wip: add guards around apps for move to helm template

apps/cerbos.yaml

@@ -1,32 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: ApplicationSet
-metadata:
-  name: cerbos
-  namespace: argocd
-spec:
-  generators:
-  - list:
-      elements:
-      - cluster: https://kubernetes.default.svc
-        env: prod
-      - cluster: https://staging-vcluster.staging-vcluster
-        env: staging
-  template:
-    metadata:
-      name: '{{ env }}-cerbos'
-    spec:
-      project: aux
-      destination:
-        server: https://kubernetes.default.svc
-        namespace: idp
-      sources:
-        - repoURL: https://download.cerbos.dev/helm-charts
-          targetRevision: 0.33.0
-          chart: cerbos
-          helm:
-            valueFiles:
-              - $values/values/cerbos/values.yaml
-              - $values/values/cerbos/values-{{ env }}.yaml
-        - repoURL: https://gitlab.com/oceanbox/manifests.git
-          targetRevision: main
-          ref: values

apps/jaeger-operator.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.jaeger-operator.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -20,3 +21,4 @@ spec:
     # path: values/jaeger/manifests
     ref: values
 
+{{- end }}

apps/loki.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.loki.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -148,3 +149,4 @@ spec:
               secretKeyRef:
                 name: loki-s3
                 key: AWS_ACCESS_KEY_SECRET
+{{- end }}

apps/opentelemetry-collector.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.opentelemetry-collector.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -107,3 +108,4 @@ spec:
             - secretName: collector-tls
               hosts:
                 - opentelemetry-collector.adm.oceanbox.io
+{{- end }}

apps/prod-atlantis.yaml

@@ -1,66 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: prod-atlantis
-  namespace: argocd
-  annotations:
-    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
-  destination:
-    namespace: prod-atlantis
-    server: https://kubernetes.default.svc
-  project: atlantis
-  sources:
-  - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: main
-    ref: values
-  - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: main
-    path: values/atlantis
-    plugin:
-      name: kustomize-helm-with-rewrite
-      parameters:
-      - name: env
-        string: prod
-      - name: hostname
-        string: maps.oceanbox.io
-  - repoURL: https://charts.bitnami.com/bitnami
-    targetRevision: 20.1.7
-    chart: redis
-    helm:
-      valueFiles:
-      - $values/values/atlantis/prod/redis.yaml
-  ignoreDifferences:
-    - kind: Secret
-      name: azure-keyvault
-      jqPathExpressions:
-        - '.data'
-        - '.metadata.labels'
-        - '.metadata.annotations'
-    - kind: Secret
-      name: prod-atlantis-rabbitmq
-      jqPathExpressions:
-        - '.data'
-        - '.metadata.labels'
-        - '.metadata.annotations'
-    - kind: Secret
-      name: prod-archmeister-replication
-      jqPathExpressions:
-        - '.data'
-        - '.metadata.labels'
-        - '.metadata.annotations'
-    - kind: Secret
-      name: prod-archmeister-ca
-      jqPathExpressions:
-        - '.data'
-        - '.metadata.labels'
-        - '.metadata.annotations'
-  syncPolicy:
-    syncOptions:
-      - CreateNamespace=true
-      - ApplyOutOfSyncOnly=true
-    # automated:
-    #   prune: true
-    #   selfHeal: false

apps/staging-atlantis.yaml

@@ -1,72 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: staging-atlantis
-  namespace: argocd
-  annotations:
-    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
-  destination:
-    namespace: staging-atlantis
-    server: https://kubernetes.default.svc
-  project: atlantis
-  sources:
-  - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: main
-    ref: values
-  - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: main
-    path: values/atlantis
-    plugin:
-      name: kustomize-helm-with-rewrite
-      parameters:
-      - name: env
-        string: staging
-      - name: hostname
-        string: atlantis.beta.oceanbox.io
-  - repoURL: https://charts.bitnami.com/bitnami
-    targetRevision: 20.1.7
-    chart: redis
-    helm:
-      valueFiles:
-      - $values/values/atlantis/staging/redis.yaml
-  ignoreDifferences:
-    - kind: Secret
-      name: dapr-api-token
-      jqPathExpressions:
-        - '.data'
-        - '.metadata.labels'
-        - '.metadata.annotations'
-    - kind: Secret
-      name: azure-keyvault
-      jqPathExpressions:
-        - '.data'
-        - '.metadata.labels'
-        - '.metadata.annotations'
-    - kind: Secret
-      name: staging-atlantis-rabbitmq
-      jqPathExpressions:
-        - '.data'
-        - '.metadata.labels'
-        - '.metadata.annotations'
-    - kind: Secret
-      name: prod-atlantis-db-replication
-      jqPathExpressions:
-        - '.data'
-        - '.metadata.labels'
-        - '.metadata.annotations'
-    - kind: Secret
-      name: prod-atlantis-db-ca
-      jqPathExpressions:
-        - '.data'
-        - '.metadata.labels'
-        - '.metadata.annotations'
-  syncPolicy:
-    syncOptions:
-      - CreateNamespace=true
-      - ApplyOutOfSyncOnly=true
-    automated:
-      prune: true
-      selfHeal: false

