craftcloud-admin/ccc2
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions
No description
320 commits 2 branches 0 tags 528 KiB
  • Shell 100%
Find a file
Exact
Mike de Heij 5e108e2f5f
All checks were successful
Validate / validate (push) Successful in 8s
Details
fix(ci): exclude patch-*.yaml from kubeconform validation
2026-05-31 18:04:02 +02:00
.forgejo/workflows fix(ci): exclude patch-*.yaml from kubeconform validation 2026-05-31 18:04:02 +02:00
applications fix(forgejo): set workingDir /data so runner finds .runner file 2026-05-31 18:02:11 +02:00
bootstrap feat: add forgejo 2026-05-25 15:12:10 +02:00
clusters fix(forgejo): ignore only password in forgejo-admin secret, not full data 2026-05-31 16:10:59 +02:00
infrastructure fix(gateway): separate listener per domain for SNI cert selection 2026-05-31 17:36:47 +02:00
scripts additional secrets, base, dbom 2026-05-16 11:58:55 +02:00
tenants soft launch prepare, revert me later perhaps 2026-05-16 12:19:06 +02:00
.gitignore fix: add registry credential for craftcloud-nl 2026-04-27 22:07:51 +02:00
.prettierrc.yaml feat: initialize ccc2 2026-04-24 00:32:06 +02:00
.sops.yaml fix: Removes mac_only_encrypted from SOPS config, prevents ArgoCD CRD schema validation errors on SopsSecret resources, as the field gets embedded in encrypted manifests but is undeclared in the operator CRD schema. 2026-04-26 23:22:04 +02:00
.yamllint.yaml feat: initialize ccc2 2026-04-24 00:32:06 +02:00
AGENT.md feat: use new mariadb api group and rename instance to mariadb-clients 2026-04-27 11:30:48 +02:00
cilium-default-values.yaml fix: cilium 2026-04-24 16:22:24 +02:00
cilium-values.yaml fix: verhoog Cilium endpoint-create rate limit naar 100/s met burst 200 2026-04-26 16:34:11 +02:00
cluster.yaml fix: pin Cilium chart_version op 1.19.3 in cluster.yaml 2026-04-26 16:35:36 +02:00
current-values.yaml fix: cilium 2026-04-24 16:22:24 +02:00
DECISIONS.md feat: add resource limits for core apps and commented-out placeholders for netpol/snapshots 2026-04-24 09:54:39 +02:00
GEMINI.md docs: add handover notes and document gateway api loadbalancer workaround 2026-04-24 13:58:43 +02:00
gwclass.yaml fix: replace crds for gateway 2026-04-24 18:35:15 +02:00
k3d-config.yaml feat: initialize ccc2 2026-04-24 00:32:06 +02:00
PLAN_VAN_AANPAK.md chore: todos en pva 2026-04-26 14:35:49 +02:00
README.md refactor: rename craftcloud-gateway to public 2026-04-24 13:24:20 +02:00
renovate.json feat: initialize ccc2 2026-04-24 00:32:06 +02:00
Taskfile.migrate.yml fix(mariadb): rotate clients-db password 2026-05-17 20:46:28 +02:00
Taskfile.yaml Revert "feat(mail): add mail:domain, mail:user, mail:alias tasks" 2026-05-17 10:00:44 +02:00
TODO.md fix: verhoog Cilium endpoint-create rate limit om 429 errors op te lossen 2026-04-26 16:10:01 +02:00

README.md

CraftCloud Kubernetes Platform (ccc2)

GitOps repository voor het CraftCloud platform op k3s + Hetzner Cloud.

Repository Structuur

Folder Doel
/infrastructure Core componenten (Cilium, Storage, ArgoCD)
/applications Gedeelde diensten (Mail, Harbor, Monitoring)
/tenants Klant-workloads en specifieke sites
/clusters Omgeving-specifieke configuratie (Prod, Local)
/bootstrap Initiële namespaces en secrets

GitOps Flow

Dit cluster wordt beheerd via ArgoCD. De root-applicatie (craftcloud-root) bevindt zich in clusters/{env}/.

App Discovery & Toggles

We gebruiken ApplicationSets voor automatische discovery:

  • Bestanden: Apps worden ontdekt via .argocd.yaml bestanden.
  • Uitschakelen: Om een app volledig te deactiveren (geen sync/recreatie), hernoem je .argocd.yaml naar DISABLED_argocd.yaml.
  • Tenants: Elke submap in tenants/ met een .argocd.yaml bestand wordt automatisch een ArgoCD applicatie.

Ontwikkeling & Validatie

Branching

De actieve ontwikkelbranch is main.

Lokale Validatie

Voordat je pusht, run je de validatie:

task validate   # Kustomize build + conventiecontroles
task fmt        # Formatteer YAML bestanden

Technische Details

  • Cluster: K3s op Hetzner Cloud.
  • Netwerk: Cilium 1.17 met Gateway API.
  • Ingress: public in de kube-system namespace.
  • Storage: Hetzner CSI (hcloud-volumes) is de standaard StorageClass. Longhorn is niet langer in gebruik.
  • Certs: Cert-manager met DNS01 solver (Hetzner DNS).

Cluster Rebuild / Setup

Bij een verse installatie of herbouw:

  1. hetzner-k3s create --config cluster.yaml
  2. task up:repo-credentials (Zorg voor REPO_USER/REPO_PASS in .env)
  3. kubectl apply -k bootstrap/prod
  4. ArgoCD en de Root App installeren via Helm/Kubectl.