stackops/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3 Commits 1 Branch 0 Tags
98c881aaa577fb810242d8927c40dd79e631ea8a
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
stackops 98c881aaa5 add README with architecture docs
2026-04-09 13:35:42 +03:00
00-dns
add infrastructure manifests
2026-04-09 13:26:46 +03:00
01-k3s
add infrastructure manifests
2026-04-09 13:26:46 +03:00
02-core
add infrastructure manifests
2026-04-09 13:26:46 +03:00
04-gitea
add infrastructure manifests
2026-04-09 13:26:46 +03:00
05-monitoring
add infrastructure manifests
2026-04-09 13:26:46 +03:00
06-stackops
add infrastructure manifests
2026-04-09 13:26:46 +03:00
07-test-app
add infrastructure manifests
2026-04-09 13:26:46 +03:00
Makefile
add infrastructure manifests
2026-04-09 13:26:46 +03:00
README.md
add README with architecture docs
2026-04-09 13:35:42 +03:00

README.md

StackOps Infrastructure

Architecture

                         ┌─────────────────────────────────────┐
                         │         Cloudflare DNS              │
                         │  nodeup.ru → 82.114.226.118         │
                         │  *.app.nodeup.ru (wildcard)         │
                         └──────────────┬──────────────────────┘
                                        │
                                        ▼
                    ┌───────────────────────────────────────────┐
                    │          VPS 82.114.226.118               │
                    │          Debian 13, 6 CPU, 6GB RAM        │
                    │                                           │
                    │  ┌─────────────────────────────────────┐  │
                    │  │           k3s v1.34.6               │  │
                    │  │         (traefik disabled)           │  │
                    │  │                                      │  │
                    │  │  ┌────────────────────────────────┐  │  │
                    │  │  │      ingress-nginx (DaemonSet) │  │  │
                    │  │  │      ports 80/443 via ServiceLB│  │  │
                    │  │  └──────────┬─────────────────────┘  │  │
                    │  │             │                         │  │
                    │  │  ┌──────────▼─────────────────────┐  │  │
                    │  │  │    cert-manager (HTTP-01)       │  │  │
                    │  │  │    ClusterIssuer: letsencrypt   │  │  │
                    │  │  └────────────────────────────────┘  │  │
                    │  │                                      │  │
                    │  │  ┌─── Namespaces ──────────────────┐ │  │
                    │  │  │                                  │ │  │
                    │  │  │  stackops/                       │ │  │
                    │  │  │    stackops-api (Go + React UI)  │ │  │
                    │  │  │    SQLite PVC, ClusterRole RBAC  │ │  │
                    │  │  │    → app.nodeup.ru               │ │  │
                    │  │  │                                  │ │  │
                    │  │  │  gitea/                          │ │  │
                    │  │  │    Gitea (SQLite + Valkey)       │ │  │
                    │  │  │    → git.nodeup.ru               │ │  │
                    │  │  │                                  │ │  │
                    │  │  │  monitoring/                     │ │  │
                    │  │  │    Prometheus (20Gi PV)          │ │  │
                    │  │  │    Grafana → grafana.nodeup.ru   │ │  │
                    │  │  │    Loki + Promtail (10Gi PV)     │ │  │
                    │  │  │                                  │ │  │
                    │  │  │  vela-system/                    │ │  │
                    │  │  │    KubeVela (OAM engine)         │ │  │
                    │  │  │                                  │ │  │
                    │  │  │  cnpg-system/                    │ │  │
                    │  │  │    CloudNativePG operator        │ │  │
                    │  │  │                                  │ │  │
                    │  │  │  redis-operator/                 │ │  │
                    │  │  │    OT Systems Redis operator     │ │  │
                    │  │  │                                  │ │  │
                    │  │  │  whoami/ (test app)              │ │  │
                    │  │  │    whoami + PostgreSQL (PV)      │ │  │
                    │  │  │    → whoami.app.nodeup.ru        │ │  │
                    │  │  │                                  │ │  │
                    │  │  └──────────────────────────────────┘ │  │
                    │  └─────────────────────────────────────┘  │
                    └───────────────────────────────────────────┘

