fix: update atlantis manifests and argo apps

2024-12-12 14:38:26 +01:00
parent b12146c054
commit 9d9836bffb
21 changed files with 152 additions and 98 deletions
@@ -13,11 +13,11 @@ spec:
        hostname: archmeister.srv.oceanbox.io
        autoSync: false
        prune: true
-      - cluster: https://staging-vcluster.staging-vcluster
-        env: staging
-        hostname: archmeister.beta.oceanbox.io
-        autoSync: true
-        prune: true
+      # - cluster: https://staging-vcluster.staging-vcluster
+      #   env: staging
+      #   hostname: archmeister.beta.oceanbox.io
+      #   autoSync: true
+      #   prune: true
  template:
    metadata:
      name: "{{ .env }}-archmeister"
@@ -13,11 +13,11 @@ spec:
        hostname: atlantis.srv.oceanbox.io
        autoSync: false
        prune: true
-      - cluster: https://staging-vcluster.staging-vcluster
-        env: staging
-        hostname: atlantis.beta.oceanbox.io
-        autoSync: true
-        prune: true
+      # - cluster: https://staging-vcluster.staging-vcluster
+      #   env: staging
+      #   hostname: atlantis.beta.oceanbox.io
+      #   autoSync: true
+      #   prune: true
  template:
    metadata:
      name: '{{ .env }}-atlantis'
@@ -0,0 +1,33 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: dapr
+  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    namespace: dapr-system
+    server: https://kubernetes.default.svc
+  project: default
+  syncPolicy:
+    # managedNamespaceMetadata:
+    #   labels:
+    #     component: aux
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+    automated:
+      prune: true
+      selfHeal: true
+  sources:
+  - repoURL:  https://dapr.github.io/helm-charts/
+    targetRevision: 1.14.4
+    chart: dapr
+    helm:
+      values: |
+        global:
+          ha:
+            enabled: true
@@ -13,11 +13,11 @@ spec:
        hostname: hipster.srv.oceanbox.io
        autoSync: false
        prune: true
-      - cluster: https://staging-vcluster.staging-vcluster
-        env: staging
-        hostname: hipster.beta.oceanbox.io
-        autoSync: true
-        prune: true
+      # - cluster: https://staging-vcluster.staging-vcluster
+      #   env: staging
+      #   hostname: hipster.beta.oceanbox.io
+      #   autoSync: true
+      #   prune: true
  template:
    metadata:
      name: '{{ .env }}-hipster'
@@ -31,6 +31,9 @@ spec:
        mode: deployment
        image:
          repository: otel/opentelemetry-collector-k8s
+        service:
+          type: LoadBalancer
+          loadBalancerIP: 10.255.241.12
        config:
          receivers:
            prometheus/collector:
@@ -88,7 +91,7 @@ spec:
        #   logsCollection:
        #     enabled: true
        ingress:
-          enabled: true
+          enabled: false
          annotations:
              cert-manager.io/cluster-issuer: letsencrypt-production
              nginx.ingress.kubernetes.io/ssl-redirect: "true"
@@ -13,11 +13,11 @@ spec:
        hostname: petimeter.srv.oceanbox.io
        autoSync: false
        prune: true
-      - cluster: https://staging-vcluster.staging-vcluster
-        env: staging
-        hostname: petimeter.beta.oceanbox.io
-        autoSync: true
-        prune: true
+      # - cluster: https://staging-vcluster.staging-vcluster
+      #   env: staging
+      #   hostname: petimeter.beta.oceanbox.io
+      #   autoSync: true
+      #   prune: true
  template:
    metadata:
      name: '{{ .env }}-petimeter'
@@ -13,11 +13,11 @@ spec:
        hostname: sorcerer.data.oceanbox.io
        autoSync: false
        prune: true
-      - cluster: https://10.255.241.99:4443
-        env: staging
-        hostname: sorcerer.ekman.oceanbox.io
-        autoSync: true
-        prune: true
+      # - cluster: https://10.255.241.99:4443
