new structure

2026-05-03 07:47:45 +02:00
parent 4660c716ab
commit bb1cd2a526
24 changed files with 319 additions and 239 deletions
--- a/argocd/applications/cnpg-setup.yaml
+++ b/argocd/applications/cnpg-setup.yaml
@@ -0,0 +1,43 @@
+# 1. App für den CloudNativePG Operator
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cnpg-operator
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://cloudnative-pg.github.io/charts
+    chart: cloudnative-pg
+    targetRevision: 0.22.0 # Bitte auf aktuelle Version prüfen
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: cnpg-system
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeel: true
+    syncOptions:
+    - CreateNamespace=true
+---
+# 2. App für deine TimescaleDB (über CNPG)
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: timescale-db
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: 'https://gitea.vhn-demo.duckdns.org/hoang/strimzi.git'
+    path: k8s/base/database
+    targetRevision: main
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: database
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeel: true
+    syncOptions:
+    - CreateNamespace=true
--- a/argocd/applications/minio.yaml
+++ b/argocd/applications/minio.yaml
@@ -0,0 +1,30 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: minio
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://charts.min.io/
+    chart: minio
+    targetRevision: 5.3.0
+    helm:
+      values: |
+        buckets:
+          - name: backups
+            policy: none
+            purge: false
+        rootUser: admin
+        rootPassword: password123 # ÄNDERE DAS SOFORT IN PRODUKTION (via Secret)
+        persistence:
+          size: 100Gi
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: minio-system
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeel: true
+    syncOptions:
+    - CreateNamespace=true
--- a/argocd/applications/monitoring.yaml
+++ b/argocd/applications/monitoring.yaml
@@ -0,0 +1,53 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: monitoring
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://prometheus-community.github.io/helm-charts
+    chart: kube-prometheus-stack
+    targetRevision: 58.0.0
+    helm:
+      values: |
+        alertmanager:
+          config:
+            global:
+              smtp_smarthost: 'smtp.dein-provider.de:587'
+              smtp_from: 'alertmanager@dein-cluster.de'
+              smtp_auth_username: 'dein-user'
+              smtp_auth_password_file: '/etc/alertmanager/secrets/smtp_password'
+            receivers:
+            - name: 'teams-channel'
+              webhook_configs:
+              - url: 'https://webhook.office.com/webhookb2/...'
+            - name: 'email-admin'
+              email_configs:
+              - to: 'admin@example.com'
+                send_resolved: true
+            - name: 'sms-service'
+              webhook_configs:
+              - url: 'https://api.twilio.com/...'
+                http_config:
+                  basic_auth:
+                    username: 'AC_SID'
+                    password_file: '/etc/alertmanager/secrets/twilio_token'
+            route:
+              receiver: 'teams-channel'
+              routes:
+              - receiver: 'email-admin'
+                match:
+                  severity: critical
+        alertmanagerSpec:
+          secrets:
+          - alertmanager-secrets
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: monitoring
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeel: true
+    syncOptions:
+    - CreateNamespace=true
--- a/argocd/applications/postgresql.yaml
+++ b/argocd/applications/postgresql.yaml
@@ -0,0 +1,38 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: timescaledb
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://charts.timescale.com
+    chart: timescale-single
+    targetRevision: 0.17.0
+    helm:
+      values: |
+        replicaCount: 1
+        persistence:
+          enabled: true
+          size: 50Gi
+        metrics:
+          enabled: true
+          serviceMonitor:
+            enabled: true
+            labels:
+              release: kube-prometheus-stack
+        podLabels:
+          logging: "true"
+        podAnnotations:
+          promtail.loki/scrape: "true"
