thalla/lomavuokraus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
lomavuokraus/docs/infra.html
Tero Halla-aho 66650d63ac docs: move docs directory and render plantuml svgs
2025-11-24 17:31:21 +02:00

74 lines
3.1 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>Infrastructure</title>
<link rel="stylesheet" href="./style.css" />
</head>
<body>
<header>
<h1>Infrastructure Overview</h1>
<div class="meta">
Hetzner k3s cluster, Traefik ingress, cert-manager TLS, private registry, staging/prod namespaces.
</div>
</header>
<main class="grid">
<section class="card">
<h2>Cluster &amp; Namespaces</h2>
<ul>
<li>Single-node k3s (Hetzner hel1 cx22) at <code>157.180.66.64</code>.</li>
<li>Namespaces: <code>lomavuokraus-prod</code>, <code>lomavuokraus-staging</code>.</li>
<li>Ingress controller: Traefik (k3s default).</li>
<li>cert-manager v1.15.3 with ClusterIssuers:
<ul>
<li><code>letsencrypt-prod</code> (ACME prod)</li>
<li><code>letsencrypt-staging</code> (ACME staging for test certs)</li>
</ul>
</li>
<li>DNS: <code>lomavuokraus.fi</code>, <code>staging.lomavuokraus.fi</code>, <code>api.lomavuokraus.fi</code> -> cluster IP.</li>
</ul>
</section>
<section class="card">
<h2>Registry</h2>
<ul>
<li>Private registry: <code>registry.halla-aho.net/thalla/lomavuokraus-web</code>.</li>
<li>Credentials stored outside repo (<code>creds/</code>), image pull secret <code>registry-halla</code> in staging/prod namespaces.</li>
<li>Images tagged with git SHA-derived numeric tag and <code>:latest</code>.</li>
</ul>
</section>
<section class="card">
<h2>App Manifests</h2>
<ul>
<li><code>k8s/app.yaml</code> templated via envsubst in deploy scripts.</li>
<li>Objects:
<ul>
<li>ConfigMap: <code>lomavuokraus-web-config</code> (public env).</li>
<li>Deployment: 2 replicas, container port 3000, liveness/readiness on <code>/api/health</code>.</li>
<li>Service: ClusterIP on port 80.</li>
<li>Ingress: Traefik class, TLS via cert-manager, HTTPS redirect middleware.</li>
<li>Traefik Middleware: <code>https-redirect</code> to force HTTPS.</li>
</ul>
</li>
<li>Secrets: <code>lomavuokraus-web-secrets</code> in cluster (not in repo).</li>
</ul>
</section>
<section class="card">
<h2>Runtime Environment</h2>
<ul>
<li>Next.js 14.2.33 (App Router) running via Node.js 20 in Docker.</li>
<li>PostgreSQL DB at <code>46.62.203.202</code> (DATABASE_URL in .env, not committed).</li>
<li>SMTP: smtp.sohva.org, DKIM key under <code>creds/dkim/...</code>.</li>
<li>Session auth: signed JWT cookie <code>session_token</code>; roles: USER, ADMIN, USER_MODERATOR, LISTING_MODERATOR.</li>
</ul>
</section>
<section class="card">
<h2>Traffic Flow Diagram</h2>
<p>Source: <code>docs/drawio/infra.drawio</code> (edit with draw.io, export PNG locally).</p>
</section>
</main>
</body>
</html>
Reference in a new issue View git blame Copy permalink