diff --git a/README.md b/README.md index 8e3fd83..03413fc 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ kubectl create namespace argocd kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/v3.0.12/manifests/ha/install.yaml git clone https://github.com/justgithubaccount/app-release.git cd app-release -kubectl apply -f infra/roles/role-dev-enviroment.yaml +kubectl apply -f infra/infra-root.yaml ``` Поднимется API на FastAPI, будут проброшенны вэбки для Argo, Grafana через CloudFlare (ssl + dns), Longhorn. @@ -27,11 +27,11 @@ kubectl apply -f infra/roles/role-dev-enviroment.yaml Изначально все родилось с идеи создать микро-сервисную архитектуру для ии-агента с подключеним CrewAI, но перед этим еще нужно было потестить эко-систему от Арго -В `apps/` живут сервисы, отвечающие за логические сущности ии-агента и в целом системы -В `charts/` соответственно хелм-обертки под эти сервисы -В `infra/base/services` соответственно эти сервисы обернуты в `kind` типа `Application` +`infra/infra-root.yaml` разворачивает AppProject'ы и App-of-Apps для окружений `dev` и `prd`. Каждый кластер тянет `infra/platform/apps/` — там лежат все платформенные Argo CD Applications (Backstage, ingress, cert-manager, External Secrets, наблюдаемость, Vector). -После применения `infra/roles/role-dev-enviroment.yaml` подхватывается overlay `infra/clusters/dev/kustomization.yaml` для этой роли (можно воспринимать как разрешение, т.е. что будет установленно в кластер), в котором можно посмотреть что будет применно к этому кластеру +В `apps/` теперь живут бизнес-сервисы, для примера добавлен Helm chart `apps/chat-api`. В `apps/chat-api/values/` хранятся оверлеи `values-dev.yaml` и `values-prd.yaml`, которые включаются из GitOps-пайплайнов под проектом `apps`. + +Вся платформенная конфигурация (ingress, cert-manager, External Secrets, observability, Backstage) вынесена в `infra/platform/values`. Базовые значения лежат в `base.yaml`, а окруженческие корректировки — в `dev.yaml`/`prd.yaml`. Благодаря GitOps все крайне прозрачно и предусматривает управление любым кол-вом кластеров 100+ diff --git a/apps/chat-api/chart/Chart.yaml b/apps/chat-api/chart/Chart.yaml new file mode 100644 index 0000000..cd072d2 --- /dev/null +++ b/apps/chat-api/chart/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: chat-api +description: Helm chart for the chat API workload +version: 0.1.0 +appVersion: "1.0.0" +type: application diff --git a/apps/chat-api/chart/templates/_helpers.tpl b/apps/chat-api/chart/templates/_helpers.tpl new file mode 100644 index 0000000..286fdeb --- /dev/null +++ b/apps/chat-api/chart/templates/_helpers.tpl @@ -0,0 +1,24 @@ +{{- define "chat-api.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "chat-api.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{- define "chat-api.labels" -}} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/name: {{ include "chat-api.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{- define "chat-api.selectorLabels" -}} +app.kubernetes.io/name: {{ include "chat-api.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/apps/chat-api/chart/templates/deployment.yaml b/apps/chat-api/chart/templates/deployment.yaml new file mode 100644 index 0000000..20b3b58 --- /dev/null +++ b/apps/chat-api/chart/templates/deployment.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "chat-api.fullname" . }} + labels: + {{- include "chat-api.labels" . | nindent 4 }} + backstage.io/kubernetes-id: chat-api +spec: + replicas: {{ .Values.replicaCount | default 1 }} + selector: + matchLabels: + {{- include "chat-api.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "chat-api.selectorLabels" . | nindent 8 }} + backstage.io/kubernetes-id: chat-api + spec: + containers: + - name: chat-api + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: {{ .Values.service.port }} + name: http + env: + {{- toYaml .Values.env | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} diff --git a/apps/chat-api/chart/templates/service.yaml b/apps/chat-api/chart/templates/service.yaml new file mode 100644 index 0000000..7761dcc --- /dev/null +++ b/apps/chat-api/chart/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "chat-api.fullname" . }} + labels: + {{- include "chat-api.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "chat-api.selectorLabels" . | nindent 4 }} diff --git a/apps/chat-api/chart/values.yaml b/apps/chat-api/chart/values.yaml new file mode 100644 index 0000000..694816d --- /dev/null +++ b/apps/chat-api/chart/values.yaml @@ -0,0 +1,17 @@ +image: + repository: ghcr.io/justgithubaccount/chat-api + tag: latest + pullPolicy: IfNotPresent +service: + type: ClusterIP + port: 8080 +ingress: + enabled: false +resources: + requests: + cpu: 100m + memory: 128Mi + limits: + cpu: 500m + memory: 512Mi +env: [] diff --git a/apps/chat-api/values/values-dev.yaml b/apps/chat-api/values/values-dev.yaml new file mode 100644 index 0000000..e41b3ff --- /dev/null +++ b/apps/chat-api/values/values-dev.yaml @@ -0,0 +1,17 @@ +image: + tag: dev +ingress: + enabled: true + className: nginx + hosts: + - host: chat.dev.example.com + paths: + - path: / + pathType: Prefix + tls: + - secretName: chat-dev-tls + hosts: + - chat.dev.example.com +env: + - name: LOG_LEVEL + value: debug diff --git a/apps/chat-api/values/values-prd.yaml b/apps/chat-api/values/values-prd.yaml new file mode 100644 index 0000000..9a31fd9 --- /dev/null +++ b/apps/chat-api/values/values-prd.yaml @@ -0,0 +1,17 @@ +image: + tag: prd +ingress: + enabled: true + className: nginx + hosts: + - host: chat.prod.example.com + paths: + - path: / + pathType: Prefix + tls: + - secretName: chat-prod-tls + hosts: + - chat.prod.example.com +env: + - name: LOG_LEVEL + value: info diff --git a/catalog/chat-api/catalog-info.yaml b/catalog/chat-api/catalog-info.yaml new file mode 100644 index 0000000..28f2851 --- /dev/null +++ b/catalog/chat-api/catalog-info.yaml @@ -0,0 +1,14 @@ +apiVersion: backstage.io/v1alpha1 +kind: Component +metadata: + name: chat-api + description: Chat API powering conversational experiences + annotations: + backstage.io/kubernetes-id: chat-api + grafana/dashboard-selector: (tags @> 'chat-api') + prometheus.io/rule: sum(rate(http_requests_total{service="chat-api"}[5m])) +spec: + type: service + owner: team-llm + lifecycle: production + system: chat-platform diff --git a/docs/gitops-backstage-refactor-spec.md b/docs/gitops-backstage-refactor-spec.md new file mode 100644 index 0000000..e487b52 --- /dev/null +++ b/docs/gitops-backstage-refactor-spec.md @@ -0,0 +1,130 @@ +# GitOps Platform Refactor and Backstage Enablement Technical Specification + +## 1. Purpose +This specification describes the changes required to reorganize the repository into a domain-oriented GitOps layout and to introduce Backstage (Red Hat Developer Hub chart) as part of the internal developer platform. The desired end state keeps all cluster configuration in Git, delivers it through Argo CD, and exposes observability and platform capabilities through Backstage. + +## 2. Scope +- Migrate the current `roles/` content into a new `infra/platform/` hierarchy that separates concerns by domain. +- Define Argo CD AppProjects (`platform`, `apps`) and per-environment App-of-Apps bootstraps for `dev` and `prd` clusters. +- Model Argo CD Applications for platform services: Backstage, Vector Gateway, ingress, cert-manager, External Secrets, and the observability stack (Loki, Tempo, Prometheus, Grafana). +- Store Helm values beneath `infra/platform/values//` with base overlays and environment-specific overrides. +- Install Backstage via the Red Hat Developer Hub Helm chart, including baseline app-config (proxying Grafana/Prometheus/Tempo), required plugins, and Kubernetes integration. +- Configure Backstage access to Kubernetes (service account with `backstage.io/kubernetes-id` labels/annotations on workloads). +- Manage platform secrets using External Secrets (Backstage database password, Grafana tokens, etc.). +- Provide CI validation for manifests (Helm lint/template, kubeconform, OPA policy checks). +- Deliver documentation covering repository structure, pipelines, rollback strategy, and SLA/SoP references. + +## 3. Out of Scope +- Rewriting application charts or redesigning workloads beyond structural reorganization and Backstage onboarding. +- Data migrations—Backstage connects to the existing Postgres (Patroni/PgBouncer) deployment only. + +## 4. Target Repository Layout +``` +infra/ + base/ + addons/ + crds/ + services/ + platform/ + apps/ + backstage-application.yaml + vector-gateway-application.yaml + ingress-application.yaml + cert-manager-application.yaml + external-secrets-application.yaml + observability-application.yaml + values/ + backstage/ + base.yaml + dev.yaml + prd.yaml + vector/ + base.yaml + dev.yaml + prd.yaml + kustomization.yaml + clusters/ + dev/ + app-of-apps.yaml + kustomization.yaml + prd/ + app-of-apps.yaml + kustomization.yaml + projects/ + argocd-project-platform.yaml + argocd-project-apps.yaml + infra-root.yaml + +apps/ + chat-api/ + chart/ + values/ + values-dev.yaml + values-prd.yaml +catalog/ + chat-api/catalog-info.yaml +``` + +## 5. Argo CD Configuration +### 5.1 AppProjects +- `infra/projects/argocd-project-platform.yaml`: defines the platform project with access to required namespaces and source repositories (GitHub repo, RHDH chart repo, optional external charts). +- `infra/projects/argocd-project-apps.yaml`: defines the apps project with wildcard namespace access for application teams. + +### 5.2 Environment Bootstrapping +- `infra/clusters/dev/app-of-apps.yaml` and `infra/clusters/prd/app-of-apps.yaml` bootstrap the platform by syncing `infra/platform/apps` using automated pruning and self-healing. Each environment pins its desired Git revision. + +### 5.3 Platform Applications +- Each file under `infra/platform/apps/` declares an Argo CD Application pointing to the relevant chart or manifest path, uses environment overlays via `valueFiles`, enables `CreateNamespace`, and sets automated sync with self-heal/prune. + +## 6. Backstage Deployment +- Source the Backstage chart from `https://redhat-developer.github.io/rhdh-chart`, pinning the chosen version. +- Helm values in `infra/platform/values/backstage/` configure: + - `backstage.appConfig` including portal title, base URL, and reverse proxies for Grafana, Prometheus, and Tempo APIs. + - Ingress with TLS for `https://backstage./`. + - Dynamic plugin enablement (Kubernetes, Grafana, Prometheus, optional Jaeger). + - External Postgres connection details (host, port, database, user). + - Resource requests/limits and ServiceMonitor settings for metrics scraping. +- Use External Secrets to source sensitive data (DB password, API tokens) into Kubernetes secrets consumed by the chart. +- Ensure Backstage’s Kubernetes plugin can discover workloads via `backstage.io/kubernetes-id` labels on Deployments/Pods and the linked Backstage entity metadata. + +## 7. Observability and Telemetry +- Deploy Vector Gateway as an OTLP aggregator that forwards logs to Loki, traces to Tempo, and metrics to Prometheus while exposing a Prometheus metrics endpoint. +- Maintain consistent Loki labels (`service_name`, `namespace`, `app.kubernetes.io/name`) and keep trace identifiers as log fields. +- Provide Grafana dashboards and Tempo/Prometheus endpoints that Backstage proxies for unified visibility. +- Enforce PodSecurity and NetworkPolicies (default deny with explicit allowances between services and data stores). + +## 8. External Secrets Strategy +- Reference a ClusterSecretStore (e.g., Consul/Vault) for all sensitive values. +- Define ExternalSecret manifests (e.g., `backstage-db-password`) to materialize secrets in target namespaces with structured templates. +- Avoid committing plaintext secrets to the repository; rely solely on External Secrets reconciliation. + +## 9. CI/CD and Policy Controls +- Establish GitHub Actions (or equivalent) that run on every change: + - `helm lint` and `helm template` for all charts and overlays. + - `kubeconform` against rendered manifests. + - Policy enforcement through Kyverno or Gatekeeper (ensuring security context, mandatory labels, no inline secrets). + - Optional quality checks (`yamllint`, `ruff`, `prettier`). +- Adopt conventional commits and semantic-release workflows for traceable change management. + +## 10. Acceptance Criteria +1. Platform structure matches the target layout with all platform Applications under `infra/platform/*` and bootstrap files under `infra/clusters//`. +2. AppProjects constrain platform and app deployments to approved namespaces and source repositories. +3. Backstage Application is healthy in Argo CD and publicly reachable with TLS, exposing Kubernetes, Prometheus, and Grafana integrations for services like `chat-api`. +4. Vector Gateway reliably receives OTLP traffic and fans out to Loki/Tempo/Prometheus, enabling trace-to-log workflows via Grafana. +5. Secrets for Backstage and platform integrations are sourced exclusively through External Secrets; no sensitive values are committed to Git. +6. CI pipelines covering Helm rendering, schema validation, and policy enforcement complete successfully. + +## 11. Migration Plan +1. Create a feature branch (e.g., `refactor/platform-layer`). +2. Relocate `roles/` content into the new platform hierarchy and introduce values overlays. +3. Add AppProjects and environment App-of-Apps manifests. +4. Bootstrap the `dev` environment with the new structure and validate component health. +5. Configure Backstage connectivity to the external Postgres instance and verify plugin functionality. +6. Register application entities (e.g., `catalog/chat-api/catalog-info.yaml`) and annotate Kubernetes workloads for Backstage discovery. +7. After successful validation, promote the changes to `prd` via GitOps (merge and synchronize). + +## 12. Documentation Deliverables +- Update the repository README to reference the new layout and Backstage entry point. +- Provide runbooks describing deployment, rollback, and incident response procedures. +- Document SLA/SLO expectations for the platform stack (Backstage, observability components, External Secrets controller). + diff --git a/infra/base/addons/cert-manager/application.yaml b/infra/base/addons/cert-manager/application.yaml deleted file mode 100644 index 7d317d2..0000000 --- a/infra/base/addons/cert-manager/application.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: cert-manager - namespace: argocd - annotations: - argocd.argoproj.io/sync-wave: "2" -spec: - project: default - destination: - name: CLUSTER # ← Placeholder - namespace: cert-manager - source: - repoURL: https://charts.jetstack.io - chart: cert-manager - targetRevision: v1.18.0 - helm: - values: | - installCRDs: true - extraArgs: - - --dns01-recursive-nameservers-only - - --dns01-recursive-nameservers=8.8.8.8:53,1.1.1.1:53 - syncPolicy: - automated: - prune: true - selfHeal: true - syncOptions: - - CreateNamespace=true \ No newline at end of file diff --git a/infra/base/addons/cert-manager/kustomization.yaml b/infra/base/addons/cert-manager/kustomization.yaml deleted file mode 100644 index 71ba4ce..0000000 --- a/infra/base/addons/cert-manager/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: - - application.yaml - - cloudflare-secrets.yaml - - cert-cluster.yaml - - issuer-cluster.yaml \ No newline at end of file diff --git a/infra/base/addons/external-secrets/kustomization.yaml b/infra/base/addons/external-secrets/kustomization.yaml deleted file mode 100644 index 1387067..0000000 --- a/infra/base/addons/external-secrets/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: - - application.yaml \ No newline at end of file diff --git a/infra/base/addons/ingress-nginx/application.yaml b/infra/base/addons/ingress-nginx/application.yaml deleted file mode 100644 index 00ae91f..0000000 --- a/infra/base/addons/ingress-nginx/application.