diff --git a/charts/atlantis/Chart.lock b/charts/atlantis/Chart.lock new file mode 100644 index 00000000..f59631fa --- /dev/null +++ b/charts/atlantis/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: redis-stack-server + repository: https://redis-stack.github.io/helm-redis-stack/ + version: 0.4.14 +digest: sha256:ed6bf447567c0d92030bffebc947801c67cb4e9b4dd95680c35a0b5f6b23d71f +generated: "2024-10-04T11:54:47.575418518+02:00" diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml index e9e36d76..665076d1 100644 --- a/charts/atlantis/Chart.yaml +++ b/charts/atlantis/Chart.yaml @@ -1,18 +1,12 @@ apiVersion: v2 name: atlantis description: Atlantis map and simulation service -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. version: v2.87.1 -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. appVersion: v2.87.1 +dependencies: + - name: redis-stack-server + version: 0.4.14 + repository: https://redis-stack.github.io/helm-redis-stack/ + condition: redis.enabled + alias: redis diff --git a/charts/atlantis/charts/redis-stack-server-0.4.14.tgz b/charts/atlantis/charts/redis-stack-server-0.4.14.tgz new file mode 100644 index 00000000..4a9981fd Binary files /dev/null and b/charts/atlantis/charts/redis-stack-server-0.4.14.tgz differ diff --git a/charts/atlantis/templates/cluster.yaml b/charts/atlantis/templates/cluster.yaml index 957837c0..54b2409a 100644 --- a/charts/atlantis/templates/cluster.yaml +++ b/charts/atlantis/templates/cluster.yaml @@ -2,14 +2,13 @@ apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: - name: {{ include "Atlantis.fullname" . }} + name: {{ include "Atlantis.fullname" . }}-db annotations: linkerd.io/inject: disabled labels: {{- include "Atlantis.labels" . | nindent 4 }} spec: instances: {{ .Values.cluster.instances | default "2" }} - # Example of rolling update strategy: # - unsupervised: automated update of the primary once all # replicas have been upgraded (default) @@ -18,9 +17,36 @@ spec: primaryUpdateStrategy: unsupervised backup: retentionPolicy: {{ .Values.cluster.backupRetention | default "60d" }} - storage: size: {{ .Values.cluster.size | default "5Gi" }} + imageName: ghcr.io/cloudnative-pg/postgis:15-3.3 + bootstrap: + initdb: + postInitTemplateSQL: + - CREATE EXTENSION postgis; + - CREATE EXTENSION postgis_topology; + - CREATE EXTENSION fuzzystrmatch; + - CREATE EXTENSION postgis_tiger_geocoder; + - ALTER USER app WITH SUPERUSER; +{{- with .Values.cluster.bootstrap }} +{{- if .enabled }} + pg_basebackup: + source: archmaester + externalClusters: + - name: archmaester + connectionParameters: + host: {{ .source.db }}-rw.{{ .source.namespace }} + user: streaming_replica + sslmode: verify-full + sslKey: + name: {{ .source.db }}-replication + key: tls.key + sslCert: + name: {{ .source.db }}-replication + key: tls.crt + sslRootCert: + name: {{ .source.db }}-ca + key: ca.crt +{{- end }} +{{- end }} {{- end }} - - diff --git a/charts/atlantis/templates/secrets.yaml b/charts/atlantis/templates/secrets.yaml new file mode 100644 index 00000000..abfb2ce1 --- /dev/null +++ b/charts/atlantis/templates/secrets.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: Secret +metadata: + annotations: + kyverno/clone: "true" + name: {{ .Release.Name }}-rabbitmq +type: Opaque +data: +--- +{{- if not .Values.redis.enabled }} +apiVersion: v1 +kind: Secret +metadata: + annotations: + kyverno/clone: "true" + name: {{ .Release.Name }}-redis +type: Opaque +data: +{{- end }} +--- +{{- if not .Values.cluster.enabled }} +apiVersion: v1 +kind: Secret +metadata: + annotations: + kyverno/clone: "true" + name: {{ include "Atlantis.fullname" . }}-db-superuser +type: kubernetes.io/basic-auth +data: + username: + password: +{{- end }} diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml index 6c247583..ac4e575f 100644 --- a/charts/atlantis/values.yaml +++ b/charts/atlantis/values.yaml @@ -39,7 +39,7 @@ service: type: ClusterIP port: 8085 ingress: - enabled: true + enabled: false className: "nginx" annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" @@ -60,10 +60,24 @@ persistence: accessMode: ReadWriteOnce cluster: enabled: false - instances: 2 + instances: 1 backupEnabled: true backupRetention: 60d size: 5Gi + bootstrap: + enabled: true + source: + db: prod-archmeister + namespace: atlantis +redis: + enabled: false + name: redis-stack + redis_stack_server: + image: "redis/redis-stack-server" + tag: "7.4.0-v1" + replicas: 1 + storage_class: ceph-rdb + storage: 1Gi resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/resources/atlantis/host-manifests/sync-atlantis-secrets.yaml b/resources/atlantis/host-manifests/sync-atlantis-secrets.yaml index 54c3217c..05620381 100644 --- a/resources/atlantis/host-manifests/sync-atlantis-secrets.yaml +++ b/resources/atlantis/host-manifests/sync-atlantis-secrets.yaml @@ -60,7 +60,7 @@ spec: kinds: - Secret names: - - "*-db-app" + - "*-db-superuser" annotations: kyverno/clone: "true" # exclude: