Merge branch 'main' of gitlab.com:oceanbox/manifests

2025-06-19 14:28:35 +02:00
parent e110ea37eb f864e6924d
commit 75a8765e05
23 changed files with 804 additions and 1 deletions
@@ -0,0 +1,165 @@
+clusterConfig:
+  manifests: https://gitlab.com/oceanbox/manifests.git
+  cilium:
+    enabled: false
+  env: "prod"
+  distro: "nixos"
+  domain: "ekman.oceanbox.io"
+  initca: "/var/lib/kubernetes/secrets"
+  apiserver: "frontend"
+  apiserverip: "10.255.241.99"
+  etcd_nodes: [ "10.255.241.80, 10.255.241.90, 10.255.241.99" ]
+  k8s_nodes: [ "10.255.241.80, 10.255.241.90, 10.255.241.99, 10.255.241.100, 10.255.241.101, 10.255.241.102, 10.255.241.103, 10.255.241.104, 10.255.241.105, 10.255.241.106, 10.255.241.107, 10.255.241.108, 10.255.241.109, 10.255.241.110, 10.255.241.111, 10.255.241.112, 10.255.241.113, 10.255.241.114, 10.255.241.116, 10.255.241.121, 10.255.241.122, 10.255.241.123, 10.255.241.124, 10.255.241.125, 10.255.241.126, 10.255.241.127, 10.255.241.128" ]
+  cluster: "ekman"
+  ingress_nodes: ["ekman ,frontend" ]
+  ingress_replica_count: 2
+  fileserver: "10.255.241.90"
+  acme_email: "acme@oceanbox.io"
+  oidc:
+  - name: oceanbox
+    provider: azuread
+    tenant: "3f737008-e9a0-4485-9d27-40329d288089"
+    secret_ref:
+      name: oceanbox-oidc
+    group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479"
+  nodes:
+    - name: frontend
+      taints: []
+      labels:
+        - "node-role.kubernetes.io=control-plane"
+    - name: ekman
+      taints: []
+      labels:
+        - "node-role.kubernetes.io=control-plane"
+    - name: nfs1
+      taints:
+        - "workload=data:NoSchedule"
+      labels:
+        - "node-role.kubernetes.io=control-plane"
+        - "nfs=data"
+    - name: fs2
+      taints:
+        - "workload=data:NoSchedule"
+      labels:
+        - "node-role.kubernetes.io=control-plane"
+        - "nfs=data"
+    - name: c0-1
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c0-2
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c0-3
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c0-4
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c0-5
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c0-6
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c0-7
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c0-8
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c0-9
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c0-10
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c0-11
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c0-12
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c0-13
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c0-14
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c0-15
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c0-16
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c1-1
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c1-2
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c1-3
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c1-4
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c1-5
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c1-6
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c1-7
+      taints:
+        - "workload=compute:NoSchedule"
+    - name: c1-8
+      taints:
+        - "workload=compute:NoSchedule"
