diff --git a/applications/archmeister.yaml b/applications/archmeister.yaml index ee641587..477b12a6 100644 --- a/applications/archmeister.yaml +++ b/applications/archmeister.yaml @@ -43,4 +43,5 @@ spec: syncPolicy: automated: prune: {{ .prune }} + selfHeal: false {{- end }} diff --git a/applications/atlantis.yaml b/applications/atlantis.yaml index 24096319..d3e83336 100644 --- a/applications/atlantis.yaml +++ b/applications/atlantis.yaml @@ -46,4 +46,5 @@ spec: syncPolicy: automated: prune: {{ .prune }} + selfHeal: false {{- end }} diff --git a/applications/hipster.yaml b/applications/hipster.yaml index 9f3856de..1f8b8405 100644 --- a/applications/hipster.yaml +++ b/applications/hipster.yaml @@ -43,4 +43,5 @@ spec: syncPolicy: automated: prune: {{ .prune }} + selfHeal: false {{- end }} diff --git a/applications/jaeger.yaml b/applications/jaeger.yaml index a0d3580d..19962b37 100644 --- a/applications/jaeger.yaml +++ b/applications/jaeger.yaml @@ -10,7 +10,7 @@ spec: namespace: jaeger sources: - repoURL: https://jaegertracing.github.io/helm-charts - targetRevision: 2.50.1 + targetRevision: 2.54.0 chart: jaeger-operator helm: valueFiles: diff --git a/applications/petimeter.yaml b/applications/petimeter.yaml index 63169dc2..f899fcad 100644 --- a/applications/petimeter.yaml +++ b/applications/petimeter.yaml @@ -46,4 +46,5 @@ spec: syncPolicy: automated: prune: {{ .prune }} + selfHeal: false {{- end }} diff --git a/charts/atlantis/values-staging.yaml b/charts/atlantis/values-staging.yaml index df37c5f8..0cff0b11 100644 --- a/charts/atlantis/values-staging.yaml +++ b/charts/atlantis/values-staging.yaml @@ -1,5 +1,5 @@ image: - tag: 8f201d7e-debug + tag: 6f34cd5f-debug ingress: annotations: cert-manager.io/cluster-issuer: letsencrypt-production diff --git a/charts/hipster/chart/Chart.yaml b/charts/hipster/chart/Chart.yaml index 69e09f83..3bfa9b22 100644 --- a/charts/hipster/chart/Chart.yaml +++ b/charts/hipster/chart/Chart.yaml @@ -12,7 +12,7 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v2.6.0 +version: v2.6.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v2.6.0 +appVersion: v2.6.2 diff --git a/charts/hipster/chart/values.yaml b/charts/hipster/chart/values.yaml index a7ea9b85..488d1172 100644 --- a/charts/hipster/chart/values.yaml +++ b/charts/hipster/chart/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/hipster - tag: v2.6.0 + tag: v2.6.2 pullPolicy: IfNotPresent init: enabled: false diff --git a/charts/petimeter/chart/Chart.yaml b/charts/petimeter/chart/Chart.yaml index ef4e8e3a..7807b533 100644 --- a/charts/petimeter/chart/Chart.yaml +++ b/charts/petimeter/chart/Chart.yaml @@ -12,7 +12,7 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.9.0 +version: v1.9.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.9.0 +appVersion: v1.9.1 diff --git a/charts/petimeter/chart/values.yaml b/charts/petimeter/chart/values.yaml index 0ce4cd59..c388eb2f 100644 --- a/charts/petimeter/chart/values.yaml +++ b/charts/petimeter/chart/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/petimeter - tag: v1.9.0 + tag: v1.9.1 pullPolicy: IfNotPresent init: enabled: false diff --git a/charts/petimeter/values-staging.yaml b/charts/petimeter/values-staging.yaml