diff --git a/values/attic/archmeister/base/deployment_patch.yaml b/attic/values/archmeister/base/deployment_patch.yaml similarity index 100% rename from values/attic/archmeister/base/deployment_patch.yaml rename to attic/values/archmeister/base/deployment_patch.yaml diff --git a/values/attic/archmeister/base/kustomization.yaml b/attic/values/archmeister/base/kustomization.yaml similarity index 100% rename from values/attic/archmeister/base/kustomization.yaml rename to attic/values/archmeister/base/kustomization.yaml diff --git a/values/attic/archmeister/chart b/attic/values/archmeister/chart similarity index 100% rename from values/attic/archmeister/chart rename to attic/values/archmeister/chart diff --git a/values/attic/archmeister/prod/appsettings.json b/attic/values/archmeister/prod/appsettings.json similarity index 100% rename from values/attic/archmeister/prod/appsettings.json rename to attic/values/archmeister/prod/appsettings.json diff --git a/values/attic/archmeister/prod/default.env b/attic/values/archmeister/prod/default.env similarity index 100% rename from values/attic/archmeister/prod/default.env rename to attic/values/archmeister/prod/default.env diff --git a/values/attic/archmeister/prod/deployment_patch.yaml b/attic/values/archmeister/prod/deployment_patch.yaml similarity index 100% rename from values/attic/archmeister/prod/deployment_patch.yaml rename to attic/values/archmeister/prod/deployment_patch.yaml diff --git a/values/attic/archmeister/prod/ingress_patch.yaml b/attic/values/archmeister/prod/ingress_patch.yaml similarity index 100% rename from values/attic/archmeister/prod/ingress_patch.yaml rename to attic/values/archmeister/prod/ingress_patch.yaml diff --git a/values/attic/archmeister/prod/kustomization.yaml b/attic/values/archmeister/prod/kustomization.yaml similarity index 100% rename from values/attic/archmeister/prod/kustomization.yaml rename to attic/values/archmeister/prod/kustomization.yaml diff --git a/values/attic/archmeister/staging/appsettings.json b/attic/values/archmeister/staging/appsettings.json similarity index 100% rename from values/attic/archmeister/staging/appsettings.json rename to attic/values/archmeister/staging/appsettings.json diff --git a/values/attic/archmeister/staging/default.env b/attic/values/archmeister/staging/default.env similarity index 100% rename from values/attic/archmeister/staging/default.env rename to attic/values/archmeister/staging/default.env diff --git a/values/attic/archmeister/staging/deployment_patch.yaml b/attic/values/archmeister/staging/deployment_patch.yaml similarity index 100% rename from values/attic/archmeister/staging/deployment_patch.yaml rename to attic/values/archmeister/staging/deployment_patch.yaml diff --git a/values/attic/archmeister/staging/ingress_patch.yaml b/attic/values/archmeister/staging/ingress_patch.yaml similarity index 100% rename from values/attic/archmeister/staging/ingress_patch.yaml rename to attic/values/archmeister/staging/ingress_patch.yaml diff --git a/values/attic/archmeister/staging/kustomization.yaml b/attic/values/archmeister/staging/kustomization.yaml similarity index 100% rename from values/attic/archmeister/staging/kustomization.yaml rename to attic/values/archmeister/staging/kustomization.yaml diff --git a/values/attic/archmeister/values-prod.yaml b/attic/values/archmeister/values-prod.yaml similarity index 100% rename from values/attic/archmeister/values-prod.yaml rename to attic/values/archmeister/values-prod.yaml diff --git a/values/attic/archmeister/values-staging.yaml b/attic/values/archmeister/values-staging.yaml similarity index 100% rename from values/attic/archmeister/values-staging.yaml rename to attic/values/archmeister/values-staging.yaml diff --git a/values/attic/cerbos/manifests/cerbos-gitlab-token.yaml b/attic/values/cerbos/manifests/cerbos-gitlab-token.yaml similarity index 100% rename from values/attic/cerbos/manifests/cerbos-gitlab-token.yaml rename to attic/values/cerbos/manifests/cerbos-gitlab-token.yaml diff --git a/values/attic/cerbos/values-prod.yaml b/attic/values/cerbos/values-prod.yaml similarity index 100% rename from values/attic/cerbos/values-prod.yaml rename to attic/values/cerbos/values-prod.yaml diff --git a/values/attic/cerbos/values-staging.yaml b/attic/values/cerbos/values-staging.yaml similarity index 100% rename from values/attic/cerbos/values-staging.yaml rename to attic/values/cerbos/values-staging.yaml diff --git a/values/attic/cerbos/values.yaml b/attic/values/cerbos/values.yaml similarity index 100% rename from values/attic/cerbos/values.yaml rename to attic/values/cerbos/values.yaml diff --git a/values/attic/dex/resources/dex-volumes.yaml b/attic/values/dex/resources/dex-volumes.yaml similarity index 100% rename from values/attic/dex/resources/dex-volumes.yaml rename to attic/values/dex/resources/dex-volumes.yaml diff --git a/values/attic/dex/templates/.config/dotnet-tools.json b/attic/values/dex/templates/.config/dotnet-tools.json similarity index 100% rename from values/attic/dex/templates/.config/dotnet-tools.json rename to attic/values/dex/templates/.config/dotnet-tools.json diff --git a/values/attic/dex/templates/.gitignore b/attic/values/dex/templates/.gitignore similarity index 100% rename from values/attic/dex/templates/.gitignore rename to attic/values/dex/templates/.gitignore diff --git a/values/attic/dex/templates/.vscode/launch.json b/attic/values/dex/templates/.vscode/launch.json similarity index 100% rename from values/attic/dex/templates/.vscode/launch.json rename to attic/values/dex/templates/.vscode/launch.json diff --git a/values/attic/dex/templates/.vscode/settings.json b/attic/values/dex/templates/.vscode/settings.json similarity index 100% rename from values/attic/dex/templates/.vscode/settings.json rename to attic/values/dex/templates/.vscode/settings.json diff --git a/values/attic/dex/templates/DexTemplates.sln b/attic/values/dex/templates/DexTemplates.sln similarity index 100% rename from values/attic/dex/templates/DexTemplates.sln rename to attic/values/dex/templates/DexTemplates.sln diff --git a/values/attic/dex/templates/README.md b/attic/values/dex/templates/README.md similarity index 100% rename from values/attic/dex/templates/README.md rename to attic/values/dex/templates/README.md diff --git a/values/attic/dex/templates/deploy.sh b/attic/values/dex/templates/deploy.sh similarity index 100% rename from values/attic/dex/templates/deploy.sh rename to attic/values/dex/templates/deploy.sh diff --git a/values/attic/dex/templates/dex/static/img/atlassian-crowd-icon.svg b/attic/values/dex/templates/dex/static/img/atlassian-crowd-icon.svg similarity index 100% rename from values/attic/dex/templates/dex/static/img/atlassian-crowd-icon.svg rename to attic/values/dex/templates/dex/static/img/atlassian-crowd-icon.svg diff --git a/values/attic/dex/templates/dex/static/img/bitbucket-icon.svg b/attic/values/dex/templates/dex/static/img/bitbucket-icon.svg similarity index 100% rename from values/attic/dex/templates/dex/static/img/bitbucket-icon.svg rename to attic/values/dex/templates/dex/static/img/bitbucket-icon.svg diff --git a/values/attic/dex/templates/dex/static/img/email-icon.svg b/attic/values/dex/templates/dex/static/img/email-icon.svg similarity index 100% rename from values/attic/dex/templates/dex/static/img/email-icon.svg rename to attic/values/dex/templates/dex/static/img/email-icon.svg diff --git a/values/attic/dex/templates/dex/static/img/gitea-icon.svg b/attic/values/dex/templates/dex/static/img/gitea-icon.svg similarity index 100% rename from values/attic/dex/templates/dex/static/img/gitea-icon.svg rename to attic/values/dex/templates/dex/static/img/gitea-icon.svg diff --git a/values/attic/dex/templates/dex/static/img/github-icon.svg b/attic/values/dex/templates/dex/static/img/github-icon.svg similarity index 100% rename from values/attic/dex/templates/dex/static/img/github-icon.svg rename to attic/values/dex/templates/dex/static/img/github-icon.svg diff --git a/values/attic/dex/templates/dex/static/img/gitlab-icon.svg b/attic/values/dex/templates/dex/static/img/gitlab-icon.svg similarity index 100% rename from values/attic/dex/templates/dex/static/img/gitlab-icon.svg rename to attic/values/dex/templates/dex/static/img/gitlab-icon.svg diff --git a/values/attic/dex/templates/dex/static/img/google-icon.svg b/attic/values/dex/templates/dex/static/img/google-icon.svg similarity index 100% rename from values/attic/dex/templates/dex/static/img/google-icon.svg rename to attic/values/dex/templates/dex/static/img/google-icon.svg diff --git a/values/attic/dex/templates/dex/static/img/keystone-icon.svg b/attic/values/dex/templates/dex/static/img/keystone-icon.svg similarity index 100% rename from values/attic/dex/templates/dex/static/img/keystone-icon.svg rename to attic/values/dex/templates/dex/static/img/keystone-icon.svg diff --git a/values/attic/dex/templates/dex/static/img/ldap-icon.svg b/attic/values/dex/templates/dex/static/img/ldap-icon.svg similarity index 100% rename from values/attic/dex/templates/dex/static/img/ldap-icon.svg rename to attic/values/dex/templates/dex/static/img/ldap-icon.svg diff --git a/values/attic/dex/templates/dex/static/img/linkedin-icon.svg b/attic/values/dex/templates/dex/static/img/linkedin-icon.svg similarity index 100% rename from values/attic/dex/templates/dex/static/img/linkedin-icon.svg rename to attic/values/dex/templates/dex/static/img/linkedin-icon.svg diff --git a/values/attic/dex/templates/dex/static/img/microsoft-icon.svg b/attic/values/dex/templates/dex/static/img/microsoft-icon.svg similarity index 100% rename from values/attic/dex/templates/dex/static/img/microsoft-icon.svg rename to attic/values/dex/templates/dex/static/img/microsoft-icon.svg diff --git a/values/attic/dex/templates/dex/static/img/ob.png b/attic/values/dex/templates/dex/static/img/ob.png similarity index 100% rename from values/attic/dex/templates/dex/static/img/ob.png rename to attic/values/dex/templates/dex/static/img/ob.png diff --git a/values/attic/dex/templates/dex/static/img/oidc-icon.svg b/attic/values/dex/templates/dex/static/img/oidc-icon.svg similarity index 100% rename from values/attic/dex/templates/dex/static/img/oidc-icon.svg rename to attic/values/dex/templates/dex/static/img/oidc-icon.svg diff --git a/values/attic/dex/templates/dex/static/img/saml-icon.svg b/attic/values/dex/templates/dex/static/img/saml-icon.svg similarity index 100% rename from values/attic/dex/templates/dex/static/img/saml-icon.svg rename to attic/values/dex/templates/dex/static/img/saml-icon.svg diff --git a/values/attic/dex/templates/dex/static/js/index.c3f9eb2e.js b/attic/values/dex/templates/dex/static/js/index.c3f9eb2e.js similarity index 100% rename from values/attic/dex/templates/dex/static/js/index.c3f9eb2e.js rename to attic/values/dex/templates/dex/static/js/index.c3f9eb2e.js diff --git a/values/attic/dex/templates/dex/static/js/vendor.86e21c29.js b/attic/values/dex/templates/dex/static/js/vendor.86e21c29.js similarity index 100% rename from values/attic/dex/templates/dex/static/js/vendor.86e21c29.js rename to attic/values/dex/templates/dex/static/js/vendor.86e21c29.js diff --git a/values/attic/dex/templates/dex/static/logout.html b/attic/values/dex/templates/dex/static/logout.html similarity index 100% rename from values/attic/dex/templates/dex/static/logout.html rename to attic/values/dex/templates/dex/static/logout.html