wip: reworking manifests

2024-01-31 18:19:05 +01:00
parent 7506c8b373
commit 326c3a8993
13 changed files with 263 additions and 153 deletions
@@ -19,7 +19,7 @@ spec:
    spec:
      project: atlantis
      destination:
-        namespace: oceanbox
+        namespace: atlantis
        server: '{{ cluster }}'
      source:
        path: archmeister
@@ -2,24 +2,30 @@
 export HOME=/tmp
-echo $ARGOCD_APP_PARAMETERS | jq '.[] | select(.name == "helm-parameters") | .map' | yq -P -oy > parameters.yaml
+env > /tmp/$ARGOCD_APP_NAME.env
 echo "$ARGOCD_APP_PARAMETERS" | jq '.[] | select(.name == "helm-parameters") | .map' | yq -P -oy > parameters.yaml
 cp parameters.yaml /tmp/$ARGOCD_APP_NAME-parameters.yaml
-if [ -f chart -a $PARAM_CHART = "." ]; then
+if [ -d chart ]; then
    CHART=chart
 elif [ -f chart -a "$PARAM_CHART" = "." ]; then
    CHART=$(cat chart)
 else
    CHART=$PARAM_CHART
 fi
-helm template $PARAM_FLAGS \
+[ -f chart/values.yaml ] && VALUES="-f chart/values.yaml"
-    -f values.yaml \
+[ -f values.yaml ] && VALUES="$VALUES -f values.yaml"
-    -f parameters.yaml \
+[ -f $PARAM_ENV-values.yaml ] && VALUES="$VALUES -f $PARAM_ENV-values.yaml"
-    -f $PARAM_ENV/values.yaml \
+VALUES="$VALUES -f parameters.yaml"
-    $ARGOCD_APP_NAME $CHART > ./base/_manifest.yaml
+
 mkdir -p base
 helm template $PARAM_FLAGS $VALUES $ARGOCD_APP_NAME $CHART > ./base/_manifest.yaml
 cp ./base/_manifest.yaml /tmp/$ARGOCD_APP_NAME-manifest.yaml
 sed -i "$PARAM_REWRITE" ./base/_manifest.yaml
-cp ./base/_manifest.yaml /tmp/$ARGOCD_APP_NAME-manifest-rw.yaml
+cp ./base/_manifest.yaml /tmp/$ARGOCD_APP_NAME-manifest.yaml
 [ -d "$PARAM_ENV" ] && kubectl kustomize $PARAM_ENV > /tmp/$ARGOCD_APP_NAME-manifest.yaml
 kubectl kustomize $PARAM_ENV > /tmp/$ARGOCD_APP_NAME-manifest.yaml
 cat /tmp/$ARGOCD_APP_NAME-manifest.yaml
@@ -1,15 +1,22 @@
 #!/bin/sh
-# cat << EOF
+if [ -f values.yaml ]; then
-# [{
+    VALUES="values.yaml"
-#       "name": "values",
+elif [ -f chart/values.yaml ]; then
-#       "title": "Values",
+    VALUES="chart/values.yaml"
-#       "collectionType": "map",
+else
-#       "map": { "replicaCount": "1" }
+    cat << EOF
-# }]
+[{
-# EOF
+    "name": "helm-parameters",
    "title": "Helm Parameters",
    "collectionType": "map",
    "map": { "replicaCount": "1" }
 }]
 EOF
    exit 0
 fi
-yq e -o=p values.yaml | jq --slurp --raw-input '
+yq e -o=p $VALUES | jq --slurp --raw-input '
  [{
    name: "helm-parameters",
    title: "Helm Parameters",
@@ -13,7 +13,7 @@ spec:
        env: staging
  template:
    metadata:
-      name: '{{ env }}-cerbox'
+      name: '{{ env }}-cerbos'
    spec:
      project: atlantis
      destination:
@@ -1,70 +1,34 @@
 apiVersion: argoproj.io/v1alpha1
-kind: Application
+kind: ApplicationSet
 metadata:
  name: dex
  namespace: argocd
 spec:
  generators:
  - list:
      elements:
      - cluster: https://kubernetes.default.svc
        env: prod
        hostanme: idp.srv.oceanbox.io
      - cluster: https://kubernetes.default.svc
        env: staging
        hostanme: idp.beta.oceanbox.io
  template:
    metadata:
      name: '{{ env }}-dex'
    spec:
      project: atlantis
      destination:
        server: https://kubernetes.default.svc
        namespace: atlantis
      source:
-    repoURL: https://charts.dexidp.io
+      - repoURL: https://charts.dexidp.io
        targetRevision: 0.16.0
        chart: dex
        helm:
-      values: |
+          valueFiles:
-        replicaCount: 1
+            - $values/dex/values.yaml
-        https:
+      - repoURL: https://gitlab.com/oceanbox/manifests.git
-          enabled: false
+        targetRevision: HEAD
-        grpc:
+        path: cerbos/manifests
-          enabled: false
+        ref: values
        configSecret:
          create: true
          name: ""
        config: {}