apps/staging-openfga.yaml

@@ -1,39 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: staging-openfga
-  namespace: argocd
-  annotations:
-    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
-  destination:
-    namespace: openfga
-    server: https://kubernetes.default.svc
-  project: aux
-  # ignoreDifferences:
-  # - group: apps
-  #   kind: StatefulSet
-  #   jsonPointers:
-  #   - /spec/persistentVolumeClaimRetentionPolicy
-  syncPolicy:
-    managedNamespaceMetadata:
-      labels:
-        component: aux
-    syncOptions:
-      - CreateNamespace=true
-      - ApplyOutOfSyncOnly=true
-    automated:
-      prune: true
-      selfHeal: true
-  sources:
-  - repoURL: https://openfga.github.io/helm-charts
-    targetRevision: 0.2.21
-    chart: openfga
-    helm:
-      valueFiles:
-      - $values/values/openfga/values-staging.yaml
-  - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: main
-    ref: values

apps/staging-sorcerer.yaml

@@ -1,54 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: staging-sorcerer
-  namespace: argocd
-  annotations:
-    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
-  destination:
-    namespace: staging-sorcerer
-    server: https://10.255.241.99:4443
-  project: atlantis
-  sources:
-  - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: main
-    ref: values
-  - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: main
-    path: values/sorcerer
-    plugin:
-      name: kustomize-helm-with-rewrite
-      parameters:
-      - name: env
-        string: staging
-      - name: hostname
-        string: sorcerer.ekman.oceanbox.io
-  - repoURL: https://charts.bitnami.com/bitnami
-    targetRevision: 20.1.7
-    chart: redis
-    helm:
-      valueFiles:
-      - $values/values/sorcerer/staging/redis.yaml
-  ignoreDifferences:
-    - kind: Secret
-      name: azure-keyvault
-      jqPathExpressions:
-        - '.data'
-        - '.metadata.labels'
-        - '.metadata.annotations'
-    - kind: Secret
-      name: prod-atlantis-rabbitmq
-      jqPathExpressions:
-        - '.data'
-        - '.metadata.labels'
-        - '.metadata.annotations'
-  syncPolicy:
-    syncOptions:
-      - CreateNamespace=true
-      - ApplyOutOfSyncOnly=true
-    automated:
-      prune: true
-      selfHeal: false

apps/sys/templates/atlantis.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.atlantis.enabled }}
 {{- range .Values.atlantis.envs }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
@@ -66,3 +67,4 @@ spec:
     #   prune: true
     #   selfHeal: false
 {{- end }}
+{{- end }}

apps/sys/templates/busynix.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.busynix.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -19,3 +20,4 @@ spec:
         string: staging
       - name: hostname
         string: busynix.beta.oceanbox.io
+{{- end }}

apps/sys/templates/dapr.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.dapr.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -31,3 +32,4 @@ spec:
         global:
           ha:
             enabled: true
+{{- end }}

apps/sys/templates/dex.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.dex.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -25,4 +26,4 @@ spec:
   - repoURL: https://gitlab.com/oceanbox/manifests.git
     targetRevision: main
     ref: values
-
+{{- end }}

apps/sys/templates/geoserver.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.geoserver.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -23,3 +24,4 @@ spec:
         string: "--skip-tests"
       - name: chart
         string: ncsa/geoserver
+{{- end }}

apps/sys/templates/headscale.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.headscale.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -19,3 +20,4 @@ spec:
     targetRevision: main
     ref: values
 
