From cd9d319f0ae287c9ecad1b01a756abfe3713e29d Mon Sep 17 00:00:00 2001
From: infinicaretech <huseyin.ozer@infinicaretech.com>
Date: Wed, 1 Apr 2026 20:25:58 +0000
Subject: [PATCH] feat: initial GitOps infrastructure

ArgoCD app definitions, Kustomize manifests for health-app,
cert-manager ClusterIssuer, and AppProject configuration.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .gitignore                                    |  4 +
 apps/health-app.yaml                          | 31 ++++++++
 environments/health-app/base/deployment.yaml  | 74 +++++++++++++++++++
 environments/health-app/base/ingress.yaml     | 24 ++++++
 .../health-app/base/kustomization.yaml        | 13 ++++
 .../health-app/base/networkpolicy.yaml        | 21 ++++++
 environments/health-app/base/service.yaml     | 15 ++++
 .../overlays/production/kustomization.yaml    | 18 +++++
 .../cert-manager/cluster-issuer.yaml          | 31 ++++++++
 projects/infinicaretech.yaml                  | 24 ++++++
 10 files changed, 255 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 apps/health-app.yaml
 create mode 100644 environments/health-app/base/deployment.yaml
 create mode 100644 environments/health-app/base/ingress.yaml
 create mode 100644 environments/health-app/base/kustomization.yaml
 create mode 100644 environments/health-app/base/networkpolicy.yaml
 create mode 100644 environments/health-app/base/service.yaml
 create mode 100644 environments/health-app/overlays/production/kustomization.yaml
 create mode 100644 infrastructure/cert-manager/cluster-issuer.yaml
 create mode 100644 projects/infinicaretech.yaml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..9ad5cac
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,4 @@
+.env
+.env.*
+*.log
+.DS_Store
diff --git a/apps/health-app.yaml b/apps/health-app.yaml
new file mode 100644
index 0000000..85480d3
--- /dev/null
+++ b/apps/health-app.yaml
@@ -0,0 +1,31 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: health-app
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: infinicaretech
+  source:
+    repoURL: https://github.com/infinicaretech/gitops-infra.git
+    targetRevision: main
+    path: environments/health-app/overlays/production
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: health-app
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
+    syncOptions:
+      - CreateNamespace=true
+      - PrunePropagationPolicy=foreground
+      - PruneLast=true
+    retry:
+      limit: 3
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m0s
diff --git a/environments/health-app/base/deployment.yaml b/environments/health-app/base/deployment.yaml
new file mode 100644
index 0000000..5d27a7b
--- /dev/null
+++ b/environments/health-app/base/deployment.yaml
@@ -0,0 +1,74 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: health-app
+  labels:
+    app.kubernetes.io/name: health-app
+    app.kubernetes.io/part-of: infinicaretech
+spec:
+  replicas: 2
+  revisionHistoryLimit: 5
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: health-app
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 0
+      maxSurge: 1
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: health-app
+    spec:
+      automountServiceAccountToken: false
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1001
+        runAsGroup: 1001
+        fsGroup: 1001
+        seccompProfile:
+          type: RuntimeDefault
+      containers:
+        - name: health-app
+          image: ghcr.io/infinicaretech/health-app:latest
+          ports:
+            - name: http
+              containerPort: 3000
+              protocol: TCP
+          env:
+            - name: PORT
+              value: "3000"
+            - name: NODE_ENV
+              value: "production"
+          resources:
+            requests:
+              cpu: 50m
+              memory: 64Mi
+            limits:
+              cpu: 200m
+              memory: 128Mi
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: http
+            initialDelaySeconds: 10
+            periodSeconds: 30
+            timeoutSeconds: 3
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /ready
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 2
+            failureThreshold: 2
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            capabilities:
