diff --git a/.envrc b/.envrc index 3e095197..654f0a8f 100644 --- a/.envrc +++ b/.envrc @@ -5,5 +5,8 @@ watch_file nix/sources.json # Load .env file if it exists dotenv_if_exists +# Set npins dir +export NPINS_DIRECTORY="nix" + # Activate development shell use nix diff --git a/helmfile.d/sorcerer.yaml.gotmpl b/helmfile.d/sorcerer.yaml.gotmpl index 69a7b922..7cfcee8b 100644 --- a/helmfile.d/sorcerer.yaml.gotmpl +++ b/helmfile.d/sorcerer.yaml.gotmpl @@ -11,12 +11,12 @@ commonLabels: releases: - name: {{ .Environment.Name }}-sorcerer namespace: {{ .Environment.Name }}-sorcerer - #chart: oceanbox/sorcerer chart: ../charts/sorcerer condition: sorcerer.enabled values: - ../values/sorcerer/values/values.yaml - ../values/sorcerer/values/values-{{ .Environment.Name }}.yaml + - ../values/sorcerer/values/values-{{ .Environment.Name }}{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml postRenderer: ../bin/kustomizer postRendererArgs: - ../values/sorcerer/kustomize/{{ .Environment.Name }} diff --git a/nix/sources.json b/nix/sources.json index 7fbf0e65..737b35e8 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -3,8 +3,8 @@ "nixpkgs": { "type": "Channel", "name": "nixpkgs-unstable", - "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre883899.02f2cb8e0feb/nixexprs.tar.xz", - "hash": "0k4n6f873a4ls1mff6wck6z31kglgg8irwc5s3xsprrwbxdv7p58" + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre903996.59b6c96beacc/nixexprs.tar.xz", + "hash": "0b0yr9d1xyfwgpaj68bimsbjjbj7yis4whjvkrfdycfnasdf0gf0" } }, "version": 5 diff --git a/shell.nix b/shell.nix index 3997e065..2fc16656 100644 --- a/shell.nix +++ b/shell.nix @@ -25,17 +25,16 @@ pkgs.mkShellNoCC { kubelogin-oidc kubectl-rook-ceph - # linkerd + # other tools step-cli linkerd - - # velero velero + cmctl # dapr dapr-cli ]; - ARGOCD_ENV_CLUSTER_NAME = "ekman"; + ARGOCD_ENV_CLUSTER_NAME = "rossby"; HELM_GIT_ACCESS_TOKEN = "glpat-xxx"; } diff --git a/values/sorcerer/env-ekman.yaml.gotmpl b/values/sorcerer/env-ekman.yaml.gotmpl index 95b06a8d..7f33768b 100644 --- a/values/sorcerer/env-ekman.yaml.gotmpl +++ b/values/sorcerer/env-ekman.yaml.gotmpl @@ -1,3 +1,2 @@ sorcerer: enabled: true - diff --git a/values/sorcerer/env-rossby.yaml.gotmpl b/values/sorcerer/env-rossby.yaml.gotmpl new file mode 100644 index 00000000..7f33768b --- /dev/null +++ b/values/sorcerer/env-rossby.yaml.gotmpl @@ -0,0 +1,2 @@ +sorcerer: + enabled: true diff --git a/values/sorcerer/values/values-prod-rossby.yaml b/values/sorcerer/values/values-prod-rossby.yaml new file mode 100644 index 00000000..cf094898 --- /dev/null +++ b/values/sorcerer/values/values-prod-rossby.yaml @@ -0,0 +1,116 @@ +replicaCount: 2 + +podAnnotations: + dapr.io/enabled: "true" + dapr.io/app-id: "prod-sorcerer" + dapr.io/app-port: "8085" + dapr.io/api-token-secret: "dapr-api-token" + dapr.io/config: "tracing" + dapr.io/app-protocol: "http" + dapr.io/log-as-json: "true" + dapr.io/sidecar-cpu-request: "10m" + dapr.io/sidecar-memory-request: "50Mi" + # dapr.io/sidecar-cpu-limit: "300m" + # dapr.io/sidecar-memory-limit: "1000Mi" + +env: + - name: APP_VERSION + value: "4.16.3" + - name: LOG_LEVEL + value: "2" + - name: REDIS_USER + value: default + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: prod-sorcerer-redis + key: redis-password + - name: DAPR_API_TOKEN + valueFrom: + secretKeyRef: + name: dapr-api-token + key: token + +ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/affinity: "cookie" + nginx.ingress.kubernetes.io/session-cookie-name: "http-affinity" + nginx.ingress.kubernetes.io/session-cookie-expires: "86400" + nginx.ingress.kubernetes.io/session-cookie-max-age: "86400" + hosts: + - host: sorcerer.adm.vtn.obx + paths: + paths: + - path: / + pathType: ImplementationSpecific + internal: + - path: /internal + pathType: ImplementationSpecific + - path: /dapr + pathType: ImplementationSpecific + - path: /actors + pathType: ImplementationSpecific + - path: /job + pathType: ImplementationSpecific + - path: /events + pathType: ImplementationSpecific + - path: /metrics + pathType: ImplementationSpecific + tls: + - hosts: + - sorcerer.adm.vtn.obx + secretName: prod-sorcerer-tls + +persistence: + enabled: true + existingClaim: prod-sorcerer-ceph-archives + # existingClaim: prod-oceanbox-backup-archives + +# nodeSelector: +# node-role.kubernetes.io/srv: "" +# kubernetes.io/hostname: fs-backup +# node-role.kubernetes.io/worker: c1-1 + +# tolerations: +# - key: workload +# operator: Equal +# value: compute +# effect: NoSchedule +redis: + enabled: true + replicas: 3 + size: 2Gi + backup: + enabled: true + secret: + name: "prod-sorcerer-redis" + key: "redis-password" + resources: + cpu: 150m + memory: 256Mi + + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "topology.kubernetes.io/group" + operator: In + values: + - srv + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: "app.kubernetes.io/name" + operator: In + values: + - sorcerer + - key: "app.kubernetes.io/instance" + operator: In + values: + - prod-sorcerer + topologyKey: "kubernetes.io/hostname"