+{{- end }}

apps/sys/templates/keycloak.yaml

@@ -1,3 +1,4 @@
+{{ if .Values.keycloak.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -35,4 +36,4 @@ spec:
   - repoURL: https://gitlab.com/oceanbox/manifests.git
     targetRevision: main
     ref: values
-
+{{- end }}

apps/sys/templates/openfga.yaml

@@ -1,3 +1,5 @@
+{{ if .Values.openfga.enabled }}
+{{- range .Values.atlantis.envs }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -37,3 +39,5 @@ spec:
   - repoURL: https://gitlab.com/oceanbox/manifests.git
     targetRevision: main
     ref: values
+{{- end }}
+{{- end }}

apps/sys/templates/osm-tile-server.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.osm-tile-server.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: ApplicationSet
 metadata:
@@ -15,12 +16,12 @@ spec:
         hostname: osm.beta.oceanbox.io
   template:
     metadata:
-      name: '{{ env }}-osm-tile-server'
+      name: '{{- env }}-osm-tile-server'
     spec:
       project: aux
       destination:
         namespace: oceanbox
-        server: '{{ cluster }}'
+        server: '{{- cluster }}'
       source:
         repoURL: https://gitlab.com/oceanbox/manifests.git
         targetRevision: HEAD
@@ -29,6 +30,7 @@ spec:
           name: kustomize-helm-with-rewrite
           parameters:
           - name: env
-            string: '{{ env }}'
+            string: '{{- env }}'
           - name: hostname
-            string: '{{ hostname }}'
+            string: '{{- hostname }}'
+{{- end }}

apps/sys/templates/plausible.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.plausible.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -65,3 +66,4 @@ spec:
     enablePodMonitor: true
   storage:
     size: 10Gi
+{{- end }}

apps/sys/templates/rabbitmq.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.rabbitmq.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: ApplicationSet
 metadata:
@@ -15,7 +16,7 @@ spec:
         hostname: rabbitmq.beta.oceanbox.io
   template:
     metadata:
-      name: '{{ env }}-rabbitmq'
+      name: '{{- env }}-rabbitmq'
     spec:
       project: aux
       destination:
@@ -27,8 +28,9 @@ spec:
           chart: rabbitmq
           helm:
             valueFiles:
-              - $values/values/rabbitmq/values-{{ env }}.yaml
+              - $values/values/rabbitmq/values-{{- env }}.yaml
         - repoURL: https://gitlab.com/oceanbox/manifests.git
           targetRevision: main
-          path: values/rabbitmq/{{ env }}
+          path: values/rabbitmq/{{- env }}
           ref: values
+{{- end }}

apps/sys/templates/redis.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.redis.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -26,3 +27,4 @@ spec:
       kind: StatefulSet
       jqPathExpressions:
         - '.spec.template.spec.containers[].resources.limits.cpu'
+{{- end }}

apps/sys/templates/seq.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.seq.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -18,3 +19,4 @@ spec:
   - repoURL: https://gitlab.com/oceanbox/manifests.git
     targetRevision: main
     ref: values
+{{- end }}

apps/sys/templates/sorcerer.yaml

@@ -1,3 +1,5 @@
+{{ if .Values.sorcerer.enabled }}
+{{- range .Values.atlantis.envs }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -52,3 +54,5 @@ spec:
     # automated:
     #   prune: true
     #   selfHeal: false
+{{- end }}
+{{- end }}

apps/sys/templates/velero.yaml

@@ -62,11 +62,7 @@ spec:
               ## ONLY us-east-1 region is supported by nutanix
               region: {{ .Values.velero.s3.region }}
               s3ForcePathStyle: "true"
-              {{- with .Values.global.velero.s3 }}
-              {{- if .server }}
-            s3Url: {{ .protocol }}://{{ .server }}:{{ .port }}
-              {{- end }}
-              {{- end }}
+              s3Url: {{ .Values.velero.s3.url }}
               {{- if .Values.velero.s3.insecureSkipTLSVerify }}
               insecureSkipTLSVerify: true
               {{- end }}

apps/sys/templates/wordpress.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.wordpress.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -18,3 +19,4 @@ spec:
   - repoURL: https://gitlab.com/oceanbox/manifests.git
     targetRevision: HEAD
     ref: values
+{{- end }}

apps/sys/templates/yolo-dl.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.yolo-dl.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -12,3 +13,4 @@ spec:
   - repoURL: https://gitlab.com/oceanbox/manifests.git
     targetRevision: main
     path: charts/yolo-dl
+{{- end }}

apps/sys/templates/yolo-registry.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.yolo-registry.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -12,3 +13,4 @@ spec:
   - repoURL: https://gitlab.com/oceanbox/manifests.git
     targetRevision: main
     path: charts/yolo-registry
+{{- end }}

