From daa4a875971b3cd671a302afdc7a5378f80477f3 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Tue, 28 Jan 2025 10:50:28 +0100 Subject: [PATCH 01/15] fix: update atlantis preprod --- values/atlantis/values-prod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/atlantis/values-prod.yaml b/values/atlantis/values-prod.yaml index b2766650..af3de200 100644 --- a/values/atlantis/values-prod.yaml +++ b/values/atlantis/values-prod.yaml @@ -1,7 +1,7 @@ replicaCount: 1 image: - tag: v2.97.0 + tag: v2.97.3 podAnnotations: dapr.io/app-id: "preprod-atlantis" From c9ba27539ebf7969cde63ec0be1af0638295c0e9 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 30 Jan 2025 20:08:09 +0100 Subject: [PATCH 02/15] feat: add new prod-sorcerer --- apps/prod-sorcerer.yaml | 73 ++++++++++++++++++--------- values/sorcerer/prod/appsettings.json | 44 +++++++++------- values/sorcerer/prod/tracing.yaml | 2 +- values/sorcerer/values-prod.yaml | 7 ++- 4 files changed, 79 insertions(+), 47 deletions(-) diff --git a/apps/prod-sorcerer.yaml b/apps/prod-sorcerer.yaml index 8dc712bf..cab87c45 100644 --- a/apps/prod-sorcerer.yaml +++ b/apps/prod-sorcerer.yaml @@ -3,29 +3,52 @@ kind: Application metadata: name: prod-sorcerer namespace: argocd + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + finalizers: + - resources-finalizer.argocd.argoproj.io spec: - template: - metadata: - name: prod-sorcerer - spec: - project: atlantis - destination: - namespace: sorcerer - server: https://10.255.241.99:4443 - sources: - - repoURL: https://gitlab.com/oceanbox/manifests.git - targetRevision: main - path: values/sorcerer - plugin: - name: kustomize-helm-with-rewrite - parameters: - - name: env - string: prod - - name: hostname - string: sorcerer.data.oceanbox.io - templatePatch: | - spec: - syncPolicy: - automated: - prune: true - selfHeal: false + destination: + namespace: prod-sorcerer + server: https://10.255.241.99:4443 + project: atlantis + sources: + - repoURL: https://gitlab.com/oceanbox/manifests.git + targetRevision: nixidy + ref: values + - repoURL: https://gitlab.com/oceanbox/manifests.git + targetRevision: nixidy + path: values/sorcerer + plugin: + name: kustomize-helm-with-rewrite + parameters: + - name: env + string: prod + - name: hostname + string: sorcerer.data.oceanbox.io + - repoURL: https://charts.bitnami.com/bitnami + targetRevision: 20.1.7 + chart: redis + helm: + valueFiles: + - $values/values/sorcerer/prod/redis.yaml + ignoreDifferences: + - kind: Secret + name: azure-keyvault + jqPathExpressions: + - '.data' + - '.metadata.labels' + - '.metadata.annotations' + - kind: Secret + name: prod-atlantis-rabbitmq + jqPathExpressions: + - '.data' + - '.metadata.labels' + - '.metadata.annotations' + syncPolicy: + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + # automated: + # prune: true + # selfHeal: false diff --git a/values/sorcerer/prod/appsettings.json b/values/sorcerer/prod/appsettings.json index 44c6815d..25e9e5c4 100644 --- a/values/sorcerer/prod/appsettings.json +++ b/values/sorcerer/prod/appsettings.json @@ -1,11 +1,12 @@ { "oidc": { - "issuer": "https://idp.oceanbox.io/dex", - "authorization_endpoint": "https://idp.oceanbox.io/dex/auth", - "token_endpoint": "https://idp.oceanbox.io/dex/token", - "jwks_uri": "https://idp.oceanbox.io/dex/keys", - "userinfo_endpoint": "https://idp.oceanbox.io/dex/userinfo", - "device_authorization_endpoint": "https://idp.oceanbox.io/dex/device/code", + "issuer": "https://auth.oceanbox.io/realms/oceanbox", + "authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth", + "token_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/token", + "jwks_uri": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/certs", + "userinfo_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/userinfo", + "end_session_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/logout", + "device_authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth/device", "clientId": "sorcerer", "clientSecret": "", "scopes": [ @@ -24,33 +25,43 @@ "sso": { "cookieDomain": ".oceanbox.io", "cookieName": ".obx.prod", - "signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html", + "signedOutRedirectUri": "https://maps.oceanbox.io", "realm": "atlantis", "environment": "prod", - "keyStore": "azure", - "certStore": "https://atlantis.blob.core.windows.net", - "dataProtectionKeys": "https://atlantisvault.vault.azure.net/keys/dataprotection" + "keyStore": { + "kind": "azure", + "uri": "https://atlantis.blob.core.windows.net", + "key": "dataprotection-keys" + }, + "keyVault": { + "kind": "azure", + "uri": "https://atlantisvault.vault.azure.net", + "key": "dataencryption-keys" + } }, "plainAuthUsers": [], "fga": { "apiUrl": "https://openfga.srv.oceanbox.io", "apiKey": "", - "storeId": "01J6C1NBX36E1B928HFSB123XQ", - "modelId": "01JHMSEB0WJGHGNAZ47NVW8Z3A" + "storeId": "01JH65JAW80D06GYBN7A8TBZRG", + "modelId": "" }, "redis": "localhost:6379,user=default,password=secret", "allowedOrigins": [ "http://localhost:8085", "http://localhost:8080", "https://localhost:8080", + "https://sorcerer.data.oceanbox.io", + "https://sorcerer.ekman.oceanbox.io", "https://sorcerer.local.oceanbox.io:8080", "https://atlantis.local.oceanbox.io:8080", "https://maps.oceanbox.io", - "https://atlantis.srv.oceanbox.io", + "https://maps.beta.oceanbox.io", + "https://atlantis.beta.oceanbox.io", "https://jonas-atlantis.dev.oceanbox.io", "https://stig-atlantis.dev.oceanbox.io", - "https://sorcerer.data.oceanbox.io", - "http://sorcerer.data.oceanbox.io" + "https://prod-sorcerer.ekman.oceanbox.io", + "http://prod-sorcerer.ekman.oceanbox.io" ], "appName": "sorcerer", "appEnv": "prod", @@ -59,6 +70,5 @@ "otelCollector": "http://10.255.241.12:4317", "archiveSvc": "https://maps.oceanbox.io", "dataDir": "/data/archives", - "cacheDir": "/data/archives/cache", - "authDomain": "prod" + "cacheDir": "/data/archives/cache" } diff --git a/values/sorcerer/prod/tracing.yaml b/values/sorcerer/prod/tracing.yaml index e76aa937..4c4c318c 100644 --- a/values/sorcerer/prod/tracing.yaml +++ b/values/sorcerer/prod/tracing.yaml @@ -8,4 +8,4 @@ spec: otel: endpointAddress: "10.255.241.12:4317" protocol: grpc - isSecure: false \ No newline at end of file + isSecure: false diff --git a/values/sorcerer/values-prod.yaml b/values/sorcerer/values-prod.yaml index 1dbb091c..af6339f5 100644 --- a/values/sorcerer/values-prod.yaml +++ b/values/sorcerer/values-prod.yaml @@ -1,7 +1,7 @@ replicaCount: 1 image: - tag: latest + tag: v4.16.3 podAnnotations: dapr.io/enabled: "true" @@ -18,7 +18,7 @@ podAnnotations: env: - name: APP_VERSION - value: "0.0.0" + value: "4.16.3" - name: LOG_LEVEL value: "2" - name: REDIS_USER @@ -26,7 +26,7 @@ env: - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: prod-redis + name: prod-sorcerer-redis key: redis-password - name: DAPR_API_TOKEN valueFrom: @@ -42,7 +42,6 @@ ingress: nginx.ingress.kubernetes.io/session-cookie-name: "http-affinity" nginx.ingress.kubernetes.io/session-cookie-expires: "86400" nginx.ingress.kubernetes.io/session-cookie-max-age: "86400" - atlantis.oceanbox.io/expose: internal hosts: - host: sorcerer.data.oceanbox.io paths: From b63d89d9e6840b7560dfc82bfe4af61b66066719 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 30 Jan 2025 20:10:37 +0100 Subject: [PATCH 03/15] fix: add missing redis --- values/sorcerer/prod/redis.