feat: rename kustomizations/ to values/

2024-10-14 07:59:16 +02:00
parent 91b56423f2
commit 372c11c31e
165 changed files with 28 additions and 28 deletions
@@ -1,9 +0,0 @@
- op: replace
-  path: /spec/template/spec/containers/0/livenessProbe/httpGet/path
-  value: /healthz
- op: replace
-  path: /spec/template/spec/containers/0/readinessProbe/httpGet/path
-  value: /healthz
- op: add
-  path: /spec/template/spec/containers/0/envFrom
-  value: []
@@ -1,10 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-patches:
- path: deployment_patch.yaml
-  target:
-    group: apps
-    kind: Deployment
-    version: v1
-resources:
- _manifest.yaml
@@ -1 +0,0 @@
-oceanbox/archmeister
@@ -1,48 +0,0 @@
-{
-    "connString": "Username=app;Password=secret;Host=prod-archmeister-rw;Port=5432;Database=app;Pooling=true;",
-    "oidc": {
-        "issuer": "https://idp.oceanbox.io/dex",
-        "authorization_endpoint": "https://idp.oceanbox.io/dex/auth",
-        "token_endpoint": "https://idp.oceanbox.io/dex/token",
-        "jwks_uri": "https://idp.oceanbox.io/dex/keys",
-        "userinfo_endpoint": "https://idp.oceanbox.io/dex/userinfo",
-        "device_authorization_endpoint": "https://idp.oceanbox.io/dex/device/code",
-        "clientId": "archmeister",
-        "clientSecret": "",
-        "scopes": [
-            "openid",
-            "email",
-            "offline_access",
-            "profile"
-        ]
-    },
-    "sso": {
-        "cookieDomain": ".oceanbox.io",
-        "signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html",
-        "redis": "prod-redis-master.redis.svc,user=default,password=secret",
-        "appDomain": "atlantis",
-        "dataProtectionKeys": "DataProtection-Keys"
-    },
-    "allowedOrigins": [
-        "https://maps.oceanbox.io",
-        "https://atlantis.srv.oceanbox.io",
-        "https://maps.relic.oceanbox.io",
-        "https://sorcerer.data.oceanbox.io",
-        "https://sorcerer.ekman.oceanbox.io",
-        "https://sorcerer.jonas.ekman.oceanbox.io",
-        "https://sorcerer.simkir.ekman.oceanbox.io",
-        "https://sorcerer.stig.ekman.oceanbox.io",
-        "https://atlantis.beta.oceanbox.io",
-        "https://atlantis.jonas.dev.oceanbox.io",
-        "https://atlantis.stig.dev.oceanbox.io",
-        "https://atlantis.simkir.dev.oceanbox.io",
-        "https://atlantis.local.oceanbox.io:8080"
-    ],
-    "logService" : "https://seq.adm.oceanbox.io",
-    "logApiKey": "",
-    "cliUsers": [
-        "admin:en-to-tre-fire"
-    ],
-    "cerbosUrl": "http://prod-cerbos.idp.svc:3593",
-    "deployEnv": "prod"
-}
@@ -1,2 +0,0 @@
-OIDC_CLIENT_SECRET=ieK3yak9zoh3yeewee8quahY6seiv7Ro
-SEQ_APIKEY=mxv08mP4RDQE7vgUkbfC
@@ -1,44 +0,0 @@
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: DB_PASSWORD
-    valueFrom:
-      secretKeyRef:
-        name: prod-archmeister-app
-        key: password
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: DB_USERNAME
-    valueFrom:
-      secretKeyRef:
-        name: prod-archmeister-app
-        key: username
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: DB_HOST
-    value: prod-archmeister-rw
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: REDIS_USER
-    value: default
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: REDIS_PASSWORD
-    valueFrom:
-      secretKeyRef:
-        name: prod-redis
-        key: redis-password
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: RABBITMQ_USER
-    value: user
- op: add
-  path: /spec/template/spec/containers/0/envFrom/-
-  value:
-    secretRef:
-      name: prod-archmeister-env
@@ -1,3 +0,0 @@
- op: replace
-  path: /spec/rules/0/http/paths/0/path
-  value: /internal
@@ -1,25 +0,0 @@
-generatorOptions:
-  disableNameSuffixHash: true
-configMapGenerator:
- name: prod-archmeister-appsettings
-  files:
-  - appsettings.json
-secretGenerator:
- name: prod-archmeister-env
-  envs:
-  - default.env
-patches:
- path: deployment_patch.yaml
-  target:
-    version: v1
-    group: apps
-    kind: Deployment
- path: ingress_patch.yaml
-  target:
-    group: networking.k8s.io
-    kind: Ingress
-    name: prod-archmeister-internal
-    annotationSelector: atlantis.oceanbox.io/expose=internal
-    version: v1
-resources:
- ../base
@@ -1,43 +0,0 @@
-{
-    "connString": "Username=app;Password=secret;Host=staging-archmeister-rw;Port=5432;Database=app;Pooling=true;",
-    "oidc": {
-        "issuer": "https://idp.oceanbox.io/dex",
-        "authorization_endpoint": "https://idp.oceanbox.io/dex/auth",
-        "token_endpoint": "https://idp.oceanbox.io/dex/token",
-        "jwks_uri": "https://idp.oceanbox.io/dex/keys",
-        "userinfo_endpoint": "https://idp.oceanbox.io/dex/userinfo",
-        "device_authorization_endpoint": "https://idp.oceanbox.io/dex/device/code",
-        "clientId": "archmeister_dev",
-        "clientSecret": "",
-        "scopes": [
-            "openid",
-            "email",
-            "offline_access",
-            "profile"
-        ]
-    },
-    "sso": {
-        "cookieDomain": ".oceanbox.io",
-        "signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html",
-        "redis": "staging-redis-master.redis.svc,user=default,password=secret",
-        "appDomain": "atlantis",
-        "dataProtectionKeys": "DataProtection-Keys"
-    },
-    "allowedOrigins": [
-        "https://maps.oceanbox.io",
-        "https://atlantis.beta.oceanbox.io",
-        "https://sorcerer.data.oceanbox.io",
-        "https://sorcerer.ekman.oceanbox.io",
-        "https://atlantis.jonas.dev.oceanbox.io",
-        "https://atlantis.stig.dev.oceanbox.io",
-        "https://atlantis.simkir.dev.oceanbox.io",
-        "https://atlantis.local.oceanbox.io:8080"
-    ],
-    "logService" : "https://seq.adm.oceanbox.io",
-    "logApiKey": "",
-    "cliUsers": [
-        "admin:en-to-tre-fire"
-    ],
-    "cerbosUrl": "http://staging-cerbos.idp.svc:3593",
-    "deployEnv": "staging"
-}
@@ -1,2 +0,0 @@
-OIDC_CLIENT_SECRET=ieK3yak9zoh3yeewee8quahY6seiv7Ro
-SEQ_APIKEY=mxv08mP4RDQE7vgUkbfC
@@ -1,49 +0,0 @@
- op: replace
-  path: /spec/template/spec/containers/0/env/0
-  value:
-    name: LOG_LEVEL
-    value: "4"
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: DB_PASSWORD
-    valueFrom:
-      secretKeyRef:
-        name: staging-archmeister-app
-        key: password
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: DB_USERNAME
-    valueFrom:
-      secretKeyRef:
-        name: staging-archmeister-app
-        key: username
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: DB_HOST
-    value: staging-archmeister-rw
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: REDIS_USER
-    value: default
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: REDIS_PASSWORD
-    valueFrom:
-      secretKeyRef:
-        name: staging-redis
-        key: redis-password
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: RABBITMQ_USER
-    value: user
- op: add
-  path: /spec/template/spec/containers/0/envFrom/-
-  value:
-    secretRef:
-      name: staging-archmeister-env
@@ -1,6 +0,0 @@
- op: replace
-  path: /spec/rules/0/http/paths/0/path
-  value: /internal
- op: add
-  path: /metadata/annotations/nginx.ingress.kubernetes.io~1whitelist-source-range
-  value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
@@ -1,25 +0,0 @@
-generatorOptions:
-  disableNameSuffixHash: true
-configMapGenerator:
- name: staging-archmeister-appsettings
-  files:
-    - appsettings.json
-secretGenerator:
- name: staging-archmeister-env
-  envs:
-  - default.env
-patches:
- path: deployment_patch.yaml
-  target:
-    version: v1
-    group: apps
-    kind: Deployment
- path: ingress_patch.yaml
-  target:
-    group: networking.k8s.io
-    kind: Ingress
-    name: staging-archmeister-internal
-    annotationSelector: atlantis.oceanbox.io/expose=internal
-    version: v1
-resources:
- ../base
@@ -1,45 +0,0 @@
-replicaCount: 2
-
-podAnnotations:
-  dapr.io/app-id: "prod-archmeister"
-  dapr.io/enabled: "true"
-  dapr.io/app-port: "8000"
-  dapr.io/config: "tracing"
-  dapr.io/app-protocol: "http"
-  dapr.io/enable-app-health-check: "true"
-  dapr.io/app-health-check-path: "/healthz"
-  dapr.io/app-health-probe-interval: "3"
-  dapr.io/app-health-probe-timeout: "200"
-  dapr.io/app-health-threshold: "2"
-  dapr.io/sidecar-cpu-request: "100m"
-  dapr.io/sidecar-memory-request: "250Mi"
-  dapr.io/sidecar-cpu-limit: "300m"
-  dapr.io/sidecar-memory-limit: "1000Mi"
-  dapr.io/log-as-json: "true"
-
-ingress:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-  hosts:
-    - host: archmeister.srv.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls:
-    - hosts:
-       - archmeister.srv.oceanbox.io
-      secretName: prod-archmeister-tls
-
-cluster:
-  backupEnabled: true
-  backupRetention: 60d
-  instances: 2
-
-resources:
-  limits:
-    cpu: 1000m
-    memory: 2Gi
-  requests:
-    cpu: 200m
-    memory: 1Gi
-
@@ -1,39 +0,0 @@
-replicaCount: 1
-podAnnotations:
-  dapr.io/app-id: "staging-archmeister"
-  dapr.io/enabled: "true"
-  dapr.io/app-port: "8000"
-  dapr.io/config: "tracing"
-  dapr.io/app-protocol: "http"
-  dapr.io/enable-app-health-check: "true"
-  dapr.io/app-health-check-path: "/healthz"
-  dapr.io/app-health-probe-interval: "3"
-  dapr.io/app-health-probe-timeout: "200"
-  dapr.io/app-health-threshold: "2"
-  dapr.io/sidecar-cpu-request: "100m"
-  dapr.io/sidecar-memory-request: "250Mi"
-  dapr.io/sidecar-cpu-limit: "300m"
-  dapr.io/sidecar-memory-limit: "1000Mi"
-  dapr.io/log-as-json: "true"
-image:
-  tag: 16390a0c-debug
-ingress:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-    # atlantis.oceanbox.io/expose: internal
-  hosts:
-    - host: archmeister.beta.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls:
-    - hosts:
-        - archmeister.beta.oceanbox.io
-      secretName: staging-archmeister-tls
-resources:
-  limits:
-    cpu: 1000m
-    memory: 2Gi
-  requests:
-    cpu: 200m
-    memory: 1Gi
@@ -1,14 +0,0 @@
- op: replace
-  path: /spec/template/spec/containers/0/livenessProbe/httpGet/path
-  value: /healthz
- op: replace
-  path: /spec/template/spec/containers/0/readinessProbe/httpGet/path
-  value: /healthz
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: INTRERNAL_PORT
-    value: "8000"
- op: add
-  path: /spec/template/spec/containers/0/envFrom
-  value: []
@@ -1,14 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-patches:
-  - target:
-      version: v1
-      group: apps
-      kind: Deployment
-    path: deployment_patch.yaml
-  - target:
-      version: v1
-      kind: Service
-    path: service_patch.yaml
-resources:
-  - _manifest.yaml
@@ -1,7 +0,0 @@
- op: add
-  path: /spec/ports/-
-  value:
-    name: intra
-    port: 8000
-    protocol: TCP
-    targetPort: 8000
@@ -1 +0,0 @@
-oceanbox/atlantis
@@ -1,37 +0,0 @@
-{
-    "oidc": {
-        "issuer": "https://idp.oceanbox.io/dex",
-        "authorization_endpoint": "https://idp.oceanbox.io/dex/auth",
-        "token_endpoint": "https://idp.oceanbox.io/dex/token",
-        "jwks_uri": "https://idp.oceanbox.io/dex/keys",
-        "userinfo_endpoint": "https://idp.oceanbox.io/dex/userinfo",
-        "device_authorization_endpoint": "https://idp.oceanbox.io/dex/device/code",
-        "clientId": "atlantis",
-        "clientSecret": "",
-        "scopes": [
-            "openid",
-            "email",
-            "offline_access",
-            "profile"
-        ]
-    },
-    "redis": "prod-redis-master.redis.svc,user=default,password=secret",
-    "sso": {
-        "cookieDomain": ".oceanbox.io",
-        "signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html",
-        "appDomain": "atlantis",
-        "dataProtectionKeys": "DataProtection-Keys"
-    },
-    "archmeister" : "https://archmeister.srv.oceanbox.io",
-    "sorcerer" : "https://sorcerer.data.oceanbox.io",
-    "allowedOrigins": [
-        "http://maps.oceanbox.io",
-        "https://maps.oceanbox.io",
-        "http://atlantis.srv.oceanbox.io",
-        "https://atlantis.srv.oceanbox.io"
-    ],
-    "logService" : "https://seq.adm.oceanbox.io",
-    "logApiKey": "",
-    "deployEnv": "prod",
-    "plainAuthUsers": []
-}
@@ -1,2 +0,0 @@
-client-id=simen.kirkvik@tromso.serit.no:simkir-tilt-atlantis
-secret=d9tInZ1XpeDAxD.DySv'*SB=P
@@ -1,3 +0,0 @@
-OIDC_CLIENT_SECRET=KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm
-SEQ_APIKEY=v9RfeLBD9Si7OkFlkjPm
-DEPLOY_NAME=prod-atlantis
@@ -1,41 +0,0 @@
- op: replace