+      #   env: staging
+      #   hostname: sorcerer.ekman.oceanbox.io
+      #   autoSync: true
+      #   prune: true
  template:
    metadata:
      name: '{{ .env }}-sorcerer'
@@ -3,29 +3,37 @@ kind: Application
 metadata:
  name: staging-atlantis
  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
 spec:
-  template:
-    metadata:
-      name: staging-atlantis
-    spec:
-      project: atlantis
-      destination:
-        namespace: staging-atlantis
-        server: https://kubernetes.default.svc
-      sources:
-      - repoURL: https://gitlab.com/oceanbox/manifests.git
-        targetRevision: nixidy
-        path: values/atlantis
-        plugin:
-          name: kustomize-helm-with-rewrite
-          parameters:
-          - name: env
-            string: staging
-          - name: hostname
-            string: atlantis.beta.oceanbox.io
-  templatePatch: |
-    spec:
-      syncPolicy:
-        automated:
-          prune: true
-          selfHeal: true
+  destination:
+    namespace: staging-atlantis
+    server: https://kubernetes.default.svc
+  project: atlantis
+  sources:
+  - repoURL: https://gitlab.com/oceanbox/manifests.git
+    targetRevision: nixidy
+    path: values/atlantis
+    plugin:
+      name: kustomize-helm-with-rewrite
+      parameters:
+      - name: env
+        string: staging
+      - name: hostname
+        string: atlantis.beta.oceanbox.io
+  ignoreDifferences:
+    - kind: Secret
+      name: azure-keyvault
+      jqPathExpressions:
+        - '.data'
+        - '.metadata.labels'
+        - '.metadata.annotations'
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+    automated:
+      prune: true
+      selfHeal: false
@@ -3,29 +3,37 @@ kind: Application
 metadata:
  name: staging-sorcerer
  namespace: argocd
+  annotations:
+    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+  finalizers:
+  - resources-finalizer.argocd.argoproj.io
 spec:
-  template:
-    metadata:
-      name: staging-sorcerer
-    spec:
-      project: atlantis
-      destination:
-        namespace: staging-sorcerer
-        server: https://10.255.241.99:4443
-      sources:
-      - repoURL: https://gitlab.com/oceanbox/manifests.git
-        targetRevision: main
-        path: values/sorcerer
-        plugin:
-          name: kustomize-helm-with-rewrite
-          parameters:
-          - name: env
-            string: staging
-          - name: hostname
-            string: sorcerer.ekman.oceanbox.io
-  templatePatch: |
-    spec:
-      syncPolicy:
-        automated:
-          prune: true
-          selfHeal: false
+  destination:
+    namespace: staging-sorcerer
+    server: https://10.255.241.99:4443
+  project: atlantis
+  sources:
+  - repoURL: https://gitlab.com/oceanbox/manifests.git
+    targetRevision: nixidy
+    path: values/sorcerer
+    plugin:
+      name: kustomize-helm-with-rewrite
+      parameters:
+      - name: env
+        string: staging
+      - name: hostname
+        string: sorcerer.ekman.oceanbox.io
+  ignoreDifferences:
+    - kind: Secret
+      name: azure-keyvault
+      jqPathExpressions:
+        - '.data'
+        - '.metadata.labels'
+        - '.metadata.annotations'
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ApplyOutOfSyncOnly=true
+    automated:
+      prune: true
+      selfHeal: false
@@ -0,0 +1 @@
+../../charts/atlantis
@@ -39,7 +39,7 @@
            "roles": [ "admin" ]
        }
    ],
-    "redis": "prod-redis-master:6379",
+    "redis": "prod-atlantis-redis-master:6379",
    "objectStore": "https://atlantis.blob.core.windows.net",
    "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;",
    "sorcerer" : "https://sorcerer.ekman.oceanbox.io",
@@ -7,12 +7,12 @@ spec:
  version: v1
  metadata:
  - name: redisHost
