gitea_admin/gitops-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: initial GitOps infrastructure

Browse Source 
ArgoCD app definitions, Kustomize manifests for health-app,
cert-manager ClusterIssuer, and AppProject configuration.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
infinicaretech
2026-04-01 20:25:58 +00:00
commit cd9d319f0a
10 changed files with 255 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored Normal file
View File

@@ -0,0 +1,4 @@
.env
.env.*
*.log
.DS_Store

31
apps/health-app.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: health-app
namespace: argocd
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: infinicaretech
source:
repoURL: https://github.com/infinicaretech/gitops-infra.git
targetRevision: main
path: environments/health-app/overlays/production
destination:
server: https://kubernetes.default.svc
namespace: health-app
syncPolicy:
automated:
prune: true
selfHeal: true
allowEmpty: false
syncOptions:
- CreateNamespace=true
- PrunePropagationPolicy=foreground
- PruneLast=true
retry:
limit: 3
backoff:
duration: 5s
factor: 2
maxDuration: 3m0s

74
environments/health-app/base/deployment.yaml Normal file
View File

@@ -0,0 +1,74 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: health-app
labels:
app.kubernetes.io/name: health-app
app.kubernetes.io/part-of: infinicaretech
spec:
replicas: 2
revisionHistoryLimit: 5
selector:
matchLabels:
app.kubernetes.io/name: health-app
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 1
template:
metadata:
labels:
app.kubernetes.io/name: health-app
spec:
automountServiceAccountToken: false
securityContext:
runAsNonRoot: true
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
seccompProfile:
type: RuntimeDefault
containers:
- name: health-app
image: ghcr.io/infinicaretech/health-app:latest
ports:
- name: http
containerPort: 3000
protocol: TCP
env:
- name: PORT
value: "3000"
- name: NODE_ENV
value: "production"
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 200m
memory: 128Mi
livenessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 10
periodSeconds: 30
timeoutSeconds: 3
failureThreshold: 3
readinessProbe:
httpGet:
path: /ready
port: http
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 2
failureThreshold: 2
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
imagePullSecrets:
- name: ghcr-cred

24
environments/health-app/base/ingress.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: health-app
annotations:
cert-manager.io/cluster-issuer: infinicaretech-ca-issuer
nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
ingressClassName: nginx
tls:
- hosts:
- health.infinicaretech.local
secretName: health-app-tls
rules:
- host: health.infinicaretech.local
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: health-app
port:
name: http

13
environments/health-app/base/kustomization.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: health-app
resources:
- deployment.yaml
- service.yaml
- ingress.yaml
- networkpolicy.yaml
commonLabels:
app.kubernetes.io/managed-by: argocd

21
environments/health-app/base/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,21 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: health-app-netpol
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: health-app
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: ingress-nginx
ports:
- port: 3000
protocol: TCP
egress:
- {}

15
environments/health-app/base/service.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: health-app
labels:
app.kubernetes.io/name: health-app
spec:
type: ClusterIP
selector:
app.kubernetes.io/name: health-app
ports:
- name: http
port: 80
targetPort: http
protocol: TCP

18
environments/health-app/overlays/production/kustomization.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../base
images:
- name: ghcr.io/infinicaretech/health-app
newTag: latest
patches:
- target:
kind: Deployment
name: health-app
patch: |-
- op: replace
path: /spec/replicas
value: 2

31
infrastructure/cert-manager/cluster-issuer.yaml Normal file
View File

@@ -0,0 +1,31 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: infinicaretech-ca
namespace: cert-manager
spec:
isCA: true
commonName: infinicaretech-ca
secretName: infinicaretech-ca-secret
privateKey:
algorithm: ECDSA
size: 256
issuerRef:
name: selfsigned-issuer
kind: ClusterIssuer
group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: infinicaretech-ca-issuer
spec:
ca:
secretName: infinicaretech-ca-secret

24
projects/infinicaretech.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: infinicaretech
namespace: argocd
spec:
description: InfinicareTech applications
sourceRepos:
- "https://github.com/infinicaretech/gitops-infra.git"
destinations:
- namespace: health-app
server: https://kubernetes.default.svc
- namespace: hera-app
server: https://kubernetes.default.svc
clusterResourceWhitelist: []
namespaceResourceWhitelist:
- group: ""
kind: "*"
- group: apps
kind: "*"
- group: networking.k8s.io
kind: Ingress
orphanedResources:
warn: true