-  path: /spec/template/spec/containers/0/env/0
-  value:
-    name: LOG_LEVEL
-    value: "4"
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: BARENTSWATCH_SECRET
-    valueFrom:
-      secretKeyRef:
-        name: prod-atlantis-barentswatch
-        key: secret
-        optional: true
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: BARENTSWATCH_CLIENT_ID
-    valueFrom:
-      secretKeyRef:
-        name: prod-atlantis-barentswatch
-        key: client-id
-        optional: true
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: REDIS_USER
-    value: default
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: REDIS_PASSWORD
-    valueFrom:
-      secretKeyRef:
-        name: prod-redis
-        key: redis-password
- op: add
-  path: /spec/template/spec/containers/0/envFrom/-
-  value:
-    secretRef:
-      name: prod-atlantis-env
@@ -1,22 +0,0 @@
-generatorOptions:
-  disableNameSuffixHash: true
-configMapGenerator:
- name: prod-atlantis-appsettings
-  files:
-    - appsettings.json
-secretGenerator:
- name: prod-atlantis-env
-  envs:
-  - default.env
- name: prod-atlantis-barentswatch
-  envs:
-  - barentswatch-api.env
-patches:
-  - target:
-      group: apps
-      version: v1
-      kind: Deployment
-    path: deployment_patch.yaml
-resources:
-  - ../base
-  - subscriptions.yaml
@@ -1,27 +0,0 @@
-apiVersion: dapr.io/v2alpha1
-kind: Subscription
-metadata:
-  name: hipster-events
-spec:
-  topic: hipster
-  routes:
-    default: /hipster-events
-  pubsubname: pubsub
-  metadata:
-    queueType: quorum
-scopes:
- prod-atlantis
---
-apiVersion: dapr.io/v2alpha1
-kind: Subscription
-metadata:
-  name: inbox-events
-spec:
-  topic: inbox
-  routes:
-    default: /inbox-events
-  pubsubname: pubsub
-  metadata:
-    queueType: quorum
-scopes:
- prod-atlantis
@@ -1,35 +0,0 @@
-{
-    "oidc": {
-        "issuer": "https://idp.oceanbox.io/dex",
-        "authorization_endpoint": "https://idp.oceanbox.io/dex/auth",
-        "token_endpoint": "https://idp.oceanbox.io/dex/token",
-        "jwks_uri": "https://idp.oceanbox.io/dex/keys",
-        "userinfo_endpoint": "https://idp.oceanbox.io/dex/userinfo",
-        "device_authorization_endpoint": "https://idp.oceanbox.io/dex/device/code",
-        "clientId": "atlantis_dev",
-        "clientSecret": "",
-        "scopes": [
-            "openid",
-            "email",
-            "offline_access",
-            "profile"
-        ]
-    },
-    "redis": "staging-redis-master.redis.svc,user=default,password=secret",
-    "sso": {
-        "cookieDomain": ".oceanbox.io",
-        "signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html",
-        "appDomain": "atlantis",
-        "dataProtectionKeys": "DataProtection-Keys"
-    },
-    "archmeister" : "https://archmeister.beta.oceanbox.io",
-    "sorcerer" : "https://sorcerer.ekman.oceanbox.io",
-    "allowedOrigins": [
-        "http://atlantis.beta.oceanbox.io",
-        "https://atlantis.beta.oceanbox.io"
-    ],
-    "logService" : "https://seq.adm.oceanbox.io",
-    "logApiKey": "",
-    "deployEnv": "staging",
-    "plainAuthUsers": []
-}
@@ -1 +0,0 @@
-oceanbox:$apr1$4njCUY7A$fmWQSymNJ6abSHvwDpNGU/
@@ -1,2 +0,0 @@
-client-id=simen.kirkvik@tromso.serit.no:simkir-tilt-atlantis
-secret=d9tInZ1XpeDAxD.DySv'*SB=P
@@ -1,3 +0,0 @@
-OIDC_CLIENT_SECRET=3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR
-SEQ_APIKEY=v9RfeLBD9Si7OkFlkjPm
-DEPLOY_NAME=staging-atlantis
@@ -1,41 +0,0 @@
- op: replace
-  path: /spec/template/spec/containers/0/env/0
-  value:
-    name: LOG_LEVEL
-    value: "4"
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: BARENTSWATCH_SECRET
-    valueFrom:
-      secretKeyRef:
-        name: staging-atlantis-barentswatch
-        key: secret
-        optional: true
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: BARENTSWATCH_CLIENT_ID
-    valueFrom:
-      secretKeyRef:
-        name: staging-atlantis-barentswatch
-        key: client-id
-        optional: true
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: REDIS_USER
-    value: default
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: REDIS_PASSWORD
-    valueFrom:
-      secretKeyRef:
-        name: staging-redis
-        key: redis-password
- op: add
-  path: /spec/template/spec/containers/0/envFrom/-
-  value:
-    secretRef:
-      name: staging-atlantis-env
@@ -1,21 +0,0 @@
-generatorOptions:
-  disableNameSuffixHash: true
-configMapGenerator:
- name: staging-atlantis-appsettings
-  files:
-    - appsettings.json
-secretGenerator:
- name: staging-atlantis-env
-  envs:
-  - default.env
- name: staging-atlantis-barentswatch
-  envs:
-  - barentswatch-api.env
-patches:
-  - target:
-      group: apps
-      version: v1
-      kind: Deployment
-    path: deployment_patch.yaml
-resources:
-  - ../base
@@ -1,46 +0,0 @@
-replicaCount: 2
-
-podAnnotations:
-  dapr.io/app-id: "prod-atlantis"
-  dapr.io/enabled: "true"
-  dapr.io/app-port: "8000"
-  dapr.io/config: "tracing"
-  dapr.io/app-protocol: "http"
-  dapr.io/enable-app-health-check: "true"
-  dapr.io/app-health-check-path: "/healthz"
-  dapr.io/app-health-probe-interval: "3"
-  dapr.io/app-health-probe-timeout: "200"
-  dapr.io/app-health-threshold: "2"
-  dapr.io/sidecar-cpu-request: "100m"
-  dapr.io/sidecar-memory-request: "250Mi"
-  dapr.io/sidecar-cpu-limit: "300m"
-  dapr.io/sidecar-memory-limit: "1000Mi"
-  dapr.io/log-as-json: "true"
-
-ingress:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
-  hosts:
-    - host: atlantis.srv.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-    - host: maps.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls:
-    - hosts:
-       - atlantis.srv.oceanbox.io
-       - maps.oceanbox.io
-      secretName: atlantis-tls
-
-resources:
-  limits:
-    cpu: 250m
-    memory: 1Gi
-  requests:
-    cpu: 250m
-    memory: 1Gi
-
@@ -1,54 +0,0 @@
-replicaCount: 2
-podAnnotations:
-  dapr.io/app-id: "staging-atlantis"
-  dapr.io/enabled: "true"
-  dapr.io/app-port: "8000"
-  dapr.io/config: "tracing"
-  dapr.io/app-protocol: "http"
-  dapr.io/enable-app-health-check: "true"
-  dapr.io/app-health-check-path: "/healthz"
-  dapr.io/app-health-probe-interval: "3"
-  dapr.io/app-health-probe-timeout: "200"
-  dapr.io/app-health-threshold: "2"
