eemoore/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
20 commits 1 branch 0 tags 21 MiB
Commit graph

9 commits

Author SHA1 Message Date
Infrastructure Admin
0dee133377 Add Argo Workflows, mTLS container registry, and fix infrastructure 
- Move Keycloak off Helm to plain Crossplane Object manifests (PostgreSQL + Keycloak deployment)
- Add Vaultwarden SSO/OIDC config with Keycloak, fix Recreate deployment strategy for RWO volumes
- Switch routing from Helm-based Pomerium to pomerium-allinone with all service routes
- Deploy Argo Workflows (controller, server, CRDs, RBAC) with KEDA queue-depth autoscaling
- Add Civo cluster autoscaler with pool-scaler for zero-to-one scale-up via Civo API
- Add node-labeler to auto-tag nodes by pool membership for nodeSelector scheduling
- Set up mTLS container registry at registry.nge6.com (Forgejo built-in, client cert required)
- Add internal registry route (registry-internal.nge6.com) for in-cluster image pulls
- Fix DNS records for new Emissary LB IP (212.2.241.28)
- Fix CoreDNS crash from invalid custom config
- Fix Emissary apiext expired webhook CA certificate

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-07 21:23:12 -04:00
Infrastructure Admin
a7ae41ee08 Complete GitOps infrastructure setup 
Added to kustomization.yaml:
- namespaces.yaml: Centralized namespace management
- auth/: Keycloak authentication system
- keycloak-config.yaml: Identity provider configuration
- sealed-secrets.yaml: Secret encryption system

Fixed namespace conflicts:
- Removed duplicate pomerium-namespace from pomerium.yaml
- Removed duplicate external-dns-namespace from external-dns.yaml
- All namespaces now managed centrally via namespaces.yaml

Now managing 72 Kubernetes resources via GitOps:
 Infrastructure: Crossplane providers, external-dns
 Certificates: cert-manager, Let's Encrypt, Gandi webhook
 Authentication: Keycloak, RBAC configs
 Applications: Forgejo, Pomerium, Vaultwarden
 Security: Sealed secrets, proper RBAC

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-09-28 02:43:00 -04:00
Infrastructure Admin
b41e7c2c50 Add cert-manager to GitOps infrastructure 
- Includes Gandi webhook for DNS-01 challenges
- ClusterIssuers for Let's Encrypt certificates
- RBAC configurations for cert-manager components

Second batch deployment - cert infrastructure now managed via GitOps.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-09-28 02:37:45 -04:00
Infrastructure Admin
e7c5a66bf6 Add core infrastructure to GitOps: providers, external-dns 
- providers.yaml: Crossplane provider installations
- provider-configs.yaml: Provider authentication configs
- external-dns.yaml: Automatic DNS record management

Testing batch deployment before adding more components.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-09-27 13:00:23 -04:00
Infrastructure Admin
81a2e96de1 Add Vaultwarden to GitOps infrastructure 
🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-09-27 00:05:25 -04:00
Infrastructure Admin
ccbb55cada Simplify GitOps to test with just core files first 2025-09-26 08:59:17 -04:00
Infrastructure Admin
faa488f7a8 Simplify kustomization to avoid namespace conflicts 2025-09-26 08:32:21 -04:00
Infrastructure Admin
b3647d71dd Fix kustomization.yaml with correct directory paths 2025-09-25 20:57:31 -04:00
Infrastructure Admin
11f3e9309c Add Kustomization config to exclude problematic directories from GitOps 2025-09-25 20:51:52 -04:00