platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

wip: try nixidy

Browse Source
This commit is contained in:
Jonas Juselius
2024-10-10 16:04:41 +02:00
parent 61379ad665
commit 11b398801d
66 changed files with 55100 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/archmeister.yaml
+47
View File
@@ -0,0 +1,47 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: archmeister
namespace: argocd
spec:
goTemplate: true
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostname: archmeister.srv.oceanbox.io
autoSync: false
prune: true
- cluster: https://staging-vcluster.staging-vcluster
env: staging
hostname: archmeister.beta.oceanbox.io
autoSync: true
prune: true
template:
metadata:
name: "{{ .env }}-archmeister"
spec:
project: atlantis
destination:
namespace: atlantis
server: "{{ .cluster }}"
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/archmeister
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: "{{ .env }}"
- name: hostname
string: "{{ .hostname }}"
templatePatch: |
{{- if .autoSync }}
spec:
syncPolicy:
automated:
prune: {{ .prune }}
selfHeal: false
{{- end }}
apps/atlantis-host-resources.yaml
+27
View File
@@ -0,0 +1,27 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: atlantis-cluster-resources
namespace: argocd
# annotations: # close, but no cigar
# argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true
spec:
project: atlantis
destination:
server: https://kubernetes.default.svc
syncPolicy:
automated:
prune: false
selfHeal: false
# ignoreDifferences:
# - kind: Secret
# name: prod-rabbitmq
# jqPathExpressions:
# - '.data'
# - '.metadata.annotations.clone'
# - '.metadata.labels'
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: resources/atlantis
apps/atlantis-resources.yaml
+41
View File
@@ -0,0 +1,41 @@
# Currently not in use. Configured via the create-vcluster script.
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: atlantis-resources
namespace: argocd
spec:
goTemplate: true
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
autoSync: false
prune: false
# - cluster: https://staging-vcluster.staging-vcluster
# env: staging
# autoSync: false
# prune: false
template:
metadata:
name: "{{ .env }}-atlantis-resources"
spec:
project: aux
syncPolicy:
automated: {}
destination:
server: "{{ .cluster }}"
namespace: atlantis
sources: {}
# - repoURL: https://gitlab.com/oceanbox/manifests.git
# targetRevision: main
# path: 'resources/atlantis/manifests/{{ env }}'
templatePatch: |
{{- if .autoSync }}
spec:
syncPolicy:
automated:
prune: {{ .prune }}
selfHeal: false
{{- end }}
apps/atlantis.nix
+106
View File
@@ -0,0 +1,106 @@
{ lib, config, ... }:
let
cfg = config.services.atlantis;
in
{
options.services.atlantis = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Enable";
};
autoSync = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Auto sync";
};
prune = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Prune";
};
};
config = lib.mkIf cfg.enable {
applications.atlantis.resources = {
applicationSets = {
atlantis.spec = {
goTemplate = true;
generators = [
{
list = {
elements = [
{
env = "prod";
namespace = "atlantis";
project = "atlantis";
cluster = "https://kubernetes.default.svc";
hostname = "atlantis.srv.oceanbox.io";
revision = "main";
autoSync = cfg.autoSync;
prune = cfg.prune;
}
{
env = "staging";
namespace = "atlantis";
project = "atlantis";
cluster = "https://staging-vcluster.staging-vcluster";
hostname = "atlantis.beta.oceanbox.io";
revision = "main";
autoSync = cfg.autoSync;
prune = cfg.prune;
}
];
};
}
];
template = {
metadata = {
name = "{{ .env }}-atlantis";
annotations = {
"argocd.argoproj.io/compare-options" = "ServerSideDiff=true";
};
};
spec = {
destination = {
namespace = "{{`{{.namespace}}`}}";
server = "{{ .cluster }}";
};
project = "{{`{{.project}}`}}";
sources = [
{
repoURL = "https://gitlab.com/oceanbox/manifests.git";
targetRevision = "{{`{{.revision}}`}}";
path = "kustomizations/atlantis";
plugin = {
name = "kustomize-helm-with-rewrite";
parameters = [
{
name = "env";
string = "{{ .env }}";
}
{
name = "hostname";
string = "{{ .hostname }}";
}
];
};
}
];
syncPolicy = {
syncOptions = [
"CreateNamespace=true"
"ApplyOutOfSyncOnly=true"
];
automated = lib.mkIf cfg.autoSync {
prune = cfg.prune;