-  dapr.io/sidecar-cpu-request: "100m"
-  dapr.io/sidecar-memory-request: "250Mi"
-  dapr.io/sidecar-cpu-limit: "300m"
-  dapr.io/sidecar-memory-limit: "1000Mi"
-  dapr.io/log-as-json: "true"
-image:
-  tag: 7f3512e0-debug
-ingress:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
-    # nginx.ingress.kubernetes.io/affinity: "cookie"
-    # nginx.ingress.kubernetes.io/session-cookie-name: "http-affinity"
-    # nginx.ingress.kubernetes.io/session-cookie-expires: "86400"
-    # nginx.ingress.kubernetes.io/session-cookie-max-age: "86400"
-    # atlantis.oceanbox.io/expose: internal
-  hosts:
-    - host: atlantis.beta.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-    - host: atlas.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-    - host: beta.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls:
-    - hosts:
-        - atlantis.beta.oceanbox.io
-        - atlas.oceanbox.io
-        - beta.oceanbox.io
-      secretName: staging-atlantis-tls
-resources:
-  limits:
-    cpu: 250m
-    memory: 1Gi
-  requests:
-    cpu: 250m
-    memory: 1Gi
@@ -1,4 +0,0 @@
- op: remove
-  path: /spec/template/spec/containers/0/livenessProbe
- op: remove
-  path: /spec/template/spec/containers/0/readinessProbe
@@ -1,10 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-patches:
-  - target:
-      version: v1
-      group: apps
-      kind: Deployment
-    path: deployment_patch.yaml
-resources:
-  - _manifest.yaml
@@ -1 +0,0 @@
-oceanbox/busynix
@@ -1,5 +0,0 @@
- op: replace
-  path: /spec/template/spec/containers/0/env/0
-  value:
-    name: LOG_LEVEL
-    value: "4"
@@ -1,12 +0,0 @@
-namePrefix: prod-
-generatorOptions:
-  disableNameSuffixHash: true
-patches:
-  - target:
-      group: apps
-      version: v1
-      kind: Deployment
-      name: busynix
-    path: deployment_patch.yaml
-resources:
-  - ../base
@@ -1,5 +0,0 @@
- op: replace
-  path: /spec/template/spec/containers/0/env/0
-  value:
-    name: LOG_LEVEL
-    value: "4"
@@ -1,12 +0,0 @@
-namePrefix: staging-
-generatorOptions:
-  disableNameSuffixHash: true
-patches:
-  - target:
-      group: apps
-      version: v1
-      kind: Deployment
-      name: busynix
-    path: deployment_patch.yaml
-resources:
-  - ../base
@@ -1,17 +0,0 @@
-fullnameOverride: busynix
-
-ingress:
-  enabled: true
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging
-    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
-    atlantis.oceanbox.io/expose: internal
-  hosts:
-    - host: busynix.srv.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls:
-    - hosts:
-       - busynix.srv.oceanbox.io
-      secretName: prod-busynix-tls
@@ -1,20 +0,0 @@
-fullnameOverride: busynix
-
-image:
-  tag: 3923449d-debug
-
-ingress:
-  enabled: true
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging
-    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
-    atlantis.oceanbox.io/expose: internal
-  hosts:
-    - host: busynix.beta.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls:
-    - hosts:
-       - busynix.beta.oceanbox.io
-      secretName: staging-busynix-tls
@@ -1,7 +0,0 @@
-apiVersion: v1
-data:
-  GITLAB_TOKEN: Z2xwYXQtOTZvWmVwdnNiSnYyMzVXUWVqTnM=
-kind: Secret
-metadata:
-  name: cerbos-gitlab-token
-type: Opaque
@@ -1,3 +0,0 @@
-service:
-  httpNodePort: 30592
-  grpcNodePort: 30593
@@ -1,3 +0,0 @@
-service:
-  httpNodePort: 31592
-  grpcNodePort: 31593
@@ -1,46 +0,0 @@
-replicaCount: 1
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-
-# Spec of the cert-manager certificate to create for the Cerbos deployment.
-# If certSpec is not empty, a cert-manager.io/v1/Certificate resource will be created with its spec populated with values from certSpec.
-# The certSpec value must be a valid Certificate spec. This Helm chart does not provide any defaults or inject any values into it.
-# If cerbos.tlsSecretName is defined, it takes precedence over the generated certificate.
-certManager:
-  certSpec: {}
-
-# Cerbos service settings.
-service:
-  type: ClusterIP
-  httpPort: 3592
-  grpcPort: 3593
-  httpNodePort: 13592
-  grpcNodePort: 13593
-  annotations: {}
-
-envFrom:
-  - secretRef:
-      name: cerbos-gitlab-token
-
-cerbos:
-  httpPort: 3592
-  grpcPort: 3593
-  tlsSecretName: ""
-  logLevel: INFO
-  config:
-    storage:
-      driver: "git"
-      git:
-        protocol: https
-        url: https://gitlab.com/oceanbox/cerbos
-        branch: main
-        subDir: policies
-        checkoutDir: /work
-        updatePollInterval: 60s
-        https:
-          username: cerbos
-          password: ${GITLAB_TOKEN}
@@ -1,19 +0,0 @@
-apiVersion: postgresql.cnpg.io/v1
-kind: Cluster
-metadata:
-  name: dexdb
-spec:
-  enableSuperuserAccess: true
-  instances: 2
-  logLevel: info
-  storage:
-    pvcTemplate:
-      accessModes:
-      - ReadWriteOnce
-      resources:
-        requests:
-          storage: 1Gi
-      storageClassName: managed-nfs-storage
-      volumeMode: Filesystem
-    resizeInUseVolumes: true
-    size: 1Gi
@@ -1,146 +0,0 @@
-issuer: https://idp.oceanbox.io/dex
-storage:
-  type: postgres
-  config:
-    host: staging-dexdb-rw
-    port: 5432
-    database: app
-    user: app
-    password: epq4dGyf5sheJ7fp9f0NgYtPwlhS2Gvtb5FXl6tddcNGyIhwN9DchExTUD7nxFMH
-    ssl:
-      mode: disable
-web:
-  http: 127.0.0.1:5556
-telemetry:
-  http: 127.0.0.1:5558
-grpc:
-  addr: 127.0.0.1:5557
-frontend:
-  dir: /srv/dex/web
-  issuer: oceanbox
-  extra:
-    client_logo_url: "../theme/client-logo.png"
-# enablePasswordDB: true
-# staticPasswords:
-#   - email: "admin@oceanbox.io"
-#     hash: "$2y$12$2AUaWnDEpHxsfFyRzTwx8e8WtJtnhGJOujPjP3BXVVCJe3c.k2PjC"
-#     username: "admin"
-#     userID: "9a15441c-4d66-4b26-a0f6-4e619535ee8f"
-oauth2:
-  responseTypes: [ "code" ]
-  skipApprovalScreen: true
-  alwaysShowLoginScreen: false
-connectors:
- type: microsoft
-  id: oceanbox
-  name: oceanbox.io
-  config:
-    clientID: 43667ac0-37e1-422f-99fc-50a699bb255c
-    clientSecret: 5kA8Q~N1Gq~YBgJyKg8xNONZbvf4bM0Qwp_AUbM8
-    tenant: 3f737008-e9a0-4485-9d27-40329d288089
-    redirectURI: https://idp.oceanbox.io/dex/callback
-    onlySecurityGroups: true
-    groups:
-      - atlantis
- type: microsoft
-  id: salmar
-  name: salmar.no
-  config:
-    clientID: 3f6f1153-e5da-40eb-a2dd-ede6c7bf6058
-    clientSecret: rzC8Q~fc9ex6hBglFPAKCU4KJ1o82AQCQYdb~cI2
-    tenant: de10159d-2c09-4762-966c-e841d3391feb
-    redirectURI: https://idp.oceanbox.io/dex/callback
-    onlySecurityGroups: true
-    groups:
-      - Azure-Grp-App-Cloud-Oceanbox
- type: microsoft
-  id: aqua-kompetanse
-  name: aqua-kompetanse.no
-  config:
-    clientID: 9fd83910-1a21-4869-8a30-19fc32722ee2
-    clientSecret: Uer8Q~8LKuDNQVt1vHaMVXAzKSLssvVduH.2HcNC
-    tenant: 6cd538cc-6cba-463f-9d22-1e0eda9695e3
-    redirectURI: https://idp.oceanbox.io/dex/callback
-    onlySecurityGroups: true
-    groups:
-      - Oceanbox
- type: oidc
-  id: keycloak
-  name: default
-  config:
-    issuer: https://auth.srv.oceanbox.io/realms/oceanbox
-    clientID: dex
-    clientSecret: 4T7oMYLeShuIvrF3wvg4A24gcZWzdcrC
-    redirectURI: https://idp.oceanbox.io/dex/callback
-    promptType: login
-staticClients:
-  - id: atlantis
-    redirectURIs:
-      - 'https://maps.oceanbox.io/signin-oidc'
-      - 'https://maps.srv.oceanbox.io/signin-oidc'
-      - 'https://atlantis.srv.oceanbox.io/signin-oidc'
-      - 'https://maps.relic.oceanbox.io/signin-oidc'
-    name: 'Atlantis'
-    secret: KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm
-  - id: atlantis_dev
-    redirectURIs:
-      - 'https://atlantis.beta.oceanbox.io/signin-oidc'
-      - 'https://beta.oceanbox.io/signin-oidc'
-      - 'https://atlas.oceanbox.io/signin-oidc'
-      - 'https://jonas-atlantis.dev.oceanbox.io/signin-oidc'
-      - 'https://stig-atlantis.dev.oceanbox.io/signin-oidc'
-      - 'https://simkir-atlantis.dev.oceanbox.io/signin-oidc'
-      - 'https://atlantis.local.oceanbox.io:8080/signin-oidc'
-    name: 'Atlantis dev'
-    secret: 3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR
-  - id: petimeter
-    redirectURIs:
-      - 'https://petimeter.srv.oceanbox.io/signin-oidc'
-    name: 'Petimeter dev'
-    secret: kkrKo3mmmseMnorf9qw3eklefkoOKFNs
-  - id: petimeter_dev
-    redirectURIs:
-      - 'https://petimeter.beta.oceanbox.io/signin-oidc'
-      - 'https://jonas-petimeter.dev.oceanbox.io/signin-oidc'
-      - 'https://stig-petimeter.dev.oceanbox.io/signin-oidc'
-      - 'https://simkir-petimeter.dev.oceanbox.io/signin-oidc'
-      - 'https://local.oceanbox.io:8080/signin-oidc'
-    name: 'Petimeter dev'
-    secret: kfngKJF9EKVBnnvgkdmPfs0qw3rmjslk
-  - id: sorcerer
-    redirectURIs:
-      - 'https://sorcerer.data.oceanbox.io/signin-oidc'
-      - 'https://sorcerer.ekman.oceanbox.io/signin-oidc'
-    name: 'Sorcerer'
-    secret: sIUXxSQLaTJiLCQ9AqBhmEbAL9lubHGB
-  - id: sorcerer_dev
-    redirectURIs:
-      - 'https://sorcerer.ekman.oceanbox.io/signin-oidc'
-      - 'https://jonas-sorcerer.ekman.oceanbox.io/signin-oidc'
-      - 'https://stig-sorcerer.ekman.oceanbox.io/signin-oidc'
-      - 'https://simkir-sorcerer.ekman.oceanbox.io/signin-oidc'
-    name: 'Sorcerer dev'
-    secret: cyrgDr1UzhQrJn8nRVqEt9BJ9mLk3OBy
-  - id: archmeister
-    redirectURIs:
-      - 'https://archmeister.srv.oceanbox.io/signin-oidc'
-    name: 'Archmeister'
-    secret: ieK3yak9zoh3yeewee8quahY6seiv7Ro
-  - id: archmeister_dev
-    redirectURIs:
-      - 'https://archmeister.beta.oceanbox.io/signin-oidc'
-      - 'https://jonas-archmeister.dev.oceanbox.io/signin-oidc'
-      - 'https://stig-archmeister.dev.oceanbox.io/signin-oidc'
-      - 'https://simkir-archmeister.dev.oceanbox.io/signin-oidc'
-      - 'https://local.oceanbox.io:9080/signin-oidc'
-    name: 'Archmeister dev'
-    secret: Dae1eekeedeuKaoCiesh1Jei6aishe8I
-  - id: test
-    redirectURIs:
-      - 'http://localhost:8080/signin-oidc'
-      - 'https://localhost:8080/signin-oidc'
-      - 'http://localhost:8085/signin-oidc'
-      - 'https://localhost:8085/signin-oidc'
-    name: 'Local development'
-    secret: jkdjrKKkfkrkieurbd743jdrrrJdnRqR
-
@@ -1,8 +0,0 @@
-generatorOptions:
-  disableNameSuffixHash: true
-secretGenerator:
-  - name: dex-config
-    files:
-      - config.yaml
-resources:
-  - cluster.yaml
@@ -1,37 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: dex
-  namespace: argocd
-spec:
-  generators:
-  - list:
-      elements:
-      - cluster: https://kubernetes.default.svc
-        env: prod
-        hostanme: idp.srv.oceanbox.io
-      - cluster: https://kubernetes.default.svc
-        env: staging
-        hostanme: idp.beta.oceanbox.io
-  template:
-    metadata:
-      name: '{{ env }}-dex'
-    spec:
-      project: atlantis
-      destination:
-        server: https://kubernetes.default.svc
-        namespace: idp
-      sources:
-      - repoURL: https://gitlab.com/oceanbox/manifests.git
-        targetRevision: main
-        path: 'kustomizations/dex/{{ env }}'
-      - repoURL: https://charts.dexidp.io
-        targetRevision: 0.16.0
-        chart: dex
-        helm:
-          valueFiles:
-            - $values/kustomizations/dex/values.yaml
-            - $values/kustomizations/dex/values-{{ env }}.yaml
-      - repoURL: https://gitlab.com/oceanbox/manifests.git
-        targetRevision: main
-        ref: values
@@ -1,15 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: dex-resources
-  namespace: argocd
-spec:
-  project: atlantis
-  destination:
-    server: https://kubernetes.default.svc
-    namespace: idp
-  source:
-    repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: main
-    path: kustomizations/dex/resources
-
@@ -1,3 +0,0 @@
-namePrefix: prod-
-resources:
-  - ../base
@@ -1,31 +0,0 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: pv-oceanbox-dex
-spec:
-  accessModes:
-  - ReadOnlyMany
-  capacity:
-    storage: 50M
-  mountOptions:
-  - vers=4.2
-  - soft
-  nfs:
-    path: /oceanbox/pv-oceanbox-dex
-    server: 10.255.241.210
-  persistentVolumeReclaimPolicy: Retain
-  volumeMode: Filesystem
---
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: oceanbox-dex
-spec:
-  accessModes:
-  - ReadOnlyMany
-  resources:
-    requests:
-      storage: 50M
-  storageClassName: ""
-  volumeMode: Filesystem
-  volumeName: pv-oceanbox-dex
@@ -1,3 +0,0 @@
- op: replace
-  path: /spec/instances
-  value: 1
@@ -1,9 +0,0 @@
-namePrefix: staging-
-patches:
-  - target:
-      group: postgresql.cnpg.io
-      version: v1
