From bb0c04218252131a015995d5c1a40d945ddecd5c Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 19 Jun 2025 14:59:25 +0000 Subject: [PATCH 1/8] ci: plume --- charts/plume/Chart.yaml | 4 ++-- charts/plume/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/plume/Chart.yaml b/charts/plume/Chart.yaml index 2d2bad75..f93ae034 100644 --- a/charts/plume/Chart.yaml +++ b/charts/plume/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.1.2 +version: v1.1.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.1.2 +appVersion: v1.1.3 diff --git a/charts/plume/values.yaml b/charts/plume/values.yaml index 54976b9b..0bbbc519 100644 --- a/charts/plume/values.yaml +++ b/charts/plume/values.yaml @@ -4,7 +4,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/plume/plume - tag: v1.1.2 + tag: v1.1.3 pullPolicy: IfNotPresent init: enabled: false From e15688867973161619b86afa78dc725a5915f921 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 19 Jun 2025 18:23:58 +0200 Subject: [PATCH 2/8] fix: fix kyverno object exapnsion esacpes --- .../ekman/kyverno/sync-keyvault-secret.yaml | 2 +- .../ekman/kyverno/sync-oceanbox-regcred.yaml | 2 +- .../ekman/kyverno/sync-sorcerer-secrets.yaml | 8 +++---- .../oceanbox/kyverno/add-openfga-secret.yaml | 6 ++--- .../kyverno/sync-atlantis-secrets.yaml | 24 +++++++++---------- .../kyverno/sync-keyvault-secret.yaml | 2 +- .../system/oceanbox/kyverno/sync-regcred.yaml | 2 +- .../network/atlantis/atlantis-policies.yaml | 7 +++--- 8 files changed, 26 insertions(+), 27 deletions(-) diff --git a/values/system/ekman/kyverno/sync-keyvault-secret.yaml b/values/system/ekman/kyverno/sync-keyvault-secret.yaml index 31968227..54ce8f69 100644 --- a/values/system/ekman/kyverno/sync-keyvault-secret.yaml +++ b/values/system/ekman/kyverno/sync-keyvault-secret.yaml @@ -18,7 +18,7 @@ spec: namespace: sorcerer kind: Secret name: azure-keyvault - namespace: '{{request.object.metadata.namespace}}' + namespace: '{{`{{request.object.metadata.namespace}}`}}' synchronize: true match: any: diff --git a/values/system/ekman/kyverno/sync-oceanbox-regcred.yaml b/values/system/ekman/kyverno/sync-oceanbox-regcred.yaml index 26a3514a..83469b27 100644 --- a/values/system/ekman/kyverno/sync-oceanbox-regcred.yaml +++ b/values/system/ekman/kyverno/sync-oceanbox-regcred.yaml @@ -25,7 +25,7 @@ spec: kind: Secret # name: oceanbox-regcred name: gitlab-pull-secret - namespace: '{{request.object.metadata.name}}' + namespace: '{{`{{request.object.metadata.name}}`}}' synchronize: true exclude: any: diff --git a/values/system/ekman/kyverno/sync-sorcerer-secrets.yaml b/values/system/ekman/kyverno/sync-sorcerer-secrets.yaml index 9479b8d9..c0831635 100644 --- a/values/system/ekman/kyverno/sync-sorcerer-secrets.yaml +++ b/values/system/ekman/kyverno/sync-sorcerer-secrets.yaml @@ -10,8 +10,8 @@ spec: generate: apiVersion: v1 kind: Secret - name: '{{ request.object.metadata.name }}' - namespace: '{{ request.object.metadata.namespace }}' + name: '{{`{{ request.object.metadata.name }}`}}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: name: staging-sorcerer-env @@ -34,8 +34,8 @@ spec: generate: apiVersion: v1 kind: Secret - name: '{{ request.object.metadata.name }}' - namespace: '{{ request.object.metadata.namespace }}' + name: '{{`{{ request.object.metadata.name }}`}}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: name: dapr-api-token diff --git a/values/system/oceanbox/kyverno/add-openfga-secret.yaml b/values/system/oceanbox/kyverno/add-openfga-secret.yaml index 14965eec..5a3b9ab3 100644 --- a/values/system/oceanbox/kyverno/add-openfga-secret.yaml +++ b/values/system/oceanbox/kyverno/add-openfga-secret.yaml @@ -22,11 +22,11 @@ spec: targets: - apiVersion: v1 kind: Secret - name: "{{ request.object.metadata.name }}" + name: '{{`{{ request.object.metadata.name }}`}}' patchStrategicMerge: stringData: - postgres-password: '{{ request.object.data.password | base64_decode(@) }}' - uri: 'postgres://{{ request.object.data.username | base64_decode(@) }}:{{ request.object.data.password | base64_decode(@) }}@{{ request.object.metadata.labels."cnpg.io/cluster" }}-rw/app?sslmode=disable' + postgres-password: '{{`{{ request.object.data.password | base64_decode(@) }}`}}' + uri: '{{`postgres://{{ request.object.data.username | base64_decode(@) }}:{{ request.object.data.password | base64_decode(@) }}@{{ request.object.metadata.labels."cnpg.io/cluster" }}-rw/app?sslmode=disable`}}' skipBackgroundRequests: true validationFailureAction: Audit diff --git a/values/system/oceanbox/kyverno/sync-atlantis-secrets.yaml b/values/system/oceanbox/kyverno/sync-atlantis-secrets.yaml index 02cc15f6..01097996 100644 --- a/values/system/oceanbox/kyverno/sync-atlantis-secrets.yaml +++ b/values/system/oceanbox/kyverno/sync-atlantis-secrets.yaml @@ -10,8 +10,8 @@ spec: generate: apiVersion: v1 kind: Secret - name: '{{ request.object.metadata.name }}' - namespace: '{{ request.object.metadata.namespace }}' + name: '{{`{{ request.object.metadata.name }}`}}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: name: prod-rabbitmq @@ -35,8 +35,8 @@ spec: generate: apiVersion: v1 kind: Secret - name: '{{ request.object.metadata.name }}' - namespace: '{{ request.object.metadata.namespace }}' + name: '{{`{{ request.object.metadata.name }}`}}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: name: staging-rabbitmq @@ -60,8 +60,8 @@ spec: generate: apiVersion: v1 kind: Secret - name: '{{ request.object.metadata.name }}' - namespace: '{{ request.object.metadata.namespace }}' + name: '{{`{{ request.object.metadata.name }}`}}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: name: staging-atlantis-env @@ -84,8 +84,8 @@ spec: generate: apiVersion: v1 kind: Secret - name: '{{ request.object.metadata.name }}' - namespace: '{{ request.object.metadata.namespace }}' + name: '{{`{{ request.object.metadata.name }}`}}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: name: azure-keyvault @@ -108,8 +108,8 @@ spec: generate: apiVersion: v1 kind: Secret - name: '{{ request.object.metadata.name }}' - namespace: '{{ request.object.metadata.namespace }}' + name: '{{`{{ request.object.metadata.name }}`}}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: name: dapr-api-token @@ -133,7 +133,7 @@ spec: apiVersion: v1 kind: Secret name: prod-atlantis-db-ca - namespace: '{{ request.object.metadata.namespace }}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: namespace: prod-atlantis @@ -152,7 +152,7 @@ spec: apiVersion: v1 kind: Secret name: prod-atlantis-db-replication - namespace: '{{ request.object.metadata.namespace }}' + namespace: '{{`{{ request.object.metadata.namespace }}`}}' synchronize: true clone: namespace: prod-atlantis diff --git a/values/system/oceanbox/kyverno/sync-keyvault-secret.yaml b/values/system/oceanbox/kyverno/sync-keyvault-secret.yaml index eb6ec222..ec2c584e 100644 --- a/values/system/oceanbox/kyverno/sync-keyvault-secret.yaml +++ b/values/system/oceanbox/kyverno/sync-keyvault-secret.yaml @@ -18,7 +18,7 @@ spec: namespace: atlantis kind: Secret name: azure-keyvault - namespace: '{{request.object.metadata.name}}' + namespace: '{{`{{request.object.metadata.name}}`}}' synchronize: true match: any: diff --git a/values/system/oceanbox/kyverno/sync-regcred.yaml b/values/system/oceanbox/kyverno/sync-regcred.yaml index 87790582..bd69c3ca 100644 --- a/values/system/oceanbox/kyverno/sync-regcred.yaml +++ b/values/system/oceanbox/kyverno/sync-regcred.yaml @@ -25,7 +25,7 @@ spec: kind: Secret # name: oceanbox-regcred name: gitlab-pull-secret - namespace: '{{request.object.metadata.name}}' + namespace: '{{`{{request.object.metadata.name}}`}}' synchronize: true exclude: any: diff --git a/values/system/oceanbox/network/atlantis/atlantis-policies.yaml b/values/system/oceanbox/network/atlantis/atlantis-policies.yaml index fe53f6e0..09b6771d 100644 --- a/values/system/oceanbox/network/atlantis/atlantis-policies.yaml +++ b/values/system/oceanbox/network/atlantis/atlantis-policies.yaml @@ -10,17 +10,16 @@ spec: k8s:io.kubernetes.pod.namespace: dapr-system - toEndpoints: - matchLabels: - k8s:io.kubernetes.pod.namespace: {{ .Values.rabbitmq.namespace | default "rabbitmq" }} + k8s:io.kubernetes.pod.namespace: rabbitmq - toEndpoints: - matchLabels: - k8s:io.kubernetes.pod.namespace: {{ .Values.tracing.namespace | default "otel" }} + k8s:io.kubernetes.pod.namespace: otel - toFQDNs: - matchName: dapr.github.io - matchName: analytics.loft.rocks + - matchPattern: '*.oceanbox.io' # - matchName: gitlab.com # - matchName: api.github.com - - matchPattern: "*.k1.itpartner.no" - - matchPattern: '*.oceanbox.io' # - matchPattern: '*.gitlab.com' endpointSelector: matchLabels: {} From 7b3b74c1f7386e5ce0b6c32766882f71ad0ca719 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Thu, 19 Jun 2025 22:59:53 +0200 Subject: [PATCH 3/8] fix(plume): Add appsettings --- charts/plume/templates/deployment.yaml | 11 +++++++++++ values/plume/manifests/appsettings.json | 8 ++++++++ 2 files changed, 19 insertions(+) create mode 100644 values/plume/manifests/appsettings.json diff --git a/charts/plume/templates/deployment.yaml b/charts/plume/templates/deployment.yaml index b15e94ec..7fc7c2b0 100644 --- a/charts/plume/templates/deployment.yaml +++ b/charts/plume/templates/deployment.yaml @@ -52,6 +52,10 @@ spec: volumeMounts: - name: data mountPath: /data + - name: appsettings + mountPath: /app/appsettings.json + subPath: appsettings.json + readOnly: true {{- if .Values.service.https }} - name: tls-certificates mountPath: /app/tls @@ -65,6 +69,10 @@ spec: volumeMounts: - name: data mountPath: /data + - name: appsettings + mountPath: /app/appsettings.json + subPath: appsettings.json + readOnly: true {{- end }} volumes: - name: data @@ -74,6 +82,9 @@ spec: {{- else }} emptyDir: {} {{- end }} + - name: appsettings + configMap: + name: {{ template "Plume.fullname" . }}-appsettings {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/values/plume/manifests/appsettings.json b/values/plume/manifests/appsettings.json new file mode 100644 index 00000000..acbccff0 --- /dev/null +++ b/values/plume/manifests/appsettings.json @@ -0,0 +1,8 @@ +{ + "archmaesterUrl": "https://atlantis.src.oceanbox.io", + "appName": "plume", + "appEnv": "staging", + "appNamespace": "staging-plume", + "appVersion": "0.0.0", + "cacheDir": "/data/archives/cache" +} From 482585ea1c8c23b1688639a48678e83fd031e539 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Thu, 19 Jun 2025 23:09:45 +0200 Subject: [PATCH 4/8] fix(plume): Appsettings via kustomize --- values/plume/kustomize/base/kustomization.yaml | 4 ++++ .../{manifests => kustomize/staging}/appsettings.json | 0 values/plume/kustomize/staging/kustomization.yaml | 8 ++++++++ 3 files changed, 12 insertions(+) create mode 100644 values/plume/kustomize/base/kustomization.yaml rename values/plume/{manifests => kustomize/staging}/appsettings.json (100%) create mode 100644 values/plume/kustomize/staging/kustomization.yaml diff --git a/values/plume/kustomize/base/kustomization.yaml b/values/plume/kustomize/base/kustomization.yaml new file mode 100644 index 00000000..57f354b1 --- /dev/null +++ b/values/plume/kustomize/base/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - _manifest.yaml diff --git a/values/plume/manifests/appsettings.json b/values/plume/kustomize/staging/appsettings.json