fix: update (pre)prod atlantis manifests

2025-01-10 12:46:22 +01:00
parent 20a34d6bf0
commit 386c098373
10 changed files with 106 additions and 66 deletions
@@ -1,25 +1,66 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: prod-atlantis
+  name: rc-atlantis
  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
 spec:
-  template:
-    metadata:
-      name: prod-atlantis
-    spec:
-      project: atlantis
-      destination:
-        namespace: atlantis
-        server: https://kubernetes.default.svc
-      sources:
-      - repoURL: https://gitlab.com/oceanbox/manifests.git
-        targetRevision: nixidy
-        path: values/atlantis
-        plugin:
-          name: kustomize-helm-with-rewrite
-          parameters:
-          - name: env
-            string: prod
-          - name: hostname
-            string: atlantis.beta.oceanbox.io
+  destination:
+    namespace: prod-atlantis
+    server: https://kubernetes.default.svc
+  project: atlantis
+  sources:
+  - repoURL: https://gitlab.com/oceanbox/manifests.git
+    targetRevision: nixidy
+    ref: values
+  - repoURL: https://gitlab.com/oceanbox/manifests.git
+    targetRevision: nixidy
+    path: values/atlantis
+    plugin:
+      name: kustomize-helm-with-rewrite
+      parameters:
+      - name: env
+        string: prod
+      - name: hostname
+        string: maps.beta.oceanbox.io
+  - repoURL: https://charts.bitnami.com/bitnami
+    targetRevision: 20.1.7
+    chart: redis
+    helm:
+      valueFiles:
+      - $values/values/redis/values-prod.yaml
+  ignoreDifferences:
+    - kind: Secret
+      name: azure-keyvault
+      jqPathExpressions:
+        - '.data'
+        - '.metadata.labels'
+        - '.metadata.annotations'
+    - kind: Secret
+      name: prod-atlantis-rabbitmq
+      jqPathExpressions:
+        - '.data'
+        - '.metadata.labels'
+        - '.metadata.annotations'
+    - kind: Secret
+      name: prod-archmeister-replication
+      jqPathExpressions:
+        - '.data'
+        - '.metadata.labels'
+        - '.metadata.annotations'
+    - kind: Secret
+      name: prod-archmeister-ca
+      jqPathExpressions:
+        - '.data'
+        - '.metadata.labels'
+        - '.metadata.annotations'
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+    automated:
+      prune: true
+      selfHeal: false
@@ -1,11 +1,12 @@
 {
    "oidc": {
-        "issuer": "https://idp.oceanbox.io/dex",
-        "authorization_endpoint": "https://idp.oceanbox.io/dex/auth",
-        "token_endpoint": "https://idp.oceanbox.io/dex/token",
-        "jwks_uri": "https://idp.oceanbox.io/dex/keys",
-        "userinfo_endpoint": "https://idp.oceanbox.io/dex/userinfo",
-        "device_authorization_endpoint": "https://idp.oceanbox.io/dex/device/code",
+        "issuer": "https://auth.oceanbox.io/realms/oceanbox",
+        "authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth",
+        "token_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/token",
+        "jwks_uri": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/certs",
+        "userinfo_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/userinfo",
+        "end_session_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/logout",
+        "device_authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth/device",
        "clientId": "atlantis",
        "clientSecret": "",
        "scopes": [
@@ -24,7 +25,7 @@
    "sso": {
        "cookieDomain": ".oceanbox.io",
        "cookieName": ".obx.prod",
-        "signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html",
+        "signedOutRedirectUri": "https://maps.beta.oceanbox.io",
        "realm": "atlantis",
        "environment": "prod",
        "keyStore": "azure",
@@ -34,8 +35,8 @@
    "fga": {
      "apiUrl": "http://prod-openfga.openfga.svc.cluster.local:8080",
      "apiKey": "",
-      "storeId": "01J6C1NBX36E1B928HFSB123XQ",
-      "modelId": "01JFA49B1JZF1MZ426HQTZ6WTJ"
+      "storeId": "01JH65JAW80D06GYBN7A8TBZRG",
+      "modelId": "01JH65JAY2R397SHAKE5MTHB0D"
    },
    "plainAuthUsers": [
        {
@@ -51,12 +52,12 @@
    "sorcerer" : "https://sorcerer.ekman.oceanbox.io",
    "allowedOrigins": [
        "https://maps.oceanbox.io",
-        "https://atlantis.srv.oceanbox.io"
+        "https://maps.beta.oceanbox.io",
    ],
    "appName": "atlantis",
    "appEnv": "prod",
    "appNamespace": "atlantis",
-    "appVersion": "2.90.0",
+    "appVersion": "2.92.0",
    "otelCollector": "http://opentelemetry-collector.otel.svc:4317",
    "pubsubName": "pubsub",
    "pubsubTopic": "hipster-atlantis",
@@ -11,7 +11,7 @@ spec:
      name: prod-atlantis-rabbitmq
      key:  connString
  - name: queueName
-    value: prod-slurm-job-events
+    value: rc-slurm-job-events
  - name: durable
    value: true
  - name: contentType
@@ -19,4 +19,4 @@ spec:
  - name: route
    value: /events/slurm
 scopes:
-  - prod-atlantis
+  - preprod-atlantis
@@ -17,4 +17,4 @@ spec:
  - name: redisDB
    value: "1"
 scopes:
-  - prod-atlantis
+  - preprod-atlantis
@@ -1,2 +1 @@
 OIDC_CLIENT_SECRET=KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm
-DEPLOY_NAME=prod-atlantis
@@ -19,4 +19,4 @@ spec:
  - name: redisDB
    value: "0"
 scopes:
-  - prod-atlantis
+  - preprod-atlantis
@@ -24,4 +24,4 @@ spec:
  metadata:
    queueType: quorum
 scopes:
- prod-atlantis
+-preprod-atlantis
@@ -1,2 +1 @@
 OIDC_CLIENT_SECRET=3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR
-DEPLOY_NAME=staging-atlantis
@@ -1,15 +1,18 @@
-replicaCount: 2
+replicaCount: 1
+
+image:
+  tag: v2.92.0