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# Если admissionWebhooks: enabled: false, то деплой ингресса виснет на хрен поймешь каком этапе намертово -# Проблема с запуском ingress-nginx была в циклической блокировке webhook. (но это не точно) -# Проконсультироваться, ибо не production-ready - -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: ingress-nginx - namespace: argocd - annotations: - argocd.argoproj.io/sync-wave: "0" # Устанавливается первым -spec: - project: default - destination: - name: CLUSTER # ← Placeholder, заменится через overlay - namespace: ingress-nginx - source: - repoURL: https://kubernetes.github.io/ingress-nginx - chart: ingress-nginx - targetRevision: 4.12.3 - helm: - values: | - controller: - kind: DaemonSet - ingressClassResource: - name: nginx - enabled: true - default: true - metrics: - enabled: true - admissionWebhooks: - enabled: false - # syncPolicy: - # automated: - # selfHeal: true - # prune: true - # syncOptions: - # - CreateNamespace=true - # - Replace=true # Для пересоздания проблемных ресурсов - syncPolicy: - automated: - allowEmpty: true - selfHeal: true - prune: true - syncOptions: - - Validate=true - - CreateNamespace=true - - PruneLast=true \ No newline at end of file diff --git a/infra/base/addons/ingress-nginx/kustomization.yaml b/infra/base/addons/ingress-nginx/kustomization.yaml deleted file mode 100644 index f86fb48..0000000 --- a/infra/base/addons/ingress-nginx/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -resources: - - application.yaml - - overlays/ingress-chat.yaml - - overlays/ingress-grafana.yaml - - overlays/ingress-argo.yaml -# - overlays/ingress-consul.yaml \ No newline at end of file diff --git a/infra/base/addons/observability/grafana/application.yaml b/infra/base/addons/observability/grafana/application.yaml deleted file mode 100644 index cf9bb78..0000000 --- a/infra/base/addons/observability/grafana/application.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: grafana - namespace: argocd - annotations: - argocd.argoproj.io/sync-wave: "2" -spec: - project: default - source: - repoURL: https://grafana.github.io/helm-charts - chart: grafana - targetRevision: 9.2.1 - helm: - values: | - adminPassword: admin - service: - type: ClusterIP - datasources: - datasources.yaml: - apiVersion: 1 - datasources: - - name: Loki - type: loki - access: proxy - url: http://loki.observability.svc.cluster.local:3100 - destination: - namespace: observability - name: CLUSTER - syncPolicy: - automated: - selfHeal: true - prune: true - syncOptions: - - CreateNamespace=true diff --git a/infra/base/addons/observability/grafana/kustomization.yaml b/infra/base/addons/observability/grafana/kustomization.yaml deleted file mode 100644 index 1387067..0000000 --- a/infra/base/addons/observability/grafana/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: - - application.yaml \ No newline at end of file diff --git a/infra/base/addons/observability/loki/application.yaml b/infra/base/addons/observability/loki/application.yaml deleted file mode 100644 index 4d929da..0000000 --- a/infra/base/addons/observability/loki/application.yaml +++ /dev/null @@ -1,105 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: loki - namespace: argocd - annotations: - argocd.argoproj.io/sync-wave: "2" -spec: - project: default - source: - repoURL: https://grafana.github.io/helm-charts - chart: loki - targetRevision: 6.30.1 - helm: - values: | - deploymentMode: SingleBinary - - singleBinary: - replicas: 1 - persistence: - enabled: true - storageClass: longhorn - size: 10Gi - - backend: { replicas: 0 } - read: { replicas: 0 } - write: { replicas: 0 } - ingester: { replicas: 0 } - querier: { replicas: 0 } - queryFrontend: { replicas: 0 } - queryScheduler: { replicas: 0 } - distributor: { replicas: 0 } - compactor: { replicas: 0 } - indexGateway: { replicas: 0 } - bloomCompactor: { replicas: 0 } - bloomGateway: { replicas: 0 } - - gateway: - enabled: false - lokiCanary: - enabled: true - test: - enabled: true - grafana-agent-operator: - enabled: false - resultsCache: - enabled: false - chunksCache: - enabled: false - - loki: - auth_enabled: false - commonConfig: - replication_factor: 1 - pattern_ingester: - enabled: true - limits_config: - allow_structured_metadata: true - volume_enabled: true - ruler: - enable_api: true - storage: - type: s3 - bucketNames: - chunks: ceae9495-3a627f83-8eba-441e-b648-37d41cded627 - ruler: ceae9495-3a627f83-8eba-441e-b648-37d41cded627 - admin: ceae9495-3a627f83-8eba-441e-b648-37d41cded627 - s3: - endpoint: s3.twcstorage.ru - access_key_id: ${S3_ACCESS_KEY} - secret_access_key: ${S3_SECRET_KEY} - region: ru-1 - insecure: true - schemaConfig: - configs: - - from: "2024-04-01" - store: tsdb - object_store: s3 - schema: v13 - index: - prefix: loki_index_ - period: 24h - - extraEnv: - - name: S3_ACCESS_KEY - valueFrom: - secretKeyRef: - name: loki-s3-secret - key: access_key - - name: S3_SECRET_KEY - valueFrom: - secretKeyRef: - name: loki-s3-secret - key: secret_key - - destination: - namespace: observability - name: CLUSTER - - syncPolicy: - automated: - selfHeal: true - prune: true - syncOptions: - - CreateNamespace=true \ No newline at end of file diff --git a/infra/base/addons/observability/loki/kustomization.yaml b/infra/base/addons/observability/loki/kustomization.yaml deleted file mode 100644 index 1387067..0000000 --- a/infra/base/addons/observability/loki/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: - - application.yaml \ No newline at end of file diff --git a/infra/base/addons/observability/vector-gateway/application.yaml b/infra/base/addons/observability/vector-gateway/application.yaml deleted file mode 100644 index 79d9c55..0000000 --- a/infra/base/addons/observability/vector-gateway/application.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: vector-gateway - namespace: argocd - annotations: - argocd.argoproj.io/sync-wave: "2" -spec: - project: default - source: - repoURL: https://helm.vector.dev - chart: vector - targetRevision: 0.44.0 - helm: - values: | - role: "Stateless-Aggregator" - service: - enabled: true - ports: - - name: otlp-http - port: 4318 - - name: otlp-grpc - port: 4317 - customConfig: - data_dir: /vector-data - sources: - otel: - type: opentelemetry - http: - address: 0.0.0.0:4318 - grpc: - address: 0.0.0.0:4317 - sinks: - loki: - type: loki - inputs: - - otel.logs - endpoint: http://loki.observability.svc.cluster.local:3100 - encoding: - codec: json - labels: - app: "{{`{{ host }}`}}" - env: dev - destination: - name: CLUSTER - namespace: observability - syncPolicy: - automated: - selfHeal: true - prune: true - syncOptions: - - CreateNamespace=true diff --git a/infra/base/addons/observability/vector-gateway/kustomization.yaml b/infra/base/addons/observability/vector-gateway/kustomization.yaml deleted file mode 100644 index 1387067..0000000 --- a/infra/base/addons/observability/vector-gateway/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: - - application.yaml \ No newline at end of file diff --git a/infra/bootstrap/kustomization.yaml b/infra/bootstrap/kustomization.yaml new file mode 100644 index 0000000..8de21a8 --- /dev/null +++ b/infra/bootstrap/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../projects/argocd-project-platform.yaml + - ../projects/argocd-project-apps.yaml + - ../clusters/dev/app-of-apps.yaml + - ../clusters/prd/app-of-apps.yaml diff --git a/infra/roles/role-dev-enviroment.yaml b/infra/clusters/dev/app-of-apps.yaml similarity index 51% rename from infra/roles/role-dev-enviroment.yaml rename to infra/clusters/dev/app-of-apps.yaml index 5e0276b..fc8c201 100644 --- a/infra/roles/role-dev-enviroment.yaml +++ b/infra/clusters/dev/app-of-apps.yaml @@ -1,27 +1,23 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: dev-app # любое