stackops/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1e8bd10280b36051e0fda74fc946c828e0d93ada
infra/README.md
stackops 98c881aaa5 add README with architecture docs
2026-04-09 13:35:42 +03:00

191 lines
8.9 KiB
Markdown
Raw Blame History

# StackOps Infrastructure
## Architecture
```
┌─────────────────────────────────────┐
│ Cloudflare DNS │
│ nodeup.ru → 82.114.226.118 │
│ *.app.nodeup.ru (wildcard) │
└──────────────┬──────────────────────┘
┌───────────────────────────────────────────┐
│ VPS 82.114.226.118 │
│ Debian 13, 6 CPU, 6GB RAM │
│ │
│ ┌─────────────────────────────────────┐ │
│ │ k3s v1.34.6 │ │
│ │ (traefik disabled) │ │
│ │ │ │
│ │ ┌────────────────────────────────┐ │ │
│ │ │ ingress-nginx (DaemonSet) │ │ │
│ │ │ ports 80/443 via ServiceLB│ │ │
│ │ └──────────┬─────────────────────┘ │ │
│ │ │ │ │
│ │ ┌──────────▼─────────────────────┐ │ │
│ │ │ cert-manager (HTTP-01) │ │ │
│ │ │ ClusterIssuer: letsencrypt │ │ │
│ │ └────────────────────────────────┘ │ │
│ │ │ │
│ │ ┌─── Namespaces ──────────────────┐ │ │
│ │ │ │ │ │
│ │ │ stackops/ │ │ │
│ │ │ stackops-api (Go + React UI) │ │ │
│ │ │ SQLite PVC, ClusterRole RBAC │ │ │
│ │ │ → app.nodeup.ru │ │ │
│ │ │ │ │ │
│ │ │ gitea/ │ │ │
│ │ │ Gitea (SQLite + Valkey) │ │ │
│ │ │ → git.nodeup.ru │ │ │
│ │ │ │ │ │
│ │ │ monitoring/ │ │ │
│ │ │ Prometheus (20Gi PV) │ │ │
│ │ │ Grafana → grafana.nodeup.ru │ │ │
│ │ │ Loki + Promtail (10Gi PV) │ │ │
│ │ │ │ │ │
│ │ │ vela-system/ │ │ │
│ │ │ KubeVela (OAM engine) │ │ │
│ │ │ │ │ │
│ │ │ cnpg-system/ │ │ │
│ │ │ CloudNativePG operator │ │ │
│ │ │ │ │ │
│ │ │ redis-operator/ │ │ │
│ │ │ OT Systems Redis operator │ │ │
│ │ │ │ │ │
│ │ │ whoami/ (test app) │ │ │
│ │ │ whoami + PostgreSQL (PV) │ │ │
│ │ │ → whoami.app.nodeup.ru │ │ │
│ │ │ │ │ │
│ │ └──────────────────────────────────┘ │ │
│ └─────────────────────────────────────┘ │
└───────────────────────────────────────────┘
```
## Domains
| Domain | Service | TLS |
|--------|---------|-----|
| `app.nodeup.ru` | StackOps API + UI | Let's Encrypt |
| `git.nodeup.ru` | Gitea | Let's Encrypt |
| `grafana.nodeup.ru` | Grafana | Let's Encrypt |
| `prom.nodeup.ru` | Prometheus (reserved) | — |
| `*.app.nodeup.ru` | User apps (wildcard) | Let's Encrypt per-app |
## Deploy Flow
```
Developer writes stackfile.toml
StackOps API (app.nodeup.ru)
├── git clone → reads stackfile.toml + commit SHA
├── toml-converter → KubeVela Application YAML
├── kubectl apply -n <namespace>
└── KubeVela orchestrates:
1. CloudNativePG → PostgreSQL cluster + secrets
2. Redis operator → Redis instance
3. webservice → Deployment + Service
4. gateway trait → Ingress (nginx + cert-manager TLS)
```
## Components
| Component | Version | Namespace | Purpose |
|-----------|---------|-----------|---------|
| k3s | v1.34.6 | — | Kubernetes distribution |
| nginx-ingress | 4.15.1 | ingress-nginx | Ingress controller |
| cert-manager | v1.20.1 | cert-manager | TLS certificates (HTTP-01) |
| KubeVela | 1.10.8 | vela-system | OAM application engine |
| CloudNativePG | 1.23.0 | cnpg-system | PostgreSQL operator |
| Redis operator | 0.24.0 | redis-operator | Redis operator |
| Gitea | 1.25.4 | gitea | Git hosting |
| Prometheus | v0.90.1 | monitoring | Metrics |
| Grafana | (bundled) | monitoring | Dashboards |
| Loki | v2.9.3 | monitoring | Log aggregation |
| Promtail | (bundled) | monitoring | Log shipping |
## Credentials
| Service | Login | Password |
|---------|-------|----------|
| Gitea | `stackops` | `stackops-admin-2026` |
| Grafana | `admin` | `stackops-grafana-2026` |
| StackOps API | token | `dev-secret-token` |
## Kubeconfig
```bash
export KUBECONFIG=~/.kube/config-nodeup
# or
export KUBECONFIG=infra/kubeconfig.yaml
```
**Note:** `kubeconfig.yaml` is in `.gitignore` — it contains the cluster admin token. Copy it manually from `~/.kube/config-nodeup`.
## Gitea Repositories
| Repo | URL | Content |
|------|-----|---------|
| `stackops/infra` | https://git.nodeup.ru/stackops/infra | This repo — IaC manifests |
| `stackops/stackops` | https://git.nodeup.ru/stackops/stackops | Application source code |
## Reproduce from Scratch
```bash
# 0. DNS
bash 00-dns/cloudflare-records.sh
# 1. k3s
bash 01-k3s/install.sh
# 2. Core (nginx-ingress + cert-manager + ClusterIssuer)
make core
# 3. KubeVela + operators + ComponentDefinitions
make kubevela
# 4. Gitea
make gitea
# 5. Monitoring (Prometheus + Grafana + Loki)
make monitoring
# 6. StackOps app
make stackops
# 7. Test app
make test-app
```
Or all at once: `make all` (sequential).
## Directory Structure
```
infra/
├── README.md
├── Makefile # Top-level automation
├── 00-dns/
│ └── cloudflare-records.sh # DNS A records via CF API
├── 01-k3s/
│ └── install.sh # k3s install + kubeconfig
├── 02-core/
│ └── clusterissuer.yaml # cert-manager ClusterIssuer (HTTP-01)
├── 03-kubevela/ # (manifests in ../kubevela/components/)
├── 04-gitea/
│ └── values.yaml # Gitea helm values
├── 05-monitoring/
│ ├── values-prometheus.yaml # kube-prometheus-stack values
│ └── values-loki.yaml # loki-stack values
├── 06-stackops/
│ ├── rbac.yaml # Namespace, SA, ClusterRole, PVC
│ └── deployment.yaml # Deployment, Service, Ingress
└── 07-test-app/
└── stackfile.toml # whoami test app stackfile
```
Reference in New Issue View Git Blame Copy Permalink