        volumes:
          - name: web
            persistentVolumeClaim:
              claimName: oceanbox-dex
        volumeMounts:
          - name: web
            mountPath: /srv/dex/web
        envVars: []
        service:
          annotations: {}
          type: ClusterIP
          clusterIP: ""
          ports:
            http:
              port: 5556
              nodePort:
            https:
              port: 5554
              nodePort:
            grpc:
              port: 5557
              nodePort:
        ingress:
          enabled: true
          className: nginx
          annotations:
            cert-manager.io/cluster-issuer: letsencrypt-staging
            nginx.ingress.kubernetes.io/ssl-redirect: "true"
          hosts:
            - host: idp.beta.oceanbox.io
              paths:
                - path: /
                  pathType: ImplementationSpecific
          tls:
           - secretName: dex-tls
             hosts:
               - idp.beta.oceanbox.io
        serviceMonitor:
          enabled: true
@@ -0,0 +1,53 @@
 replicaCount: 1
 https:
  enabled: false
 grpc:
  enabled: false
 configSecret:
  create: true
  name: ""
 config: {}
 volumes:
  - name: web
    persistentVolumeClaim:
      claimName: oceanbox-dex
 volumeMounts:
  - name: web
    mountPath: /srv/dex/web
 envVars: []
 service:
  annotations: {}
  type: ClusterIP
  clusterIP: ""
  ports:
    http:
      port: 5556
      nodePort:
    https:
      port: 5554
      nodePort:
    grpc:
      port: 5557
      nodePort:
 ingress:
  enabled: true
  className: nginx
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-staging
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
  hosts:
    - host: idp.srv.oceanbox.io
      paths:
        - path: /
          pathType: ImplementationSpecific
  tls:
   - secretName: dex-tls
     hosts:
       - idp.srv.oceanbox.io
 serviceMonitor:
  enabled: true
@@ -1,15 +1,28 @@
 apiVersion: argoproj.io/v1alpha1
-kind: Application
+kind: ApplicationSet
 metadata:
  name: geoserver
  namespace: argocd
 spec:
-  project: gis
+  generators:
  - list:
      elements:
      - cluster: https://kubernetes.default.svc
        env: prod
        hostname: geoserver.srv.oceanbox.io
      - cluster: https://kubernetes.default.svc
        env: staging
        hostname: geoserver.beta.oceanbox.io
  template:
    metadata:
      name: '{{ env }}-geoserver'
    spec:
      project: atlantis
      destination:
        server: https://kubernetes.default.svc
        namespace: geoserver
-  source:
+      sources:
-    repoURL: https://gitlab.com/oceanbox/charts.git
+      - repoURL: https://gitlab.com/oceanbox/charts.git
        targetRevision: HEAD
        path: geoserver
        plugin:
@@ -23,3 +36,7 @@ spec:
            string: "--skip-tests"
          - name: chart
            string: ncsa/geoserver
      # - repoURL: https://gitlab.com/oceanbox/manifests.git
      #   targetRevision: HEAD
      #   # path: /{{ env }}
      #   ref: values
@@ -1,49 +1,34 @@
 apiVersion: argoproj.io/v1alpha1
-kind: Application
+kind: ApplicationSet
 metadata:
  name: rabbitmq
  namespace: argocd
 spec:
  generators:
  - list:
      elements:
      - cluster: https://kubernetes.default.svc
        env: prod
        hostname: rabbitmq.srv.oceanbox.io
      - cluster: https://kubernetes.default.svc
        env: staging
        hostname: rabbitmq.beta.oceanbox.io
  template:
    metadata:
      name: '{{ env }}-rabbitmq'
 spec:
  project: atlantis
  destination:
    server: https://kubernetes.default.svc
-    namespace: atlantis
+    namespace: rabbitmq
  sources:
    - repoURL: https://charts.bitnami.com/bitnami
      targetRevision: 12.9.0
      chart: rabbitmq
      helm:
-        values: |
+        valuesFiles:
-          auth:
+          - $values/rabbitmq/{{ env }}/-values.yaml