apps/sys/values.yaml

@@ -48,6 +48,8 @@ cluster_config:
   #    name: github-oidc
   #  allowed_organizations: <org>
   #  allowed_teams: <team-id>
+
+
 argocd:
   autosync: true
   version: 7.5.2
@@ -87,10 +89,8 @@ argo_rollouts:
   metrics:
     enabled: false
   dashboard_enabled: false
-actions_runner_controller:
-  enabled: false
-  autosync: true
-  version: 0.23.7
+
+
 cilium:
   enabled: false
   autosync: true
@@ -204,24 +204,6 @@ kubernetes_dashboard:
   enabled: false
   autosync: true
   version: v2.3.1
-gitlab_runner:
-  enabled: true
-  autosync: true
-  version: 0.39.0
-  createCertSecret: true
-  tag: "obx"
-  s3:
-    server: ""
-    access_key: ""
-    secret_key: ""
-postgres_operator:
-  enabled: true
-  autosync: true
-  version: 0.18.2
-rabbitmq_operator:
-  enabled: false
-  autosync: true
-  version: 4.3.27
 metrics_server:
   autosync: true
   version: 3.8.2
@@ -236,10 +218,6 @@ nginx:
     controller:
       cpu: "100m"
       memory: "100Mi"
-jaeger_operator:
-  enabled: false
-  autosync: true
-  version: 1.38.0
 kyverno:
   enabled: false
   autosync: true
@@ -281,6 +259,48 @@ velero:
         memory: 1Gi
       limit:
         memory: 2Gi
+x509_exporter:
+  enabled: true
+  autosync: true
+  alerts: true
+  version: 3.6.0
+downscaler:
+  enabled: false
+  autosync: true
+  version: 0.2.12
+  extraConfig: |
+    DEFAULT_UPTIME: "Mon-Fri 07:00-20:00 Europe/Berlin"
+  excludedNamespaces:
+    - py-kube-downscaler
+    - kube-downscaler
+    - kube-system
+
+actions_runner_controller:
+  enabled: false
+  autosync: true
+  version: 0.23.7
+gitlab_runner:
+  enabled: true
+  autosync: true
+  version: 0.39.0
+  createCertSecret: true
+  tag: "obx"
+  s3:
+    server: ""
+    access_key: ""
+    secret_key: ""
+postgres_operator:
+  enabled: true
+  autosync: true
+  version: 0.18.2
+rabbitmq_operator:
+  enabled: false
+  autosync: true
+  version: 4.3.27
+jaeger_operator:
+  enabled: false
+  autosync: true
+  version: 1.38.0
 loki:
   enabled: false
   autosync: true
@@ -319,11 +339,6 @@ promtail:
   enabled: false
   autosync: true
   version: 6.6.1
-x509_exporter:
-  enabled: true
-  autosync: true
-  alerts: true
-  version: 3.6.0
 mariadb_operator:
   enabled: false
   autosync: true
@@ -336,16 +351,6 @@ chartmuseum:
     size: 8Gi
   ingress:
     enabled: true
-downscaler:
-  enabled: false
-  autosync: true
-  version: 0.2.12
-  extraConfig: |
-    DEFAULT_UPTIME: "Mon-Fri 07:00-20:00 Europe/Berlin"
-  excludedNamespaces:
-    - py-kube-downscaler
-    - kube-downscaler
-    - kube-system
 clickhouse_operator:
   enabled: false
   autosync: true
@@ -354,7 +359,34 @@ oncall:
   enabled: false
   externalGrafana:
     url: ""
+dapr:
+  enable: true
+
+busynix.enable: false
+headscale.enable: false
+plausible.enable: false
+dex.enable: false
+keycloak.enable: false
+rabbitmq.enable: false
+redis.enable: false
+wordpress.enable: false
+yolo-dl.enable: false
+yolo-registry.enable: false
+osm-tile-server.enable: false
+geoserver.enable: false
+
 atlantis:
+  enabled: false
+  envs:
+    - prod
+    - staging
+sorcerer:
+  enabled: false
+  envs:
+    - prod
+    - staging
+openfga:
+  enabled: false
   envs:
     - prod
     - staging

apps/tempo.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.tempo.enabled }}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -74,3 +75,4 @@ spec:
              - secretName: tempo-query-tls
                hosts:
                  - query.tempo.adm.oceanbox.io
+{{- end }}