index a366529e..031fa25a 100644 --- a/charts/petimeter/values-staging.yaml +++ b/charts/petimeter/values-staging.yaml @@ -1,5 +1,5 @@ image: - tag: c9cf94b1-debug + tag: b7dc2121-debug ingress: annotations: cert-manager.io/cluster-issuer: letsencrypt-staging diff --git a/charts/sorcerer/prod/archives-ceph-volume.yaml b/charts/sorcerer/prod/archives-ceph-volume.yaml new file mode 100644 index 00000000..5f7c32d9 --- /dev/null +++ b/charts/sorcerer/prod/archives-ceph-volume.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-prod-ceph-archives +spec: + accessModes: + - ReadWriteMany + capacity: + storage: 1Gi + csi: + driver: rook-ceph.cephfs.csi.ceph.com + nodeStageSecretRef: + name: rook-csi-cephfs-node + namespace: rook-ceph + volumeAttributes: + fsName: data + clusterID: rook-ceph + staticVolume: "true" + rootPath: /archives + volumeHandle: pv-prod-ceph-archives + persistentVolumeReclaimPolicy: Retain + volumeMode: Filesystem +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: prod-ceph-archives + namespace: sorcerer +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: "" + volumeMode: Filesystem + volumeName: pv-prod-ceph-archives diff --git a/charts/sorcerer/prod/kustomization.yaml b/charts/sorcerer/prod/kustomization.yaml index a1c3120f..09dac50a 100644 --- a/charts/sorcerer/prod/kustomization.yaml +++ b/charts/sorcerer/prod/kustomization.yaml @@ -14,6 +14,7 @@ patches: kind: Deployment path: deployment_patch.yaml resources: -- pv.yaml -- pvc.yaml +# - pv.yaml +# - pvc.yaml +- archives-ceph-volume.yaml - ../base diff --git a/charts/sorcerer/prod/pv.yaml b/charts/sorcerer/prod/pv.yaml index 31a9b37d..567bf786 100644 --- a/charts/sorcerer/prod/pv.yaml +++ b/charts/sorcerer/prod/pv.yaml @@ -1,41 +1,40 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv-prod-oceanbox-archives -spec: - accessModes: - - ReadWriteMany - capacity: - storage: 300T - mountOptions: - - vers=4.2 - - rdma - - soft - nfs: - path: /data/archives - server: 10.255.243.80 - persistentVolumeReclaimPolicy: Retain - volumeMode: Filesystem ---- # apiVersion: v1 # kind: PersistentVolume # metadata: -# name: pv-oceanbox-archives-local +# name: pv-prod-oceanbox-archives # spec: # accessModes: # - ReadWriteMany # capacity: # storage: 300T -# local: +# mountOptions: +# - vers=4.2 +# - rdma +# - soft +# nfs: # path: /data/archives +# server: 10.255.243.80 # persistentVolumeReclaimPolicy: Retain # volumeMode: Filesystem -# nodeAffinity: -# required: -# nodeSelectorTerms: -# - matchExpressions: -# - key: kubernetes.io/hostname -# operator: In -# values: -# - nfs0.cluster.local - +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-prod-backup-archives +spec: + accessModes: + - ReadWriteMany + capacity: + storage: 400T + local: + path: /backup/archives + persistentVolumeReclaimPolicy: Retain + volumeMode: Filesystem + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - fs2 diff --git a/charts/sorcerer/prod/pvc.yaml b/charts/sorcerer/prod/pvc.yaml index fb8e5f5b..e219d6d0 100644 --- a/charts/sorcerer/prod/pvc.yaml +++ b/charts/sorcerer/prod/pvc.yaml @@ -1,18 +1,32 @@ +# apiVersion: v1 +# kind: PersistentVolumeClaim +# metadata: +# name: prod-oceanbox-archives +# spec: +# accessModes: +# - ReadWriteMany +# resources: +# requests: +# storage: 300T +# storageClassName: "" +# volumeMode: Filesystem +# volumeName: pv-prod-oceanbox-archives +# status: +# accessModes: +# - ReadWriteMany +# capacity: +# storage: 300T +--- apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: prod-oceanbox-archives + name: prod-oceanbox-backup-archives spec: accessModes: - ReadWriteMany resources: requests: - storage: 300T + storage: 400T storageClassName: "" volumeMode: Filesystem - volumeName: pv-prod-oceanbox-archives -status: - accessModes: - - ReadWriteMany - capacity: - storage: 300T + volumeName: pv-prod-backup-archives diff --git a/charts/sorcerer/staging/archives-ceph-volume.yaml b/charts/sorcerer/staging/archives-ceph-volume.yaml new file mode 100644 index 00000000..160252dd --- /dev/null +++ b/charts/sorcerer/staging/archives-ceph-volume.yaml @@ -0,0 +1,37 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-staging-ceph-archives +spec: + accessModes: + - ReadWriteMany + capacity: + storage: 1Gi + csi: + driver: rook-ceph.cephfs.csi.ceph.com + nodeStageSecretRef: + name: rook-csi-cephfs-node + namespace: rook-ceph + volumeAttributes: + fsName: data + clusterID: rook-ceph + staticVolume: "true" + rootPath: /archives + volumeHandle: pv-staging-ceph-archives + persistentVolumeReclaimPolicy: Retain + volumeMode: Filesystem +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: staging-ceph-archives + namespace: sorcerer +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: "" + volumeMode: Filesystem + volumeName: pv-staging-ceph-archives diff --git a/charts/sorcerer/staging/kustomization.yaml b/charts/sorcerer/staging/kustomization.yaml index c5123134..229ce589 100644 --- a/charts/sorcerer/staging/kustomization.yaml +++ b/charts/sorcerer/staging/kustomization.yaml @@ -14,6 +14,7 @@ patches: kind: Deployment path: deployment_patch.yaml resources: -- pv.yaml -- pvc.yaml +# - pv.yaml +# - pvc.yaml +- archives-ceph-volume.yaml - ../base diff --git a/charts/sorcerer/staging/pv.yaml b/charts/sorcerer/staging/pv.yaml index ef455892..50aa6d10 100644 --- a/charts/sorcerer/staging/pv.yaml +++ b/charts/sorcerer/staging/pv.yaml @@ -1,41 +1,41 @@ -apiVersion: v1 -kind: PersistentVolume -metadata: - name: pv-staging-oceanbox-archives -spec: - accessModes: - - ReadWriteMany - capacity: - storage: 300T - mountOptions: - - vers=4.2 - - rdma - - soft - nfs: - path: /data/archives - server: 10.255.243.80 - persistentVolumeReclaimPolicy: Retain - volumeMode: Filesystem ---- # apiVersion: v1 # kind: PersistentVolume # metadata: -# name: pv-oceanbox-archives-local +# name: pv-staging-oceanbox-archives # spec: # accessModes: # - ReadWriteMany # capacity: # storage: 300T -# local: +# mountOptions: +# - vers=4.2 +# - rdma +# - soft +# nfs: # path: /data/archives +# server: 10.255.243.80 # persistentVolumeReclaimPolicy: Retain # volumeMode: Filesystem -# nodeAffinity: -# required: -# nodeSelectorTerms: -# - matchExpressions: -# - key: kubernetes.io/hostname -# operator: In -# values: -# - nfs0.cluster.local +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-staging-backup-archives +spec: + accessModes: + - ReadWriteMany + capacity: + storage: 