platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

refactor: refactor and gitopify

Browse Source
This commit is contained in:
Jonas Juselius
2024-02-05 21:04:53 +01:00
parent 1bff28ab6c
commit 10a06fd058
21 changed files with 249 additions and 268 deletions
Download Patch File Download Diff File Expand all files Collapse all files
archmeister/review/appsettings.json
-43
View File
@@ -1,43 +0,0 @@
{
"connString": "Username=app;Password=123;Host=x-review-archmeister-rw;Port=5432;Database=app;Pooling=true;",
"oidc": {
"issuer": "https://idp.oceanbox.io/dex",
"authorization_endpoint": "https://idp.oceanbox.io/dex/auth",
"token_endpoint": "https://idp.oceanbox.io/dex/token",
"jwks_uri": "https://idp.oceanbox.io/dex/keys",
"userinfo_endpoint": "https://idp.oceanbox.io/dex/userinfo",
"device_authorization_endpoint": "https://idp.oceanbox.io/dex/device/code",
"clientId": "archmeister_dev",
"clientSecret": "Dae1eekeedeuKaoCiesh1Jei6aishe8I",
"scopes": [
"openid",
"email",
"offline_access",
"profile"
]
},
"sso": {
"cookieDomain": ".oceanbox.io",
"signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html",
"redis": "redis-master,user=default,password=JICkoUKD0Y",
"appDomain": "atlantis",
"dataProtectionKeys": "DataProtection-Keys"
},
"allowedOrigins": [
"https://beta.sorcerer.ekman.oceanbox.io",
"https://sorcerer.ekman.oceanbox.io",
"https://sorcerer.hpc.oceanbox.io",
"https://s.local.oceanbox.io:8080",
"https://maps.oceanbox.io",
"https://atlantis.beta.oceanbox.io",
"https://jonas-atlantis.beta.oceanbox.io",
"https://stig-atlantis.beta.oceanbox.io",
"https://simkir-atlantis.beta.oceanbox.io",
"https://atlantis.local.oceanbox.io:8080"
],
"logService" : "https://seq.oceanbox.io",
"logApiKey": "WmZplDeFoxIHpJQ5BiDk",
"cliUsers": [
"admin:en-to-tre-fire"
]
}
archmeister/review/cluster_patch.yaml
-22
View File
@@ -1,22 +0,0 @@
- op: add
path: /spec/bootstrap
value:
pg_basebackup:
source: staging-archmeister
- op: add
path: /spec/externalClusters
value:
- name: staging-archmeister
connectionParameters:
host: staging-archmeister-rw.oceanbox
user: streaming_replica
sslmode: verify-full
sslKey:
name: staging-archmeister-replication
key: tls.key
sslCert:
name: staging-archmeister-replication
key: tls.crt
sslRootCert:
name: staging-archmeister-ca
key: ca.crt
archmeister/review/deployment_patch.yaml
-33
View File
@@ -1,33 +0,0 @@
- op: add
path: /spec/template/metadata/annotations
value:
dapr.io/enabled: "true"
dapr.io/app-id: "x-review-archmeister"
dapr.io/app-port: "8000"
dapr.io/config: "tracing"
- op: replace
path: /spec/template/spec/containers/0/env/0
value:
name: LOG_LEVEL
value: "4"
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: staging-archmeister-app
key: password
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: DB_USERNAME
valueFrom:
secretKeyRef:
name: staging-archmeister-app
key: username
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: DB_HOST
value: x-review-archmeister-rw
archmeister/review/kustomization.yaml
-24
View File
@@ -1,24 +0,0 @@
namePrefix: x-review-
generatorOptions:
disableNameSuffixHash: true
secretGenerator:
- files:
- appsettings.json
name: archmeister-appsettings
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
patches:
- path: deployment_patch.yaml
target:
group: apps
kind: Deployment
name: archmeister
version: v1
- path: cluster_patch.yaml
target:
group: postgresql.cnpg.io
kind: Cluster
name: archmeister
version: v1
atlantis-resources/atlantis-host-resources.yaml
+15
View File
@@ -0,0 +1,15 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: atlantis-host-resrources
namespace: argocd
spec:
project: atlantis
destination:
server: https://kubernetes.default.svc
# namespace:
source:
repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: HEAD
