fix: update (pre)prod atlantis manifests

apps/prod-atlantis.yaml

@@ -1,18 +1,21 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: prod-atlantis
+  name: rc-atlantis
   namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
 spec:
-  template:
-    metadata:
-      name: prod-atlantis
-    spec:
-      project: atlantis
   destination:
-        namespace: atlantis
+    namespace: prod-atlantis
     server: https://kubernetes.default.svc
+  project: atlantis
   sources:
+  - repoURL: https://gitlab.com/oceanbox/manifests.git
+    targetRevision: nixidy
+    ref: values
   - repoURL: https://gitlab.com/oceanbox/manifests.git
     targetRevision: nixidy
     path: values/atlantis
@@ -22,4 +25,42 @@ spec:
       - name: env
         string: prod
       - name: hostname
-            string: atlantis.beta.oceanbox.io
+        string: maps.beta.oceanbox.io
+  - repoURL: https://charts.bitnami.com/bitnami
+    targetRevision: 20.1.7
+    chart: redis
+    helm:
+      valueFiles:
+      - $values/values/redis/values-prod.yaml
+  ignoreDifferences:
+    - kind: Secret
+      name: azure-keyvault
+      jqPathExpressions:
+        - '.data'
+        - '.metadata.labels'
+        - '.metadata.annotations'
+    - kind: Secret
+      name: prod-atlantis-rabbitmq
+      jqPathExpressions:
+        - '.data'
+        - '.metadata.labels'
+        - '.metadata.annotations'
+    - kind: Secret
+      name: prod-archmeister-replication
+      jqPathExpressions:
+        - '.data'
+        - '.metadata.labels'
+        - '.metadata.annotations'
+    - kind: Secret
+      name: prod-archmeister-ca
+      jqPathExpressions:
+        - '.data'
+        - '.metadata.labels'
+        - '.metadata.annotations'
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+    automated:
+      prune: true
+      selfHeal: false

values/atlantis/prod/appsettings.json

@@ -1,11 +1,12 @@
 {
     "oidc": {
-        "issuer": "https://idp.oceanbox.io/dex",
+        "issuer": "https://auth.oceanbox.io/realms/oceanbox",
-        "authorization_endpoint": "https://idp.oceanbox.io/dex/auth",
+        "authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth",
-        "token_endpoint": "https://idp.oceanbox.io/dex/token",
+        "token_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/token",
-        "jwks_uri": "https://idp.oceanbox.io/dex/keys",
+        "jwks_uri": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/certs",
-        "userinfo_endpoint": "https://idp.oceanbox.io/dex/userinfo",
+        "userinfo_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/userinfo",
-        "device_authorization_endpoint": "https://idp.oceanbox.io/dex/device/code",
+        "end_session_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/logout",
+        "device_authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth/device",
         "clientId": "atlantis",
         "clientSecret": "",
         "scopes": [
@@ -24,7 +25,7 @@
     "sso": {
         "cookieDomain": ".oceanbox.io",
         "cookieName": ".obx.prod",
-        "signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html",
+        "signedOutRedirectUri": "https://maps.beta.oceanbox.io",
         "realm": "atlantis",
         "environment": "prod",
         "keyStore": "azure",
@@ -34,8 +35,8 @@
     "fga": {
       "apiUrl": "http://prod-openfga.openfga.svc.cluster.local:8080",
       "apiKey": "",
-      "storeId": "01J6C1NBX36E1B928HFSB123XQ",
+      "storeId": "01JH65JAW80D06GYBN7A8TBZRG",
-      "modelId": "01JFA49B1JZF1MZ426HQTZ6WTJ"
+      "modelId": "01JH65JAY2R397SHAKE5MTHB0D"
     },
     "plainAuthUsers": [
         {
@@ -51,12 +52,12 @@
     "sorcerer" : "https://sorcerer.ekman.oceanbox.io",
     "allowedOrigins": [
         "https://maps.oceanbox.io",
-        "https://atlantis.srv.oceanbox.io"
+        "https://maps.beta.oceanbox.io",
     ],
     "appName": "atlantis",
     "appEnv": "prod",
     "appNamespace": "atlantis",
-    "appVersion": "2.90.0",
+    "appVersion": "2.92.0",
     "otelCollector": "http://opentelemetry-collector.otel.svc:4317",
     "pubsubName": "pubsub",
     "pubsubTopic": "hipster-atlantis",

