Merge branch 'main' of gitlab.com:oceanbox/manifests

applications/archmeister.yaml

@@ -43,4 +43,5 @@ spec:
       syncPolicy:
         automated:
           prune: {{ .prune }}
+          selfHeal: false
     {{- end }}

applications/atlantis.yaml

@@ -46,4 +46,5 @@ spec:
       syncPolicy:
         automated:
           prune: {{ .prune }}
+          selfHeal: false
     {{- end }}

applications/hipster.yaml

@@ -43,4 +43,5 @@ spec:
       syncPolicy:
         automated:
           prune: {{ .prune }}
+          selfHeal: false
     {{- end }}

applications/jaeger.yaml

@@ -10,7 +10,7 @@ spec:
     namespace: jaeger
   sources:
   - repoURL: https://jaegertracing.github.io/helm-charts
-    targetRevision: 2.50.1
+    targetRevision: 2.54.0
     chart: jaeger-operator
     helm:
       valueFiles:

applications/petimeter.yaml

@@ -46,4 +46,5 @@ spec:
       syncPolicy:
         automated:
           prune: {{ .prune }}
+          selfHeal: false
     {{- end }}

charts/atlantis/values-staging.yaml

@@ -1,5 +1,5 @@
 image:
-  tag: 8f201d7e-debug
+  tag: 6f34cd5f-debug
 ingress:
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-production

charts/hipster/chart/Chart.yaml

@@ -12,7 +12,7 @@ description: A Helm chart for Kubernetes
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: v2.6.0
+version: v2.6.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: v2.6.0
+appVersion: v2.6.2

charts/hipster/chart/values.yaml

@@ -5,7 +5,7 @@
 replicaCount: 1
 image:
   repository: registry.gitlab.com/oceanbox/hipster
-  tag: v2.6.0
+  tag: v2.6.2
   pullPolicy: IfNotPresent
 init:
   enabled: false

charts/petimeter/chart/Chart.yaml

@@ -12,7 +12,7 @@ description: A Helm chart for Kubernetes
 type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: v1.9.0
+version: v1.9.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
-appVersion: v1.9.0
+appVersion: v1.9.1

charts/petimeter/chart/values.yaml

@@ -5,7 +5,7 @@
 replicaCount: 1
 image:
   repository: registry.gitlab.com/oceanbox/petimeter
-  tag: v1.9.0
+  tag: v1.9.1
   pullPolicy: IfNotPresent
 init:
   enabled: false

charts/petimeter/values-staging.yaml

@@ -1,5 +1,5 @@
 image:
-  tag: c9cf94b1-debug
+  tag: b7dc2121-debug
 ingress:
   annotations:
     cert-manager.io/cluster-issuer: letsencrypt-staging

charts/sorcerer/prod/archives-ceph-volume.yaml

@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv-prod-ceph-archives
+spec:
+  accessModes:
+  - ReadWriteMany
+  capacity:
+    storage: 1Gi
+  csi:
+    driver: rook-ceph.cephfs.csi.ceph.com
+    nodeStageSecretRef:
+      name: rook-csi-cephfs-node
+      namespace: rook-ceph
+    volumeAttributes:
+      fsName: data
+      clusterID: rook-ceph
+      staticVolume: "true"
+      rootPath: /archives
+    volumeHandle: pv-prod-ceph-archives
+  persistentVolumeReclaimPolicy: Retain
+  volumeMode: Filesystem
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: prod-ceph-archives
+  namespace: sorcerer
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: ""
+  volumeMode: Filesystem
+  volumeName: pv-prod-ceph-archives

charts/sorcerer/prod/kustomization.yaml

@@ -14,6 +14,7 @@ patches:
     kind: Deployment
   path: deployment_patch.yaml
 resources:
-- pv.yaml
-- pvc.yaml
+# - pv.yaml
+# - pvc.yaml
+- archives-ceph-volume.yaml
 - ../base

