feat: Add catalyst

helmfile.d/catalyst.yaml.gotmpl

@@ -0,0 +1,46 @@
+# yaml-language-server: $schema=https://www.schemastore.org/helmfile.json
+
+bases:
+ - ../envs/environments.yaml.gotmpl
+
+repositories:
+- name: catalyst
+  oci: true
+  url: 'public.ecr.aws/diagrid/catalyst'
+
+commonLabels:
+  tier: system
+
+releases:
+- name: catalyst
+  namespace: cra-agent
+  chart: catalyst/catalyst
+  version: v1.38.0
+  condition: catalyst.enabled
+  values:
+  - ../values/catalyst/values/values.yaml
+  - ../values/catalyst/values/values-{{ .Environment.Name }}.yaml
+  postRenderer: ../bin/kustomizer
+  postRendererArgs:
+  - ../values/catalyst/kustomize/{{ .Environment.Name }}
+  missingFileHandler: Info
+- name: manifests
+  namespace: cra-agent
+  chart: manifests
+  condition: catalyst.enabled
+  missingFileHandler: Info
+  values:
+  - ../values/env.yaml
+  - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
+  - ../values/catalyst/env.yaml.gotmpl
+  - ../values/catalyst/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl
+  hooks:
+  - events: [ prepare, cleanup ]
+    showlogs: true
+    command: ../bin/helmify
+    args:
+    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
+    - '{{`{{ .Release.Chart }}`}}'
+    - '{{`{{ .Environment.Name }}`}}'
+    - ../values/catalyst/manifests
+    - manifests

values/argo/manifests/sys-project.yaml

@@ -96,6 +96,10 @@ spec:
     server: https://kubernetes.default.svc
   - namespace: dex
     server: https://kubernetes.default.svc
+  - namespace: cra-agent
+    server: https://kubernetes.default.svc
+  - namespace: catalyst
+    server: https://kubernetes.default.svc
   sourceRepos:
   - https://argoproj.github.io/argo-helm
   - https://kubernetes-sigs.github.io/metrics-server/
@@ -139,7 +143,8 @@ spec:
   - ghcr.io/dragonflydb/dragonfly-operator/helm/dragonfly-operator
   - docker.gitea.com
   - https://operator.mariadb.com/mariadb-enterprise-operator
-  - https://operator.mariadb.com
   - https://ot-container-kit.github.io/helm-charts
+  - https://operator.mariadb.com
   - https://twin.github.io/helm-charts
   - https://charts.dexidp.io
+  - public.ecr.aws/diagrid/catalyst

values/catalyst/env-oceanbox.yaml.gotmpl

@@ -0,0 +1,3 @@
+catalyst:
+  enabled: true
+  autosync: false

values/catalyst/env.yaml.gotmpl

@@ -0,0 +1,3 @@
+catalyst:
+  enabled: false
+  autosync: false

values/catalyst/manifests/catalyst.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.clusterConfig.argo.enabled }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: catalyst
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: cra-agent
+    server: https://kubernetes.default.svc
+  project: sys
+  sources:
+  - repoURL: {{ .Values.clusterConfig.manifests }}
+    targetRevision: HEAD
+    path: helmfile.d
+    plugin:
+      name: helmfile-cmp
+      env:
+      - name: CLUSTER_NAME
+        value: {{ .Values.clusterConfig.cluster }}
+      - name: HELMFILE_ENVIRONMENT
+        value: {{ .Values.catalyst.env }}
+      - name: HELMFILE_FILE_PATH
+        value: catalyst.yaml.gotmpl
+  syncPolicy:
+    managedNamespaceMetadata:
+      labels:
+        component: aux
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+      # - ServerSideApply=true
+    {{- if .Values.catalyst.autosync }}
+    automated:
+      prune: true
+      # selfHeal: false
+    {{- end }}
+{{- end }}

values/catalyst/manifests/cluster.yaml

@@ -0,0 +1,11 @@
+apiVersion: postgresql.cnpg.io/v1
+kind: Cluster
+metadata:
+  name: catalyst-db
+  namespace: cra-agent
+spec:
+  instances: 1
+  imageName: ghcr.io/cloudnative-pg/postgresql:18
+  storage:
+    resizeInUseVolumes: true
+    size: 10Gi

values/catalyst/manifests/policy.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-api-umami
+  namespace: analytics
+spec:
+  description: Allow umami api
+  egress:
+    - toFQDNs:
+        - matchPattern: binaries.prisma.sh
+        - matchPattern: checkpoint.prisma.io
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/instance: umami
+{{- end }}

values/catalyst/values/values.yaml

@@ -0,0 +1,16 @@
+agent:
+  config:
+    project:
+      default_managed_state_store_type: postgresql-shared-external
+      external_postgresql:
+        enabled: true
+        auth_type: connectionString
+        namespace: postgres
+        connection_string_host: postgres-postgresql.postgres.svc.cluster.local
+        connection_string_port: 5432
+        connection_string_username: postgres
+        connection_string_password: postgres
+        connection_string_database: catalyst
+gateway:
+  tls:
+    enabled: true