diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml index cace48c69..361d76b63 100644 --- a/.github/workflows/helm-release.yml +++ b/.github/workflows/helm-release.yml @@ -5,7 +5,7 @@ on: branches: - develop paths: - - "helm-charts/**" + - "self-hosting/kubernetes/helm-charts/**" workflow_dispatch: # Allow manual triggering permissions: @@ -40,7 +40,7 @@ jobs: - name: Package and push ${{ matrix.chart }} run: | - cd helm-charts/${{ matrix.chart }} + cd self-hosting/kubernetes/helm-charts/${{ matrix.chart }} if grep -q "^dependencies:" Chart.yaml; then helm dependency build fi @@ -64,11 +64,11 @@ jobs: - name: Build dependencies for opentaco run: | - cd helm-charts/opentaco + cd self-hosting/kubernetes/helm-charts/opentaco helm dependency build - name: Package and push opentaco run: | - cd helm-charts/opentaco + cd self-hosting/kubernetes/helm-charts/opentaco helm package . helm push opentaco-*.tgz oci://ghcr.io/diggerhq/helm-charts diff --git a/.github/workflows/helm-test.yml b/.github/workflows/helm-test.yml index 15665eb40..97de07846 100644 --- a/.github/workflows/helm-test.yml +++ b/.github/workflows/helm-test.yml @@ -3,7 +3,7 @@ name: Test Helm Charts on: pull_request: paths: - - 'helm-charts/**' + - 'self-hosting/kubernetes/helm-charts/**' - '.github/workflows/helm-test.yml' jobs: @@ -35,18 +35,18 @@ jobs: - name: Build chart dependencies (if any) run: | - if grep -q "^dependencies:" helm-charts/${{ matrix.chart }}/Chart.yaml; then - helm dependency build helm-charts/${{ matrix.chart }} + if grep -q "^dependencies:" self-hosting/kubernetes/helm-charts/${{ matrix.chart }}/Chart.yaml; then + helm dependency build self-hosting/kubernetes/helm-charts/${{ matrix.chart }} fi - name: Lint chart run: | - helm lint helm-charts/${{ matrix.chart }} + helm lint self-hosting/kubernetes/helm-charts/${{ matrix.chart }} - name: Run unit tests (if present) run: | - if [ -d "helm-charts/${{ matrix.chart }}/tests" ]; then - helm unittest helm-charts/${{ matrix.chart }} + if [ -d "self-hosting/kubernetes/helm-charts/${{ matrix.chart }}/tests" ]; then + helm unittest self-hosting/kubernetes/helm-charts/${{ matrix.chart }} else echo "No helm-unittest tests found for ${{ matrix.chart }}, skipping" fi diff --git a/docs/ce/drift/overview.mdx b/docs/ce/drift/overview.mdx new file mode 100644 index 000000000..2fe893e7c --- /dev/null +++ b/docs/ce/drift/overview.mdx @@ -0,0 +1,8 @@ +--- +title: "Overview" +description: "Overview of OpenTaco drift detection and remediation" +--- + +Drift detection continuously compares deployed infrastructure against your IaC definitions and reports unexpected changes. + +Use this section to configure drift scope, notifications, remediation workflows, and operational troubleshooting. diff --git a/docs/ce/features/overview.mdx b/docs/ce/features/overview.mdx new file mode 100644 index 000000000..4a9018f22 --- /dev/null +++ b/docs/ce/features/overview.mdx @@ -0,0 +1,8 @@ +--- +title: "Overview" +description: "Overview of OpenTaco PR automation capabilities" +--- + +OpenTaco PR automation runs infrastructure plan and apply workflows through pull requests so teams can review, control, and audit infrastructure changes. + +Use this section to configure and scale your PR automation behavior, including policy checks, concurrency controls, repository integration, and workflow ergonomics. diff --git a/docs/ce/reference/digger.yml.mdx b/docs/ce/reference/digger.yml.mdx index 81962084c..c27b9b4f5 100644 --- a/docs/ce/reference/digger.yml.mdx +++ b/docs/ce/reference/digger.yml.mdx @@ -306,7 +306,7 @@ Define individual projects using the `projects` array. - Enable drift detection for this project. See [Drift Detection](/onboarding/set-up-in-ui). + Enable drift detection for this project. See [Drift Detection](/onboarding/drift-detection-remediation). @@ -647,4 +647,4 @@ digger apply -p my-second-app - [Generate Projects](/ce/howto/generate-projects) - [Terragrunt Parsing Reference](/ce/reference/terragrunt-parsing) - [Layering](/ce/features/layering) -- [Drift Detection](/onboarding/set-up-in-ui) +- [Drift Detection](/onboarding/drift-detection-remediation) diff --git a/docs/ce/self-host/deploy-helm.mdx b/docs/ce/self-host/deploy-helm.mdx index 011a39c6c..426b854de 100644 --- a/docs/ce/self-host/deploy-helm.mdx +++ b/docs/ce/self-host/deploy-helm.mdx @@ -13,7 +13,7 @@ description: "Learn how to use Helm chart to install Digger on your Kubernetes c Create a `values.yaml` file. This will be used to configure settings for the Digger Helm chart. - To explore all configurable properties for your values file, visit the [values.yaml reference](https://github.com/diggerhq/digger/blob/develop/helm-charts/digger-backend/values.yaml). + To explore all configurable properties for your values file, visit the [values.yaml reference](https://github.com/diggerhq/digger/blob/develop/self-hosting/kubernetes/helm-charts/digger-backend/values.yaml). @@ -509,4 +509,3 @@ description: "Learn how to use Helm chart to install Digger on your Kubernetes c kubectl rollout restart deployment/digger-backend -n digger ``` - diff --git a/docs/ce/state-management/introduction.mdx b/docs/ce/state-management/overview.mdx similarity index 97% rename from docs/ce/state-management/introduction.mdx rename to docs/ce/state-management/overview.mdx index d0ed251be..63af64a80 100644 --- a/docs/ce/state-management/introduction.mdx +++ b/docs/ce/state-management/overview.mdx @@ -1,5 +1,6 @@ --- -title: "Introduction" +title: "Overview" +description: "Overview of OpenTaco state management" --- By default digger does not take any opinions on how to manage state. Most users of digger bring their own @@ -28,4 +29,3 @@ The state manager solution seeks to solve all the issues mentioned above: The state manager currently supports Amazon S3 as a backend with plans to support GCP buckets, Azure blob storage and more. Currently the state manager is self-hostable. There is no managed version of the state manager. Although it can be used in conjunction with digger - diff --git a/docs/docs.json b/docs/docs.json index 85f1303b4..0166eb7af 100644 --- a/docs/docs.json +++ b/docs/docs.json @@ -46,7 +46,7 @@ "onboarding/configuring-github-actions-workflow" ] }, - "onboarding/set-up-in-ui" + "onboarding/drift-detection-remediation" ] }, { @@ -65,7 +65,7 @@ "self-hosting/railway", "self-hosting/kubernetes", { - "group": "Deprecated Individual Component Installs", + "group": "Individual Component Installs", "pages": [ "self-hosting/deprecated-individual-component-installs/orchestrator-backend", "self-hosting/deprecated-individual-component-installs/statesman" @@ -74,8 +74,21 @@ ] }, { - "group": "Features", + "group": "State Management", + "pages": [ + "ce/state-management/overview", + "ce/state-management/architecture", + "ce/state-management/rbac", + "ce/state-management/sso", + "ce/state-management/development", + "ce/state-management/analytics", + "ce/state-management/versioning" + ] + }, + { + "group": "PR Automation", "pages": [ + "ce/features/overview", "ce/features/plan-preview", "ce/features/commentops", "ce/features/opa-policies", @@ -89,28 +102,10 @@ "ce/features/ai-summaries" ] }, - { - "group": "State Management", - "pages": [ - "ce/state-management/introduction", - "ce/state-management/quickstart", - "ce/state-management/architecture", - "ce/state-management/cloud-backend", - "ce/state-management/rbac", - "ce/state-management/sso", - "ce/state-management/digger-integration", - "ce/state-management/development", - "ce/state-management/analytics", - "ce/state-management/query-backend", - "ce/state-management/versioning", - "ce/state-management/gcp-quickstart", - "ce/state-management/aws-fargate-ad-quickstart" - ] - }, { "group": "Drift", "pages": [ - "onboarding/set-up-in-ui", + "ce/drift/overview", "ce/drift/scoping-projects", "ce/drift/slack-notifications", "ce/drift/github-issues", @@ -189,19 +184,19 @@ ] }, { - "group": "Local Development", - "pages": [ - "ce/local-development/overview", - "ce/local-development/backend", - "ce/local-development/statesman", - "ce/local-development/ui", - "ce/local-development/github-app" - ] - }, - { - "group": "Contributing", + "group": "Development", "pages": [ - "ce/contributing/setup-dev-environment" + "ce/contributing/setup-dev-environment", + { + "group": "Local Development", + "pages": [ + "ce/local-development/overview", + "ce/local-development/backend", + "ce/local-development/statesman", + "ce/local-development/ui", + "ce/local-development/github-app" + ] + } ] }, { diff --git a/docs/introduction/introduction.mdx b/docs/introduction/introduction.mdx index bb2a3311c..062fff521 100644 --- a/docs/introduction/introduction.mdx +++ b/docs/introduction/introduction.mdx @@ -57,7 +57,7 @@ Start with the path that matches your immediate goal.

Detect drift on a schedule, notify via Slack or GitHub Issues, and remediate with the same command workflow your team already uses.