+# TODO(mrtz): Move to values/*/helmfile.yaml 
+# argocd:
+#   adminLogin: false
+#   additional_rbac_settings:
+#     - g, "eb17a659-4ce6-41bc-9153-d9b117c44479", role:org-admin
+# linkerd:
+#   trustAnchorPEM: |
+#     -----BEGIN CERTIFICATE-----
+#     MIIBtDCCAVqgAwIBAgIQRlhbOLj9zw+QTGHqbOBaozAKBggqhkjOPQQDAjAlMSMw
+#     IQYDVQQDExpyb290LmxpbmtlcmQuY2x1c3Rlci5sb2NhbDAeFw0yMTA0MDkxNDAy
+#     NTFaFw0zMTA0MDcxNDAyNTFaMCUxIzAhBgNVBAMTGnJvb3QubGlua2VyZC5jbHVz
+#     dGVyLmxvY2FsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEljOLtSPSi6XIEdFP
+#     VCGa4BKoQ0X5dBSZvHRLt/IzHRzAbIVIjgjvyRQc7EQlRKvZ8P9um/WG1ypyyA2l
+#     C9MWz6NsMGowDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYD
+#     VR0OBBYEFHz4UuVKCNX8/hsZCcdTlmWnSCGXMCUGA1UdEQQeMByCGnJvb3QubGlu
+#     a2VyZC5jbHVzdGVyLmxvY2FsMAoGCCqGSM49BAMCA0gAMEUCIGAiz3yNhboVdze1
+#     sNFcFL2GF5WwW9z53u03UkPkiuBTAiEA4ZHWZJVGV5VAQArL5v32HeH/IjC1ssGl
+#     7Y8D0rQqkis=
+#     -----END CERTIFICATE-----
+#   webhookPEM: |
+#     -----BEGIN CERTIFICATE-----
+#     MIIBlDCCATqgAwIBAgIRAP9aY0pRwkDnXqi3FwKmfZowCgYIKoZIzj0EAwIwKDEm
+#     MCQGA1UEAxMdd2ViaG9vay5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMjIxMDI3
+#     MDUxNTE0WhcNMjQxMDI1MDkxNTE0WjAoMSYwJAYDVQQDEx13ZWJob29rLmxpbmtl
+#     cmQuY2x1c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABIGSt6Th
+#     62wgjM5dRbZLa9YwPQAm/T2QnTzzrAUm+GeqvKfBhpPMGX6+91/x20X0uV26LvKz
+#     YV1wVMs7tuPZioijRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/
+#     AgEBMB0GA1UdDgQWBBQWV6+eqRWOPyLWz9s0HT96MOr01zAKBggqhkjOPQQDAgNI
+#     ADBFAiBTBFuIJUBEI5T2unrnFhM+Bj0rZFfuxQqEwD6+z2YRzwIhAOINkH5u7Z8M
+#     zIVl06Biq2N+MO4TJ+CSS1C1w/22CDru
+#     -----END CERTIFICATE-----
+#   multicluster:
+#     enabled: false
+# prometheus:
+#   version: 39.6.0
+#   snitchUrl: "https://nosnch.in/bceb803932"
+# nfs_provisioner:
+#   version: 4.0.17
+# cert_manager:
+#   version: 1.9.1
+# gitlab_runner:
+#   enabled: false
+# velero:
+#   enabled: false
+# kyverno:
+#   enabled: true
+# nginx:
+#   version: 4.12.1
@@ -0,0 +1,38 @@
+{{ if .Values.clusterConfig.argo.enabled }}
+{{- range .Values.plume.envs }}
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: {{ . }}-plume
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: {{ . }}-plume
+    server: https://10.255.241.99:4443
+  project: plume
+  sources:
+  - repoURL: https://gitlab.com/oceanbox/manifests.git
+    targetRevision: HEAD
+    path: helmfile.d
+    plugin:
+      name: helmfile-cmp
+      env:
+      - name: CLUSTER_NAME
+        value: {{ $.Values.clusterConfig.cluster }}
+      - name: HELMFILE_ENVIRONMENT
+        value: {{ . }}
+      - name: HELMFILE_FILE_PATH
+        value: plume.yaml.gotmpl
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+    # automated:
+    #   prune: true
+    #   selfHeal: false
+{{- end }}
+{{- end }}
@@ -0,0 +1,4 @@
+plume:
+  enabled: true
+  envs:
+  - staging
@@ -0,0 +1,4 @@
+plume:
+  enabled: true
+  envs:
+  - staging
@@ -0,0 +1,3 @@
+plume:
+  enabled: false
+  autosync: true
@@ -1,5 +1,6 @@
 prometheus:
  snitchUrl: "https://nosnch.in/136c1b564f"
+  oncallUrl: "https://oncall-prod-eu-west-0.grafana.net/oncall/integrations/v1/alertmanager/Tl7qW8KNUTkaYaRzW63kOgDG6/" 
  pagerdutyRoutingKey: a5cff1fc46414d0bc02851e4af159ee7
  certRenewCronEnabled: false
  fullname: prom