diff --git a/apps/prod-atlantis.yaml b/apps/prod-atlantis.yaml index 491c877b..f39877c0 100644 --- a/apps/prod-atlantis.yaml +++ b/apps/prod-atlantis.yaml @@ -1,25 +1,66 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: prod-atlantis + name: rc-atlantis namespace: argocd + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + finalizers: + - resources-finalizer.argocd.argoproj.io spec: - template: - metadata: - name: prod-atlantis - spec: - project: atlantis - destination: - namespace: atlantis - server: https://kubernetes.default.svc - sources: - - repoURL: https://gitlab.com/oceanbox/manifests.git - targetRevision: nixidy - path: values/atlantis - plugin: - name: kustomize-helm-with-rewrite - parameters: - - name: env - string: prod - - name: hostname - string: atlantis.beta.oceanbox.io + destination: + namespace: prod-atlantis + server: https://kubernetes.default.svc + project: atlantis + sources: + - repoURL: https://gitlab.com/oceanbox/manifests.git + targetRevision: nixidy + ref: values + - repoURL: https://gitlab.com/oceanbox/manifests.git + targetRevision: nixidy + path: values/atlantis + plugin: + name: kustomize-helm-with-rewrite + parameters: + - name: env + string: prod + - name: hostname + string: maps.beta.oceanbox.io + - repoURL: https://charts.bitnami.com/bitnami + targetRevision: 20.1.7 + chart: redis + helm: + valueFiles: + - $values/values/redis/values-prod.yaml + ignoreDifferences: + - kind: Secret + name: azure-keyvault + jqPathExpressions: + - '.data' + - '.metadata.labels' + - '.metadata.annotations' + - kind: Secret + name: prod-atlantis-rabbitmq + jqPathExpressions: + - '.data' + - '.metadata.labels' + - '.metadata.annotations' + - kind: Secret + name: prod-archmeister-replication + jqPathExpressions: + - '.data' + - '.metadata.labels' + - '.metadata.annotations' + - kind: Secret + name: prod-archmeister-ca + jqPathExpressions: + - '.data' + - '.metadata.labels' + - '.metadata.annotations' + syncPolicy: + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + automated: + prune: true + selfHeal: false diff --git a/values/atlantis/prod/appsettings.json b/values/atlantis/prod/appsettings.json index fd746dc7..a19f4616 100644 --- a/values/atlantis/prod/appsettings.json +++ b/values/atlantis/prod/appsettings.json @@ -1,11 +1,12 @@ { "oidc": { - "issuer": "https://idp.oceanbox.io/dex", - "authorization_endpoint": "https://idp.oceanbox.io/dex/auth", - "token_endpoint": "https://idp.oceanbox.io/dex/token", - "jwks_uri": "https://idp.oceanbox.io/dex/keys", - "userinfo_endpoint": "https://idp.oceanbox.io/dex/userinfo", - "device_authorization_endpoint": "https://idp.oceanbox.io/dex/device/code", + "issuer": "https://auth.oceanbox.io/realms/oceanbox", + "authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth", + "token_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/token", + "jwks_uri": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/certs", + "userinfo_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/userinfo", + "end_session_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/logout", + "device_authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth/device", "clientId": "atlantis", "clientSecret": "", "scopes": [ @@ -24,7 +25,7 @@ "sso": { "cookieDomain": ".oceanbox.io", "cookieName": ".obx.prod", - "signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html", + "signedOutRedirectUri": "https://maps.beta.oceanbox.io", "realm": "atlantis", "environment": "prod", "keyStore": "azure", @@ -34,8 +35,8 @@ "fga": { "apiUrl": "http://prod-openfga.openfga.svc.cluster.local:8080", "apiKey": "", - "storeId": "01J6C1NBX36E1B928HFSB123XQ", - "modelId": "01JFA49B1JZF1MZ426HQTZ6WTJ" + "storeId": "01JH65JAW80D06GYBN7A8TBZRG", + "modelId": "01JH65JAY2R397SHAKE5MTHB0D" }, "plainAuthUsers": [ { @@ -51,12 +52,12 @@ "sorcerer" : "https://sorcerer.ekman.oceanbox.io", "allowedOrigins": [ "https://maps.oceanbox.io", - "https://atlantis.srv.oceanbox.io" + "https://maps.beta.oceanbox.io", ], "appName": "atlantis", "appEnv": "prod", "appNamespace": "atlantis", - "appVersion": "2.90.0", + "appVersion": "2.92.0", "otelCollector": "http://opentelemetry-collector.otel.svc:4317", "pubsubName": "pubsub", "pubsubTopic": "hipster-atlantis", diff --git a/values/atlantis/prod/bindings.yaml b/values/atlantis/prod/bindings.yaml index 8a95c563..993d23f5 100644 --- a/values/atlantis/prod/bindings.yaml +++ b/values/atlantis/prod/bindings.yaml @@ -11,7 +11,7 @@ spec: name: prod-atlantis-rabbitmq key: connString - name: queueName - value: prod-slurm-job-events + value: rc-slurm-job-events - name: durable value: true - name: contentType @@ -19,4 +19,4 @@ spec: - name: route value: /events/slurm scopes: - - prod-atlantis + - preprod-atlantis diff --git a/values/atlantis/prod/configurations.yaml b/values/atlantis/prod/configurations.yaml index 705e1b48..20affb92 100644 --- a/values/atlantis/prod/configurations.yaml +++ b/values/atlantis/prod/configurations.yaml @@ -17,4 +17,4 @@ spec: - name: redisDB value: "1" scopes: - - prod-atlantis + - preprod-atlantis diff --git a/values/atlantis/prod/default.env b/values/atlantis/prod/default.env index e1f2ae29..85c5abe3 100644 --- a/values/atlantis/prod/default.env +++ b/values/atlantis/prod/default.env @@ -1,2 +1 @@ OIDC_CLIENT_SECRET=KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm -DEPLOY_NAME=prod-atlantis diff --git a/values/atlantis/prod/statestore.yaml b/values/atlantis/prod/statestore.yaml index beb6ee64..be1030ab 100644 --- a/values/atlantis/prod/statestore.yaml +++ b/values/atlantis/prod/statestore.yaml @@ -19,4 +19,4 @@ spec: - name: redisDB value: "0" scopes: - - prod-atlantis + - preprod-atlantis diff --git a/values/atlantis/prod/subscriptions.yaml b/values/atlantis/prod/subscriptions.yaml index 638da1a6..459fbc63 100644 --- a/values/atlantis/prod/subscriptions.yaml +++ b/values/atlantis/prod/subscriptions.yaml @@ -24,4 +24,4 @@ spec: metadata: queueType: quorum scopes: -- prod-atlantis +-preprod-atlantis diff --git a/values/atlantis/staging/default.env b/values/atlantis/staging/default.env index a8c3ba0b..c73591f5 100644 --- a/values/atlantis/staging/default.env +++ b/values/atlantis/staging/default.env @@ -1,2 +1 @@ OIDC_CLIENT_SECRET=3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR -DEPLOY_NAME=staging-atlantis diff --git a/values/atlantis/values-prod.yaml b/values/atlantis/values-prod.yaml index 11e778e9..bfbc057a 100644 --- a/values/atlantis/values-prod.yaml +++ b/values/atlantis/values-prod.yaml @@ -1,15 +1,18 @@ -replicaCount: 2 +replicaCount: 1 + +image: + tag: v2.92.0 podAnnotations: - dapr.io/app-id: "prod-atlantis" + dapr.io/app-id: "preprod-atlantis" env: - name: APP_NAMESPACE value: prod-atlantis - name: APP_VERSION - value: "2.87.0" + value: "2.92.0" - name: LOG_LEVEL - value: "3" + value: "2" - name: REDIS_USER value: default - name: REDIS_PASSWORD @@ -43,24 +46,7 @@ ingress: cert-manager.io/cluster-issuer: letsencrypt-production nginx.ingress.kubernetes.io/proxy-buffer-size: 128k hosts: - - host: atlantis.srv.oceanbox.io - paths: - - path: / - pathType: ImplementationSpecific - internal: - - path: /internal - pathType: ImplementationSpecific - - path: /dapr - pathType: ImplementationSpecific - - path: /actors - pathType: ImplementationSpecific - - path: /job - pathType: ImplementationSpecific - - path: /events - pathType: ImplementationSpecific - - path: /metrics - pathType: ImplementationSpecific - - host: maps.oceanbox.io + - host: maps.beta.oceanbox.io paths: - path: / pathType: ImplementationSpecific @@ -79,9 +65,16 @@ ingress: pathType: ImplementationSpecific tls: - hosts: - - atlantis.srv.oceanbox.io - - maps.oceanbox.io - secretName: atlantis-tls + - maps.beta.oceanbox.io + secretName: prod-atlantis-tls + +cluster: + instances: 2 + bootstrap: + enabled: true + source: + db: prod-archmeister + namespace: atlantis resources: limits: @@ -90,4 +83,3 @@ resources: requests: cpu: 250m memory: 1Gi - diff --git a/values/atlantis/values-staging.yaml b/values/atlantis/values-staging.yaml index ace590c5..60536d45 100644 --- a/values/atlantis/values-staging.yaml +++ b/values/atlantis/values-staging.yaml @@ -1,7 +1,7 @@ replicaCount: 1 image: - tag: 0d275b8b-debug + tag: e2257c92-debug podAnnotations: dapr.io/app-id: "staging-atlantis" @@ -10,7 +10,7 @@ env: - name: APP_NAMESPACE value: staging-atlantis - name: APP_VERSION - value: "2.87.0" + value: "2.92.0" - name: LOG_LEVEL value: "3" - name: REDIS_USER @@ -91,6 +91,14 @@ ingress: - atlas.oceanbox.io secretName: staging-atlantis-tls +cluster: + instances: 1 + bootstrap: + enabled: true + source: + db: prod-archmeister + namespace: atlantis + resources: limits: cpu: 250m