stakost/mikrotik-bot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mikrotik-bot/infra/ENTERPRISE_ARCHITECTURE.md

172 lines
8.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Enterprise DevOps Infrastructure
## Архитектура для 15+ проектов на Proxmox
### 🏗️ Общая схема
```
Internet
[Traefik LB/SSL] ← git.domain.com, registry.domain.com, vault.domain.com
┌─────────────────────────────────────────────────────────────────┐
│ Proxmox Infrastructure │
├─────────────────────────────────────────────────────────────────┤
│ Core Services Network: 10.10.0.0/24 │
│ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Traefik │ │ Gitea │ │ Registry │ │
│ │ 10.10.0.10 │ │ 10.10.0.20 │ │ 10.10.0.30 │ │
│ │ (Gateway) │ │ (Git+CI/CD) │ │ (Docker Hub) │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
│ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Nexus │ │ Vault │ │ SonarQube │ │
│ │ 10.10.0.40 │ │ 10.10.0.50 │ │ 10.10.0.60 │ │
│ │ (Artifacts) │ │ (Secrets) │ │ (Quality) │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
│ │
│ ┌──────────────┐ ┌──────────────┐ │
│ │ Prometheus │ │ Grafana │ │
│ │ 10.10.0.70 │ │ 10.10.0.80 │ │
│ │ (Metrics) │ │ (Dashboard) │ │
│ └──────────────┘ └──────────────┘ │
├─────────────────────────────────────────────────────────────────┤
│ Production Apps Network: 10.10.1.0/24 │
│ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ MikroTik Bot │ │ Project2 │ │ Project3 │ │
│ │ 10.10.1.10 │ │ 10.10.1.20 │ │ 10.10.1.30 │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
│ ... до 15 проектов │
└─────────────────────────────────────────────────────────────────┘
```
### 📊 Спецификации LXC контейнеров
| Сервис | IP | RAM | CPU | Disk | Описание |
|--------|-----|-----|-----|------|----------|
| **Traefik** | 10.10.0.10 | 1GB | 2 | 10GB | Reverse proxy, SSL, маршрутизация |
| **Gitea** | 10.10.0.20 | 4GB | 4 | 50GB | Git repos, CI/CD, PostgreSQL |
| **Registry** | 10.10.0.30 | 2GB | 2 | 100GB | Docker images storage |
| **Nexus** | 10.10.0.40 | 6GB | 4 | 200GB | Artifacts, proxy repos |
| **Vault** | 10.10.0.50 | 2GB | 2 | 20GB | Secrets management |
| **SonarQube** | 10.10.0.60 | 4GB | 4 | 30GB | Code quality, PostgreSQL |
| **Prometheus** | 10.10.0.70 | 4GB | 2 | 50GB | Metrics collection |
| **Grafana** | 10.10.0.80 | 2GB | 2 | 20GB | Monitoring dashboards |
| **Apps 1-15** | 10.10.1.x | 1-4GB | 1-2 | 10-30GB | Production applications |
**Итого Core**: ~25GB RAM, 24 CPU, 480GB Disk
**Итого Apps**: ~30GB RAM, 22 CPU, 300GB Disk
**Общий бюджет**: ~55GB RAM, 46 CPU, 780GB Disk
### 🔄 CI/CD Workflow
```mermaid
graph LR
A[git push] --> B[Gitea Actions]
B --> C[SonarQube Scan]
C --> D[Docker Build]
D --> E[Nexus Dependencies]
E --> F[Registry Push]
F --> G[Vault Secrets]
G --> H[Deploy to Prod]
H --> I[Prometheus Metrics]
```
### 🌐 External Access (Traefik Routes)
| Service | URL | Auth |
|---------|-----|------|
| Gitea | `git.yourdomain.com` | Gitea Auth |
| Registry UI | `registry.yourdomain.com` | Basic Auth |
| Nexus | `nexus.yourdomain.com` | Nexus Auth |
| Vault | `vault.yourdomain.com` | Vault Auth |
| SonarQube | `sonar.yourdomain.com` | Sonar Auth |
| Grafana | `monitoring.yourdomain.com` | Grafana Auth |
| Apps | `app1.yourdomain.com` | App-specific |
### 🔧 Технологический стек
**Core Infrastructure:**
- **Traefik 3.0**: HTTP router, SSL automation, load balancing
- **Gitea 1.21**: Git hosting, Actions CI/CD, issue tracking
- **Docker Registry 2.8**: Image storage с UI (registry-ui)
- **Nexus OSS 3.45**: PyPI/npm/Maven proxy, vulnerability scanning
- **Vault 1.15**: Secrets management, dynamic secrets
- **SonarQube CE 10.3**: Code quality, security analysis
**Monitoring Stack:**
- **Prometheus 2.48**: Metrics collection
- **Grafana 10.2**: Visualization, alerting
- **Node Exporter**: System metrics
- **cAdvisor**: Container metrics
**Security & Automation:**
- **Watchtower**: Auto-updates production containers
- **Let's Encrypt**: Automatic SSL certificates
- **Fail2ban**: Intrusion prevention
- **UFW**: Firewall management
### 📁 Project Structure Template
```
project-name/
├── .gitea/
│ └── workflows/
│ ├── build.yml # Build & test
│ ├── quality.yml # SonarQube scan
│ └── deploy.yml # Deploy to production
├── docker/
│ ├── Dockerfile
│ ├── docker-compose.yml
│ └── docker-compose.prod.yml
├── infra/
│ ├── vault-secrets.yml # Vault integration
│ ├── monitoring.yml # Prometheus config
│ └── deployment.yml # Production deployment
├── src/ # Application code
├── tests/ # Test suite
├── requirements.txt # Dependencies (via Nexus)
├── sonar-project.properties # SonarQube config
└── README.md
```
### 🚀 Deployment Phases
**Phase 1: Core Infrastructure**
1. Setup Traefik (gateway)
2. Deploy Gitea + PostgreSQL
3. Configure Docker Registry
4. Setup basic monitoring
**Phase 2: DevOps Tools**
1. Deploy Nexus Repository
2. Setup Vault secrets
3. Configure SonarQube
4. Integrate CI/CD pipelines
**Phase 3: Production**
1. Migrate MikroTik bot
2. Setup monitoring alerts
3. Configure auto-deployments
4. Documentation & training
### 💡 Key Benefits
**For Developers:**
- 🔄 Автоматический CI/CD из коробки
- 📦 Быстрые сборки через Nexus cache
- 🛡️ Безопасность через Vault + SonarQube
- 📊 Мониторинг production apps
**For Operations:**
- 🔒 Централизованное управление секретами
- 📈 Полная observability
- 🚀 Zero-downtime deployments
- 💾 Backup & disaster recovery
**For Business:**
- 💰 Экономия на внешних SaaS
- ⚡ Быстрая разработка новых проектов
- 🔐 Контроль над данными
- 📊 Метрики качества кода
Готов начать с автоматизированного развертывания?
Reference in New Issue View Git Blame Copy Permalink