charts/sorcerer/prod/pv.yaml

@@ -1,41 +1,40 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: pv-prod-oceanbox-archives
-spec:
-  accessModes:
-  - ReadWriteMany
-  capacity:
-    storage: 300T
-  mountOptions:
-  - vers=4.2
-  - rdma
-  - soft
-  nfs:
-    path: /data/archives
-    server: 10.255.243.80
-  persistentVolumeReclaimPolicy: Retain
-  volumeMode: Filesystem
----
 # apiVersion: v1
 # kind: PersistentVolume
 # metadata:
-#   name: pv-oceanbox-archives-local
+#   name: pv-prod-oceanbox-archives
 # spec:
 #   accessModes:
 #   - ReadWriteMany
 #   capacity:
 #     storage: 300T
-#   local:
+#   mountOptions:
+#   - vers=4.2
+#   - rdma
+#   - soft
+#   nfs:
 #     path: /data/archives
+#     server: 10.255.243.80
 #   persistentVolumeReclaimPolicy: Retain
 #   volumeMode: Filesystem
-#   nodeAffinity:
-#     required:
-#       nodeSelectorTerms:
-#       - matchExpressions:
-#         - key: kubernetes.io/hostname
-#           operator: In
-#           values:
-#           - nfs0.cluster.local
-
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv-prod-backup-archives
+spec:
+  accessModes:
+  - ReadWriteMany
+  capacity:
+    storage: 400T
+  local:
+    path: /backup/archives
+  persistentVolumeReclaimPolicy: Retain
+  volumeMode: Filesystem
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: kubernetes.io/hostname
+          operator: In
+          values:
+          - fs2

charts/sorcerer/prod/pvc.yaml

@@ -1,18 +1,32 @@
+# apiVersion: v1
+# kind: PersistentVolumeClaim
+# metadata:
+#   name: prod-oceanbox-archives
+# spec:
+#   accessModes:
+#   - ReadWriteMany
+#   resources:
+#     requests:
+#       storage: 300T
+#   storageClassName: ""
+#   volumeMode: Filesystem
+#   volumeName: pv-prod-oceanbox-archives
+# status:
+#   accessModes:
+#   - ReadWriteMany
+#   capacity:
+#     storage: 300T
+---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: prod-oceanbox-archives
+  name: prod-oceanbox-backup-archives
 spec:
   accessModes:
   - ReadWriteMany
   resources:
     requests:
-      storage: 300T
+      storage: 400T
   storageClassName: ""
   volumeMode: Filesystem
-  volumeName: pv-prod-oceanbox-archives
-status:
-  accessModes:
-  - ReadWriteMany
-  capacity:
-    storage: 300T
+  volumeName: pv-prod-backup-archives

charts/sorcerer/staging/archives-ceph-volume.yaml

@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv-staging-ceph-archives
+spec:
+  accessModes:
+  - ReadWriteMany
+  capacity:
+    storage: 1Gi
+  csi:
+    driver: rook-ceph.cephfs.csi.ceph.com
+    nodeStageSecretRef:
+      name: rook-csi-cephfs-node
+      namespace: rook-ceph
+    volumeAttributes:
+      fsName: data
+      clusterID: rook-ceph
+      staticVolume: "true"
+      rootPath: /archives
+    volumeHandle: pv-staging-ceph-archives
+  persistentVolumeReclaimPolicy: Retain
+  volumeMode: Filesystem
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: staging-ceph-archives
+  namespace: sorcerer
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: ""
+  volumeMode: Filesystem
+  volumeName: pv-staging-ceph-archives

charts/sorcerer/staging/kustomization.yaml

@@ -14,6 +14,7 @@ patches:
     kind: Deployment
   path: deployment_patch.yaml
 resources:
-- pv.yaml
-- pvc.yaml
+# - pv.yaml
+# - pvc.yaml
+- archives-ceph-volume.yaml
 - ../base

charts/sorcerer/staging/pv.yaml

@@ -1,41 +1,41 @@
-apiVersion: v1
-kind: PersistentVolume
-metadata:
-  name: pv-staging-oceanbox-archives
-spec:
-  accessModes:
-  - ReadWriteMany
-  capacity:
-    storage: 300T
-  mountOptions:
-  - vers=4.2
-  - rdma
-  - soft
-  nfs:
-    path: /data/archives
-    server: 10.255.243.80
-  persistentVolumeReclaimPolicy: Retain
-  volumeMode: Filesystem
----
 # apiVersion: v1
 # kind: PersistentVolume
 # metadata:
-#   name: pv-oceanbox-archives-local
+#   name: pv-staging-oceanbox-archives
 # spec:
 #   accessModes:
 #   - ReadWriteMany
 #   capacity:
 #     storage: 300T
-#   local:
+#   mountOptions:
+#   - vers=4.2
+#   - rdma
+#   - soft
+#   nfs:
 #     path: /data/archives
+#     server: 10.255.243.80
 #   persistentVolumeReclaimPolicy: Retain
 #   volumeMode: Filesystem
-#   nodeAffinity:
-#     required:
-#       nodeSelectorTerms:
-#       - matchExpressions:
-#         - key: kubernetes.io/hostname
-#           operator: In
-#           values:
-#           - nfs0.cluster.local
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv-staging-backup-archives
+spec:
+  accessModes:
+  - ReadWriteMany
+  capacity:
+    storage: 400T
+  local:
+    path: /backup/archives
+  persistentVolumeReclaimPolicy: Retain
+  volumeMode: Filesystem
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: kubernetes.io/hostname
+          operator: In
+          values:
+          - fs2
 