-            erlangCookie: ""
+    - repoURL: https://gitlab.com/oceanbox/manifests.git
            existingErlangSecret: ""
            existingPasswordSecret: ""
            password: hunny-bunny
            username: user
          clusterDomain: cluster.local
          ingress:
            annotations:
              cert-manager.io/cluster-issuer: letsencrypt-production
              nginx.ingress.kubernetes.io/ssl-redirect: "true"
              nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
            enabled: true
            extraHosts: []
            extraPaths: []
            extraRules: []
            hostname: rabbitmq.svc.oceanbox.io
            ingressClassName: ""
            path: /
            pathType: ImplementationSpecific
            secrets: []
            selfSigned: false
            tls: true
          persistence:
            accessModes:
            - ReadWriteOnce
            enabled: true
            existingClaim: ""
            size: 8Gi
            storageClass: ""
    - repoURL: https://gitlab.com/oceanbox/manifests
      targetRevision: HEAD
-      path: rabbitmq/manifests
+      path: rabbitmq/{{ env }}
      ref: values
@@ -1,14 +1,9 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: rabbitmq-nodeport
+  name: prod-rabbitmq-nodeport
-  namespace: atlantis
+  namespace: rabbitmq
 spec:
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: amqp
    nodePort: 30672
@@ -21,8 +16,7 @@ spec:
    protocol: TCP
    targetPort: 15672
  selector:
-    app.kubernetes.io/instance: rabbitmq
+    app.kubernetes.io/instance: prod-rabbitmq
-    app.kubernetes.io/name: rabbitmq
+    app.kubernetes.io/name: prod-rabbitmq
  sessionAffinity: None
  type: NodePort
@@ -0,0 +1,31 @@
 auth:
  erlangCookie: ""
  existingErlangSecret: ""
  existingPasswordSecret: ""
  password: hunny-bunny
  username: user
 clusterDomain: cluster.local
 ingress:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-production
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
  enabled: true
  extraHosts: []
  extraPaths: []
  extraRules: []
  hostname: rabbitmq.srv.oceanbox.io
  ingressClassName: ""
  path: /
  pathType: ImplementationSpecific
  secrets: []
  selfSigned: false
  tls: true
 persistence:
  accessModes:
  - ReadWriteOnce
  enabled: true
  existingClaim: ""
  size: 8Gi
  storageClass: ""
@@ -0,0 +1,22 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: staging-rabbitmq-nodeport
  namespace: rabbitmq
 spec:
  ports:
  - name: amqp
    nodePort: 31672
    port: 5672
    protocol: TCP
    targetPort: 5672
  - name: amqp-http
    nodePort: 31673
    port: 15672
    protocol: TCP
    targetPort: 15672
  selector:
    app.kubernetes.io/instance: staging-rabbitmq
    app.kubernetes.io/name: staging-rabbitmq
  type: NodePort
@@ -0,0 +1,31 @@
 auth:
  erlangCookie: ""
  existingErlangSecret: ""
  existingPasswordSecret: ""
  password: hunny-bunny
  username: user
 clusterDomain: cluster.local
 ingress:
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-staging
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
  enabled: true
  extraHosts: []
  extraPaths: []
  extraRules: []
  hostname: rabbitmq.beta.oceanbox.io
  ingressClassName: ""
  path: /
  pathType: ImplementationSpecific
  secrets: []
  selfSigned: false
  tls: true
 persistence:
  accessModes:
  - ReadWriteOnce
  enabled: true
  existingClaim: ""
  size: 8Gi
  storageClass: ""
@@ -7,13 +7,13 @@ spec:
  project: atlantis
  destination:
    server: https://kubernetes.default.svc
-    namespace: atlantis
+    namespace: seq
  source:
    repoURL: https://helm.datalust.co
    targetRevision: 2024.1.0
    chart: seq
    helm:
-      values: |
+      valuesObject:
        acceptEULA: "Y"
        # Set this URL if you enable ingress and/or AAD authentication.