path: atlantis-resources/host-manifests
atlantis-resources/atlantis-resources.yaml
+25
View File
@@ -0,0 +1,25 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: atlantis-resources
namespace: argocd
spec:
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
- cluster: https://kubernetes.default.svc
env: staging
template:
metadata:
name: '{{ env }}-atlantis-resources'
spec:
project: atlantis
destination:
server: https://kubernetes.default.svc
namespace: atlantis
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: HEAD
path: atlantis-resources/manifests
atlantis-resources/host-manifests/allow-loft-analytics.yaml
+12
View File
@@ -0,0 +1,12 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-loft-analytics
namespace: atlantis
spec:
egress:
- toFQDNs:
- matchName: analytics.loft.rocks
endpointSelector:
matchLabels:
app: vcluster
resources/sync-atlantis-secrets.yaml → atlantis-resources/host-manifests/sync-atlantis-secrets.yaml
View File
resources/allow-atlantis-services.yaml → atlantis-resources/manifests/allow-atlantis-services.yaml
View File
atlantis-resources/manifests/allow-external-s3.yaml
+12
View File
@@ -0,0 +1,12 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-external-s3
namespace: atlantis
spec:
egress:
- toFQDNs:
- matchName: s3.k1.itpartner.no
endpointSelector:
matchLabels: {}
atlantis-resources/manifests/allow-external-services.yaml
+12
View File
@@ -0,0 +1,12 @@
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-external-services
spec:
egress:
- toFQDNs:
- matchName: gitlab.com
- matchPattern: '*.gitlab.com'
- matchName: api.github.com
endpointSelector:
matchLabels: {}
resources/dapr-tracing.yaml → atlantis-resources/manifests/dapr-tracing.yaml
+1 -1
View File
@@ -7,7 +7,7 @@ spec:
ingress:
enabled: false
allInOne:
image: jaegertracing/all-in-one:1.13
image: jaegertracing/all-in-one:1.22
options:
query:
base-path: /jaeger
dex/application.yaml
+1 -1
View File
@@ -11,5 +11,5 @@ spec:
source:
repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: HEAD
path: dex/app
path: dex/manifests
dex/config/config.yaml
+137
View File
@@ -0,0 +1,137 @@
issuer: https://idp.oceanbox.io/dex
storage:
type: postgres
config:
host: dexdb-rw
port: 5432
database: dex_db
user: dex
password: crafter keenness gilled sprinkled
ssl:
mode: disable
web:
http: 127.0.0.1:5556
telemetry:
http: 127.0.0.1:5558
grpc:
addr: 127.0.0.1:5557
frontend:
dir: /srv/dex/web
issuer: oceanbox
extra:
client_logo_url: "../theme/client-logo.png"
# enablePasswordDB: true
# staticPasswords:
# - email: "admin@oceanbox.io"
# hash: "$2y$12$2AUaWnDEpHxsfFyRzTwx8e8WtJtnhGJOujPjP3BXVVCJe3c.k2PjC"
# username: "admin"
# userID: "9a15441c-4d66-4b26-a0f6-4e619535ee8f"
oauth2:
responseTypes: [ "code" ]
skipApprovalScreen: true
alwaysShowLoginScreen: false
connectors:
- type: microsoft
id: oceanbox
name: oceanbox.io
config:
clientID: 43667ac0-37e1-422f-99fc-50a699bb255c
clientSecret: p1c8Q~H5LsnhUzVGhHxVzqompiC7949QpIqJrcNB
tenant: 3f737008-e9a0-4485-9d27-40329d288089
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- atlantis
- type: microsoft
id: salmar
name: salmar.no
config:
clientID: 3f6f1153-e5da-40eb-a2dd-ede6c7bf6058
clientSecret: rzC8Q~fc9ex6hBglFPAKCU4KJ1o82AQCQYdb~cI2
tenant: de10159d-2c09-4762-966c-e841d3391feb
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- Azure-Grp-App-Cloud-Oceanbox
- type: microsoft
id: aqua-kompetanse
name: aqua-kompetanse.no
config:
clientID: 9fd83910-1a21-4869-8a30-19fc32722ee2
clientSecret: Uer8Q~8LKuDNQVt1vHaMVXAzKSLssvVduH.2HcNC
tenant: 6cd538cc-6cba-463f-9d22-1e0eda9695e3
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- Oceanbox
- type: oidc
id: keycloak
name: default
config:
issuer: https://keycloak.dev.oceanbox.io/realms/Oceanbox
clientID: dex