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 values/sorcerer/prod/redis.yaml diff --git a/values/sorcerer/prod/redis.yaml b/values/sorcerer/prod/redis.yaml new file mode 100644 index 00000000..d612f748 --- /dev/null +++ b/values/sorcerer/prod/redis.yaml @@ -0,0 +1,23 @@ +architecture: replication + +replica: + replicaCount: 2 + +auth: + enabled: true + sentinel: true + password: "" + usePasswordFiles: false + existingSecretPasswordKey: "" + existingSecret: staging-sorcerer-redis + +master: + resources: + limits: + ephemeral-storage: 1024Mi + memory: 192Mi + requests: + cpu: 150m + ephemeral-storage: 50Mi + memory: 128Mi + From 20de965607a2614aa9ebfb8a45929ae7e8529f34 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 30 Jan 2025 20:13:16 +0100 Subject: [PATCH 04/15] fix: fix redis secret --- values/sorcerer/prod/redis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/sorcerer/prod/redis.yaml b/values/sorcerer/prod/redis.yaml index d612f748..2b66fdb4 100644 --- a/values/sorcerer/prod/redis.yaml +++ b/values/sorcerer/prod/redis.yaml @@ -9,7 +9,7 @@ auth: password: "" usePasswordFiles: false existingSecretPasswordKey: "" - existingSecret: staging-sorcerer-redis + # existingSecret: prod-sorcerer-redis master: resources: From 861f288ec0916ac981ebc6c2384d682d5256ca2c Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 30 Jan 2025 20:14:12 +0100 Subject: [PATCH 05/15] fix: fix redis secret (static) --- values/sorcerer/prod/redis.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/sorcerer/prod/redis.yaml b/values/sorcerer/prod/redis.yaml index 2b66fdb4..f5a82dfe 100644 --- a/values/sorcerer/prod/redis.yaml +++ b/values/sorcerer/prod/redis.yaml @@ -9,7 +9,7 @@ auth: password: "" usePasswordFiles: false existingSecretPasswordKey: "" - # existingSecret: prod-sorcerer-redis + existingSecret: prod-sorcerer-redis master: resources: From e04dd170ac7ba960dc01b9776348206b78f22949 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 30 Jan 2025 20:19:13 +0100 Subject: [PATCH 06/15] fix: fix redis prod env secret --- values/sorcerer/prod/secrets.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/values/sorcerer/prod/secrets.yaml b/values/sorcerer/prod/secrets.yaml index 6b60d6a2..9d389479 100644 --- a/values/sorcerer/prod/secrets.yaml +++ b/values/sorcerer/prod/secrets.yaml @@ -1,11 +1,11 @@ -# apiVersion: v1 -# kind: Secret -# metadata: -# annotations: -# kyverno/clone: "true" -# name: prod-sorcerer-env -# type: Opaque -# data: +apiVersion: v1 +kind: Secret +metadata: + annotations: + kyverno/clone: "true" + name: prod-sorcerer-env +type: Opaque +data: --- apiVersion: v1 kind: Secret From 2508817f302f911e02369d483cc5ba6edadaf4f5 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 30 Jan 2025 20:22:10 +0100 Subject: [PATCH 07/15] fix: fix redis prod env secret --- values/sorcerer/prod/secrets.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/values/sorcerer/prod/secrets.yaml b/values/sorcerer/prod/secrets.yaml index 9d389479..37307c3e 100644 --- a/values/sorcerer/prod/secrets.yaml +++ b/values/sorcerer/prod/secrets.yaml @@ -1,8 +1,6 @@ apiVersion: v1 kind: Secret metadata: - annotations: - kyverno/clone: "true" name: prod-sorcerer-env type: Opaque data: From 265f188f66cb7ce93f20b5ebed089825a503a455 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 30 Jan 2025 20:23:38 +0100 Subject: [PATCH 08/15] fix: fix prod-sorcerer replica count --- values/sorcerer/values-prod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/sorcerer/values-prod.yaml b/values/sorcerer/values-prod.yaml index af6339f5..6903162a 100644 --- a/values/sorcerer/values-prod.yaml +++ b/values/sorcerer/values-prod.yaml @@ -1,4 +1,4 @@ -replicaCount: 1 +replicaCount: 2 image: tag: v4.16.3 