Merge branch 'main' into 16-automate-argocd-deployment

Author: Jagoum

.gitignore

@@ -92,11 +92,25 @@ sw.*
 # yarn.lock
 yarn.lock
 
-.terraform
+# Terraform
+*.tfstate
+*.tfstate.backup
+*.tfvars
+.terraform/
 .terraform.lock.hcl
 
 
+
 */charts
 
-*.out
-*.json
+
+# Crash logs
+crash.log
+crash.*.log
+
+# Exclude .terraform directory
+.terraform/
+
+# Ignore CLI configuration files
+.terraformrc
+terraform.rc

Makefile

@@ -1,120 +1,33 @@
-# Observability Stack with GKE, LGTM, and ArgoCD
+# Kubernetes Observability & Operations Platform
 
-Complete infrastructure and application stack for observability on Google Kubernetes Engine (GKE).
+This repository provisions a comprehensive, production-grade observability and operations platform on **Google Kubernetes Engine (GKE)**. It integrates distinct, modular components to handle **deployment**, **monitoring**, **logging**, **tracing**, and **certificate management**.
 
-## Components
+## Core Components
 
-- **GKE**: Google Kubernetes Engine cluster
-- **LGTM Stack**: 
-  - Loki (logs)
-  - Grafana (visualization)
-  - Tempo (traces)
-  - Mimir (metrics)
-- **ArgoCD**: GitOps continuous deployment
-- **Cert-Manager**: Automated certificate management
-- **Ingress Controller**: Nginx ingress controller
+*   **Observability (LGTM Stack)**:
+    *   **Loki**: Distributed logging.
+    *   **Grafana**: Visualization and dashboards.
+    *   **Tempo**: Distributed tracing.
+    *   **Mimir**: Scalable metrics (Prometheus storage).
+*   **GitOps (ArgoCD)**:
+    *   **ArgoCD**: Continuous delivery and declarative GitOps workflows.
+*   **Infrastructure Essentials**:
+    *   **Cert-Manager**: Automated TLS certificate issuance (Let's Encrypt).
+    *   **Ingress Controller**: NGINX Ingress for external traffic management.
 
-## REPO STRUCTURE
+## Project Structure
+
+This project is built with **Terraform** and **Helm**, designed for modularity. You can deploy the entire stack or individual components as needed.
+
+*   **[`lgtm-stack/`](lgtm-stack/README.md)**: The core internal monitoring platform.
+*   **[`argocd/`](argocd/README.md)**: The GitOps delivery engine.
+*   **[`cert-manager/`](cert-manager/README.md)**: Certificate management infrastructure.
+*   **[`ingress-controller/`](ingress-controller/README.md)**: Ingress routing infrastructure.
+
+## Documentation
+
+*   **[Kubernetes Observability Guide](docs/kubernetes-observability.md)**: Deployment and architecture of the LGTM stack.
+*   **[Cert-Manager Deployment](docs/cert-manager-terraform-deployment.md)**: Terraform guide for Cert-Manager.
+*   **[Ingress Controller Deployment](docs/ingress-controller-terraform-deployment.md)**: Terraform guide for NGINX Ingress.
+*   **[ArgoCD Documentation](argocd/README.md)**: Setup and configuration for GitOps.
 