diff --git a/values/attic/dex/templates/dex/static/main.css b/attic/values/dex/templates/dex/static/main.css similarity index 100% rename from values/attic/dex/templates/dex/static/main.css rename to attic/values/dex/templates/dex/static/main.css diff --git a/values/attic/dex/templates/dex/templates/approval.html b/attic/values/dex/templates/dex/templates/approval.html similarity index 100% rename from values/attic/dex/templates/dex/templates/approval.html rename to attic/values/dex/templates/dex/templates/approval.html diff --git a/values/attic/dex/templates/dex/templates/device.html b/attic/values/dex/templates/dex/templates/device.html similarity index 100% rename from values/attic/dex/templates/dex/templates/device.html rename to attic/values/dex/templates/dex/templates/device.html diff --git a/values/attic/dex/templates/dex/templates/device_success.html b/attic/values/dex/templates/dex/templates/device_success.html similarity index 100% rename from values/attic/dex/templates/dex/templates/device_success.html rename to attic/values/dex/templates/dex/templates/device_success.html diff --git a/values/attic/dex/templates/dex/templates/error.html b/attic/values/dex/templates/dex/templates/error.html similarity index 100% rename from values/attic/dex/templates/dex/templates/error.html rename to attic/values/dex/templates/dex/templates/error.html diff --git a/values/attic/dex/templates/dex/templates/footer.html b/attic/values/dex/templates/dex/templates/footer.html similarity index 100% rename from values/attic/dex/templates/dex/templates/footer.html rename to attic/values/dex/templates/dex/templates/footer.html diff --git a/values/attic/dex/templates/dex/templates/header.html b/attic/values/dex/templates/dex/templates/header.html similarity index 100% rename from values/attic/dex/templates/dex/templates/header.html rename to attic/values/dex/templates/dex/templates/header.html diff --git a/values/attic/dex/templates/dex/templates/login.html b/attic/values/dex/templates/dex/templates/login.html similarity index 100% rename from values/attic/dex/templates/dex/templates/login.html rename to attic/values/dex/templates/dex/templates/login.html diff --git a/values/attic/dex/templates/dex/templates/oob.html b/attic/values/dex/templates/dex/templates/oob.html similarity index 100% rename from values/attic/dex/templates/dex/templates/oob.html rename to attic/values/dex/templates/dex/templates/oob.html diff --git a/values/attic/dex/templates/dex/templates/password.html b/attic/values/dex/templates/dex/templates/password.html similarity index 100% rename from values/attic/dex/templates/dex/templates/password.html rename to attic/values/dex/templates/dex/templates/password.html diff --git a/values/attic/dex/templates/dex/themes/dark/favicon.png b/attic/values/dex/templates/dex/themes/dark/favicon.png similarity index 100% rename from values/attic/dex/templates/dex/themes/dark/favicon.png rename to attic/values/dex/templates/dex/themes/dark/favicon.png diff --git a/values/attic/dex/templates/dex/themes/dark/logo.png b/attic/values/dex/templates/dex/themes/dark/logo.png similarity index 100% rename from values/attic/dex/templates/dex/themes/dark/logo.png rename to attic/values/dex/templates/dex/themes/dark/logo.png diff --git a/values/attic/dex/templates/dex/themes/dark/styles.css b/attic/values/dex/templates/dex/themes/dark/styles.css similarity index 100% rename from values/attic/dex/templates/dex/themes/dark/styles.css rename to attic/values/dex/templates/dex/themes/dark/styles.css diff --git a/values/attic/dex/templates/dex/themes/light/favicon.png b/attic/values/dex/templates/dex/themes/light/favicon.png similarity index 100% rename from values/attic/dex/templates/dex/themes/light/favicon.png rename to attic/values/dex/templates/dex/themes/light/favicon.png diff --git a/values/attic/dex/templates/dex/themes/light/logo.png b/attic/values/dex/templates/dex/themes/light/logo.png similarity index 100% rename from values/attic/dex/templates/dex/themes/light/logo.png rename to attic/values/dex/templates/dex/themes/light/logo.png diff --git a/values/attic/dex/templates/dex/themes/light/styles.css b/attic/values/dex/templates/dex/themes/light/styles.css similarity index 100% rename from values/attic/dex/templates/dex/themes/light/styles.css rename to attic/values/dex/templates/dex/themes/light/styles.css diff --git a/values/attic/dex/templates/index.html b/attic/values/dex/templates/index.html similarity index 100% rename from values/attic/dex/templates/index.html rename to attic/values/dex/templates/index.html diff --git a/values/attic/dex/templates/package-lock.json b/attic/values/dex/templates/package-lock.json similarity index 100% rename from values/attic/dex/templates/package-lock.json rename to attic/values/dex/templates/package-lock.json diff --git a/values/attic/dex/templates/package.json b/attic/values/dex/templates/package.json similarity index 100% rename from values/attic/dex/templates/package.json rename to attic/values/dex/templates/package.json diff --git a/values/attic/dex/templates/src/App.fs b/attic/values/dex/templates/src/App.fs similarity index 100% rename from values/attic/dex/templates/src/App.fs rename to attic/values/dex/templates/src/App.fs diff --git a/values/attic/dex/templates/src/DexTemplates.fsproj b/attic/values/dex/templates/src/DexTemplates.fsproj similarity index 100% rename from values/attic/dex/templates/src/DexTemplates.fsproj rename to attic/values/dex/templates/src/DexTemplates.fsproj diff --git a/values/attic/dex/values-prod.yaml b/attic/values/dex/values-prod.yaml similarity index 100% rename from values/attic/dex/values-prod.yaml rename to attic/values/dex/values-prod.yaml diff --git a/values/attic/dex/values-staging.yaml b/attic/values/dex/values-staging.yaml similarity index 100% rename from values/attic/dex/values-staging.yaml rename to attic/values/dex/values-staging.yaml diff --git a/values/attic/dex/values.yaml b/attic/values/dex/values.yaml similarity index 100% rename from values/attic/dex/values.yaml rename to attic/values/dex/values.yaml diff --git a/values/attic/hipster/base/deployment_patch.yaml b/attic/values/hipster/base/deployment_patch.yaml similarity index 100% rename from values/attic/hipster/base/deployment_patch.yaml rename to attic/values/hipster/base/deployment_patch.yaml diff --git a/values/attic/hipster/base/kustomization.yaml b/attic/values/hipster/base/kustomization.yaml similarity index 100% rename from values/attic/hipster/base/kustomization.yaml rename to attic/values/hipster/base/kustomization.yaml diff --git a/values/attic/hipster/base/service_patch.yaml b/attic/values/hipster/base/service_patch.yaml similarity index 100% rename from values/attic/hipster/base/service_patch.yaml rename to attic/values/hipster/base/service_patch.yaml diff --git a/values/attic/hipster/chart b/attic/values/hipster/chart similarity index 100% rename from values/attic/hipster/chart rename to attic/values/hipster/chart diff --git a/values/attic/hipster/prod/appsettings.json b/attic/values/hipster/prod/appsettings.json similarity index 100% rename from values/attic/hipster/prod/appsettings.json rename to attic/values/hipster/prod/appsettings.json diff --git a/values/attic/hipster/prod/bindings.yaml b/attic/values/hipster/prod/bindings.yaml similarity index 100% rename from values/attic/hipster/prod/bindings.yaml rename to attic/values/hipster/prod/bindings.yaml diff --git a/values/attic/hipster/prod/default.env b/attic/values/hipster/prod/default.env similarity index 100% rename from values/attic/hipster/prod/default.env rename to attic/values/hipster/prod/default.env diff --git a/values/attic/hipster/prod/deployment_patch.yaml b/attic/values/hipster/prod/deployment_patch.yaml similarity index 100% rename from values/attic/hipster/prod/deployment_patch.yaml rename to attic/values/hipster/prod/deployment_patch.yaml diff --git a/values/attic/hipster/prod/kustomization.yaml b/attic/values/hipster/prod/kustomization.yaml similarity index 100% rename from values/attic/hipster/prod/kustomization.yaml rename to attic/values/hipster/prod/kustomization.yaml diff --git a/values/attic/hipster/staging/appsettings.json b/attic/values/hipster/staging/appsettings.json similarity index 100% rename from values/attic/hipster/staging/appsettings.json rename to attic/values/hipster/staging/appsettings.json diff --git a/values/attic/hipster/staging/bindings.yaml b/attic/values/hipster/staging/bindings.yaml similarity index 100% rename from values/attic/hipster/staging/bindings.yaml rename to attic/values/hipster/staging/bindings.yaml diff --git a/values/attic/hipster/staging/default.env b/attic/values/hipster/staging/default.env similarity index 100% rename from values/attic/hipster/staging/default.env rename to attic/values/hipster/staging/default.env diff --git a/values/attic/hipster/staging/deployment_patch.yaml b/attic/values/hipster/staging/deployment_patch.yaml similarity index 100% rename from values/attic/hipster/staging/deployment_patch.yaml rename to attic/values/hipster/staging/deployment_patch.yaml diff --git a/values/attic/hipster/staging/kustomization.yaml b/attic/values/hipster/staging/kustomization.yaml similarity index 100% rename from values/attic/hipster/staging/kustomization.yaml rename to attic/values/hipster/staging/kustomization.yaml diff --git a/values/attic/hipster/values-prod.yaml b/attic/values/hipster/values-prod.yaml similarity index 100% rename from values/attic/hipster/values-prod.yaml rename to attic/values/hipster/values-prod.yaml diff --git a/values/attic/hipster/values-staging.yaml b/attic/values/hipster/values-staging.yaml similarity index 100% rename from values/attic/hipster/values-staging.yaml rename to attic/values/hipster/values-staging.yaml diff --git a/values/attic/jaeger/values.yaml b/attic/values/jaeger/values.yaml similarity index 100% rename from values/attic/jaeger/values.yaml rename to attic/values/jaeger/values.yaml diff --git a/values/attic/petimeter/base/deployment_patch.yaml b/attic/values/petimeter/base/deployment_patch.yaml similarity index 100% rename from values/attic/petimeter/base/deployment_patch.yaml rename to attic/values/petimeter/base/deployment_patch.yaml diff --git a/values/attic/petimeter/base/kustomization.yaml b/attic/values/petimeter/base/kustomization.yaml similarity index 100% rename from values/attic/petimeter/base/kustomization.yaml rename to attic/values/petimeter/base/kustomization.yaml diff --git a/values/attic/petimeter/chart b/attic/values/petimeter/chart similarity index 100% rename from values/attic/petimeter/chart rename to attic/values/petimeter/chart diff --git a/values/attic/petimeter/prod/appsettings.json b/attic/values/petimeter/prod/appsettings.json similarity index 100% rename from values/attic/petimeter/prod/appsettings.json rename to attic/values/petimeter/prod/appsettings.json diff --git a/values/attic/petimeter/prod/default.env b/attic/values/petimeter/prod/default.env similarity index 100% rename from values/attic/petimeter/prod/default.env rename to attic/values/petimeter/prod/default.env diff --git a/values/attic/petimeter/prod/deployment_patch.yaml b/attic/values/petimeter/prod/deployment_patch.yaml similarity index 100% rename from values/attic/petimeter/prod/deployment_patch.yaml rename to attic/values/petimeter/prod/deployment_patch.yaml diff --git