уникальное имя + name: platform-bootstrap namespace: argocd labels: - tier: argocd - finalizers: - - resources-finalizer.argocd.argoproj.io + argocd.argoproj.io/instance: platform-bootstrap spec: - destination: - server: https://kubernetes.default.svc - namespace: argocd - project: default + project: platform source: repoURL: https://github.com/justgithubaccount/app-release.git - path: infra/clusters/dev # overlay-директория этого кластера targetRevision: main + path: infra/platform/apps/dev + destination: + server: https://kubernetes.default.svc + namespace: argocd syncPolicy: automated: - allowEmpty: true - selfHeal: true prune: true + selfHeal: true syncOptions: - - Validate=true - CreateNamespace=true - - PruneLast=true + - ServerSideApply=true diff --git a/infra/clusters/dev/chat-values.yaml b/infra/clusters/dev/chat-values.yaml deleted file mode 100644 index e0becc2..0000000 --- a/infra/clusters/dev/chat-values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -helm: - parameters: - - name: image.name - value: ghcr.io/justgithubaccount/chat-api - forcestring: true - - name: image.tag - value: 1.1.6 - forcestring: true diff --git a/infra/clusters/dev/destination.yaml b/infra/clusters/dev/destination.yaml deleted file mode 100644 index 89a82da..0000000 --- a/infra/clusters/dev/destination.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# infra/clusters/dev/destination.yaml -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: all - namespace: argocd -spec: - project: default - destination: - name: in-cluster \ No newline at end of file diff --git a/infra/clusters/dev/kustomization.yaml b/infra/clusters/dev/kustomization.yaml deleted file mode 100644 index fbcfbf6..0000000 --- a/infra/clusters/dev/kustomization.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -# All app names must be unique across the ArgoCD instance -# So let's prefix the app names with the cluster name (dev- | demo-worker1-) -# namePrefix: dev- -resources: - - ../../base/addons/sealed-secrets - - ../../base/addons/ingress-nginx - - ../../base/addons/cert-manager - - ../../base/addons/reflector - - ../../base/addons/external-dns - - ../../base/addons/longhorn - - ../../base/addons/observability/loki - - ../../base/addons/observability/grafana - - ../../base/services/agent/chat -# - ../../base/services/llm/gateway -# - ../../base/addons/consul - - ../../base/addons/external-secrets - - ../../base/addons/observability/vector-gateway - - ../../base/addons/argocd-image-updater - -patches: - # Override .spec.destination.name - - path: destination.yaml - target: - kind: Application \ No newline at end of file diff --git a/infra/clusters/prd/app-of-apps.yaml b/infra/clusters/prd/app-of-apps.yaml new file mode 100644 index 0000000..4b36752 --- /dev/null +++ b/infra/clusters/prd/app-of-apps.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: platform-bootstrap + namespace: argocd + labels: + argocd.argoproj.io/instance: platform-bootstrap +spec: + project: platform + source: + repoURL: https://github.com/justgithubaccount/app-release.git + targetRevision: main + path: infra/platform/apps/prd + destination: + server: https://kubernetes.default.svc + namespace: argocd + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true diff --git a/infra/clusters/prd/destination.yaml b/infra/clusters/prd/destination.yaml deleted file mode 100644 index 4319367..0000000 --- a/infra/clusters/prd/destination.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# apiVersion: argoproj.io/v1alpha1 -# kind: Application -# metadata: -# name: all # имя здесь неважно – патч применится по kind -# spec: -# destination: -# name: prd # ТОЧНОЕ имя prod-кластера из `argocd cluster list` -# namespace: argocd # можно опустить, если в base уже указано diff --git a/infra/clusters/prd/kustomization.yaml b/infra/clusters/prd/kustomization.yaml deleted file mode 100644 index ff30e8e..0000000 --- a/infra/clusters/prd/kustomization.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# apiVersion: kustomize.config.k8s.io/v1beta1 -# kind: Kustomization - -# namePrefix: prd- - -# resources: -# - ../../../base/addons/ingress-nginx -# - ../../../base/addons/cert-manager -# - ../../../base/addons/external-dns -# - ../../../base/addons/observability/loki -# - ../../../base/addons/observability/grafana -# - ../../../base/addons/longhorn -# - ../../../base/services/agent/chat -# - ../../../base/services/llm/gateway - -# # patches: -# # # Исправляем CLUSTER placeholder для всех Applications -# # - target: -# # kind: Application -# # patch: |- -# # - op: replace -# # path: /spec/destination/name -# # value: prd -# # - op: replace -# # path: /spec/destination/server -# # value: https://kubernetes.default.svc - -# patches: -# - target: -# kind: Application -# patch: |- -# - op: remove -# path: /spec/destination/name -# - op: replace -# path: /spec/destination/server -# value: https://kubernetes.default.svc \ No newline at end of file diff --git a/infra/infra-root.yaml b/infra/infra-root.yaml index b2cb58a..2e4476d 100644 --- a/infra/infra-root.yaml +++ b/infra/infra-root.yaml @@ -4,12 +4,11 @@ metadata: name: infra-root namespace: argocd spec: - project: default + project: platform source: repoURL: https://github.com/justgithubaccount/app-release.git - path: infra/roles - directory: - recurse: true + targetRevision: main + path: infra/bootstrap destination: server: https://kubernetes.default.svc namespace: argocd diff --git a/infra/platform/apps/base/backstage-application.yaml b/infra/platform/apps/base/backstage-application.yaml new file mode 100644 index 0000000..ded7cbb --- /dev/null +++ b/infra/platform/apps/base/backstage-application.yaml @@ -0,0 +1,26 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: backstage + namespace: argocd + labels: + app.kubernetes.io/part-of: developer-portal +spec: + project: platform + source: + repoURL: https://redhat-developer.github.io/rhdh-chart + chart: backstage + targetRevision: 1.2.0 + helm: + releaseName: backstage + valueFiles: + - infra/platform/values/backstage/base.yaml + destination: + server: https://kubernetes.default.svc + namespace: backstage + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/infra/platform/apps/base/cert-manager-application.yaml b/infra/platform/apps/base/cert-manager-application.yaml new file mode 100644 index 0000000..d7622ae --- /dev/null +++ b/infra/platform/apps/base/cert-manager-application.yaml @@ -0,0 +1,26 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager + namespace: argocd + labels: + app.kubernetes.io/part-of: security +spec: + project: platform + source: + repoURL: https://charts.jetstack.io + chart: cert-manager + targetRevision: v1.14.2 + helm: + releaseName: cert-manager + valueFiles: + - infra/platform/values/cert-manager/base.yaml + destination: + server: https://kubernetes.default.svc + namespace: cert-manager + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/infra/base/addons/external-secrets/application.yaml b/infra/platform/apps/base/external-secrets-application.yaml similarity index 59% rename from infra/base/addons/external-secrets/application.yaml rename to infra/platform/apps/base/external-secrets-application.yaml index 72ef4f1..c9c59df 100644 --- a/infra/base/addons/external-secrets/application.yaml +++ b/infra/platform/apps/base/external-secrets-application.yaml @@ -3,23 +3,24 @@ kind: Application metadata: name: external-secrets namespace: argocd - annotations: - argocd.argoproj.io/sync-wave: "1" + labels: + app.kubernetes.io/part-of: security spec: - project: default + project: platform source: repoURL: https://charts.external-secrets.io chart: external-secrets - targetRevision: 0.18.2 + targetRevision: 0.9.19 helm: - values: | - installCRDs: true + releaseName: external-secrets + valueFiles: + - infra/platform/values/external-secrets/base.yaml destination: - name: CLUSTER + server: https://kubernetes.default.svc