 podAnnotations:
-  dapr.io/app-id: "prod-atlantis"
+  dapr.io/app-id: "preprod-atlantis"

 env:
  - name: APP_NAMESPACE
    value: prod-atlantis
  - name: APP_VERSION
-    value: "2.87.0"
+    value: "2.92.0"
  - name: LOG_LEVEL
-    value: "3"
+    value: "2"
  - name: REDIS_USER
    value: default
  - name: REDIS_PASSWORD
@@ -43,24 +46,7 @@ ingress:
    cert-manager.io/cluster-issuer: letsencrypt-production
    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
  hosts:
-    - host: atlantis.srv.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-      internal:
-        - path: /internal
-          pathType: ImplementationSpecific
-        - path: /dapr
-          pathType: ImplementationSpecific
-        - path: /actors
-          pathType: ImplementationSpecific
-        - path: /job
-          pathType: ImplementationSpecific
-        - path: /events
-          pathType: ImplementationSpecific
-        - path: /metrics
-          pathType: ImplementationSpecific
-    - host: maps.oceanbox.io
+    - host: maps.beta.oceanbox.io
      paths:
        - path: /
          pathType: ImplementationSpecific
@@ -79,9 +65,16 @@ ingress:
          pathType: ImplementationSpecific
  tls:
    - hosts:
-       - atlantis.srv.oceanbox.io
-       - maps.oceanbox.io
-      secretName: atlantis-tls
+       - maps.beta.oceanbox.io
+      secretName: prod-atlantis-tls
+
+cluster:
+  instances: 2
+  bootstrap:
+    enabled: true
+    source:
+      db: prod-archmeister
+      namespace: atlantis

 resources:
  limits:
@@ -90,4 +83,3 @@ resources:
  requests:
    cpu: 250m
    memory: 1Gi
-
@@ -1,7 +1,7 @@
 replicaCount: 1

 image:
-  tag:  0d275b8b-debug
+  tag: e2257c92-debug

 podAnnotations:
  dapr.io/app-id: "staging-atlantis"
@@ -10,7 +10,7 @@ env:
  - name: APP_NAMESPACE
    value: staging-atlantis
  - name: APP_VERSION
-    value: "2.87.0"
+    value: "2.92.0"
  - name: LOG_LEVEL
    value: "3"
  - name: REDIS_USER
@@ -91,6 +91,14 @@ ingress:
        - atlas.oceanbox.io
      secretName: staging-atlantis-tls

+cluster:
+  instances: 1
+  bootstrap:
+    enabled: true
+    source:
+      db: prod-archmeister
+      namespace: atlantis
+
 resources:
  limits:
    cpu: 250m