-      kind: Cluster
-    path: cluster_patch.yaml
-resources:
-  - ../base
@@ -1,26 +0,0 @@
-configSecret:
-  create: false
-  name: prod-dex-config
-
-ingress:
-  enabled: true
-  className: nginx
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-  hosts:
-    - host: idp.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-    - host: idp.srv.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls:
-   - secretName: prod-dex-tls
-     hosts:
-       - idp.oceanbox.io
-       - idp.srv.oceanbox.io
-
-
@@ -1,21 +0,0 @@
-configSecret:
-  create: false
-  name: staging-dex-config
-
-ingress:
-  enabled: true
-  className: nginx
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-  hosts:
-    - host: idp.beta.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls:
-   - secretName: staging-dex-tls
-     hosts:
-       - idp.beta.oceanbox.io
-
-
@@ -1,37 +0,0 @@
-replicaCount: 1
-https:
-  enabled: false
-grpc:
-  enabled: false
-
-configSecret:
-  create: false
-  name: dex-config
-config: {}
-
-volumes:
-  - name: web
-    persistentVolumeClaim:
-      claimName: oceanbox-dex
-volumeMounts:
-  - name: web
-    mountPath: /srv/dex/web
-envVars: []
-
-service:
-  annotations: {}
-  type: ClusterIP
-  clusterIP: ""
-  ports:
-    http:
-      port: 5556
-      nodePort:
-    https:
-      port: 5554
-      nodePort:
-    grpc:
-      port: 5557
-      nodePort:
-
-serviceMonitor:
-  enabled: true
@@ -1,9 +0,0 @@
- op: replace
-  path: /spec/rules/0/http/paths/0/path
-  value: /geoserver/ows
- op: add
-  path: /spec/ingressClassName
-  value: nginx
-
-
-
@@ -1,9 +0,0 @@
-patches:
-  - target:
-      group: networking.k8s.io
-      version: v1
-      kind: Ingress
-      name: geoserver
-    path: ingress_patch.yaml
-resources:
-  - _manifest.yaml
@@ -1 +0,0 @@
-ncsa/geoserver
@@ -1,31 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging
-    nginx.ingress.kubernetes.io/backend-protocol: HTTP
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    atlantis.oceanbox.io/expose: internal
-  labels:
-    app.kubernetes.io/instance: prod-geoserver
-    app.kubernetes.io/name: geoserver
-  name: geoserver-internal
-  namespace: geoserver
-spec:
-  ingressClassName: nginx
-  rules:
-  - host: geoserver.srv.oceanbox.io
-    http:
-      paths:
-      - backend:
-          service:
-            name: prod-geoserver
-            port:
-              number: 8080
-        path: /geoserver
-        pathType: ImplementationSpecific
-  tls:
-  - hosts:
-    - geoserver.srv.oceanbox.io
-    secretName: prod-geoserver-tls
-
@@ -1,4 +0,0 @@
-namePrefix: prod-
-resources:
-  - ingress-web.yaml
-  - ../base
@@ -1,31 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging
-    nginx.ingress.kubernetes.io/backend-protocol: HTTP
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    atlantis.oceanbox.io/expose: internal
-  labels:
-    app.kubernetes.io/instance: staging-geoserver
-    app.kubernetes.io/name: geoserver
-  name: geoserver-internal
-  namespace: geoserver
-spec:
-  ingressClassName: nginx
-  rules:
-  - host: geoserver.beta.oceanbox.io
-    http:
-      paths:
-      - backend:
-          service:
-            name: staging-geoserver
-            port:
-              number: 8080
-        path: /geoserver
-        pathType: ImplementationSpecific
-  tls:
-  - hosts:
-    - geoserver.beta.oceanbox.io
-    secretName: staging-geoserver-tls
-
@@ -1,4 +0,0 @@
-namePrefix: staging-
-resources:
-  - ingress-web.yaml
-  - ../base
@@ -1,111 +0,0 @@
-# Default values for geoserver.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-image:
-  repository: docker.osgeo.org/geoserver
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
-
-auth:
-  username: admin
-  # password: geoserver
-  # use an existing secret if specified
-  existingSecret: prod-geoserver
-  passwordKey: geoserver-admin-password
-
-cors:
-  enabled: true
-
-extension:
-  install: false
-  stableExtension: ""
-
-demoData:
-  skip: true
-
-startup:
-  failureThreshold: 10
-  periodSeconds: 30
-
-imagePullSecrets: []
-
-nameOverride: ""
-fullnameOverride: "geoserver"
-
-persistence:
-  size: 10Gi
-  accessModes: ReadWriteOnce
-  #existingClaim: someclaim
-
-# the white list is needed for GUI working properly.
-# the value for this should be the main URL for where geoserver get deployed.
-# the values should be only url without http:// or https://, like "geoserver.example.com"
-whitelist: "geoserver.srv.oceanbox.io"
-
-# the following is for the geoserver java memory heap size control
-envs:
-  extraJavaOpts: "-Xms512m -Xmx2g"
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-podAnnotations: {}
-
-podSecurityContext:
-  fsGroup: 2000
-
-securityContext:
-  capabilities:
-    drop:
-    - ALL
-  readOnlyRootFilesystem: false
-  allowPrivilegeEscalation: true
-  seccompProfile:
-    type: RuntimeDefault
-  runAsNonRoot: false
-  runAsUser: 0
-
-service:
-  type: ClusterIP
-  port: 8080
-
-ingress:
-  enabled: true
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging
-    nginx.ingress.kubernetes.io/backend-protocol: HTTP
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-      # nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
-  hosts:
-    - host: geoserver.srv.oceanbox.io
-  tls:
-   - secretName: prod-geoserver-tls
-     hosts:
-       - geoserver.srv.oceanbox.io
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
@@ -1,111 +0,0 @@
-# Default values for geoserver.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-image:
-  repository: docker.osgeo.org/geoserver
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
-
-auth:
-  username: admin
-  # password: geoserver
-  # use an existing secret if specified
-  existingSecret: staging-geoserver
-  passwordKey: geoserver-admin-password
-
-cors:
-  enabled: true
-
-extension:
-  install: false
-  stableExtension: ""
-
-demoData:
-  skip: true
-
-startup:
-  failureThreshold: 10
-  periodSeconds: 30
-
-imagePullSecrets: []
-
-nameOverride: ""
-fullnameOverride: "geoserver"
-
-persistence:
-  size: 10Gi
-  accessModes: ReadWriteOnce
-  #existingClaim: someclaim
-
-# the white list is needed for GUI working properly.
-# the value for this should be the main URL for where geoserver get deployed.
