Add new infra architecture 5
This commit is contained in:
Urtzi Alfaro
@@ -433,6 +433,45 @@ microk8s enable prometheus
|
||||
microk8s enable registry
|
||||
```
|
||||
|
||||
### Step 3: Enhanced Infrastructure Components
|
||||
|
||||
**The platform includes additional infrastructure components that enhance security, monitoring, and operations:**
|
||||
|
||||
```bash
|
||||
# The platform includes Mailu for email services
|
||||
# Deploy Mailu via Helm (optional but recommended for production):
|
||||
kubectl create namespace bakery-ia --dry-run=client -o yaml | kubectl apply -f -
|
||||
helm repo add mailu https://mailu.github.io/helm-charts
|
||||
helm repo update
|
||||
helm install mailu mailu/mailu \
|
||||
-n bakery-ia \
|
||||
-f infrastructure/platform/mail/mailu-helm/values.yaml \
|
||||
--timeout 10m \
|
||||
--wait
|
||||
|
||||
# Verify Mailu deployment
|
||||
kubectl get pods -n bakery-ia | grep mailu
|
||||
```
|
||||
|
||||
**For development environments, ensure the prepull-base-images script is run:**
|
||||
```bash
|
||||
# On your local machine, run the prepull script to cache base images
|
||||
cd bakery-ia
|
||||
chmod +x scripts/prepull-base-images.sh
|
||||
./scripts/prepull-base-images.sh
|
||||
```
|
||||
|
||||
**For production environments, ensure CI/CD infrastructure is properly configured:**
|
||||
```bash
|
||||
# Tekton Pipelines for CI/CD (optional - can be deployed separately)
|
||||
kubectl create namespace tekton-pipelines
|
||||
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
|
||||
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
|
||||
|
||||
# Flux CD for GitOps (already enabled in MicroK8s if needed)
|
||||
# flux install --namespace=flux-system --network-policy=false
|
||||
```
|
||||
|
||||
### Step 3: Configure Firewall
|
||||
|
||||
```bash
|
||||
@@ -917,7 +956,34 @@ echo -n "your-value-here" | base64
|
||||
|
||||
**CRITICAL:** Never commit real secrets to git! The secrets.yaml file should be in `.gitignore`.
|
||||
|
||||
### Step 2: Apply Application Secrets
|
||||
### Step 2: CI/CD Secrets Configuration
|
||||
|
||||
**For production CI/CD setup, additional secrets are required:**
|
||||
|
||||
```bash
|
||||
# Create Docker Hub credentials secret (for image pulls)
|
||||
kubectl create secret docker-registry dockerhub-creds \
|
||||
--docker-server=docker.io \
|
||||
--docker-username=YOUR_DOCKERHUB_USERNAME \
|
||||
--docker-password=YOUR_DOCKERHUB_TOKEN \
|
||||
--docker-email=your-email@example.com \
|
||||
-n bakery-ia
|
||||
|
||||
# Create Gitea registry credentials (if using Gitea for CI/CD)
|
||||
kubectl create secret docker-registry gitea-registry-credentials \
|
||||
-n tekton-pipelines \
|
||||
--docker-server=gitea.bakery-ia.local:5000 \
|
||||
--docker-username=your-username \
|
||||
--docker-password=your-password
|
||||
|
||||
# Create Git credentials for Flux (if using GitOps)
|
||||
kubectl create secret generic gitea-credentials \
|
||||
-n flux-system \
|
||||
--from-literal=username=your-username \
|
||||
--from-literal=password=your-password
|
||||
```
|
||||
|
||||
### Step 3: Apply Application Secrets
|
||||
|
||||
```bash
|
||||
# Copy manifests to VPS (from local machine)
|
||||
@@ -938,7 +1004,30 @@ kubectl get secrets -n bakery-ia
|
||||
|
||||
## Database Migrations
|
||||
|
||||
### Step 0: Deploy SigNoz Monitoring (BEFORE Application)
|
||||
### Step 0: Deploy CI/CD Infrastructure (Optional but Recommended)
|
||||
|
||||
**For production environments, deploy CI/CD infrastructure components:**
|
||||
|
||||
```bash
|
||||
# Deploy Tekton Pipelines for CI/CD (optional but recommended for production)
|
||||
kubectl create namespace tekton-pipelines
|
||||
|
||||
# Install Tekton Pipelines
|
||||
kubectl apply -f https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
|
||||
|
||||
# Install Tekton Triggers
|
||||
kubectl apply -f https://storage.googleapis.com/tekton-releases/triggers/latest/release.yaml
|
||||
|
||||
# Apply Tekton configurations
|
||||
kubectl apply -f ~/infrastructure/cicd/tekton/tasks/
|
||||
kubectl apply -f ~/infrastructure/cicd/tekton/pipelines/
|
||||
kubectl apply -f ~/infrastructure/cicd/tekton/triggers/
|
||||
|
||||
# Verify Tekton deployment
|
||||
kubectl get pods -n tekton-pipelines
|
||||
```
|
||||
|
||||
### Step 1: Deploy SigNoz Monitoring (BEFORE Application)
|
||||
|
||||
**⚠️ CRITICAL:** SigNoz must be deployed BEFORE the application into the **bakery-ia namespace** because the production kustomization patches SigNoz resources.