 diff --git a/docs/llms.txt b/docs/llms.txt index add9adab6..2c27aed3d 100644 --- a/docs/llms.txt +++ b/docs/llms.txt @@ -21,7 +21,7 @@ ## State Management -- [Introduction](https://docs.opentaco.dev/ce/state-management/introduction): Self-hostable state management with built-in RBAC, validation, multi-account access, versioning, and rollback. Currently supports S3 backend. +- [Overview](https://docs.opentaco.dev/ce/state-management/overview): Self-hostable state management with built-in RBAC, validation, multi-account access, versioning, and rollback. Currently supports S3 backend. - [Architecture](https://docs.opentaco.dev/ce/state-management/architecture): Statesman service provides REST API for state operations. TFE-compatible — supports `terraform login`. Stores state in S3-compatible storage with metadata in SQLite/PostgreSQL/MySQL/MSSQL. - [Quickstart](https://docs.opentaco.dev/ce/state-management/quickstart): Quick setup guide for state management. - [AWS Fargate Quickstart](https://docs.opentaco.dev/ce/state-management/aws-fargate-ad-quickstart): Deploy state management on AWS Fargate. @@ -52,7 +52,7 @@ ## Drift Detection -- [Set Up in UI](https://docs.opentaco.dev/onboarding/set-up-in-ui): Configure drift detection schedules (hourly, daily, or custom crontab) via the UI. +- [Drift Detection + Remediation](https://docs.opentaco.dev/onboarding/drift-detection-remediation): Configure drift detection schedules (hourly, daily, or custom crontab) via the UI. - [Slack Notifications](https://docs.opentaco.dev/ce/drift/slack-notifications): Send drift alerts to Slack via webhooks. - [GitHub Issues](https://docs.opentaco.dev/ce/drift/github-issues): Create GitHub issues for detected drift. - [Remediation](https://docs.opentaco.dev/ce/drift/remediation): Remediate detected drift. diff --git a/docs/onboarding/account-setup.mdx b/docs/onboarding/account-setup.mdx index bebde5686..5241156b8 100644 --- a/docs/onboarding/account-setup.mdx +++ b/docs/onboarding/account-setup.mdx @@ -32,4 +32,4 @@ Choose your onboarding path: - [State Management](/onboarding/state-management) - [Remote Runs (Beta)](/onboarding/remote-jobs) - [dependent on state management] - [PR Automation](/onboarding/github-app-setup) -- [Drift Detection + Remediation](/onboarding/set-up-in-ui) [dependent on PR automation setup] +- [Drift Detection + Remediation](/onboarding/drift-detection-remediation) [dependent on PR automation setup] diff --git a/docs/onboarding/configuring-github-actions-workflow.mdx b/docs/onboarding/configuring-github-actions-workflow.mdx index d95a73050..2946bf800 100644 --- a/docs/onboarding/configuring-github-actions-workflow.mdx +++ b/docs/onboarding/configuring-github-actions-workflow.mdx @@ -182,6 +182,10 @@ Use one provider block per workflow. Start with default GitHub Actions cache behavior. If your repositories are large, add targeted caching using the guidance in [Caching Strategies](/ce/howto/caching-strategies). + + For the full set of supported GitHub Action inputs and configuration options, refer to the action source: [diggerhq/digger/action.yml](https://github.com/diggerhq/digger/blob/develop/action.yml). + + ## Next step After updating your workflow, open a PR with a change to at least project and verify `plan` and `digger apply` still complete successfully. diff --git a/docs/onboarding/set-up-in-ui.mdx b/docs/onboarding/drift-detection-remediation.mdx similarity index 100% rename from docs/onboarding/set-up-in-ui.mdx rename to docs/onboarding/drift-detection-remediation.mdx diff --git a/docs/onboarding/remote-jobs.mdx b/docs/onboarding/remote-jobs.mdx index a13d03b15..7f9b5534c 100644 --- a/docs/onboarding/remote-jobs.mdx +++ b/docs/onboarding/remote-jobs.mdx @@ -2,8 +2,6 @@ title: "Remote Runs (Beta)" --- -## TODO: this needs a refresh - Remote Runs lets you execute Terraform / OpenTofu plan and apply operations in OpenTaco-managed remote environments instead of on your local machine. The changes don't need to be pushed to the remote repo for this to function since the local directory will be zipped and uploaded to the remote CI environment to perform the plan. @@ -156,4 +154,3 @@ This model is similar to HCP Terraform remote execution. - diff --git a/docs/self-hosting/deprecated-individual-component-installs/orchestrator-backend.mdx b/docs/self-hosting/deprecated-individual-component-installs/orchestrator-backend.mdx index 626a13d10..282c4c043 100644 --- a/docs/self-hosting/deprecated-individual-component-installs/orchestrator-backend.mdx +++ b/docs/self-hosting/deprecated-individual-component-installs/orchestrator-backend.mdx @@ -3,8 +3,18 @@ title: "Orchestrator / Backend" description: "Legacy standalone install guidance for the OpenTaco orchestrator backend" --- -## Coming soon +Use this page to find older standalone orchestrator/backend self-hosting guides. -- Standalone orchestrator/backend prerequisites -- Required environment variables and service dependencies -- Migration notes to current deployment models + + These guides are legacy references. For current recommended deployments, use the main self-hosting docs. + + +## Legacy orchestrator/backend self-hosting docs + +- [Deploy backend as a binary](/ce/self-host/deploy-binary) +- [Deploy backend with Docker](/ce/self-host/deploy-docker) +- [Deploy backend with Docker Compose](/ce/self-host/deploy-docker-compose) +- [Deploy backend with Helm (legacy)](/ce/self-host/deploy-helm) +- [Self-host on Azure (legacy)](/ce/self-host/self-host-on-azure) +- [Self-host on Railway (legacy)](/ce/self-host/self-host-on-railway) +- [Legacy auth methods for backend](/ce/self-host/auth-methods) diff --git a/docs/self-hosting/deprecated-individual-component-installs/statesman.mdx b/docs/self-hosting/deprecated-individual-component-installs/statesman.mdx index f6d0c542b..3fe002e4e 100644 --- a/docs/self-hosting/deprecated-individual-component-installs/statesman.mdx +++ b/docs/self-hosting/deprecated-individual-component-installs/statesman.mdx @@ -1,10 +1,19 @@ --- -title: "Statesman" -description: "Legacy standalone install guidance for OpenTaco Statesman" +title: "State Management" +description: "Legacy standalone install guidance for OpenTaco state management (Statesman)" --- -## Coming soon +Use this page to find older standalone state management (Statesman) self-hosting guides. -- Standalone statesman prerequisites -- Required environment variables and datastore wiring -- Migration notes to current deployment models + + These guides are legacy references. For current recommended deployments, use the main self-hosting docs. + + +## Legacy state management self-hosting docs + +- [State management quickstart](/ce/state-management/quickstart) +- [State management cloud backend](/ce/state-management/cloud-backend) +- [Query backend configuration](/ce/state-management/query-backend) +- [Statesman + orchestrator integration](/ce/state-management/digger-integration) +- [GCP quickstart for state management](/ce/state-management/gcp-quickstart) +- [AWS Fargate + Active Directory quickstart](/ce/state-management/aws-fargate-ad-quickstart) diff --git a/docs/self-hosting/kubernetes.mdx b/docs/self-hosting/kubernetes.mdx index 7e42493c6..3eb6006ff 100644 --- a/docs/self-hosting/kubernetes.mdx +++ b/docs/self-hosting/kubernetes.mdx @@ -3,11 +3,142 @@ title: "Kubernetes" description: "Deploy OpenTaco on Kubernetes" --- -This page will document Kubernetes deployment options and best practices. +Use the OpenTaco Helm charts for Kubernetes deployments: -## Coming soon +- OpenTaco umbrella chart: `self-hosting/kubernetes/helm-charts/opentaco` +- Platform reference chart (optional): `self-hosting/kubernetes/helm-charts/opentaco-platform-reference` -- Helm-based deployment path -- Configuration and secret management -- Ingress and TLS setup -- Upgrade and rollback strategy +The umbrella chart deploys all OpenTaco services. The platform reference chart is optional and exists to bootstrap supporting platform resources. + +## Optional: Deploy the platform reference chart first + +Use this if you want a working reference for platform-level dependencies outside OpenTaco itself. + +Run these commands from `self-hosting/kubernetes/`. + + + The platform reference chart is intended to get you up and running quickly. Treat it as a reference baseline, not a production-hardening blueprint. + + + + + ```bash + kubectl create namespace opentaco + kubectl create namespace traefik + ``` + + + ```bash + helm upgrade --install opentaco-platform-reference \ + ./helm-charts/opentaco-platform-reference \ + -n opentaco + ``` + + + ```bash + kubectl get pods -n opentaco + kubectl get pods -n traefik + kubectl rollout status deployment/cloudnative-pg -n opentaco --timeout=180s + kubectl rollout status statefulset/minio -n opentaco --timeout=300s + ``` + + + The reference chart can provision: + + - Traefik ingress controller + - MinIO for object storage + - CloudNativePG operator + - A single CloudNativePG PostgreSQL cluster with three databases (orchestrator, statesman, and token-service) + + You can use these defaults as