+              drop:
+                - ALL
+      imagePullSecrets:
+        - name: ghcr-cred
diff --git a/environments/health-app/base/ingress.yaml b/environments/health-app/base/ingress.yaml
new file mode 100644
index 0000000..ada1016
--- /dev/null
+++ b/environments/health-app/base/ingress.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: health-app
+  annotations:
+    cert-manager.io/cluster-issuer: infinicaretech-ca-issuer
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+        - health.infinicaretech.local
+      secretName: health-app-tls
+  rules:
+    - host: health.infinicaretech.local
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: health-app
+                port:
+                  name: http
diff --git a/environments/health-app/base/kustomization.yaml b/environments/health-app/base/kustomization.yaml
new file mode 100644
index 0000000..06949f6
--- /dev/null
+++ b/environments/health-app/base/kustomization.yaml
@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: health-app
+
+resources:
+  - deployment.yaml
+  - service.yaml
+  - ingress.yaml
+  - networkpolicy.yaml
+
+commonLabels:
+  app.kubernetes.io/managed-by: argocd
diff --git a/environments/health-app/base/networkpolicy.yaml b/environments/health-app/base/networkpolicy.yaml
new file mode 100644
index 0000000..994a626
--- /dev/null
+++ b/environments/health-app/base/networkpolicy.yaml
@@ -0,0 +1,21 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: health-app-netpol
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: health-app
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: ingress-nginx
+      ports:
+        - port: 3000
+          protocol: TCP
+  egress:
+    - {}
diff --git a/environments/health-app/base/service.yaml b/environments/health-app/base/service.yaml
new file mode 100644
index 0000000..64adbf7
--- /dev/null
+++ b/environments/health-app/base/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: health-app
+  labels:
+    app.kubernetes.io/name: health-app
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: health-app
+  ports:
+    - name: http
+      port: 80
+      targetPort: http
+      protocol: TCP
diff --git a/environments/health-app/overlays/production/kustomization.yaml b/environments/health-app/overlays/production/kustomization.yaml
new file mode 100644
index 0000000..5eab7a1
--- /dev/null
+++ b/environments/health-app/overlays/production/kustomization.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ../../base
+
+images:
+  - name: ghcr.io/infinicaretech/health-app
+    newTag: latest
+
+patches:
+  - target:
+      kind: Deployment
+      name: health-app
+    patch: |-
+      - op: replace
+        path: /spec/replicas
+        value: 2
diff --git a/infrastructure/cert-manager/cluster-issuer.yaml b/infrastructure/cert-manager/cluster-issuer.yaml
new file mode 100644
index 0000000..9a477a8
--- /dev/null
+++ b/infrastructure/cert-manager/cluster-issuer.yaml
@@ -0,0 +1,31 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned-issuer
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: infinicaretech-ca
+  namespace: cert-manager
+spec:
+  isCA: true
+  commonName: infinicaretech-ca
+  secretName: infinicaretech-ca-secret
+  privateKey:
+    algorithm: ECDSA
+    size: 256
+  issuerRef:
+    name: selfsigned-issuer
+    kind: ClusterIssuer
+    group: cert-manager.io
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: infinicaretech-ca-issuer
+spec:
+  ca:
+    secretName: infinicaretech-ca-secret
diff --git a/projects/infinicaretech.yaml b/projects/infinicaretech.yaml
new file mode 100644
index 0000000..1decebc
--- /dev/null
+++ b/projects/infinicaretech.yaml
@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: infinicaretech
+  namespace: argocd
+spec:
+  description: InfinicareTech applications
+  sourceRepos:
+    - "https://github.com/infinicaretech/gitops-infra.git"
+  destinations:
+    - namespace: health-app
+      server: https://kubernetes.default.svc
+    - namespace: hera-app
+      server: https://kubernetes.default.svc
+  clusterResourceWhitelist: []
+  namespaceResourceWhitelist:
+    - group: ""
+      kind: "*"
+    - group: apps
+      kind: "*"
+    - group: networking.k8s.io
+      kind: Ingress
+  orphanedResources:
+    warn: true