|
||||
|
||||
@@ -975,7 +1064,7 @@ kubectl get statefulset -n bakery-ia | grep signoz
|
||||
|
||||
**⚠️ Important:** Do NOT create a separate `signoz` namespace. SigNoz must be in `bakery-ia` namespace for the overlays to work correctly.
|
||||
|
||||
### Step 1: Deploy Application and Databases
|
||||
### Step 2: Deploy Application and Databases
|
||||
|
||||
```bash
|
||||
# On VPS
|
||||
@@ -1271,6 +1360,88 @@ kubectl logs -n bakery-ia deployment/signoz-otel-collector --tail=50 | grep -i "
|
||||
kubectl logs -n bakery-ia deployment/signoz-otel-collector | grep filelog
|
||||
```
|
||||
|
||||
### Step 2: Configure CI/CD Infrastructure (Optional but Recommended)
|
||||
|
||||
If you deployed the CI/CD infrastructure, configure it for your workflow:
|
||||
|
||||
#### Gitea Setup (Git Server + Registry)
|
||||
```bash
|
||||
# Access Gitea at: http://gitea.bakery-ia.local (for dev) or http://gitea.bakewise.ai (for prod)
|
||||
# Make sure to add the appropriate hostname to /etc/hosts or configure DNS
|
||||
|
||||
# Create your repositories for each service
|
||||
# Configure webhook to trigger Tekton pipelines
|
||||
```
|
||||
|
||||
#### Tekton Pipeline Configuration
|
||||
```bash
|
||||
# Verify Tekton pipelines are running
|
||||
kubectl get pods -n tekton-pipelines
|
||||
|
||||
# Create a PipelineRun manually to test:
|
||||
kubectl create -f - <<EOF
|
||||
apiVersion: tekton.dev/v1beta1
|
||||
kind: PipelineRun
|
||||
metadata:
|
||||
name: manual-ci-run
|
||||
namespace: tekton-pipelines
|
||||
spec:
|
||||
pipelineRef:
|
||||
name: bakery-ia-ci
|
||||
workspaces:
|
||||
- name: shared-workspace
|
||||
volumeClaimTemplate:
|
||||
spec:
|
||||
accessModes: ["ReadWriteOnce"]
|
||||
resources:
|
||||
requests:
|
||||
storage: 5Gi
|
||||
- name: docker-credentials
|
||||
secret:
|
||||
secretName: gitea-registry-credentials
|
||||
params:
|
||||
- name: git-url
|
||||
value: "http://gitea.bakery-ia.local/bakery/bakery-ia.git"
|
||||
- name: git-revision
|
||||
value: "main"
|
||||
EOF
|
||||
```
|
||||
|
||||
#### Flux CD Configuration (GitOps)
|
||||
```bash
|
||||
# Verify Flux is running
|
||||
kubectl get pods -n flux-system
|
||||
|
||||
# Set up GitRepository and Kustomization resources for GitOps deployment
|
||||
# Example:
|
||||
cat <<EOF | kubectl apply -f -
|
||||
apiVersion: source.toolkit.fluxcd.io/v1
|
||||
kind: GitRepository
|
||||
metadata:
|
||||
name: bakery-ia
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 1m
|
||||
url: https://github.com/your-org/bakery-ia.git
|
||||
ref:
|
||||
branch: main
|
||||
---
|
||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
||||
kind: Kustomization
|
||||
metadata:
|
||||
name: bakery-ia
|
||||
namespace: flux-system
|
||||
spec:
|
||||
interval: 5m
|
||||
sourceRef:
|
||||
kind: GitRepository
|
||||
name: bakery-ia
|
||||
path: ./infrastructure/environments/prod/k8s-manifests
|
||||
prune: true
|
||||
validation: client
|
||||
EOF
|
||||
```
|
||||
|
||||
### Step 2: Configure Alerting
|
||||
|
||||
SigNoz includes integrated alerting with AlertManager. Configure it for your team:
|
||||
|
||||
Reference in New Issue
Block a user