Domains

Domain Service TLS
app.nodeup.ru StackOps API + UI Let's Encrypt
git.nodeup.ru Gitea Let's Encrypt
grafana.nodeup.ru Grafana Let's Encrypt
prom.nodeup.ru Prometheus (reserved)
*.app.nodeup.ru User apps (wildcard) Let's Encrypt per-app

Deploy Flow

Developer writes stackfile.toml
        │
        ▼
StackOps API (app.nodeup.ru)
        │
        ├── git clone → reads stackfile.toml + commit SHA
        │
        ├── toml-converter → KubeVela Application YAML
        │
        ├── kubectl apply -n <namespace>
        │
        └── KubeVela orchestrates:
              1. CloudNativePG → PostgreSQL cluster + secrets
              2. Redis operator → Redis instance
              3. webservice → Deployment + Service
              4. gateway trait → Ingress (nginx + cert-manager TLS)

Components

Component Version Namespace Purpose
k3s v1.34.6 Kubernetes distribution
nginx-ingress 4.15.1 ingress-nginx Ingress controller
cert-manager v1.20.1 cert-manager TLS certificates (HTTP-01)
KubeVela 1.10.8 vela-system OAM application engine
CloudNativePG 1.23.0 cnpg-system PostgreSQL operator
Redis operator 0.24.0 redis-operator Redis operator
Gitea 1.25.4 gitea Git hosting
Prometheus v0.90.1 monitoring Metrics
Grafana (bundled) monitoring Dashboards
Loki v2.9.3 monitoring Log aggregation
Promtail (bundled) monitoring Log shipping

Credentials

Service Login Password
Gitea stackops stackops-admin-2026
Grafana admin stackops-grafana-2026
StackOps API token dev-secret-token

Kubeconfig

export KUBECONFIG=~/.kube/config-nodeup
# or
export KUBECONFIG=infra/kubeconfig.yaml

Note: kubeconfig.yaml is in .gitignore — it contains the cluster admin token. Copy it manually from ~/.kube/config-nodeup.

Gitea Repositories

Repo URL Content
stackops/infra https://git.nodeup.ru/stackops/infra This repo — IaC manifests
stackops/stackops https://git.nodeup.ru/stackops/stackops Application source code

Reproduce from Scratch

# 0. DNS
bash 00-dns/cloudflare-records.sh

# 1. k3s
bash 01-k3s/install.sh

# 2. Core (nginx-ingress + cert-manager + ClusterIssuer)
make core

# 3. KubeVela + operators + ComponentDefinitions
make kubevela

# 4. Gitea
make gitea

# 5. Monitoring (Prometheus + Grafana + Loki)
make monitoring

# 6. StackOps app
make stackops

# 7. Test app
make test-app

Or all at once: make all (sequential).

Directory Structure

infra/
├── README.md
├── Makefile                        # Top-level automation
├── 00-dns/
│   └── cloudflare-records.sh       # DNS A records via CF API
├── 01-k3s/
│   └── install.sh                  # k3s install + kubeconfig
├── 02-core/
│   └── clusterissuer.yaml          # cert-manager ClusterIssuer (HTTP-01)
├── 03-kubevela/                    # (manifests in ../kubevela/components/)
├── 04-gitea/
│   └── values.yaml                 # Gitea helm values
├── 05-monitoring/
│   ├── values-prometheus.yaml      # kube-prometheus-stack values
│   └── values-loki.yaml            # loki-stack values
├── 06-stackops/
│   ├── rbac.yaml                   # Namespace, SA, ClusterRole, PVC
│   └── deployment.yaml             # Deployment, Service, Ingress
└── 07-test-app/
    └── stackfile.toml              # whoami test app stackfile
Reference in New Issue View Git Blame Copy Permalink
Description
StackOps infrastructure as code
Readme 51 KiB
Languages
Makefile 70.8%
Shell 29.2%