platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

feat: rename kustomizations/ to values/

Browse Source
This commit is contained in:
Jonas Juselius
2024-10-14 07:59:16 +02:00
parent 91b56423f2
commit 372c11c31e
165 changed files with 28 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files
values/petimeter/base/deployment_patch.yaml
+22
View File
@@ -0,0 +1,22 @@
- op: replace
path: /spec/template/spec/containers/0/livenessProbe/httpGet/path
value: /healthz
- op: replace
path: /spec/template/spec/containers/0/readinessProbe/httpGet/path
value: /healthz
- op: add
path: /spec/template/spec/containers/0/volumeMounts/-
value:
name: acl
mountPath: /app/acl.json
subPath: acl.json
readOnly: true
- op: add
path: /spec/template/spec/volumes/-
value:
name: acl
configMap:
name: petimeter-acl
- op: add
path: /spec/template/spec/containers/0/envFrom
value: []
values/petimeter/base/kustomization.yaml
+10
View File
@@ -0,0 +1,10 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
patches:
- target:
version: v1
group: apps
kind: Deployment
path: deployment_patch.yaml
resources:
- _manifest.yaml
values/petimeter/chart
+1
View File
@@ -0,0 +1 @@
oceanbox/petimeter
values/petimeter/manifests/acl.json
+303
View File
@@ -0,0 +1,303 @@
[
{
"domain": "oceanbox.io",
"access": [
{
"matching": ".*@oceanbox.io",
"group": "/oceanbox",
"roles": [ "admin" ],
"capabilities": [
"run:*"
]
}
]
},
{
"domain": "salmar.no",
"access": [
{
"matching": ".*@salmar.no",
"group": "/salmar",
"roles": [ "user" ],
"capabilities": [
"run:transport",
"run:sedimentation"
]
}
]
},
{
"domain": "leroy.no",
"access": [
{
"matching": "karstein@leroy.no",
"group": "/oceanbox",
"roles": [ "admin" ],
"capabilities": [ "run:*" ]
},
{
"matching": ".*@leroy.no",
"group": "/leroy",
"roles": [ "user" ],
"capabilities": [
"run:transport",
"run:sedimentation"
]
}
]
},
{
"domain": "serit.no",
"access": [
{
"matching": ".*@tromso.serit.no",
"group": "/oceanbox",
"roles": [ "admin" ],
"capabilities": []
}
]
},
{
"domain": "aqua-kompetanse.no",
"access": [
{
"matching": ".*@aqua-kompetanse.no",
"group": "/aqua-kompetanse",
"roles": [ "user" ],
"capabilities": [
"run:transport",
"run:sedimentation"
]
}
]
},
{
"domain": "kelpinor.no",
"access": [
{
"matching": ".*@kelpinor.no",
"group": "/kelpinor",
"roles": [ "user" ],
"capabilities": [
"run:transport",
"run:sedimentation"
]
}
]
},
{
"domain": "bkmanimalhealth.com",
"access": [
{
"matching": ".*@bkmanimalhealth.com",
"group": "/bkmanimalhealth",
"roles": [ "user" ],
"capabilities": [
"run:transport",
"run:sedimentation"
]
}
]
},
{
"domain": "uio.no",
"access": [
{
"matching": ".*@geo.uio.no",
"group": "/demo",
"roles": [ "user" ],
"capabilities": [
"run:transport",
"run:sedimentation"
]
}
]
},
{
"domain": "nord.no",
"access": [
{
"matching": ".*@.*.nord.no",
"group": "/uni-nord",
"roles": [ "user" ],
"capabilities": [
"run:transport",
"run:sedimentation"
]
}
]
},
{
"domain": "argusmiljo.no",
"access": [
{
"matching": ".*@argusmiljo.no",
"group": "/argusmiljo",
"roles": [ "user" ],
"capabilities": [
"run:transport",
"run:sedimentation"
]
}
]
},
{
"domain": "bakkafrost.com",
"access": [
{
"matching": ".*@bakkafrost.com",
"group": "/bakkafrost",
"roles": [ "user" ],
"capabilities": [
"run:transport",
"run:sedimentation"
]
}
]
},
{
"domain": "multiconsult.no",
"access": [
{
"matching": ".*@multiconsult.no",
"group": "/multiconsult",
"roles": [ "user" ],
"capabilities": [
"run:transport",
"run:sedimentation"
]
}
]
},
{
"domain": "kpmg.no",
"access": [
{
"matching": ".*@kpmg.no",
"group": "/kpmg",
"roles": [ "user" ],
"capabilities": [
"run:transport",
"run:sedimentation"
]
}
]
},
{
"domain": "synfaring.no",
"access": [