+          promtail.loki/stream: "postgresql"
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: database
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeel: true
+    syncOptions:
+    - CreateNamespace=true
+
--- a/argocd/root-appset.yaml
+++ b/argocd/root-appset.yaml
@@ -0,0 +1,39 @@
+apiVersion: argoproj.io/v1alpha1
+kind: ApplicationSet
+metadata:
+  name: strimzi-apps
+  namespace: argocd
+spec:
+  generators:
+  - git:
+      repoURL: 'https://gitea.vhn-demo.duckdns.org/hoang/strimzi.git'
+      revision: main
+      directories:
+      - path: k8s/overlays/*
+  template:
+    metadata:
+      name: 'kafka-{{path.basename}}'
+    spec:
+      project: default
+      source:
+        repoURL: 'https://gitea.vhn-demo.duckdns.org/hoang/strimzi.git'
+        targetRevision: main
+        path: '{{path}}'
+      destination:
+        server: 'https://kubernetes.default.svc'
+        namespace: 'kafka-{{path.basename}}'
+      syncPolicy:
+        automated:
+          prune: true
+          selfHeel: true
+        syncOptions:
+        - CreateNamespace=true
+
+
+#kubectl create secret generic alertmanager-secrets -n monitoring \
+#  --from-literal=smtp_password='DEIN_SMTP_PASSWORT' \
+#  --from-literal=twilio_token='DEIN_TWILIO_AUTH_TOKEN'
+
+# kubectl create secret generic s3-creds -n database \
+#  --from-literal=ACCESS_KEY_ID=admin \
+#  --from-literal=SECRET_ACCESS_KEY=password123
--- a/dev/argocd/kafka.yaml
+++ b/dev/argocd/kafka.yaml
@@ -1,18 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: kafka-dev
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitea.vhn-demo.duckdns.org/hoang/strimzi.git
-    targetRevision: HEAD
-    path: dev/kafka
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: kafka
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: false
--- a/dev/argocd/strimzi-dev.yaml
+++ b/dev/argocd/strimzi-dev.yaml
@@ -1,18 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: strimzi-dev
-  namespace: argocd
-spec:
-  project: default
-  source:
-    repoURL: https://gitea.vhn-demo.duckdns.org/hoang/strimzi.git
-    targetRevision: HEAD
-    path: dev/platform/strimzi
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: strimzi
-  syncPolicy:
-    automated:
-      prune: true
-      selfHeal: false
--- a/dev/kafka/cluster/kafka-cluster.yaml
+++ b/dev/kafka/cluster/kafka-cluster.yaml
@@ -1,46 +0,0 @@
-apiVersion: kafka.strimzi.io/v1beta2
-kind: Kafka
-metadata:
-  name: kafka-cluster
-  namespace: kafka
-  annotations:
-    argocd.argoproj.io/sync-wave: "2"
-spec:
-  kafka:
-    version: 3.7.0
-    metadataVersion: 3.7-IV4
-
-    listeners:
-      - name: internal
-        port: 9092
-        type: internal
-        tls: false
-
-    config:
-      num.partitions: 1 # PROD: 3
-      default.replication.factor: 1 # PROD: 3
-      min.insync.replicas: 1 # PROD: 2
-
-      offsets.topic.replication.factor: 1 # PROD: 3
-      transaction.state.log.replication.factor: 1 # PROD: 3
-      transaction.state.log.min.isr: 1 # PROD: 2
-
-      log.retention.hours: 24 # PROD: 168
-      log.segment.bytes: 1073741824
-
-      auto.create.topics.enable: true # DEV: true, PROD: false
-
-    resources:
-      requests:
-        cpu: "1"
-        memory: 4Gi
-      limits:
-        cpu: "2"
-        memory: 8Gi
-
-  kraft:
-    enabled: true
-
-  entityOperator:
-    topicOperator: {}
-    userOperator: {}
--- a/dev/kafka/namespace.yaml
+++ b/dev/kafka/namespace.yaml
@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: kafka
-  annotations:
-    argocd.argoproj.io/sync-wave: "-1"
--- a/dev/kafka/nodepools/kafka-nodepool.yaml
+++ b/dev/kafka/nodepools/kafka-nodepool.yaml
@@ -1,31 +0,0 @@
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaNodePool
-metadata:
-  name: dev-brokers
-  namespace: kafka
-  labels:
-    strimzi.io/cluster: kafka-cluster
-  annotations:
-    argocd.argoproj.io/sync-wave: "1"
-spec:
-  replicas: 1   # DEV: nur 1 Pod
-  roles:
-    - broker
-    - controller
-
-  resources:
-    requests:
-      cpu: "500m"
-      memory: 2Gi
-    limits:
-      cpu: "1"
-      memory: 4Gi
-
-  storage:
-    type: jbod
-    volumes:
-      - id: 0
-        type: persistent-claim
-        size: 10Gi
-        deleteClaim: true
-        class: standard   # ggf. anpassen!