an example, or provide your own ingress, databases and object storage instead. + + + +## Deploy OpenTaco with the umbrella chart + + + + Start from the chart defaults and configure your deployment-specific settings. + + ```bash + cp helm-charts/opentaco/values-production.yaml.example values-opentaco.yaml + ``` + + If you deployed the platform reference chart, you can also start from: + + ```bash + cp helm-charts/opentaco/helm.platform-reference.yaml values-opentaco.yaml + ``` + + + Capture the external endpoint from your ingress or Gateway API implementation. + + If you are using the platform reference chart (Traefik), you can check it with: + + ```bash + kubectl get svc traefik -n traefik + ``` + + If you are using a different ingress controller or gateway, use that implementation's service or load balancer endpoint instead. + + Then create a DNS record for your OpenTaco domain that points to the endpoint (for example, an `A` record for an IP or a `CNAME` record for a hostname), and use that domain in your OpenTaco public URL values. + + + + Recommended: pre-create Kubernetes secrets and reference them from chart values with `useExistingSecret: true`. Manage those secrets with your organization's preferred process (for example, External Secrets Operator). + + + Example secret env files are provided in `helm-charts/secrets-example/` and can be used as the value reference for externally managed secrets. + + For non-production testing, you can set values inline in the chart values instead of pre-creating secrets. + + + Set the required credentials and shared variables described in [Configuration](./configuration) based on the strategy you selected: + + - Existing secrets path: populate secret data and reference secret names in `values-opentaco.yaml` + - Inline path: set values directly in `values-opentaco.yaml` + + At minimum, confirm public URL values, auth credentials, GitHub app values, internal shared secrets, and backend connection settings. + + + If you are using existing secrets, create or sync them now, then ensure `useExistingSecret: true` and `existingSecretName` entries in `values-opentaco.yaml` match. + + ```bash + kubectl create secret generic ui-secrets \ + --from-env-file=helm-charts/secrets-example/ui.env \ + -n opentaco --dry-run=client -o yaml | kubectl apply -f - + + kubectl create secret generic taco-orchestrator-secrets \ + --from-env-file=helm-charts/secrets-example/digger-backend.env \ + -n opentaco --dry-run=client -o yaml | kubectl apply -f - + + kubectl create secret generic statesman-secrets \ + --from-env-file=helm-charts/secrets-example/statesman.env \ + -n opentaco --dry-run=client -o yaml | kubectl apply -f - + + kubectl create secret generic drift-secrets \ + --from-env-file=helm-charts/secrets-example/drift.env \ + -n opentaco --dry-run=client -o yaml | kubectl apply -f - + + kubectl create secret generic taco-sidecar-secrets \ + --from-env-file=helm-charts/secrets-example/sidecar.env \ + -n opentaco --dry-run=client -o yaml | kubectl apply -f - + ``` + + + ```bash + helm upgrade --install opentaco \ + ./helm-charts/opentaco \ + -f values-opentaco.yaml \ + -n opentaco + ``` + + + ```bash + kubectl get pods -n opentaco + kubectl get svc -n opentaco + ``` + + After pods are healthy, verify platform functionality such as storage via Units, remote runs (if enabled), and PR automation/drift workflows. + + diff --git a/docs/self-hosting/railway.mdx b/docs/self-hosting/railway.mdx index 20d95b921..01c00f0ce 100644 --- a/docs/self-hosting/railway.mdx +++ b/docs/self-hosting/railway.mdx @@ -11,7 +11,7 @@ description: "Deploy and operate OpenTaco on Railway" - [![Deploy on Railway](https://railway.com/button.svg)](https://railway.com/deploy/FIg15a?referralCode=XA06uX&utm_medium=integration&utm_source=template&utm_campaign=generic) + [![Deploy on Railway](https://railway.com/button.svg)](https://railway.com/deploy/FIg15a) During template setup, add your WorkOS values to the UI service (see [WorkOS Setup](./workos-setup)) and set `GITHUB_ORG` in the orchestrator service before the initial deploy. diff --git a/sandbox-sidecar/README.md b/sandbox-sidecar/README.md index ce5909719..6fbed2562 100644 --- a/sandbox-sidecar/README.md +++ b/sandbox-sidecar/README.md @@ -72,7 +72,7 @@ The sidecar automatically selects the best execution environment: - Terraform: 1.0.11, 1.3.9, 1.5.7, 1.8.5 - OpenTofu: 1.6.0, 1.10.0 -**Building templates**: Run `cd templates && npm run build` to build all templates defined in `manifest.ts`. +**Building templates**: Run `npx tsx templates/build-all.ts` from `sandbox-sidecar/` to build and publish all templates defined in `templates/manifest.ts`. Users specify the version when creating a unit in the UI (defaults to 1.5.7). @@ -123,4 +123,3 @@ failure, `error` contains the reason string. A `failed` response never includes (Redis, Postgres) before running multiple replicas. - E2B sandboxes are ephemeral and isolated - each run gets a fresh environment. - Pre-built templates provide instant startup; custom versions install at runtime (~1-2s). - diff --git a/self-hosting/docker-compose/Makefile b/self-hosting/docker-compose/Makefile new file mode 100644 index 000000000..b5c29396f --- /dev/null +++ b/self-hosting/docker-compose/Makefile @@ -0,0 +1,48 @@ +.PHONY: up down logs ps restart config pull build up-build recreate rebuild platform-up opentaco-up all-up + +PROFILE ?= all +PROJECT_ROOT ?= $(abspath ../..) +COMPOSE_FILE := $(abspath docker-compose.yml) +DOCKER_COMPOSE = docker compose --project-directory $(PROJECT_ROOT) -f $(COMPOSE_FILE) + +up: + $(DOCKER_COMPOSE) --profile $(PROFILE) up -d + +down: + $(DOCKER_COMPOSE) --profile $(PROFILE) down + +logs: + $(DOCKER_COMPOSE) --profile $(PROFILE) logs -f + +ps: + $(DOCKER_COMPOSE) ps + +restart: + $(DOCKER_COMPOSE) --profile $(PROFILE) restart + +config: + $(DOCKER_COMPOSE) config + +pull: + $(DOCKER_COMPOSE) --profile $(PROFILE) pull + +build: + $(DOCKER_COMPOSE) --profile $(PROFILE) build + +up-build: + $(DOCKER_COMPOSE) --profile $(PROFILE) up -d --build + +recreate: + $(DOCKER_COMPOSE) --profile $(PROFILE) up -d --force-recreate + +rebuild: + $(DOCKER_COMPOSE) --profile $(PROFILE) up -d --build --force-recreate + +platform-up: PROFILE=platform +platform-up: up + +opentaco-up: PROFILE=opentaco +opentaco-up: up + +all-up: PROFILE=all +all-up: up diff --git a/self-hosting/docker-compose/README.md b/self-hosting/docker-compose/README.md new file mode 100644 index 000000000..d871a0777 --- /dev/null +++ b/self-hosting/docker-compose/README.md @@ -0,0 +1,69 @@ +# Docker Compose self-hosting + +This directory contains the top-level local self-hosting Docker Compose stack. + +## Quick start + +```bash +# from self-hosting/docker-compose/ +make up PROFILE=platform +make up PROFILE=opentaco +make up PROFILE=all + +# convenience aliases +make platform-up +make opentaco-up +make all-up +``` + +`PROFILE=opentaco` now starts only the OpenTACO app services. This is useful when databases/object storage are external to this compose stack. + +If you want local infra too, either: + +```bash +make up PROFILE=all +``` + +or start platform and app profiles separately: + +```bash +make up PROFILE=platform +make up PROFILE=opentaco +``` + +## Direct usage + +```bash +make -C self-hosting/docker-compose up PROFILE=platform PROJECT_ROOT=$(pwd) +``` + +## Rebuild flows + +```bash +make build PROFILE=all +make up-build PROFILE=all +make recreate PROFILE=all +make rebuild PROFILE=all +``` + +The Makefile sets `--project-directory` to the repository root. In that mode, Compose resolves paths from the repo root, so `env_file` entries use `self-hosting/docker-compose/*.env`, and build contexts use repo-root paths like `.