From 5d86e81fb0fa77891f7b921c64597b097e2ff83e Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 30 Jan 2025 20:45:33 +0100 Subject: [PATCH 09/15] feat: change preprod to prod! --- apps/prod-atlantis.yaml | 6 +++--- values/atlantis/prod/appsettings.json | 2 +- values/atlantis/prod/bindings.yaml | 6 +++--- values/atlantis/prod/configurations.yaml | 6 +++--- values/atlantis/prod/kustomization.yaml | 2 +- values/atlantis/prod/pubsub.yaml | 2 +- values/atlantis/prod/rbac.yaml | 12 ++++++------ values/atlantis/prod/redis.yaml | 2 +- values/atlantis/prod/secrets.yaml | 2 +- values/atlantis/prod/statestore.yaml | 6 +++--- values/atlantis/prod/subscriptions.yaml | 4 ++-- values/atlantis/values-prod.yaml | 22 +++++++++++----------- 12 files changed, 36 insertions(+), 36 deletions(-) diff --git a/apps/prod-atlantis.yaml b/apps/prod-atlantis.yaml index 66c3fab4..41cabaa2 100644 --- a/apps/prod-atlantis.yaml +++ b/apps/prod-atlantis.yaml @@ -1,7 +1,7 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: preprod-atlantis + name: prod-atlantis namespace: argocd annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -25,7 +25,7 @@ spec: - name: env string: prod - name: hostname - string: maps.beta.oceanbox.io + string: maps.oceanbox.io - repoURL: https://charts.bitnami.com/bitnami targetRevision: 20.1.7 chart: redis @@ -40,7 +40,7 @@ spec: - '.metadata.labels' - '.metadata.annotations' - kind: Secret - name: preprod-atlantis-rabbitmq + name: prod-atlantis-rabbitmq jqPathExpressions: - '.data' - '.metadata.labels' diff --git a/values/atlantis/prod/appsettings.json b/values/atlantis/prod/appsettings.json index 64381872..874c502f 100644 --- a/values/atlantis/prod/appsettings.json +++ b/values/atlantis/prod/appsettings.json @@ -53,7 +53,7 @@ "roles": [ "admin" ] } ], - "redis": "preprod-atlantis-redis-master:6379", + "redis": "prod-atlantis-redis-master:6379", "objectStore": "https://atlantis.blob.core.windows.net", "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;", "sorcerer" : "https://sorcerer.ekman.oceanbox.io", diff --git a/values/atlantis/prod/bindings.yaml b/values/atlantis/prod/bindings.yaml index be8d0355..8a95c563 100644 --- a/values/atlantis/prod/bindings.yaml +++ b/values/atlantis/prod/bindings.yaml @@ -8,10 +8,10 @@ spec: metadata: - name: host secretKeyRef: - name: preprod-atlantis-rabbitmq + name: prod-atlantis-rabbitmq key: connString - name: queueName - value: preprod-slurm-job-events + value: prod-slurm-job-events - name: durable value: true - name: contentType @@ -19,4 +19,4 @@ spec: - name: route value: /events/slurm scopes: - - preprod-atlantis + - prod-atlantis diff --git a/values/atlantis/prod/configurations.yaml b/values/atlantis/prod/configurations.yaml index b5ffeb47..705e1b48 100644 --- a/values/atlantis/prod/configurations.yaml +++ b/values/atlantis/prod/configurations.yaml @@ -7,14 +7,14 @@ spec: version: v1 metadata: - name: redisHost - value: preprod-atlantis-redis-master:6379 + value: prod-atlantis-redis-master:6379 - name: redisUsername value: default - name: redisPassword secretKeyRef: - name: preprod-atlantis-redis + name: prod-atlantis-redis key: redis-password - name: redisDB value: "1" scopes: - - preprod-atlantis + - prod-atlantis diff --git a/values/atlantis/prod/kustomization.yaml b/values/atlantis/prod/kustomization.yaml index 95fe2fdd..f0e148c2 100644 --- a/values/atlantis/prod/kustomization.yaml +++ b/values/atlantis/prod/kustomization.yaml @@ -1,7 +1,7 @@ generatorOptions: disableNameSuffixHash: true configMapGenerator: -- name: preprod-atlantis-appsettings +- name: prod-atlantis-appsettings files: - appsettings.json patches: diff --git a/values/atlantis/prod/pubsub.yaml