namespace: external-secrets syncPolicy: automated: - selfHeal: true prune: true + selfHeal: true syncOptions: - CreateNamespace=true diff --git a/infra/platform/apps/base/ingress-application.yaml b/infra/platform/apps/base/ingress-application.yaml new file mode 100644 index 0000000..2becc9f --- /dev/null +++ b/infra/platform/apps/base/ingress-application.yaml @@ -0,0 +1,26 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ingress-nginx + namespace: argocd + labels: + app.kubernetes.io/part-of: networking +spec: + project: platform + source: + repoURL: https://kubernetes.github.io/ingress-nginx + chart: ingress-nginx + targetRevision: 4.10.1 + helm: + releaseName: ingress-nginx + valueFiles: + - infra/platform/values/ingress/base.yaml + destination: + server: https://kubernetes.default.svc + namespace: ingress-nginx + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/infra/platform/apps/base/kustomization.yaml b/infra/platform/apps/base/kustomization.yaml new file mode 100644 index 0000000..f96cc27 --- /dev/null +++ b/infra/platform/apps/base/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - backstage-application.yaml + - vector-gateway-application.yaml + - ingress-application.yaml + - cert-manager-application.yaml + - external-secrets-application.yaml + - observability-application.yaml diff --git a/infra/platform/apps/base/observability-application.yaml b/infra/platform/apps/base/observability-application.yaml new file mode 100644 index 0000000..7e7179d --- /dev/null +++ b/infra/platform/apps/base/observability-application.yaml @@ -0,0 +1,23 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: observability-stack + namespace: argocd + labels: + app.kubernetes.io/part-of: observability +spec: + project: platform + source: + repoURL: https://github.com/justgithubaccount/app-release.git + targetRevision: main + path: infra/platform/observability/base + destination: + server: https://kubernetes.default.svc + namespace: argocd + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true diff --git a/infra/platform/apps/base/vector-gateway-application.yaml b/infra/platform/apps/base/vector-gateway-application.yaml new file mode 100644 index 0000000..6996a3e --- /dev/null +++ b/infra/platform/apps/base/vector-gateway-application.yaml @@ -0,0 +1,27 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: vector-gateway + namespace: argocd + labels: + app.kubernetes.io/part-of: observability +spec: + project: platform + source: + repoURL: https://helm.vector.dev + chart: vector + targetRevision: 0.44.0 + helm: + releaseName: vector-gateway + valueFiles: + - infra/platform/values/vector/base.yaml + destination: + server: https://kubernetes.default.svc + namespace: observability + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true diff --git a/infra/platform/apps/dev/kustomization.yaml b/infra/platform/apps/dev/kustomization.yaml new file mode 100644 index 0000000..d7c56a5 --- /dev/null +++ b/infra/platform/apps/dev/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +patchesStrategicMerge: + - patches/backstage-helm-values.yaml + - patches/vector-helm-values.yaml + - patches/ingress-helm-values.yaml + - patches/cert-manager-helm-values.yaml + - patches/external-secrets-helm-values.yaml + - patches/observability-source.yaml diff --git a/infra/platform/apps/dev/patches/backstage-helm-values.yaml b/infra/platform/apps/dev/patches/backstage-helm-values.yaml new file mode 100644 index 0000000..8a94650 --- /dev/null +++ b/infra/platform/apps/dev/patches/backstage-helm-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: backstage +spec: + source: + helm: + valueFiles: + - infra/platform/values/backstage/base.yaml + - infra/platform/values/backstage/dev.yaml diff --git a/infra/platform/apps/dev/patches/cert-manager-helm-values.yaml b/infra/platform/apps/dev/patches/cert-manager-helm-values.yaml new file mode 100644 index 0000000..52c728f --- /dev/null +++ b/infra/platform/apps/dev/patches/cert-manager-helm-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager +spec: + source: + helm: + valueFiles: + - infra/platform/values/cert-manager/base.yaml + - infra/platform/values/cert-manager/dev.yaml diff --git a/infra/platform/apps/dev/patches/external-secrets-helm-values.yaml b/infra/platform/apps/dev/patches/external-secrets-helm-values.yaml new file mode 100644 index 0000000..36e4267 --- /dev/null +++ b/infra/platform/apps/dev/patches/external-secrets-helm-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: external-secrets +spec: + source: + helm: + valueFiles: + - infra/platform/values/external-secrets/base.yaml + - infra/platform/values/external-secrets/dev.yaml diff --git a/infra/platform/apps/dev/patches/ingress-helm-values.yaml b/infra/platform/apps/dev/patches/ingress-helm-values.yaml new file mode 100644 index 0000000..767182d --- /dev/null +++ b/infra/platform/apps/dev/patches/ingress-helm-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ingress-nginx +spec: + source: + helm: + valueFiles: + - infra/platform/values/ingress/base.yaml + - infra/platform/values/ingress/dev.yaml diff --git a/infra/platform/apps/dev/patches/observability-source.yaml b/infra/platform/apps/dev/patches/observability-source.yaml new file mode 100644 index 0000000..6d27d2f --- /dev/null +++ b/infra/platform/apps/dev/patches/observability-source.yaml @@ -0,0 +1,7 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: observability-stack +spec: + source: + path: infra/platform/observability/dev diff --git a/infra/platform/apps/dev/patches/vector-helm-values.yaml b/infra/platform/apps/dev/patches/vector-helm-values.yaml new file mode 100644 index 0000000..26d34af --- /dev/null +++ b/infra/platform/apps/dev/patches/vector-helm-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: vector-gateway +spec: + source: + helm: + valueFiles: + - infra/platform/values/vector/base.yaml + - infra/platform/values/vector/dev.yaml diff --git a/infra/platform/apps/prd/kustomization.yaml b/infra/platform/apps/prd/kustomization.yaml new file mode 100644 index 0000000..d7c56a5 --- /dev/null +++ b/infra/platform/apps/prd/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +patchesStrategicMerge: + - patches/backstage-helm-values.yaml + - patches/vector-helm-values.yaml + - patches/ingress-helm-values.yaml + - patches/cert-manager-helm-values.yaml + - patches/external-secrets-helm-values.yaml + - patches/observability-source.yaml diff --git a/infra/platform/apps/prd/patches/backstage-helm-values.yaml b/infra/platform/apps/prd/patches/backstage-helm-values.yaml new file mode 100644 index 0000000..e006bc4 --- /dev/null +++ b/infra/platform/apps/prd/patches/backstage-helm-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: backstage +spec: + source: + helm: + valueFiles: + - infra/platform/values/backstage/base.yaml + - infra/platform/values/backstage/prd.yaml diff --git a/infra/platform/apps/prd/patches/cert-manager-helm-values.yaml b/infra/platform/apps/prd/patches/cert-manager-helm-values.yaml new file mode 100644 index 0000000..8a37262 --- /dev/null +++ b/infra/platform/apps/prd/patches/cert-manager-helm-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cert-manager +spec: + source: + helm: + valueFiles: + - infra/platform/values/cert-manager/base.yaml + - infra/platform/values/cert-manager/prd.yaml diff --git a/infra/platform/apps/prd/patches/external-secrets-helm-values.yaml b/infra/platform/apps/prd/patches/external-secrets-helm-values.yaml new file mode 100644 index 0000000..1f03753 --- /dev/null +++ b/infra/platform/apps/prd/patches/external-secrets-helm-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: external-secrets +spec: + source: + helm: + valueFiles: + - infra/platform/values/external-secrets/base.yaml + - infra/platform/values/external-secrets/prd.yaml diff --git a/infra/platform/apps/prd/patches/ingress-helm-values.yaml b/infra/platform/apps/prd/patches/ingress-helm-values.yaml