`, `taco`, and `sandbox-sidecar`. + +## Env file examples + +Service-specific env examples live in this directory: + +- `orchestrator.env.example` +- `drift.env.example` +- `sidecar.env.example` +- `ui.env.example` + +Copy them to the `env_file` targets used by compose: + +```bash +cp self-hosting/docker-compose/orchestrator.env.example self-hosting/docker-compose/orchestrator.env +cp self-hosting/docker-compose/drift.env.example self-hosting/docker-compose/drift.env +cp self-hosting/docker-compose/sidecar.env.example self-hosting/docker-compose/sidecar.env +cp self-hosting/docker-compose/ui.env.example self-hosting/docker-compose/ui.env +``` + +Each service now reads its own env file directly from `self-hosting/docker-compose/`. diff --git a/self-hosting/docker-compose/docker-compose.yml b/self-hosting/docker-compose/docker-compose.yml new file mode 100644 index 000000000..59151cd90 --- /dev/null +++ b/self-hosting/docker-compose/docker-compose.yml @@ -0,0 +1,280 @@ +# Profile-based startup guide: +# - Start platform only: docker compose --profile platform up -d +# - Start OpenTaco app only: docker compose --profile opentaco up -d +# - Start everything: docker compose --profile all up -d +services: + # NOTE: These databases could all be created within a single postgres instance, but that would require + # a separate init process to create the databses. By creating one service per db, we can use the + # DB which is created upon startup. + postgres-orchestrator: + image: postgres:16-alpine + profiles: ["platform", "all"] + ports: + - "5432:5432" + environment: + - POSTGRES_PASSWORD=postgres-password-CHANGE_ME + - POSTGRES_DB=orchestrator + volumes: + - postgres-orchestrator-data:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 + + postgres-statesman: + image: postgres:16-alpine + profiles: ["platform", "all"] + ports: + - "5433:5432" + environment: + - POSTGRES_PASSWORD=postgres-password-CHANGE_ME + - POSTGRES_DB=statesman + volumes: + - postgres-statesman-data:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 + + postgres-token-service: + image: postgres:16-alpine + profiles: ["platform", "all"] + ports: + - "5434:5432" + environment: + - POSTGRES_PASSWORD=postgres-password-CHANGE_ME + - POSTGRES_DB=token_service + volumes: + - postgres-token-service-data:/var/lib/postgresql/data + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 + + orchestrator: + build: + context: . + dockerfile: Dockerfile_backend + args: + COMMIT_SHA: local + profiles: ["opentaco", "all"] + env_file: + - self-hosting/docker-compose/orchestrator.env + environment: + - BACKGROUND_JOBS_CLIENT_TYPE=local-exec + - DATABASE_URL=postgres://postgres:postgres-password-CHANGE_ME@postgres-orchestrator:5432/orchestrator?sslmode=disable + - DIGGER_ENABLE_API_ENDPOINTS=true + - DIGGER_ENABLE_INTERNAL_ENDPOINTS=true + - DIGGER_INTERNAL_SECRET=orchestrator-secret-CHANGE_ME + - DIGGER_LOAD_PROJECTS_ON_PUSH=true + - DIGGER_PUBLIC_PATH_PREFIX=/orchestrator + - GITHUB_ORG= + # GitHub App Credentials (in env file) + # - GITHUB_APP_ID= + # - GITHUB_APP_CLIENT_ID= + # - GITHUB_APP_CLIENT_SECRET= + # - GITHUB_APP_PRIVATE_KEY_BASE64= + # - GITHUB_WEBHOOK_SECRET= + - PUBLIC_BASE_URL=public-url-including-scheme-CHANGE_ME + - INTERNAL_BASE_URL=http://orchestrator:3000 + - HTTP_BASIC_AUTH=true + - HTTP_BASIC_AUTH_PASSWORD=basic-auth-password-CHANGE_ME + - HTTP_BASIC_AUTH_USERNAME=admin + - PROJECTS_REFRESH_BIN=/app/projects_refesh_main + ports: + - "3000:3000" + statesman: + build: + context: taco + dockerfile: Dockerfile_statesman + args: + COMMIT_SHA: local + profiles: ["opentaco", "all"] + environment: + - AWS_ACCESS_KEY_ID=minioadmin + - AWS_ENDPOINT=http://minio:9000 + - AWS_SECRET_ACCESS_KEY=minio-password-CHANGE_ME + - OPENTACO_ALLOW_X_FORWARDED_FOR=true + - OPENTACO_AUTHs_DISABLE=true + - OPENTACO_E2B_SIDECAR_URL=http://sidecar:9100 + - OPENTACO_ENABLE_INTERNAL_ENDPOINTS=statesman-secret-CHANGE_ME + - OPENTACO_PORT=8080 + # Back-compat for taco/scripts/entrypoint.sh (it currently expects *_DATABASE) + - OPENTACO_POSTGRES_DATABASE=statesman + # Database config + - OPENTACO_POSTGRES_DBNAME=statesman + - OPENTACO_POSTGRES_HOST=postgres-statesman + - OPENTACO_POSTGRES_PASSWORD=postgres-password-CHANGE_ME + - OPENTACO_POSTGRES_PORT=5432 + - OPENTACO_POSTGRES_SSLMODE=disable + - OPENTACO_POSTGRES_USER=postgres + - OPENTACO_PUBLIC_BASE_URL=public-url-including-scheme-CHANGE_ME + - OPENTACO_QUERY_BACKEND=postgres + - OPENTACO_S3_BUCKET=opentaco + - OPENTACO_S3_PREFIX=opentaco/ + - OPENTACO_S3_REGION=us-east-1 + - OPENTACO_SANDBOX_PROVIDER=e2b + - OPENTACO_SECRET_KEY=secret-CHANGE_ME + - OPENTACO_STORAGE=s3 + ports: + - "8080:8080" + depends_on: + sidecar: + condition: service_healthy + + sidecar: + build: + context: sandbox-sidecar + dockerfile: Dockerfile_sidecar + profiles: ["opentaco", "all"] + env_file: + - self-hosting/docker-compose/sidecar.env + environment: + - NODE_ENV=production + - PORT=9100 + - SANDBOX_RUNNER=e2b + # E2B Credentials (in env file) + # - E2B_API_KEY= + # - E2B_BAREBONES_TEMPLATE_ID= + ports: + - "9100:9100" + + ui: + build: + context: . + dockerfile: Dockerfile_ui + args: + COMMIT_SHA: local + profiles: ["opentaco", "all"] + env_file: + - self-hosting/docker-compose/ui.env + environment: + - ALLOWED_HOSTS=localhost,127.0.0.1, + - DRIFT_REPORTING_BACKEND_WEBHOOK_SECRET=drift-secret-CHANGE_ME + - ORCHESTRATOR_BACKEND_SECRET=orchestrator-secret-CHANGE_ME + - ORCHESTRATOR_BACKEND_URL=http://orchestrator:3000 + - ORCHESTRATOR_GITHUB_APP_URL=/github/setup + - PUBLIC_URL=public-url-including-scheme-CHANGE_ME + - STATESMAN_BACKEND_URL=http://statesman:8080 + - STATESMAN_BACKEND_WEBHOOK_SECRET=statesman-secret-CHANGE_ME + - TOKENS_SERVICE_BACKEND_URL=http://token-service:8081 + # Public URL for auth callbacks + - WORKOS_REDIRECT_URI=https://hyperphysical-alyse-metagnathous.ngrok-free.dev/api/auth/callback + # WorkOS Credentials (in env file) + # - WORKOS_CLIENT_ID= + # - WORKOS_API_KEY= + # - WORKOS_COOKIE_PASSWORD= + # - WORKOS_WEBHOOK_SECRET= + + ports: + - "3030:3030" + depends_on: + - orchestrator + - statesman + - token-service + + drift: + build: + context: . + dockerfile: Dockerfile_drift + args: + COMMIT_SHA: local + profiles: ["opentaco", "all"] + env_file: + - self-hosting/docker-compose/drift.env + environment: + - DATABASE_URL=postgres://postgres:postgres-password-CHANGE_ME@postgres-orchestrator:5432/orchestrator?sslmode=disable + # Embedded in job specs so CI can report drift results back. + - DIGGER_DRIFT_REPORTER_HOSTNAME=public-url-including-scheme-CHANGE_ME + - DIGGER_ENABLE_INTERNAL_ENDPOINTS=true + - DIGGER_ENABLE_API_ENDPOINTS=true + # Used for drift service internal scheduling triggers. + - DIGGER_HOSTNAME=http://drift:3000 + - DIGGER_INTERNAL_SECRET=orchestrator-secret-CHANGE_ME + - DIGGER_PUBLIC_PATH_PREFIX=/orchestrator + # Auth for drift service internal endpoints (/ _internal/*). + - DIGGER_WEBHOOK_SECRET=drift-secret-CHANGE_ME + - GITHUB_ORG=github-org-CHANGE_ME + # GitHub App Credentials (in env file) + # - GITHUB_APP_ID= + # - GITHUB_APP_CLIENT_ID= + # - GITHUB_APP_CLIENT_SECRET= + # - GITHUB_APP_PRIVATE_KEY_BASE64= + # - GITHUB_WEBHOOK_SECRET= + - PUBLIC_BASE_URL=public-url-including-scheme-CHANGE_ME + - INTERNAL_BASE_URL=http://drift:3000 + - HTTP_BASIC_AUTH=true + - HTTP_BASIC_AUTH_PASSWORD=github-setup-basic-auth-password-CHANGE_ME + - HTTP_BASIC_AUTH_USERNAME=admin + ports: + - "3001:3000" + token-service: + build: + context: taco + dockerfile: Dockerfile_token_service + args: + COMMIT_SHA: local + profiles: ["opentaco", "all"] + environment: + - OPENTACO_TOKEN_QUERY_BACKEND=postgres + - OPENTACO_TOKEN_POSTGRES_DBNAME=token_service + - OPENTACO_TOKEN_POSTGRES_HOST=postgres-token-service + - OPENTACO_TOKEN_POSTGRES_PASSWORD=postgres-password-CHANGE_ME + - OPENTACO_TOKEN_POSTGRES_PORT=5432 + - OPENTACO_TOKEN_POSTGRES_SSLMODE=disable + - OPENTACO_TOKEN_POSTGRES_USER=postgres + ports: + - "8081:8081" + minio: + # NOTE: MinIO's upstream distribution/licensing has shifted away from a + # widely-supported open-source path for newer releases. If you need ongoing + # updates (e.g. CVE patching) beyond this pinned image, you may need to + # migrate to AIStor (paid license) or another S3-compatible alternative. + image: minio/minio:RELEASE.2025-09-07T16-13-09Z-cpuv1@sha256:13582eff79c6605a2d315bdd0e70164142ea7e98fc8411e9e10d089502a6d883 + profiles: ["platform", "all"] + command: server /data --console-address ":9001" + environment: + - MINIO_ROOT_PASSWORD=minio-password-CHANGE_ME + - MINIO_ROOT_USER=minioadmin + ports: + - "9000:9000" + - "9001:9001" + volumes: + - minio-data:/data + + minio-init: + image: minio/mc:RELEASE.2025-08-13T08-35-41Z-cpuv1@sha256:95b5f3f7969a5c5a9f3a700ba72d5c84172819e13385aaf916e237cf111ab868 + profiles: ["platform", "all"] + depends_on: + - minio + environment: + - MINIO_ROOT_PASSWORD=minio-password-CHANGE_ME + - MINIO_ROOT_USER=minioadmin + entrypoint: + - /bin/sh + - -c + - | + # Wait for MinIO to accept connections before creating buckets. + i=0 + until mc alias set local http://minio:9000 "$$MINIO_ROOT_USER" "$$MINIO_ROOT_PASSWORD"; do + i=$$((i+1)) + if [ $$i -ge 60 ]; then + echo 'MinIO not ready after 60s' + exit 1 + fi + sleep 1 + done + mc mb -p local/opentaco || true + +volumes: + postgres-orchestrator-data: + driver: local + postgres-statesman-data: + driver: local + postgres-token-service-data: + driver: local + minio-data: + driver: local diff --git a/self-hosting/docker-compose/drift.env.example b/self-hosting/docker-compose/drift.env.example new file mode 100644 index 000000000..f3dd4e9d4 --- /dev/null +++ b/self-hosting/docker-compose/drift.env.example @@ -0,0 +1,6 @@ +# GitHub App credentials +GITHUB_APP_ID= +GITHUB_APP_CLIENT_ID= +GITHUB_APP_CLIENT_SECRET= +GITHUB_APP_PRIVATE_KEY_BASE64= +GITHUB_WEBHOOK_SECRET= diff --git a/self-hosting/docker-compose/orchestrator.env.example b/self-hosting/docker-compose/orchestrator.env.example new file mode 100644 index 000000000..5fd412326 --- /dev/null +++ b/self-hosting/docker-compose/orchestrator.env.example @@ -0,0 +1,6 @@ +# GitHub App credentials +GITHUB_APP_ID= +GITHUB_APP_CLIENT_ID= +GITHUB_APP_CLIENT_SECRET= +GITHUB_APP_PRIVATE_KEY_BASE64= +GITHUB_WEBHOOK_SECRET= \ No newline at end of file diff --git a/self-hosting/docker-compose/sidecar.env.example b/self-hosting/docker-compose/sidecar.env.example new file mode 100644 index 000000000..86f30aa65 --- /dev/null +++ b/self-hosting/docker-compose/sidecar.env.example @@ -0,0 +1,2 @@ +E2B_API_KEY= +E2B_BAREBONES_TEMPLATE_ID= diff --git a/self-hosting/docker-compose/ui.env.example b/self-hosting/docker-compose/ui.env.example new file mode 100644 index 000000000..50dc698fc --- /dev/null +++ b/self-hosting/docker-compose/ui.env.example @@ -0,0 +1,8 @@ +# WorkOS credentials +WORKOS_CLIENT_ID= +WORKOS_API_KEY= +WORKOS_COOKIE_PASSWORD= +WORKOS_WEBHOOK_SECRET= + +# Public URL for auth callbacks +WORKOS_REDIRECT_URI=http://localhost:3030/api/auth/callback diff --git a/self-hosting/kubernetes/Makefile b/self-hosting/kubernetes/Makefile new file mode 100644 index 000000000..231efd7e5 --- /dev/null +++ b/self-hosting/kubernetes/Makefile @@ -0,0 +1,74 @@ +.PHONY: lint test deps template package \ + ns-create deploy-platform-reference deploy-opentaco upgrade-opentaco \ + ns-create-tilt create-secrets verify + +CHARTS_DIR ?