{
"matching": ".*@synfaring.no",
"group": "/synfaring",
"roles": [ "user" ],
"capabilities": [
"run:transport",
"run:sedimentation"
]
}
]
},
{
"domain": "boehareide.no",
"access": [
{
"matching": ".*@boehareide.no",
"group": "/boehareide",
"roles": [ "user" ],
"capabilities": [
"run:transport",
"run:sedimentation"
]
}
]
},
{
"domain": "sinkaberg.no",
"access": [
{
"matching": ".*@sinkaberg.no",
"group": "/sinkaberg",
"roles": [ "user" ],
"capabilities": [
"run:transport",
"run:sedimentation"
]
}
]
},
{
"domain": "akerbla.no",
"access": [
{
"matching": ".*@akerbla.no",
"group": "/akerbla",
"roles": [ "user" ],
"capabilities": [
"run:transport"
]
}
]
},
{
"domain": "nr.no",
"access": [
{
"matching": ".*@nr.no",
"group": "/nr",
"roles": [ "user" ],
"capabilities": [
"run:transport"
]
}
]
},
{
"domain": "sjomatnorge.no",
"access": [
{
"matching": ".*@sjomatnorge.no",
"group": "/sjomatnorge",
"roles": [ "user" ],
"capabilities": [
"run:transport"
]
}
]
},
{
"domain": "tatidentilbake.no",
"access": [
{
"matching": ".*@tatidentilbake.no",
"group": "/tatidentilbake",
"roles": [ "user" ],
"capabilities": [
"run:transport"
]
}
]
},
{
"domain": "gmail.com",
"access": [
{
"matching": "jonas.juselius@gmail.com",
"group": "/bakkafrost",
"roles": [ "user" ],
"capabilities": [
"run:transport",
"run:sedimentation"
]
},
{
"matching": ".*@gmail.com",
"group": "/demo",
"roles": [ "user" ],
"capabilities": [
"run:transport",
"run:sedimentation"
]
}
]
}
]
values/petimeter/manifests/kustomization.yaml
+6
View File
@@ -0,0 +1,6 @@
generatorOptions:
disableNameSuffixHash: true
configmapGenerator:
- name: petimeter-acl
files:
- acl.json
values/petimeter/prod/appsettings.json
+32
View File
@@ -0,0 +1,32 @@
{
"oidc": {
"issuer": "https://idp.oceanbox.io/dex",
"authorization_endpoint": "https://idp.oceanbox.io/dex/auth",
"token_endpoint": "https://idp.oceanbox.io/dex/token",
"jwks_uri": "https://idp.oceanbox.io/dex/keys",
"userinfo_endpoint": "https://idp.oceanbox.io/dex/userinfo",
"device_authorization_endpoint": "https://idp.oceanbox.io/dex/device/code",
"clientId": "petimeter",
"clientSecret": "",
"scopes": [
"openid",
"email",
"offline_access",
"profile"
]
},
"sso": {
"cookieDomain": ".oceanbox.io",
"signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html",
"redis": "prod-redis-master.redis.svc,user=default,password=secret",
"appDomain": "atlantis",
"dataProtectionKeys": "DataProtection-Keys"
},
"allowedOrigins": [
"https://maps.oceanbox.io",
"https://atlantis.srv.oceanbox.io"
],
"logService" : "https://seq.adm.oceanbox.io",
"logApiKey": "",
"deployEnv": "prod"
}
values/petimeter/prod/default.env
+2
View File
@@ -0,0 +1,2 @@
OIDC_CLIENT_SECRET=kkrKo3mmmseMnorf9qw3eklefkoOKFNs
SEQ_APIKEY=jxkOkWGvN2Cro8C7pwm4
values/petimeter/prod/deployment_patch.yaml
+23
View File
@@ -0,0 +1,23 @@
- op: replace
path: /spec/template/spec/containers/0/env/0
value:
name: LOG_LEVEL
value: "4"
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: REDIS_USER
value: default
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: prod-redis
key: redis-password
- op: add
path: /spec/template/spec/containers/0/envFrom/-
value:
secretRef:
name: prod-petimeter-env
values/petimeter/prod/kustomization.yaml
+18
View File
@@ -0,0 +1,18 @@
generatorOptions:
disableNameSuffixHash: true
configMapGenerator:
- name: prod-petimeter-appsettings
files:
- appsettings.json
secretGenerator:
- name: prod-petimeter-env
envs:
- default.env
patches:
- target:
group: apps
version: v1
kind: Deployment
path: deployment_patch.yaml
resources:
- ../base
values/petimeter/staging/appsettings.json
+34
View File
@@ -0,0 +1,34 @@
{
"oidc": {
"issuer": "https://idp.oceanbox.io/dex",