-```
-observability/
-├── README.md
-│   └── USE: Project overview, quick start, and entry point for new users
-│
-├── argocd/
-│   ├── README.md
-│   │   └── USE: ArgoCD component overview and quick reference
-│   └── terraform/
-│       ├── locals.tf
-│       │   └── USE: Local variables and computed values within ArgoCD module
-│       ├── main.tf
-│       │   └── USE: Deploy ArgoCD using Helm to GKE cluster
-│       ├── outputs.tf
-│       │   └── USE: Export ArgoCD endpoint URLs and credentials
-│       ├── variables.tf
-│       │   └── USE: Define input parameters for ArgoCD deployment
-│       └── values/
-│           ├── argocd-values.yaml
-│           │   └── USE: Base Helm chart values for ArgoCD
-│           ├── argocd-dev-values.yaml
-│           │   └── USE: Development environment overrides (reduced resources)
-│           └── argocd-prod-values.yaml
-│               └── USE: Production environment overrides (HA, replicas)
-│
-├── cert-manager/
-│   ├── README.md
-│   │   └── USE: Cert-Manager component overview and reference
-│   └── terraform/
-│       ├── locals.tf
-│       │   └── USE: Local variables and computed values
-│       ├── main.tf
-│       │   └── USE: Deploy Cert-Manager using Helm to manage TLS certificates
-│       ├── outputs.tf
-│       │   └── USE: Export Cert-Manager service account and configuration details
-│       ├── variables.tf
-│       │   └── USE: Define customizable parameters for Cert-Manager
-│
-├── docs/
-│   ├── ARCHITECTURE.md
-│   │   └── USE: Explain system design, component interactions, and data flow
-│   ├── GETTING_STARTED.md
-│   │   └── USE: Step-by-step quick start guide for new users
-│   ├── README.md
-│   │   └── USE: Documentation index and navigation hub
-│   ├── TUTORIAL_ARGOCD.md
-│   │   └── USE: Manual ArgoCD installation guide (alternative to Terraform)
-│   ├── TUTORIAL_CERT_MANAGER.md
-│   │   └── USE: Manual Cert-Manager installation guide
-│   ├── TUTORIAL_GKE_SETUP.md
-│   │   └── USE: Manual GKE cluster creation using gcloud CLI
-│   ├── TUTORIAL_INGRESS.md
-│   │   └── USE: Manual Ingress Controller installation guide
-│   ├── TUTORIAL_LGTM.md
-│   │   └── USE: Manual LGTM stack deployment guide
-│   └── images/
-│       ├── architecture-diagram.png
-│       │   └── USE: Visual system architecture diagram
-│       ├── argocd-workflow.png
-│       │   └── USE: Visual GitOps deployment workflow diagram
-│       └── lgtm-flow.png
-│           └── USE: Visual LGTM component data flow diagram
-│
-├── ingress-controller/
-│   ├── README.md
-│   │   └── USE: Ingress Controller component overview
-│   └── terraform/
-│       ├── locals.tf
-│       │   └── USE: Local variables for ingress module
-│       ├── main.tf
-│       │   └── USE: Deploy Nginx Ingress Controller for HTTP/HTTPS routing
-│       ├── outputs.tf
-│       │   └── USE: Export load balancer endpoint and service information
-│       ├── variables.tf
-│       │   └── USE: Define customizable parameters for Ingress
-│       └── values.yaml
-│           └── USE: Helm chart configuration for Nginx Ingress Controller
-│
-└── lgtm-stack/
-    ├── README.md
-    │   └── USE: LGTM stack component overview and architecture
-    └── terraform/
-        ├── locals.tf
-        │   └── USE: Local variables for LGTM module
-        ├── main.tf
-        │   └── USE: Deploy all LGTM components (Prometheus, Loki, Mimir, Tempo, Grafana)
-        ├── outputs.tf
-        │   └── USE: Export endpoints and credentials for all LGTM components
-        ├── variables.tf
-        │   └── USE: Define customizable parameters for LGTM deployment
-        └── values/
-            ├── grafana-values.yaml
-            │   └── USE: Helm configuration for Grafana dashboards and datasources
-            ├── loki-values.yaml
-            │   └── USE: Helm configuration for Loki log storage and retention
-            ├── mimir-values.yaml
-            │   └── USE: Helm configuration for Mimir long-term metrics storage
-            ├── prometheus-values.yaml
-            │   └── USE: Helm configuration for Prometheus metrics scraping
-            └── tempo-values.yaml
-                └── USE: Helm configuration for Tempo distributed tracing
-```