a/values/attic/petimeter/prod/kustomization.yaml b/attic/values/petimeter/prod/kustomization.yaml similarity index 100% rename from values/attic/petimeter/prod/kustomization.yaml rename to attic/values/petimeter/prod/kustomization.yaml diff --git a/values/attic/petimeter/staging/appsettings.json b/attic/values/petimeter/staging/appsettings.json similarity index 100% rename from values/attic/petimeter/staging/appsettings.json rename to attic/values/petimeter/staging/appsettings.json diff --git a/values/attic/petimeter/staging/default.env b/attic/values/petimeter/staging/default.env similarity index 100% rename from values/attic/petimeter/staging/default.env rename to attic/values/petimeter/staging/default.env diff --git a/values/attic/petimeter/staging/deployment_patch.yaml b/attic/values/petimeter/staging/deployment_patch.yaml similarity index 100% rename from values/attic/petimeter/staging/deployment_patch.yaml rename to attic/values/petimeter/staging/deployment_patch.yaml diff --git a/values/attic/petimeter/staging/kustomization.yaml b/attic/values/petimeter/staging/kustomization.yaml similarity index 100% rename from values/attic/petimeter/staging/kustomization.yaml rename to attic/values/petimeter/staging/kustomization.yaml diff --git a/values/attic/petimeter/values-prod.yaml b/attic/values/petimeter/values-prod.yaml similarity index 100% rename from values/attic/petimeter/values-prod.yaml rename to attic/values/petimeter/values-prod.yaml diff --git a/values/attic/petimeter/values-staging.yaml b/attic/values/petimeter/values-staging.yaml similarity index 100% rename from values/attic/petimeter/values-staging.yaml rename to attic/values/petimeter/values-staging.yaml diff --git a/values/attic/seq/values.yaml b/attic/values/seq/values.yaml similarity index 100% rename from values/attic/seq/values.yaml rename to attic/values/seq/values.yaml diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml index 06b8afc5..f6aeefdc 100644 --- a/charts/atlantis/Chart.yaml +++ b/charts/atlantis/Chart.yaml @@ -4,7 +4,7 @@ description: Atlantis map and simulation service type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.14.2 +version: v1.21.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.14.2 +appVersion: v1.21.6 diff --git a/charts/atlantis/templates/deployment.yaml b/charts/atlantis/templates/deployment.yaml index e599553f..63f67190 100644 --- a/charts/atlantis/templates/deployment.yaml +++ b/charts/atlantis/templates/deployment.yaml @@ -40,6 +40,12 @@ spec: protocol: TCP env: {{- toYaml .Values.env | nindent 12 }} + startupProbe: + httpGet: + path: /healthz + port: http + initialDelaySeconds: 30 + failureThreshold: 10 livenessProbe: httpGet: path: /healthz diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml index f915a289..aff16c41 100644 --- a/charts/atlantis/values.yaml +++ b/charts/atlantis/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/poseidon/atlantis - tag: v1.14.2 + tag: v1.21.6 pullPolicy: IfNotPresent init: enabled: false diff --git a/charts/makai/.helmignore b/charts/makai/.helmignore new file mode 100644 index 00000000..61e5ef82 --- /dev/null +++ b/charts/makai/.helmignore @@ -0,0 +1,26 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +base/ +prod/ +staging/ +review/ diff --git a/charts/makai/Chart.yaml b/charts/makai/Chart.yaml new file mode 100644 index 00000000..aa5f16a3 --- /dev/null +++ b/charts/makai/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: makai +description: Create and edit unstructured grids in your browser +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +version: v0.1.0 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. +appVersion: v0.1.0 diff --git a/charts/makai/templates/NOTES.txt b/charts/makai/templates/NOTES.txt new file mode 100644 index 00000000..a355fa1c --- /dev/null +++ b/charts/makai/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "makai.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "makai.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "makai.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "makai.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/charts/makai/templates/_helpers.tpl b/charts/makai/templates/_helpers.tpl new file mode 100644 index 00000000..857006f1 --- /dev/null +++ b/charts/makai/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "makai.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "makai.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "makai.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "makai.labels" -}} +helm.sh/chart: {{ include "makai.chart" . }} +{{ include "makai.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "makai.selectorLabels" -}} +app.kubernetes.io/name: {{ include "makai.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "makai.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "makai.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/makai/templates/cluster.yaml b/charts/makai/templates/cluster.yaml new file mode 100644 index 00000000..da6fd76f --- /dev/null +++ b/charts/makai/templates/cluster.yaml @@ -0,0 +1,24 @@ +{{- if .Values.cluster.enabled -}} +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: {{ include "makai.fullname" . }} + annotations: + linkerd.io/inject: disabled + labels: + {{- include "makai.labels" . | nindent 4 }} +spec: + instances: {{ .Values.cluster.instances | default "2" }} + + # Example of rolling update strategy: + # - unsupervised: automated update of the primary once all + # replicas have been upgraded (default) + # - supervised: requires manual supervision to perform + # the switchover of the primary + primaryUpdateStrategy: unsupervised + backup: + retentionPolicy: {{ .Values.cluster.backupRetention | default "60d" }} + + storage: + size: {{ .Values.cluster.size | default "5Gi" }} +{{- end }} diff --git a/charts/makai/templates/deployment.yaml b/charts/makai/templates/deployment.yaml new file mode 100644 index 00000000..34404bb7 --- /dev/null +++ b/charts/makai/templates/deployment.yaml @@ -0,0 +1,84 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "makai.fullname" . }} + labels: + {{- include "makai.labels" . | nindent 4 }} +spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "makai.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "makai.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "makai.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + env: + - name: LOG_LEVEL + value: "3" + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumeMounts: + - name: data + mountPath: /data + {{- if .Values.init.enabled }} + initContainers: + - name: init + image: {{ .Values.init.image }} + command: {{- toYaml .Values.init.command | nindent 10 }} + volumeMounts: + - name: data + mountPath: /data + {{- end }} + volumes: + - name: data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim | default (include "makai.fullname" .) }} + {{- else }} + emptyDir: {} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/makai/templates/hpa.yaml b/charts/makai/templates/hpa.yaml new file mode 100644 index 00000000..5702100d --- /dev/null +++ b/charts/makai/templates/hpa.yaml @@ -0,0 +1,28 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "makai.fullname" . }} + labels: + {{- include "makai.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "makai.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/makai/templates/ingress.yaml b/charts/makai/templates/ingress.yaml new file mode 100644 index 00000000..50bc30e7 --- /dev/null +++ b/charts/makai/templates/ingress.yaml @@ -0,0 +1,61 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "makai.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "makai.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/makai/templates/pvc.yaml b/charts/makai/templates/pvc.yaml new file mode 100644 index 00000000..da6c4a8c --- /dev/null +++ b/charts/makai/templates/pvc.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "makai.fullname" . }} +{{- with .Values.persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: +{{ include "makai.labels" . | indent 4 }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/makai/templates/service.yaml b/charts/makai/templates/service.yaml new file mode 100644 index 00000000..b0fe54a4 --- /dev/null +++ b/charts/makai/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "makai.fullname" . }} + labels: + {{- include "makai.labels" . | nindent 4 }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + {{- include "makai.selectorLabels" . | nindent 4 }} diff --git a/charts/makai/templates/serviceaccount.yaml b/charts/makai/templates/serviceaccount.yaml new file mode 100644 index 00000000..4efb3ed5 --- /dev/null +++ b/charts/makai/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "makai.serviceAccountName" . }} + labels: + {{- include "makai.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/makai/values.yaml b/charts/makai/values.yaml new file mode 100644 index 00000000..95b70597 --- /dev/null +++ b/charts/makai/values.yaml @@ -0,0 +1,82 @@ +# Default values for makai. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +replicaCount: 1 +image: + repository: registry.gitlab.com/oceanbox/makai/makai + tag: v0.1.0 + pullPolicy: IfNotPresent +init: + enabled: false + image: ubuntu:rolling + command: ["/bin/sh", "-c", "true"] +env: + - name: LOG_LEVEL + value: "2" + - name: APP_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: APP_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +imagePullSecrets: + - name: gitlab-pull-secret +nameOverride: "" +fullnameOverride: "" +serviceAccount: + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" +podAnnotations: {} +podSecurityContext: + fsGroup: 2000 +securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: false + runAsNonRoot: false + runAsUser: 0 +service: + type: ClusterIP + port: 8080 +ingress: + enabled: true + className: nginx +persistence: + enabled: false + size: 1G + storageClass: "" + accessMode: ReadWriteOnce +cluster: + enabled: false + instances: 2 + backupEnabled: true + backupRetention: 60d + size: 5Gi +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 +nodeSelector: {} +tolerations: [] +affinity: {} diff --git a/charts/plume/Chart.yaml b/charts/plume/Chart.yaml index da68dcc7..dddfd231 100644 --- a/charts/plume/Chart.yaml +++ b/charts/plume/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.2.3 +version: v1.6.