- Staging cluster werkend tot op phase 6 van cluster-install.md, inclusief HTTPS, Bunny, verificatie service.

2025-08-29 17:50:14 +02:00
parent 2a4c9d7b00
commit 25ab9ccf23
23 changed files with 1525 additions and 889 deletions
--- a/scaleway/manifests/base/infrastructure/00-namespaces.yaml
+++ b/scaleway/manifests/base/infrastructure/00-namespaces.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: eveai-staging
+  labels:
+    environment: staging
+    app: eveai
+
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: monitoring
+  labels:
+    environment: staging
+    app: monitoring
--- a/scaleway/manifests/base/infrastructure/03-cluster-issuers.yaml
+++ b/scaleway/manifests/base/infrastructure/03-cluster-issuers.yaml
@@ -0,0 +1,15 @@
+# ClusterIssuer for Let's Encrypt staging (test first)
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    email: pieter@askeveai.com
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
--- a/scaleway/manifests/base/infrastructure/cert-manager-values.yaml
+++ b/scaleway/manifests/base/infrastructure/cert-manager-values.yaml
@@ -0,0 +1,52 @@
+# cert-manager-values.yaml
+# Global configuration
+global:
+  leaderElection:
+    namespace: "cert-manager"
+
+# Install CRDs as part of Helm release (alternative to manual install)
+# installCRDs: false  # We install manually above
+
+# Resource configuration
+resources:
+  limits:
+    cpu: 100m
+    memory: 128Mi
+  requests:
+    cpu: 10m
+    memory: 32Mi
+
+# Webhook configuration
+webhook:
+  resources:
+    limits:
+      cpu: 100m
+      memory: 128Mi
+    requests:
+      cpu: 10m
+      memory: 32Mi
+
+# CA Injector configuration
+cainjector:
+  resources:
+    limits:
+      cpu: 100m
+      memory: 128Mi
+    requests:
+      cpu: 10m
+      memory: 32Mi
+
+# Security context
+securityContext:
+  runAsNonRoot: true
+  runAsUser: 1001
+
+# Node selector (optional)
+# nodeSelector:
+#   kubernetes.io/os: linux
+
+# Prometheus monitoring (disabled - no Prometheus operator installed)
+prometheus:
+  enabled: false
+  servicemonitor:
+    enabled: false
--- a/scaleway/manifests/base/infrastructure/ingress-values.yaml
+++ b/scaleway/manifests/base/infrastructure/ingress-values.yaml
@@ -0,0 +1,46 @@
+# ingress-values.yaml
+controller:
+  # Disable admission webhook to prevent ACME challenge validation issues
+  admissionWebhooks:
+    enabled: false
+  # Service configuratie
+  service:
+    type: LoadBalancer
+    loadBalancerIP: "51.159.25.49"  # Jouw huidige IP
+    annotations:
+      # Scaleway specifieke annotaties
+      service.beta.kubernetes.io/scw-loadbalancer-use-hostname: "true"
+      service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v1: "false"
+      service.beta.kubernetes.io/scw-loadbalancer-proxy-protocol-v2: "false"
+
+  # Resource limits (optioneel, maar aanbevolen)
+  resources:
+    limits:
+      cpu: 500m
+      memory: 512Mi
+    requests:
+      cpu: 100m
+      memory: 128Mi
+
+  # Replica's voor high availability (optioneel)
+  replicaCount: 1
+
+  # Node selector (optioneel, voor specific nodes)
+  # nodeSelector:
+  #   kubernetes.io/os: linux
+
+  # Metrics (voor monitoring later)
+  metrics:
+    enabled: true
+    service:
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "10254"
+
+# Default backend (optioneel)
+defaultBackend:
+  enabled: true
+  image:
+    registry: registry.k8s.io
+    image: defaultbackend-amd64
+    tag: "1.5"