selfHeal = false;
};
};
};
};
};
};
};
};
}
apps/atlantis.yaml
+47
View File
@@ -0,0 +1,47 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: atlantis
namespace: argocd
spec:
goTemplate: true
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostname: atlantis.srv.oceanbox.io
autoSync: false
prune: true
- cluster: https://staging-vcluster.staging-vcluster
env: staging
hostname: atlantis.beta.oceanbox.io
autoSync: true
prune: true
template:
metadata:
name: '{{ .env }}-atlantis'
spec:
project: atlantis
destination:
namespace: atlantis
server: '{{ .cluster }}'
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/atlantis
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: '{{ .env }}'
- name: hostname
string: '{{ .hostname }}'
templatePatch: |
{{- if .autoSync }}
spec:
syncPolicy:
automated:
prune: {{ .prune }}
selfHeal: false
{{- end }}
apps/busynix.yaml
+34
View File
@@ -0,0 +1,34 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: busynix
namespace: argocd
spec:
generators:
- list:
elements:
# - cluster: https://kubernetes.default.svc
# env: prod
# hostname: busynix.srv.oceanbox.io
- cluster: https://staging-vcluster.staging-vcluster
env: staging
hostname: busynix.beta.oceanbox.io
template:
metadata:
name: '{{ env }}-busynix'
spec:
project: aux
destination:
namespace: default
server: '{{ cluster }}'
source:
repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/busynix
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: '{{ env }}'
- name: hostname
string: '{{ hostname }}'
apps/cerbos.yaml
+32
View File
@@ -0,0 +1,32 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: cerbos
namespace: argocd
spec:
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
- cluster: https://staging-vcluster.staging-vcluster
env: staging
template:
metadata:
name: '{{ env }}-cerbos'
spec:
project: aux
destination:
server: https://kubernetes.default.svc
namespace: idp
sources:
- repoURL: https://download.cerbos.dev/helm-charts
targetRevision: 0.33.0
chart: cerbos
helm:
valueFiles:
- $values/kustomizations/cerbos/values.yaml
- $values/kustomizations/cerbos/values-{{ env }}.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
ref: values
apps/default.nix
+16
View File
@@ -0,0 +1,16 @@
{ ... }:
{
imports = [
./atlantis.nix
];
config = {
services = {
atlantis = {
enable = true;
autoSync = true;
prune = false;
};
};
};
}
apps/dex.yaml
+15
View File
@@ -0,0 +1,15 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: dex
namespace: argocd
spec:
project: aux
destination:
server: https://kubernetes.default.svc
namespace: idp
source:
repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/dex/manifests
apps/geoserver.yaml
+38
View File
@@ -0,0 +1,38 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: geoserver
namespace: argocd
spec:
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostname: geoserver.srv.oceanbox.io
# - cluster: https://kubernetes.default.svc
# env: staging
# hostname: geoserver.beta.oceanbox.io
template:
metadata:
name: '{{ env }}-geoserver'
spec:
project: aux
destination:
server: https://kubernetes.default.svc
namespace: geoserver
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/geoserver
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: '{{ env }}'
- name: hostname
string: geoserver.srv.oceanbox.io
- name: flags
string: "--skip-tests"
- name: chart
string: ncsa/geoserver
apps/hipster.yaml
+47
View File
@@ -0,0 +1,47 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: hipster
namespace: argocd
spec:
goTemplate: true
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostname: hipster.srv.oceanbox.io
autoSync: false
prune: true
- cluster: https://staging-vcluster.staging-vcluster
env: staging
hostname: hipster.beta.oceanbox.io
autoSync: true
prune: true
template:
metadata:
name: '{{ .env }}-hipster'
spec:
project: atlantis
destination:
namespace: atlantis
server: '{{ .cluster }}'
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/hipster
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: '{{ .env }}'
- name: hostname
string: '{{ .hostname }}'
templatePatch: |
{{- if .autoSync }}
spec:
syncPolicy:
automated:
prune: {{ .prune }}
selfHeal: false
{{- end }}
apps/jaeger.yaml
+22
View File