"authorization_endpoint": "https://idp.oceanbox.io/dex/auth",
"token_endpoint": "https://idp.oceanbox.io/dex/token",
"jwks_uri": "https://idp.oceanbox.io/dex/keys",
"userinfo_endpoint": "https://idp.oceanbox.io/dex/userinfo",
"device_authorization_endpoint": "https://idp.oceanbox.io/dex/device/code",
"clientId": "petimeter_dev",
"clientSecret": "",
"scopes": [
"openid",
"email",
"offline_access",
"profile"
]
},
"sso": {
"cookieDomain": ".oceanbox.io",
"signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html",
"redis": "staging-redis-master.redis.svc,user=default,password=secret",
"appDomain": "atlantis",
"dataProtectionKeys": "DataProtection-Keys"
},
"allowedOrigins": [
"https://atlantis.srv.oceanbox.io",
"https://maps.oceanbox.io",
"https://atlantis.srv.oceanbox.io",
"https://atlantis.local.oceanbox.io:8080"
],
"logService" : "https://seq.adm.oceanbox.io",
"logApiKey": "",
"deployEnv": "staging"
}
values/petimeter/staging/default.env
+2
View File
@@ -0,0 +1,2 @@
OIDC_CLIENT_SECRET=kfngKJF9EKVBnnvgkdmPfs0qw3rmjslk
SEQ_APIKEY=jxkOkWGvN2Cro8C7pwm4
values/petimeter/staging/deployment_patch.yaml
+23
View File
@@ -0,0 +1,23 @@
- op: replace
path: /spec/template/spec/containers/0/env/0
value:
name: LOG_LEVEL
value: "4"
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: REDIS_USER
value: default
- op: add
path: /spec/template/spec/containers/0/env/-
value:
name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: staging-redis
key: redis-password
- op: add
path: /spec/template/spec/containers/0/envFrom/-
value:
secretRef:
name: staging-petimeter-env
values/petimeter/staging/kustomization.yaml
+18
View File
@@ -0,0 +1,18 @@
generatorOptions:
disableNameSuffixHash: true
configMapGenerator:
- name: staging-petimeter-appsettings
files:
- appsettings.json
secretGenerator:
- name: staging-petimeter-env
envs:
- default.env
patches:
- target:
group: apps
version: v1
kind: Deployment
path: deployment_patch.yaml
resources:
- ../base
values/petimeter/values-prod.yaml
+32
View File
@@ -0,0 +1,32 @@
replicaCount: 2
podAnnotations:
dapr.io/app-id: "prod-petimeter"
dapr.io/enabled: "true"
dapr.io/app-port: "8000"
dapr.io/config: "tracing"
dapr.io/app-protocol: "http"
dapr.io/enable-app-health-check: "true"
dapr.io/app-health-check-path: "/healthz"
dapr.io/app-health-probe-interval: "3"
dapr.io/app-health-probe-timeout: "200"
dapr.io/app-health-threshold: "2"
dapr.io/sidecar-cpu-request: "100m"
dapr.io/sidecar-memory-request: "250Mi"
dapr.io/sidecar-cpu-limit: "300m"
dapr.io/sidecar-memory-limit: "1000Mi"
dapr.io/log-as-json: "true"
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
hosts:
- host: petimeter.srv.oceanbox.io
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- petimeter.srv.oceanbox.io
secretName: prod-petimeter-tls
values/petimeter/values-staging.yaml
+33
View File
@@ -0,0 +1,33 @@
replicaCount: 1
podAnnotations:
dapr.io/app-id: "staging-petimeter"
dapr.io/enabled: "true"
dapr.io/app-port: "8000"
dapr.io/config: "tracing"
dapr.io/app-protocol: "http"
dapr.io/enable-app-health-check: "true"
dapr.io/app-health-check-path: "/healthz"
dapr.io/app-health-probe-interval: "3"
dapr.io/app-health-probe-timeout: "200"
dapr.io/app-health-threshold: "2"
dapr.io/sidecar-cpu-request: "100m"
dapr.io/sidecar-memory-request: "250Mi"
dapr.io/sidecar-cpu-limit: "300m"
dapr.io/sidecar-memory-limit: "1000Mi"
dapr.io/log-as-json: "true"
image:
tag: 2da3ce09-debug
ingress:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
# atlantis.oceanbox.io/expose: internal
hosts:
- host: petimeter.beta.oceanbox.io
paths:
- path: /
pathType: ImplementationSpecific
tls:
- hosts:
- petimeter.beta.oceanbox.io
secretName: staging-petimeter-tls