b/values/atlantis/prod/pubsub.yaml index 201a17f5..b7aeda01 100644 --- a/values/atlantis/prod/pubsub.yaml +++ b/values/atlantis/prod/pubsub.yaml @@ -12,7 +12,7 @@ spec: value: user - name: password secretKeyRef: - name: preprod-atlantis-rabbitmq + name: prod-atlantis-rabbitmq key: rabbitmq-password - name: protocol value: amqp diff --git a/values/atlantis/prod/rbac.yaml b/values/atlantis/prod/rbac.yaml index 47492b73..772c7a95 100644 --- a/values/atlantis/prod/rbac.yaml +++ b/values/atlantis/prod/rbac.yaml @@ -1,13 +1,13 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: preprod-atlantis + name: prod-atlantis namespace: prod-atlantis rules: - apiGroups: - "" resourceNames: - - preprod-atlantis-appsettings + - prod-atlantis-appsettings resources: - configmaps verbs: @@ -17,7 +17,7 @@ rules: - "" resourceNames: - azure-keyvault - - preprod-atlantis-redis + - prod-atlantis-redis resources: - secrets verbs: @@ -27,13 +27,13 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: preprod-atlantis + name: prod-atlantis namespace: prod-atlantis roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: preprod-atlantis + name: prod-atlantis subjects: - kind: ServiceAccount - name: preprod-atlantis + name: prod-atlantis namespace: prod-atlantis diff --git a/values/atlantis/prod/redis.yaml b/values/atlantis/prod/redis.yaml index 74968ac1..f9ca65a9 100644 --- a/values/atlantis/prod/redis.yaml +++ b/values/atlantis/prod/redis.yaml @@ -9,7 +9,7 @@ auth: password: "" usePasswordFiles: false existingSecretPasswordKey: "" - existingSecret: preprod-atlantis-redis + existingSecret: prod-atlantis-redis master: resources: diff --git a/values/atlantis/prod/secrets.yaml b/values/atlantis/prod/secrets.yaml index fbf3b560..a956c207 100644 --- a/values/atlantis/prod/secrets.yaml +++ b/values/atlantis/prod/secrets.yaml @@ -4,6 +4,6 @@ metadata: annotations: kyverno/clone: "true" kyverno/env: "prod" - name: preprod-atlantis-rabbitmq + name: prod-atlantis-rabbitmq type: Opaque data: diff --git a/values/atlantis/prod/statestore.yaml b/values/atlantis/prod/statestore.yaml index 34145fe5..beb6ee64 100644 --- a/values/atlantis/prod/statestore.yaml +++ b/values/atlantis/prod/statestore.yaml @@ -7,16 +7,16 @@ spec: version: v1 metadata: - name: redisHost - value: preprod-atlantis-redis-master:6379 + value: prod-atlantis-redis-master:6379 - name: redisUsername value: default - name: redisPassword secretKeyRef: - name: preprod-atlantis-redis + name: prod-atlantis-redis key: redis-password - name: actorStateStore value: "true" - name: redisDB value: "0" scopes: - - preprod-atlantis + - prod-atlantis diff --git a/values/atlantis/prod/subscriptions.yaml b/values/atlantis/prod/subscriptions.yaml index 102e4809..d0d0dcce 100644 --- a/values/atlantis/prod/subscriptions.yaml +++ b/values/atlantis/prod/subscriptions.yaml @@ -10,7 +10,7 @@ spec: metadata: queueType: quorum scopes: -- preprod-atlantis +- prod-atlantis --- apiVersion: dapr.io/v2alpha1 kind: Subscription @@ -24,4 +24,4 @@ spec: metadata: queueType: quorum scopes: -- preprod-atlantis +- prod-atlantis diff --git a/values/atlantis/values-prod.yaml b/values/atlantis/values-prod.yaml index af3de200..99951925 100644 --- a/values/atlantis/values-prod.yaml +++ b/values/atlantis/values-prod.yaml @@ -1,16 +1,16 @@ replicaCount: 1 image: - tag: v2.97.3 + tag: v2.97.4 podAnnotations: - dapr.io/app-id: "preprod-atlantis" + dapr.io/app-id: "prod-atlantis" env: - name: APP_NAMESPACE value: prod-atlantis - name: APP_VERSION - value: "2.94.0" + value: "2.97.4" - name: LOG_LEVEL value: "2" - name: REDIS_USER @@ -18,22 +18,22 @@ env: - name: REDIS_PASSWORD valueFrom: secretKeyRef: - name: preprod-atlantis-redis + name: prod-atlantis-redis