clientSecret: 9c9LAMh7feQRNgHGYaUiASuZBd0JpQC4
redirectURI: https://idp.oceanbox.io/dex/callback
promptType: login
staticClients:
- id: atlantis
redirectURIs:
- 'https://maps.oceanbox.io/signin-oidc'
- 'https://maps.relic.oceanbox.io/signin-oidc'
name: 'Atlantis'
secret: KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm
- id: atlantis_dev
redirectURIs:
- 'https://atlantis.dev.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-atlantis.dev.oceanbox.io/signin-oidc'
- 'https://stig-tilt-atlantis.dev.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-atlantis.dev.oceanbox.io/signin-oidc'
- 'https://atlantis.local.oceanbox.io:8080/signin-oidc'
name: 'Atlantis dev'
secret: 3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR
- id: petimeter
redirectURIs:
- 'https://petimeter.svc.oceanbox.io/signin-oidc'
name: 'Petimeter dev'
secret: kkrKo3mmmseMnorf9qw3eklefkoOKFNs
- id: petimeter_dev
redirectURIs:
- 'https://petimeter.dev.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-petimeter.dev.oceanbox.io/signin-oidc'
- 'https://stig-tilt-petimeter.dev.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-petimeter.dev.oceanbox.io/signin-oidc'
- 'https://petimeter.local.oceanbox.io:8080/signin-oidc'
name: 'Petimeter dev'
secret: kfngKJF9EKVBnnvgkdmPfs0qw3rmjslk
- id: sorcerer
redirectURIs:
- 'https://sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.hpc.oceanbox.io/signin-oidc'
name: 'Sorcerer'
secret: sIUXxSQLaTJiLCQ9AqBhmEbAL9lubHGB
- id: sorcerer_dev
redirectURIs:
- 'https://dev.sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.hpc.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://s.local.oceanbox.io:11080/signin-oidc'
- 'https://sorcerer.local.oceanbox.io:11080/signin-oidc'
name: 'Sorcerer dev'
secret: cyrgDr1UzhQrJn8nRVqEt9BJ9mLk3OBy
- id: archmeister
redirectURIs:
- 'https://archmeister.svc.oceanbox.io/signin-oidc'
name: 'Archmeister'
secret: ieK3yak9zoh3yeewee8quahY6seiv7Ro
- id: archmeister_dev
redirectURIs:
- 'https://archmeister.dev.oceanbox.io/signin-oidc'
- 'https://jonas-archmeister.dev.oceanbox.io/signin-oidc'
- 'https://simkir-archmeister.dev.oceanbox.io/signin-oidc'
- 'https://r.local.oceanbox.io:11080/signin-oidc'
- 'https://archmeister.local.oceanbox.io:9080/signin-oidc'
name: 'Archmeister dev'
secret: Dae1eekeedeuKaoCiesh1Jei6aishe8I
dex/config/kustomization.yaml
+7
View File
@@ -0,0 +1,7 @@
# namePrefix: staging-
generatorOptions:
disableNameSuffixHash: true
configmapGenerator:
- name: dex-config
files:
- config.yaml
dex/manifests/config.yaml
+27
View File
@@ -0,0 +1,27 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: dex
namespace: argocd
spec:
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
- cluster: https://kubernetes.default.svc
env: staging
template:
metadata:
name: '{{ env }}-dex-config'
spec:
project: atlantis
destination:
server: https://kubernetes.default.svc
namespace: idp
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: HEAD
path: dex/config
kustomization:
namePrefix: '{{ env }}-'
dex/app/dex.yaml → dex/manifests/dex.yaml
View File
dex/app/resources.yaml → dex/manifests/resources.yaml
View File
dex/resources/cnp.yaml → dex/resources/allow-dex-external-access.yaml
View File
dex/resources/dex-config.yaml
-144
View File
@@ -1,144 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: dex-config
type: Opaque
stringData:
config.yaml: |
issuer: https://idp.oceanbox.io/dex
storage:
type: postgres
config:
host: dexdb-rw
port: 5432
database: dex_db
user: dex
password: crafter keenness gilled sprinkled
ssl:
mode: disable
web:
http: 127.0.0.1:5556
telemetry:
http: 127.0.0.1:5558
grpc:
addr: 127.0.0.1:5557
frontend:
dir: /srv/dex/web
issuer: oceanbox
extra:
client_logo_url: "../theme/client-logo.png"