= helm-charts +CHART ?= opentaco +CHART_DIR := $(CHARTS_DIR)/$(CHART) +NAMESPACE ?= opentaco +VALUES_FILE ?= values-opentaco.yaml + +PLATFORM_RELEASE ?= opentaco-platform-reference +PLATFORM_CHART ?= $(CHARTS_DIR)/opentaco-platform-reference + +OPENTACO_RELEASE ?= opentaco +OPENTACO_CHART ?= $(CHARTS_DIR)/opentaco + +SECRETS_DIR ?= $(CHARTS_DIR)/secrets-example + +lint: + helm lint $(CHART_DIR) + +test: + @if [ -d "$(CHART_DIR)/tests" ]; then \ + helm unittest $(CHART_DIR); \ + else \ + echo "No tests directory for $(CHART)"; \ + fi + +deps: + @grep -q "^dependencies:" $(CHART_DIR)/Chart.yaml && helm dependency build $(CHART_DIR) || true + +template: + helm template $(CHART) $(CHART_DIR) + +package: deps + helm package $(CHART_DIR) + +ns-create: + kubectl create namespace $(NAMESPACE) + kubectl create namespace traefik + +ns-create-tilt: + kubectl create namespace $(NAMESPACE) + kubectl create namespace traefik + +deploy-platform-reference: + helm upgrade --install $(PLATFORM_RELEASE) $(PLATFORM_CHART) -n $(NAMESPACE) + +create-secrets: + kubectl create secret generic ui-secrets \ + --from-env-file=$(SECRETS_DIR)/ui.env \ + -n $(NAMESPACE) --dry-run=client -o yaml | kubectl apply -f - + kubectl create secret generic taco-orchestrator-secrets \ + --from-env-file=$(SECRETS_DIR)/digger-backend.env \ + -n $(NAMESPACE) --dry-run=client -o yaml | kubectl apply -f - + kubectl create secret generic statesman-secrets \ + --from-env-file=$(SECRETS_DIR)/statesman.env \ + -n $(NAMESPACE) --dry-run=client -o yaml | kubectl apply -f - + kubectl create secret generic drift-secrets \ + --from-env-file=$(SECRETS_DIR)/drift.env \ + -n $(NAMESPACE) --dry-run=client -o yaml | kubectl apply -f - + kubectl create secret generic taco-sidecar-secrets \ + --from-env-file=$(SECRETS_DIR)/sidecar.env \ + -n $(NAMESPACE) --dry-run=client -o yaml | kubectl apply -f - + +deploy-opentaco: + helm upgrade --install $(OPENTACO_RELEASE) $(OPENTACO_CHART) -f $(VALUES_FILE) -n $(NAMESPACE) + +upgrade-opentaco: + helm upgrade $(OPENTACO_RELEASE) $(OPENTACO_CHART) -f $(VALUES_FILE) -n $(NAMESPACE) + +verify: + kubectl get pods -n $(NAMESPACE) + kubectl get svc -n $(NAMESPACE) diff --git a/self-hosting/kubernetes/README.md b/self-hosting/kubernetes/README.md new file mode 100644 index 000000000..481e3a03e --- /dev/null +++ b/self-hosting/kubernetes/README.md @@ -0,0 +1,16 @@ +# Kubernetes self-hosting + +Kubernetes deployment assets live here. + +- Helm charts are under `self-hosting/kubernetes/helm-charts/`. +- CI workflows now read charts from this path. + +## Examples + +```bash +# lint umbrella chart +make -C self-hosting/kubernetes lint CHART=opentaco + +# run helm-unittest if the chart has tests/ +make -C self-hosting/kubernetes test CHART=taco-orchestrator +``` diff --git a/helm-charts/CLAUDE.md b/self-hosting/kubernetes/helm-charts/CLAUDE.md similarity index 93% rename from helm-charts/CLAUDE.md rename to self-hosting/kubernetes/helm-charts/CLAUDE.md index 48ed509ff..eb75b8f95 100644 --- a/helm-charts/CLAUDE.md +++ b/self-hosting/kubernetes/helm-charts/CLAUDE.md @@ -46,7 +46,7 @@ helm upgrade digger-backend ./digger-backend/ - `backend-ingress.yaml` - Ingress configuration (enabled by default) ### CI/CD Workflows -- **Pull Request Testing** (`.github/workflows/helm-test.yml`): Runs `helm unittest` and linting on PR changes to helm-charts/ +- **Pull Request Testing** (`.github/workflows/helm-test.yml`): Runs `helm unittest` and linting on PR changes to self-hosting/kubernetes/helm-charts/ - **Release Process** (`.github/workflows/helm-release.yml`): On merge to **develop** branch (not main!), publishes to GitHub Container Registry at `oci://ghcr.io/diggerhq/helm-charts/digger-backend` - **Installation**: Users install directly from OCI registry, not GitHub Pages - **Important**: This repo uses `develop` as the default branch, not `main` @@ -97,7 +97,7 @@ helm upgrade digger-backend ./digger-backend/ ## Monorepo Integration Notes -1. **Directory Structure**: Helm charts live in `/helm-charts/` subdirectory of main digger repo, with charts directly under it (not nested in `/charts/`) +1. **Directory Structure**: Helm charts live in `/self-hosting/kubernetes/helm-charts/` subdirectory of main digger repo, with charts directly under it (not nested in `/charts/`) 2. **Publishing Strategy**: - Charts are developed in the main repo but published to GitHub Container Registry (OCI) @@ -113,4 +113,4 @@ helm upgrade digger-backend ./digger-backend/ - Configuration key names are case-sensitive (`githubAppID` not `githubAppId`) - Use `secret` (singular) not `secrets` in configuration - GitHub App private key field is `githubAppKeyFile` (base64 encoded), not `githubAppPrivateKey` - - PostgreSQL config is under `digger.postgres`, not in a `databaseURL` field \ No newline at end of file + - PostgreSQL config is under `digger.postgres`, not in a `databaseURL` field diff --git a/helm-charts/README.md b/self-hosting/kubernetes/helm-charts/README.md similarity index 98% rename from helm-charts/README.md rename to self-hosting/kubernetes/helm-charts/README.md index dbbecf94e..8e0fedd08 100644 --- a/helm-charts/README.md +++ b/self-hosting/kubernetes/helm-charts/README.md @@ -6,7 +6,7 @@ Production-ready Kubernetes deployment for the OpenTaco infrastructure managemen ```bash # 1. Configure values file (see Configuration Checklist below) -curl -O https://raw.githubusercontent.com/diggerhq/digger/develop/helm-charts/opentaco/values-test.yaml.example +curl -O https://raw.githubusercontent.com/diggerhq/digger/develop/self-hosting/kubernetes/helm-charts/opentaco/values-test.yaml.example mv values-test.yaml.example values-test.yaml # Edit values-test.yaml with your GCP project ID and settings @@ -359,7 +359,7 @@ gcloud sql instances describe INSTANCE_NAME --format="value(connectionName)" ## Chart Structure ``` -helm-charts/ +self-hosting/kubernetes/helm-charts/ ├── opentaco/ # Umbrella chart │ ├── Chart.yaml │ ├── values.yaml # Default values @@ -388,4 +388,3 @@ helm-charts/ | `values-test.yaml` | Minimal config for testing | | `values-production.yaml` | Production-ready settings | | `.secrets/*.env` | Environment-specific secrets (not committed) | - diff --git a/helm-charts/digger-backend/.helmignore b/self-hosting/kubernetes/helm-charts/digger-backend/.helmignore similarity index 100% rename from helm-charts/digger-backend/.helmignore rename to self-hosting/kubernetes/helm-charts/digger-backend/.helmignore diff --git a/helm-charts/digger-backend/Chart.yaml b/self-hosting/kubernetes/helm-charts/digger-backend/Chart.yaml similarity index 100% rename from helm-charts/digger-backend/Chart.yaml rename to self-hosting/kubernetes/helm-charts/digger-backend/Chart.yaml diff --git a/helm-charts/digger-backend/templates/_helpers.tpl b/self-hosting/kubernetes/helm-charts/digger-backend/templates/_helpers.tpl similarity index 100% rename from helm-charts/digger-backend/templates/_helpers.tpl rename to self-hosting/kubernetes/helm-charts/digger-backend/templates/_helpers.tpl diff --git a/helm-charts/digger-backend/templates/backend-deployment.yaml b/self-hosting/kubernetes/helm-charts/digger-backend/templates/backend-deployment.yaml similarity index 100% rename from helm-charts/digger-backend/templates/backend-deployment.yaml rename to self-hosting/kubernetes/helm-charts/digger-backend/templates/backend-deployment.yaml diff --git a/helm-charts/digger-backend/templates/backend-ingress.yaml b/self-hosting/kubernetes/helm-charts/digger-backend/templates/backend-ingress.yaml similarity index 100% rename from helm-charts/digger-backend/templates/backend-ingress.yaml rename to self-hosting/kubernetes/helm-charts/digger-backend/templates/backend-ingress.yaml diff --git a/helm-charts/digger-backend/templates/backend-service.yaml b/self-hosting/kubernetes/helm-charts/digger-backend/templates/backend-service.yaml similarity index 100% rename from helm-charts/digger-backend/templates/backend-service.yaml