From 1eb0e6c6304e30e2fe5cde65df5eb23e7a2c0d49 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Fri, 4 Oct 2024 13:43:41 +0200 Subject: [PATCH] fix: tweak atlantis chart for SPMSA monolith. --- charts/atlantis/Chart.lock | 6 +++ charts/atlantis/Chart.yaml | 18 +++------ .../charts/redis-stack-server-0.4.14.tgz | Bin 0 -> 1367 bytes charts/atlantis/templates/cluster.yaml | 36 +++++++++++++++--- charts/atlantis/templates/secrets.yaml | 32 ++++++++++++++++ charts/atlantis/values.yaml | 18 ++++++++- .../host-manifests/sync-atlantis-secrets.yaml | 2 +- 7 files changed, 92 insertions(+), 20 deletions(-) create mode 100644 charts/atlantis/Chart.lock create mode 100644 charts/atlantis/charts/redis-stack-server-0.4.14.tgz create mode 100644 charts/atlantis/templates/secrets.yaml diff --git a/charts/atlantis/Chart.lock b/charts/atlantis/Chart.lock new file mode 100644 index 00000000..f59631fa --- /dev/null +++ b/charts/atlantis/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: redis-stack-server + repository: https://redis-stack.github.io/helm-redis-stack/ + version: 0.4.14 +digest: sha256:ed6bf447567c0d92030bffebc947801c67cb4e9b4dd95680c35a0b5f6b23d71f +generated: "2024-10-04T11:54:47.575418518+02:00" diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml index e9e36d76..665076d1 100644 --- a/charts/atlantis/Chart.yaml +++ b/charts/atlantis/Chart.yaml @@ -1,18 +1,12 @@ apiVersion: v2 name: atlantis description: Atlantis map and simulation service -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. type: application -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. version: v2.87.1 -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. appVersion: v2.87.1 +dependencies: + - name: redis-stack-server + version: 0.4.14 + repository: https://redis-stack.github.io/helm-redis-stack/ + condition: redis.enabled + alias: redis diff --git a/charts/atlantis/charts/redis-stack-server-0.4.14.tgz b/charts/atlantis/charts/redis-stack-server-0.4.14.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4a9981fd4e5f212fac8f10f6eaef93d74c3dba65 GIT binary patch literal 1367 zcmV-d1*rNTiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI*_Z`(Ey&$B+oL0EydgJj8e>`uTQf^6u9wQ0}{ErwwTXz3Ia zr6`r8+!~I*`@lbv=)cRW&HMr9xsN#6w$#SBI7d`g50=cHgK z4?|HDMWf-+{64o%_I;%ryc;wbIPfjC$Lx^3&w-dj{H|xRE#K;z3VBm3WW?+ z^*N>Bp8OvS2b=jn9>o1){(lKtEP7A9Uq4oaXP~ACx*kB8n{RW>hu+iPa_KD=0c4m{ zjxPCa%!HcXhhW7)YNjBxJ>-QJ7QV6PiROGYLm_B}a0^P*JcZG~eA42o&U5+^{J;k% z3wfqLJ%jLEAW;aU)sWYW&Eb7b7|khWy1g*iL+>qG*@j!Rf3vQ36Cdp7;IS6D(q;p$Zaz!YYu0Jwk zRKW+z7)%gqsc}jm2E0SN*SVT+-N7_({n<>mK6Na2&L84)CR;f_82ri4hi~c%W9tbk zBz$e%WY;!0*9JckTqP)1Irxuc@JRX_vaHg>Lu~iwTHtkdRA-87VD)aAU3DR1xfq!s zyJu$&=W1Iw&FOmDe!H$5Zq4~gQUw1;AN*_o(^IJ|ijrHDaz9GTV_{B_6``E=4DtjP z3!pq@b++5E(5l|eBavaMO7X&p4?B_L%sp%GA$pEfRrs#W*pQaJ_6D(7>{xOO@9R?G zhWXo43c|?^X2E1`1vOE0gJ zT>bM3R3syc=$oG{Qob%TowFa7OW#e(itMUGW?1JExQeNTf$rDtkfxif#9bN%JX{dRung(k&(U(#4_;gWbcv%Xiua&MO-v=WI0^DHH|e=H2hP zASqs=pk;Q2X~{F0KpZ(f*D|7LwFLWP&XRkO*l(#}g5@&V&!)