new file mode 100644 index 0000000..26b7c4b --- /dev/null +++ b/infra/platform/apps/prd/patches/ingress-helm-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: ingress-nginx +spec: + source: + helm: + valueFiles: + - infra/platform/values/ingress/base.yaml + - infra/platform/values/ingress/prd.yaml diff --git a/infra/platform/apps/prd/patches/observability-source.yaml b/infra/platform/apps/prd/patches/observability-source.yaml new file mode 100644 index 0000000..e0b6e8a --- /dev/null +++ b/infra/platform/apps/prd/patches/observability-source.yaml @@ -0,0 +1,7 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: observability-stack +spec: + source: + path: infra/platform/observability/prd diff --git a/infra/platform/apps/prd/patches/vector-helm-values.yaml b/infra/platform/apps/prd/patches/vector-helm-values.yaml new file mode 100644 index 0000000..a48054c --- /dev/null +++ b/infra/platform/apps/prd/patches/vector-helm-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: vector-gateway +spec: + source: + helm: + valueFiles: + - infra/platform/values/vector/base.yaml + - infra/platform/values/vector/prd.yaml diff --git a/infra/platform/observability/base/grafana-application.yaml b/infra/platform/observability/base/grafana-application.yaml new file mode 100644 index 0000000..67042a7 --- /dev/null +++ b/infra/platform/observability/base/grafana-application.yaml @@ -0,0 +1,26 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: grafana + namespace: argocd + labels: + app.kubernetes.io/part-of: observability +spec: + project: platform + source: + repoURL: https://grafana.github.io/helm-charts + chart: grafana + targetRevision: 8.5.9 + helm: + releaseName: grafana + valueFiles: + - infra/platform/values/observability/grafana/base.yaml + destination: + server: https://kubernetes.default.svc + namespace: observability + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/infra/platform/observability/base/kustomization.yaml b/infra/platform/observability/base/kustomization.yaml new file mode 100644 index 0000000..8e99105 --- /dev/null +++ b/infra/platform/observability/base/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - grafana-application.yaml + - loki-application.yaml + - prometheus-application.yaml + - tempo-application.yaml diff --git a/infra/platform/observability/base/loki-application.yaml b/infra/platform/observability/base/loki-application.yaml new file mode 100644 index 0000000..969d8e5 --- /dev/null +++ b/infra/platform/observability/base/loki-application.yaml @@ -0,0 +1,26 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: loki + namespace: argocd + labels: + app.kubernetes.io/part-of: observability +spec: + project: platform + source: + repoURL: https://grafana.github.io/helm-charts + chart: loki + targetRevision: 5.39.0 + helm: + releaseName: loki + valueFiles: + - infra/platform/values/observability/loki/base.yaml + destination: + server: https://kubernetes.default.svc + namespace: observability + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/infra/platform/observability/base/prometheus-application.yaml b/infra/platform/observability/base/prometheus-application.yaml new file mode 100644 index 0000000..b0121d5 --- /dev/null +++ b/infra/platform/observability/base/prometheus-application.yaml @@ -0,0 +1,26 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kube-prometheus-stack + namespace: argocd + labels: + app.kubernetes.io/part-of: observability +spec: + project: platform + source: + repoURL: https://prometheus-community.github.io/helm-charts + chart: kube-prometheus-stack + targetRevision: 56.6.2 + helm: + releaseName: kube-prometheus-stack + valueFiles: + - infra/platform/values/observability/prometheus/base.yaml + destination: + server: https://kubernetes.default.svc + namespace: observability + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/infra/platform/observability/base/tempo-application.yaml b/infra/platform/observability/base/tempo-application.yaml new file mode 100644 index 0000000..192faf0 --- /dev/null +++ b/infra/platform/observability/base/tempo-application.yaml @@ -0,0 +1,26 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: tempo + namespace: argocd + labels: + app.kubernetes.io/part-of: observability +spec: + project: platform + source: + repoURL: https://grafana.github.io/helm-charts + chart: tempo-distributed + targetRevision: 1.12.1 + helm: + releaseName: tempo + valueFiles: + - infra/platform/values/observability/tempo/base.yaml + destination: + server: https://kubernetes.default.svc + namespace: observability + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true diff --git a/infra/platform/observability/dev/kustomization.yaml b/infra/platform/observability/dev/kustomization.yaml new file mode 100644 index 0000000..b2113fb --- /dev/null +++ b/infra/platform/observability/dev/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +patchesStrategicMerge: + - patches/grafana-values.yaml + - patches/loki-values.yaml + - patches/prometheus-values.yaml + - patches/tempo-values.yaml diff --git a/infra/platform/observability/dev/patches/grafana-values.yaml b/infra/platform/observability/dev/patches/grafana-values.yaml new file mode 100644 index 0000000..e3bf7cd --- /dev/null +++ b/infra/platform/observability/dev/patches/grafana-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: grafana +spec: + source: + helm: + valueFiles: + - infra/platform/values/observability/grafana/base.yaml + - infra/platform/values/observability/grafana/dev.yaml diff --git a/infra/platform/observability/dev/patches/loki-values.yaml b/infra/platform/observability/dev/patches/loki-values.yaml new file mode 100644 index 0000000..5bc8140 --- /dev/null +++ b/infra/platform/observability/dev/patches/loki-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: loki +spec: + source: + helm: + valueFiles: + - infra/platform/values/observability/loki/base.yaml + - infra/platform/values/observability/loki/dev.yaml diff --git a/infra/platform/observability/dev/patches/prometheus-values.yaml b/infra/platform/observability/dev/patches/prometheus-values.yaml new file mode 100644 index 0000000..ba101a1 --- /dev/null +++ b/infra/platform/observability/dev/patches/prometheus-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kube-prometheus-stack +spec: + source: + helm: + valueFiles: + - infra/platform/values/observability/prometheus/base.yaml + - infra/platform/values/observability/prometheus/dev.yaml diff --git a/infra/platform/observability/dev/patches/tempo-values.yaml b/infra/platform/observability/dev/patches/tempo-values.yaml new file mode 100644 index 0000000..e761c9f --- /dev/null +++ b/infra/platform/observability/dev/patches/tempo-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: tempo +spec: + source: + helm: + valueFiles: + - infra/platform/values/observability/tempo/base.yaml + - infra/platform/values/observability/tempo/dev.yaml diff --git a/infra/platform/observability/prd/kustomization.yaml b/infra/platform/observability/prd/kustomization.yaml new file mode 100644 index 0000000..b2113fb --- /dev/null +++ b/infra/platform/observability/prd/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ../base +patchesStrategicMerge: + - patches/grafana-values.yaml + - patches/loki-values.yaml + - patches/prometheus-values.yaml + - patches/tempo-values.yaml diff --git a/infra/platform/observability/prd/patches/grafana-values.yaml b/infra/platform/observability/prd/patches/grafana-values.yaml new file mode 100644 index 0000000..d27044f --- /dev/null +++ b/infra/platform/observability/prd/patches/grafana-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: grafana +spec: + source: + helm: + valueFiles: + - infra/platform/values/observability/grafana/base.yaml + - infra/platform/values/observability/grafana/prd.yaml diff --git a/infra/platform/observability/prd/patches/loki-values.yaml b/infra/platform/observability/prd/patches/loki-values.yaml new file mode 100644 index 0000000..89fdb7e --- /dev/null +++ b/infra/platform/observability/prd/patches/loki-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: loki +spec: + source: + helm: + valueFiles: + - infra/platform/values/observability/loki/base.yaml + - infra/platform/values/observability/loki/prd.yaml diff --git a/infra/platform/observability/prd/patches/prometheus-values.yaml b/infra/platform/observability/prd/patches/prometheus-values.yaml new file mode 100644 index 0000000..f5121b3 --- /dev/null +++ b/infra/platform/observability/prd/patches/prometheus-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: kube-prometheus-stack +spec: + source: + helm: + valueFiles: + - infra/platform/values/observability/prometheus/base.yaml + - infra/platform/values/observability/prometheus/prd.yaml diff --git a/infra/platform/observability/prd/patches/tempo-values.yaml b/infra/platform/observability/prd/patches/tempo-values.yaml new file mode 100644 index 0000000..28ad513 --- /dev/null +++ b/infra/platform/observability/prd/patches/tempo-values.yaml @@ -0,0 +1,10 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: tempo +spec: + source: + helm: + valueFiles: + - infra/platform/values/observability/tempo/base.yaml + - infra/platform/values/observability/tempo/prd.yaml diff --git a/infra/platform/values/backstage/base.yaml b/infra/platform/values/backstage/base.yaml new file mode 100644 index 0000000..c270f94 --- /dev/null +++ b/infra/platform/values/backstage/base.yaml @@ -0,0 +1,55 @@ +backstage: + appConfig: + app: + title: "Developer Portal" + backend: + baseUrl: https://backstage.example.com + cors: + origin: + - https://backstage.example.com + proxy: + "/grafana/api": + target: http://grafana.observability.svc.cluster.local + "/prometheus/api": + target: http://prometheus-k8s.observability.svc.cluster.local + "/tempo/api": + target: http://tempo-query.observability.svc.cluster.local + ingress: + enabled: true + host: backstage.example.com + tls: + enabled: true + dynamicPlugins: + enabled: true + plugins: + - name: "@backstage/plugin-kubernetes-backend" + - name: "@backstage/plugin-grafana-backend" + - name: "@backstage/plugin-prometheus-backend" + - name: "@backstage/plugin-jaeger-backend" + upstream: + metrics: + serviceMonitor: + enabled: true + path: /metrics + resources: + requests: + cpu: 250m + memory: 512Mi + limits: + cpu: 1 + memory: 2Gi + +postgresql: + enabled: false + +database: + external: + enabled: true + host: patroni-pgbouncer.db.svc.cluster.local + port: 5432 + database: backstage + user: backstage_user + +serviceAccount: + annotations: + eks.amazonaws.com/role-arn: "" diff --git a/infra/platform/values/backstage/dev.yaml b/infra/platform/values/backstage/dev.yaml new file mode 100644 index 0000000..f98b774 --- /dev/null +++ b/infra/platform/values/backstage/dev.yaml @@ -0,0 +1,14 @@ +backstage: + appConfig: + backend: + baseUrl: https://backstage.dev.example.com + cors: + origin: + - https://backstage.dev.example.com + app: + title: "Developer Portal (dev)" + ingress: + host: backstage.dev.example.com + extraEnvVars: + - name: NODE_ENV + value: development diff --git a/infra/platform/values/backstage/prd.yaml b/infra/platform/values/backstage/prd.yaml new file mode 100644 index 0000000..f78eedb --- /dev/null +++ b/infra/platform/values/backstage/prd.yaml @@ -0,0 +1,14 @@ +backstage: + appConfig: + backend: + baseUrl: https://backstage.prod.example.com + cors: + origin: + - https://backstage.prod.example.com + app: + title: "Developer Portal" + ingress: + host: backstage.prod.example.com + extraEnvVars: + - name: NODE_ENV + value: production diff --git a/infra/platform/values/cert-manager/base.yaml b/infra/platform/values/cert-manager/base.yaml new file mode 100644 index 0000000..ab3c467 --- /dev/null +++ b/infra/platform/values/cert-manager/base.yaml @@ -0,0 +1,7 @@ +installCRDs: true +prometheus: + enabled: true + servicemonitor: + enabled: true +webhook: + timeoutSeconds: 10 diff --git a/infra/platform/values/cert-manager/dev.yaml b/infra/platform/values/cert-manager/dev.yaml new file mode 100644 index 0000000..619dd56 --- /dev/null +++ b/infra/platform/values/cert-manager/dev.yaml @@ -0,0 +1,4 @@ +extraArgs: + - --cluster-resource-namespace=cert-manager + - --default-issuer-name=letsencrypt-staging + - --default-issuer-kind=ClusterIssuer diff --git a/infra/platform/values/cert-manager/prd.yaml b/infra/platform/values/cert-manager/prd.yaml new file mode 100644 index 0000000..b9248d8 --- /dev/null +++ b/infra/platform/values/cert-manager/prd.yaml @@ -0,0 +1,4 @@ +extraArgs: + - --cluster-resource-namespace=cert-manager + - --default-issuer-name=letsencrypt-production + - --default-issuer-kind=ClusterIssuer diff --git a/infra/platform/values/external-secrets/base.yaml b/infra/platform/values/external-secrets/base.yaml new file mode 100644 index 0000000..3ae3c17 --- /dev/null +++ b/infra/platform/values/external-secrets/base.yaml @@ -0,0 +1,9 @@ +installCRDs: true +leaderElect: true +serviceAccount: + create: true + name: external-secrets +metrics: + enabled: true + serviceMonitor: + enabled: true diff --git a/infra/platform/values/external-secrets/dev.yaml b/infra/platform/values/external-secrets/dev.yaml new file mode 100644 index 0000000..2a955da --- /dev/null +++ b/infra/platform/values/external-secrets/dev.yaml @@ -0,0 +1,4 @@ +config: + logLevel: debug + leaderElection: + namespace: external-secrets diff --git a/infra/platform/values/external-secrets/prd.yaml b/infra/platform/values/external-secrets/prd.yaml new file mode 100644 index 0000000..9f69803 --- /dev/null +++ b/infra/platform/values/external-secrets/prd.yaml @@ -0,0 +1,4 @@ +config: + logLevel: info + leaderElection: + namespace: external-secrets diff --git a/infra/platform/values/ingress/base.yaml b/infra/platform/values/ingress/base.yaml new file mode 100644 index 0000000..216bbac --- /dev/null +++ b/infra/platform/values/ingress/base.yaml @@ -0,0 +1,8 @@ +controller: + service: + annotations: + service.beta.kubernetes.io/aws-load-balancer-type: nlb + metrics: + enabled: true + serviceMonitor: + enabled: true diff --git a/infra/platform/values/ingress/dev.yaml b/infra/platform/values/ingress/dev.yaml new file mode 100644 index 0000000..6803652 --- /dev/null +++ b/infra/platform/values/ingress/dev.yaml @@ -0,0 +1,4 @@ +controller: + service: + annotations: + external-dns.alpha.kubernetes.io/hostname: dev.example.com diff --git a/infra/platform/values/ingress/prd.yaml b/infra/platform/values/ingress/prd.yaml new file mode 100644 index 0000000..a6e968d --- /dev/null +++ b/infra/platform/values/ingress/prd.yaml @@ -0,0 +1,4 @@ +controller: + service: + annotations: + external-dns.alpha.kubernetes.io/hostname: prod.example.com diff --git a/infra/platform/values/observability/grafana/base.yaml b/infra/platform/values/observability/grafana/base.yaml new file mode 100644 index 0000000..8434bb0 --- /dev/null +++ b/infra/platform/values/observability/grafana/base.yaml @@ -0,0 +1,24 @@ +adminPassword: admin +service: + type: ClusterIP +datasources: + datasources.yaml: + apiVersion: 1 + datasources: + - name: Loki + type: loki + access: proxy + url: http://loki-gateway.observability.svc.cluster.local:3100 + - name: Tempo + type: tempo + access: proxy + url: http://tempo-query.observability.svc.cluster.local + - name: Prometheus + type: prometheus + access: proxy + url: http://prometheus-k8s.observability.svc.cluster.local +sidecar: + dashboards: + enabled: true + provider: + foldersFromFilesStructure: true diff --git a/infra/platform/values/observability/grafana/dev.yaml b/infra/platform/values/observability/grafana/dev.yaml new file mode 100644 index 0000000..d2cafcb --- /dev/null +++ b/infra/platform/values/observability/grafana/dev.yaml @@ -0,0 +1,3 @@ +adminUser: admin +persistence: + enabled: false diff --git