platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

Merge branch 'main' of gitlab.com:oceanbox/manifests

Browse Source
This commit is contained in:
Jonas Juselius
2025-06-20 08:18:48 +02:00
parent 498c660aae 4bcf199c62
commit 30434ae4ea
14 changed files with 60 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
charts/plume/Chart.yaml
+2 -2
View File
@@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
version: v1.1.2
version: v1.1.6
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application.
appVersion: v1.1.2
appVersion: v1.1.6
charts/plume/templates/deployment.yaml
+11
View File
@@ -52,6 +52,10 @@ spec:
volumeMounts:
- name: data
mountPath: /data
- name: appsettings
mountPath: /app/appsettings.json
subPath: appsettings.json
readOnly: true
{{- if .Values.service.https }}
- name: tls-certificates
mountPath: /app/tls
@@ -65,6 +69,10 @@ spec:
volumeMounts:
- name: data
mountPath: /data
- name: appsettings
mountPath: /app/appsettings.json
subPath: appsettings.json
readOnly: true
{{- end }}
volumes:
- name: data
@@ -74,6 +82,9 @@ spec:
{{- else }}
emptyDir: {}
{{- end }}
- name: appsettings
configMap:
name: {{ template "Plume.fullname" . }}-appsettings
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
charts/plume/values.yaml
+1 -1
View File
@@ -4,7 +4,7 @@
replicaCount: 1
image:
repository: registry.gitlab.com/oceanbox/plume/plume
tag: v1.1.2
tag: v1.1.6
pullPolicy: IfNotPresent
init:
enabled: false
values/plume/kustomize/base/kustomization.yaml
+4
View File
@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- _manifest.yaml
values/plume/kustomize/staging/appsettings.json
+8
View File
@@ -0,0 +1,8 @@
{
"archmaesterUrl": "https://atlantis.src.oceanbox.io",
"appName": "plume",
"appEnv": "staging",
"appNamespace": "staging-plume",
"appVersion": "0.0.0",
"cacheDir": "/data/archives/cache"
}
values/plume/kustomize/staging/kustomization.yaml
+8
View File
@@ -0,0 +1,8 @@
generatorOptions:
disableNameSuffixHash: true
configMapGenerator:
- name: plume-appsettings
files:
- appsettings.json
resources:
- ../base
values/system/ekman/kyverno/sync-keyvault-secret.yaml
+1 -1
View File
@@ -18,7 +18,7 @@ spec:
namespace: sorcerer
kind: Secret
name: azure-keyvault
namespace: '{{request.object.metadata.namespace}}'
namespace: '{{`{{request.object.metadata.namespace}}`}}'
synchronize: true
match:
any:
values/system/ekman/kyverno/sync-oceanbox-regcred.yaml
+1 -1
View File
@@ -25,7 +25,7 @@ spec:
kind: Secret
# name: oceanbox-regcred
name: gitlab-pull-secret
namespace: '{{request.object.metadata.name}}'
namespace: '{{`{{request.object.metadata.name}}`}}'
synchronize: true
exclude:
any:
values/system/ekman/kyverno/sync-sorcerer-secrets.yaml
+4 -4
View File
@@ -10,8 +10,8 @@ spec:
generate:
apiVersion: v1
kind: Secret
name: '{{ request.object.metadata.name }}'
namespace: '{{ request.object.metadata.namespace }}'
name: '{{`{{ request.object.metadata.name }}`}}'
namespace: '{{`{{ request.object.metadata.namespace }}`}}'
synchronize: true
clone:
name: staging-sorcerer-env
@@ -34,8 +34,8 @@ spec:
generate:
apiVersion: v1
kind: Secret
name: '{{ request.object.metadata.name }}'
namespace: '{{ request.object.metadata.namespace }}'
name: '{{`{{ request.object.metadata.name }}`}}'
namespace: '{{`{{ request.object.metadata.namespace }}`}}'
synchronize: true
clone:
name: dapr-api-token
values/system/oceanbox/kyverno/add-openfga-secret.yaml
+3 -3
View File
@@ -22,11 +22,11 @@ spec:
targets:
- apiVersion: v1
kind: Secret
name: "{{ request.object.metadata.name }}"
name: '{{`{{ request.object.metadata.name }}`}}'
patchStrategicMerge:
stringData:
postgres-password: '{{ request.object.data.password | base64_decode(@) }}'
uri: 'postgres://{{ request.object.data.username | base64_decode(@) }}:{{ request.object.data.password | base64_decode(@) }}@{{ request.object.metadata.labels."cnpg.io/cluster" }}-rw/app?sslmode=disable'