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.2.3 +appVersion: v1.6.5 diff --git a/charts/plume/values.yaml b/charts/plume/values.yaml index b6741691..2f1e4a90 100644 --- a/charts/plume/values.yaml +++ b/charts/plume/values.yaml @@ -4,7 +4,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/plume/plume - tag: v1.2.3 + tag: v1.6.5 pullPolicy: IfNotPresent init: enabled: false diff --git a/charts/sorcerer/Chart.yaml b/charts/sorcerer/Chart.yaml index a73b75fa..709154e0 100644 --- a/charts/sorcerer/Chart.yaml +++ b/charts/sorcerer/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.14.2 +version: v1.21.6 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.14.2 +appVersion: v1.21.6 diff --git a/charts/sorcerer/values.yaml b/charts/sorcerer/values.yaml index cbe3964f..909525ab 100644 --- a/charts/sorcerer/values.yaml +++ b/charts/sorcerer/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/poseidon/sorcerer - tag: v1.14.2 + tag: v1.21.6 pullPolicy: IfNotPresent init: enabled: false diff --git a/helmfile.d/argo.yaml.gotmpl b/helmfile.d/argo.yaml.gotmpl index 41f4f13d..3c93bf86 100644 --- a/helmfile.d/argo.yaml.gotmpl +++ b/helmfile.d/argo.yaml.gotmpl @@ -43,7 +43,7 @@ releases: - name: argo-workflows namespace: argocd chart: argo/argo-workflows - version: 0.45.0 + version: 0.45.22 condition: argo.workflows.enabled missingFileHandler: Info - name: manifests diff --git a/helmfile.d/linkerd.yaml.gotmpl b/helmfile.d/linkerd.yaml.gotmpl index b400d853..d2fe276c 100644 --- a/helmfile.d/linkerd.yaml.gotmpl +++ b/helmfile.d/linkerd.yaml.gotmpl @@ -15,7 +15,7 @@ releases: - name: linkerd namespace: linkerd chart: linkerd/linkerd-control-plane - version: 1.9.3 + version: 1.16.10 condition: linkerd.enabled values: - ../values/linkerd/values/linkerd.yaml.gotmpl diff --git a/helmfile.d/makai.yaml.gotmpl b/helmfile.d/makai.yaml.gotmpl new file mode 100644 index 00000000..7e66c806 --- /dev/null +++ b/helmfile.d/makai.yaml.gotmpl @@ -0,0 +1,38 @@ +bases: + - ../envs/environments.yaml.gotmpl + +commonLabels: + tier: oceanbox + +releases: +- name: makai + namespace: {{ .Environment.Name }}-makai + chart: ../charts/makai + condition: makai.enabled + values: + - ../values/makai/values/values.yaml + - ../values/makai/values/values-{{ .Environment.Name }}.yaml + postRenderer: ../bin/kustomizer + postRendererArgs: + - ../values/makai/kustomize/{{ .Environment.Name }} + missingFileHandler: Info +- name: manifests + namespace: {{ .Environment.Name }}-makai + chart: manifests + condition: makai.enabled + missingFileHandler: Info + values: + - ../values/env.yaml + - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml + - ../values/makai/env.yaml.gotmpl + - ../values/makai/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl + hooks: + - events: [ prepare, cleanup ] + showlogs: true + command: ../bin/helmify + args: + - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}' + - '{{`{{ .Release.Chart }}`}}' + - '{{`{{ .Environment.Name }}`}}' + - ../values/makai/manifests + - manifests diff --git a/helmfile.d/nfs-provisioner.yaml.gotmpl b/helmfile.d/nfs-provisioner.yaml.gotmpl index 17201b33..5764e548 100644 --- a/helmfile.d/nfs-provisioner.yaml.gotmpl +++ b/helmfile.d/nfs-provisioner.yaml.gotmpl @@ -10,9 +10,9 @@ commonLabels: releases: - name: nfs-provisioner - namespace: kube-system + namespace: kube-system chart: nfs-provisioner/nfs-subdir-external-provisioner - version: 4.0.13 + version: 4.0.18 condition: nfs_provisioner.enabled values: - ../values/nfs-provisioner/values/nfs-provisioner.yaml.gotmpl @@ -22,7 +22,7 @@ releases: - ../values/nfs-provisioner/kustomize/{{ .Environment.Name }} missingFileHandler: Info - name: manifests - namespace: kube-system + namespace: kube-system chart: manifests condition: nfs_provisioner.enabled missingFileHandler: Info diff --git a/shell.nix b/shell.nix index 4cf65763..f064878d 100644 --- a/shell.nix +++ b/shell.nix @@ -34,8 +34,14 @@ pkgs.mkShellNoCC { # kubectl tools kubectl-cnpg kubectl-neat + kubelogin + kubelogin-oidc + + # linkerd + step-cli + linkerd ]; - ARGOCD_ENV_CLUSTER_NAME = "oceanbox"; + ARGOCD_ENV_CLUSTER_NAME = "ekman"; HELM_GIT_ACCESS_TOKEN = "glpat-xxx"; } diff --git a/values/argo/env.yaml.gotmpl b/values/argo/env.yaml.gotmpl index 9e70b222..ce91e055 100644 --- a/values/argo/env.yaml.gotmpl +++ b/values/argo/env.yaml.gotmpl @@ -5,7 +5,7 @@ argo: rollouts: enabled: false workflows: - enabled: false + enabled: true argocd: autosync: true diff --git a/values/argo/manifests/sys-project.yaml b/values/argo/manifests/sys-project.yaml index 6fa3cc02..50b9bb71 100644 --- a/values/argo/manifests/sys-project.yaml +++ b/values/argo/manifests/sys-project.yaml @@ -72,6 +72,8 @@ spec: server: https://kubernetes.default.svc - namespace: opentelemetry server: https://kubernetes.default.svc + - namespace: ncps + server: https://kubernetes.default.svc sourceRepos: - https://argoproj.github.io/argo-helm - https://kubernetes-sigs.github.io/metrics-server/ diff --git a/values/argo/values/workflows.yaml.gotmpl b/values/argo/values/workflows.yaml.gotmpl index 3dc66812..b30c08af 100644 --- a/values/argo/values/workflows.yaml.gotmpl +++ b/values/argo/values/workflows.yaml.gotmpl @@ -1,9 +1,8 @@ dashboard: - enabled: {{ .Values.apps. true }} + enabled: true controller: metrics: enabled: true serviceMonitor: enabled: true - diff --git a/values/atlantis/kustomize/prod/appsettings.json b/values/atlantis/kustomize/prod/appsettings.json index b0b392b4..791651a3 100644 --- a/values/atlantis/kustomize/prod/appsettings.json +++ b/values/atlantis/kustomize/prod/appsettings.json @@ -67,6 +67,7 @@ "roles": [ "admin" ] } ], + "plume": "plume.data.oceanbox.io", "redis": "prod-atlantis-redis-master:6379", "objectStore": "https://atlantis.blob.core.windows.net", "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;", diff --git a/values/atlantis/kustomize/staging/appsettings.json b/values/atlantis/kustomize/staging/appsettings.json index 919d295a..0eb6dc30 100644 --- a/values/atlantis/kustomize/staging/appsettings.json +++ b/values/atlantis/kustomize/staging/appsettings.json @@ -67,6 +67,7 @@ "roles": [ "admin" ] } ], + "plume": "plume.ekman.oceanbox.io", "redis": "staging-atlantis-redis-master:6379", "objectStore": "https://atlantis.blob.core.windows.net", "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;", diff --git a/values/atlantis/manifests/atlantis.yaml b/values/atlantis/manifests/atlantis.yaml index 7688b8c5..28df05c8 100644 --- a/values/atlantis/manifests/atlantis.yaml +++ b/values/atlantis/manifests/atlantis.yaml @@ -6,6 +6,7 @@ metadata: namespace: argocd annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/compare-options: ServerSideDiff=true finalizers: - resources-finalizer.argocd.argoproj.io spec: diff --git a/values/atlantis/manifests/network/allow-plume.yaml b/values/atlantis/manifests/network/allow-plume.yaml new file mode 100644 index 00000000..b09fd2be --- /dev/null +++ b/values/atlantis/manifests/network/allow-plume.yaml @@ -0,0 +1,15 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-plume + namespace: {{ .Release.Namespace }} +spec: + egress: + - toFQDNs: + - matchPattern: 'plume.data.oceanbox.io' + - matchPattern: 'plume.ekman.oceanbox.io' + endpointSelector: + matchLabels: + app.kubernetes.io/name: atlantis +{{- end }} diff --git a/values/atlantis/values/redis-staging.yaml b/values/atlantis/values/redis-staging.yaml index c81761f8..d9b69f91 100644 --- a/values/atlantis/values/redis-staging.yaml +++ b/values/atlantis/values/redis-staging.yaml @@ -1,5 +1,12 @@ architecture: standalone +# NOTE(mrtz): Hack for working with bitnami legacy registry +global: + security: + allowInsecureImages: true +image: + repository: bitnamilegacy/redis + replica: replicaCount: 1 @@ -20,4 +27,3 @@ master: cpu: 150m ephemeral-storage: 50Mi memory: 128Mi - diff --git a/values/atlantis/values/values-prod.yaml.gotmpl b/values/atlantis/values/values-prod.yaml.gotmpl index f435a167..8571be1f 100644 --- a/values/atlantis/values/values-prod.yaml.gotmpl +++ b/values/atlantis/values/values-prod.yaml.gotmpl @@ -72,8 +72,8 @@ cluster: resources: limits: - cpu: 250m + cpu: 1 memory: 1Gi requests: - cpu: 250m + cpu: 500m memory: 1Gi diff --git a/values/atlantis/values/values-staging.yaml.gotmpl b/values/atlantis/values/values-staging.yaml.gotmpl index 9fee23d1..e7b06bb0 100644 --- a/values/atlantis/values/values-staging.yaml.gotmpl +++ b/values/atlantis/values/values-staging.yaml.gotmpl @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: 10a6c109-debug + tag: bf92311c-debug podAnnotations: dapr.io/app-id: "staging-atlantis" env: diff --git a/values/attic/env-oceanbox.yaml.gotmpl b/values/attic/env-oceanbox.yaml.gotmpl new file mode 100644 index 00000000..73914176 --- /dev/null +++ b/values/attic/env-oceanbox.yaml.gotmpl @@ -0,0 +1,2 @@ +attic: + enabled: true diff --git a/values/attic/env.yaml.gotmpl b/values/attic/env.yaml.gotmpl new file mode 100644 index 00000000..fc25113f --- /dev/null +++ b/values/attic/env.yaml.gotmpl @@ -0,0 +1,3 @@ +attic: + enabled: false + autosync: false diff --git a/values/attic/manifests/attic.yaml b/values/attic/manifests/attic.yaml new file mode 100644 index 00000000..e46796be --- /dev/null +++ b/values/attic/manifests/attic.yaml @@ -0,0 +1,27 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: attic + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: attic + server: 'https://kubernetes.default.svc' + sources: + - repoURL: https://gitlab.com/oceanbox/manifests.git + targetRevision: HEAD + path: values/attic/manifests + project: aux + syncPolicy: + managedNamespaceMetadata: + labels: + component: aux + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + # - ServerSideApply=true + automated: + prune: true + # selfHeal: false diff --git a/values/attic/manifests/cluster.yaml b/values/attic/manifests/cluster.yaml new file mode 100644 index 00000000..c500027b --- /dev/null +++ b/values/attic/manifests/cluster.yaml @@ -0,0 +1,14 @@ +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: attic-db + namespace: attic + labels: + app: attic-db +spec: + instances: 1 + primaryUpdateStrategy: unsupervised + backup: + retentionPolicy: "7d" + storage: + size: "20Gi" diff --git a/values/attic/manifests/cm.yaml b/values/attic/manifests/cm.yaml new file mode 100644 index 00000000..4a90b99c --- /dev/null +++ b/values/attic/manifests/cm.yaml @@ -0,0 +1,167 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/name: attic + name: attic-config + namespace: attic +data: + config.toml: | + # src: https://github.com/zhaofengli/attic/blob/main/server/src/config-template.toml + + # Socket address to listen on + listen = "[::]:8080" + + # Allowed `Host` headers + # + # This _must_ be configured for production use. If unconfigured or the + # list is empty, all `Host` headers are allowed. + allowed-hosts = [] + + # The canonical API endpoint of this server + # + # This is the endpoint exposed to clients in `cache-config` responses. + # + # This _must_ be configured for production use. If not configured, the + # API endpoint is synthesized from the client's `Host` header which may + # be insecure. + # + # The API endpoint _must_ end with a slash (e.g., `https://domain.tld/attic/` + # not `https://domain.tld/attic`). + api-endpoint = "https://attic.srv.oceanbox.io/" + + # Whether to soft-delete caches + # + # If this is enabled, caches are soft-deleted instead of actually + # removed from the database. Note that soft-deleted caches cannot + # have their names reused as long as the original database records + # are there. + #soft-delete-caches = false + + # Whether to require fully uploading a NAR if it exists in the global cache. + # + # If set to false, simply knowing the NAR hash is enough for + # an uploader to gain access to an existing NAR in the global + # cache. + #require-proof-of-possession = true + + # Database connection + [database] + # Connection URL + # + # For production use it's recommended to use PostgreSQL. + url = "postgresql://app:mZP1BnmnpDU33B7UZvomYKOSS1laRJ4bvUR7jNDZ1AJqPdNxH2rLXykghczg7Bgy@attic-db-rw:5432/app" + + # Whether to enable sending on periodic heartbeat queries + # + # If enabled, a heartbeat query will be sent every minute + #heartbeat = false + + # File storage configuration + [storage] + # Storage type + # + # Can be "local" or "s3". + type = "local" + + # ## Local storage + + # The directory to store all files under + path = "/attic" + + # ## S3 Storage (set type