-# the values should be only url without http:// or https://, like "geoserver.example.com"
-whitelist: "geoserver.beta.oceanbox.io"
-
-# the following is for the geoserver java memory heap size control
-envs:
-  extraJavaOpts: "-Xms512m -Xmx2g"
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-podAnnotations: {}
-
-podSecurityContext:
-  fsGroup: 2000
-
-securityContext:
-  capabilities:
-    drop:
-    - ALL
-  readOnlyRootFilesystem: false
-  allowPrivilegeEscalation: true
-  seccompProfile:
-    type: RuntimeDefault
-  runAsNonRoot: false
-  runAsUser: 0
-
-service:
-  type: ClusterIP
-  port: 8080
-
-ingress:
-  enabled: true
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging
-    nginx.ingress.kubernetes.io/backend-protocol: HTTP
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    atlantis.oceanbox.io/expose: internal
-  hosts:
-    - host: geoserver.beta.oceanbox.io
-  tls:
-   - secretName: staging-geoserver-tls
-     hosts:
-       - geoserver.beta.oceanbox.io
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
@@ -1,106 +0,0 @@
-# Default values for geoserver.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-image:
-  repository: docker.osgeo.org/geoserver
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
-
-auth:
-  username: admin
-  password: geoserver
-  # use an existing secret if specified
-  #existingSecret: geoserver-admin-password
-  #passwordKey: geoserver-admin-password
-
-cors:
-  enabled: true
-
-extension:
-  install: false
-  stableExtension: ""
-
-demoData:
-  skip: true
-
-startup:
-  failureThreshold: 10
-  periodSeconds: 30
-
-imagePullSecrets: []
-
-nameOverride: ""
-fullnameOverride: ""
-
-persistence:
-  size: 10Gi
-  accessModes: ReadWriteOnce
-  #existingClaim: someclaim
-
-# the white list is needed for GUI working properly.
-# the value for this should be the main URL for where geoserver get deployed.
-# the values should be only url without http:// or https://, like "geoserver.example.com"
-whitelist: ""
-
-# the following is for the geoserver java memory heap size control
-envs:
-  extraJavaOpts: "-Xms512m -Xmx2g"
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-podAnnotations: {}
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-service:
-  type: ClusterIP
-  port: 8080
-
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host: geoserver.local
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
@@ -1,9 +0,0 @@
- op: replace
-  path: /spec/template/spec/containers/0/livenessProbe/httpGet/path
-  value: /healthz
- op: replace
-  path: /spec/template/spec/containers/0/readinessProbe/httpGet/path
-  value: /healthz
- op: add
-  path: /spec/template/spec/containers/0/envFrom
-  value: []
@@ -1,14 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-patches:
-  - target:
-      version: v1
-      group: apps
-      kind: Deployment
-    path: deployment_patch.yaml
-  - target:
-      version: v1
-      kind: Service
-    path: service_patch.yaml
-resources:
-  - _manifest.yaml
@@ -1,7 +0,0 @@
- op: add
-  path: /spec/ports/-
-  value:
-    name: intra
-    port: 8000
-    protocol: TCP
-    targetPort: 8000
@@ -1 +0,0 @@
-oceanbox/hipster
@@ -1,18 +0,0 @@
-{
-    "slurm": {
-        "baseUrl": "https://hipster-slurmrestd.ekman.oceanbox.io/",
-        "slurmApi": "slurm/v0.0.38/",
-        "dbdApi": "slurmdbd/v0.0.38/",
-        "user": "serf",
-        "password": ""
-    },
-    "amqp": {
-        "auth": "",
-        "host": "10.255.241.201:30673"
-    },
-    "archmeister": "https://archmeister.srv.oceanbox.io",
-    "pubsubName": "pubsub",
-    "pubsubTopic": "hipster-atlantis",
-    "fenceRadius": 1000.0,
-    "cerbosUrl": "http://prod-cerbos.idp.svc:3593"
-}
@@ -1,24 +0,0 @@
-#
-# Create a queue binding for receiving events from RabbitMQ.
-# Used by Hipster to get info about changes in job status from slurm.
-#
-apiVersion: dapr.io/v1alpha1
-kind: Component
-metadata:
-  name: slurm-events # name of the subscription path in the app!
-spec:
-  type: bindings.rabbitmq
-  version: v1
-  metadata:
-  - name: host
-    secretKeyRef:
-      name: prod-rabbitmq
-      key:  connString
-  - name: queueName
-    value: prod-hipster-slurm-job-events
-  - name: durable
-    value: true
-  - name: contentType
-    value: "application/json"
-scopes:
-  - prod-hipster
@@ -1,2 +0,0 @@
-SLURM_PASSWORD=wooqueiLee3ao0ha
-SEQ_APIKEY=DRRRBGlTvl00icnSGbeT
@@ -1,37 +0,0 @@
- op: add
-  path: /spec/template/spec/containers/0/env
-  value: []
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: LOG_LEVEL
-    value: "4"
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: CI_ENVIRONMENT
-    value: "production"
- op: replace
-  path: /spec/template/spec/containers/0/livenessProbe/httpGet/path
-  value: /healthz
- op: replace
-  path: /spec/template/spec/containers/0/readinessProbe/httpGet/path
-  value: /healthz
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: AMQP_USER
-    value: user
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: AMQP_PASSWORD
-    valueFrom:
-      secretKeyRef:
-        name: prod-rabbitmq
-        key: rabbitmq-password
- op: add
-  path: /spec/template/spec/containers/0/envFrom/-
-  value:
-    secretRef:
-      name: prod-hipster-env
@@ -1,19 +0,0 @@
-generatorOptions:
-  disableNameSuffixHash: true
-configMapGenerator:
- name: prod-hipster-appsettings
-  files:
-  - appsettings.json
-secretGenerator:
- name: prod-hipster-env
-  envs:
-  - default.env
-patches:
-  - target:
-      group: apps
-      version: v1
-      kind: Deployment
-    path: deployment_patch.yaml
-resources:
-  - bindings.yaml
-  - ../base
@@ -1,18 +0,0 @@
-{
-    "slurm": {
-        "baseUrl": "https://hipster-slurmrestd.ekman.oceanbox.io/",
-        "slurmApi": "slurm/v0.0.38/",
-        "dbdApi": "slurmdbd/v0.0.38/",
-        "user": "serf",
-        "password": "wooqueiLee3ao0ha"
-    },
-    "amqp": {
-        "auth": "",
-        "host": "10.255.241.201:31673"
-    },
-    "archmeister": "https://archmeister.beta.oceanbox.io",
-    "pubsubName": "pubsub",
-    "pubsubTopic": "hipster-atlantis",
-    "fenceRadius": 1000.0,
-    "cerbosUrl": "http://staging-cerbos.idp.svc:3593"
-}
@@ -1,24 +0,0 @@
-#
-# Create a queue binding for receiving events from RabbitMQ.
-# Used by Hipster to get info about changes in job status from slurm.
-#
-apiVersion: dapr.io/v1alpha1
-kind: Component
-metadata:
-  name: slurm-events # name of the subscription path in the app!