charts/sorcerer/staging/pvc.yaml

@@ -1,18 +1,32 @@
+# apiVersion: v1
+# kind: PersistentVolumeClaim
+# metadata:
+#   name: staging-oceanbox-archives
+# spec:
+#   accessModes:
+#   - ReadWriteMany
+#   resources:
+#     requests:
+#       storage: 300T
+#   storageClassName: ""
+#   volumeMode: Filesystem
+#   volumeName: pv-staging-oceanbox-archives
+# status:
+#   accessModes:
+#   - ReadWriteMany
+#   capacity:
+#     storage: 300T
+# ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: staging-oceanbox-archives
+  name: staging-oceanbox-backup-archives
 spec:
   accessModes:
   - ReadWriteMany
   resources:
     requests:
-      storage: 300T
+      storage: 400T
   storageClassName: ""
   volumeMode: Filesystem
-  volumeName: pv-staging-oceanbox-archives
-status:
-  accessModes:
-  - ReadWriteMany
-  capacity:
-    storage: 300T
+  volumeName: pv-staging-backup-archives

charts/sorcerer/values-prod.yaml

@@ -13,10 +13,13 @@ ingress:
 
 persistence:
   enabled: true
-  existingClaim: prod-oceanbox-archives
+  existingClaim: prod-ceph-archives
+  # existingClaim: prod-oceanbox-archives
 
 nodeSelector:
   topology.kubernetes.io/group: srv
+  # kubernetes.io/hostname: fs2
+  # node-role.kubernetes.io/worker: c1-1
 
 tolerations:
   - key: workload

charts/sorcerer/values-staging.yaml

@@ -14,9 +14,12 @@ ingress:
         - sorcerer.ekman.oceanbox.io
       secretName: staging-sorcerer-tls
 persistence:
-  existingClaim: staging-oceanbox-archives
+  existingClaim: staging-ceph-archives
+  # existingClaim: staging-oceanbox-backup-archives
 nodeSelector:
   topology.kubernetes.io/group: srv
+  # kubernetes.io/hostname: fs2
+  # node-role.kubernetes.io/worker: c1-1
 tolerations:
   - key: workload
     operator: Equal