to "s3" and uncomment below) + + # The AWS region + #region = "us-east-1" + + # The name of the bucket + #bucket = "some-bucket" + + # Custom S3 endpoint + # + # Set this if you are using an S3-compatible object storage (e.g., Minio). + #endpoint = "https://xxx.r2.cloudflarestorage.com" + + # Credentials + # + # If unset, the credentials are read from the `AWS_ACCESS_KEY_ID` and + # `AWS_SECRET_ACCESS_KEY` environment variables. + #[storage.credentials] + # access_key_id = "" + # secret_access_key = "" + + # Data chunking + # + # Warning: If you change any of the values here, it will be + # difficult to reuse existing chunks for newly-uploaded NARs + # since the cutpoints will be different. As a result, the + # deduplication ratio will suffer for a while after the change. + [chunking] + # The minimum NAR size to trigger chunking + # + # If 0, chunking is disabled entirely for newly-uploaded NARs. + # If 1, all NARs are chunked. + nar-size-threshold = 65536 # chunk files that are 64 KiB or larger + + # The preferred minimum size of a chunk, in bytes + min-size = 16384 # 16 KiB + + # The preferred average size of a chunk, in bytes + avg-size = 65536 # 64 KiB + + # The preferred maximum size of a chunk, in bytes + max-size = 262144 # 256 KiB + + # Compression + [compression] + # Compression type + # + # Can be "none", "brotli", "zstd", or "xz" + type = "zstd" + + # Compression level + #level = 8 + + # Garbage collection + [garbage-collection] + # The frequency to run garbage collection at + # + # By default it's 12 hours. You can use natural language + # to specify the interval, like "1 day". + # + # If zero, automatic garbage collection is disabled, but + # it can still be run manually with `atticd --mode garbage-collector-once`. + interval = "1 week" + + # Default retention period + # + # Zero (default) means time-based garbage-collection is + # disabled by default. You can enable it on a per-cache basis. + default-retention-period = "6 months" + + [jwt] + # WARNING: Changing _anything_ in this section will break any existing + # tokens. If you need to regenerate them, ensure that you use the the + # correct secret and include the `iss` and `aud` claims. + + # JWT `iss` claim + # + # Set this to the JWT issuer that you want to validate. + # If this is set, all received JWTs will validate that the `iss` claim + # matches this value. + #token-bound-issuer = "some-issuer" + + # JWT `aud` claim + # + # Set this to the JWT audience(s) that you want to validate. + # If this is set, all received JWTs will validate that the `aud` claim + # contains at least one of these values. + #token-bound-audiences = ["some-audience1", "some-audience2"] + + [jwt.signing] + # JWT RS256 secret key + # + # Set this to the base64-encoded private half of an RSA PEM PKCS1 key. + # You can also set it via the `ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64` + # environment variable. + token-rs256-secret-base64 = "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS2dJQkFBS0NBZ0VBdlZrMHQyZUtvdjhpV3prVFFtQzJtRklvd0gxc2liNlVpUFhUaGVwcURiWHMyaERFCnFYa1pKUXRjTnY0T2RtcldmZ2tsbjVyblJNQk5yL1B5dE05OFFMVVJnbzFSU2VTeUVjcmxSU1N4MElVRlhkM3YKV0U0aTJJTktsSzgxblJoY0o4czRUM09iYUpvSUQweEpqS2IzMkhxZmpOSU1vcVdBRk1ES2YyMUM5OWxQeTRXSgpVUUVnYTRzbHo5RzZHVi8wZW5qbFNMa2RRNjEvdEwyRE1ISHgvV2VRUEtpWkF4c2Fwczd3ZVJiNVBrS3J0MVlGClRxa1lJSjY3eDFiNDR1N0NmdWdVbHhMM2JCQ1lqVXVXNnoxdGU3T2ZQUUhoM1FPU2lFZTczQ3I4dU1lSkplV0wKN2VKc1hWSG9uVzBMZWl0aDk5WmJTUTF3YlhieDVPZzNTQ3ZWYnkyZE90Y3Rud2Y2aDN5YlJ3SUNoc24xbk4zMwowRkMyOXlFY0ExQ2VFVzRsMVVHNmxoMGw5cEpiWEhRNlFJS1paempaTlgxZTRGRW5TdytGNGhXd3R1Z2JtKzZnCnVPdEE5QVJxYndJOTFLeEtoT204Q0RJQlRwWThSZG1SaElicWUrc3czT3p3dGk0eTVkU3FMREsrT3Y5b05ucngKQW9TN21TaXNQeDVJS3JwaFhMT3JvVmI2L1puSmNOK3ljaExuenptMDY2Zk5RaTBLNHhzaitvWkphaXVjZnBacAphSElHZGpaY1U3aE5FUzdJNVliVEFqUDdkaDRzdXJnMk1xTUtxbUxsa2ZPcGFoRTlMQTZVVFZRZHZLVFVGNWZwCkdYSnhaT1RKWlpiOGNQTFYxZFdXbnBMaEZNV2h2OUZQTCtDVGZQVUFvQmtmOTE3TzFLdkE3bGsvcTJzQ0F3RUEKQVFLQ0FnQU9WZ3k1dmlzdkFDWTN4ZkNCWEJVM0h6RmFzYVJnSVgvWmh0TkhGbUtGT3pyOW43dGtJWGtYNXU1SwpjNTNndFdJY0ZORTJibUlJUUk4aFBWVW8vM1NtNlk2ejFjTkwxdmJzaGZJcDlBZEtoR2ZOblpvYmszN3I2YlRoCjRRb3NKTVlGZFV1RUtIcWh4dGZKWUx0STNQTnkvb1hLQWJWWE16U3BYWmQzWW14cG01aUJEbEZCUXRhVGpldUUKK3BvZWhiZGE5b0JWcXo1ZCsycnA0bGRtZVpvYTE1YUNJVG5FbEc3R0puRHFtaVN3NUJkZ1FERVNyWmJZRVd5aQpRU0dDL1JUWXl2V1VJcWw5RXh5WnhobGRJaitCMkMyOFRzSXRHN0lpZzF2ajVaVlE0RHF3RmRzc1hiSmF0bkxvClNITlFBcXplT09xY2Mxb0p6N0dzNVRBYVZNZEtEQXZCZm1JMFBMcDNqNmVFOFFIYlduMHk2NzVYbnlqWllLUUcKaWx5R0pUNVRzMWZHWHlPSXBrNG4yQjM1V3dHcjIyTkxnYUd5cnZjRkgxN3JoZGVnaGlrZFJRd1FOcXRsZjBIZApMWDVRQWVwcUt3SE9uR1BGVy9XU2xGU0lEdkt1VFZSVGtvQmFSMTA3OFpiS2JXckZBbEdqYTFvbnNXQUh1YW5UClh5dFE4dWoxUEFFeWFMZUJEaUJxRVJ2am1VVFQ1ZktCOTdaVnRJenVBZ0lyWWZ6YjIyVEk2VFJ6OVZiQ2VyWG8KdTc0cnoxMjM2TXMrbmg5Y2xYd3VtQlBOU1d1eE9OdldOWEZ6VWdIOURzdlFRMWRsMFRJWEFQMGhFYkRHRkNBQwowUlg2M0lpcXFzUG1ZZUZNTGR5K2tVWjViNzI1TlhXWFRHbDRnQ1Y3NFVRU01ya0xrUUtDQVFFQStobXIwYjdnClVYcWRKaGtLRXVsa29IVzVuYzZ4QmhobCtuTkFucVFSTm5tQWpiaDlCeDVpLzQ2WUwxcHFYQUY5cTNIRlowSDIKZEJRZXN2Q0pxbmtSTHVwTi95VE1KSlo0ZE5kMHZqRzZ0UGhMUjZuRmRabHU0TFBRMXRKcU5XZkhZeCtwQ3N2SQo4Wkx3VG8rRGFxSjArZDk3WWF0b0dWNUZHOWtUSjhBYWFXb0Q1R1AyOGtOd0djKzI0b2VNYnJtU0ppQ2I2UlJoCjA5WWJaMGpXdkFHaXJyMzFOTW5nR0dtVmRPMThoOXVMUStLNzFUQWt1eFEzZEhpUzh6UVd6YythRnM1THgyUnIKeXppcEJhR3VySmFJQ05XNklFQm5ndFcvZEZaYXpMbjhQcDVrQlJzQ1NyN1JpQkNFSFZmeHBYVFNoS3cwVWp4NQo2a0gwc01YZnFoOFpMUUtDQVFFQXdkQ3BPUXBRa1RhK0t6Z0VrWGdMVnk2QmZJKzRWdC9BYjRtK2pFSm85aUIzCnN4dEtKNU5tNXltNldXcmFWS25zekxNZy85Mi9vSVZreUlNSklrOWNYdEpuaEU5ak1aVzc2ZjhYbW5CUnJIMnAKVHVmNWtYWWdVUHZLQ2g1U1g5Q2w0UHJENHNSb3cwNHJjbHVxSE1MT2g1MncxUmJPalRrb05tNXBHWlFoVkhxeApaUzh3aVk3bzhLNFZJQXZOVlZOdGlIZFNOY2Y0cDMxL0F6SU5aQjJWdlczeWJHTWNIdDByekQ5TkpZLzhTekc3CktEME5mRTgzeng2OWxHTlhUcURGSnBTV2ZNVlFwSGVCM0FTRTV1YVhVM1c5S3EwN2NDOEJWSHRaK3B5a1B0RTYKOHgrZE9NYWh6UElaMjRqbkIzZkVsaWc0Rk5zd01LZm9aeDdKYUJLRjl3S0NBUUVBdWJUTUgwOWpVenovYVdXWQpWRmlYVG9wN3pGRElvNlVFUEFiT1NiMjd4ajVNRlcrUzd2RkNRMDZIZEVubnhlK1pkKzlmeS85djE5dUV2QXZkCnZRWnVtdTZDQWQwNTlFVUNwb2ZCZU9TR0paQmtuWTdUUHpJeDRZbkRuVy9hUzFPRyt2UnNXY2JkcTNzWEVzNS8KbjNPSDltNWFPRGpGY0dqT1doSkNwZlovNWh4QlRacG9xSlVvclJIT1U4Q2dweXNGK1dlblBWZlVHQzdZWkVYeQpwT0YyQWRpdE5ZaGM3T09oaFpRK0xzYjNUdTRSMlFnSmpoeEIzU3NXdXAzSC9RU1UvekFwbHFIYlpLZnE0WEtmCnVDbUNVMFVZRXBDZ0M4ZFpoVElGOUJSNTE2bFd6Vyt6c1BxbHJTbk9YOWVJWi9vcHd6ZjNGY1V3SmFEWjUxVFcKY29UcTlRS0NBUUVBckhtVTdpYkl0Y0Zpa0RGa2wxT2R1L0t0MW54TFRqd0dFdndnYnM3MmV2ay9yRXEvdmVKRgpzN2NGbDJjb2JpbGRpbmhxQ0doOGpFdkkrVXJxeVBhWXUrVS9xNVcrTHpVUnFkV1JXcVZUZVUzR2FtcXpSQWc4CkQvVlJ3WmxrTXRJSm0rRnNpcFBBcXZVWVlzZEI1aUJTREl0Ky90SXg4NmtHcVJHdVE4MzNyeWNVVUhnakdIYnQKd3FrWU1aRnZJOXgvWCs3WFlQYll4Nnc5YUVtVmN4K0V6ck5XQmJCWktQb25iTFowWDlYM2JhOE8zMnNkWWg5WgpDZDlRVkFubmV4aEUrZVZHMmpmNVlMTGRCRCtkU2FHd3p0dTdBSXh5bFkydkFGQlpMVlZTTUhpZm5oWG5Jc3hZCjFub29HcDZGQWJkS1lWbmZObWdzUlZCVzE5V2s1QkYvMXdLQ0FRRUFqVnR1RXdYZzU5NERIaVN4UjlWbGRBaHYKcXF5dlpieVhPT2pnNHNKZjFLUlpxZkkzV28yL05IQWN0MlZlREE1bnlEM001YndHWEwrdVZGaUlMVk1ZMUp0WQp6MmlHWHgwZVdlbFJya2tRZHFncTI1TE9BQ2dxYTFMNW9tQS9tMGcwQWljWVdYa1FYSXpXRkhwb0ZqcU9KZHpTCnZ0MHhLV2lpWHUxVk5YeDJibFR1dXBCa1JUZUlQNTVxdWdyOUh0ZmY1MHc5MHhwTllaMFR3d0lDMG1neVVMMWEKRkdVdHlPUTlqVFBUUUdGM3h6REJCQ2U2MW5uZUV0TThRMEJ1MXh3Rm90aWFYSE9NaGhiMFBndVkzNHhiekNHYgpHcTlsWjVaN2lRVXByUWNNYjhrUzZ1WFk3VHBDTmUzaDBiTTM5dVlKeHNYNXUzcmVNRWsyZlBNT3dnTlFjdz09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==" diff --git a/values/attic/manifests/deployment.yaml b/values/attic/manifests/deployment.yaml new file mode 100644 index 00000000..6f89c27f --- /dev/null +++ b/values/attic/manifests/deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: attic +spec: + selector: + matchLabels: + app: attic + strategy: + type: Recreate + template: + metadata: + labels: + app: attic + spec: + containers: + - name: attic + image: ghcr.io/zhaofengli/attic:latest + args: + - -f + - /config.toml + ports: + - name: http + containerPort: 8080 + protocol: TCP + livenessProbe: + httpGet: + path: / + port: http + readinessProbe: + httpGet: + path: / + port: http + env: + - name: ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64 + value: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS2dJQkFBS0NBZ0VBdlZrMHQyZUtvdjhpV3prVFFtQzJtRklvd0gxc2liNlVpUFhUaGVwcURiWHMyaERFCnFYa1pKUXRjTnY0T2RtcldmZ2tsbjVyblJNQk5yL1B5dE05OFFMVVJnbzFSU2VTeUVjcmxSU1N4MElVRlhkM3YKV0U0aTJJTktsSzgxblJoY0o4czRUM09iYUpvSUQweEpqS2IzMkhxZmpOSU1vcVdBRk1ES2YyMUM5OWxQeTRXSgpVUUVnYTRzbHo5RzZHVi8wZW5qbFNMa2RRNjEvdEwyRE1ISHgvV2VRUEtpWkF4c2Fwczd3ZVJiNVBrS3J0MVlGClRxa1lJSjY3eDFiNDR1N0NmdWdVbHhMM2JCQ1lqVXVXNnoxdGU3T2ZQUUhoM1FPU2lFZTczQ3I4dU1lSkplV0wKN2VKc1hWSG9uVzBMZWl0aDk5WmJTUTF3YlhieDVPZzNTQ3ZWYnkyZE90Y3Rud2Y2aDN5YlJ3SUNoc24xbk4zMwowRkMyOXlFY0ExQ2VFVzRsMVVHNmxoMGw5cEpiWEhRNlFJS1paempaTlgxZTRGRW5TdytGNGhXd3R1Z2JtKzZnCnVPdEE5QVJxYndJOTFLeEtoT204Q0RJQlRwWThSZG1SaElicWUrc3czT3p3dGk0eTVkU3FMREsrT3Y5b05ucngKQW9TN21TaXNQeDVJS3JwaFhMT3JvVmI2L1puSmNOK3ljaExuenptMDY2Zk5RaTBLNHhzaitvWkphaXVjZnBacAphSElHZGpaY1U3aE5FUzdJNVliVEFqUDdkaDRzdXJnMk1xTUtxbUxsa2ZPcGFoRTlMQTZVVFZRZHZLVFVGNWZwCkdYSnhaT1RKWlpiOGNQTFYxZFdXbnBMaEZNV2h2OUZQTCtDVGZQVUFvQmtmOTE3TzFLdkE3bGsvcTJzQ0F3RUEKQVFLQ0FnQU9WZ3k1dmlzdkFDWTN4ZkNCWEJVM0h6RmFzYVJnSVgvWmh0TkhGbUtGT3pyOW43dGtJWGtYNXU1SwpjNTNndFdJY0ZORTJibUlJUUk4aFBWVW8vM1NtNlk2ejFjTkwxdmJzaGZJcDlBZEtoR2ZOblpvYmszN3I2YlRoCjRRb3NKTVlGZFV1RUtIcWh4dGZKWUx0STNQTnkvb1hLQWJWWE16U3BYWmQzWW14cG01aUJEbEZCUXRhVGpldUUKK3BvZWhiZGE5b0JWcXo1ZCsycnA0bGRtZVpvYTE1YUNJVG5FbEc3R0puRHFtaVN3NUJkZ1FERVNyWmJZRVd5aQpRU0dDL1JUWXl2V1VJcWw5RXh5WnhobGRJaitCMkMyOFRzSXRHN0lpZzF2ajVaVlE0RHF3RmRzc1hiSmF0bkxvClNITlFBcXplT09xY2Mxb0p6N0dzNVRBYVZNZEtEQXZCZm1JMFBMcDNqNmVFOFFIYlduMHk2NzVYbnlqWllLUUcKaWx5R0pUNVRzMWZHWHlPSXBrNG4yQjM1V3dHcjIyTkxnYUd5cnZjRkgxN3JoZGVnaGlrZFJRd1FOcXRsZjBIZApMWDVRQWVwcUt3SE9uR1BGVy9XU2xGU0lEdkt1VFZSVGtvQmFSMTA3OFpiS2JXckZBbEdqYTFvbnNXQUh1YW5UClh5dFE4dWoxUEFFeWFMZUJEaUJxRVJ2am1VVFQ1ZktCOTdaVnRJenVBZ0lyWWZ6YjIyVEk2VFJ6OVZiQ2VyWG8KdTc0cnoxMjM2TXMrbmg5Y2xYd3VtQlBOU1d1eE9OdldOWEZ6VWdIOURzdlFRMWRsMFRJWEFQMGhFYkRHRkNBQwowUlg2M0lpcXFzUG1ZZUZNTGR5K2tVWjViNzI1TlhXWFRHbDRnQ1Y3NFVRU01ya0xrUUtDQVFFQStobXIwYjdnClVYcWRKaGtLRXVsa29IVzVuYzZ4QmhobCtuTkFucVFSTm5tQWpiaDlCeDVpLzQ2WUwxcHFYQUY5cTNIRlowSDIKZEJRZXN2Q0pxbmtSTHVwTi95VE1KSlo0ZE5kMHZqRzZ0UGhMUjZuRmRabHU0TFBRMXRKcU5XZkhZeCtwQ3N2SQo4Wkx3VG8rRGFxSjArZDk3WWF0b0dWNUZHOWtUSjhBYWFXb0Q1R1AyOGtOd0djKzI0b2VNYnJtU0ppQ2I2UlJoCjA5WWJaMGpXdkFHaXJyMzFOTW5nR0dtVmRPMThoOXVMUStLNzFUQWt1eFEzZEhpUzh6UVd6YythRnM1THgyUnIKeXppcEJhR3VySmFJQ05XNklFQm5ndFcvZEZaYXpMbjhQcDVrQlJzQ1NyN1JpQkNFSFZmeHBYVFNoS3cwVWp4NQo2a0gwc01YZnFoOFpMUUtDQVFFQXdkQ3BPUXBRa1RhK0t6Z0VrWGdMVnk2QmZJKzRWdC9BYjRtK2pFSm85aUIzCnN4dEtKNU5tNXltNldXcmFWS25zekxNZy85Mi9vSVZreUlNSklrOWNYdEpuaEU5ak1aVzc2ZjhYbW5CUnJIMnAKVHVmNWtYWWdVUHZLQ2g1U1g5Q2w0UHJENHNSb3cwNHJjbHVxSE1MT2g1MncxUmJPalRrb05tNXBHWlFoVkhxeApaUzh3aVk3bzhLNFZJQXZOVlZOdGlIZFNOY2Y0cDMxL0F6SU5aQjJWdlczeWJHTWNIdDByekQ5TkpZLzhTekc3CktEME5mRTgzeng2OWxHTlhUcURGSnBTV2ZNVlFwSGVCM0FTRTV1YVhVM1c5S3EwN2NDOEJWSHRaK3B5a1B0RTYKOHgrZE9NYWh6UElaMjRqbkIzZkVsaWc0Rk5zd01LZm9aeDdKYUJLRjl3S0NBUUVBdWJUTUgwOWpVenovYVdXWQpWRmlYVG9wN3pGRElvNlVFUEFiT1NiMjd4ajVNRlcrUzd2RkNRMDZIZEVubnhlK1pkKzlmeS85djE5dUV2QXZkCnZRWnVtdTZDQWQwNTlFVUNwb2ZCZU9TR0paQmtuWTdUUHpJeDRZbkRuVy9hUzFPRyt2UnNXY2JkcTNzWEVzNS8KbjNPSDltNWFPRGpGY0dqT1doSkNwZlovNWh4QlRacG9xSlVvclJIT1U4Q2dweXNGK1dlblBWZlVHQzdZWkVYeQpwT0YyQWRpdE5ZaGM3T09oaFpRK0xzYjNUdTRSMlFnSmpoeEIzU3NXdXAzSC9RU1UvekFwbHFIYlpLZnE0WEtmCnVDbUNVMFVZRXBDZ0M4ZFpoVElGOUJSNTE2bFd6Vyt6c1BxbHJTbk9YOWVJWi9vcHd6ZjNGY1V3SmFEWjUxVFcKY29UcTlRS0NBUUVBckhtVTdpYkl0Y0Zpa0RGa2wxT2R1L0t0MW54TFRqd0dFdndnYnM3MmV2ay9yRXEvdmVKRgpzN2NGbDJjb2JpbGRpbmhxQ0doOGpFdkkrVXJxeVBhWXUrVS9xNVcrTHpVUnFkV1JXcVZUZVUzR2FtcXpSQWc4CkQvVlJ3WmxrTXRJSm0rRnNpcFBBcXZVWVlzZEI1aUJTREl0Ky90SXg4NmtHcVJHdVE4MzNyeWNVVUhnakdIYnQKd3FrWU1aRnZJOXgvWCs3WFlQYll4Nnc5YUVtVmN4K0V6ck5XQmJCWktQb25iTFowWDlYM2JhOE8zMnNkWWg5WgpDZDlRVkFubmV4aEUrZVZHMmpmNVlMTGRCRCtkU2FHd3p0dTdBSXh5bFkydkFGQlpMVlZTTUhpZm5oWG5Jc3hZCjFub29HcDZGQWJkS1lWbmZObWdzUlZCVzE5V2s1QkYvMXdLQ0FRRUFqVnR1RXdYZzU5NERIaVN4UjlWbGRBaHYKcXF5dlpieVhPT2pnNHNKZjFLUlpxZkkzV28yL05IQWN0MlZlREE1bnlEM001YndHWEwrdVZGaUlMVk1ZMUp0WQp6MmlHWHgwZVdlbFJya2tRZHFncTI1TE9BQ2dxYTFMNW9tQS9tMGcwQWljWVdYa1FYSXpXRkhwb0ZqcU9KZHpTCnZ0MHhLV2lpWHUxVk5YeDJibFR1dXBCa1JUZUlQNTVxdWdyOUh0ZmY1MHc5MHhwTllaMFR3d0lDMG1neVVMMWEKRkdVdHlPUTlqVFBUUUdGM3h6REJCQ2U2MW5uZUV0TThRMEJ1MXh3Rm90aWFYSE9NaGhiMFBndVkzNHhiekNHYgpHcTlsWjVaN2lRVXByUWNNYjhrUzZ1WFk3VHBDTmUzaDBiTTM5dVlKeHNYNXUzcmVNRWsyZlBNT3dnTlFjdz09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==" + # valueFrom: + # secretKeyRef: + # name: server + # key: token + - name: ATTIC_SERVER_DATABASE_URL + value: "postgresql://app:mZP1BnmnpDU33B7UZvomYKOSS1laRJ4bvUR7jNDZ1AJqPdNxH2rLXykghczg7Bgy@attic-db-rw:5432/app" + # valueFrom: + # secretKeyRef: + # name: database + # key: url + volumeMounts: + - name: data + mountPath: /attic + - name: attic-config + mountPath: /config.toml + subPath: config.toml + volumes: + - name: server + secret: + secretName: server + - name: attic-config + configMap: + defaultMode: 420 + name: attic-config + - name: data + persistentVolumeClaim: + claimName: attic diff --git a/values/attic/manifests/ingress.yaml b/values/attic/manifests/ingress.yaml new file mode 100644 index 00000000..55b7b2b6 --- /dev/null +++ b/values/attic/manifests/ingress.yaml @@ -0,0 +1,31 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + labels: + app.kubernetes.io/component: attic + name: attic + namespace: attic +spec: + ingressClassName: nginx + rules: + - host: attic.srv.oceanbox.io + http: + paths: + - backend: + service: + name: attic + port: + name: http + path: / + pathType: Prefix + tls: + - hosts: + - attic.srv.oceanbox.io + secretName: attic.srv.oceanbox.io-tls diff --git a/values/attic/manifests/policies/allow-cache-nixos.yaml b/values/attic/manifests/policies/allow-cache-nixos.yaml new file mode 100644 index 00000000..5ebed491 --- /dev/null +++ b/values/attic/manifests/policies/allow-cache-nixos.yaml @@ -0,0 +1,13 @@ +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-cache-nixos + namespace: ncps +spec: + egress: + - toFQDNs: + - matchPattern: 'cache.nixos.org' + - matchPattern: 'nix-community.cachix.org' + endpointSelector: + matchLabels: + app: nix-cache diff --git a/values/attic/manifests/pvc.yaml b/values/attic/manifests/pvc.yaml new file mode 100644 index 00000000..337e2e56 --- /dev/null +++ b/values/attic/manifests/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: attic + labels: + app: attic +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/values/attic/manifests/secret.yaml b/values/attic/manifests/secret.yaml new file mode 100644 index 00000000..a85a506f --- /dev/null +++ b/values/attic/manifests/secret.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Secret +metadata: + name: server +stringData: + token: "ref+sops://secrets.yml#attic/jwtToken" \ No newline at end of file diff --git a/values/attic/manifests/svc.yaml b/values/attic/manifests/svc.yaml new file mode 100644 index 00000000..55f25866 --- /dev/null +++ b/values/attic/manifests/svc.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: attic + labels: + app: attic +spec: + type: ClusterIP + selector: + app: attic + ports: + - name: http + port: 8080 + targetPort: http diff --git a/values/cert-manager/manifests/pre-cert-manager.yaml b/values/cert-manager/manifests/pre-cert-manager.yaml index a022015b..57beb46c 100644 --- a/values/cert-manager/manifests/pre-cert-manager.yaml +++ b/values/cert-manager/manifests/pre-cert-manager.yaml @@ -94,7 +94,6 @@ rules: --- {{ if .Values.clusterConfig.initca }} - # Pod to update certificates from master nodes # only runs on control plane nodes (etcd) # Mounts cert files rotatet by nixos service.mgr and uses it to update cert-manager secret @@ -139,8 +138,8 @@ spec: resources: {} securityContext: allowPrivilegeEscalation: false - command: - - "/bin/sh" + command: + - "/bin/sh" - -c - /tmp/renew-certs/renew-certs.sh volumeMounts: @@ -216,7 +215,7 @@ metadata: name: default-deny-egress namespace: cert-manager spec: - podSelector: + podSelector: matchLabels: block-egress: "true" policyTypes: diff --git a/values/dapr/env-ekman.yaml.gotmpl b/values/dapr/env-ekman.yaml.gotmpl new file mode 100644 index 00000000..7f3c1db1 --- /dev/null +++ b/values/dapr/env-ekman.yaml.gotmpl @@ -0,0 +1,4 @@ +dapr: + enabled: true + autsync: false + ingress: false diff --git a/values/dapr/env-oceanbox.yaml.gotmpl b/values/dapr/env-oceanbox.yaml.gotmpl new file mode 100644 index 00000000..2bb6ca89 --- /dev/null +++ b/values/dapr/env-oceanbox.yaml.gotmpl @@ -0,0 +1,4 @@ +dapr: + enabled: true + autsync: false + ingress: true diff --git a/values/dapr/env.yaml.gotmpl b/values/dapr/env.yaml.gotmpl index 7110b04f..6499eff5 100644 --- a/values/dapr/env.yaml.gotmpl +++ b/values/dapr/env.yaml.gotmpl @@ -1,3 +1,5 @@ dapr: enabled: true autsync: false + ingress: false + cluster: {{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }} diff --git a/values/dapr/manifests/dapr.yaml b/values/dapr/manifests/dapr.yaml index 486f5b14..32e6346f 100644 --- a/values/dapr/manifests/dapr.yaml +++ b/values/dapr/manifests/dapr.yaml @@ -6,6 +6,7 @@ metadata: namespace: argocd annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/compare-options: ServerSideDiff=true finalizers: - resources-finalizer.argocd.argoproj.io spec: @@ -26,7 +27,7 @@ spec: - name: HELMFILE_FILE_PATH value: dapr.yaml.gotmpl - repoURL: https://dapr.github.io/helm-charts - targetRevision: 1.15.5 + targetRevision: {{- if eq .Values.dapr.cluster "ekman" }} 1.14.5 {{- else }} 1.15.6 {{- end }} chart: dapr helm: valueFiles: @@ -41,6 +42,12 @@ spec: targetRevision: main ref: values project: sys + ignoreDifferences: + - group: apiextensions.k8s.io + jsonPointers: + - /spec/conversion/webhook/clientConfig/service/namespace + kind: CustomResourceDefinition + name: subscriptions.dapr.io syncPolicy: managedNamespaceMetadata: labels: @@ -48,7 +55,7 @@ spec: syncOptions: - CreateNamespace=true - ApplyOutOfSyncOnly=true - # - ServerSideApply=true + - ServerSideApply=true {{- if .Values.dapr.autosync }} automated: prune: true diff --git a/values/dapr/manifests/fix-crd-namespace.yaml b/values/dapr/manifests/fix-crd-namespace.yaml new file mode 100644 index 00000000..01c23f80 --- /dev/null +++ b/values/dapr/manifests/fix-crd-namespace.yaml @@ -0,0 +1,28 @@ +{{- if .Values.clusterConfig.kyverno.enabled }} +apiVersion: kyverno.io/v1 +kind: ClusterPolicy +metadata: + name: fixup-dapr-crds +spec: + background: false + generateExisting: false + mutateExistingOnPolicyUpdate: false + rules: + - name: fix-subscriptions-webhook-namespace + skipBackgroundRequests: true + match: + any: + - resources: + kinds: + - CustomResourceDefinition + names: + - subscriptions.dapr.io + mutate: + patchStrategicMerge: + spec: + conversion: + webhook: + clientConfig: + service: + namespace: dapr-system +{{- end }} diff --git a/values/dapr/manifests/ingress-dashboard.yaml b/values/dapr/manifests/ingress-dashboard.yaml index b602330f..414c5257 100644 --- a/values/dapr/manifests/ingress-dashboard.yaml +++ b/values/dapr/manifests/ingress-dashboard.yaml @@ -1,3 +1,4 @@ +{{- if .Values.dapr.ingress }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -27,4 +28,5 @@ spec: - hosts: - dapr.adm.oceanbox.io secretName: dapr-dashboard-tls +{{- end }} diff --git a/values/env-ekman.yaml b/values/env-ekman.yaml index 14f54423..1024f566 100644 --- a/values/env-ekman.yaml +++ b/values/env-ekman.yaml @@ -13,7 +13,7 @@ clusterConfig: cluster: "ekman" ingress_nodes: ["ekman ,frontend" ] ingress_replica_count: 2 - fileserver: "10.255.241.90" + fileserver: "10.255.241.100" acme_email: "acme@oceanbox.io" oidc: - name: oceanbox @@ -115,7 +115,7 @@ clusterConfig: - name: c1-8 taints: - "workload=compute:NoSchedule" -# TODO(mrtz): Move to values/*/helmfile.yaml +# TODO(mrtz): Move to values/*/helmfile.yaml # argocd: # adminLogin: false # additional_rbac_settings: diff --git a/values/headscale/values/values.yaml b/values/headscale/values/values.yaml index c97deaba..d9c821b7 100644 --- a/values/headscale/values/values.yaml +++ b/values/headscale/values/values.yaml @@ -56,7 +56,6 @@ persistence: # size: 1Gi # -- Enable and configure postgresql database subchart under this key. -# For more options see [postgresql chart documentation](https://github.com/bitnami/charts/tree/main/bitnami/postgresql) # @default -- See [values.yaml](./values.yaml) postgresql: enabled: false @@ -215,6 +214,7 @@ configMaps: data: records: | [ + { "name": "maps.oceanbox.io", "type": "A", "value": "10.255.241.11" }, { "name": "maps.beta.oceanbox.io", "type": "A", "value": "10.255.241.11" }, { "name": "atlantis.beta.oceanbox.io", "type": "A", "value": "10.255.241.11" }, @@ -233,16 +233,23 @@ configMaps: { "name": "rabbitmq.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" }, { "name": "openfga.srv.oceanbox.io", "type": "A", "value": "10.255.241.11" }, { "name": "openfga.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" }, + { "name": "cache.srv.oceanbox.io", "type": "A", "value": "10.255.241.11" }, + { "name": "makai.srv.oceanbox.io", "type": "A", "value": "10.255.241.11" }, + { "name": "makai.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" }, { "name": "yolo-registry.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" }, + { "name": "ekman.oceanbox.io", "type": "A", "value": "10.255.241.100" }, + { "name": "frontend.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, + { "name": "manage.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, + { "name": "argocd.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "prometheus.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "alertmanager.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "grafana.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "slurmrestd.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "sorcrerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, - { "name": "plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, + { "name": "plume.data.