similarity index 100% rename from values/plume/manifests/appsettings.json rename to values/plume/kustomize/staging/appsettings.json diff --git a/values/plume/kustomize/staging/kustomization.yaml b/values/plume/kustomize/staging/kustomization.yaml new file mode 100644 index 00000000..6c79056d --- /dev/null +++ b/values/plume/kustomize/staging/kustomization.yaml @@ -0,0 +1,8 @@ +generatorOptions: + disableNameSuffixHash: true +configMapGenerator: +- name: staging-plume-appsettings + files: + - appsettings.json +resources: + - ../base From 16da3170006e579a9b9392ebddc4dbac058e19e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Thu, 19 Jun 2025 23:10:45 +0200 Subject: [PATCH 5/8] fix(plume): Appsettings naming --- values/plume/kustomize/staging/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/plume/kustomize/staging/kustomization.yaml b/values/plume/kustomize/staging/kustomization.yaml index 6c79056d..4b259d5b 100644 --- a/values/plume/kustomize/staging/kustomization.yaml +++ b/values/plume/kustomize/staging/kustomization.yaml @@ -1,7 +1,7 @@ generatorOptions: disableNameSuffixHash: true configMapGenerator: -- name: staging-plume-appsettings +- name: plume-appsettings files: - appsettings.json resources: From e031fbe32c8c3b529af1fe16ecac926720dfc08b Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 19 Jun 2025 21:19:33 +0000 Subject: [PATCH 6/8] ci: plume --- charts/plume/Chart.yaml | 4 ++-- charts/plume/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/plume/Chart.yaml b/charts/plume/Chart.yaml index f93ae034..38a49b8b 100644 --- a/charts/plume/Chart.yaml +++ b/charts/plume/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.1.3 +version: v1.1.4 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.1.3 +appVersion: v1.1.4 diff --git a/charts/plume/values.yaml b/charts/plume/values.yaml index 0bbbc519..4591d8b1 100644 --- a/charts/plume/values.yaml +++ b/charts/plume/values.yaml @@ -4,7 +4,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/plume/plume - tag: v1.1.3 + tag: v1.1.4 pullPolicy: IfNotPresent init: enabled: false From ab032bdec0234dad957fbce4b89c636c5f861bc3 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 19 Jun 2025 21:27:31 +0000 Subject: [PATCH 7/8] ci: plume --- charts/plume/Chart.yaml | 4 ++-- charts/plume/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/plume/Chart.yaml b/charts/plume/Chart.yaml index 38a49b8b..3174927c 100644 --- a/charts/plume/Chart.yaml +++ b/charts/plume/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.1.4 +version: v1.1.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.1.4 +appVersion: v1.1.5 diff --git a/charts/plume/values.yaml b/charts/plume/values.yaml index 4591d8b1..0bfdcac6 100644 --- a/charts/plume/values.yaml +++ b/charts/plume/values.yaml @@ -4,7 +4,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/plume/plume - tag: v1.1.4 + tag: v1.1.5 pullPolicy: IfNotPresent init: enabled: false From 4bcf199c62327a4c38fd3c9026703104e1145b90 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 19 Jun 2025 21:51:23 +0000 Subject: [PATCH 8/8] ci: plume --- charts/plume/Chart.yaml | 4 ++-- charts/plume/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/plume/Chart.yaml b/charts/plume/Chart.yaml index 3174927c..a8984062 100644 --- a/charts/plume/Chart.yaml +++ b/charts/plume/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.1.5 +version: v1.1.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.1.5 +appVersion: v1.1.6 diff --git a/charts/plume/values.yaml b/charts/plume/values.yaml index 0bfdcac6..22e41fb7 100644 --- a/charts/plume/values.yaml +++ b/charts/plume/values.yaml @@ -4,7 +4,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/plume/plume - tag: v1.1.5 + tag: v1.1.6 pullPolicy: IfNotPresent init: enabled: false