iklim.co/Environment_Infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Environment_Infrastructure/setup-vs-roadmap-map.md
Murat ÖZDEMİR bf64c2964c docs: update firewall facts and roadmap mapping 
- Include missing WireGuard port (51820/udp) in firewall documentation.
- Synchronize PROD DB firewall rules with the latest Patroni/Swarm setup requirements.
- Complete the PROD section of setup-vs-roadmap-map.md to cover all transition steps.
- Clarify that infra services (Vault, RabbitMQ, etc.) are restricted to private/overlay networks.
2026-05-14 16:26:05 +03:00

79 lines
5.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Setup Aşamaları — Roadmap Eşleştirme Tablosu
Bu tablo, `roadmap/test-env` ve `roadmap/prod-env` klasörlerindeki yol haritası adımlarının
Terraform/Ansible setup aşamalarından hangisinde ele alındığını gösterir.
## TEST ortamı
| Roadmap adımı | Hangi aşamada ele alınmalı |
| --- | --- |
| Hetzner firewall (sadece 22/80/443) | **Terraform `02-test-terraform-iaac.md`**`firewall.tf` |
| Sunucu oluşturma (`iklim-app-01`, `iklim-db-01`) | **Terraform `02-test-terraform-iaac.md`**`servers.tf` |
| Private network + placement group (`iklim-test-spread`) | **Terraform `02-test-terraform-iaac.md`**`network.tf`, `placement.tf` |
| Floating IP (`iklim-test-app-fip`) | **Terraform `02-test-terraform-iaac.md`**`floating_ip.tf` |
| Docker Engine kurulumu (app + db node) | **Ansible `03-test-ansible-bootstrap.md`**`docker` role |
| Security hardening (SSH, firewalld, fail2ban) | **Ansible `03-test-ansible-bootstrap.md`**`hardening` role |
| Docker Swarm init + `iklim-db-01` worker join | **Ansible `03-test-ansible-bootstrap.md`**`swarm` role |
| `type=service` ve `role=db` node label'ları | **Ansible `03-test-ansible-bootstrap.md`**`swarm` role |
| `/opt/iklimco/...` dizinleri | **Ansible `03-test-ansible-bootstrap.md`**`node_dirs` role |
| StorageBox DAVFS mount (`u469968-sub4`) | **Ansible `03-test-ansible-bootstrap.md`**`storagebox` role |
| DB stack deploy (PostgreSQL + MongoDB on `iklim-db-01`) | **Manuel `04-test-db-docker-kurulum.md`** |
| `act_runner` systemd kurulumu | **Ansible `05-test-runner-ve-deploy-onkosullari.md`**`act_runner` role (`test-app-post-stack.yml`) |
| GoDaddy credentials storagebox'a yükleme | **Manuel kalır** — secret yönetimi, Terraform/Ansible dışı |
| `docker-stack-infra.yml` port kaldırma + SWAG/cert-reloader ekleme | **Pipeline `deploy-test.yml`** + **repo değişikliği**`roadmap/test-env/03` |
| SWAG nginx proxy conf'ları (`swag/proxy-confs/*.conf.tpl`) | **Repo içinde teslim edildi**`roadmap/test-env/04` |
| APISIX SSL cert yükleme bloğu kaldırma (`init/apisix-core/init.sh`) | **Repo değişikliği**`roadmap/test-env/05` |
| cert-reloader sidecar servisi | **`docker-stack-infra.yml`'e eklendi** — `roadmap/test-env/06` |
| Pipeline güncelleme: Prepare SWAG Dirs + Bootstrap SWAG Cert + Run DB Init | **`deploy-test.yml`** — `roadmap/test-env/07` |
| Deployment sonrası doğrulama kontrol listesi | **Manuel `roadmap/test-env/08-verify.md`** |
## PROD ortamı
| Roadmap adımı | Hangi aşamada ele alınmalı |
| --- | --- |