postgres-password: '{{`{{ request.object.data.password | base64_decode(@) }}`}}'
uri: '{{`postgres://{{ request.object.data.username | base64_decode(@) }}:{{ request.object.data.password | base64_decode(@) }}@{{ request.object.metadata.labels."cnpg.io/cluster" }}-rw/app?sslmode=disable`}}'
skipBackgroundRequests: true
validationFailureAction: Audit
values/system/oceanbox/kyverno/sync-atlantis-secrets.yaml
+12 -12
View File
@@ -10,8 +10,8 @@ spec:
generate:
apiVersion: v1
kind: Secret
name: '{{ request.object.metadata.name }}'
namespace: '{{ request.object.metadata.namespace }}'
name: '{{`{{ request.object.metadata.name }}`}}'
namespace: '{{`{{ request.object.metadata.namespace }}`}}'
synchronize: true
clone:
name: prod-rabbitmq
@@ -35,8 +35,8 @@ spec:
generate:
apiVersion: v1
kind: Secret
name: '{{ request.object.metadata.name }}'
namespace: '{{ request.object.metadata.namespace }}'
name: '{{`{{ request.object.metadata.name }}`}}'
namespace: '{{`{{ request.object.metadata.namespace }}`}}'
synchronize: true
clone:
name: staging-rabbitmq
@@ -60,8 +60,8 @@ spec:
generate:
apiVersion: v1
kind: Secret
name: '{{ request.object.metadata.name }}'
namespace: '{{ request.object.metadata.namespace }}'
name: '{{`{{ request.object.metadata.name }}`}}'
namespace: '{{`{{ request.object.metadata.namespace }}`}}'
synchronize: true
clone:
name: staging-atlantis-env
@@ -84,8 +84,8 @@ spec:
generate:
apiVersion: v1
kind: Secret
name: '{{ request.object.metadata.name }}'
namespace: '{{ request.object.metadata.namespace }}'
name: '{{`{{ request.object.metadata.name }}`}}'
namespace: '{{`{{ request.object.metadata.namespace }}`}}'
synchronize: true
clone:
name: azure-keyvault
@@ -108,8 +108,8 @@ spec:
generate:
apiVersion: v1
kind: Secret
name: '{{ request.object.metadata.name }}'
namespace: '{{ request.object.metadata.namespace }}'
name: '{{`{{ request.object.metadata.name }}`}}'
namespace: '{{`{{ request.object.metadata.namespace }}`}}'
synchronize: true
clone:
name: dapr-api-token
@@ -133,7 +133,7 @@ spec:
apiVersion: v1
kind: Secret
name: prod-atlantis-db-ca
namespace: '{{ request.object.metadata.namespace }}'
namespace: '{{`{{ request.object.metadata.namespace }}`}}'
synchronize: true
clone:
namespace: prod-atlantis
@@ -152,7 +152,7 @@ spec:
apiVersion: v1
kind: Secret
name: prod-atlantis-db-replication
namespace: '{{ request.object.metadata.namespace }}'
namespace: '{{`{{ request.object.metadata.namespace }}`}}'
synchronize: true
clone:
namespace: prod-atlantis
values/system/oceanbox/kyverno/sync-keyvault-secret.yaml
+1 -1
View File
@@ -18,7 +18,7 @@ spec:
namespace: atlantis
kind: Secret
name: azure-keyvault
namespace: '{{request.object.metadata.name}}'
namespace: '{{`{{request.object.metadata.name}}`}}'
synchronize: true
match:
any:
values/system/oceanbox/kyverno/sync-regcred.yaml
+1 -1
View File
@@ -25,7 +25,7 @@ spec:
kind: Secret
# name: oceanbox-regcred
name: gitlab-pull-secret
namespace: '{{request.object.metadata.name}}'
namespace: '{{`{{request.object.metadata.name}}`}}'
synchronize: true
exclude:
any:
values/system/oceanbox/network/atlantis/atlantis-policies.yaml
+3 -4
View File
@@ -10,17 +10,16 @@ spec:
k8s:io.kubernetes.pod.namespace: dapr-system
- toEndpoints:
- matchLabels:
k8s:io.kubernetes.pod.namespace: {{ .Values.rabbitmq.namespace | default "rabbitmq" }}
k8s:io.kubernetes.pod.namespace: rabbitmq
- toEndpoints:
- matchLabels:
k8s:io.kubernetes.pod.namespace: {{ .Values.tracing.namespace | default "otel" }}
k8s:io.kubernetes.pod.namespace: otel
- toFQDNs:
- matchName: dapr.github.io
- matchName: analytics.loft.rocks
- matchPattern: '*.oceanbox.io'
# - matchName: gitlab.com
# - matchName: api.github.com
- matchPattern: "*.k1.itpartner.no"
- matchPattern: '*.oceanbox.io'
# - matchPattern: '*.gitlab.com'
endpointSelector:
matchLabels: {}