policy updates
This commit is contained in:
+15
-10
@@ -21,16 +21,21 @@ All releases use **SemVer** (semantic versioning). ArtifactHub requires SemVer f
|
||||
|
||||
The following services are available in the cluster. Use them via their operators — do not install standalone instances.
|
||||
|
||||
| Layer | Technology | Policy |
|
||||
|-------|-----------|--------|
|
||||
| **Database** | CNPG (CloudNativePG) | All PostgreSQL via CNPG `Cluster` CRDs. No manual Postgres installs, no SQLite in production. |
|
||||
| **Cache / Pub-sub** | DragonflyDB Operator | Redis-compatible via `Dragonfly` CRDs. No standalone Redis. |
|
||||
| **MQTT** | EMQX Operator | MQTT broker via `EMQX` CRDs. For IoT and messaging workloads. |
|
||||
| **Block storage** | TrueNAS CSI | All PVCs backed by TrueNAS SCALE. |
|
||||
| **File / Object storage** | Rook-Ceph | CephFS for shared filesystems, RGW for S3-compatible object storage. |
|
||||
| **Auth** | Authentik | OIDC/SSO for all web apps. No custom auth systems. |
|
||||
| **Monitoring** | Prometheus Stack | Create ServiceMonitors and PrometheusRules for all services. AlertManager for alerting. |
|
||||
| **MariaDB** | MariaDB Operator | Available via `MariaDB` CRDs if needed. Not currently used by Paperclip orgs. |
|
||||
| Layer | Technology | Access | Policy |
|
||||
|-------|-----------|--------|--------|
|
||||
| **Block storage** | TrueNAS CSI | storageClass: block-truenas | All PVCs backed by TrueNAS SCALE. |
|
||||
| **File storage** | Rook-Ceph | storageClass: ceph-filesystem | CephFS for shared filesystems. |
|
||||
| **External Object storage** | Rook-Ceph | CephObjectStore/objectstore-ceph-external | RGW for S3-compatible object storage. |
|
||||
| **Internal Object storage** | Rook-Ceph | CephObjectStore/objectstore-ceph-internal | RGW for S3-compatible object storage. |
|
||||
| **Database Primary** | CloudNativePG Operator | postgresql.cnpg.io/Cluster | All PostgreSQL via CloudNativePG (CNPG) CRDs. No manual Postgres installs. 3 Replicas & 30 Days of Backup in Production, 1 Replica in Dev/Test/QA 5 Days of Backup. |
|
||||
| **Database Alternate** | MariaDB Operator | k8s.mariadb.com/MaxScale | All MariaDB via MariaDB Operator CRDs. No manual MariaDB installs. No MySQL. 3 Replicas & 30 Days of Backup in Production, 1 Replica in Dev/Test/QA 5 Days of Backup. |
|
||||
| **Cache / Pub-sub** | DragonflyDB Operator | dragonflydb.io/Dragonfly | Redis-compatible via Dragonfly Operator CRDs. No manual DragonflyDB installs. No Redis. No Persistent or Durable Data, No Exceptions. 3 Replicas in Production, 1 Replica in Dev/Test/QA |
|
||||
| **MQTT** | EMQX Operator | apps.emqx.io/EMQX | MQTT broker via `EMQX` CRDs. For IoT and messaging workloads. 3 Replicas in Production, 1 Replica in Dev/Test/QA |
|
||||
| **Authenticated External Services** | Istio Gateway + Authentik | gateway-system/istio-external | OIDC/SSO for all web apps. No custom auth systems. |
|
||||
| **Authenticated Internal Services** | Istio Gateway + Authentik | gateway-system/istio-internal | OIDC/SSO for all web apps. No custom auth systems. |
|
||||
| **Unauthenticated External Services** | Cilum Gateway | gateway-system/external | High performance unauthenticated web apps. |
|
||||
| **Unauthenticated Internal Services** | Cilum Gateway | gateway-system/internal | High performance unauthenticated web apps. |
|
||||
| **Monitoring** | Prometheus Stack | | Create ServiceMonitors and PrometheusRules for all services. AlertManager for alerting. |
|
||||
|
||||
## Infrastructure Deployment
|
||||
|
||||
|
||||
Reference in New Issue
Block a user