a/infra/platform/values/observability/grafana/prd.yaml b/infra/platform/values/observability/grafana/prd.yaml new file mode 100644 index 0000000..8c14280 --- /dev/null +++ b/infra/platform/values/observability/grafana/prd.yaml @@ -0,0 +1,4 @@ +adminUser: admin +persistence: + enabled: true + size: 10Gi diff --git a/infra/platform/values/observability/loki/base.yaml b/infra/platform/values/observability/loki/base.yaml new file mode 100644 index 0000000..f3206d6 --- /dev/null +++ b/infra/platform/values/observability/loki/base.yaml @@ -0,0 +1,15 @@ +loki: + auth_enabled: false + commonConfig: + replication_factor: 1 + storage: + type: filesystem +singleBinary: + replicas: 1 + resources: + requests: + cpu: 200m + memory: 512Mi + limits: + cpu: 1 + memory: 1Gi diff --git a/infra/platform/values/observability/loki/dev.yaml b/infra/platform/values/observability/loki/dev.yaml new file mode 100644 index 0000000..668bd58 --- /dev/null +++ b/infra/platform/values/observability/loki/dev.yaml @@ -0,0 +1,3 @@ +singleBinary: + persistence: + enabled: false diff --git a/infra/platform/values/observability/loki/prd.yaml b/infra/platform/values/observability/loki/prd.yaml new file mode 100644 index 0000000..593c865 --- /dev/null +++ b/infra/platform/values/observability/loki/prd.yaml @@ -0,0 +1,4 @@ +singleBinary: + persistence: + enabled: true + size: 50Gi diff --git a/infra/platform/values/observability/prometheus/base.yaml b/infra/platform/values/observability/prometheus/base.yaml new file mode 100644 index 0000000..482caaf --- /dev/null +++ b/infra/platform/values/observability/prometheus/base.yaml @@ -0,0 +1,7 @@ +alertmanager: + enabled: false +prometheus: + prometheusSpec: + serviceMonitorSelectorNilUsesHelmValues: false + podMonitorSelectorNilUsesHelmValues: false + scrapeInterval: 30s diff --git a/infra/platform/values/observability/prometheus/dev.yaml b/infra/platform/values/observability/prometheus/dev.yaml new file mode 100644 index 0000000..c9defa7 --- /dev/null +++ b/infra/platform/values/observability/prometheus/dev.yaml @@ -0,0 +1,3 @@ +prometheus: + prometheusSpec: + retention: 24h diff --git a/infra/platform/values/observability/prometheus/prd.yaml b/infra/platform/values/observability/prometheus/prd.yaml new file mode 100644 index 0000000..6b5c962 --- /dev/null +++ b/infra/platform/values/observability/prometheus/prd.yaml @@ -0,0 +1,3 @@ +prometheus: + prometheusSpec: + retention: 15d diff --git a/infra/platform/values/observability/tempo/base.yaml b/infra/platform/values/observability/tempo/base.yaml new file mode 100644 index 0000000..2ae9318 --- /dev/null +++ b/infra/platform/values/observability/tempo/base.yaml @@ -0,0 +1,13 @@ +tempo: + storage: + trace: + backend: filesystem + metricsGenerator: + enabled: true + resources: + requests: + cpu: 200m + memory: 512Mi + limits: + cpu: 1 + memory: 1Gi diff --git a/infra/platform/values/observability/tempo/dev.yaml b/infra/platform/values/observability/tempo/dev.yaml new file mode 100644 index 0000000..73040c1 --- /dev/null +++ b/infra/platform/values/observability/tempo/dev.yaml @@ -0,0 +1,4 @@ +tempo: + metricsGenerator: + storage: + path: /var/tempo/wal-dev diff --git a/infra/platform/values/observability/tempo/prd.yaml b/infra/platform/values/observability/tempo/prd.yaml new file mode 100644 index 0000000..de1715f --- /dev/null +++ b/infra/platform/values/observability/tempo/prd.yaml @@ -0,0 +1,4 @@ +tempo: + metricsGenerator: + storage: + path: /var/tempo/wal-prd diff --git a/infra/platform/values/vector/base.yaml b/infra/platform/values/vector/base.yaml new file mode 100644 index 0000000..f49f79b --- /dev/null +++ b/infra/platform/values/vector/base.yaml @@ -0,0 +1,44 @@ +role: Aggregator +service: + enabled: true + type: ClusterIP + ports: + - name: otlp-http + port: 4318 +customConfig: + data_dir: /vector-data + sources: + otlp_http: + type: otlp + protocol: + http: + listen_address: 0.0.0.0:4318 + transforms: + normalize: + type: remap + inputs: + - otlp_http + source: | + .service_name = coalesce!(.resource["service.name"], .service_name) + .namespace = .resource["k8s.namespace.name"] ?? .kubernetes.namespace_name + sinks: + loki: + type: loki + inputs: + - normalize + endpoint: http://loki-gateway.observability.svc.cluster.local:3100 + encoding: + codec: json + labels: + service_name: "{{ service_name }}" + namespace: "{{ namespace }}" + tempo: + type: opentelemetry + inputs: + - normalize + endpoint: http://tempo-distributor.observability.svc.cluster.local:4318/v1/traces + metrics: + type: prometheus_exporter + inputs: + - normalize + address: 0.0.0.0:9100 diff --git a/infra/platform/values/vector/dev.yaml b/infra/platform/values/vector/dev.yaml new file mode 100644 index 0000000..c2573cb --- /dev/null +++ b/infra/platform/values/vector/dev.yaml @@ -0,0 +1,7 @@ +podLabels: + platform.argoproj.io/environment: dev +customConfig: + sinks: + loki: + labels: + environment: dev diff --git a/infra/platform/values/vector/prd.yaml b/infra/platform/values/vector/prd.yaml new file mode 100644 index 0000000..e479381 --- /dev/null +++ b/infra/platform/values/vector/prd.yaml @@ -0,0 +1,7 @@ +podLabels: + platform.argoproj.io/environment: prd +customConfig: + sinks: + loki: + labels: + environment: prd diff --git a/infra/projects/argocd-project-apps.yaml b/infra/projects/argocd-project-apps.yaml new file mode 100644 index 0000000..0bf4809 --- /dev/null +++ b/infra/projects/argocd-project-apps.yaml @@ -0,0 +1,15 @@ +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: apps + namespace: argocd +spec: + description: Business and product application workloads + sourceRepos: + - https://github.com/justgithubaccount/app-release.git + destinations: + - namespace: "*" + server: https://kubernetes.default.svc + namespaceResourceWhitelist: + - group: "*" + kind: "*" diff --git a/infra/projects/argocd-project-platform.yaml b/infra/projects/argocd-project-platform.yaml new file mode 100644 index 0000000..3637c9a --- /dev/null +++ b/infra/projects/argocd-project-platform.yaml @@ -0,0 +1,34 @@ +apiVersion: argoproj.io/v1alpha1 +kind: AppProject +metadata: + name: platform + namespace: argocd +spec: + description: Platform components managed through GitOps + sourceRepos: + - https://github.com/justgithubaccount/app-release.git + - https://redhat-developer.github.io/rhdh-chart + - https://charts.external-secrets.io + - https://helm.vector.dev + - https://kubernetes.github.io/ingress-nginx + - https://charts.jetstack.io + - https://grafana.github.io/helm-charts + destinations: + - namespace: argocd + server: https://kubernetes.default.svc + - namespace: backstage + server: https://kubernetes.default.svc + - namespace: observability + server: https://kubernetes.default.svc + - namespace: ingress-nginx + server: https://kubernetes.default.svc + - namespace: cert-manager + server: https://kubernetes.default.svc + - namespace: external-secrets + server: https://kubernetes.default.svc + clusterResourceWhitelist: + - group: "*" + kind: "*" + namespaceResourceWhitelist: + - group: "*" + kind: "*" diff --git a/infra/roles/role-prd-enviroment.yaml b/infra/roles/role-prd-enviroment.yaml deleted file mode 100644 index eed45c3..0000000 --- a/infra/roles/role-prd-enviroment.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# apiVersion: argoproj.io/v1alpha1 -# kind: Application -# metadata: -# name: prd-app # любое уникальное имя -# namespace: argocd -# labels: -# tier: argocd -# finalizers: -# - resources-finalizer.argocd.argoproj.io -# spec: -# destination: -# name: prd # <= имя prd-кластера в Argo CD -# namespace: argocd -# project: default -# source: -# repoURL: https://github.com/justgithubaccount/app-release.git -# path: infra/clusters/prd # overlay-директория этого кластера -# targetRevision: main -# syncPolicy: -# automated: -# allowEmpty: true -# selfHeal: true -# prune: true -# syncOptions: -# - Validate=true -# - CreateNamespace=true -# - PruneLast=true