| 6 sunucu oluşturma (`iklim-app-01/02/03`, `iklim-db-01/02/03`) | **Terraform `06-prod-terraform-iaac.md`**`servers.tf` |
| Private network + 2 placement group | **Terraform `06-prod-terraform-iaac.md`**`network.tf`, `placement.tf` |
| Firewall (sadece 22/80/443 public; private port matrisi) | **Terraform `06-prod-terraform-iaac.md`**`firewall.tf` |
| Floating IP (`iklim-prod-app-fip`, `iklim-app-01`'e atanır) | **Terraform `06-prod-terraform-iaac.md`**`floating_ip.tf` |
| Docker Engine kurulumu (tüm node'lar — app ve db) | **Ansible `07-prod-ansible-bootstrap.md`**`docker` role |
| Security hardening (tüm node'lar) | **Ansible `07-prod-ansible-bootstrap.md`**`hardening` role |
| Swarm init (`iklim-app-01`) + manager join (`iklim-app-02/03`) | **Ansible `07-prod-ansible-bootstrap.md`**`swarm` role |
| `type=service` node label (3 app node) | **Ansible `07-prod-ansible-bootstrap.md`**`swarm` role |
| `/opt/iklimco/...` dizinleri + `/opt/iklimco/stacks` | **Ansible `07-prod-ansible-bootstrap.md`**`node_dirs` role |
| StorageBox DAVFS mount (`u469968-sub5`) | **Ansible `07-prod-ansible-bootstrap.md`**`storagebox` role |
| DB node'larını Swarm'a worker olarak join et | **Manuel `08-prod-db-cluster-kurulum.md`** — Bölüm 2 |
| `role=db` node label (3 db node) | **Manuel `08-prod-db-cluster-kurulum.md`** — Bölüm 2 |
| etcd cluster deploy (Patroni için) | **Manuel `08-prod-db-cluster-kurulum.md`** — Bölüm 5.2 |
| MongoDB replica set deploy | **Manuel `08-prod-db-cluster-kurulum.md`** — Bölüm 4 |
| Patroni + PostgreSQL HA deploy | **Manuel `08-prod-db-cluster-kurulum.md`** — Bölüm 5.4 |
| 3× `act_runner` systemd (HA runner) | **Ansible `09-prod-runner-ha-ve-swarm.md`**`act_runner` role |
| GoDaddy credentials storagebox'a yükleme | **Manuel kalır** — secret yönetimi, Terraform/Ansible dışı |
| `docker-stack-infra.yml` port kaldırma + SWAG/cert-reloader ekleme | **Repo değişikliği**`roadmap/prod-env/03` |
| SWAG nginx proxy conf'ları (`swag/proxy-confs/*.conf.tpl`) | **Repo içinde teslim edildi**`roadmap/prod-env/04` |
| APISIX SSL cert yükleme bloğu kaldırma (`init/apisix-core/init.sh`) | **Repo değişikliği**`roadmap/prod-env/05` |
| cert-reloader sidecar servisi | **`docker-stack-infra.yml`'e eklendi** — `roadmap/prod-env/06` |
| Vault Raft Cluster geçiş planı | **Manuel / İleri Faz**`roadmap/prod-env/07` |
| Pipeline güncelleme: Prepare SWAG Dirs + Bootstrap SWAG Cert | **`deploy-prod.yml`** — `roadmap/prod-env/08` |
| Deployment sonrası doğrulama kontrol listesi | **Manuel `roadmap/prod-env/09-verify.md`** |
## Klasör yapısı
```
Environment_Infrastructure/
setup/ ← Terraform + Ansible aşama dokümanları
00-genel-yol-haritasi.md
01-private-network-port-matrisi.md
02-test-terraform-iaac.md
03-test-ansible-bootstrap.md
04-test-db-docker-kurulum.md
05-test-runner-ve-deploy-onkosullari.md
06-prod-terraform-iaac.md
07-prod-ansible-bootstrap.md
08-prod-db-cluster-kurulum.md
09-prod-runner-ha-ve-swarm.md
roadmap/
test-env/ ← Test ortamı Roadmap adımları
prod-env/ ← Prod Roadmap adımları
setup-vs-roadmap-map.md ← Bu dosya
```
Reference in New Issue View Git Blame Copy Permalink