# enablePasswordDB: true
# staticPasswords:
# - email: "admin@oceanbox.io"
# hash: "$2y$12$2AUaWnDEpHxsfFyRzTwx8e8WtJtnhGJOujPjP3BXVVCJe3c.k2PjC"
# username: "admin"
# userID: "9a15441c-4d66-4b26-a0f6-4e619535ee8f"
oauth2:
responseTypes: [ "code" ]
skipApprovalScreen: true
alwaysShowLoginScreen: false
connectors:
- type: microsoft
id: oceanbox
name: oceanbox.io
config:
clientID: 43667ac0-37e1-422f-99fc-50a699bb255c
clientSecret: p1c8Q~H5LsnhUzVGhHxVzqompiC7949QpIqJrcNB
tenant: 3f737008-e9a0-4485-9d27-40329d288089
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- atlantis
- type: microsoft
id: salmar
name: salmar.no
config:
clientID: 3f6f1153-e5da-40eb-a2dd-ede6c7bf6058
clientSecret: rzC8Q~fc9ex6hBglFPAKCU4KJ1o82AQCQYdb~cI2
tenant: de10159d-2c09-4762-966c-e841d3391feb
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- Azure-Grp-App-Cloud-Oceanbox
- type: microsoft
id: aqua-kompetanse
name: aqua-kompetanse.no
config:
clientID: 9fd83910-1a21-4869-8a30-19fc32722ee2
clientSecret: Uer8Q~8LKuDNQVt1vHaMVXAzKSLssvVduH.2HcNC
tenant: 6cd538cc-6cba-463f-9d22-1e0eda9695e3
redirectURI: https://idp.oceanbox.io/dex/callback
onlySecurityGroups: true
groups:
- Oceanbox
- type: oidc
id: keycloak
name: default
config:
issuer: https://keycloak.dev.oceanbox.io/realms/Oceanbox
clientID: dex
clientSecret: 9c9LAMh7feQRNgHGYaUiASuZBd0JpQC4
redirectURI: https://idp.oceanbox.io/dex/callback
promptType: login
staticClients:
- id: atlantis
redirectURIs:
- 'https://maps.oceanbox.io/signin-oidc'
- 'https://maps.relic.oceanbox.io/signin-oidc'
name: 'Atlantis'
secret: KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm
- id: atlantis_dev
redirectURIs:
- 'https://atlantis.dev.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-atlantis.dev.oceanbox.io/signin-oidc'
- 'https://stig-tilt-atlantis.dev.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-atlantis.dev.oceanbox.io/signin-oidc'
- 'https://atlantis.local.oceanbox.io:8080/signin-oidc'
name: 'Atlantis dev'
secret: 3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR
- id: petimeter
redirectURIs:
- 'https://petimeter.svc.oceanbox.io/signin-oidc'
name: 'Petimeter dev'
secret: kkrKo3mmmseMnorf9qw3eklefkoOKFNs
- id: petimeter_dev
redirectURIs:
- 'https://petimeter.dev.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-petimeter.dev.oceanbox.io/signin-oidc'
- 'https://stig-tilt-petimeter.dev.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-petimeter.dev.oceanbox.io/signin-oidc'
- 'https://petimeter.local.oceanbox.io:8080/signin-oidc'
name: 'Petimeter dev'
secret: kfngKJF9EKVBnnvgkdmPfs0qw3rmjslk
- id: sorcerer
redirectURIs:
- 'https://sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.hpc.oceanbox.io/signin-oidc'
name: 'Sorcerer'
secret: sIUXxSQLaTJiLCQ9AqBhmEbAL9lubHGB
- id: sorcerer_dev
redirectURIs:
- 'https://dev.sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://sorcerer.hpc.oceanbox.io/signin-oidc'
- 'https://jonas-tilt-sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://simkir-tilt-sorcerer.ekman.oceanbox.io/signin-oidc'
- 'https://s.local.oceanbox.io:11080/signin-oidc'
- 'https://sorcerer.local.oceanbox.io:11080/signin-oidc'
name: 'Sorcerer dev'
secret: cyrgDr1UzhQrJn8nRVqEt9BJ9mLk3OBy
- id: archmeister
redirectURIs:
- 'https://archmeister.svc.oceanbox.io/signin-oidc'
name: 'Archmeister'
secret: ieK3yak9zoh3yeewee8quahY6seiv7Ro
- id: archmeister_dev
redirectURIs:
- 'https://archmeister.dev.oceanbox.io/signin-oidc'
- 'https://jonas-archmeister.dev.oceanbox.io/signin-oidc'
- 'https://simkir-archmeister.dev.oceanbox.io/signin-oidc'
- 'https://r.local.oceanbox.io:11080/signin-oidc'
- 'https://archmeister.local.oceanbox.io:9080/signin-oidc'
name: 'Archmeister dev'
secret: Dae1eekeedeuKaoCiesh1Jei6aishe8I
dex/resources/cluster.yaml → dex/resources/dexdb-cluster.yaml
View File