devel: rename manifests/ to kustomizations/

2024-06-06 08:52:13 +02:00
parent e0af3046ca
commit accd4d3e4e
149 changed files with 0 additions and 0 deletions
@@ -0,0 +1,9 @@
+- op: replace
+  path: /spec/template/spec/containers/0/livenessProbe/httpGet/path
+  value: /healthz
+- op: replace
+  path: /spec/template/spec/containers/0/readinessProbe/httpGet/path
+  value: /healthz
+- op: add
+  path: /spec/template/spec/containers/0/envFrom
+  value: []
@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+patches:
+  - target:
+      version: v1
+      group: apps
+      kind: Deployment
+    path: deployment_patch.yaml
+resources:
+  - _manifest.yaml
@@ -0,0 +1 @@
+oceanbox/sorcerer
@@ -0,0 +1,25 @@
+{
+    "sso": {
+        "cookieDomain": ".oceanbox.io",
+        "signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html",
+        "redis": "10.255.241.201:30379,user=default,password=secret",
+        "appDomain": "atlantis",
+        "dataProtectionKeys": "DataProtection-Keys"
+    },
+    "allowedOrigins": [
+        "http://localhost:8085",
+        "http://localhost:8080",
+        "https://localhost:8080",
+        "https://maps.oceanbox.io",
+        "https://atlantis.srv.oceanbox.io",
+        "https://maps.relic.oceanbox.io",
+        "https://atlantis.beta.oceanbox.io",
+        "https://atlantis.dev.oceanbox.io",
+        "https://atlantis.local.oceanbox.io:8080"
+    ],
+    "archiveSvc": "https://archmeister.srv.oceanbox.io",
+    "cacheDir": "/data/archives/cache",
+    "logService" : "https://seq.adm.oceanbox.io",
+    "logApiKey": "",
+    "deployEnv": "prod"
+}
@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv-prod-ceph-archives
+spec:
+  accessModes:
+  - ReadWriteMany
+  capacity:
+    storage: 1Gi
+  csi:
+    driver: rook-ceph.cephfs.csi.ceph.com
+    nodeStageSecretRef:
+      name: rook-csi-cephfs-node
+      namespace: rook-ceph
+    volumeAttributes:
+      fsName: data
+      clusterID: rook-ceph
+      staticVolume: "true"
+      rootPath: /archives
+    volumeHandle: pv-prod-ceph-archives
+  persistentVolumeReclaimPolicy: Retain
+  volumeMode: Filesystem
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: prod-ceph-archives
+  namespace: sorcerer
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: ""
+  volumeMode: Filesystem
+  volumeName: pv-prod-ceph-archives
@@ -0,0 +1 @@
+SEQ_APIKEY=7iIXHJukYjSLQDix6CnZ
@@ -0,0 +1,32 @@
+- op: replace
+  path: /spec/template/spec/containers/0/volumeMounts/0/mountPath
+  value: /data/archives
+- op: replace
+  path: /spec/template/spec/containers/0/env/0
+  value:
+    name: LOG_LEVEL
+    value: "3"
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: ARCHMEISTER_AUTH
+    value: "admin:en-to-tre-fire"
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: REDIS_USER
+    value: default
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: REDIS_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: prod-redis
+        key: redis-password
+- op: add
+  path: /spec/template/spec/containers/0/envFrom/-
+  value:
+    secretRef:
+      name: prod-sorcerer-env
+
@@ -0,0 +1,20 @@
+generatorOptions:
+  disableNameSuffixHash: true
+secretGenerator:
+- name: prod-sorcerer-appsettings
+  files:
+    - appsettings.json
+- name: prod-sorcerer-env
+  envs:
+    - default.env
+patches:
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+  path: deployment_patch.yaml
+resources:
+# - pv.yaml
+# - pvc.yaml
+- archives-ceph-volume.yaml
+- ../base
@@ -0,0 +1,40 @@
+# apiVersion: v1
+# kind: PersistentVolume
+# metadata:
+#   name: pv-prod-oceanbox-archives
+# spec:
+#   accessModes:
+#   - ReadWriteMany
+#   capacity:
+#     storage: 300T
+#   mountOptions:
+#   - vers=4.2
+#   - rdma
+#   - soft
+#   nfs:
+#     path: /data/archives
+#     server: 10.255.243.80
+#   persistentVolumeReclaimPolicy: Retain
+#   volumeMode: Filesystem
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv-prod-backup-archives
+spec:
+  accessModes:
+  - ReadWriteMany
+  capacity:
+    storage: 400T
+  local:
+    path: /backup/archives
+  persistentVolumeReclaimPolicy: Retain
+  volumeMode: Filesystem
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: kubernetes.io/hostname
+          operator: In
+          values:
+          - fs2
@@ -0,0 +1,32 @@
+# apiVersion: v1
+# kind: PersistentVolumeClaim
+# metadata:
+#   name: prod-oceanbox-archives
+# spec:
+#   accessModes:
+#   - ReadWriteMany
+#   resources:
+#     requests:
+#       storage: 300T
+#   storageClassName: ""
+#   volumeMode: Filesystem
+#   volumeName: pv-prod-oceanbox-archives
+# status:
+#   accessModes:
+#   - ReadWriteMany
+#   capacity:
+#     storage: 300T
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: prod-oceanbox-backup-archives
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 400T
+  storageClassName: ""
+  volumeMode: Filesystem
+  volumeName: pv-prod-backup-archives
@@ -0,0 +1,28 @@
+{
+    "sso": {
+        "cookieDomain": ".oceanbox.io",
+        "signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html",
+        "redis": "10.255.241.201:31379,user=default,password=secret",
+        "appDomain": "atlantis",
+        "dataProtectionKeys": "DataProtection-Keys"
+    },
+    "allowedOrigins": [
+        "http://localhost:8085",
+        "http://localhost:8080",
+        "https://localhost:8080",
+        "https://maps.oceanbox.io",
+        "https://atlantis.srv.oceanbox.io",
+        "https://atlantis.dev.oceanbox.io",
+        "https://atlantis.beta.oceanbox.io",
+        "https://atlantis.jonas.dev.oceanbox.io",
+        "https://atlantis.stig.dev.oceanbox.io",
+        "https://atlantis.simker.dev.oceanbox.io",
+        "https://atlantis.local.oceanbox.io:8080"
+
+    ],
+    "archiveSvc": "https://archmeister.beta.oceanbox.io",
+    "cacheDir": "/data/archives/cache",
+    "logService" : "https://seq.adm.oceanbox.io",
+    "logApiKey": "",
+    "deployEnv": "staging"
+}
@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv-staging-ceph-archives
+spec:
+  accessModes:
+  - ReadWriteMany
+  capacity:
+    storage: 1Gi
+  csi:
+    driver: rook-ceph.cephfs.csi.ceph.com
+    nodeStageSecretRef:
+      name: rook-csi-cephfs-node
+      namespace: rook-ceph
+    volumeAttributes:
+      fsName: data
+      clusterID: rook-ceph
+      staticVolume: "true"
+      rootPath: /archives
+    volumeHandle: pv-staging-ceph-archives
+  persistentVolumeReclaimPolicy: Retain
+  volumeMode: Filesystem
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: staging-ceph-archives
+  namespace: sorcerer
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: ""
+  volumeMode: Filesystem
+  volumeName: pv-staging-ceph-archives
@@ -0,0 +1 @@
+SEQ_APIKEY=7iIXHJukYjSLQDix6CnZ
@@ -0,0 +1,32 @@
+- op: replace
+  path: /spec/template/spec/containers/0/volumeMounts/0/mountPath
+  value: /data/archives
+- op: replace
+  path: /spec/template/spec/containers/0/env/0
+  value:
+    name: LOG_LEVEL
+    value: "4"
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: REDIS_USER
+    value: default
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: REDIS_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: staging-redis
+        key: redis-password
+- op: add
+  path: /spec/template/spec/containers/0/env/-
+  value:
+    name: ARCHMEISTER_AUTH
+    value: "admin:en-to-tre-fire"
+- op: add
+  path: /spec/template/spec/containers/0/envFrom/-
+  value:
+    secretRef:
+      name: staging-sorcerer-env
+
@@ -0,0 +1,20 @@
+generatorOptions:
+  disableNameSuffixHash: true
+secretGenerator:
+- name: staging-sorcerer-appsettings
+  files:
+    - appsettings.json
+- name: staging-sorcerer-env
+  envs:
+    - default.env
+patches:
+- target:
+    group: apps
+    version: v1
+    kind: Deployment
+  path: deployment_patch.yaml
+resources:
+# - pv.yaml
+# - pvc.yaml
+- archives-ceph-volume.yaml
+- ../base
@@ -0,0 +1,41 @@
+# apiVersion: v1
+# kind: PersistentVolume
+# metadata:
+#   name: pv-staging-oceanbox-archives
+# spec:
+#   accessModes:
+#   - ReadWriteMany
+#   capacity:
+#     storage: 300T
+#   mountOptions:
+#   - vers=4.2
+#   - rdma
+#   - soft
+#   nfs:
+#     path: /data/archives
+#     server: 10.255.243.80
+#   persistentVolumeReclaimPolicy: Retain
+#   volumeMode: Filesystem
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pv-staging-backup-archives
+spec:
+  accessModes:
+  - ReadWriteMany
+  capacity:
+    storage: 400T
+  local:
+    path: /backup/archives
+  persistentVolumeReclaimPolicy: Retain
+  volumeMode: Filesystem
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+      - matchExpressions:
+        - key: kubernetes.io/hostname
+          operator: In
+          values:
+          - fs2
+
@@ -0,0 +1,32 @@
+# apiVersion: v1
+# kind: PersistentVolumeClaim
+# metadata:
+#   name: staging-oceanbox-archives
+# spec:
+#   accessModes:
+#   - ReadWriteMany
+#   resources:
+#     requests:
+#       storage: 300T
+#   storageClassName: ""
+#   volumeMode: Filesystem
+#   volumeName: pv-staging-oceanbox-archives
+# status:
+#   accessModes:
+#   - ReadWriteMany
+#   capacity:
+#     storage: 300T
+# ---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: staging-oceanbox-backup-archives
+spec:
+  accessModes:
+  - ReadWriteMany
+  resources:
+    requests:
+      storage: 400T
+  storageClassName: ""
+  volumeMode: Filesystem
+  volumeName: pv-staging-backup-archives
@@ -0,0 +1,29 @@
+ingress:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+  hosts:
+    - host: sorcerer.data.oceanbox.io
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+    - hosts:
+       - sorcerer.data.oceanbox.io
+      secretName: prod-sorcerer-tls
+
+persistence:
+  enabled: true
+  existingClaim: prod-ceph-archives
+  # existingClaim: prod-oceanbox-archives
+
+nodeSelector:
+  topology.kubernetes.io/group: srv
+  # kubernetes.io/hostname: fs2
+  # node-role.kubernetes.io/worker: c1-1
+
+tolerations:
+  - key: workload
+    operator: Equal
+    value: compute
+    effect: NoSchedule
+
@@ -0,0 +1,27 @@
+image:
+  tag: 26b26ac6-debug
+ingress:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    # nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+  hosts:
+    - host: sorcerer.ekman.oceanbox.io
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls:
+    - hosts:
+        - sorcerer.ekman.oceanbox.io
+      secretName: staging-sorcerer-tls
+persistence:
+  existingClaim: staging-ceph-archives
+  # existingClaim: staging-oceanbox-backup-archives
+nodeSelector:
+  topology.kubernetes.io/group: srv
+  # kubernetes.io/hostname: fs2
+  # node-role.kubernetes.io/worker: c1-1
+tolerations:
+  - key: workload
+    operator: Equal
+    value: compute
+    effect: NoSchedule