feat: update atlantis chart and values for monolith

charts/atlantis/templates/ingress.yaml

@@ -54,8 +54,8 @@ spec:
                 port:
                   number: {{ $svcPort }}
               {{- else }}
-              serviceName: {{ $fullName }}
-              servicePort: {{ $svcPort }}
+              serviceName: {{ .serviceName | default $fullName }}
+              servicePort: {{ .servicePort | default $svcPort }}
               {{- end }}
           {{- end }}
     {{- end }}

charts/atlantis/templates/servicemonitor.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ include "Atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  endpoints:
+  - honorLabels: false
+    path: /metrics
+    port: http
+  jobLabel: {{ .Values.serviceMonitor.label | default (include "Atlantis.fullname" .) }}
+  namespaceSelector:
+    matchNames:
+    - {{ .Release.Namespace }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: {{ include "Atlantis.fullname" . }}
+      app.kubernetes.io/name: atlantis
+{{- end }}

charts/atlantis/values.yaml

@@ -61,6 +61,10 @@ ingress:
       paths:
         - path: /
           pathType: ImplementationSpecific
+        - path: /events
+          pathType: ImplementationSpecific
+          serviceName: main-ingress-nginx-defaultbackend.ingress-nginx
+          servicePort: 80
   tls:
     - hosts:
         - atlantis.srv.oceanbox.io
@@ -119,16 +123,6 @@ redis:
         ephemeral-storage: 50Mi
         memory: 128Mi
 
-tracing:
-  namespace: otel
-  endpoint: "http://opentelemetry-collector.otel:9411/api/v2/spans"
-
-rabbitmq:
-  namespace: rabbitmq
-  service: staging-rabbitmq
-  username: user
-  # secretName: staging-rabbitmq
-
 resources: {}
 # We usually recommend not to specify default resources and to leave this as a conscious
 # choice for the user. This also increases chances charts run on environments with little

values/atlantis/base/defaultbackend.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: defaultbackend
+spec:
+  type: ExternalName
+  externalName: main-ingress-nginx-defaultbackend.ingress-nginx.svc.cluster.local
+  ports:
+  - port: 80

values/atlantis/base/ingress_patch.yaml

@@ -0,0 +1,10 @@
+- op: add
+  path: /spec/rules/0/http/paths/-
+  value:
+    path: /events
+    pathType: ImplementationSpecific
+    backend:
+      service:
+        name: defaultbackend
+        port:
+          number: 80

values/atlantis/base/kustomization.yaml

@@ -1,5 +1,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
+namespace: atlantis
 patches:
   - target:
       version: v1
@@ -7,8 +8,10 @@ patches:
       kind: Deployment
     path: deployment_patch.yaml
   - target:
+      group: networking.k8s.io
       version: v1
-      kind: Service
-    path: service_patch.yaml
+      kind: Ingress
+    path: ingress_patch.yaml
 resources:
   - _manifest.yaml
+  - defaultbackend.yaml

values/atlantis/base/service_patch.yaml

@@ -1,7 +0,0 @@
-- op: add
-  path: /spec/ports/-
-  value:
-    name: intra
-    port: 8000
-    protocol: TCP
-    targetPort: 8000

values/atlantis/prod/appsettings.json

@@ -30,8 +30,23 @@
         "http://atlantis.srv.oceanbox.io",
         "https://atlantis.srv.oceanbox.io"
     ],
-    "logService" : "https://seq.adm.oceanbox.io",
-    "logApiKey": "",
+    "otelCollector": "http://opentelemetry-collector.opentelemetry.svc:4317",
     "deployEnv": "prod",
+    "deployName": "atlantis",
+    "slurm": {
+        "baseUrl": "https://hipster-slurmrestd.ekman.oceanbox.io/",
+        "slurmApi": "slurm/v0.0.38/",
+        "dbdApi": "slurmdbd/v0.0.38/",
+        "user": "serf",
+        "password": "wooqueiLee3ao0ha"
+    },
+    "amqp": {
+        "auth": "user:bunny",
+        "host": "10.1.8.60:30673"
+    },
+    "pubsubName": "pubsub",
+    "pubsubTopic": "hipster-atlantis",
+    "fenceRadius": 1250.0,
+    "cerbosUrl": "http://prod-cerbos.idp.svc:3593",
     "plainAuthUsers": []
 }

values/atlantis/prod/bindings.yaml

@@ -0,0 +1,22 @@
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: slurm-events
+spec:
+  type: bindings.rabbitmq
+  version: v1
+  metadata:
+  - name: host
+    secretKeyRef:
+      name: prod-rabbitmq
+      key:  connString
+  - name: queueName
+    value: prod-hipster-slurm-job-events
+  - name: durable
+    value: true
+  - name: contentType
+    value: "application/json"
+  - name: route
+    value: /events/slurm
+scopes:
+  - atlantis