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "dashboard.ob-ceph.local", "type": "A", "value": "10.255.241.10" }, { "name": "grafana.ob-ceph.local", "type": "A", "value": "10.255.241.10" }, @@ -255,13 +262,15 @@ configMaps: { "name": "jonas-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "stig-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" }, { "name": "stig-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, + { "name": "stig-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "radovan-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" }, { "name": "radovan-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "mrtz-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" }, { "name": "mrtz-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, - { "name": "simen-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" }, - { "name": "simen-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, + { "name": "mrtz-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, + { "name": "simkir-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" }, + { "name": "simkir-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, + { "name": "simkir-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "ole-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" }, { "name": "ole-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" } ] - diff --git a/values/keycloak/values/values-prod.yaml b/values/keycloak/values/values-prod.yaml index 476fcd6e..e01da37c 100644 --- a/values/keycloak/values/values-prod.yaml +++ b/values/keycloak/values/values-prod.yaml @@ -1,5 +1,12 @@ replicaCount: 2 +# NOTE(mrtz): Hack for working with bitnami legacy registry +global: + security: + allowInsecureImages: true +image: + repository: bitnamilegacy/keycloak + production: true proxy: edge diff --git a/values/keycloak/values/values-staging.yaml b/values/keycloak/values/values-staging.yaml index ff5f43e4..722fea36 100644 --- a/values/keycloak/values/values-staging.yaml +++ b/values/keycloak/values/values-staging.yaml @@ -1,5 +1,12 @@ replicaCount: 1 +# NOTE(mrtz): Hack for working with bitnami legacy registry +global: + security: + allowInsecureImages: true +image: + repository: bitnamilegacy/keycloak + production: true proxy: edge diff --git a/values/linkerd/env.yaml.gotmpl b/values/linkerd/env.yaml.gotmpl index e1b95e18..a4ee959c 100644 --- a/values/linkerd/env.yaml.gotmpl +++ b/values/linkerd/env.yaml.gotmpl @@ -3,16 +3,15 @@ linkerd: autosync: true trustAnchorPEM: | -----BEGIN CERTIFICATE----- - MIIBtDCCAVqgAwIBAgIQRlhbOLj9zw+QTGHqbOBaozAKBggqhkjOPQQDAjAlMSMw - IQYDVQQDExpyb290LmxpbmtlcmQuY2x1c3Rlci5sb2NhbDAeFw0yMTA0MDkxNDAy - NTFaFw0zMTA0MDcxNDAyNTFaMCUxIzAhBgNVBAMTGnJvb3QubGlua2VyZC5jbHVz - dGVyLmxvY2FsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEljOLtSPSi6XIEdFP - VCGa4BKoQ0X5dBSZvHRLt/IzHRzAbIVIjgjvyRQc7EQlRKvZ8P9um/WG1ypyyA2l - C9MWz6NsMGowDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYD - VR0OBBYEFHz4UuVKCNX8/hsZCcdTlmWnSCGXMCUGA1UdEQQeMByCGnJvb3QubGlu - a2VyZC5jbHVzdGVyLmxvY2FsMAoGCCqGSM49BAMCA0gAMEUCIGAiz3yNhboVdze1 - sNFcFL2GF5WwW9z53u03UkPkiuBTAiEA4ZHWZJVGV5VAQArL5v32HeH/IjC1ssGl - 7Y8D0rQqkis= + MIIBjjCCATSgAwIBAgIRAM6yOCJ3CrItI6bkXf+oSDUwCgYIKoZIzj0EAwIwJTEj + MCEGA1UEAxMacm9vdC5saW5rZXJkLmNsdXN0ZXIubG9jYWwwHhcNMjUwNzExMDYz + ODI2WhcNMzAwNzEwMDYzODI2WjAlMSMwIQYDVQQDExpyb290LmxpbmtlcmQuY2x1 + c3Rlci5sb2NhbDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJ6UxAv/KZyWdEHS + TkNqZ/z71Fb/qVfa7SgAeuA6iUeN9GugWsVzvwePIyVBrCAhcCrHNNZgM0B6xtFK + gck/RGyjRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEBMB0G + A1UdDgQWBBRFGEyjBfb9u3S1kQ+qbCBW1y5c/TAKBggqhkjOPQQDAgNIADBFAiBe + 6NOflMzmIB6/0z4WeH++IA0KSUA89e3Tf1lpQ0aLSwIhAP5dCk+NKN/92hC0IJpj + bDdhV2Vikg98TwFjq41d2fPb -----END CERTIFICATE----- webhookPEM: | -----BEGIN CERTIFICATE----- @@ -29,7 +28,7 @@ linkerd: identityIssuerPEM: "" secretScheme: kubernetes.io/tls crds: - version: 1.4.0 + version: 1.8.0 multicluster: version: 30.2.0 enabled: false diff --git a/values/makai/env-oceanbox.yaml.gotmpl b/values/makai/env-oceanbox.yaml.gotmpl new file mode 100644 index 00000000..0d24cef9 --- /dev/null +++ b/values/makai/env-oceanbox.yaml.gotmpl @@ -0,0 +1,2 @@ +makai: + enabled: true diff --git a/values/makai/env.yaml.gotmpl b/values/makai/env.yaml.gotmpl new file mode 100644 index 00000000..34173004 --- /dev/null +++ b/values/makai/env.yaml.gotmpl @@ -0,0 +1,4 @@ +makai: + enabled: true + autosync: {{ if eq .Environment.Name "prod" }} false {{ else }} true {{ end }} + env: {{ .Environment.Name }} diff --git a/values/makai/manifests/makai.yaml b/values/makai/manifests/makai.yaml new file mode 100644 index 00000000..dd4b3117 --- /dev/null +++ b/values/makai/manifests/makai.yaml @@ -0,0 +1,39 @@ +{{ if .Values.clusterConfig.argo.enabled }} +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ .Values.makai.env }}-makai + namespace: argocd + annotations: + argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/compare-options: ServerSideDiff=true + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + destination: + namespace: {{ .Values.makai.env }}-makai + server: https://kubernetes.default.svc + project: default + sources: + - repoURL: {{ .Values.clusterConfig.manifests }} + targetRevision: HEAD + path: helmfile.d + plugin: + name: helmfile-cmp + env: + - name: CLUSTER_NAME + value: {{ .Values.clusterConfig.cluster }} + - name: HELMFILE_ENVIRONMENT + value: {{ .Values.makai.env }} + - name: HELMFILE_FILE_PATH + value: makai.yaml.gotmpl + syncPolicy: + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + {{- if .Values.makai.autosync }} + automated: + prune: true + selfHeal: false + {{- end }} +{{- end }} diff --git a/values/makai/values/values-prod.yaml b/values/makai/values/values-prod.yaml new file mode 100644 index 00000000..0bb6ace7 --- /dev/null +++ b/values/makai/values/values-prod.yaml @@ -0,0 +1,25 @@ +replicaCount: 1 +env: + - name: APP_VERSION + value: "1.5.0" + - name: LOG_LEVEL + value: "2" +ingress: + enabled: true + className: "nginx" + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/proxy-buffer-size: 128k + nginx.ingress.kubernetes.io/ssl-redirect: "true" + oceanbox.io/expose: internal + hosts: + - host: makai.srv.oceanbox.io + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - makai.srv.oceanbox.io + secretName: makai-tls diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml new file mode 100644 index 00000000..fc26cfd5 --- /dev/null +++ b/values/makai/values/values-staging.yaml @@ -0,0 +1,27 @@ +replicaCount: 1 +image: + tag: "dc40a0a2-debug" +env: + - name: APP_VERSION + value: "0.0.0-staging" + - name: LOG_LEVEL + value: "1" +ingress: + enabled: true + className: "nginx" + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/proxy-buffer-size: 128k + nginx.ingress.kubernetes.io/ssl-redirect: "true" + oceanbox.io/expose: internal + hosts: + - host: makai.dev.oceanbox.io + paths: + - path: / + pathType: ImplementationSpecific + tls: + - hosts: + - makai.dev.oceanbox.io + secretName: staging-makai-tls diff --git a/values/metrics-server/env-ekman.yaml.gotmpl b/values/metrics-server/env-ekman.yaml.gotmpl new file mode 100644 index 00000000..4b9e2fdd --- /dev/null +++ b/values/metrics-server/env-ekman.yaml.gotmpl @@ -0,0 +1,2 @@ +metrics_server: + ignoreTLS: true diff --git a/values/ncps/manifests/.gitkeep b/values/ncps/manifests/.gitkeep new file mode 100644 index 00000000..8b137891 --- /dev/null +++ b/values/ncps/manifests/.gitkeep @@ -0,0 +1 @@ + diff --git a/values/nfs-provisioner/env-ekman.yaml.gotmpl b/values/nfs-provisioner/env-ekman.yaml.gotmpl new file mode 100644 index 00000000..c59f60db --- /dev/null +++ b/values/nfs-provisioner/env-ekman.yaml.gotmpl @@ -0,0 +1,8 @@ +nfs_provisioner: + enabled: true + autosync: true + archiveOnDelete: true + defaultClass: true + path: "nfs-provisioner" + extraMountOpts: + - soft diff --git a/values/plume/env.yaml.gotmpl b/values/plume/env.yaml.gotmpl index c7a26d30..9dbdd1bb 100644 --- a/values/plume/env.yaml.gotmpl +++ b/values/plume/env.yaml.gotmpl @@ -2,4 +2,3 @@ plume: enabled: true # for now autosync: {{ if eq .Environment.Name "prod" }} false {{ else }} true {{ end }} env: {{ .Environment.Name }} - diff --git a/values/plume/kustomize/prod/appsettings.json b/values/plume/kustomize/prod/appsettings.json new file mode 100644 index 00000000..49f99931 --- /dev/null +++ b/values/plume/kustomize/prod/appsettings.json @@ -0,0 +1,10 @@ +{ + "archmaesterUrl": "https://maps.oceanbox.io", + "appName": "plume", + "appEnv": "prod", + "appNamespace": "prod-plume", + "appVersion": "1.0.0", + "cacheDir": "/data/archives/cache", + "otelCollector": "http://10.255.241.12:4317", + "sentryUrl": "https://2b68ecf0c4d02e6cc9433c371321ac9d@o4509530141622272.ingest.de.sentry.io/4509910315237456", +} diff --git a/values/plume/kustomize/prod/deployment_patch.yaml b/values/plume/kustomize/prod/deployment_patch.yaml new file mode 100644 index 00000000..6750e464 --- /dev/null +++ b/values/plume/kustomize/prod/deployment_patch.yaml @@ -0,0 +1,3 @@ +- op: replace + path: /spec/template/spec/containers/0/volumeMounts/0/mountPath + value: /data diff --git a/values/plume/kustomize/prod/kustomization.yaml b/values/plume/kustomize/prod/kustomization.yaml new file mode 100644 index 00000000..b6f07735 --- /dev/null +++ b/values/plume/kustomize/prod/kustomization.yaml @@ -0,0 +1,17 @@ +generatorOptions: + disableNameSuffixHash: true +configMapGenerator: +- name: plume-appsettings + files: + - appsettings.json +patches: +- target: + group: apps + version: v1 + kind: Deployment + path: deployment_patch.yaml +resources: +- ../base +- pv.yaml +- pvc.yaml +- pubsub.yaml diff --git a/values/plume/kustomize/prod/pubsub.yaml b/values/plume/kustomize/prod/pubsub.yaml new file mode 100644 index 00000000..d95660d3 --- /dev/null +++ b/values/plume/kustomize/prod/pubsub.yaml @@ -0,0 +1,54 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: pubsub +spec: + version: v1 + type: pubsub.rabbitmq + metadata: + - name: hostname + secretKeyRef: + name: prod-rabbitmq + key: connString + - name: username + value: user + - name: password + secretKeyRef: + name: prod-rabbitmq + key: rabbitmq-password + - name: protocol + value: amqp + - name: durable + value: true + - name: deletedWhenUnused + value: false + - name: autoAck + value: false + - name: deliveryMode + value: 1 + - name: requeueInFailure + value: false + - name: prefetchCount + value: 0 + - name: reconnectWait + value: 0 + - name: concurrencyMode + value: parallel + - name: publisherConfirm + value: false + - name: backOffPolicy + value: exponential + - name: backOffInitialInterval + value: 100 + - name: backOffMaxRetries + value: 16 + - name: enableDeadLetter # Optional enable dead Letter or not + value: true + - name: maxLen # Optional max message count in a queue + value: 3000 + - name: maxLenBytes # Optional maximum length in bytes of a queue. + value: 10485760 + - name: exchangeKind + value: fanout + - name: clientName + value: "{appID}" diff --git a/values/plume/kustomize/prod/pv.yaml b/values/plume/kustomize/prod/pv.yaml new file mode 100644 index 00000000..c63c0636 --- /dev/null +++ b/values/plume/kustomize/prod/pv.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pv-prod-plume-ceph-archives +spec: + accessModes: + - ReadWriteMany + capacity: + storage: 1Gi + csi: + driver: rook-ceph.cephfs.csi.ceph.com + nodeStageSecretRef: + name: rook-csi-cephfs-node + namespace: rook-ceph + volumeAttributes: + clusterID: rook-ceph + fsName: data + rootPath: / + staticVolume: "true" + volumeHandle: pv-prod-plume-ceph-archives + persistentVolumeReclaimPolicy: Retain + volumeMode: Filesystem diff --git a/values/plume/kustomize/prod/pvc.yaml b/values/plume/kustomize/prod/pvc.yaml new file mode 100644 index 00000000..8a1fd3e7 --- /dev/null +++ b/values/plume/kustomize/prod/pvc.