400T + local: + path: /backup/archives + persistentVolumeReclaimPolicy: Retain + volumeMode: Filesystem + nodeAffinity: + required: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/hostname + operator: In + values: + - fs2 diff --git a/charts/sorcerer/staging/pvc.yaml b/charts/sorcerer/staging/pvc.yaml index 31940900..ccf4510d 100644 --- a/charts/sorcerer/staging/pvc.yaml +++ b/charts/sorcerer/staging/pvc.yaml @@ -1,18 +1,32 @@ +# apiVersion: v1 +# kind: PersistentVolumeClaim +# metadata: +# name: staging-oceanbox-archives +# spec: +# accessModes: +# - ReadWriteMany +# resources: +# requests: +# storage: 300T +# storageClassName: "" +# volumeMode: Filesystem +# volumeName: pv-staging-oceanbox-archives +# status: +# accessModes: +# - ReadWriteMany +# capacity: +# storage: 300T +# --- apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: staging-oceanbox-archives + name: staging-oceanbox-backup-archives spec: accessModes: - ReadWriteMany resources: requests: - storage: 300T + storage: 400T storageClassName: "" volumeMode: Filesystem - volumeName: pv-staging-oceanbox-archives -status: - accessModes: - - ReadWriteMany - capacity: - storage: 300T + volumeName: pv-staging-backup-archives diff --git a/charts/sorcerer/values-prod.yaml b/charts/sorcerer/values-prod.yaml index 6cce4970..158dc49c 100644 --- a/charts/sorcerer/values-prod.yaml +++ b/charts/sorcerer/values-prod.yaml @@ -13,10 +13,13 @@ ingress: persistence: enabled: true - existingClaim: prod-oceanbox-archives + existingClaim: prod-ceph-archives + # existingClaim: prod-oceanbox-archives nodeSelector: topology.kubernetes.io/group: srv + # kubernetes.io/hostname: fs2 + # node-role.kubernetes.io/worker: c1-1 tolerations: - key: workload diff --git a/charts/sorcerer/values-staging.yaml b/charts/sorcerer/values-staging.yaml index ee1b7e49..f7d396a3 100644 --- a/charts/sorcerer/values-staging.yaml +++ b/charts/sorcerer/values-staging.yaml @@ -14,9 +14,12 @@ ingress: - sorcerer.ekman.oceanbox.io secretName: staging-sorcerer-tls persistence: - existingClaim: staging-oceanbox-archives + existingClaim: staging-ceph-archives + # existingClaim: staging-oceanbox-backup-archives nodeSelector: topology.kubernetes.io/group: srv + # kubernetes.io/hostname: fs2 + # node-role.kubernetes.io/worker: c1-1 tolerations: - key: workload operator: Equal diff --git a/oceanbox/Petimeter/production.yaml b/oceanbox/Petimeter/production.yaml new file mode 100644 index 00000000..5b3b1380 --- /dev/null +++ b/oceanbox/Petimeter/production.yaml @@ -0,0 +1,145 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: production + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: petimeter + app.kubernetes.io/version: 1.10.0 + helm.sh/chart: petimeter-0.2.0 + name: production-petimeter + namespace: oceanbox +--- +apiVersion: v1 +data: + appsettings.json: | + ewogICAgIm9pZGMiOiB7CiAgICAgICAgImlzc3VlciI6ICJodHRwczovL2lkcC5vY2Vhbm + JveC5pby9kZXgiLAogICAgICAgICJhdXRob3JpemF0aW9uX2VuZHBvaW50IjogImh0dHBz + Oi8vaWRwLm9jZWFuYm94LmlvL2RleC9hdXRoIiwKICAgICAgICAidG9rZW5fZW5kcG9pbn + QiOiAiaHR0cHM6Ly9pZHAub2NlYW5ib3guaW8vZGV4L3Rva2VuIiwKICAgICAgICAiandr + c191cmkiOiAiaHR0cHM6Ly9pZHAub2NlYW5ib3guaW8vZGV4L2tleXMiLAogICAgICAgIC + J1c2VyaW5mb19lbmRwb2ludCI6ICJodHRwczovL2lkcC5vY2VhbmJveC5pby9kZXgvdXNl + cmluZm8iLAogICAgICAgICJkZXZpY2VfYXV0aG9yaXphdGlvbl9lbmRwb2ludCI6ICJodH + RwczovL2lkcC5vY2VhbmJveC5pby9kZXgvZGV2aWNlL2NvZGUiLAogICAgICAgICJjbGll + bnRJZCI6ICJwZXRpbWV0ZXIiLAogICAgICAgICJjbGllbnRTZWNyZXQiOiAia2tyS28zbW + 1tc2VNbm9yZjlxdzNla2xlZmtvT0tGTnMiLAogICAgICAgICJzY29wZXMiOiBbCiAgICAg + ICAgICAgICJvcGVuaWQiLAogICAgICAgICAgICAiZW1haWwiLAogICAgICAgICAgICAib2 + ZmbGluZV9hY2Nlc3MiLAogICAgICAgICAgICAicHJvZmlsZSIKICAgICAgICBdCiAgICB9 + LAogICAgInNzbyI6IHsKICAgICAgICAiY29va2llRG9tYWluIjogIi5vY2VhbmJveC5pby + IsCiAgICAgICAgInNpZ25lZE91dFJlZGlyZWN0VXJpIjogImh0dHBzOi8vaWRwLm9jZWFu + Ym94LmlvL2RleC9zdGF0aWMvbG9nb3V0Lmh0bWwiLAogICAgICAgICJyZWRpcyI6ICJyZW + Rpcy1tYXN0ZXIsdXNlcj1kZWZhdWx0LHBhc3N3b3JkPXltTDRkbE9CdlUiLAogICAgICAg + ICJhcHBEb21haW4iOiAiYXRsYW50aXMiLAogICAgICAgICJkYXRhUHJvdGVjdGlvbktleX + MiOiAiRGF0YVByb3RlY3Rpb24tS2V5cyIKICAgIH0sCiAgICAiYWxsb3dlZE9yaWdpbnMi + OiBbCiAgICAgICAgImh0dHBzOi8vYXRsYW50aXMuc3ZjLm9jZWFuYm94LmlvIgogICAgXS + wKICAgICJsb2dTZXJ2aWNlIiA6ICJodHRwczovL3NlcS5vY2VhbmJveC5pbyIsCiAgICAi + bG9nQXBpS2V5IjogIldtWnBsRGVGb3hJSHBKUTVCaURrIiwKICAgICJkZXBsb3lLZXkiOi + AicHJvZCIKfQ== +kind: Secret +metadata: + name: production-petimeter-appsettings + namespace: oceanbox +type: Opaque +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: production + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: petimeter + app.kubernetes.io/version: 1.10.0 + helm.sh/chart: petimeter-0.2.0 + name: production-petimeter + namespace: oceanbox +spec: + ports: + - name: http + port: 8085 + protocol: TCP + targetPort: http + selector: + app.kubernetes.io/instance: production + app.kubernetes.io/name: petimeter + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/instance: production + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: petimeter + app.kubernetes.io/version: 1.10.0 + helm.sh/chart: petimeter-0.2.0 + name: production-petimeter + namespace: oceanbox +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/instance: production + app.kubernetes.io/name: petimeter + template: + metadata: + annotations: + dapr.io/app-id: production-petimeter + dapr.io/app-port: "8000" + dapr.io/config: tracing + dapr.io/enabled: "true" + labels: + app.kubernetes.io/instance: production + app.kubernetes.io/name: petimeter + spec: + containers: + - env: + - name: LOG_LEVEL + value: "4" + image: registry.gitlab.com/oceanbox/petimeter:v1.9.0 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: http + name: petimeter + ports: + - containerPort: 8085 + name: http + protocol: TCP + readinessProbe: + httpGet: + path: /healthz + port: http + resources: {} + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /data + name: data + - mountPath: /app/appsettings.json + name: appsettings + readOnly: true + subPath: appsettings.json + - mountPath: /app/acl.json + name: acl + readOnly: true + subPath: acl.json + imagePullSecrets: + - name: gitlab-pull-secret + securityContext: + fsGroup: 2000 + serviceAccountName: production-petimeter + volumes: + - emptyDir: {} + name: data + - name: appsettings + secret: + secretName: production-petimeter-appsettings + - configMap: + name: petimeter-acl + name: acl