@@ -0,0 +1,22 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: jaeger
namespace: argocd
spec:
project: atlantis
destination:
server: https://kubernetes.default.svc
namespace: jaeger
sources:
- repoURL: https://jaegertracing.github.io/helm-charts
targetRevision: 2.54.0
chart: jaeger-operator
helm:
valueFiles:
- $values/kustomizations/jaeger/values.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
# path: kustomizations/jaeger/manifests
ref: values
apps/keycloak.yaml
+21
View File
@@ -0,0 +1,21 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: keycloak
namespace: argocd
spec:
project: aux
destination:
server: https://kubernetes.default.svc
namespace: idp
sources:
- repoURL: https://charts.bitnami.com/bitnami
targetRevision: 18.3.4
chart: keycloak
helm:
valueFiles:
- $values/kustomizations/keycloak/values.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
ref: values
apps/loki.yaml
+150
View File
@@ -0,0 +1,150 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: loki
namespace: argocd
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: loki
server: 'https://kubernetes.default.svc'
project: aux
ignoreDifferences:
- group: apps
kind: StatefulSet
jsonPointers:
- /spec/persistentVolumeClaimRetentionPolicy
syncPolicy:
managedNamespaceMetadata:
labels:
component: aux
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
automated:
prune: true
selfHeal: true
sources:
- repoURL: https://gitlab.com/serit/k8s/serit-platform-manifests.git
path: network-policies/netpol-loki
targetRevision: HEAD
- repoURL: 'https://grafana.github.io/helm-charts'
targetRevision: 6.12.0
chart: loki
helm:
values: |
loki:
auth_enabled: false
storage:
bucketNames:
chunks: loki-chunks
ruler: loki-chunks
admin: loki-chunks
s3:
endpoint: http://10.255.241.30:30080
region: tos
secretAccessKey: ${S3SECRET}
accessKeyId: ${S3KEY}
s3ForcePathStyle: true
http_config:
insecure_skip_verify: true
schemaConfig:
configs:
- from: "2024-04-01"
index:
period: 24h
prefix: loki_index_
object_store: s3
schema: v13
store: tsdb
compactor:
compaction_interval: 10m
working_directory: /tmp/loki/compactor
retention_enabled: true
retention_delete_delay: 2h
retention_delete_worker_count: 150
delete_request_store: s3
limits_config:
retention_period: 744h
write:
extraArgs:
- -config.expand-env=true
extraEnv:
- name: S3KEY
valueFrom:
secretKeyRef:
name: loki-s3
key: AWS_ACCESS_KEY_ID
- name: S3SECRET
valueFrom:
secretKeyRef:
name: loki-s3
key: AWS_ACCESS_KEY_SECRET
tolerations:
- effect: "NoSchedule"
operator: "Equal"
key: "unschedulable"
value: "true"
read:
extraArgs:
- -config.expand-env=true
extraEnv:
- name: S3KEY
valueFrom:
secretKeyRef:
name: loki-s3
key: AWS_ACCESS_KEY_ID
- name: S3SECRET
valueFrom:
secretKeyRef:
name: loki-s3
key: AWS_ACCESS_KEY_SECRET
tolerations:
- effect: "NoSchedule"
operator: "Equal"
key: "unschedulable"
value: "true"
ingress:
enabled: true
ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/ssl-redirect: "true"
atlantis.oceanbox.io/expose: internal
hosts:
- loki.adm.oceanbox.io
tls:
- hosts:
- loki.adm.oceanbox.io
secretName: loki-distributed-tls
compactor:
extraArgs:
- -config.expand-env=true
extraEnv:
- name: S3KEY
valueFrom:
secretKeyRef:
name: loki-s3
key: AWS_ACCESS_KEY_ID
- name: S3SECRET
valueFrom:
secretKeyRef:
name: loki-s3
key: AWS_ACCESS_KEY_SECRET
backend:
extraArgs:
- -config.expand-env=true
extraEnv:
- name: S3KEY
valueFrom:
secretKeyRef:
name: loki-s3
key: AWS_ACCESS_KEY_ID
- name: S3SECRET
valueFrom:
secretKeyRef:
name: loki-s3
key: AWS_ACCESS_KEY_SECRET
apps/openfga.yaml
+47
View File
@@ -0,0 +1,47 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: openfga
namespace: argocd
spec:
goTemplate: true
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostname: openfga.adm.oceanbox.io
autoSync: false
prune: true
- cluster: https://kubernetes.default.svc
env: staging
hostname: openfga.dev.oceanbox.io
autoSync: true
prune: true
template:
metadata:
name: '{{ .env }}-openfga'
spec:
project: aux
destination:
namespace: idp
server: '{{ .cluster }}'
sources:
- repoURL: https://openfga.github.io/helm-charts
targetRevision: 0.2.12
chart: openfga
helm:
valueFiles:
- $values/kustomizations/openfga/values.yaml
- $values/kustomizations/openfga/values-{{ .env }}.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
