fix: update atlantis manifests and argo apps

apps/archmeister.yaml

@@ -13,11 +13,11 @@ spec:
         hostname: archmeister.srv.oceanbox.io
         autoSync: false
         prune: true
-      - cluster: https://staging-vcluster.staging-vcluster
+      # - cluster: https://staging-vcluster.staging-vcluster
-        env: staging
+      #   env: staging
-        hostname: archmeister.beta.oceanbox.io
+      #   hostname: archmeister.beta.oceanbox.io
-        autoSync: true
+      #   autoSync: true
-        prune: true
+      #   prune: true
   template:
     metadata:
       name: "{{ .env }}-archmeister"

apps/atlantis.yaml

@@ -13,11 +13,11 @@ spec:
         hostname: atlantis.srv.oceanbox.io
         autoSync: false
         prune: true
-      - cluster: https://staging-vcluster.staging-vcluster
+      # - cluster: https://staging-vcluster.staging-vcluster
-        env: staging
+      #   env: staging
-        hostname: atlantis.beta.oceanbox.io
+      #   hostname: atlantis.beta.oceanbox.io
-        autoSync: true
+      #   autoSync: true
-        prune: true
+      #   prune: true
   template:
     metadata:
       name: '{{ .env }}-atlantis'

apps/dapr.yaml

@@ -0,0 +1,33 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: dapr
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: dapr-system
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    # managedNamespaceMetadata:
+    #   labels:
+    #     component: aux
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+    automated:
+      prune: true
+      selfHeal: true
+  sources:
+  - repoURL:  https://dapr.github.io/helm-charts/
+    targetRevision: 1.14.4
+    chart: dapr
+    helm:
+      values: |
+        global:
+          ha:
+            enabled: true

apps/hipster.yaml

@@ -13,11 +13,11 @@ spec:
         hostname: hipster.srv.oceanbox.io
         autoSync: false
         prune: true
-      - cluster: https://staging-vcluster.staging-vcluster
+      # - cluster: https://staging-vcluster.staging-vcluster
-        env: staging
+      #   env: staging
-        hostname: hipster.beta.oceanbox.io
+      #   hostname: hipster.beta.oceanbox.io
-        autoSync: true
+      #   autoSync: true
-        prune: true
+      #   prune: true
   template:
     metadata:
       name: '{{ .env }}-hipster'

apps/opentelemetry-collector.yaml

@@ -31,6 +31,9 @@ spec:
         mode: deployment
         image:
           repository: otel/opentelemetry-collector-k8s
+        service:
+          type: LoadBalancer
+          loadBalancerIP: 10.255.241.12
         config:
           receivers:
             prometheus/collector:
@@ -88,7 +91,7 @@ spec:
         #   logsCollection:
         #     enabled: true
         ingress:
-          enabled: true
+          enabled: false
           annotations:
               cert-manager.io/cluster-issuer: letsencrypt-production
               nginx.ingress.kubernetes.io/ssl-redirect: "true"

apps/petimeter.yaml

@@ -13,11 +13,11 @@ spec:
         hostname: petimeter.srv.oceanbox.io
         autoSync: false
         prune: true
-      - cluster: https://staging-vcluster.staging-vcluster
+      # - cluster: https://staging-vcluster.staging-vcluster
-        env: staging
+      #   env: staging
-        hostname: petimeter.beta.oceanbox.io
+      #   hostname: petimeter.beta.oceanbox.io
-        autoSync: true
+      #   autoSync: true
-        prune: true
+      #   prune: true
   template:
     metadata:
       name: '{{ .env }}-petimeter'

apps/sorcerer.yaml

@@ -13,11 +13,11 @@ spec:
         hostname: sorcerer.data.oceanbox.io
         autoSync: false
         prune: true
-      - cluster: https://10.255.241.99:4443
+      # - cluster: https://10.255.241.99:4443
-        env: staging
+      #   env: staging
-        hostname: sorcerer.ekman.oceanbox.io
+      #   hostname: sorcerer.ekman.oceanbox.io
-        autoSync: true
+      #   autoSync: true
-        prune: true
+      #   prune: true
   template:
     metadata:
       name: '{{ .env }}-sorcerer'

apps/staging-atlantis.yaml

@@ -3,15 +3,15 @@ kind: Application
 metadata:
   name: staging-atlantis
   namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
 spec:
-  template:
-    metadata:
-      name: staging-atlantis
-    spec:
-      project: atlantis
   destination:
     namespace: staging-atlantis
     server: https://kubernetes.default.svc
+  project: atlantis
   sources:
   - repoURL: https://gitlab.com/oceanbox/manifests.git
     targetRevision: nixidy
@@ -23,9 +23,17 @@ spec:
         string: staging
       - name: hostname
         string: atlantis.beta.oceanbox.io
-  templatePatch: |
+  ignoreDifferences:
-    spec:
+    - kind: Secret
+      name: azure-keyvault
+      jqPathExpressions:
+        - '.data'
+        - '.metadata.labels'
+        - '.metadata.annotations'
   syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
     automated:
       prune: true
-          selfHeal: true
+      selfHeal: false

