feat(infra): production bootstrap — cert-manager, longhorn, monitoring

Add new bases for cert-manager (Let's Encrypt + wildcard cert), Longhorn distributed storage, and monitoring (kube-prometheus-stack + Loki + Tempo + Grafana OIDC). Add cloud-init for Scaleway Elastic Metal provisioning. Production overlay: add patches for postgres sizing, SeaweedFS volume, OpenSearch storage, LiveKit service, Pingora host ports, resource limits, and CNPG daily barman backups. Update cert-manager.yaml with full dnsNames for all *.sunbeam.pt subdomains.
2026-03-06 12:06:27 +00:00
parent f7774558e9
commit 7ff35d3e0c
23 changed files with 855 additions and 35 deletions
--- a/base/longhorn/kustomization.yaml
+++ b/base/longhorn/kustomization.yaml
@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+
+helmCharts:
+  - name: longhorn
+    repo: https://charts.longhorn.io
+    version: "1.11.0"
+    releaseName: longhorn
+    namespace: longhorn-system
+    valuesFile: values.yaml
--- a/base/longhorn/namespace.yaml
+++ b/base/longhorn/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: longhorn-system
--- a/base/longhorn/values.yaml
+++ b/base/longhorn/values.yaml
@@ -0,0 +1,24 @@
+# Longhorn distributed block storage
+# Single-node production deployment — RAID1 hardware already provides redundancy.
+
+defaultSettings:
+  # 1 replica: RAID1 mirrors the disk, so software replication adds no benefit
+  # on a single node and would halve available capacity.
+  defaultReplicaCount: 1
+
+  # Orphan auto-deletion: clean up node/instance orphaned resources automatically
+  orphanAutoDeletion: true
+
+  # Allow volumes to be scheduled on the only available node even when disk
+  # pressure is detected (single-node: no other node to reschedule to).
+  allowVolumeCreationWithDegradedAvailability: true
+
+  # Reduce reserved percentage to 10% — RAID1 hardware provides physical redundancy,
+  # so Longhorn doesn't need to hold back 30% for software replicas.
+  # With 937 GiB disk: 843 GiB schedulable (600 SW + 100 PG + ~143 headroom).
+  storageReservedPercentageForDefaultDisk: 10
+
+# Set Longhorn as the default StorageClass.
+persistence:
+  defaultClass: true
+  defaultClassReplicaCount: 1