-spec:
-  type: bindings.rabbitmq
-  version: v1
-  metadata:
-  - name: host
-    secretKeyRef:
-      name: staging-rabbitmq
-      key:  connString
-  - name: queueName
-    value: staging-hipster-slurm-job-events
-  - name: durable
-    value: true
-  - name: contentType
-    value: "application/json"
-scopes:
-  - staging-hipster
@@ -1,2 +0,0 @@
-SLURM_PASSWORD=wooqueiLee3ao0ha
-SEQ_APIKEY=DRRRBGlTvl00icnSGbeT
@@ -1,37 +0,0 @@
- op: add
-  path: /spec/template/spec/containers/0/env
-  value: []
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: LOG_LEVEL
-    value: "4"
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: CI_ENVIRONMENT
-    value: "staging"
- op: replace
-  path: /spec/template/spec/containers/0/livenessProbe/httpGet/path
-  value: /healthz
- op: replace
-  path: /spec/template/spec/containers/0/readinessProbe/httpGet/path
-  value: /healthz
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: AMQP_USER
-    value: user
- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: AMQP_PASSWORD
-    valueFrom:
-      secretKeyRef:
-        name: staging-rabbitmq
-        key: rabbitmq-password
- op: add
-  path: /spec/template/spec/containers/0/envFrom/-
-  value:
-    secretRef:
-      name: staging-hipster-env
@@ -1,19 +0,0 @@
-generatorOptions:
-  disableNameSuffixHash: true
-configMapGenerator:
- name: staging-hipster-appsettings
-  files:
-  - appsettings.json
-secretGenerator:
- name: staging-hipster-env
-  envs:
-  - default.env
-patches:
-  - target:
-      group: apps
-      version: v1
-      kind: Deployment
-    path: deployment_patch.yaml
-resources:
-  - bindings.yaml
-  - ../base
@@ -1,23 +0,0 @@
-replicaCount: 2
-
-podAnnotations:
-  dapr.io/app-id: "prod-hipster"
-  dapr.io/enabled: "true"
-  dapr.io/app-port: "8000"
-  dapr.io/config: "tracing"
-  dapr.io/app-protocol: "http"
-  dapr.io/enable-app-health-check: "true"
-  dapr.io/app-health-check-path: "/healthz"
-  dapr.io/app-health-probe-interval: "3"
-  dapr.io/app-health-probe-timeout: "200"
-  dapr.io/app-health-threshold: "2"
-  dapr.io/sidecar-cpu-request: "100m"
-  dapr.io/sidecar-memory-request: "250Mi"
-  dapr.io/sidecar-cpu-limit: "300m"
-  dapr.io/sidecar-memory-limit: "1000Mi"
-  dapr.io/log-as-json: "true"
-
-ingress:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-    atlantis.oceanbox.io/expose: internal
@@ -1,23 +0,0 @@
-replicaCount: 1
-image:
-  tag: fddb3a25-debug
-podAnnotations:
-  dapr.io/app-id: "staging-hipster"
-  dapr.io/enabled: "true"
-  dapr.io/app-port: "8000"
-  dapr.io/config: "tracing"
-  dapr.io/app-protocol: "http"
-  dapr.io/enable-app-health-check: "true"
-  dapr.io/app-health-check-path: "/healthz"
-  dapr.io/app-health-probe-interval: "3"
-  dapr.io/app-health-probe-timeout: "200"
-  dapr.io/app-health-threshold: "2"
-  dapr.io/sidecar-cpu-request: "100m"
-  dapr.io/sidecar-memory-request: "250Mi"
-  dapr.io/sidecar-cpu-limit: "300m"
-  dapr.io/sidecar-memory-limit: "1000Mi"
-  dapr.io/log-as-json: "true"
-ingress:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging
-    atlantis.oceanbox.io/expose: internal
@@ -1,3 +0,0 @@
-rbac:
-  create: true
-  clusterRole: true
@@ -1,67 +0,0 @@
-production: true
-proxy: edge
-auth:
-  adminPassword: en to tre fire
-  adminUser: admin
-  existingSecret: ""
-  managementPassword: ""
-  managementUser: manager
-postgresql:
-  enabled: true
-  auth:
-    postgresPassword: "avatar mustiness economic"
-    password: "punctured abstain facility"
-extraVolumeMounts:
- mountPath: /opt/bitnami/keycloak/themes/oceanbox
-  name: theme
-extraVolumes:
- emptyDir: {}
-  name: theme
-ingress:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-    nginx.ingress.kubernetes.io/enable-cors: "true"
-    nginx.ingress.kubernetes.io/backend-protocol: HTTP
-    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-  enabled: true
-  extraHosts:
-    - name: auth.oceanbox.io
-      path: /
-  hostname: auth.srv.oceanbox.io
-  ingressClassName: nginx
-  path: /
-  pathType: ImplementationSpecific
-  selfSigned: false
-  servicePort: http
-  tls: true
-adminIngress:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-    nginx.ingress.kubernetes.io/enable-cors: "true"
-    nginx.ingress.kubernetes.io/backend-protocol: HTTP
-    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
-  enabled: true
-  hostname: keycloak.adm.oceanbox.io
-  ingressClassName: nginx
-  path: /
-  pathType: ImplementationSpecific
-  selfSigned: false
-  servicePort: http
-  tls: true
-initContainers: |
-  - name: keycloak-theme-provider
-    image: docker.io/juselius/oceanbox-theme:1.1
-    imagePullPolicy: IfNotPresent
-    command:
-      - sh
-    args:
-      - -c
-      - |
-        echo "Copying theme..."
-        cp -R /theme/* /keycloak/themes/oceanbox
-    volumeMounts:
-      - name: theme
-        mountPath: /keycloak/themes/oceanbox
@@ -1,31 +0,0 @@
-replicaCount: 2
-
-datastore:
-  engine: postgres
-  uriSecret: prod-openfga-postgresql
-
-postgresql:
-  enabled: true
-  auth:
-    existingSecret: prod-openfga-postgresql
-    secretKeys:
-       userPasswordKey: postgres-password
-
-ingress:
-  enabled: true
-  className: nginx
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
-  hosts:
-    - host: openfga.srv.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls:
-   - secretName: staging-openfga-tls
-     hosts:
-       - openfga.srv.oceanbox.io
-
-
@@ -1,29 +0,0 @@
-replicaCount: 1
-
-datastore:
-  engine: postgres
-  uriSecret: staging-openfga-postgresql
-
-postgresql:
-  enabled: true
-  auth:
-    existingSecret: staging-openfga-postgresql
-    secretKeys:
-       userPasswordKey: postgres-password
-
-ingress:
-  enabled: true
-  className: nginx
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
-  hosts:
-    - host: openfga.dev.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls:
-   - secretName: staging-openfga-tls
-     hosts:
-       - openfga.dev.oceanbox.io
@@ -1,8 +0,0 @@
-# fullnameOverride: openfga
-
-playground:
-  enabled: false
-  port: 3000
-
-
-
@@ -1,4 +0,0 @@
- op: remove
-  path: /spec/template/spec/containers/0/livenessProbe
- op: remove
-  path: /spec/template/spec/containers/0/readinessProbe
@@ -1,11 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-# patches:
-#   - target:
-#       version: v1
-#       group: apps
-#       kind: Deployment
-#       name: osm-tile-server
-#     path: deployment_patch.yaml
-resources:
-  - _manifest.yaml
@@ -1 +0,0 @@
-oceanbox/osm-tile-server
@@ -1,5 +0,0 @@
-namePrefix: prod-
-generatorOptions:
-  disableNameSuffixHash: true
-resources:
-  - ../base
@@ -1,5 +0,0 @@
-namePrefix: staging-
-generatorOptions:
-  disableNameSuffixHash: true
-resources:
-  - ../base
@@ -1,16 +0,0 @@
-fullnameOverride: osm-tile-server
-
-ingress:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging
-    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
-    atlantis.oceanbox.io/expose: internal
-  hosts:
-    - host: osm.srv.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls:
-    - hosts:
-       - osm.srv.oceanbox.io
-      secretName: prod-osm-tile-server-tls
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				`oceanbox:$apr1$4njCUY7A$fmWQSymNJ6abSHvwDpNGU/`