diff --git a/helmfile.d/catalyst.yaml.gotmpl b/helmfile.d/catalyst.yaml.gotmpl new file mode 100644 index 00000000..6cc7d37a --- /dev/null +++ b/helmfile.d/catalyst.yaml.gotmpl @@ -0,0 +1,46 @@ +# yaml-language-server: $schema=https://www.schemastore.org/helmfile.json + +bases: + - ../envs/environments.yaml.gotmpl + +repositories: +- name: catalyst + oci: true + url: 'public.ecr.aws/diagrid/catalyst' + +commonLabels: + tier: system + +releases: +- name: catalyst + namespace: cra-agent + chart: catalyst/catalyst + version: v1.38.0 + condition: catalyst.enabled + values: + - ../values/catalyst/values/values.yaml + - ../values/catalyst/values/values-{{ .Environment.Name }}.yaml + postRenderer: ../bin/kustomizer + postRendererArgs: + - ../values/catalyst/kustomize/{{ .Environment.Name }} + missingFileHandler: Info +- name: manifests + namespace: cra-agent + chart: manifests + condition: catalyst.enabled + missingFileHandler: Info + values: + - ../values/env.yaml + - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml + - ../values/catalyst/env.yaml.gotmpl + - ../values/catalyst/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl + hooks: + - events: [ prepare, cleanup ] + showlogs: true + command: ../bin/helmify + args: + - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}' + - '{{`{{ .Release.Chart }}`}}' + - '{{`{{ .Environment.Name }}`}}' + - ../values/catalyst/manifests + - manifests diff --git a/values/argo/manifests/sys-project.yaml b/values/argo/manifests/sys-project.yaml index 0b8c6126..e6936c81 100644 --- a/values/argo/manifests/sys-project.yaml +++ b/values/argo/manifests/sys-project.yaml @@ -96,6 +96,10 @@ spec: server: https://kubernetes.default.svc - namespace: dex server: https://kubernetes.default.svc + - namespace: cra-agent + server: https://kubernetes.default.svc + - namespace: catalyst + server: https://kubernetes.default.svc sourceRepos: - https://argoproj.github.io/argo-helm - https://kubernetes-sigs.github.io/metrics-server/ @@ -139,7 +143,8 @@ spec: - ghcr.io/dragonflydb/dragonfly-operator/helm/dragonfly-operator - docker.gitea.com - https://operator.mariadb.com/mariadb-enterprise-operator - - https://operator.mariadb.com - https://ot-container-kit.github.io/helm-charts + - https://operator.mariadb.com - https://twin.github.io/helm-charts - https://charts.dexidp.io + - public.ecr.aws/diagrid/catalyst diff --git a/values/catalyst/env-oceanbox.yaml.gotmpl b/values/catalyst/env-oceanbox.yaml.gotmpl new file mode 100644 index 00000000..c1fb9da6 --- /dev/null +++ b/values/catalyst/env-oceanbox.yaml.gotmpl @@ -0,0 +1,3 @@ +catalyst: + enabled: true + autosync: false diff --git a/values/catalyst/env.yaml.gotmpl b/values/catalyst/env.yaml.gotmpl new file mode 100644 index 00000000..7e82ca9b --- /dev/null +++ b/values/catalyst/env.yaml.gotmpl @@ -0,0 +1,3 @@ +catalyst: + enabled: false + autosync: false diff --git a/values/catalyst/manifests/catalyst.yaml b/values/catalyst/manifests/catalyst.yaml new file mode 100644 index 00000000..0265a0d2 --- /dev/null +++ b/values/catalyst/manifests/catalyst.yaml @@ -0,0 +1,42 @@ +{{- if .Values.clusterConfig.argo.enabled }} +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: catalyst + namespace: argocd + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: cra-agent + server: https://kubernetes.default.svc + project: sys + sources: + - repoURL: {{ .Values.clusterConfig.manifests }} + targetRevision: HEAD + path: helmfile.d + plugin: + name: helmfile-cmp + env: + - name: CLUSTER_NAME + value: {{ .Values.clusterConfig.cluster }} + - name: HELMFILE_ENVIRONMENT + value: {{ .Values.catalyst.env }} + - name: HELMFILE_FILE_PATH + value: catalyst.yaml.gotmpl + syncPolicy: + managedNamespaceMetadata: + labels: + component: aux + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + # - ServerSideApply=true + {{- if .Values.catalyst.autosync }} + automated: + prune: true + # selfHeal: false + {{- end }} +{{- end }} diff --git a/values/catalyst/manifests/cluster.yaml b/values/catalyst/manifests/cluster.yaml new file mode 100644 index 00000000..187bf29b --- /dev/null +++ b/values/catalyst/manifests/cluster.yaml @@ -0,0 +1,11 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: catalyst-db + namespace: cra-agent +spec: + instances: 1 + imageName: ghcr.io/cloudnative-pg/postgresql:18 + storage: + resizeInUseVolumes: true + size: 10Gi diff --git a/values/catalyst/manifests/policy.yaml b/values/catalyst/manifests/policy.yaml new file mode 100644 index 00000000..7f7de2c0 --- /dev/null +++ b/values/catalyst/manifests/policy.yaml @@ -0,0 +1,16 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-api-umami + namespace: analytics +spec: + description: Allow umami api + egress: + - toFQDNs: + - matchPattern: binaries.prisma.sh + - matchPattern: checkpoint.prisma.io + endpointSelector: + matchLabels: + app.kubernetes.io/instance: umami +{{- end }} diff --git a/values/catalyst/values/values.yaml b/values/catalyst/values/values.yaml new file mode 100644 index 00000000..9d0e0803 --- /dev/null +++ b/values/catalyst/values/values.yaml @@ -0,0 +1,16 @@ +agent: + config: + project: + default_managed_state_store_type: postgresql-shared-external + external_postgresql: + enabled: true + auth_type: connectionString + namespace: postgres + connection_string_host: postgres-postgresql.postgres.svc.cluster.local + connection_string_port: 5432 + connection_string_username: postgres + connection_string_password: postgres + connection_string_database: catalyst +gateway: + tls: + enabled: true