key: redis-password - name: DB_HOST value: prod-archmeister-rw.atlantis - #value: preprod-atlantis-db-rw + #value: prod-atlantis-db-rw - name: DB_PORT value: "5432" - name: DB_USER valueFrom: secretKeyRef: - name: preprod-atlantis-db-superuser + name: prod-atlantis-db-superuser key: username - name: DB_PASSWORD valueFrom: secretKeyRef: - name: preprod-atlantis-db-superuser + name: prod-atlantis-db-superuser key: password - name: DAPR_API_TOKEN valueFrom: @@ -47,7 +47,7 @@ ingress: cert-manager.io/cluster-issuer: letsencrypt-production nginx.ingress.kubernetes.io/proxy-buffer-size: 128k hosts: - - host: maps.beta.oceanbox.io + - host: maps.oceanbox.io paths: - path: / pathType: ImplementationSpecific @@ -66,7 +66,7 @@ ingress: pathType: ImplementationSpecific tls: - hosts: - - maps.beta.oceanbox.io + - maps.oceanbox.io secretName: prod-atlantis-tls cluster: @@ -74,8 +74,8 @@ cluster: bootstrap: enabled: true source: - db: prod-archmeister - namespace: atlantis + db: staging-atlantis-db + namespace: staging-atlantis resources: limits: From 39e69dff7fa9a182a20b29ea99090b83240de0c8 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 30 Jan 2025 20:55:39 +0100 Subject: [PATCH 10/15] fix: fix prod-atlantis db and disable bootstrap --- values/atlantis/values-prod.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/values/atlantis/values-prod.yaml b/values/atlantis/values-prod.yaml index 99951925..64b35808 100644 --- a/values/atlantis/values-prod.yaml +++ b/values/atlantis/values-prod.yaml @@ -21,8 +21,7 @@ env: name: prod-atlantis-redis key: redis-password - name: DB_HOST - value: prod-archmeister-rw.atlantis - #value: prod-atlantis-db-rw + value: prod-atlantis-db-rw - name: DB_PORT value: "5432" - name: DB_USER @@ -72,10 +71,10 @@ ingress: cluster: instances: 2 bootstrap: - enabled: true + enabled: false source: - db: staging-atlantis-db - namespace: staging-atlantis + db: prod-atlantis-db + namespace: prod-atlantis resources: limits: From 1ef512e2eb34ef70ac185e36868b8ace7ba56de2 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 30 Jan 2025 21:16:40 +0100 Subject: [PATCH 11/15] fix: fix prod-atlantis sorcerer uri to prod --- values/atlantis/prod/appsettings.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/atlantis/prod/appsettings.json b/values/atlantis/prod/appsettings.json index 874c502f..3df02419 100644 --- a/values/atlantis/prod/appsettings.json +++ b/values/atlantis/prod/appsettings.json @@ -56,7 +56,7 @@ "redis": "prod-atlantis-redis-master:6379", "objectStore": "https://atlantis.blob.core.windows.net", "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;", - "sorcerer" : "https://sorcerer.ekman.oceanbox.io", + "sorcerer" : "https://sorcerer.data.oceanbox.io", "allowedOrigins": [ "https://maps.oceanbox.io", "https://maps.beta.oceanbox.io", From d8a37063053dbc4bebfc0399b48fed5246013000 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 30 Jan 2025 21:18:03 +0100 Subject: [PATCH 12/15] fix: fix increase prod-atlantis replica count --- values/atlantis/values-prod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/atlantis/values-prod.yaml b/values/atlantis/values-prod.yaml index 64b35808..71afdad5 100644 --- a/values/atlantis/values-prod.yaml +++ b/values/atlantis/values-prod.yaml @@ -1,4 +1,4 @@ -replicaCount: 1 +replicaCount: 2 image: tag: v2.97.4 From f425a1c55116ade942b667a6aadec79f3409338d Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Thu, 30 Jan 2025 21:53:54 +0100 Subject: [PATCH 13/15] fix: update prod atlantis --- values/atlantis/values-prod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/atlantis/values-prod.yaml b/values/atlantis/values-prod.yaml index 71afdad5..03b77b94 100644 --- a/values/atlantis/values-prod.yaml +++ b/values/atlantis/values-prod.yaml @@ -1,7 +1,7 @@ replicaCount: 2 image: - tag: v2.97.4 + tag: v2.97.5 podAnnotations: dapr.io/app-id: "prod-atlantis" From 8421acaa25dc1b355072c629138ed9aa5540eb75 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Fri, 31 Jan 2025 13:22:27 +0100 Subject: [PATCH 14/15] fix: unify atlantis secrets policy --- .../kyverno/sync-archmaester-secrets.yaml | 46 ------------------- .../kyverno/sync-atlantis-secrets.yaml | 38 +++++++++++++++ 2 files changed, 38 insertions(+), 46 deletions(-) delete mode 100644 policies/oceanbox/kyverno/sync-archmaester-secrets.yaml diff --git a/policies/oceanbox/kyverno/sync-archmaester-secrets.yaml b/policies/oceanbox/kyverno/sync-archmaester-secrets.yaml deleted file mode 100644 index 2689a3d3..00000000 --- a/policies/oceanbox/kyverno/sync-archmaester-secrets.yaml +++ /dev/null @@ -1,46 +0,0 @@ -apiVersion: kyverno.io/v1 -kind: ClusterPolicy -metadata: - name: sync-prod-archmaester-replication-secrets -spec: - background: true - generateExisting: false - rules: - - name: sync-archmaester-ca - generate: - apiVersion: v1 - kind: Secret - name: prod-archmeister-ca - namespace: '{{ request.object.metadata.namespace }}' - synchronize: true - clone: - namespace: atlantis - name: prod-archmeister-ca - match: - any: - - resources: - kinds: - - Secret - names: - - prod-archmeister-ca - annotations: - kyverno/clone: "true" - - name: sync-archmaester-replication - generate: - apiVersion: v1 - kind: Secret - name: prod-archmeister-replication - namespace: '{{ request.object.metadata.namespace }}' - synchronize: true - clone: - namespace: atlantis - name: prod-archmeister-replication - match: - any: - - resources: - kinds: - - Secret - names: - - prod-archmeister-replication - annotations: - kyverno/clone: "true" diff --git a/policies/oceanbox/kyverno/sync-atlantis-secrets.yaml b/policies/oceanbox/kyverno/sync-atlantis-secrets.yaml index d826ec93..02cc15f6 100644 --- a/policies/oceanbox/kyverno/sync-atlantis-secrets.yaml +++ b/policies/oceanbox/kyverno/sync-atlantis-secrets.yaml @@ -128,3 +128,41 @@ spec: - resources: annotations: vcluster.loft.sh/controlled-by: secret/v1/GenericImport + - name: sync-atlantis-db-ca + generate: + apiVersion: v1 + kind: Secret + name: prod-atlantis-db-ca + namespace: '{{ request.object.metadata.namespace }}' + synchronize: true + clone: + namespace: prod-atlantis + name: prod-atlantis-db-ca + match: + any: + - resources: + kinds: + - Secret + names: + - prod-atlantis-db-ca + annotations: + kyverno/clone: "true" + - name: sync-atlantis-db-replication + generate: + apiVersion: v1 + kind: Secret + name: prod-atlantis-db-replication + namespace: '{{ request.object.metadata.namespace }}' + synchronize: true + clone: + namespace: prod-atlantis + name: prod-atlantis-db-replication + match: + any: + - resources: + kinds: + - Secret + names: + - prod-atlantis-db-replication + annotations: + kyverno/clone: "true" From 6976ea8d931c687ae5b578e86b0351c5485d9559 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Fri, 31 Jan 2025 13:25:45 +0100 Subject: [PATCH 15/15] fix: only sync atlantis db secrets if bootstrap is enabled --- charts/atlantis/templates/secrets.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/atlantis/templates/secrets.yaml b/charts/atlantis/templates/secrets.yaml index fe4d73e8..b4d61baf 100644 --- a/charts/atlantis/templates/secrets.yaml +++ b/charts/atlantis/templates/secrets.yaml @@ -11,6 +11,7 @@ data: username: password: {{- else }} +{{- if .Values.cluster.bootstrap.enabled }} apiVersion: v1 kind: Secret metadata: @@ -34,3 +35,4 @@ data: ca.crt: "" ca.key: "" {{- end }} +{{- end }}