fix(sorcerer): Add prod rossby

2025-11-29 14:33:48 +01:00
parent 71d9109a7b
commit 39e393e222
7 changed files with 127 additions and 8 deletions
@@ -5,5 +5,8 @@ watch_file nix/sources.json
 # Load .env file if it exists
 dotenv_if_exists

+# Set npins dir
+export NPINS_DIRECTORY="nix"
+
 # Activate development shell
 use nix
@@ -11,12 +11,12 @@ commonLabels:
 releases:
 - name: {{ .Environment.Name }}-sorcerer
  namespace: {{ .Environment.Name }}-sorcerer
-  #chart: oceanbox/sorcerer
  chart: ../charts/sorcerer
  condition: sorcerer.enabled
  values:
  - ../values/sorcerer/values/values.yaml
  - ../values/sorcerer/values/values-{{ .Environment.Name }}.yaml
+  - ../values/sorcerer/values/values-{{ .Environment.Name }}{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
  postRenderer: ../bin/kustomizer
  postRendererArgs:
  - ../values/sorcerer/kustomize/{{ .Environment.Name }}
@@ -3,8 +3,8 @@
    "nixpkgs": {
      "type": "Channel",
      "name": "nixpkgs-unstable",
-      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-25.11pre883899.02f2cb8e0feb/nixexprs.tar.xz",
-      "hash": "0k4n6f873a4ls1mff6wck6z31kglgg8irwc5s3xsprrwbxdv7p58"
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre903996.59b6c96beacc/nixexprs.tar.xz",
+      "hash": "0b0yr9d1xyfwgpaj68bimsbjjbj7yis4whjvkrfdycfnasdf0gf0"
    }
  },
  "version": 5
@@ -25,17 +25,16 @@ pkgs.mkShellNoCC {
    kubelogin-oidc
    kubectl-rook-ceph

-    # linkerd
+    # other tools
    step-cli
    linkerd
-
-    # velero
    velero
+    cmctl

    # dapr
    dapr-cli
  ];

-  ARGOCD_ENV_CLUSTER_NAME = "ekman";
+  ARGOCD_ENV_CLUSTER_NAME = "rossby";
  HELM_GIT_ACCESS_TOKEN = "glpat-xxx";
 }
@@ -1,3 +1,2 @@
 sorcerer:
  enabled: true
-
@@ -0,0 +1,2 @@
+sorcerer:
+  enabled: true
@@ -0,0 +1,116 @@
+replicaCount: 2
+
+podAnnotations:
+  dapr.io/enabled: "true"
+  dapr.io/app-id: "prod-sorcerer"
+  dapr.io/app-port: "8085"
+  dapr.io/api-token-secret: "dapr-api-token"
+  dapr.io/config: "tracing"
+  dapr.io/app-protocol: "http"
+  dapr.io/log-as-json: "true"
+  dapr.io/sidecar-cpu-request: "10m"
+  dapr.io/sidecar-memory-request: "50Mi"
+  # dapr.io/sidecar-cpu-limit: "300m"
+  # dapr.io/sidecar-memory-limit: "1000Mi"
+
+env:
+  - name: APP_VERSION
+    value: "4.16.3"
+  - name: LOG_LEVEL
+    value: "2"
+  - name: REDIS_USER
+    value: default
+  - name: REDIS_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: prod-sorcerer-redis
+        key: redis-password
+  - name: DAPR_API_TOKEN
+    valueFrom:
+      secretKeyRef:
+        name: dapr-api-token
+        key: token
+
+ingress:
+  enabled: true
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    nginx.ingress.kubernetes.io/affinity: "cookie"
+    nginx.ingress.kubernetes.io/session-cookie-name: "http-affinity"
+    nginx.ingress.kubernetes.io/session-cookie-expires: "86400"
+    nginx.ingress.kubernetes.io/session-cookie-max-age: "86400"
+  hosts:
+    - host: sorcerer.adm.vtn.obx
+      paths:
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+      internal:
+        - path: /internal
+          pathType: ImplementationSpecific
+        - path: /dapr
+          pathType: ImplementationSpecific
+        - path: /actors
+          pathType: ImplementationSpecific
+        - path: /job
+          pathType: ImplementationSpecific
+        - path: /events
+          pathType: ImplementationSpecific
+        - path: /metrics
+          pathType: ImplementationSpecific
+  tls:
+    - hosts:
+       - sorcerer.adm.vtn.obx
+      secretName: prod-sorcerer-tls
+
+persistence:
+  enabled: true
+  existingClaim: prod-sorcerer-ceph-archives
+  # existingClaim: prod-oceanbox-backup-archives
+
+# nodeSelector:
+#   node-role.kubernetes.io/srv: ""
+#   kubernetes.io/hostname: fs-backup
+#   node-role.kubernetes.io/worker: c1-1
+
+# tolerations:
+#   - key: workload
+#     operator: Equal
+#     value: compute
+#     effect: NoSchedule
+redis:
+  enabled: true
+  replicas: 3
+  size: 2Gi
+  backup:
+    enabled: true
+  secret:
+    name: "prod-sorcerer-redis"
+    key: "redis-password"
+  resources:
+    cpu: 150m
+    memory: 256Mi
+
+
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: "topology.kubernetes.io/group"
+          operator: In
+          values:
+          - srv
+  podAntiAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+    - labelSelector:
+        matchExpressions:
+        - key: "app.kubernetes.io/name"
+          operator: In
+          values:
+          - sorcerer
+        - key: "app.kubernetes.io/instance"
+          operator: In
+          values:
+          - prod-sorcerer
+      topologyKey: "kubernetes.io/hostname"