ref: values
templatePatch: |
{{- if .autoSync }}
spec:
syncPolicy:
automated:
prune: {{ .prune }}
selfHeal: false
{{- end }}
apps/opentelemetry-collector.yaml
+106
View File
@@ -0,0 +1,106 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: opentelemetry-collector
namespace: argocd
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: otel
server: 'https://kubernetes.default.svc'
project: aux
syncPolicy:
# managedNamespaceMetadata:
# labels:
# component: aux
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
automated:
prune: true
selfHeal: true
sources:
- repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts'
targetRevision: 0.107.0
chart: opentelemetry-collector
helm:
values: |
mode: deployment
image:
repository: otel/opentelemetry-collector-k8s
config:
receivers:
prometheus/collector:
config:
scrape_configs:
- job_name: 'opentelemetry-collector'
static_configs:
- targets:
- ${env:MY_POD_IP}:8888
zipkin:
endpoint: ${env:MY_POD_IP}:9411
exporters:
otlp:
endpoint: "tempo.tempo.svc:4317"
tls:
insecure: true
otlphttp/metrics:
endpoint: http://prom-prometheus.prometheus:9090/api/v1/otlp
tls:
insecure: true
otlphttp/logs:
endpoint: http://loki-write-headless.loki:3100/otlp
tls:
insecure: true
debug/metrics:
verbosity: detailed
debug/traces:
verbosity: detailed
debug/logs:
verbosity: detailed
service:
telemetry:
logs:
level: "info"
pipelines:
traces:
receivers: [otlp,zipkin]
processors: [batch]
exporters: [otlp]
# exporters: [otlphttp/traces,debug/traces]
metrics:
receivers: [otlp,prometheus/collector]
processors: [batch]
exporters: [otlphttp/metrics]
# exporters: [otlphttp/metrics,debug/metrics]
logs:
receivers: [otlp]
processors: [batch]
exporters: [otlphttp/logs]
# exporters: [otlphttp/logs,debug/logs]
ports:
metrics:
enabled: true
# presets:
# logsCollection:
# enabled: true
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/ssl-redirect: "true"
atlantis.oceanbox.io/expose: internal
ingressClassName: nginx
hosts:
- host: collector.adm.oceanbox.io
paths:
- path: /
pathType: Prefix
port: 4318
tls:
- secretName: collector-tls
hosts:
- collector.adm.oceanbox.io
apps/osm-tile-server.yaml
+34
View File
@@ -0,0 +1,34 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: osm-tile-server
namespace: argocd
spec:
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostname: osm.srv.oceanbox.io
- cluster: https://staging-vcluster.staging-vcluster
env: staging
hostname: osm.beta.oceanbox.io
template:
metadata:
name: '{{ env }}-osm-tile-server'
spec:
project: aux
destination:
namespace: oceanbox
server: '{{ cluster }}'
source:
repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: HEAD
path: kustomizations/osm-tile-server
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: '{{ env }}'
- name: hostname
string: '{{ hostname }}'
apps/petimeter.yaml
+50
View File
@@ -0,0 +1,50 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: petimeter
namespace: argocd
spec:
goTemplate: true
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostname: petimeter.srv.oceanbox.io
autoSync: false
prune: true
- cluster: https://staging-vcluster.staging-vcluster
env: staging
hostname: petimeter.beta.oceanbox.io
autoSync: true
prune: true
template:
metadata:
name: '{{ .env }}-petimeter'
spec:
project: atlantis
destination:
namespace: atlantis
server: '{{ .cluster }}'
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/petimeter
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: '{{ .env }}'
- name: hostname
string: '{{ .hostname }}'
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/petimeter/manifests
templatePatch: |
{{- if .autoSync }}
spec:
syncPolicy:
automated:
prune: {{ .prune }}
selfHeal: false
{{- end }}
apps/rabbitmq.yaml
+34
View File
@@ -0,0 +1,34 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: rabbitmq
namespace: argocd
spec:
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostname: rabbitmq.srv.oceanbox.io
- cluster: https://kubernetes.default.svc
env: staging
hostname: rabbitmq.beta.oceanbox.io
template:
metadata:
name: '{{ env }}-rabbitmq'
spec:
project: aux
destination:
server: https://kubernetes.default.svc
namespace: rabbitmq
sources:
- repoURL: https://charts.bitnami.com/bitnami
targetRevision: 12.9.0