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: prod-plume-ceph-archives +spec: + accessModes: + - ReadWriteMany + resources: + requests: + storage: 1Gi + storageClassName: "" + volumeMode: Filesystem + volumeName: pv-prod-plume-ceph-archives +status: + accessModes: + - ReadWriteMany + capacity: + storage: 1Gi diff --git a/values/plume/kustomize/prod/tracing.yaml b/values/plume/kustomize/prod/tracing.yaml new file mode 100644 index 00000000..4c4c318c --- /dev/null +++ b/values/plume/kustomize/prod/tracing.yaml @@ -0,0 +1,11 @@ +apiVersion: dapr.io/v1alpha1 +kind: Configuration +metadata: + name: tracing +spec: + tracing: + samplingRate: "1" + otel: + endpointAddress: "10.255.241.12:4317" + protocol: grpc + isSecure: false diff --git a/values/plume/kustomize/staging/appsettings.json b/values/plume/kustomize/staging/appsettings.json index 22885a4f..63ac7902 100644 --- a/values/plume/kustomize/staging/appsettings.json +++ b/values/plume/kustomize/staging/appsettings.json @@ -4,5 +4,7 @@ "appEnv": "staging", "appNamespace": "staging-plume", "appVersion": "0.0.0", - "cacheDir": "/data/archives/cache" + "cacheDir": "/data/archives/cache", + "otelCollector": "http://10.255.241.12:4317", + "sentryUrl": "https://2b68ecf0c4d02e6cc9433c371321ac9d@o4509530141622272.ingest.de.sentry.io/4509910315237456" } diff --git a/values/plume/kustomize/staging/kustomization.yaml b/values/plume/kustomize/staging/kustomization.yaml index 70d6ad21..b6f07735 100644 --- a/values/plume/kustomize/staging/kustomization.yaml +++ b/values/plume/kustomize/staging/kustomization.yaml @@ -14,3 +14,4 @@ resources: - ../base - pv.yaml - pvc.yaml +- pubsub.yaml diff --git a/values/plume/kustomize/staging/pubsub.yaml b/values/plume/kustomize/staging/pubsub.yaml new file mode 100644 index 00000000..5c4cee41 --- /dev/null +++ b/values/plume/kustomize/staging/pubsub.yaml @@ -0,0 +1,54 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: pubsub +spec: + version: v1 + type: pubsub.rabbitmq + metadata: + - name: hostname + secretKeyRef: + name: staging-atlantis-rabbitmq + key: connString + - name: username + value: user + - name: password + secretKeyRef: + name: staging-atlantis-rabbitmq + key: rabbitmq-password + - name: protocol + value: amqp + - name: durable + value: true + - name: deletedWhenUnused + value: false + - name: autoAck + value: false + - name: deliveryMode + value: 1 + - name: requeueInFailure + value: false + - name: prefetchCount + value: 0 + - name: reconnectWait + value: 0 + - name: concurrencyMode + value: parallel + - name: publisherConfirm + value: false + - name: backOffPolicy + value: exponential + - name: backOffInitialInterval + value: 100 + - name: backOffMaxRetries + value: 16 + - name: enableDeadLetter # Optional enable dead Letter or not + value: true + - name: maxLen # Optional max message count in a queue + value: 3000 + - name: maxLenBytes # Optional maximum length in bytes of a queue. + value: 10485760 + - name: exchangeKind + value: fanout + - name: clientName + value: "{appID}" diff --git a/values/plume/kustomize/staging/tracing.yaml b/values/plume/kustomize/staging/tracing.yaml new file mode 100644 index 00000000..4c4c318c --- /dev/null +++ b/values/plume/kustomize/staging/tracing.yaml @@ -0,0 +1,11 @@ +apiVersion: dapr.io/v1alpha1 +kind: Configuration +metadata: + name: tracing +spec: + tracing: + samplingRate: "1" + otel: + endpointAddress: "10.255.241.12:4317" + protocol: grpc + isSecure: false diff --git a/values/plume/manifests/plume.yaml b/values/plume/manifests/plume.yaml index 25361eeb..2b508bd3 100644 --- a/values/plume/manifests/plume.yaml +++ b/values/plume/manifests/plume.yaml @@ -6,6 +6,7 @@ metadata: namespace: argocd annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/compare-options: ServerSideDiff=true finalizers: - resources-finalizer.argocd.argoproj.io spec: diff --git a/values/plume/values/.gitkeep b/values/plume/values/.gitkeep deleted file mode 100644 index e69de29b..00000000 diff --git a/values/plume/values/values-prod.yaml b/values/plume/values/values-prod.yaml new file mode 100644 index 00000000..6174c079 --- /dev/null +++ b/values/plume/values/values-prod.yaml @@ -0,0 +1,54 @@ +replicaCount: 1 + +podAnnotations: + dapr.io/enabled: "true" + dapr.io/app-id: "prod-plume" + dapr.io/app-port: "8085" + dapr.io/api-token-secret: "dapr-api-token" + dapr.io/app-protocol: "http" + dapr.io/log-as-json: "true" + dapr.io/sidecar-cpu-request: "10m" + dapr.io/sidecar-memory-request: "50Mi" +env: + - name: APP_VERSION + value: "1.5.0" + - name: LOG_LEVEL + value: "2" + - name: DAPR_API_TOKEN + valueFrom: + secretKeyRef: + name: dapr-api-token + key: token +ingress: + enabled: true + className: "nginx" + annotations: + cert-manager.io/cluster-issuer: letsencrypt-production + nginx.ingress.kubernetes.io/backend-protocol: HTTP + nginx.ingress.kubernetes.io/ssl-redirect: "true" + oceanbox.io/expose: internal + hosts: + - host: plume.data.oceanbox.io + paths: + - path: / + pathType: ImplementationSpecific + internal: + - path: /internal + pathType: ImplementationSpecific + - path: /dapr + pathType: ImplementationSpecific + - path: /actors + pathType: ImplementationSpecific + - path: /job + pathType: ImplementationSpecific + - path: /events + pathType: ImplementationSpecific + - path: /metrics + pathType: ImplementationSpecific + tls: + - hosts: + - plume.data.oceanbox.io + secretName: plume-tls +persistence: + enabled: true + existingClaim: prod-plume-ceph-archives diff --git a/values/plume/values/values-staging.yaml b/values/plume/values/values-staging.yaml index 187f6cd7..34849c52 100644 --- a/values/plume/values/values-staging.yaml +++ b/values/plume/values/values-staging.yaml @@ -1,10 +1,30 @@ +replicaCount: 1 image: - tag: f1da7843-debug + tag: 404b0066-debug +podAnnotations: + dapr.io/enabled: "true" + dapr.io/app-id: "staging-plume" + dapr.io/app-port: "8085" + dapr.io/api-token-secret: "dapr-api-token" + dapr.io/app-protocol: "http" + dapr.io/log-as-json: "true" + dapr.io/sidecar-cpu-request: "10m" + dapr.io/sidecar-memory-request: "50Mi" +env: + - name: APP_VERSION + value: "0.0.0-staging" + - name: LOG_LEVEL + value: "1" + - name: DAPR_API_TOKEN + valueFrom: + secretKeyRef: + name: dapr-api-token + key: token ingress: enabled: true className: "nginx" annotations: - cert-manager.io/cluster-issuer: letsencrypt-staging + cert-manager.io/cluster-issuer: letsencrypt-production nginx.ingress.kubernetes.io/backend-protocol: HTTP nginx.ingress.kubernetes.io/ssl-redirect: "true" oceanbox.io/expose: internal @@ -16,10 +36,20 @@ ingress: internal: - path: /internal pathType: ImplementationSpecific + - path: /dapr + pathType: ImplementationSpecific + - path: /actors + pathType: ImplementationSpecific + - path: /job + pathType: ImplementationSpecific + - path: /events + pathType: ImplementationSpecific + - path: /metrics + pathType: ImplementationSpecific tls: - hosts: - plume.ekman.oceanbox.io - secretName: plume-tls + secretName: staging-plume-tls persistence: enabled: true existingClaim: staging-plume-ceph-archives diff --git a/values/prometheus/env-oceanbox.yaml.gotmpl b/values/prometheus/env-oceanbox.yaml.gotmpl index a43691e6..6998c12a 100644 --- a/values/prometheus/env-oceanbox.yaml.gotmpl +++ b/values/prometheus/env-oceanbox.yaml.gotmpl @@ -18,3 +18,70 @@ prometheus: kubelet: enabled: true https: true + additionalScrapeConfigs: + - job_name: dapr-sidecars + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: keep + regex: "true" + source_labels: + - __meta_kubernetes_pod_annotation_dapr_io_enabled + - action: keep + regex: "true" + source_labels: + - __meta_kubernetes_pod_annotation_dapr_io_enable_metrics + - action: replace + replacement: ${1} + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + replacement: ${1} + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: replace + regex: (.*);daprd + replacement: ${1}-dapr + source_labels: + - __meta_kubernetes_pod_annotation_dapr_io_app_id + - __meta_kubernetes_pod_container_name + target_label: service + - action: replace + replacement: ${1}:9090 + source_labels: + - __meta_kubernetes_pod_ip + target_label: __address__ + - job_name: dapr + kubernetes_sd_configs: + - role: pod + relabel_configs: + - action: keep + regex: dapr + source_labels: + - __meta_kubernetes_pod_label_app_kubernetes_io_name + - action: keep + regex: dapr + source_labels: + - __meta_kubernetes_pod_label_app_kubernetes_io_part_of + - action: replace + replacement: ${1} + source_labels: + - __meta_kubernetes_pod_label_app + target_label: app + - action: replace + replacement: ${1} + source_labels: + - __meta_kubernetes_namespace + target_label: namespace + - action: replace + replacement: ${1} + source_labels: + - __meta_kubernetes_pod_name + target_label: pod + - action: replace + replacement: ${1}:9090 + source_labels: + - __meta_kubernetes_pod_ip + target_label: __address__ \ No newline at end of file diff --git a/values/rabbitmq/values/values-prod.yaml b/values/rabbitmq/values/values-prod.yaml index 49f2d0ce..95005a85 100644 --- a/values/rabbitmq/values/values-prod.yaml +++ b/values/rabbitmq/values/values-prod.yaml @@ -1,5 +1,12 @@ replicaCount: 3 +# NOTE(mrtz): Hack for working with bitnami legacy registry +global: + security: + allowInsecureImages: true +image: + repository: bitnamilegacy/rabbitmq + auth: erlangCookie: prod-rabbitmq existingErlangSecret: prod-rabbitmq diff --git a/values/redis/values-prod.yaml b/values/redis/values-prod.yaml index bfb9a53d..3c1b6942 100644 --- a/values/redis/values-prod.yaml +++ b/values/redis/values-prod.yaml @@ -2,6 +2,13 @@ # repository: redis/redis-stack-server # tag: 7.2.0-v10 +# NOTE(mrtz): Hack for working with bitnami legacy registry +global: + security: + allowInsecureImages: true +image: + repository: bitnamilegacy/redis + architecture: replication replica: @@ -34,4 +41,3 @@ master: cpu: 150m ephemeral-storage: 50Mi memory: 128Mi - diff --git a/values/redis/values-staging.yaml b/values/redis/values-staging.yaml index 9041beab..195960f4 100644 --- a/values/redis/values-staging.yaml +++ b/values/redis/values-staging.yaml @@ -34,4 +34,3 @@ master: cpu: 150m ephemeral-storage: 50Mi memory: 128Mi - diff --git a/values/sorcerer/kustomize/staging/kustomization.yaml b/values/sorcerer/kustomize/staging/kustomization.yaml index 73a0eee5..7a95bfe1 100644 --- a/values/sorcerer/kustomize/staging/kustomization.yaml +++ b/values/sorcerer/kustomize/staging/kustomization.yaml @@ -20,4 +20,4 @@ resources: - rbac.yaml - secretstore.yaml - statestore.yaml -- tracing.yaml \ No newline at end of file +- tracing.yaml diff --git a/values/sorcerer/manifests/sorcerer.yaml b/values/sorcerer/manifests/sorcerer.yaml index 65f3451d..68c1495b 100644 --- a/values/sorcerer/manifests/sorcerer.yaml +++ b/values/sorcerer/manifests/sorcerer.yaml @@ -6,6 +6,7 @@ metadata: namespace: argocd annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true + argocd.argoproj.io/compare-options: ServerSideDiff=true finalizers: - resources-finalizer.argocd.argoproj.io spec: diff --git a/values/sorcerer/values/redis-staging.yaml b/values/sorcerer/values/redis-staging.yaml index 498cda06..cb947a6d 100644 --- a/values/sorcerer/values/redis-staging.yaml +++ b/values/sorcerer/values/redis-staging.yaml @@ -1,6 +1,12 @@ - architecture: standalone +# NOTE(mrtz): Hack for working with legacy registry +global: + security: + allowInsecureImages: true +image: + repository: bitnamilegacy/redis + replica: replicaCount: 1 @@ -21,4 +27,3 @@ master: cpu: 150m ephemeral-storage: 50Mi memory: 128Mi - diff --git a/values/sorcerer/values/values-staging.yaml b/values/sorcerer/values/values-staging.yaml index 61ee98c1..7cdf96b1 100644 --- a/values/sorcerer/values/values-staging.yaml +++ b/values/sorcerer/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: 40c5d755-debug + tag: 6e31e77f-debug podAnnotations: dapr.io/enabled: "true" dapr.io/app-id: "staging-sorcerer"