values/atlantis/prod/default.env

@@ -1,3 +1,2 @@
 OIDC_CLIENT_SECRET=KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm
-SEQ_APIKEY=v9RfeLBD9Si7OkFlkjPm
 DEPLOY_NAME=prod-atlantis

values/atlantis/prod/deployment_patch.yaml

@@ -3,37 +3,6 @@
   value:
     name: LOG_LEVEL
     value: "4"
-- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: BARENTSWATCH_SECRET
-    valueFrom:
-      secretKeyRef:
-        name: prod-atlantis-barentswatch
-        key: secret
-        optional: true
-- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: BARENTSWATCH_CLIENT_ID
-    valueFrom:
-      secretKeyRef:
-        name: prod-atlantis-barentswatch
-        key: client-id
-        optional: true
-- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: REDIS_USER
-    value: default
-- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: REDIS_PASSWORD
-    valueFrom:
-      secretKeyRef:
-        name: prod-redis
-        key: redis-password
 - op: add
   path: /spec/template/spec/containers/0/envFrom/-
   value:

values/atlantis/prod/kustomization.yaml

@@ -19,4 +19,9 @@ patches:
     path: deployment_patch.yaml
 resources:
   - ../base
+  - secrets.yaml
+  - tracing.yaml
+  - bindings.yaml
+  - pubsub.yaml
+  - statestore.yaml
   - subscriptions.yaml

values/atlantis/prod/pubsub.yaml

@@ -2,18 +2,17 @@ apiVersion: dapr.io/v1alpha1
 kind: Component
 metadata:
   name: pubsub
-  namespace: {{ .Release.Namespace }}
 spec:
   version: v1
   type: pubsub.rabbitmq
   metadata:
   - name: hostname
-    value: {{ .Values.rabbitmq.service }}.{{ .Values.rabbitmq.namespace | default "rabbitmq" }}
+    value: prod
   - name: username
-    value: {{ .Values.rabbitmq.username }}
+    value: user
   - name: password
     secretKeyRef:
-      name: {{ .Values.rabbitmq.secretName | default (printf "%s-rabbitmq" .Release.Name) }}
+      name: prod-rabbitmq
       key:  rabbitmq-password
   - name: protocol
     value: amqp
@@ -51,4 +50,3 @@ spec:
     value: fanout
   - name: clientName
     value: "{appID}"
-

values/atlantis/prod/secrets.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    kyverno/clone: "true"
+  name: prod-rabbitmq
+type: Opaque
+data:

values/atlantis/prod/statestore.yaml

@@ -2,21 +2,21 @@ apiVersion: dapr.io/v1alpha1
 kind: Component
 metadata:
   name: statestore
-  namespace: {{ .Release.Namespace }}
 spec:
   type: state.redis
   version: v1
   metadata:
   - name: redisHost
-    value: {{ .Release.Name }}-redis-master:6379
+    value: <x>-redis-master:6379
   - name: redisUsername
     value: default
   - name: redisPassword
     secretKeyRef:
-      name: {{ .Release.Name }}-redis
+      name: <x>-redis
       key:  redis-password
   - name: actorStateStore
     value: "true"
+  - name: redisDB
+    value: "1"
 scopes:
-  - atlantis
-  - {{ .Release.Name }}-atlantis
+  - atlantis

values/atlantis/prod/subscriptions.yaml

@@ -5,12 +5,12 @@ metadata:
 spec:
   topic: hipster
   routes:
-    default: /hipster-events
+    default: /events/hipster
   pubsubname: pubsub
   metadata:
     queueType: quorum
 scopes:
-- prod-atlantis
+- atlantis
 ---
 apiVersion: dapr.io/v2alpha1
 kind: Subscription
@@ -19,9 +19,9 @@ metadata:
 spec:
   topic: inbox
   routes:
-    default: /inbox-events
+    default: /events/inbox
   pubsubname: pubsub
   metadata:
     queueType: quorum
 scopes:
-- prod-atlantis
+- atlantis

values/atlantis/prod/tracing.yaml

@@ -2,10 +2,8 @@ apiVersion: dapr.io/v1alpha1
 kind: Configuration
 metadata:
   name: tracing
-  namespace: {{ .Release.Namespace }}
 spec:
   tracing:
     samplingRate: "1"
     zipkin:
-      endpointAddress: {{ .Values.tracing.endpoint }}
-
+      endpointAddress: "http://opentelemetry-collector.otel:9411/api/v2/spans"