values/atlantis/prod/bindings.yaml

@@ -11,7 +11,7 @@ spec:
       name: prod-atlantis-rabbitmq
       key:  connString
   - name: queueName
-    value: prod-slurm-job-events
+    value: rc-slurm-job-events
   - name: durable
     value: true
   - name: contentType
@@ -19,4 +19,4 @@ spec:
   - name: route
     value: /events/slurm
 scopes:
-  - prod-atlantis
+  - preprod-atlantis

values/atlantis/prod/configurations.yaml

@@ -17,4 +17,4 @@ spec:
   - name: redisDB
     value: "1"
 scopes:
-  - prod-atlantis
+  - preprod-atlantis

values/atlantis/prod/default.env

@@ -1,2 +1 @@
 OIDC_CLIENT_SECRET=KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm
-DEPLOY_NAME=prod-atlantis

values/atlantis/prod/statestore.yaml

@@ -19,4 +19,4 @@ spec:
   - name: redisDB
     value: "0"
 scopes:
-  - prod-atlantis
+  - preprod-atlantis

values/atlantis/prod/subscriptions.yaml

@@ -24,4 +24,4 @@ spec:
   metadata:
     queueType: quorum
 scopes:
-- prod-atlantis
+-preprod-atlantis

values/atlantis/staging/default.env

@@ -1,2 +1 @@
 OIDC_CLIENT_SECRET=3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR
-DEPLOY_NAME=staging-atlantis

values/atlantis/values-prod.yaml

@@ -1,15 +1,18 @@
-replicaCount: 2
+replicaCount: 1
+
+image:
+  tag: v2.92.0
 
 podAnnotations:
-  dapr.io/app-id: "prod-atlantis"
+  dapr.io/app-id: "preprod-atlantis"
 
 env:
   - name: APP_NAMESPACE
     value: prod-atlantis
   - name: APP_VERSION
-    value: "2.87.0"
+    value: "2.92.0"
   - name: LOG_LEVEL
-    value: "3"
+    value: "2"
   - name: REDIS_USER
     value: default
   - name: REDIS_PASSWORD
@@ -43,24 +46,7 @@ ingress:
     cert-manager.io/cluster-issuer: letsencrypt-production
     nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
   hosts:
-    - host: atlantis.srv.oceanbox.io
+    - host: maps.beta.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-      internal:
-        - path: /internal
-          pathType: ImplementationSpecific
-        - path: /dapr
-          pathType: ImplementationSpecific
-        - path: /actors
-          pathType: ImplementationSpecific
-        - path: /job
-          pathType: ImplementationSpecific
-        - path: /events
-          pathType: ImplementationSpecific
-        - path: /metrics
-          pathType: ImplementationSpecific
-    - host: maps.oceanbox.io
       paths:
         - path: /
           pathType: ImplementationSpecific
@@ -79,9 +65,16 @@ ingress:
           pathType: ImplementationSpecific
   tls:
     - hosts:
-       - atlantis.srv.oceanbox.io
+       - maps.beta.oceanbox.io
-       - maps.oceanbox.io
+      secretName: prod-atlantis-tls
-      secretName: atlantis-tls
+
+cluster:
+  instances: 2
+  bootstrap:
+    enabled: true
+    source:
+      db: prod-archmeister
+      namespace: atlantis
 
 resources:
   limits:
@@ -90,4 +83,3 @@ resources:
   requests:
     cpu: 250m
     memory: 1Gi
-

values/atlantis/values-staging.yaml

@@ -1,7 +1,7 @@
 replicaCount: 1
 
 image:
-  tag:  0d275b8b-debug
+  tag: e2257c92-debug
 
 podAnnotations:
   dapr.io/app-id: "staging-atlantis"
@@ -10,7 +10,7 @@ env:
   - name: APP_NAMESPACE
     value: staging-atlantis
   - name: APP_VERSION
-    value: "2.87.0"
+    value: "2.92.0"
   - name: LOG_LEVEL
     value: "3"
   - name: REDIS_USER
@@ -91,6 +91,14 @@ ingress:
         - atlas.oceanbox.io
       secretName: staging-atlantis-tls
 
+cluster:
+  instances: 1
+  bootstrap:
+    enabled: true
+    source:
+      db: prod-archmeister
+      namespace: atlantis
+
 resources:
   limits:
     cpu: 250m