rename to self-hosting/kubernetes/helm-charts/digger-backend/templates/backend-service.yaml diff --git a/helm-charts/digger-backend/templates/digger-secret.yaml b/self-hosting/kubernetes/helm-charts/digger-backend/templates/digger-secret.yaml similarity index 100% rename from helm-charts/digger-backend/templates/digger-secret.yaml rename to self-hosting/kubernetes/helm-charts/digger-backend/templates/digger-secret.yaml diff --git a/helm-charts/digger-backend/templates/postgres-secret.yaml b/self-hosting/kubernetes/helm-charts/digger-backend/templates/postgres-secret.yaml similarity index 100% rename from helm-charts/digger-backend/templates/postgres-secret.yaml rename to self-hosting/kubernetes/helm-charts/digger-backend/templates/postgres-secret.yaml diff --git a/helm-charts/digger-backend/templates/postgres-service.yaml b/self-hosting/kubernetes/helm-charts/digger-backend/templates/postgres-service.yaml similarity index 100% rename from helm-charts/digger-backend/templates/postgres-service.yaml rename to self-hosting/kubernetes/helm-charts/digger-backend/templates/postgres-service.yaml diff --git a/helm-charts/digger-backend/templates/postgres-statefulset.yaml b/self-hosting/kubernetes/helm-charts/digger-backend/templates/postgres-statefulset.yaml similarity index 100% rename from helm-charts/digger-backend/templates/postgres-statefulset.yaml rename to self-hosting/kubernetes/helm-charts/digger-backend/templates/postgres-statefulset.yaml diff --git a/helm-charts/digger-backend/values.yaml b/self-hosting/kubernetes/helm-charts/digger-backend/values.yaml similarity index 100% rename from helm-charts/digger-backend/values.yaml rename to self-hosting/kubernetes/helm-charts/digger-backend/values.yaml diff --git a/helm-charts/opentaco-platform-reference/Chart.yaml b/self-hosting/kubernetes/helm-charts/opentaco-platform-reference/Chart.yaml similarity index 100% rename from helm-charts/opentaco-platform-reference/Chart.yaml rename to self-hosting/kubernetes/helm-charts/opentaco-platform-reference/Chart.yaml diff --git a/helm-charts/opentaco-platform-reference/README.md b/self-hosting/kubernetes/helm-charts/opentaco-platform-reference/README.md similarity index 93% rename from helm-charts/opentaco-platform-reference/README.md rename to self-hosting/kubernetes/helm-charts/opentaco-platform-reference/README.md index 069b9e46a..8b22d44b2 100644 --- a/helm-charts/opentaco-platform-reference/README.md +++ b/self-hosting/kubernetes/helm-charts/opentaco-platform-reference/README.md @@ -7,7 +7,7 @@ It is not intended as a production blueprint. Teams should use their own platfor It installs: - Traefik ingress controller - CloudNativePG operator -- Shared CNPG cluster and application DB credentials +- A single shared CNPG cluster with three databases and app credentials for orchestrator, statesman, and token-service - MinIO (StatefulSet) for statesman object storage - Bucket init job (creates `opentaco` bucket by default) - Statesman object storage secret (`statesman-object-storage` by default) diff --git a/helm-charts/opentaco-platform-reference/templates/_helpers.tpl b/self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/_helpers.tpl similarity index 100% rename from helm-charts/opentaco-platform-reference/templates/_helpers.tpl rename to self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/_helpers.tpl diff --git a/helm-charts/opentaco-platform-reference/templates/cnpg-cluster.yaml b/self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/cnpg-cluster.yaml similarity index 100% rename from helm-charts/opentaco-platform-reference/templates/cnpg-cluster.yaml rename to self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/cnpg-cluster.yaml diff --git a/helm-charts/opentaco-platform-reference/templates/cnpg-credentials.yaml b/self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/cnpg-credentials.yaml similarity index 100% rename from helm-charts/opentaco-platform-reference/templates/cnpg-credentials.yaml rename to self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/cnpg-credentials.yaml diff --git a/helm-charts/opentaco-platform-reference/templates/minio-bucket-init-job.yaml b/self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/minio-bucket-init-job.yaml similarity index 100% rename from helm-charts/opentaco-platform-reference/templates/minio-bucket-init-job.yaml rename to self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/minio-bucket-init-job.yaml diff --git a/helm-charts/opentaco-platform-reference/templates/minio-ingress.yaml b/self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/minio-ingress.yaml similarity index 100% rename from helm-charts/opentaco-platform-reference/templates/minio-ingress.yaml rename to self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/minio-ingress.yaml diff --git a/helm-charts/opentaco-platform-reference/templates/minio-secret.yaml b/self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/minio-secret.yaml similarity index 100% rename from helm-charts/opentaco-platform-reference/templates/minio-secret.yaml rename to self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/minio-secret.yaml diff --git a/helm-charts/opentaco-platform-reference/templates/minio-service.yaml b/self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/minio-service.yaml similarity index 100% rename from helm-charts/opentaco-platform-reference/templates/minio-service.yaml rename to self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/minio-service.yaml diff --git a/helm-charts/opentaco-platform-reference/templates/minio-statefulset.yaml b/self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/minio-statefulset.yaml similarity index 100% rename from helm-charts/opentaco-platform-reference/templates/minio-statefulset.yaml rename to self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/minio-statefulset.yaml diff --git a/helm-charts/opentaco-platform-reference/templates/statesman-object-storage-secret.yaml b/self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/statesman-object-storage-secret.yaml similarity index 100% rename from helm-charts/opentaco-platform-reference/templates/statesman-object-storage-secret.yaml rename to self-hosting/kubernetes/helm-charts/opentaco-platform-reference/templates/statesman-object-storage-secret.yaml diff --git a/helm-charts/opentaco-platform-reference/values.yaml b/self-hosting/kubernetes/helm-charts/opentaco-platform-reference/values.yaml similarity index 100% rename from helm-charts/opentaco-platform-reference/values.yaml rename to self-hosting/kubernetes/helm-charts/opentaco-platform-reference/values.yaml diff --git a/helm-charts/opentaco/.helmignore b/self-hosting/kubernetes/helm-charts/opentaco/.helmignore similarity index 100% rename from helm-charts/opentaco/.helmignore rename to self-hosting/kubernetes/helm-charts/opentaco/.helmignore diff --git a/helm-charts/opentaco/Chart.yaml b/self-hosting/kubernetes/helm-charts/opentaco/Chart.yaml similarity index 100% rename from helm-charts/opentaco/Chart.yaml rename to self-hosting/kubernetes/helm-charts/opentaco/Chart.yaml diff --git a/helm-charts/opentaco/helm.platform-reference.yaml b/self-hosting/kubernetes/helm-charts/opentaco/helm.platform-reference.yaml similarity index 100% rename from helm-charts/opentaco/helm.platform-reference.yaml rename to self-hosting/kubernetes/helm-charts/opentaco/helm.platform-reference.yaml diff --git a/helm-charts/opentaco/templates/NOTES.txt b/self-hosting/kubernetes/helm-charts/opentaco/templates/NOTES.txt similarity index 96% rename from helm-charts/opentaco/templates/NOTES.txt rename to self-hosting/kubernetes/helm-charts/opentaco/templates/NOTES.txt index 68305898c..a2ecf78c4 100644 --- a/helm-charts/opentaco/templates/NOTES.txt +++ b/self-hosting/kubernetes/helm-charts/opentaco/templates/NOTES.txt @@ -55,7 +55,7 @@ NEXT STEPS: kubectl logs -f deployment/taco-ui -n {{ .Release.Namespace }} 3. Configure ingress (if not done): - helm upgrade {{ .Release.Name }} ./helm-charts/opentaco \ + helm upgrade {{ .Release.Name }} ./self-hosting/kubernetes/helm-charts/opentaco \ --set taco-ui.ui.ingress.enabled=true \ --set taco-ui.ui.ingress.hosts[0].host=app.yourdomain.com diff --git a/helm-charts/opentaco/templates/_helpers.tpl b/self-hosting/kubernetes/helm-charts/opentaco/templates/_helpers.tpl similarity index 100% rename from helm-charts/opentaco/templates/_helpers.tpl rename to self-hosting/kubernetes/helm-charts/opentaco/templates/_helpers.tpl diff --git a/helm-charts/opentaco/values-production.yaml.example b/self-hosting/kubernetes/helm-charts/opentaco/values-production.yaml.example similarity index 100% rename from helm-charts/opentaco/values-production.yaml.example rename to self-hosting/kubernetes/helm-charts/opentaco/values-production.yaml.example diff --git a/helm-charts/opentaco/values-test.yaml.example b/self-hosting/kubernetes/helm-charts/opentaco/values-test.yaml.example similarity index 100% rename from helm-charts/opentaco/values-test.yaml.example