README.md

@@ -0,0 +1,24 @@
+# Argo CD Deployment Guide
+
+Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It automates the deployment of applications by continuously monitoring Git repositories and synchronizing the desired application state with the live state in your Kubernetes cluster.
+
+## Deployment Options
+
+We provide two ways to deploy Argo CD to your Kubernetes cluster:
+
+### 1. Manual Deployment
+
+Deploy Argo CD manually using Helm with customizable values files. This approach gives you full control over the configurations.
+
+**[Manual Deployment Guide](../docs/manual-argocd-deployment.md)**
+
+The manual deployment uses the production-ready values file located at [`argocd/manual/argocd-prod-values.yaml`](manual/argocd-prod-values.yaml),
+
+### 2. Automated Deployment (Terraform)
+
+Deploy Argo CD automatically using Terraform for infrastructure-as-code management
+
+**[Automated Deployment Guide](#)** *(Coming soon)*
+
+The automated deployment is located in the [`argocd/terraform/`](terraform)
+

argocd/README.md

@@ -0,0 +1,93 @@
+# 1. High Availability (Redis & Components)
+# -----------------------------------------
+redis-ha:
+  enabled: true
+  exporter:
+    enabled: true
+
+controller:
+  replicas: 1
+  resources:
+    limits:
+      memory: "2Gi"
+      cpu: "1"
+    requests:
+      memory: "512Mi"
+      cpu: "250m"
+
+repoServer:
+  replicas: 2
+  autoscaling:
+    enabled: true
+    minReplicas: 2
+    maxReplicas: 5
+  resources:
+    limits:
+      memory: "1Gi"
+      cpu: "500m"
+
+server:
+  replicas: 2
+  autoscaling:
+    enabled: true
+    minReplicas: 2
+    maxReplicas: 5
+  
+  # 2. Ingress & Cert-Manager Integration
+  # -------------------------------------
+  ingress:
+    enabled: true
+    ingressClassName: nginx # CHANGE THIS TO YOUR INGRESS CLASS NAME
+    hostname: "YOUR_ARGO-CD_DOMAIN" # CHANGE THIS
+    annotations:
+      # Standard Nginx tuning
+      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+      nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+      
+      # Cert-Manager Configuration
+      cert-manager.io/cluster-issuer: "letsencrypt-prod" # CHANGE THIS to your Issuer name
+      # If you were using a ClusterIssuer, you would use:
+      # cert-manager.io/cluster-issuer: "letsencrypt-prod"
+      
+    tls:
+      - secretName: argocd-tls-cert
+        hosts:
+          - "YOUR_ARGO-CD_DOMAIN" # CHANGE THIS
+
+  # 3. Multi-Tenancy & RBAC
+  # -----------------------
+  # This section sets up the foundation for multi-tenancy.
+  # We disable the admin user eventually and rely on SSO, 
+  # but for now, we define policies.
+configs:
+  params:
+    server.insecure: true # We terminate TLS at NGINX, so Argo itself runs insecurely internally
+  
+  # Define RBAC roles for your tenants here or in a separate ConfigMap
+  rbac:
+    policy.csv: |
+      # Example: Grant 'dev-team' access only to 'dev-project'
+      # p, role:dev-team, applications, *, dev-project/*, allow
+      # g, dev-user@yourcompany.com, role:dev-team
+      
+      # Default policy
+      g, admin, role:admin
+      g, ArgoCDAdmins, role:admin
+  
+  cm:
+    url: https://YOUR_ARGO-CD_DOMAIN
+    oidc.config: |
+      name: Keycloak
+      issuer: https://YOUR_KEYCLOAK_DOMAIN/realms/YOUR_REALM
+      clientID: YOUR_CLIENT_ID
+      clientSecret: YOUR_CLIENT_SECRET
+      requestedScopes: ["openid", "profile", "email", "groups"]
+      enablePKCEAuthentication: true
+      # PKCE is handled automatically by the ArgoCD CLI 
+      # when it talks to this OIDC provider.
+
+# 4. GitOps Engine Tuning
+# -----------------------
+# Important for production to handle many applications
+applicationSet:
+  replicas: 2