values/atlantis/staging/appsettings.json

@@ -28,8 +28,23 @@
         "http://atlantis.beta.oceanbox.io",
         "https://atlantis.beta.oceanbox.io"
     ],
-    "logService" : "https://seq.adm.oceanbox.io",
-    "logApiKey": "",
+    "otelCollector": "http://opentelemetry-collector.opentelemetry.svc:4317",
     "deployEnv": "staging",
+    "deployName": "atlantis",
+    "slurm": {
+        "baseUrl": "https://hipster-slurmrestd.ekman.oceanbox.io/",
+        "slurmApi": "slurm/v0.0.38/",
+        "dbdApi": "slurmdbd/v0.0.38/",
+        "user": "serf",
+        "password": "wooqueiLee3ao0ha"
+    },
+    "amqp": {
+        "auth": "user:bunny",
+        "host": "10.1.8.60:30673"
+    },
+    "pubsubName": "pubsub",
+    "pubsubTopic": "hipster-atlantis",
+    "fenceRadius": 1250.0,
+    "cerbosUrl": "http://staging-cerbos.idp.svc:3593",
     "plainAuthUsers": []
 }

values/atlantis/staging/bindings.yaml

@@ -0,0 +1,22 @@
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: slurm-events
+spec:
+  type: bindings.rabbitmq
+  version: v1
+  metadata:
+  - name: host
+    secretKeyRef:
+      name: staging-rabbitmq
+      key:  connString
+  - name: queueName
+    value: staging-hipster-slurm-job-events
+  - name: durable
+    value: true
+  - name: contentType
+    value: "application/json"
+  - name: route
+    value: /events/slurm
+scopes:
+  - atlantis

values/atlantis/staging/default.env

@@ -1,3 +1,2 @@
 OIDC_CLIENT_SECRET=3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR
-SEQ_APIKEY=v9RfeLBD9Si7OkFlkjPm
 DEPLOY_NAME=staging-atlantis

values/atlantis/staging/deployment_patch.yaml

@@ -3,37 +3,6 @@
   value:
     name: LOG_LEVEL
     value: "4"
-- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: BARENTSWATCH_SECRET
-    valueFrom:
-      secretKeyRef:
-        name: staging-atlantis-barentswatch
-        key: secret
-        optional: true
-- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: BARENTSWATCH_CLIENT_ID
-    valueFrom:
-      secretKeyRef:
-        name: staging-atlantis-barentswatch
-        key: client-id
-        optional: true
-- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: REDIS_USER
-    value: default
-- op: add
-  path: /spec/template/spec/containers/0/env/-
-  value:
-    name: REDIS_PASSWORD
-    valueFrom:
-      secretKeyRef:
-        name: staging-redis
-        key: redis-password
 - op: add
   path: /spec/template/spec/containers/0/envFrom/-
   value:

values/atlantis/staging/kustomization.yaml

@@ -19,3 +19,9 @@ patches:
     path: deployment_patch.yaml
 resources:
   - ../base
+  - secrets.yaml
+  - tracing.yaml
+  - bindings.yaml
+  - pubsub.yaml
+  - statestore.yaml
+  - subscriptions.yaml

values/atlantis/staging/pubsub.yaml

@@ -0,0 +1,52 @@
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: pubsub
+spec:
+  version: v1
+  type: pubsub.rabbitmq
+  metadata:
+  - name: hostname
+    value: staging
+  - name: username
+    value: user
+  - name: password
+    secretKeyRef:
+      name: staging-rabbitmq
+      key:  rabbitmq-password
+  - name: protocol
+    value: amqp
+  - name: durable
+    value: true
+  - name: deletedWhenUnused
+    value: false
+  - name: autoAck
+    value: false
+  - name: deliveryMode
+    value: 1
+  - name: requeueInFailure
+    value: false
+  - name: prefetchCount
+    value: 0
+  - name: reconnectWait
+    value: 0
+  - name: concurrencyMode
+    value: parallel
+  - name: publisherConfirm
+    value: false
+  - name: backOffPolicy
+    value: exponential
+  - name: backOffInitialInterval
+    value: 100
+  - name: backOffMaxRetries
+    value: 16
+  - name: enableDeadLetter # Optional enable dead Letter or not
+    value: true
+  - name: maxLen # Optional max message count in a queue
+    value: 3000
+  - name: maxLenBytes # Optional maximum length in bytes of a queue.
+    value: 10485760
+  - name: exchangeKind
+    value: fanout
+  - name: clientName
+    value: "{appID}"

values/atlantis/staging/secrets.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    kyverno/clone: "true"
+  name: staging-rabbitmq
+type: Opaque
+data:

values/atlantis/staging/statestore.yaml

@@ -0,0 +1,22 @@
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: statestore
+spec:
+  type: state.redis
+  version: v1
+  metadata:
+  - name: redisHost
+    value: <x>-redis-master:6379
+  - name: redisUsername
+    value: default
+  - name: redisPassword
+    secretKeyRef:
+      name: <x>-redis
+      key:  redis-password
+  - name: actorStateStore
+    value: "true"
+  - name: redisDB
+    value: "1"
+scopes:
+  - atlantis

values/atlantis/staging/subscriptions.yaml

@@ -2,30 +2,26 @@ apiVersion: dapr.io/v2alpha1
 kind: Subscription
 metadata:
   name: hipster-events
-  namespace: {{ .Release.Namespace }}
 spec:
   topic: hipster
   routes:
-    default: /hipster-events
+    default: /events/hipster
   pubsubname: pubsub
   metadata:
     queueType: quorum
 scopes:
 - atlantis
-- {{ .Release.Name}}-atlantis
 ---
 apiVersion: dapr.io/v2alpha1
 kind: Subscription
 metadata:
   name: inbox-events
-  namespace: {{ .Release.Namespace }}
 spec:
   topic: inbox
   routes:
-    default: /inbox-events
+    default: /events/inbox
   pubsubname: pubsub
   metadata:
     queueType: quorum
 scopes:
-- atlantis
-- {{ .Release.Name}}-atlantis
+- atlantis

values/atlantis/staging/tracing.yaml

@@ -0,0 +1,9 @@
+apiVersion: dapr.io/v1alpha1
+kind: Configuration
+metadata:
+  name: tracing
+spec:
+  tracing:
+    samplingRate: "1"
+    zipkin:
+      endpointAddress: "http://opentelemetry-collector.otel:9411/api/v2/spans"

values/atlantis/values-prod.yaml

@@ -22,6 +22,27 @@ ingress:
        - maps.oceanbox.io
       secretName: atlantis-tls
 
+env:
+  - name: REDIS_USER
+    value: default
+  - name: REDIS_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: prod-redis
+        key: redis-password
+  - name: BARENTSWATCH_CLIENT_ID
+    valueFrom:
+      secretKeyRef:
+        name: prod-atlantis-barentswatch
+        key: secret
+        optional: true
+  - name: BARENTSWATCH_SECRET
+    valueFrom:
+      secretKeyRef:
+        name: prod-atlantis-barentswatch
+        key: client-id
+        optional: true
+
 resources:
   limits:
     cpu: 250m

values/atlantis/values-staging.yaml

@@ -2,8 +2,10 @@ replicaCount: 2
 
 podAnnotations:
   dapr.io/app-id: "staging-atlantis"
+
 image:
   tag: 7f3512e0-debug
+
 ingress:
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-production
@@ -32,6 +34,28 @@ ingress:
         - atlas.oceanbox.io
         - beta.oceanbox.io
       secretName: staging-atlantis-tls
+
+env:
+  - name: REDIS_USER
+    value: default
+  - name: REDIS_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: staging-redis
+        key: redis-password
+  - name: BARENTSWATCH_CLIENT_ID
+    valueFrom:
+      secretKeyRef:
+        name: staging-atlantis-barentswatch
+        key: secret
+        optional: true
+  - name: BARENTSWATCH_SECRET
+    valueFrom:
+      secretKeyRef:
+        name: staging-atlantis-barentswatch
+        key: client-id
+        optional: true
+
 resources:
   limits:
     cpu: 250m

values/atlantis/values.yaml

@@ -1,16 +1,11 @@
 
 podAnnotations:
   dapr.io/enabled: "true"
-  dapr.io/app-port: "8000"
+  dapr.io/app-port: "8085"
   dapr.io/config: "tracing"
   dapr.io/app-protocol: "http"
-  dapr.io/enable-app-health-check: "true"
-  dapr.io/app-health-check-path: "/healthz"
-  dapr.io/app-health-probe-interval: "3"
-  dapr.io/app-health-probe-timeout: "200"
-  dapr.io/app-health-threshold: "2"
-  dapr.io/sidecar-cpu-request: "100m"
-  dapr.io/sidecar-memory-request: "250Mi"
-  dapr.io/sidecar-cpu-limit: "300m"
-  dapr.io/sidecar-memory-limit: "1000Mi"
   dapr.io/log-as-json: "true"
+  dapr.io/sidecar-cpu-request: "10m"
+  dapr.io/sidecar-memory-request: "50Mi"
+  # dapr.io/sidecar-cpu-limit: "100m"
+  # dapr.io/sidecar-memory-limit: "1000Mi"