rename to self-hosting/kubernetes/helm-charts/opentaco/values-test.yaml.example diff --git a/helm-charts/opentaco/values.yaml b/self-hosting/kubernetes/helm-charts/opentaco/values.yaml similarity index 94% rename from helm-charts/opentaco/values.yaml rename to self-hosting/kubernetes/helm-charts/opentaco/values.yaml index 56187cef7..21359670e 100644 --- a/helm-charts/opentaco/values.yaml +++ b/self-hosting/kubernetes/helm-charts/opentaco/values.yaml @@ -82,7 +82,7 @@ taco-orchestrator: path: / # For detailed configuration (database, GitHub App, secrets, etc.), - # see helm-charts/taco-orchestrator/values.yaml or use existingSecret above + # see self-hosting/kubernetes/helm-charts/taco-orchestrator/values.yaml or use existingSecret above # ============================================================================ # Taco Statesman Configuration @@ -132,7 +132,7 @@ taco-statesman: # cpu: 1000m # For detailed configuration (auth, JWT, postgres, OAuth, etc.), - # see helm-charts/taco-statesman/values.yaml or use existingSecret above + # see self-hosting/kubernetes/helm-charts/taco-statesman/values.yaml or use existingSecret above # ============================================================================ # Token Service Configuration @@ -189,7 +189,7 @@ taco-token-service: type: ClusterIP port: 8081 - # For detailed configuration, see helm-charts/taco-token-service/values.yaml + # For detailed configuration, see self-hosting/kubernetes/helm-charts/taco-token-service/values.yaml # ============================================================================ # Drift Detection Configuration @@ -236,7 +236,7 @@ taco-drift: enabled: false # For detailed configuration (GitHub App, database, webhook secrets, etc.), - # see helm-charts/taco-drift/values.yaml or use existingSecret above + # see self-hosting/kubernetes/helm-charts/taco-drift/values.yaml or use existingSecret above # ============================================================================ # Taco UI Configuration @@ -294,7 +294,7 @@ taco-ui: # cpu: 1000m # For detailed configuration (WorkOS, PostHog, webhook secrets, etc.), - # see helm-charts/taco-ui/values.yaml or use existingSecret above + # see self-hosting/kubernetes/helm-charts/taco-ui/values.yaml or use existingSecret above # ============================================================================ # Additional Configuration diff --git a/helm-charts/secrets-example/digger-backend.env b/self-hosting/kubernetes/helm-charts/secrets-example/digger-backend.env similarity index 100% rename from helm-charts/secrets-example/digger-backend.env rename to self-hosting/kubernetes/helm-charts/secrets-example/digger-backend.env diff --git a/helm-charts/secrets-example/drift.env b/self-hosting/kubernetes/helm-charts/secrets-example/drift.env similarity index 100% rename from helm-charts/secrets-example/drift.env rename to self-hosting/kubernetes/helm-charts/secrets-example/drift.env diff --git a/helm-charts/secrets-example/sidecar.env b/self-hosting/kubernetes/helm-charts/secrets-example/sidecar.env similarity index 100% rename from helm-charts/secrets-example/sidecar.env rename to self-hosting/kubernetes/helm-charts/secrets-example/sidecar.env diff --git a/helm-charts/secrets-example/statesman.env b/self-hosting/kubernetes/helm-charts/secrets-example/statesman.env similarity index 100% rename from helm-charts/secrets-example/statesman.env rename to self-hosting/kubernetes/helm-charts/secrets-example/statesman.env diff --git a/helm-charts/secrets-example/ui.env b/self-hosting/kubernetes/helm-charts/secrets-example/ui.env similarity index 100% rename from helm-charts/secrets-example/ui.env rename to self-hosting/kubernetes/helm-charts/secrets-example/ui.env diff --git a/helm-charts/taco-drift/.helmignore b/self-hosting/kubernetes/helm-charts/taco-drift/.helmignore similarity index 100% rename from helm-charts/taco-drift/.helmignore rename to self-hosting/kubernetes/helm-charts/taco-drift/.helmignore diff --git a/helm-charts/taco-drift/Chart.yaml b/self-hosting/kubernetes/helm-charts/taco-drift/Chart.yaml similarity index 100% rename from helm-charts/taco-drift/Chart.yaml rename to self-hosting/kubernetes/helm-charts/taco-drift/Chart.yaml diff --git a/helm-charts/taco-drift/templates/_helpers.tpl b/self-hosting/kubernetes/helm-charts/taco-drift/templates/_helpers.tpl similarity index 100% rename from helm-charts/taco-drift/templates/_helpers.tpl rename to self-hosting/kubernetes/helm-charts/taco-drift/templates/_helpers.tpl diff --git a/helm-charts/taco-drift/templates/cronjobs.yaml b/self-hosting/kubernetes/helm-charts/taco-drift/templates/cronjobs.yaml similarity index 100% rename from helm-charts/taco-drift/templates/cronjobs.yaml rename to self-hosting/kubernetes/helm-charts/taco-drift/templates/cronjobs.yaml diff --git a/helm-charts/taco-drift/templates/deployment.yaml b/self-hosting/kubernetes/helm-charts/taco-drift/templates/deployment.yaml similarity index 100% rename from helm-charts/taco-drift/templates/deployment.yaml rename to self-hosting/kubernetes/helm-charts/taco-drift/templates/deployment.yaml diff --git a/helm-charts/taco-drift/templates/ingress.yaml b/self-hosting/kubernetes/helm-charts/taco-drift/templates/ingress.yaml similarity index 100% rename from helm-charts/taco-drift/templates/ingress.yaml rename to self-hosting/kubernetes/helm-charts/taco-drift/templates/ingress.yaml diff --git a/helm-charts/taco-drift/templates/secret.yaml b/self-hosting/kubernetes/helm-charts/taco-drift/templates/secret.yaml similarity index 100% rename from helm-charts/taco-drift/templates/secret.yaml rename to self-hosting/kubernetes/helm-charts/taco-drift/templates/secret.yaml diff --git a/helm-charts/taco-drift/templates/service.yaml b/self-hosting/kubernetes/helm-charts/taco-drift/templates/service.yaml similarity index 100% rename from helm-charts/taco-drift/templates/service.yaml rename to self-hosting/kubernetes/helm-charts/taco-drift/templates/service.yaml diff --git a/helm-charts/taco-drift/values.yaml b/self-hosting/kubernetes/helm-charts/taco-drift/values.yaml similarity index 100% rename from helm-charts/taco-drift/values.yaml rename to self-hosting/kubernetes/helm-charts/taco-drift/values.yaml diff --git a/helm-charts/taco-orchestrator/.helmignore b/self-hosting/kubernetes/helm-charts/taco-orchestrator/.helmignore similarity index 100% rename from helm-charts/taco-orchestrator/.helmignore rename to self-hosting/kubernetes/helm-charts/taco-orchestrator/.helmignore diff --git a/helm-charts/taco-orchestrator/Chart.yaml b/self-hosting/kubernetes/helm-charts/taco-orchestrator/Chart.yaml similarity index 100% rename from helm-charts/taco-orchestrator/Chart.yaml rename to self-hosting/kubernetes/helm-charts/taco-orchestrator/Chart.yaml diff --git a/helm-charts/taco-orchestrator/templates/_helpers.tpl b/self-hosting/kubernetes/helm-charts/taco-orchestrator/templates/_helpers.tpl similarity index 100% rename from helm-charts/taco-orchestrator/templates/_helpers.tpl rename to self-hosting/kubernetes/helm-charts/taco-orchestrator/templates/_helpers.tpl diff --git a/helm-charts/taco-orchestrator/templates/backend-deployment.yaml b/self-hosting/kubernetes/helm-charts/taco-orchestrator/templates/backend-deployment.yaml similarity index 100% rename from helm-charts/taco-orchestrator/templates/backend-deployment.yaml rename to self-hosting/kubernetes/helm-charts/taco-orchestrator/templates/backend-deployment.yaml diff --git a/helm-charts/taco-orchestrator/templates/backend-ingress.yaml b/self-hosting/kubernetes/helm-charts/taco-orchestrator/templates/backend-ingress.yaml similarity index 100% rename from helm-charts/taco-orchestrator/templates/backend-ingress.yaml rename to self-hosting/kubernetes/helm-charts/taco-orchestrator/templates/backend-ingress.yaml diff --git a/helm-charts/taco-orchestrator/templates/backend-service.yaml b/self-hosting/kubernetes/helm-charts/taco-orchestrator/templates/backend-service.yaml similarity index 100% rename from helm-charts/taco-orchestrator/templates/backend-service.yaml rename to self-hosting/kubernetes/helm-charts/taco-orchestrator/templates/backend-service.yaml diff --git a/helm-charts/taco-orchestrator/templates/postgres-secret.yaml b/self-hosting/kubernetes/helm-charts/taco-orchestrator/templates/postgres-secret.yaml similarity index 100% rename from helm-charts/taco-orchestrator/templates/postgres-secret.yaml rename to self-hosting/kubernetes/helm-charts/taco-orchestrator/templates/postgres-secret.yaml diff --git a/helm-charts/taco-orchestrator/templates/rbac.yaml b/self-hosting/kubernetes/helm-charts/taco-orchestrator/templates/rbac.yaml similarity index 100% rename from helm-charts/taco-orchestrator/templates/rbac.yaml rename to self-hosting/kubernetes/helm-charts/taco-orchestrator/templates/rbac.yaml diff --git a/helm-charts/taco-orchestrator/templates/secret.yaml b/self-hosting/kubernetes/helm-charts/taco-orchestrator/templates/secret.yaml similarity index 100% rename from