d-bis/infrastructure
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: add .gitignore and README

Browse Source
This commit is contained in:
defiQUG
2026-02-09 21:51:46 -08:00
commit b970b4fc51
52 changed files with 3362 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
kubernetes/dev-staging/cluster-config.yaml Normal file
View File

@@ -0,0 +1,31 @@
# Development and Staging Kubernetes Cluster Configuration
apiVersion: v1
kind: ConfigMap
metadata:
name: cluster-config
namespace: kube-system
data:
environment: "dev-staging"
cluster-type: "shared"
node-pool:
dev: "dev-pool"
staging: "staging-pool"
resource-quotas:
dev: |
requests.cpu: "4"
requests.memory: "8Gi"
limits.cpu: "8"
limits.memory: "16Gi"
staging: |
requests.cpu: "8"
requests.memory: "16Gi"
limits.cpu: "16"
limits.memory: "32Gi"
storage-classes:
dev: "standard"
staging: "premium"
network-policies: "enabled"
monitoring: "enabled"
logging: "enabled"

70
kubernetes/dev-staging/setup.sh Executable file
View File

@@ -0,0 +1,70 @@
#!/bin/bash
# Setup shared dev/staging Kubernetes clusters
set -e
echo "☸️ Setting up shared dev/staging Kubernetes clusters..."
# Check prerequisites
command -v kubectl >/dev/null 2>&1 || { echo "❌ kubectl not found"; exit 1; }
command -v helm >/dev/null 2>&1 || { echo "❌ helm not found"; exit 1; }
# Create namespaces
echo "📦 Creating namespaces..."
kubectl create namespace dev --dry-run=client -o yaml | kubectl apply -f -
kubectl create namespace staging --dry-run=client -o yaml | kubectl apply -f -
# Label namespaces
kubectl label namespace dev environment=dev --overwrite
kubectl label namespace staging environment=staging --overwrite
# Apply cluster configuration
echo "⚙️ Applying cluster configuration..."
kubectl apply -f cluster-config.yaml
# Set up resource quotas
echo "📊 Setting up resource quotas..."
# Dev namespace quota
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ResourceQuota
metadata:
name: dev-quota
namespace: dev
spec:
hard:
requests.cpu: "4"
requests.memory: 8Gi
limits.cpu: "8"
limits.memory: 16Gi
persistentvolumeclaims: "10"
services.loadbalancers: "2"
EOF
# Staging namespace quota
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ResourceQuota
metadata:
name: staging-quota
namespace: staging
spec:
hard:
requests.cpu: "8"
requests.memory: 16Gi
limits.cpu: "16"
limits.memory: 32Gi
persistentvolumeclaims: "20"
services.loadbalancers: "4"
EOF
echo "✅ Shared dev/staging clusters configured!"
echo ""
echo "📝 Namespaces created:"
echo " - dev"
echo " - staging"
echo ""
echo "📝 Resource quotas configured"
echo "📝 Cluster configuration applied"

82
kubernetes/shared-cluster/ingress-controller.yaml Normal file
View File

@@ -0,0 +1,82 @@
# NGINX Ingress Controller Configuration
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ingress-nginx
namespace: ingress-nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ingress-nginx-controller
namespace: ingress-nginx
spec:
replicas: 2
selector:
matchLabels:
app: ingress-nginx
template:
metadata:
labels:
app: ingress-nginx
spec:
serviceAccountName: ingress-nginx
containers:
- name: controller
image: registry.k8s.io/ingress-nginx/controller:v1.9.0
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --annotations-prefix=nginx.ingress.kubernetes.io
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
---
apiVersion: v1
kind: Service
metadata:
name: ingress-nginx
namespace: ingress-nginx
spec:
type: LoadBalancer
ports:
- port: 80
targetPort: 80
protocol: TCP
name: http
- port: 443
targetPort: 443
protocol: TCP
name: https
selector:
app: ingress-nginx
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-configuration
namespace: ingress-nginx
data:
enable-cors: "true"
cors-allow-origin: "*"
cors-allow-methods: "GET, POST, PUT, DELETE, OPTIONS"
cors-allow-headers: "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization"
ssl-protocols: "TLSv1.2 TLSv1.3"

63
kubernetes/shared-cluster/namespace-isolation.yaml Normal file
View File

@@ -0,0 +1,63 @@
# Namespace Isolation Configuration
# Network Policies and RBAC for shared clusters
apiVersion: v1
kind: Namespace
metadata:
name: shared-services
labels:
name: shared-services
type: shared
---
# Network Policy: Allow ingress from shared-services namespace
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-shared-services
namespace: default
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: shared-services
---
# RBAC: Service Account for shared services
apiVersion: v1
kind: ServiceAccount
metadata:
name: shared-services-sa
namespace: shared-services
---
# Role: Limited permissions for shared services
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: shared-services-role
namespace: shared-services
rules:
- apiGroups: [""]
resources: ["pods", "services"]
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources: ["deployments"]
verbs: ["get", "list", "watch"]
---
# RoleBinding: Bind role to service account
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: shared-services-binding
namespace: shared-services
subjects:
- kind: ServiceAccount
name: shared-services-sa
namespace: shared-services
roleRef:
kind: Role
name: shared-services-role
apiGroup: rbac.authorization.k8s.io

27
kubernetes/shared-cluster/setup.sh Executable file
View File

@@ -0,0 +1,27 @@
#!/bin/bash
# Setup shared Kubernetes cluster configuration
set -e
echo "☸️ Setting up shared Kubernetes cluster configuration..."
# Check prerequisites
command -v kubectl >/dev/null 2>&1 || { echo "❌ kubectl not found"; exit 1; }
# Apply namespace isolation
echo "🔒 Applying namespace isolation..."
kubectl apply -f namespace-isolation.yaml
# Apply ingress controller
echo "🚪 Setting up ingress controller..."
kubectl apply -f ingress-controller.yaml
# Wait for ingress controller
echo "⏳ Waiting for ingress controller to be ready..."
kubectl wait --for=condition=available --timeout=300s deployment/ingress-nginx-controller -n ingress-nginx
echo "✅ Shared Kubernetes cluster configuration complete!"
echo ""
echo "📝 Ingress controller is ready"
echo " Get external IP: kubectl get svc -n ingress-nginx ingress-nginx"