Add codex chart and values

values/codex/env-oceanbox.yaml.gotmpl

@@ -0,0 +1,2 @@
+codex:
+  enabled: true

values/codex/env.yaml.gotmpl

@@ -0,0 +1,4 @@
+codex:
+  enabled: false
+  autosync: false
+  env: {{ .Environment.Name }}

values/codex/kustomize/base/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - _manifest.yaml
+

values/codex/kustomize/staging/appsettings.json

@@ -0,0 +1,66 @@
+{
+    "Logging": {
+        "LogLevel": {
+            "Default": "Information",
+            "Microsoft": "Warning",
+            "Microsoft.Hosting": "Error"
+        }
+    },
+    "Debug": {
+        "LogLevel": {
+            "Default": "Debug"
+        }
+    },
+    "Console": {
+        "IncludeScopes": true,
+        "LogLevel": {
+            "Default": "Debug"
+        }
+    },
+    "OIDC": {
+        "issuer": "https://auth.oceanbox.io/realms/oceanbox",
+        "authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth",
+        "token_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/token",
+        "jwks_uri": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/certs",
+        "userinfo_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/userinfo",
+        "end_session_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/logout",
+        "device_authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth/device",
+        "clientId": "atlantis_dev",
+        "clientSecret": "",
+        "scopes": [
+            "openid",
+            "email",
+            "offline_access",
+            "profile"
+        ],
+        "audiences": [
+            "atlantis_dev"
+        ]
+    },
+    "SSO": {
+        "cookieDomain": ".oceanbox.io",
+        "cookieName": ".obx.staging",
+        "ttl": 12.0,
+        "signedOutRedirectUri": "https://atlantis.dev.oceanbox.io/",
+        "realm": "atlantis",
+        "environment": "staging",
+        "keyStore": {
+            "kind": "azure",
+            "uri": "https://atlantis.blob.core.windows.net",
+            "key": "dataprotection-keys"
+        },
+        "keyVault": {
+            "kind": "azure",
+            "uri": "https://atlantisvault.vault.azure.net",
+            "key": "dataencryption-keys"
+        }
+    },
+    "plainAuthUsers": [
+        {
+            "username": "admin",
+            "password": "en-to-tre-fire",
+            "groups": [ "/oceanbox" ],
+            "roles": [ "admin" ]
+        }
+    ]
+}

values/codex/kustomize/staging/deployment_patch.yaml

@@ -0,0 +1,5 @@
+- op: add
+  path: /spec/template/spec/containers/0/envFrom/-
+  value:
+    secretRef:
+      name: azure-keyvault

values/codex/kustomize/staging/env.patch.yaml

@@ -0,0 +1,82 @@
+# env.patch.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: staging-codex
+  labels:
+    app.kubernetes.io/name: codex
+    app.kubernetes.io/instance: staging-codex
+spec:
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: codex
+        app.kubernetes.io/instance: staging-codex
+    spec:
+      containers:
+        - name: codex
+          env:
+          - name: APP_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+          - name: APP_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+          - name: APP_NAMESPACE
+            value: prod-atlantis
+          - name: DOTNET_ENVIRONMENT
+            value: Development
+          - name: ASPNETCORE_ENVIRONMENT
+            value: Development
+          - name: DB_HOST
+            valueFrom:
+              secretKeyRef:
+                name: staging-atlantis-db-app
+                key: host
+          - name: DB_PORT
+            valueFrom:
+              secretKeyRef:
+                name: staging-atlantis-db-app
+                key: port
+          - name: DB_DATABASE
+            valueFrom:
+              secretKeyRef:
+                name: staging-atlantis-db-app
+                key: dbname
+          - name: DB_USER
+            valueFrom:
+              secretKeyRef:
+                name: staging-atlantis-db-app
+                key: user
+          - name: DB_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: staging-atlantis-db-app
+                key: password
+          - name: FGA_DB_HOST
+            valueFrom:
+              secretKeyRef:
+                name: staging-openfga-db-app
+                key: host
+          - name: FGA_DB_PORT
+            valueFrom:
+              secretKeyRef:
+                name: staging-openfga-db-app
+                key: port
+          - name: FGA_DB_DATABASE
+            valueFrom:
+              secretKeyRef:
+                name: staging-openfga-db-app
+                key: dbname
+          - name: FGA_DB_USER
+            valueFrom:
+              secretKeyRef:
+                name: staging-openfga-db-app
+                key: user
+          - name: FGA_DB_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: staging-openfga-db-app
+                key: password

values/codex/kustomize/staging/kustomization.yaml

@@ -0,0 +1,16 @@
+generatorOptions:
+  disableNameSuffixHash: true
+configMapGenerator:
+- name: staging-codex-appsettings
+  files:
+    - appsettings.json
+patches:
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+    path: deployment_patch.yaml
+  - path: env.patch.yaml
+    target:
+      labelSelector: "app.kubernetes.io/name=codex"
+

values/codex/manifests/codex.yaml

@@ -0,0 +1,40 @@
+{{ if .Values.clusterConfig.argo.enabled }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: {{ .Values.codex.env }}-codex
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+    argocd.argoproj.io/compare-options: ServerSideDiff=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: {{ .Values.codex.env }}-atlantis
+    server: https://kubernetes.default.svc
+  project: default
+  sources:
+  - repoURL: {{ .Values.clusterConfig.manifests }}
+    targetRevision: HEAD
+    path: helmfile.d
+    plugin:
+      name: helmfile-cmp
+      env:
+      - name: CLUSTER_NAME
+        value: {{ .Values.clusterConfig.cluster }}
+      - name: HELMFILE_ENVIRONMENT
+        value: {{ .Values.codex.env }}
+      - name: HELMFILE_FILE_PATH
+        value: codex.yaml.gotmpl
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+    {{- if .Values.codex.autosync }}
+    automated:
+      prune: true
+      selfHeal: false
+    {{- end }}
+{{- end }}
+

values/codex/values/values-staging.yaml

@@ -0,0 +1,33 @@
+replicaCount: 1
+
+image:
+  tag: 028945bf-debug
+
+ingress:
+  enabled: true
+  className: "nginx"
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    nginx.ingress.kubernetes.io/backend-protocol: HTTP
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    oceanbox.io/expose: internal
+  hosts:
+    - host: codex.dev.oceanbox.io
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+    - hosts:
+        - codex.dev.oceanbox.io
+      secretName: staging-codex-tls
+
+volumes:
+  - name: appsettings
+    configMap:
+      name: staging-codex-appsettings
+
+volumeMounts:
+  - name: appsettings
+    mountPath: "/app/appsettings.Development.json"
+    readOnly: true
+    subPath: appsettings.json