chore: initial infrastructure scaffold

Kustomize base + overlays for the full Sunbeam k3s stack: - base/mesh — Linkerd edge (crds + control-plane + viz) - base/ingress — custom Pingora edge proxy - base/ory — Kratos 0.60.1 + Hydra 0.60.1 + login-ui - base/data — CloudNativePG 0.27.1, Valkey 8, OpenSearch 2 - base/storage — SeaweedFS master + volume + filer (S3 on :8333) - base/lasuite — Hive sync daemon + La Suite app placeholders - base/media — LiveKit livekit-server 1.9.0 - base/devtools — Gitea 12.5.0 (external PG + Valkey) overlays/local — sslip.io domain, mkcert TLS, Lima hostPort overlays/production — stub (TODOs for sunbeam.pt values) scripts/ — local-up/down/certs/urls helpers justfile — up / down / certs / urls targets
2026-02-28 13:42:27 +00:00
commit 5d9bd7b067
51 changed files with 2647 additions and 0 deletions
--- a/base/data/kustomization.yaml
+++ b/base/data/kustomization.yaml
@@ -0,0 +1,21 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: data
+
+resources:
+  - namespace.yaml
+  - postgres-cluster.yaml
+  - valkey-deployment.yaml
+  - valkey-service.yaml
+  - opensearch-deployment.yaml
+  - opensearch-service.yaml
+
+helmCharts:
+  # CloudNativePG operator — chart name: cloudnative-pg
+  # helm repo add cnpg https://cloudnative-pg.github.io/charts
+  - name: cloudnative-pg
+    repo: https://cloudnative-pg.github.io/charts
+    version: "0.27.1"
+    releaseName: cnpg
+    namespace: data
--- a/base/data/namespace.yaml
+++ b/base/data/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: data
+  annotations:
+    linkerd.io/inject: enabled
--- a/base/data/opensearch-deployment.yaml
+++ b/base/data/opensearch-deployment.yaml
@@ -0,0 +1,44 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: opensearch
+  namespace: data
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: opensearch
+  template:
+    metadata:
+      labels:
+        app: opensearch
+    spec:
+      initContainers:
+        - name: sysctl
+          image: busybox
+          command: ["sysctl", "-w", "vm.max_map_count=262144"]
+          securityContext:
+            privileged: true
+      containers:
+        - name: opensearch
+          image: opensearchproject/opensearch:2
+          ports:
+            - name: http
+              containerPort: 9200
+              protocol: TCP
+            - name: transport
+              containerPort: 9300
+              protocol: TCP
+          env:
+            - name: discovery.type
+              value: single-node
+            - name: OPENSEARCH_JAVA_OPTS
+              value: "-Xms256m -Xmx512m"
+            - name: DISABLE_SECURITY_PLUGIN
+              value: "true"
+          resources:
+            limits:
+              memory: 512Mi
+            requests:
+              memory: 256Mi
+              cpu: 100m
--- a/base/data/opensearch-service.yaml
+++ b/base/data/opensearch-service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: opensearch
+  namespace: data
+spec:
+  selector:
+    app: opensearch
+  ports:
+    - name: http
+      port: 9200
+      targetPort: 9200
+      protocol: TCP
+    - name: transport
+      port: 9300
+      targetPort: 9300
+      protocol: TCP
--- a/base/data/postgres-cluster.yaml
+++ b/base/data/postgres-cluster.yaml
@@ -0,0 +1,52 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: postgres
+  namespace: data
+spec:
+  instances: 1
+
+  postgresql:
+    parameters:
+      max_connections: "100"
+      shared_buffers: "128MB"
+      work_mem: "4MB"
+
+  bootstrap:
+    initdb:
+      database: postgres
+      owner: postgres
+      secret:
+        name: postgres-superuser
+      postInitSQL:
+        # Create all 10 logical databases and their owners
+        - CREATE USER kratos;
+        - CREATE DATABASE kratos_db OWNER kratos;
+        - CREATE USER hydra;
+        - CREATE DATABASE hydra_db OWNER hydra;
+        - CREATE USER docs;
+        - CREATE DATABASE docs_db OWNER docs;
+        - CREATE USER meet;
+        - CREATE DATABASE meet_db OWNER meet;
+        - CREATE USER drive;
+        - CREATE DATABASE drive_db OWNER drive;
+        - CREATE USER messages;
+        - CREATE DATABASE messages_db OWNER messages;
+        - CREATE USER conversations;
+        - CREATE DATABASE conversations_db OWNER conversations;
+        - CREATE USER people;
+        - CREATE DATABASE people_db OWNER people;
+        - CREATE USER gitea;
+        - CREATE DATABASE gitea_db OWNER gitea;
+        - CREATE USER hive;
+        - CREATE DATABASE hive_db OWNER hive;
+
+  storage:
+    size: 10Gi
+
+  resources:
+    requests:
+      memory: 256Mi
+      cpu: 250m
+    limits:
+      memory: 512Mi
--- a/base/data/valkey-deployment.yaml
+++ b/base/data/valkey-deployment.yaml
@@ -0,0 +1,34 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: valkey
+  namespace: data
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: valkey
+  template:
+    metadata:
+      labels:
+        app: valkey
+    spec:
+      containers:
+        - name: valkey
+          image: valkey/valkey:8-alpine
+          ports:
+            - name: valkey
+              containerPort: 6379
+              protocol: TCP
+          args:
+            - valkey-server
+            - --maxmemory
+            - 56mb
+            - --maxmemory-policy
+            - allkeys-lru
+          resources:
+            limits:
+              memory: 64Mi
+            requests:
+              memory: 32Mi
+              cpu: 25m
--- a/base/data/valkey-service.yaml
+++ b/base/data/valkey-service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: valkey
+  namespace: data
+spec:
+  selector:
+    app: valkey
+  ports:
+    - name: valkey
+      port: 6379
+      targetPort: 6379
+      protocol: TCP