Workload Identity + enabled: false + google: + key: "" + project_id: "" + billing_account: "" diff --git a/infra/values/gke-dev/traefik-values.yaml b/infra/values/gke-dev/traefik-values.yaml index 55351c0..96a78ab 100644 --- a/infra/values/gke-dev/traefik-values.yaml +++ b/infra/values/gke-dev/traefik-values.yaml @@ -1,15 +1,12 @@ -# GCP GKE — External passthrough Network Load Balancer +# GKE-specific: Google Cloud Load Balancer for Traefik service: annotations: - cloud.google.com/l4-rbs: "enabled" + cloud.google.com/neg: '{"ingress":true}' + networking.gke.io/load-balancer-type: External ports: web: - proxyProtocol: - trustedIPs: "10.0.0.0/8,35.191.0.0/16,130.211.0.0/22" # <- subnet CIDR + GCP health checks forwardedHeaders: - trustedIPs: "10.0.0.0/8,35.191.0.0/16,130.211.0.0/22" + trustedIPs: "10.0.0.0/8" websecure: - proxyProtocol: - trustedIPs: "10.0.0.0/8,35.191.0.0/16,130.211.0.0/22" forwardedHeaders: - trustedIPs: "10.0.0.0/8,35.191.0.0/16,130.211.0.0/22" + trustedIPs: "10.0.0.0/8" diff --git a/infra/values/gke-prod/gitea-values.yaml b/infra/values/gke-prod/gitea-values.yaml index b825aee..5df877a 100644 --- a/infra/values/gke-prod/gitea-values.yaml +++ b/infra/values/gke-prod/gitea-values.yaml @@ -1,4 +1,4 @@ -# GCP Persistent Disk (SSD via CSI driver) +# GKE-specific: SSD persistent disk storage class (prod) persistence: storageClass: premium-rwo postgresql: diff --git a/infra/values/gke-prod/grafana-values.yaml b/infra/values/gke-prod/grafana-values.yaml new file mode 100644 index 0000000..e0b0d37 --- /dev/null +++ b/infra/values/gke-prod/grafana-values.yaml @@ -0,0 +1,4 @@ +# GKE-specific: Grafana hostname (prod) +ingress: + hosts: + - grafana.fortedigital.com diff --git a/infra/values/gke-prod/keycloak-values.yaml b/infra/values/gke-prod/keycloak-values.yaml new file mode 100644 index 0000000..76ab384 --- /dev/null +++ b/infra/values/gke-prod/keycloak-values.yaml @@ -0,0 +1,3 @@ +# GKE-specific: Keycloak hostname (prod) +ingress: + hostname: id.fortedigital.com diff --git a/infra/values/gke-prod/opencost-values.yaml b/infra/values/gke-prod/opencost-values.yaml index f3ea481..404f49b 100644 --- a/infra/values/gke-prod/opencost-values.yaml +++ b/infra/values/gke-prod/opencost-values.yaml @@ -1,9 +1,10 @@ -# GCP native pricing via Cloud Billing API +# GKE-specific: GCP pricing via BigQuery billing export (prod) opencost: exporter: + cloudProviderApiKey: "" customPricing: - enabled: true - provider: gcp - gcp: - projectID: "" # <- populate with your GCP project ID - key: "" # <- or use Workload Identity + enabled: false + google: + key: "" + project_id: "" + billing_account: "" diff --git a/infra/values/gke-prod/traefik-values.yaml b/infra/values/gke-prod/traefik-values.yaml index 55351c0..7d70c40 100644 --- a/infra/values/gke-prod/traefik-values.yaml +++ b/infra/values/gke-prod/traefik-values.yaml @@ -1,15 +1,12 @@ -# GCP GKE — External passthrough Network Load Balancer +# GKE-specific: Google Cloud Load Balancer for Traefik (prod) service: annotations: - cloud.google.com/l4-rbs: "enabled" + cloud.google.com/neg: '{"ingress":true}' + networking.gke.io/load-balancer-type: External ports: web: - proxyProtocol: - trustedIPs: "10.0.0.0/8,35.191.0.0/16,130.211.0.0/22" # <- subnet CIDR + GCP health checks forwardedHeaders: - trustedIPs: "10.0.0.0/8,35.191.0.0/16,130.211.0.0/22" + trustedIPs: "10.0.0.0/8" websecure: - proxyProtocol: - trustedIPs: "10.0.0.0/8,35.191.0.0/16,130.211.0.0/22" forwardedHeaders: - trustedIPs: "10.0.0.0/8,35.191.0.0/16,130.211.0.0/22" + trustedIPs: "10.0.0.0/8"