&t6G5%$%bKyvlF@XY zz#02M=CYk{1GItLnsE7v@oK3PwU%Zjs|$Ro&%TZ{mOX1XM5nm|wQo7b#9XM`4i zHWl5b)8^)`$?NVNNmG>aWtpK&;BW9>Bgx(hs_+$0(T9H=n|rA_XGF@2rkB}c`r4b% z$_D~vS&I}qwhDY-qwHGWc^5iJ32e6{JD8itr4^X=xk-1is{D%->>vTRKzW8-!L#qK Zl{nIoj`WSuzX1RM|Nm@inXCXF000Zikk$YI literal 0 HcmV?d00001 diff --git a/charts/atlantis/templates/cluster.yaml b/charts/atlantis/templates/cluster.yaml index 957837c0..54b2409a 100644 --- a/charts/atlantis/templates/cluster.yaml +++ b/charts/atlantis/templates/cluster.yaml @@ -2,14 +2,13 @@ apiVersion: postgresql.cnpg.io/v1 kind: Cluster metadata: - name: {{ include "Atlantis.fullname" . }} + name: {{ include "Atlantis.fullname" . }}-db annotations: linkerd.io/inject: disabled labels: {{- include "Atlantis.labels" . | nindent 4 }} spec: instances: {{ .Values.cluster.instances | default "2" }} - # Example of rolling update strategy: # - unsupervised: automated update of the primary once all # replicas have been upgraded (default) @@ -18,9 +17,36 @@ spec: primaryUpdateStrategy: unsupervised backup: retentionPolicy: {{ .Values.cluster.backupRetention | default "60d" }} - storage: size: {{ .Values.cluster.size | default "5Gi" }} + imageName: ghcr.io/cloudnative-pg/postgis:15-3.3 + bootstrap: + initdb: + postInitTemplateSQL: + - CREATE EXTENSION postgis; + - CREATE EXTENSION postgis_topology; + - CREATE EXTENSION fuzzystrmatch; + - CREATE EXTENSION postgis_tiger_geocoder; + - ALTER USER app WITH SUPERUSER; +{{- with .Values.cluster.bootstrap }} +{{- if .enabled }} + pg_basebackup: + source: archmaester + externalClusters: + - name: archmaester + connectionParameters: + host: {{ .source.db }}-rw.{{ .source.namespace }} + user: streaming_replica + sslmode: verify-full + sslKey: + name: {{ .source.db }}-replication + key: tls.key + sslCert: + name: {{ .source.db }}-replication + key: tls.crt + sslRootCert: + name: {{ .source.db }}-ca + key: ca.crt +{{- end }} +{{- end }} {{- end }} - - diff --git a/charts/atlantis/templates/secrets.yaml b/charts/atlantis/templates/secrets.yaml new file mode 100644 index 00000000..abfb2ce1 --- /dev/null +++ b/charts/atlantis/templates/secrets.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: Secret +metadata: + annotations: + kyverno/clone: "true" + name: {{ .Release.Name }}-rabbitmq +type: Opaque +data: +--- +{{- if not .Values.redis.enabled }} +apiVersion: v1 +kind: Secret +metadata: + annotations: + kyverno/clone: "true" + name: {{ .Release.Name }}-redis +type: Opaque +data: +{{- end }} +--- +{{- if not .Values.cluster.enabled }} +apiVersion: v1 +kind: Secret +metadata: + annotations: + kyverno/clone: "true" + name: {{ include "Atlantis.fullname" . }}-db-superuser +type: kubernetes.io/basic-auth +data: + username: + password: +{{- end }} diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml index 6c247583..ac4e575f 100644 --- a/charts/atlantis/values.yaml +++ b/charts/atlantis/values.yaml @@ -39,7 +39,7 @@ service: type: ClusterIP port: 8085 ingress: - enabled: true + enabled: false className: "nginx" annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" @@ -60,10 +60,24 @@ persistence: accessMode: ReadWriteOnce cluster: enabled: false - instances: 2 + instances: 1 backupEnabled: true backupRetention: 60d size: 5Gi + bootstrap: + enabled: true + source: + db: prod-archmeister + namespace: atlantis +redis: + enabled: false + name: redis-stack + redis_stack_server: + image: "redis/redis-stack-server" + tag: "7.4.0-v1" + replicas: 1 + storage_class: ceph-rdb + storage: 1Gi resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/resources/atlantis/host-manifests/sync-atlantis-secrets.yaml b/resources/atlantis/host-manifests/sync-atlantis-secrets.yaml index 54c3217c..05620381 100644 --- a/resources/atlantis/host-manifests/sync-atlantis-secrets.yaml +++ b/resources/atlantis/host-manifests/sync-atlantis-secrets.yaml @@ -60,7 +60,7 @@ spec: kinds: - Secret names: - - "*-db-app" + - "*-db-superuser" annotations: kyverno/clone: "true" # exclude: