Forte/launchpad
6
0
Fork 0
Code Issues Pull Requests Actions Packages Wiki Activity

sync

Browse Source
This commit is contained in:
Danijel Simeunovic
2026-04-22 21:56:43 +02:00
parent acc9bb1a85
commit f1dd61cece
30 changed files with 104 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
infra/values/aks-dev/gitea-values.yaml
View File

@@ -1,4 +1,4 @@
# Azure Managed Disk (Premium SSD via CSI driver) # AKS-specific: Azure managed disk storage class
persistence: persistence:
storageClass: managed-csi-premium storageClass: managed-csi-premium
postgresql: postgresql:

4
infra/values/aks-dev/grafana-values.yaml Normal file
View File

@@ -0,0 +1,4 @@
# AKS-specific: Grafana hostname
ingress:
hosts:
- grafana.forteapps.net

3
infra/values/aks-dev/keycloak-values.yaml Normal file
View File

@@ -0,0 +1,3 @@
# AKS-specific: Keycloak hostname
ingress:
hostname: id.forteapps.net

11
infra/values/aks-dev/opencost-values.yaml
View File

@@ -1,11 +1,8 @@
# Azure native pricing via Billing API # AKS-specific: Azure pricing via Cloud Billing API
opencost: opencost:
exporter: exporter:
cloudProviderApiKey: ""
customPricing: customPricing:
enabled: true enabled: false
provider: azure
azure: azure:
subscriptionID: "" # <- populate secretName: opencost-azure-billing
clientID: ""
clientSecret: ""
tenantID: ""

13
infra/values/aks-dev/traefik-values.yaml
View File

@@ -1,16 +1,11 @@
# Azure AKS — Standard Load Balancer # AKS-specific: Azure Load Balancer for Traefik
# Note: Azure Standard LB does not support Proxy Protocol.
# Use externalTrafficPolicy: Local on the Traefik service to preserve
# client IPs, or deploy behind Azure Application Gateway.
service: service:
annotations: annotations:
service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: "/ping" service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /ping
spec:
externalTrafficPolicy: Local
ports: ports:
web: web:
forwardedHeaders: forwardedHeaders:
trustedIPs: "10.0.0.0/8,168.63.129.16/32" # <- VNet CIDR + Azure health probe trustedIPs: "10.0.0.0/8"
websecure: websecure:
forwardedHeaders: forwardedHeaders:
trustedIPs: "10.0.0.0/8,168.63.129.16/32" trustedIPs: "10.0.0.0/8"

2
infra/values/aks-prod/gitea-values.yaml
View File

@@ -1,4 +1,4 @@
# Azure Managed Disk (Premium SSD via CSI driver) # AKS-specific: Azure managed disk storage class (prod)
persistence: persistence:
storageClass: managed-csi-premium storageClass: managed-csi-premium
postgresql: postgresql:

4
infra/values/aks-prod/grafana-values.yaml Normal file
View File

@@ -0,0 +1,4 @@
# AKS-specific: Grafana hostname (prod)
ingress:
hosts:
- grafana.fortedigital.com

3
infra/values/aks-prod/keycloak-values.yaml Normal file
View File

@@ -0,0 +1,3 @@
# AKS-specific: Keycloak hostname (prod)
ingress:
hostname: id.fortedigital.com

11
infra/values/aks-prod/opencost-values.yaml
View File

@@ -1,11 +1,8 @@
# Azure native pricing via Billing API # AKS-specific: Azure pricing via Cloud Billing API (prod)
opencost: opencost:
exporter: exporter:
cloudProviderApiKey: ""
customPricing: customPricing:
enabled: true enabled: false
provider: azure
azure: azure:
subscriptionID: "" # <- populate secretName: opencost-azure-billing
clientID: ""
clientSecret: ""
tenantID: ""

14
infra/values/aks-prod/traefik-values.yaml
View File

@@ -1,16 +1,12 @@
# Azure AKS — Standard Load Balancer # AKS-specific: Azure Load Balancer for Traefik (prod)
# Note: Azure Standard LB does not support Proxy Protocol.
# Use externalTrafficPolicy: Local on the Traefik service to preserve
# client IPs, or deploy behind Azure Application Gateway.
service: service:
annotations: annotations:
service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: "/ping" service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path: /ping
spec: service.beta.kubernetes.io/azure-load-balancer-internal: "false"
externalTrafficPolicy: Local
ports: ports:
web: web:
forwardedHeaders: forwardedHeaders:
trustedIPs: "10.0.0.0/8,168.63.129.16/32" # <- VNet CIDR + Azure health probe trustedIPs: "10.0.0.0/8"
websecure: websecure:
forwardedHeaders: forwardedHeaders:
trustedIPs: "10.0.0.0/8,168.63.129.16/32" trustedIPs: "10.0.0.0/8"

2
infra/values/eks-dev/gitea-values.yaml
View File

@@ -1,4 +1,4 @@
# AWS EBS gp3 storage class (requires EBS CSI driver) # EKS-specific: gp3 storage class
persistence: persistence:
storageClass: gp3 storageClass: gp3
postgresql: postgresql:

4
infra/values/eks-dev/grafana-values.yaml Normal file
View File

@@ -0,0 +1,4 @@
# EKS-specific: Grafana hostname
ingress:
hosts:
- grafana.forteapps.net

3
infra/values/eks-dev/keycloak-values.yaml Normal file
View File

@@ -0,0 +1,3 @@
# EKS-specific: Keycloak hostname
ingress:
hostname: id.forteapps.net

8
infra/values/eks-dev/opencost-values.yaml
View File

@@ -1,12 +1,10 @@
# AWS native pricing via Cost and Usage Reports # EKS-specific: AWS pricing via Cost and Usage Report
opencost: opencost:
exporter: exporter:
cloudProviderApiKey: ""
customPricing: customPricing:
enabled: true enabled: false
provider: aws
aws: aws:
service_key_name: "" # <- populate or use IRSA
service_key_secret: ""
spot_data_region: "" spot_data_region: ""
spot_data_bucket: "" spot_data_bucket: ""
spot_data_prefix: "" spot_data_prefix: ""

9
infra/values/eks-dev/traefik-values.yaml
View File

@@ -1,14 +1,13 @@
# AWS EKS — NLB with Proxy Protocol v2 for real client IPs # EKS-specific: AWS NLB for Traefik
service: service:
annotations: annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "external" service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
ports: ports:
web: web:
proxyProtocol: proxyProtocol:
trustedIPs: "10.0.0.0/8" # <- adjust to your VPC CIDR trustedIPs: "10.0.0.0/8"
forwardedHeaders: forwardedHeaders:
trustedIPs: "10.0.0.0/8" trustedIPs: "10.0.0.0/8"
websecure: websecure:

2
infra/values/eks-prod/gitea-values.yaml
View File

@@ -1,4 +1,4 @@
# AWS EBS gp3 storage class (requires EBS CSI driver) # EKS-specific: gp3 storage class (prod)
persistence: persistence:
storageClass: gp3 storageClass: gp3
postgresql: postgresql:

4
infra/values/eks-prod/grafana-values.yaml Normal file
View File

@@ -0,0 +1,4 @@
# EKS-specific: Grafana hostname (prod)
ingress:
hosts:
- grafana.fortedigital.com

3
infra/values/eks-prod/keycloak-values.yaml Normal file
View File

@@ -0,0 +1,3 @@
# EKS-specific: Keycloak hostname (prod)
ingress:
hostname: id.fortedigital.com

8
infra/values/eks-prod/opencost-values.yaml
View File

@@ -1,12 +1,10 @@
# AWS native pricing via Cost and Usage Reports # EKS-specific: AWS pricing via Cost and Usage Report (prod)
opencost: opencost:
exporter: exporter:
cloudProviderApiKey: ""
customPricing: customPricing:
enabled: true enabled: false
provider: aws
aws: aws:
service_key_name: "" # <- populate or use IRSA
service_key_secret: ""
spot_data_region: "" spot_data_region: ""
spot_data_bucket: "" spot_data_bucket: ""
spot_data_prefix: "" spot_data_prefix: ""

10
infra/values/eks-prod/traefik-values.yaml
View File

@@ -1,14 +1,14 @@
# AWS EKS — NLB with Proxy Protocol v2 for real client IPs # EKS-specific: AWS NLB for Traefik (prod)
service: service:
annotations: annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "external" service.beta.kubernetes.io/aws-load-balancer-type: nlb
service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: "ip" service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
service.beta.kubernetes.io/aws-load-balancer-scheme: "internet-facing"
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
ports: ports:
web: web:
proxyProtocol: proxyProtocol:
trustedIPs: "10.0.0.0/8" # <- adjust to your VPC CIDR trustedIPs: "10.0.0.0/8"
forwardedHeaders: forwardedHeaders:
trustedIPs: "10.0.0.0/8" trustedIPs: "10.0.0.0/8"
websecure: websecure:

2
infra/values/gke-dev/gitea-values.yaml
View File

@@ -1,4 +1,4 @@
# GCP Persistent Disk (SSD via CSI driver) # GKE-specific: SSD persistent disk storage class
persistence: persistence:
storageClass: premium-rwo storageClass: premium-rwo
postgresql: postgresql:

4
infra/values/gke-dev/grafana-values.yaml Normal file
View File

@@ -0,0 +1,4 @@
# GKE-specific: Grafana hostname
ingress:
hosts:
- grafana.forteapps.net

3
infra/values/gke-dev/keycloak-values.yaml Normal file
View File

@@ -0,0 +1,3 @@
# GKE-specific: Keycloak hostname
ingress:
hostname: id.forteapps.net

13
infra/values/gke-dev/opencost-values.yaml
View File

@@ -1,9 +1,10 @@
# GCP native pricing via Cloud Billing API # GKE-specific: GCP pricing via BigQuery billing export
opencost: opencost:
exporter: exporter:
cloudProviderApiKey: ""
customPricing: customPricing:
enabled: true enabled: false
provider: gcp google:
gcp: key: ""
projectID: "" # <- populate with your GCP project ID project_id: ""
key: "" # <- or use Workload Identity billing_account: ""

13
infra/values/gke-dev/traefik-values.yaml
View File

@@ -1,15 +1,12 @@
# GCP GKE — External passthrough Network Load Balancer # GKE-specific: Google Cloud Load Balancer for Traefik
service: service:
annotations: annotations:
cloud.google.com/l4-rbs: "enabled" cloud.google.com/neg: '{"ingress":true}'
networking.gke.io/load-balancer-type: External
ports: ports:
web: web:
proxyProtocol:
trustedIPs: "10.0.0.0/8,35.191.0.0/16,130.211.0.0/22" # <- subnet CIDR + GCP health checks
forwardedHeaders: forwardedHeaders:
trustedIPs: "10.0.0.0/8,35.191.0.0/16,130.211.0.0/22" trustedIPs: "10.0.0.0/8"
websecure: websecure:
proxyProtocol:
trustedIPs: "10.0.0.0/8,35.191.0.0/16,130.211.0.0/22"
forwardedHeaders: forwardedHeaders:
trustedIPs: "10.0.0.0/8,35.191.0.0/16,130.211.0.0/22" trustedIPs: "10.0.0.0/8"

2
infra/values/gke-prod/gitea-values.yaml
View File

@@ -1,4 +1,4 @@
# GCP Persistent Disk (SSD via CSI driver) # GKE-specific: SSD persistent disk storage class (prod)
persistence: persistence:
storageClass: premium-rwo storageClass: premium-rwo
postgresql: postgresql:

4
infra/values/gke-prod/grafana-values.yaml Normal file
View File

@@ -0,0 +1,4 @@
# GKE-specific: Grafana hostname (prod)
ingress:
hosts:
- grafana.fortedigital.com

3
infra/values/gke-prod/keycloak-values.yaml Normal file
View File

@@ -0,0 +1,3 @@
# GKE-specific: Keycloak hostname (prod)
ingress:
hostname: id.fortedigital.com

13
infra/values/gke-prod/opencost-values.yaml
View File

@@ -1,9 +1,10 @@
# GCP native pricing via Cloud Billing API # GKE-specific: GCP pricing via BigQuery billing export (prod)
opencost: opencost:
exporter: exporter:
cloudProviderApiKey: ""
customPricing: customPricing:
enabled: true enabled: false
provider: gcp google:
gcp: key: ""
projectID: "" # <- populate with your GCP project ID project_id: ""
key: "" # <- or use Workload Identity billing_account: ""

13
infra/values/gke-prod/traefik-values.yaml
View File

@@ -1,15 +1,12 @@
# GCP GKE — External passthrough Network Load Balancer # GKE-specific: Google Cloud Load Balancer for Traefik (prod)
service: service:
annotations: annotations:
cloud.google.com/l4-rbs: "enabled" cloud.google.com/neg: '{"ingress":true}'
networking.gke.io/load-balancer-type: External
ports: ports:
web: web:
proxyProtocol:
trustedIPs: "10.0.0.0/8,35.191.0.0/16,130.211.0.0/22" # <- subnet CIDR + GCP health checks
forwardedHeaders: forwardedHeaders:
trustedIPs: "10.0.0.0/8,35.191.0.0/16,130.211.0.0/22" trustedIPs: "10.0.0.0/8"
websecure: websecure:
proxyProtocol:
trustedIPs: "10.0.0.0/8,35.191.0.0/16,130.211.0.0/22"
forwardedHeaders: forwardedHeaders:
trustedIPs: "10.0.0.0/8,35.191.0.0/16,130.211.0.0/22" trustedIPs: "10.0.0.0/8"