oceanbox/Petimeter/production.yaml

@@ -0,0 +1,145 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/instance: production
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: petimeter
+    app.kubernetes.io/version: 1.10.0
+    helm.sh/chart: petimeter-0.2.0
+  name: production-petimeter
+  namespace: oceanbox
+---
+apiVersion: v1
+data:
+  appsettings.json: |
+    ewogICAgIm9pZGMiOiB7CiAgICAgICAgImlzc3VlciI6ICJodHRwczovL2lkcC5vY2Vhbm
+    JveC5pby9kZXgiLAogICAgICAgICJhdXRob3JpemF0aW9uX2VuZHBvaW50IjogImh0dHBz
+    Oi8vaWRwLm9jZWFuYm94LmlvL2RleC9hdXRoIiwKICAgICAgICAidG9rZW5fZW5kcG9pbn
+    QiOiAiaHR0cHM6Ly9pZHAub2NlYW5ib3guaW8vZGV4L3Rva2VuIiwKICAgICAgICAiandr
+    c191cmkiOiAiaHR0cHM6Ly9pZHAub2NlYW5ib3guaW8vZGV4L2tleXMiLAogICAgICAgIC
+    J1c2VyaW5mb19lbmRwb2ludCI6ICJodHRwczovL2lkcC5vY2VhbmJveC5pby9kZXgvdXNl
+    cmluZm8iLAogICAgICAgICJkZXZpY2VfYXV0aG9yaXphdGlvbl9lbmRwb2ludCI6ICJodH
+    RwczovL2lkcC5vY2VhbmJveC5pby9kZXgvZGV2aWNlL2NvZGUiLAogICAgICAgICJjbGll
+    bnRJZCI6ICJwZXRpbWV0ZXIiLAogICAgICAgICJjbGllbnRTZWNyZXQiOiAia2tyS28zbW
+    1tc2VNbm9yZjlxdzNla2xlZmtvT0tGTnMiLAogICAgICAgICJzY29wZXMiOiBbCiAgICAg
+    ICAgICAgICJvcGVuaWQiLAogICAgICAgICAgICAiZW1haWwiLAogICAgICAgICAgICAib2
+    ZmbGluZV9hY2Nlc3MiLAogICAgICAgICAgICAicHJvZmlsZSIKICAgICAgICBdCiAgICB9
+    LAogICAgInNzbyI6IHsKICAgICAgICAiY29va2llRG9tYWluIjogIi5vY2VhbmJveC5pby
+    IsCiAgICAgICAgInNpZ25lZE91dFJlZGlyZWN0VXJpIjogImh0dHBzOi8vaWRwLm9jZWFu
+    Ym94LmlvL2RleC9zdGF0aWMvbG9nb3V0Lmh0bWwiLAogICAgICAgICJyZWRpcyI6ICJyZW
+    Rpcy1tYXN0ZXIsdXNlcj1kZWZhdWx0LHBhc3N3b3JkPXltTDRkbE9CdlUiLAogICAgICAg
+    ICJhcHBEb21haW4iOiAiYXRsYW50aXMiLAogICAgICAgICJkYXRhUHJvdGVjdGlvbktleX
+    MiOiAiRGF0YVByb3RlY3Rpb24tS2V5cyIKICAgIH0sCiAgICAiYWxsb3dlZE9yaWdpbnMi
+    OiBbCiAgICAgICAgImh0dHBzOi8vYXRsYW50aXMuc3ZjLm9jZWFuYm94LmlvIgogICAgXS
+    wKICAgICJsb2dTZXJ2aWNlIiA6ICJodHRwczovL3NlcS5vY2VhbmJveC5pbyIsCiAgICAi
+    bG9nQXBpS2V5IjogIldtWnBsRGVGb3hJSHBKUTVCaURrIiwKICAgICJkZXBsb3lLZXkiOi
+    AicHJvZCIKfQ==
+kind: Secret
+metadata:
+  name: production-petimeter-appsettings
+  namespace: oceanbox
+type: Opaque
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/instance: production
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: petimeter
+    app.kubernetes.io/version: 1.10.0
+    helm.sh/chart: petimeter-0.2.0
+  name: production-petimeter
+  namespace: oceanbox
+spec:
+  ports:
+  - name: http
+    port: 8085
+    protocol: TCP
+    targetPort: http
+  selector:
+    app.kubernetes.io/instance: production
+    app.kubernetes.io/name: petimeter
+  type: ClusterIP
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/instance: production
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/name: petimeter
+    app.kubernetes.io/version: 1.10.0
+    helm.sh/chart: petimeter-0.2.0
+  name: production-petimeter
+  namespace: oceanbox
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/instance: production
+      app.kubernetes.io/name: petimeter
+  template:
+    metadata:
+      annotations:
+        dapr.io/app-id: production-petimeter
+        dapr.io/app-port: "8000"
+        dapr.io/config: tracing
+        dapr.io/enabled: "true"
+      labels:
+        app.kubernetes.io/instance: production
+        app.kubernetes.io/name: petimeter
+    spec:
+      containers:
+      - env:
+        - name: LOG_LEVEL
+          value: "4"
+        image: registry.gitlab.com/oceanbox/petimeter:v1.9.0
+        imagePullPolicy: IfNotPresent
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: http
+        name: petimeter
+        ports:
+        - containerPort: 8085
+          name: http
+          protocol: TCP
+        readinessProbe:
+          httpGet:
+            path: /healthz
+            port: http
+        resources: {}
+        securityContext:
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: false
+          runAsNonRoot: true
+          runAsUser: 1000
+        volumeMounts:
+        - mountPath: /data
+          name: data
+        - mountPath: /app/appsettings.json
+          name: appsettings
+          readOnly: true
+          subPath: appsettings.json
+        - mountPath: /app/acl.json
+          name: acl
+          readOnly: true
+          subPath: acl.json
+      imagePullSecrets:
+      - name: gitlab-pull-secret
+      securityContext:
+        fsGroup: 2000
+      serviceAccountName: production-petimeter
+      volumes:
+      - emptyDir: {}
+        name: data
+      - name: appsettings
+        secret:
+          secretName: production-petimeter-appsettings
+      - configMap:
+          name: petimeter-acl
+        name: acl