-    value: prod-redis-master:6379
+    value: prod-atlantis-redis-master:6379
  - name: redisUsername
    value: default
  - name: redisPassword
    secretKeyRef:
-      name: prod-redis
+      name: prod-atlantis-redis
      key:  redis-password
  - name: redisDB
    value: "2"
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: prod-atlantis
-  namespace: prod
+  namespace: prod-atlantis
 rules:
 - apiGroups:
  - ""
@@ -17,7 +17,7 @@ rules:
  - ""
  resourceNames:
  - azure-keyvault
-  - prod-redis
+  - prod-atlantis-redis
  resources:
  - secrets
  verbs:
@@ -28,7 +28,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: prod-atlantis
-  namespace: prod
+  namespace: prod-atlantis
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@@ -36,4 +36,4 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: prod-atlantis
-  namespace: prod
+  namespace: prod-atlantis
@@ -7,12 +7,12 @@ spec:
  version: v1
  metadata:
  - name: redisHost
-    value: prod-redis-master:6379
+    value: prod-atlantis-redis-master:6379
  - name: redisUsername
    value: default
  - name: redisPassword
    secretKeyRef:
-      name: prod-redis
+      name: prod-atlantis-redis
      key:  redis-password
  - name: actorStateStore
    value: "true"
@@ -39,7 +39,7 @@
            "roles": [ "admin" ]
        }
    ],
-    "redis": "staging-redis-master:6379",
+    "redis": "staging-atlantis-redis-master:6379",
    "objectStore": "https://atlantis.blob.core.windows.net",
    "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;",
    "sorcerer" : "https://sorcerer.ekman.oceanbox.io",
@@ -7,12 +7,12 @@ spec:
  version: v1
  metadata:
  - name: redisHost
-    value: staging-redis-master:6379
+    value: staging-atlantis-redis-master:6379
  - name: redisUsername
    value: default
  - name: redisPassword
    secretKeyRef:
-      name: staging-redis
+      name: staging-atlantis-redis
      key:  redis-password
  - name: redisDB
    value: "2"
@@ -7,12 +7,12 @@ spec:
  version: v1
  metadata:
  - name: redisHost
-    value: staging-redis-master:6379
+    value: staging-atlantis-redis-master:6379
  - name: redisUsername
    value: default
  - name: redisPassword
    secretKeyRef:
-      name: staging-redis
+      name: staging-atlantis-redis
      key:  redis-password
  - name: redisDB
    value: "2"
@@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: staging-atlantis
-  namespace: staging
+  namespace: staging-atlantis
 rules:
 - apiGroups:
  - ""
@@ -17,7 +17,7 @@ rules:
  - ""
  resourceNames:
  - azure-keyvault
-  - staging-redis
+  - staging-atlantis-redis
  resources:
  - secrets
  verbs:
@@ -28,7 +28,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: staging-atlantis
-  namespace: staging
+  namespace: staging-atlantis
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
@@ -36,4 +36,5 @@ roleRef:
 subjects:
 - kind: ServiceAccount
  name: staging-atlantis
-  namespace: staging
+  namespace: staging-atlantis
+
@@ -7,12 +7,12 @@ spec:
  version: v1
  metadata:
  - name: redisHost
-    value: staging-redis-master:6379
+    value: staging-atlantis-redis-master:6379
  - name: redisUsername
    value: default
  - name: redisPassword
    secretKeyRef:
-      name: staging-redis
+      name: staging-atlantis-redis
      key:  redis-password
  - name: actorStateStore
    value: "true"
@@ -12,7 +12,7 @@ env:
  - name: REDIS_PASSWORD
    valueFrom:
      secretKeyRef:
-        name: prod-redis
+        name: prod-atlantis-redis
        key: redis-password
  - name: DB_HOST
    value: prod-atlantis-db-rw
@@ -15,7 +15,7 @@ env:
  - name: REDIS_PASSWORD
    valueFrom:
      secretKeyRef:
-        name: staging-redis
+        name: staging-atlantis-redis
        key: redis-password
  - name: DB_HOST
    value: staging-atlantis-db-rw