--- a/dev/kafka/topics/kafka-topic.yaml
+++ b/dev/kafka/topics/kafka-topic.yaml
@@ -1,15 +0,0 @@
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaTopic
-metadata:
-  name: task-events
-  namespace: kafka
-  labels:
-    strimzi.io/cluster: kafka-cluster
-  annotations:
-    argocd.argoproj.io/sync-wave: "3"
-spec:
-  partitions: 1 # DEV: 1 PROD: 3
-  replicas: 1 # DEV: 1 PROD: <= Broker-Anzahl
-  config:
-    retention.ms: 86400000 # DEV: 86400000 (24h) PROD: "604800000"  # 7 days
-    cleanup.policy: delete
--- a/dev/kafka/users/kafka-user.yaml
+++ b/dev/kafka/users/kafka-user.yaml
@@ -1,30 +0,0 @@
-apiVersion: kafka.strimzi.io/v1beta2
-kind: KafkaUser
-metadata:
-  name: app-user
-  namespace: kafka
-  labels:
-    strimzi.io/cluster: kafka-cluster
-  annotations:
-    argocd.argoproj.io/sync-wave: "3"
-spec:
-  authentication:
-    type: tls
-  authorization:
-    type: simple
-    acls:
-      - resource:
-          type: topic
-          name: orders
-          patternType: literal
-        operation:
-          - Read
-          - Write
-          - Describe
-
-      - resource:
-          type: group
-          name: app-consumers
-          patternType: literal
-        operation:
-          - Read
--- a/dev/platform/strimzi/clusterrole.yaml
+++ b/dev/platform/strimzi/clusterrole.yaml
@@ -1,10 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: strimzi-cluster-operator
-  annotations:
-    argocd.argoproj.io/sync-wave: "0"
-rules:
-  - apiGroups: ["*"]
-    resources: ["*"]
-    verbs: ["*"]
--- a/dev/platform/strimzi/clusterrolebinding.yaml
+++ b/dev/platform/strimzi/clusterrolebinding.yaml
@@ -1,14 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: strimzi-cluster-operator
-  annotations:
-    argocd.argoproj.io/sync-wave: "0"
-subjects:
-  - kind: ServiceAccount
-    name: strimzi-cluster-operator
-    namespace: strimzi
-roleRef:
-  kind: ClusterRole
-  name: strimzi-cluster-operator
-  apiGroup: rbac.authorization.k8s.io
--- a/dev/platform/strimzi/deployment.yaml
+++ b/dev/platform/strimzi/deployment.yaml
@@ -1,38 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: strimzi-cluster-operator
-  namespace: strimzi
-  annotations:
-    argocd.argoproj.io/sync-wave: "0"
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      name: strimzi-cluster-operator
-  template:
-    metadata:
-      labels:
-        name: strimzi-cluster-operator
-    spec:
-      serviceAccountName: strimzi-cluster-operator
-      containers:
-        - name: strimzi-cluster-operator
-          image: quay.io/strimzi/operator:0.39.0
-          imagePullPolicy: IfNotPresent
-          env:
-            - name: STRIMZI_NAMESPACE
-              value: "*"
-            - name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS
-              value: "120000"
-            - name: STRIMZI_OPERATION_TIMEOUT_MS
-              value: "300000"
-            - name: STRIMZI_LOG_LEVEL
-              value: INFO
-          resources:
-            requests:
-              cpu: 200m
-              memory: 256Mi
-            limits:
-              cpu: 1
-              memory: 512Mi
--- a/dev/platform/strimzi/namespace.yaml
+++ b/dev/platform/strimzi/namespace.yaml
@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: strimzi
-  annotations:
-    argocd.argoproj.io/sync-wave: "-1"
--- a/dev/platform/strimzi/serviceaccount.yaml
+++ b/dev/platform/strimzi/serviceaccount.yaml
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: strimzi-cluster-operator
-  namespace: strimzi
-  annotations:
-    argocd.argoproj.io/sync-wave: "0"
--- a/k8s/base/database/cluster.yaml
+++ b/k8s/base/database/cluster.yaml
@@ -0,0 +1,20 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: timescale-cluster
+spec:
+  instances: 3
+  imageName: timescale/timescaledb:latest-pg15
+  storage:
+    size: 50Gi
+  backup:
+    barmanObjectStore:
+      destinationPath: "s3://backups/"
+      endpointURL: "http://minio.minio-system.svc.cluster.local:9000"
+      s3Credentials:
+        accessKeyId:
+          name: s3-creds
+          key: ACCESS_KEY_ID
+        secretAccessKey:
+          name: s3-creds
+          key: SECRET_ACCESS_KEY
--- a/k8s/base/kafka-cluster/cluster.yaml
+++ b/k8s/base/kafka-cluster/cluster.yaml
@@ -0,0 +1,44 @@
+apiVersion: kafka.strimzi.io/v1beta2
+kind: Kafka
+metadata:
+  name: dev-cluster
+  namespace: kafka
+spec:
+  kafka:
+    version: 3.6.1
+    replicas: 1
+    listeners:
+      - name: plain
+        port: 9092
+        type: internal
+        tls: false
+    config:
+      offsets.topic.replication.factor: 1
+      transaction.state.log.replication.factor: 1
+      transaction.state.log.min.isr: 1
+    storage:
+      type: ephemeral
+  zookeeper:
+    replicas: 1
+    storage:
+      type: ephemeral
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+  name: dev-topic
+  labels:
+    strimzi.io/cluster: dev-cluster
+spec:
+  partitions: 1
+  replicas: 1
+---
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+  name: dev-user
+  labels:
+    strimzi.io/cluster: dev-cluster
+spec:
+  authentication:
+    type: scram-sha-512
--- a/k8s/base/kafka-cluster/kafka.yaml
+++ b/k8s/base/kafka-cluster/kafka.yaml
@@ -0,0 +1,24 @@
+apiVersion: kafka.strimzi.io/v1beta2
+kind: Kafka
+metadata:
+  name: dev-cluster
+  namespace: kafka
+spec:
+  kafka:
+    version: 3.6.1
+    replicas: 1
+    listeners:
+      - name: plain
+        port: 9092
+        type: internal
+        tls: false
+    config:
+      offsets.topic.replication.factor: 1
+      transaction.state.log.replication.factor: 1
+      transaction.state.log.min.isr: 1
+    storage:
+      type: ephemeral
+  zookeeper:
+    replicas: 1
+    storage:
+      type: ephemeral
--- a/k8s/base/kafka-cluster/kustomization.yaml
+++ b/k8s/base/kafka-cluster/kustomization.yaml
@@ -0,0 +1,4 @@
+  - kafka.yaml
+  - topics.yaml
+  - users.yaml
+
--- a/k8s/base/kafka-cluster/topics.yaml
+++ b/k8s/base/kafka-cluster/topics.yaml
@@ -0,0 +1,9 @@
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaTopic
+metadata:
+  name: dev-topic
+  labels:
+    strimzi.io/cluster: dev-cluster
+spec:
+  partitions: 1
+  replicas: 1
--- a/k8s/base/kafka-cluster/users.yaml
+++ b/k8s/base/kafka-cluster/users.yaml
@@ -0,0 +1,9 @@
+apiVersion: kafka.strimzi.io/v1beta2
+kind: KafkaUser
+metadata:
+  name: dev-user
+  labels:
+    strimzi.io/cluster: dev-cluster
+spec:
+  authentication:
+    type: scram-sha-512
--- a/k8s/overlays/dev/kustomization.yaml
+++ b/k8s/overlays/dev/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../base/kafka-cluster
+
+