iklim.co/Environment_Infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Environment_Infrastructure/setup-vs-roadmap-map.md
Murat ÖZDEMİR 5ddba7eba4 docs: update production roadmap for HA Vault and shared storage 
- Refactor production setup documentation to reflect a 3-node Vault Raft cluster starting from launch.
- Update all paths to use StorageBox mounts for shared state (SWAG config, TLS certs, Monitoring data).
- Switch Nginx configuration convention from proxy-confs to site-confs to align with SWAG's auto-include behavior.
- Standardize TLS private key extensions to .pem.
- Update node failover and recovery facts to include monitoring services.
- Align deployment pipeline instructions with the latest environment variable-driven approach.
2026-05-16 16:18:21 +03:00

5.8 KiB
Raw Blame History

Setup Aşamaları — Roadmap Eşleştirme Tablosu

Bu tablo, roadmap/test-env ve roadmap/prod-env klasörlerindeki yol haritası adımlarının Terraform/Ansible setup aşamalarından hangisinde ele alındığını gösterir.

TEST ortamı

Roadmap adımı Hangi aşamada ele alınmalı
Hetzner firewall (sadece 22/80/443) Terraform 02-test-terraform-iaac.mdfirewall.tf
Sunucu oluşturma (iklim-app-01, iklim-db-01) Terraform 02-test-terraform-iaac.mdservers.tf
Private network + placement group (iklim-test-spread) Terraform 02-test-terraform-iaac.mdnetwork.tf, placement.tf
Floating IP (iklim-test-app-fip) Terraform 02-test-terraform-iaac.mdfloating_ip.tf
Docker Engine kurulumu (app + db node) Ansible 03-test-ansible-bootstrap.mddocker role
Security hardening (SSH, firewalld, fail2ban) Ansible 03-test-ansible-bootstrap.mdhardening role
Docker Swarm init + iklim-db-01 worker join Ansible 03-test-ansible-bootstrap.mdswarm role
type=service ve role=db node label'ları Ansible 03-test-ansible-bootstrap.mdswarm role
/opt/iklimco/... dizinleri Ansible 03-test-ansible-bootstrap.mdnode_dirs role
StorageBox DAVFS mount (u469968-sub4) Ansible 03-test-ansible-bootstrap.mdstoragebox role
DB stack deploy (PostgreSQL + MongoDB on iklim-db-01) Manuel 04-test-db-docker-kurulum.md
act_runner systemd kurulumu Ansible 05-test-runner-ve-deploy-onkosullari.mdact_runner role (test-app-post-stack.yml)
GoDaddy credentials storagebox'a yükleme Manuel kalır — secret yönetimi, Terraform/Ansible dışı
docker-stack-infra.yml port kaldırma + SWAG/cert-reloader ekleme Pipeline deploy-test.yml + repo değişikliğiroadmap/test-env/03
SWAG nginx proxy conf'ları (swag/site-confs/*.conf.tpl) Repo içinde teslim edildiroadmap/test-env/04
APISIX SSL cert yükleme bloğu kaldırma (init/apisix-core/init.sh) Repo değişikliğiroadmap/test-env/05
cert-reloader sidecar servisi docker-stack-infra.yml'e eklendiroadmap/test-env/06
Pipeline güncelleme: Prepare SWAG Dirs + Bootstrap SWAG Cert + Run DB Init deploy-test.ymlroadmap/test-env/07
Deployment sonrası doğrulama kontrol listesi Manuel roadmap/test-env/08-verify.md

PROD ortamı

Roadmap adımı Hangi aşamada ele alınmalı
6 sunucu oluşturma (iklim-app-01/02/03, iklim-db-01/02/03) Terraform 06-prod-terraform-iaac.mdservers.tf
Private network + 2 placement group Terraform 06-prod-terraform-iaac.mdnetwork.tf, placement.tf
Firewall (sadece 22/80/443 public; private port matrisi) Terraform 06-prod-terraform-iaac.mdfirewall.tf
Floating IP (iklim-prod-app-fip, iklim-app-01'e atanır) Terraform 06-prod-terraform-iaac.mdfloating_ip.tf
Docker Engine kurulumu (tüm node'lar — app ve db) Ansible 07-prod-ansible-bootstrap.mddocker role
Security hardening (tüm node'lar) Ansible 07-prod-ansible-bootstrap.mdhardening role
Swarm init (iklim-app-01) + manager join (iklim-app-02/03) Ansible 07-prod-ansible-bootstrap.mdswarm role
type=service node label (3 app node) Ansible 07-prod-ansible-bootstrap.mdswarm role
/opt/iklimco/... dizinleri + /opt/iklimco/stacks Ansible 07-prod-ansible-bootstrap.mdnode_dirs role
StorageBox DAVFS mount (u469968-sub5) Ansible 07-prod-ansible-bootstrap.mdstoragebox role
DB node'larını Swarm'a worker olarak join et Manuel 08-prod-db-cluster-kurulum.md — Bölüm 2
role=db node label (3 db node) Manuel 08-prod-db-cluster-kurulum.md — Bölüm 2
etcd cluster deploy (Patroni için) Manuel 08-prod-db-cluster-kurulum.md — Bölüm 5.2
MongoDB replica set deploy Manuel 08-prod-db-cluster-kurulum.md — Bölüm 4
Patroni + PostgreSQL HA deploy Manuel 08-prod-db-cluster-kurulum.md — Bölüm 5.4
3× act_runner systemd (HA runner) Ansible 09-prod-runner-ha-ve-swarm.mdact_runner role
GoDaddy credentials storagebox'a yükleme Manuel kalır — secret yönetimi, Terraform/Ansible dışı
docker-stack-infra.yml port kaldırma + SWAG/cert-reloader ekleme Repo değişikliğiroadmap/prod-env/03
SWAG nginx proxy conf'ları (swag/site-confs/*.conf.tpl) Repo içinde teslim edildiroadmap/prod-env/04
APISIX SSL cert yükleme bloğu kaldırma (init/apisix-core/init.sh) Repo değişikliğiroadmap/prod-env/05
cert-reloader sidecar servisi docker-stack-infra.yml'e eklendiroadmap/prod-env/06
Vault Raft Cluster geçiş planı Manuel / İleri Fazroadmap/prod-env/07
Pipeline güncelleme: Prepare SWAG Dirs + Bootstrap SWAG Cert deploy-prod.ymlroadmap/prod-env/08
Deployment sonrası doğrulama kontrol listesi Manuel roadmap/prod-env/09-verify.md

Klasör yapısı

Environment_Infrastructure/
  setup/                              ← Terraform + Ansible aşama dokümanları
    00-genel-yol-haritasi.md
    01-private-network-port-matrisi.md
    02-test-terraform-iaac.md
    03-test-ansible-bootstrap.md
    04-test-db-docker-kurulum.md
    05-test-runner-ve-deploy-onkosullari.md
    06-prod-terraform-iaac.md
    07-prod-ansible-bootstrap.md
    08-prod-db-cluster-kurulum.md
    09-prod-runner-ha-ve-swarm.md
  roadmap/
    test-env/                         ← Test ortamı Roadmap adımları
    prod-env/                         ← Prod Roadmap adımları
  setup-vs-roadmap-map.md             ← Bu dosya