chart: rabbitmq
helm:
valueFiles:
- $values/kustomizations/rabbitmq/values-{{ env }}.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/rabbitmq/{{ env }}
ref: values
apps/redis.yaml
+39
View File
@@ -0,0 +1,39 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: redis
namespace: argocd
spec:
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
- cluster: https://kubernetes.default.svc
env: staging
template:
metadata:
name: '{{ env }}-redis'
spec:
project: aux
destination:
server: https://kubernetes.default.svc
namespace: redis
sources:
- repoURL: https://charts.bitnami.com/bitnami
targetRevision: 19.5.2
chart: redis
helm:
valueFiles:
- $values/kustomizations/redis/values-{{ env }}.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: HEAD
ref: values
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/redis/{{ env }}
ignoreDifferences:
- group: apps
kind: StatefulSet
jqPathExpressions:
- '.spec.template.spec.containers[].resources.limits.cpu'
apps/seq.yaml
+20
View File
@@ -0,0 +1,20 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: seq
namespace: argocd
spec:
project: aux
destination:
server: https://kubernetes.default.svc
namespace: seq
sources:
- repoURL: https://helm.datalust.co
targetRevision: 2024.1.0
chart: seq
helm:
valueFiles:
- $values/kustomizations/seq/values.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
ref: values
apps/sorcerer.yaml
+47
View File
@@ -0,0 +1,47 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: sorcerer
namespace: argocd
spec:
goTemplate: true
generators:
- list:
elements:
- cluster: https://10.255.241.99:4443
env: prod
hostname: sorcerer.data.oceanbox.io
autoSync: false
prune: true
- cluster: https://10.255.241.99:4443
env: staging
hostname: sorcerer.ekman.oceanbox.io
autoSync: true
prune: true
template:
metadata:
name: '{{ .env }}-sorcerer'
spec:
project: atlantis
destination:
namespace: sorcerer
server: '{{ .cluster }}'
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/sorcerer
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: '{{ .env }}'
- name: hostname
string: '{{ .hostname }}'
templatePatch: |
{{- if .autoSync }}
spec:
syncPolicy:
automated:
prune: {{ .prune }}
selfHeal: false
{{- end }}
apps/tempo.yaml
+75
View File
@@ -0,0 +1,75 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: tempo
namespace: argocd
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: tempo
server: 'https://kubernetes.default.svc'
project: aux
syncPolicy:
# managedNamespaceMetadata:
# labels:
# component: aux
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
automated:
prune: true
selfHeal: true
sources:
- repoURL: 'https://grafana.github.io/helm-charts'
targetRevision: 1.10.3
chart: tempo
helm:
values: |
tempo:
storage:
trace:
backend: s3
s3:
bucket: tempo-traces
endpoint: http://10.255.241.30:30080
access_key: ${S3SECRET}
secret_key: ${S3KEY}
insecure: true
backend: local
local:
path: /var/tempo/traces
wal:
path: /var/tempo/wal
metricsGenerator:
enabled: true
remoteWriteUrl: "http://prom-prometheus.prometheus:9090/api/v1/write"
extraEnv:
- name: S3KEY
valueFrom:
secretKeyRef:
name: tempo-s3
key: AWS_ACCESS_KEY_ID
- name: S3SECRET
valueFrom:
secretKeyRef:
name: tempo-s3
key: AWS_ACCESS_KEY_SECRET
tempoQuery:
ingress:
enabled: true
ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/ssl-redirect: "true"
atlantis.oceanbox.io/expose: internal
path: /
pathType: Prefix
hosts:
- query.tempo.adm.oceanbox.io
tls:
- secretName: tempo-query-tls
hosts:
- query.tempo.adm.oceanbox.io
apps/wordpress.yaml
+20
View File
@@ -0,0 +1,20 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: www-oceanbox
namespace: argocd
spec:
project: default
destination:
server: https://kubernetes.default.svc
namespace: www-oceanbox
sources:
- repoURL: https://charts.bitnami.com/bitnami
targetRevision: 19.2.2
chart: wordpress
helm:
valueFiles:
- $values/wordpress/values.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: HEAD
ref: values
apps/yolo-dl.yaml
+14
View File
@@ -0,0 +1,14 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: yolo-dl
namespace: argocd
spec:
project: aux
destination:
server: https://10.255.241.99:4443
namespace: oceanbox
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: charts/yolo-dl