helm-charts/taco-orchestrator/templates/secret.yaml rename to self-hosting/kubernetes/helm-charts/taco-orchestrator/templates/secret.yaml diff --git a/helm-charts/taco-orchestrator/tests/deployments_test.yaml b/self-hosting/kubernetes/helm-charts/taco-orchestrator/tests/deployments_test.yaml similarity index 100% rename from helm-charts/taco-orchestrator/tests/deployments_test.yaml rename to self-hosting/kubernetes/helm-charts/taco-orchestrator/tests/deployments_test.yaml diff --git a/helm-charts/taco-orchestrator/values.yaml b/self-hosting/kubernetes/helm-charts/taco-orchestrator/values.yaml similarity index 100% rename from helm-charts/taco-orchestrator/values.yaml rename to self-hosting/kubernetes/helm-charts/taco-orchestrator/values.yaml diff --git a/helm-charts/taco-sidecar/Chart.yaml b/self-hosting/kubernetes/helm-charts/taco-sidecar/Chart.yaml similarity index 100% rename from helm-charts/taco-sidecar/Chart.yaml rename to self-hosting/kubernetes/helm-charts/taco-sidecar/Chart.yaml diff --git a/helm-charts/taco-sidecar/README.md b/self-hosting/kubernetes/helm-charts/taco-sidecar/README.md similarity index 100% rename from helm-charts/taco-sidecar/README.md rename to self-hosting/kubernetes/helm-charts/taco-sidecar/README.md diff --git a/helm-charts/taco-sidecar/templates/_helpers.tpl b/self-hosting/kubernetes/helm-charts/taco-sidecar/templates/_helpers.tpl similarity index 100% rename from helm-charts/taco-sidecar/templates/_helpers.tpl rename to self-hosting/kubernetes/helm-charts/taco-sidecar/templates/_helpers.tpl diff --git a/helm-charts/taco-sidecar/templates/deployment.yaml b/self-hosting/kubernetes/helm-charts/taco-sidecar/templates/deployment.yaml similarity index 100% rename from helm-charts/taco-sidecar/templates/deployment.yaml rename to self-hosting/kubernetes/helm-charts/taco-sidecar/templates/deployment.yaml diff --git a/helm-charts/taco-sidecar/templates/secret.yaml b/self-hosting/kubernetes/helm-charts/taco-sidecar/templates/secret.yaml similarity index 100% rename from helm-charts/taco-sidecar/templates/secret.yaml rename to self-hosting/kubernetes/helm-charts/taco-sidecar/templates/secret.yaml diff --git a/helm-charts/taco-sidecar/templates/service.yaml b/self-hosting/kubernetes/helm-charts/taco-sidecar/templates/service.yaml similarity index 100% rename from helm-charts/taco-sidecar/templates/service.yaml rename to self-hosting/kubernetes/helm-charts/taco-sidecar/templates/service.yaml diff --git a/helm-charts/taco-sidecar/values-production.yaml b/self-hosting/kubernetes/helm-charts/taco-sidecar/values-production.yaml similarity index 100% rename from helm-charts/taco-sidecar/values-production.yaml rename to self-hosting/kubernetes/helm-charts/taco-sidecar/values-production.yaml diff --git a/helm-charts/taco-sidecar/values.yaml b/self-hosting/kubernetes/helm-charts/taco-sidecar/values.yaml similarity index 100% rename from helm-charts/taco-sidecar/values.yaml rename to self-hosting/kubernetes/helm-charts/taco-sidecar/values.yaml diff --git a/helm-charts/taco-statesman/Chart.yaml b/self-hosting/kubernetes/helm-charts/taco-statesman/Chart.yaml similarity index 100% rename from helm-charts/taco-statesman/Chart.yaml rename to self-hosting/kubernetes/helm-charts/taco-statesman/Chart.yaml diff --git a/helm-charts/taco-statesman/templates/_helpers.tpl b/self-hosting/kubernetes/helm-charts/taco-statesman/templates/_helpers.tpl similarity index 100% rename from helm-charts/taco-statesman/templates/_helpers.tpl rename to self-hosting/kubernetes/helm-charts/taco-statesman/templates/_helpers.tpl diff --git a/helm-charts/taco-statesman/templates/deployment.yaml b/self-hosting/kubernetes/helm-charts/taco-statesman/templates/deployment.yaml similarity index 100% rename from helm-charts/taco-statesman/templates/deployment.yaml rename to self-hosting/kubernetes/helm-charts/taco-statesman/templates/deployment.yaml diff --git a/helm-charts/taco-statesman/templates/secret.yaml b/self-hosting/kubernetes/helm-charts/taco-statesman/templates/secret.yaml similarity index 100% rename from helm-charts/taco-statesman/templates/secret.yaml rename to self-hosting/kubernetes/helm-charts/taco-statesman/templates/secret.yaml diff --git a/helm-charts/taco-statesman/templates/service.yaml b/self-hosting/kubernetes/helm-charts/taco-statesman/templates/service.yaml similarity index 100% rename from helm-charts/taco-statesman/templates/service.yaml rename to self-hosting/kubernetes/helm-charts/taco-statesman/templates/service.yaml diff --git a/helm-charts/taco-statesman/tests/deployment_test.yaml b/self-hosting/kubernetes/helm-charts/taco-statesman/tests/deployment_test.yaml similarity index 100% rename from helm-charts/taco-statesman/tests/deployment_test.yaml rename to self-hosting/kubernetes/helm-charts/taco-statesman/tests/deployment_test.yaml diff --git a/helm-charts/taco-statesman/values.yaml b/self-hosting/kubernetes/helm-charts/taco-statesman/values.yaml similarity index 100% rename from helm-charts/taco-statesman/values.yaml rename to self-hosting/kubernetes/helm-charts/taco-statesman/values.yaml diff --git a/helm-charts/taco-token-service/Chart.yaml b/self-hosting/kubernetes/helm-charts/taco-token-service/Chart.yaml similarity index 100% rename from helm-charts/taco-token-service/Chart.yaml rename to self-hosting/kubernetes/helm-charts/taco-token-service/Chart.yaml diff --git a/helm-charts/taco-token-service/templates/_helpers.tpl b/self-hosting/kubernetes/helm-charts/taco-token-service/templates/_helpers.tpl similarity index 100% rename from helm-charts/taco-token-service/templates/_helpers.tpl rename to self-hosting/kubernetes/helm-charts/taco-token-service/templates/_helpers.tpl diff --git a/helm-charts/taco-token-service/templates/deployment.yaml b/self-hosting/kubernetes/helm-charts/taco-token-service/templates/deployment.yaml similarity index 100% rename from helm-charts/taco-token-service/templates/deployment.yaml rename to self-hosting/kubernetes/helm-charts/taco-token-service/templates/deployment.yaml diff --git a/helm-charts/taco-token-service/templates/service.yaml b/self-hosting/kubernetes/helm-charts/taco-token-service/templates/service.yaml similarity index 100% rename from helm-charts/taco-token-service/templates/service.yaml rename to self-hosting/kubernetes/helm-charts/taco-token-service/templates/service.yaml diff --git a/helm-charts/taco-token-service/values.yaml b/self-hosting/kubernetes/helm-charts/taco-token-service/values.yaml similarity index 100% rename from helm-charts/taco-token-service/values.yaml rename to self-hosting/kubernetes/helm-charts/taco-token-service/values.yaml diff --git a/helm-charts/taco-ui/.helmignore b/self-hosting/kubernetes/helm-charts/taco-ui/.helmignore similarity index 100% rename from helm-charts/taco-ui/.helmignore rename to self-hosting/kubernetes/helm-charts/taco-ui/.helmignore diff --git a/helm-charts/taco-ui/Chart.yaml b/self-hosting/kubernetes/helm-charts/taco-ui/Chart.yaml similarity index 100% rename from helm-charts/taco-ui/Chart.yaml rename to self-hosting/kubernetes/helm-charts/taco-ui/Chart.yaml diff --git a/helm-charts/taco-ui/templates/_helpers.tpl b/self-hosting/kubernetes/helm-charts/taco-ui/templates/_helpers.tpl similarity index 100% rename from helm-charts/taco-ui/templates/_helpers.tpl rename to self-hosting/kubernetes/helm-charts/taco-ui/templates/_helpers.tpl diff --git a/helm-charts/taco-ui/templates/deployment.yaml b/self-hosting/kubernetes/helm-charts/taco-ui/templates/deployment.yaml similarity index 100% rename from helm-charts/taco-ui/templates/deployment.yaml rename to self-hosting/kubernetes/helm-charts/taco-ui/templates/deployment.yaml diff --git a/helm-charts/taco-ui/templates/ingress.yaml b/self-hosting/kubernetes/helm-charts/taco-ui/templates/ingress.yaml similarity index 100% rename from helm-charts/taco-ui/templates/ingress.yaml rename to self-hosting/kubernetes/helm-charts/taco-ui/templates/ingress.yaml diff --git a/helm-charts/taco-ui/templates/secret.yaml b/self-hosting/kubernetes/helm-charts/taco-ui/templates/secret.yaml similarity index 100% rename from helm-charts/taco-ui/templates/secret.yaml rename to self-hosting/kubernetes/helm-charts/taco-ui/templates/secret.yaml diff --git a/helm-charts/taco-ui/templates/service.yaml b/self-hosting/kubernetes/helm-charts/taco-ui/templates/service.yaml similarity index 100% rename from helm-charts/taco-ui/templates/service.yaml rename to self-hosting/kubernetes/helm-charts/taco-ui/templates/service.yaml diff --git a/helm-charts/taco-ui/tests/deployment_test.yaml b/self-hosting/kubernetes/helm-charts/taco-ui/tests/deployment_test.yaml similarity index 100% rename from helm-charts/taco-ui/tests/deployment_test.yaml rename to self-hosting/kubernetes/helm-charts/taco-ui/tests/deployment_test.yaml diff --git a/helm-charts/taco-ui/values.yaml b/self-hosting/kubernetes/helm-charts/taco-ui/values.yaml similarity index 100% rename from helm-charts/taco-ui/values.yaml rename to self-hosting/kubernetes/helm-charts/taco-ui/values.yaml