platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

fix: fix volumes and secrets for atlantis

Browse Source
This commit is contained in:
Jonas Juselius
2024-10-04 14:28:09 +02:00
parent 1eb0e6c630
commit 2e00aceed1
4 changed files with 76 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
charts/atlantis/templates/cluster.yaml
+11 -10
View File
@@ -8,7 +8,8 @@ metadata:
labels:
{{- include "Atlantis.labels" . | nindent 4 }}
spec:
instances: {{ .Values.cluster.instances | default "2" }}
instances: {{ .Values.cluster.instances | default "1" }}
imageName: ghcr.io/cloudnative-pg/postgis:15-3.3
# Example of rolling update strategy:
# - unsupervised: automated update of the primary once all
# replicas have been upgraded (default)
@@ -19,16 +20,8 @@ spec:
retentionPolicy: {{ .Values.cluster.backupRetention | default "60d" }}
storage:
size: {{ .Values.cluster.size | default "5Gi" }}
imageName: ghcr.io/cloudnative-pg/postgis:15-3.3
bootstrap:
initdb:
postInitTemplateSQL:
- CREATE EXTENSION postgis;
- CREATE EXTENSION postgis_topology;
- CREATE EXTENSION fuzzystrmatch;
- CREATE EXTENSION postgis_tiger_geocoder;
- ALTER USER app WITH SUPERUSER;
{{- with .Values.cluster.bootstrap }}
bootstrap:
{{- if .enabled }}
pg_basebackup:
source: archmaester
@@ -47,6 +40,14 @@ spec:
sslRootCert:
name: {{ .source.db }}-ca
key: ca.crt
{{- else }}
initdb:
postInitTemplateSQL:
- CREATE EXTENSION postgis;
- CREATE EXTENSION postgis_topology;
- CREATE EXTENSION fuzzystrmatch;
- CREATE EXTENSION postgis_tiger_geocoder;
- ALTER USER app WITH SUPERUSER;
{{- end }}
{{- end }}
{{- end }}
charts/atlantis/templates/secrets.yaml
+22
View File
@@ -29,4 +29,26 @@ type: kubernetes.io/basic-auth
data:
username:
password:
{{- else }}
apiVersion: v1
kind: Secret
metadata:
annotations:
kyverno/clone: "true"
name: {{ .Values.cluster.bootstrap.source.db }}-replication
type: kubernetes.io/tls
data:
tls.crt: ""
tls.key: ""
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
annotations:
kyverno/clone: "true"
name: {{ .Values.cluster.bootstrap.source.db }}-ca
data:
ca.crt: ""
ca.key: ""
{{- end }}
charts/atlantis/values.yaml
+3 -3
View File
@@ -59,7 +59,7 @@ persistence:
storageClass: ""
accessMode: ReadWriteOnce
cluster:
enabled: false
enabled: true
instances: 1
backupEnabled: true
backupRetention: 60d
@@ -70,13 +70,13 @@ cluster:
db: prod-archmeister
namespace: atlantis
redis:
enabled: false
enabled: true
name: redis-stack
redis_stack_server:
image: "redis/redis-stack-server"
tag: "7.4.0-v1"
replicas: 1
storage_class: ceph-rdb
storage_class: ceph-rbd
storage: 1Gi
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
resources/atlantis/host-manifests/sync-atlantis-secrets.yaml
+40 -2
View File
@@ -52,8 +52,8 @@ spec:
namespace: '{{ request.object.metadata.namespace }}'
synchronize: true
clone:
name: staging-archmeister-superuser
namespace: staging-vcluster
name: prod-archmeister-superuser
namespace: atlantis
match:
any:
- resources:
@@ -63,6 +63,44 @@ spec:
- "*-db-superuser"
annotations:
kyverno/clone: "true"
- name: sync-archmaester-replication-secret
generate:
apiVersion: v1
kind: Secret
name: '{{ request.object.metadata.name }}'
namespace: '{{ request.object.metadata.namespace }}'
synchronize: true
clone:
name: prod-archmeister-replication
namespace: atlantis
match:
any:
- resources:
kinds:
- Secret
names:
- prod-archmeister-replication
annotations:
kyverno/clone: "true"
- name: sync-archmaester-ca
generate:
apiVersion: v1
kind: Secret
name: '{{ request.object.metadata.name }}'
namespace: '{{ request.object.metadata.namespace }}'
synchronize: true
clone:
name: prod-archmeister-ca
namespace: atlantis
match:
any:
- resources:
kinds:
- Secret
names:
- prod-archmeister-ca
annotations:
kyverno/clone: "true"
# exclude:
# any:
# - resources: