🔄 GITOPS & CI/CD

Git هو مصدر الحقيقة

Git-driven deployment pipelines with progressive delivery and infrastructure-as-code.

نمط App-of-Apps

تطبيق جذري واحد يكتشف تلقائيًا كل YAML في src/apps/. أسقط بيانًا، ArgoCD يلتقطه.

app-of-apps.yaml  (root Application → watches src/apps/)
    │
    ├── src/apps/cilium.yaml       → cilium + cilium-configs
    ├── src/apps/keycloak.yaml     → keycloak + keycloak-configs
    ├── src/apps/vault.yaml        → vault (manual sync)
    ├── src/apps/grafana.yaml      → observability stack
    ├── src/apps/harbor.yaml       → harbor (wrapper chart)
    ├── src/apps/supabase.yaml     → supabase (inline configs)
    ├── src/apps/backstage.yaml    → backstage portal
    ├── ... 30+ more ...
    │
    └── src/apps/icebox/           → disabled apps (excluded)
         ├── kyverno.yaml
         └── kubescape.yaml

4 أنماط نشر

اختر النمط المناسب بناءً على احتياجات تطبيقك — من مخططات Helm البسيطة إلى البيانات الخام.

Pattern A

Helm + Configs

Two ArgoCD Applications: one for the external Helm chart with local values, one for companion manifests (gateway, external-secret).

متى تستخدم: Deploying a third-party Helm chart with local config overrides.

KeycloakCiliumESOLonghornMailpit

Pattern B

Helm + Inline

Single ArgoCD Application combining Helm chart and directory source with exclusion globs.

متى تستخدم: When you want a single ArgoCD Application instead of two.

SurrealDBQdrantGarageSupabase

Pattern C

Wrapper Chart

Local Chart.yaml wrapping an external chart as a dependency. Full Helm templating power for custom resources.

متى تستخدم: When you need to template K8s manifests alongside the Helm chart (Certificates, ReferenceGrants).

HomepageHarborBackstageFalco

Pattern D

Raw Manifests

Plain Kubernetes YAML files deployed directly. No Helm, no templating — just declarative manifests.

متى تستخدم: Operators, CRDs, or simple deployments that don't need Helm.

ArgoCDDragonflyAIBrixMatomo

وحدات Terraform IaC

كل ما لا يمكن أن يكون بيان Kubernetes يُدار بواسطة Terraform — الأسرار، عملاء OIDC، لوحات القيادة.

terraform/vault/

hashicorp/vault

ESO policies, tokens, app secrets, DNS credentials

cert-platform.tf, grafana-mcp.tf, supabase.tf, garage.tf

terraform/keycloak/

mrparkers/keycloak

OIDC realm + 10+ clients for SSO

backstage.tf, apisix.tf, harbor.tf, supabase.tf, affine_client.tf

terraform/grafana/

grafana/grafana

Dashboard provisioning, data sources

dashboards.tf, harbor.tf, n8n_dashboard.tf, affine_dashboard.tf

terraform/harbor/

goharbor/harbor

Registry OIDC auth, robot accounts

main.tf, provider.tf

جميع المكونات

Argo CD

production

GitOps continuous delivery tool that reconciles desired state from Git with cluster state.

الدور: Core GitOps engine with App-of-Apps pattern managing 40+ applications

Terraform

production

Infrastructure as Code for provisioning and managing cloud-agnostic resources.

الدور: Manages Vault secrets, Keycloak OIDC clients, Grafana dashboards, Harbor config

OneDev

production

Self-hosted Git repository manager with integrated CI/CD pipelines and code review.

الدور: Private Git hosting with container-based CI runners

Kargo

planned

Progressive delivery engine adding multi-stage promotion workflows on top of Argo CD.

الدور: Environment promotion pipelines: dev → staging → production

← العودة إلى المكونات الكاملة