feat(infra): production bootstrap — cert-manager, longhorn, monitoring

Add new bases for cert-manager (Let's Encrypt + wildcard cert), Longhorn distributed storage, and monitoring (kube-prometheus-stack + Loki + Tempo + Grafana OIDC). Add cloud-init for Scaleway Elastic Metal provisioning. Production overlay: add patches for postgres sizing, SeaweedFS volume, OpenSearch storage, LiveKit service, Pingora host ports, resource limits, and CNPG daily barman backups. Update cert-manager.yaml with full dnsNames for all *.sunbeam.pt subdomains.
2026-03-06 12:06:27 +00:00
parent f7774558e9
commit 7ff35d3e0c
23 changed files with 855 additions and 35 deletions
--- a/base/monitoring/kustomization.yaml
+++ b/base/monitoring/kustomization.yaml
@@ -0,0 +1,34 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: monitoring
+
+resources:
+  - namespace.yaml
+  - vault-secrets.yaml
+  - grafana-oauth2client.yaml
+
+helmCharts:
+  # helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+  - name: kube-prometheus-stack
+    repo: https://prometheus-community.github.io/helm-charts
+    version: "82.9.0"
+    releaseName: kube-prometheus-stack
+    namespace: monitoring
+    valuesFile: prometheus-values.yaml
+    includeCRDs: true
+
+  # helm repo add grafana https://grafana.github.io/helm-charts
+  - name: loki
+    repo: https://grafana.github.io/helm-charts
+    version: "6.53.0"
+    releaseName: loki
+    namespace: monitoring
+    valuesFile: loki-values.yaml
+
+  - name: tempo
+    repo: https://grafana.github.io/helm-charts
+    version: "1.24.4"
+    releaseName: tempo
+    namespace: monitoring
+    valuesFile: tempo-values.yaml