apps/staging-sorcerer.yaml

@@ -3,18 +3,18 @@ kind: Application
 metadata:
   name: staging-sorcerer
   namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
 spec:
-  template:
-    metadata:
-      name: staging-sorcerer
-    spec:
-      project: atlantis
   destination:
     namespace: staging-sorcerer
     server: https://10.255.241.99:4443
+  project: atlantis
   sources:
   - repoURL: https://gitlab.com/oceanbox/manifests.git
-        targetRevision: main
+    targetRevision: nixidy
     path: values/sorcerer
     plugin:
       name: kustomize-helm-with-rewrite
@@ -23,9 +23,17 @@ spec:
         string: staging
       - name: hostname
         string: sorcerer.ekman.oceanbox.io
-  templatePatch: |
+  ignoreDifferences:
-    spec:
+    - kind: Secret
+      name: azure-keyvault
+      jqPathExpressions:
+        - '.data'
+        - '.metadata.labels'
+        - '.metadata.annotations'
   syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
     automated:
       prune: true
       selfHeal: false

values/atlantis/chart

@@ -0,0 +1 @@
+../../charts/atlantis

values/atlantis/prod/appsettings.json

@@ -39,7 +39,7 @@
             "roles": [ "admin" ]
         }
     ],
-    "redis": "prod-redis-master:6379",
+    "redis": "prod-atlantis-redis-master:6379",
     "objectStore": "https://atlantis.blob.core.windows.net",
     "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;",
     "sorcerer" : "https://sorcerer.ekman.oceanbox.io",

values/atlantis/prod/configurations.yaml

@@ -7,12 +7,12 @@ spec:
   version: v1
   metadata:
   - name: redisHost
-    value: prod-redis-master:6379
+    value: prod-atlantis-redis-master:6379
   - name: redisUsername
     value: default
   - name: redisPassword
     secretKeyRef:
-      name: prod-redis
+      name: prod-atlantis-redis
       key:  redis-password
   - name: redisDB
     value: "2"

values/atlantis/prod/rbac.yaml

@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: prod-atlantis
-  namespace: prod
+  namespace: prod-atlantis
 rules:
 - apiGroups:
   - ""
@@ -17,7 +17,7 @@ rules:
   - ""
   resourceNames:
   - azure-keyvault
-  - prod-redis
+  - prod-atlantis-redis
   resources:
   - secrets
   verbs:
@@ -28,7 +28,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: prod-atlantis
-  namespace: prod
+  namespace: prod-atlantis
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
@@ -36,4 +36,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: prod-atlantis
-  namespace: prod
+  namespace: prod-atlantis

values/atlantis/prod/statestore.yaml

@@ -7,12 +7,12 @@ spec:
   version: v1
   metadata:
   - name: redisHost
-    value: prod-redis-master:6379
+    value: prod-atlantis-redis-master:6379
   - name: redisUsername
     value: default
   - name: redisPassword
     secretKeyRef:
-      name: prod-redis
+      name: prod-atlantis-redis
       key:  redis-password
   - name: actorStateStore
     value: "true"

values/atlantis/staging/appsettings.json

@@ -39,7 +39,7 @@
             "roles": [ "admin" ]
         }
     ],
-    "redis": "staging-redis-master:6379",
+    "redis": "staging-atlantis-redis-master:6379",
     "objectStore": "https://atlantis.blob.core.windows.net",
     "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;",
     "sorcerer" : "https://sorcerer.ekman.oceanbox.io",

values/atlantis/staging/configuration.yaml

@@ -7,12 +7,12 @@ spec:
   version: v1
   metadata:
   - name: redisHost
-    value: staging-redis-master:6379
+    value: staging-atlantis-redis-master:6379
   - name: redisUsername
     value: default
   - name: redisPassword
     secretKeyRef:
-      name: staging-redis
+      name: staging-atlantis-redis
       key:  redis-password
   - name: redisDB
     value: "2"

values/atlantis/staging/configurations.yaml

@@ -7,12 +7,12 @@ spec:
   version: v1
   metadata:
   - name: redisHost
-    value: staging-redis-master:6379
+    value: staging-atlantis-redis-master:6379
   - name: redisUsername
     value: default
   - name: redisPassword
     secretKeyRef:
-      name: staging-redis
+      name: staging-atlantis-redis
       key:  redis-password
   - name: redisDB
     value: "2"

values/atlantis/staging/rbac.yaml

@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   name: staging-atlantis
-  namespace: staging
+  namespace: staging-atlantis
 rules:
 - apiGroups:
   - ""
@@ -17,7 +17,7 @@ rules:
   - ""
   resourceNames:
   - azure-keyvault
-  - staging-redis
+  - staging-atlantis-redis
   resources:
   - secrets
   verbs:
@@ -28,7 +28,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   name: staging-atlantis
-  namespace: staging
+  namespace: staging-atlantis
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
@@ -36,4 +36,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: staging-atlantis
-  namespace: staging
+  namespace: staging-atlantis
+

values/atlantis/staging/statestore.yaml

@@ -7,12 +7,12 @@ spec:
   version: v1
   metadata:
   - name: redisHost
-    value: staging-redis-master:6379
+    value: staging-atlantis-redis-master:6379
   - name: redisUsername
     value: default
   - name: redisPassword
     secretKeyRef:
-      name: staging-redis
+      name: staging-atlantis-redis
       key:  redis-password
   - name: actorStateStore
     value: "true"

values/atlantis/values-prod.yaml

@@ -12,7 +12,7 @@ env:
   - name: REDIS_PASSWORD
     valueFrom:
       secretKeyRef:
-        name: prod-redis
+        name: prod-atlantis-redis
         key: redis-password
   - name: DB_HOST
     value: prod-atlantis-db-rw

values/atlantis/values-staging.yaml

@@ -15,7 +15,7 @@ env:
   - name: REDIS_PASSWORD
     valueFrom:
       secretKeyRef:
-        name: staging-redis
+        name: staging-atlantis-redis
         key: redis-password
   - name: DB_HOST
     value: staging-atlantis-db-rw