Murat ÖZDEMİR
720c79d460
- This commit introduces the Terraform configuration to provision a production environment on Hetzner Cloud, building on the existing test setup. - Key improvements and new features include: * **Multi-node clusters:** Scaling to 3-node Swarm application and database clusters for improved resilience. * **High availability:** Utilizing a Hetzner Floating IP for the application entry point and `spread` placement groups for fault tolerance across physical hosts. * **Enhanced network security:** Internal management services (RabbitMQ, APISIX, Prometheus, Grafana) are restricted to the application subnet, expected to be accessed via an internal reverse proxy (SWAG). * **Internal database replication:** New firewall rules enable PostgreSQL replication and MongoDB replica set traffic within the database subnet. * **Refined test environment:** Updates to align `test` configuration with the new `prod` structure, including a dedicated floating IP and adjusted firewall rules. * **Configuration standardization:** Environment-specific details moved to `locals.tf` for clarity, with upgraded server types and migration to Rocky Linux as the base image. - Updates were also made to the latest version of Terraform to ensure consistency in the documentation
5.6 KiB
5.6 KiB
Setup Aşamaları — Roadmap Eşleştirme Tablosu
Bu tablo, roadmap/test-env ve roadmap/prod-env klasörlerindeki yol haritası adımlarının
Terraform/Ansible setup aşamalarından hangisinde ele alındığını gösterir.
TEST ortamı
| Roadmap adımı | Hangi aşamada ele alınmalı |
|---|---|
| Hetzner firewall (sadece 22/80/443) | Terraform 01-test-terraform-iaac.md — firewall.tf |
Sunucu oluşturma (iklim-app-01, iklim-db-01) |
Terraform 01-test-terraform-iaac.md — servers.tf |
Private network + placement group (iklim-test-spread) |
Terraform 01-test-terraform-iaac.md — network.tf, placement.tf |
Floating IP (iklim-test-app-fip) |
Terraform 01-test-terraform-iaac.md — floating_ip.tf |
| Docker Engine kurulumu | Ansible 02-test-ansible-bootstrap.md — docker role |
| Security hardening (SSH, firewalld, fail2ban) | Ansible 02-test-ansible-bootstrap.md — hardening role |
Docker Swarm init (init/swarm-init.sh) |
Ansible 02-test-ansible-bootstrap.md — swarm role (pipeline script idempotent çalışmaya devam eder) |
type=service node label |
Ansible 02-test-ansible-bootstrap.md — swarm role |
/opt/iklimco/... dizinleri |
Ansible 02-test-ansible-bootstrap.md — node_dirs role |
StorageBox DAVFS mount (u469968-sub1) |
Ansible 02-test-ansible-bootstrap.md — storagebox role |
act_runner systemd kurulumu |
Ansible 03-test-runner-ve-deploy-onkosullari.md — gitea_runner role |
| GoDaddy credentials storagebox'a yükleme | Manuel kalır — secret yönetimi, Terraform/Ansible dışı |
PROD ortamı
| Roadmap adımı | Hangi aşamada ele alınmalı |
|---|---|
6 sunucu oluşturma (iklim-app-01/02/03, iklim-db-01/02/03) |
Terraform 04-prod-terraform-iaac.md — servers.tf |
| Private network + 2 placement group | Terraform 04-prod-terraform-iaac.md — network.tf, placement.tf |
| Firewall (sadece 22/80/443 public) | Terraform 04-prod-terraform-iaac.md — firewall.tf |
Floating IP (iklim-prod-app-fip, iklim-app-01'e atanır) |
Terraform 04-prod-terraform-iaac.md — floating_ip.tf |
Docker Engine kurulumu (iklim-app-*) |
Ansible 05-prod-ansible-bootstrap.md — docker role |
| Security hardening (tüm node'lar) | Ansible 05-prod-ansible-bootstrap.md — hardening role |
Swarm init (iklim-app-01) |
Ansible 05-prod-ansible-bootstrap.md — swarm role |
Manager join (iklim-app-02, iklim-app-03) |
Ansible 05-prod-ansible-bootstrap.md — swarm role |
type=service node label (3 swarm node) |
Ansible 05-prod-ansible-bootstrap.md — swarm role |
/opt/iklimco/... dizinleri |
Ansible 05-prod-ansible-bootstrap.md — node_dirs role |
StorageBox DAVFS mount (u469968-sub2) |
Ansible 05-prod-ansible-bootstrap.md — storagebox role |
3× act_runner systemd (HA runner) |
Ansible 06-prod-runner-ha-ve-swarm.md — gitea_runner role |
| GoDaddy credentials storagebox'a yükleme | Manuel kalır — secret yönetimi, Terraform/Ansible dışı |
| DB node'ları Swarm'a join | Kapsam dışı — DB cluster ayrı yönetilir |
Klasör yapısı
Environment_Infrastructure/
setup/ ← Terraform + Ansible aşama dokümanları
00-genel-yol-haritasi.md
01-test-terraform-iaac.md
02-test-ansible-bootstrap.md
03-test-runner-ve-deploy-onkosullari.md
04-prod-terraform-iaac.md
05-prod-ansible-bootstrap.md
06-prod-runner-ha-ve-swarm.md
07-private-network-port-matrisi.md
roadmap/
test-env/ ← Test ortamı Roadmap adımları
prod-env/ ← Prod Roadmap adımları
setup-vs-roadmap-map.md ← Bu dosya