diff --git a/helmfile.d/atlantis.yaml.gotmpl b/helmfile.d/atlantis.yaml.gotmpl new file mode 100644 index 00000000..b9591abd --- /dev/null +++ b/helmfile.d/atlantis.yaml.gotmpl @@ -0,0 +1,45 @@ +bases: + - ../envs/environments.yaml.gotmpl + +repositories: +- name: oceanbox + url: "git+https://gitlab-ci:glpat-WUPiu4yb5Ffx7R8dC2kZ@gitlab.com/oceanbox/manifests@charts?ref=main" + +commonLabels: + tier: system + +apiVersions: +- monitoring.coreos.com/v1 + +releases: +- name: atlantis + namespace: {{ .Environment.Name }}-atlantis + chart: oceanbox/atlantis + condition: atlantis.enabled + values: + - ../values/atlantis/values/atlantis.yaml.gotmpl + - ../values/atlantis/values/atlantis-{{ .Environment.Name }}.yaml.gotmpl + postRenderer: ../bin/kustomizer + postRendererArgs: + - ../values/atlantis/kustomize/{{ .Environment.Name }} + missingFileHandler: Info +- name: atlantis-manifests + namespace: {{ .Environment.Name }}-atlantis + chart: manifests + condition: atlantis.enabled + missingFileHandler: Info + values: + - ../values/env.yaml + - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml + - ../values/atlantis/env.yaml.gotmpl + - ../values/atlantis/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl + hooks: + - events: [ prepare, cleanup ] + showlogs: true + command: ../bin/helmify + args: + - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}' + - '{{`{{ .Release.Chart }}`}}' + - '{{`{{ .Environment.Name }}`}}' + - ../values/atlantis/manifests + - manifests diff --git a/values/atlantis/base b/values/atlantis/base new file mode 120000 index 00000000..72e021f3 --- /dev/null +++ b/values/atlantis/base @@ -0,0 +1 @@ +kustomize/base \ No newline at end of file diff --git a/values/atlantis/base/defaultbackend.yaml b/values/atlantis/base/defaultbackend.yaml deleted file mode 100644 index 4e5b177c..00000000 --- a/values/atlantis/base/defaultbackend.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: defaultbackend -spec: - type: ExternalName - externalName: main-ingress-nginx-defaultbackend.ingress-nginx.svc.cluster.local - ports: - - port: 80 \ No newline at end of file diff --git a/values/atlantis/base/deployment_patch.yaml b/values/atlantis/base/deployment_patch.yaml deleted file mode 100644 index 44752fa1..00000000 --- a/values/atlantis/base/deployment_patch.yaml +++ /dev/null @@ -1,9 +0,0 @@ -- op: replace - path: /spec/template/spec/containers/0/livenessProbe/httpGet/path - value: /healthz -- op: replace - path: /spec/template/spec/containers/0/readinessProbe/httpGet/path - value: /healthz -- op: add - path: /spec/template/spec/containers/0/envFrom - value: [] \ No newline at end of file diff --git a/values/atlantis/base/ingress_patch.yaml b/values/atlantis/base/ingress_patch.yaml deleted file mode 100644 index 18723a63..00000000 --- a/values/atlantis/base/ingress_patch.yaml +++ /dev/null @@ -1,10 +0,0 @@ -- op: add - path: /spec/rules/0/http/paths/- - value: - path: /events - pathType: ImplementationSpecific - backend: - service: - name: defaultbackend - port: - number: 80 diff --git a/values/atlantis/base/kustomization.yaml b/values/atlantis/base/kustomization.yaml deleted file mode 100644 index 166df33c..00000000 --- a/values/atlantis/base/kustomization.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -patches: - - target: - version: v1 - group: apps - kind: Deployment - path: deployment_patch.yaml - - target: - group: networking.k8s.io - version: v1 - kind: Ingress - path: ingress_patch.yaml -resources: - - _manifest.yaml - - defaultbackend.yaml diff --git a/values/atlantis/base/service_patch.yaml b/values/atlantis/base/service_patch.yaml deleted file mode 100644 index ccfa03cc..00000000 --- a/values/atlantis/base/service_patch.yaml +++ /dev/null @@ -1,7 +0,0 @@ -- op: add - path: /spec/ports/- - value: - name: intra - port: 8000 - protocol: TCP - targetPort: 8000 diff --git a/values/atlantis/env.yaml.gotmpl b/values/atlantis/env.yaml.gotmpl index a44c2a6a..9a390f45 100644 --- a/values/atlantis/env.yaml.gotmpl +++ b/values/atlantis/env.yaml.gotmpl @@ -1,4 +1,5 @@ atlantis: enabled: true autosync: false + env: {{ .Environment.Name }} diff --git a/values/atlantis/manifests/atlantis.yaml b/values/atlantis/manifests/atlantis.yaml index 4bf9bd8b..23cc5cfb 100644 --- a/values/atlantis/manifests/atlantis.yaml +++ b/values/atlantis/manifests/atlantis.yaml @@ -1,9 +1,8 @@ {{ if .Values.clusterConfig.argo.enabled }} -{{- range .Values.atlantis.envs }} apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: {{ . }}-atlantis + name: {{ .Values.atlantis.env }}-atlantis namespace: argocd annotations: argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true @@ -11,29 +10,31 @@ metadata: - resources-finalizer.argocd.argoproj.io spec: destination: - namespace: {{ . }}-atlantis + namespace: {{ .Values.atlantis.env }}-atlantis server: https://kubernetes.default.svc project: atlantis sources: - - repoURL: https://gitlab.com/oceanbox/manifests.git - targetRevision: main - ref: values - - repoURL: https://gitlab.com/oceanbox/manifests.git - targetRevision: main - path: values/atlantis + - repoURL: {{ .Values.clusterConfig.manifests }} + targetRevision: HEAD + path: helmfile.d plugin: - name: kustomize-helm-with-rewrite - parameters: - - name: env - string: {{ . }} - - name: hostname - string: maps.oceanbox.io + name: helmfile-cmp + env: + - name: CLUSTER_NAME + value: {{ .Values.clusterConfig.cluster }} + - name: HELMFILE_ENVIRONMENT + value: {{ .Values.atlantis.env }} + - name: HELMFILE_FILE_PATH + value: atlantis.yaml.gotmpl - repoURL: https://charts.bitnami.com/bitnami targetRevision: 20.1.7 chart: redis helm: valueFiles: - - $values/values/atlantis/{{ . }}/redis.yaml + - $values/values/atlantis/{{ .Values.atlantis.env }}/redis.yaml + - repoURL: https://gitlab.com/oceanbox/manifests.git + targetRevision: main + ref: values ignoreDifferences: - kind: Secret name: azure-keyvault @@ -42,19 +43,19 @@ spec: - '.metadata.labels' - '.metadata.annotations' - kind: Secret - name: {{ . }}-atlantis-rabbitmq + name: {{ .Values.atlantis.env }}-atlantis-rabbitmq jqPathExpressions: - '.data' - '.metadata.labels' - '.metadata.annotations' - kind: Secret - name: {{ . }}-archmeister-replication + name: {{ .Values.atlantis.env }}-archmeister-replication jqPathExpressions: - '.data' - '.metadata.labels' - '.metadata.annotations' - kind: Secret - name: {{ . }}-archmeister-ca + name: {{ .Values.atlantis.env }}-archmeister-ca jqPathExpressions: - '.data' - '.metadata.labels' @@ -67,4 +68,3 @@ spec: # prune: true # selfHeal: false {{- end }} -{{- end }} diff --git a/values/atlantis/prod b/values/atlantis/prod new file mode 120000 index 00000000..9d08ed93 --- /dev/null +++ b/values/atlantis/prod @@ -0,0 +1 @@ +kustomize/prod \ No newline at end of file diff --git a/values/atlantis/prod/appsettings.json b/values/atlantis/prod/appsettings.json deleted file mode 100644 index dc76aae8..00000000 --- a/values/atlantis/prod/appsettings.json +++ /dev/null @@ -1,96 +0,0 @@ -{ - "oidc": { - "issuer": "https://auth.oceanbox.io/realms/oceanbox", - "authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth", - "token_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/token", - "jwks_uri": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/certs", - "userinfo_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/userinfo", - "end_session_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/logout", - "device_authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth/device", - "clientId": "atlantis", - "clientSecret": "", - "scopes": [ - "openid", - "email", - "offline_access", - "profile" - ], - "audiences": [ - "atlantis", - "atlantis_dev", - "sorcerer", - "sorcerer_dev" - ] - }, - "sso": { - "cookieDomain": ".oceanbox.io", - "cookieName": ".obx.prod", - "ttl": 12.0, - "signedOutRedirectUri": "https://maps.beta.oceanbox.io", - "realm": "atlantis", - "environment": "prod", - "keyStore": { - "kind": "azure", - "uri": "https://atlantis.blob.core.windows.net", - "key": "dataprotection-keys" - }, - "keyVault": { - "kind": "azure", - "uri": "https://atlantisvault.vault.azure.net", - "key": "dataencryption-keys" - } - }, - "fga": { - "apiUrl": "http://prod-openfga.openfga.svc.cluster.local:8080", - "apiKey": "", - "storeId": "01JKTZXMP7ANN4GG2P5W8Y56M6", - "modelId": "01JKTZYMCZZBVSBG66W27XMW0A" - }, - "plainAuthUsers": [ - { - "username": "admin", - "password": "en-to-tre-fire", - "groups": [ "/oceanbox" ], - "roles": [ "admin" ] - }, - { - "username": "sorcerer", - "password": "fire tre to en", - "groups": [ "/oceanbox" ], - "roles": [ "admin" ] - }, - { - "username": "archivist", - "password": "en-to-tre-fire", - "groups": [ "/oceanbox" ], - "roles": [ "admin" ] - } - ], - "redis": "prod-atlantis-redis-master:6379", - "objectStore": "https://atlantis.blob.core.windows.net", - "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;", - "sorcerer" : "https://sorcerer.data.oceanbox.io", - "allowedOrigins": [ - "https://maps.oceanbox.io", - "https://maps.beta.oceanbox.io", - ], - "appName": "atlantis", - "appEnv": "prod", - "appNamespace": "atlantis", - "appVersion": "2.95.1", - "otelCollector": "http://opentelemetry-collector.otel.svc:4317", - "pubsubName": "pubsub", - "pubsubTopic": "hipster-atlantis", - "slurm": { - "baseUrl": "https://hipster-slurmrestd.ekman.oceanbox.io/", - "slurmApi": "slurm/v0.0.39/", - "dbdApi": "slurmdbd/v0.0.39/", - "user": "serf", - "password": "wooqueiLee3ao0ha" - }, - "amqp": { - "auth": "user:hunny-bunny", - "host": "10.255.241.201:30673" - }, - "fenceRadius": 1250.0 -} diff --git a/values/atlantis/prod/barentswatch-api.env b/values/atlantis/prod/barentswatch-api.env deleted file mode 100644 index fc399a85..00000000 --- a/values/atlantis/prod/barentswatch-api.env +++ /dev/null @@ -1,2 +0,0 @@ -client-id=simen.kirkvik@tromso.serit.no:simkir-tilt-atlantis -secret=d9tInZ1XpeDAxD.DySv'*SB=P \ No newline at end of file diff --git a/values/atlantis/prod/bindings.yaml b/values/atlantis/prod/bindings.yaml deleted file mode 100644 index 8a95c563..00000000 --- a/values/atlantis/prod/bindings.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: slurm-events -spec: - type: bindings.rabbitmq - version: v1 - metadata: - - name: host - secretKeyRef: - name: prod-atlantis-rabbitmq - key: connString - - name: queueName - value: prod-slurm-job-events - - name: durable - value: true - - name: contentType - value: "application/json" - - name: route - value: /events/slurm -scopes: - - prod-atlantis diff --git a/values/atlantis/prod/configurations.yaml b/values/atlantis/prod/configurations.yaml deleted file mode 100644 index 705e1b48..00000000 --- a/values/atlantis/prod/configurations.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: configstore -spec: - type: configuration.redis - version: v1 - metadata: - - name: redisHost - value: prod-atlantis-redis-master:6379 - - name: redisUsername - value: default - - name: redisPassword - secretKeyRef: - name: prod-atlantis-redis - key: redis-password - - name: redisDB - value: "1" -scopes: - - prod-atlantis diff --git a/values/atlantis/prod/default.env b/values/atlantis/prod/default.env deleted file mode 100644 index 85c5abe3..00000000 --- a/values/atlantis/prod/default.env +++ /dev/null @@ -1 +0,0 @@ -OIDC_CLIENT_SECRET=KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm diff --git a/values/atlantis/prod/deployment_patch.yaml b/values/atlantis/prod/deployment_patch.yaml deleted file mode 100644 index dd4c92da..00000000 --- a/values/atlantis/prod/deployment_patch.yaml +++ /dev/null @@ -1,10 +0,0 @@ -- op: add - path: /spec/template/spec/containers/0/envFrom/- - value: - secretRef: - name: azure-keyvault -- op: add - path: /spec/template/spec/containers/0/envFrom/- - value: - secretRef: - name: prod-atlantis-env \ No newline at end of file diff --git a/values/atlantis/prod/keyvault.yaml b/values/atlantis/prod/keyvault.yaml deleted file mode 100644 index 145adf98..00000000 --- a/values/atlantis/prod/keyvault.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: azure-keyvault -spec: - type: secretstores.azure.keyvault - version: v1 - metadata: - - name: vaultName - value: atlantisvault - - name: azureTenantId - secretKeyRef: - name: azure-keyvault - key: AZURE_TENANT_ID - - name: azureClientId - secretKeyRef: - name: azure-keyvault - key: AZURE_CLIENT_ID - - name: azureClientSecret - secretKeyRef: - name: azure-keyvault - key: AZURE_CLIENT_SECRET diff --git a/values/atlantis/prod/kustomization.yaml b/values/atlantis/prod/kustomization.yaml deleted file mode 100644 index f0e148c2..00000000 --- a/values/atlantis/prod/kustomization.yaml +++ /dev/null @@ -1,24 +0,0 @@ -generatorOptions: - disableNameSuffixHash: true -configMapGenerator: -- name: prod-atlantis-appsettings - files: - - appsettings.json -patches: - - target: - group: apps - version: v1 - kind: Deployment - path: deployment_patch.yaml -resources: - - ../base - - secrets.yaml - - rbac.yaml - - tracing.yaml - - bindings.yaml - - pubsub.yaml - - statestore.yaml - - subscriptions.yaml - - configurations.yaml - - secretstore.yaml - - keyvault.yaml diff --git a/values/atlantis/prod/pubsub.yaml b/values/atlantis/prod/pubsub.yaml deleted file mode 100644 index b7aeda01..00000000 --- a/values/atlantis/prod/pubsub.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: pubsub -spec: - version: v1 - type: pubsub.rabbitmq - metadata: - - name: hostname - value: prod-rabbitmq.rabbitmq - - name: username - value: user - - name: password - secretKeyRef: - name: prod-atlantis-rabbitmq - key: rabbitmq-password - - name: protocol - value: amqp - - name: durable - value: true - - name: deletedWhenUnused - value: false - - name: autoAck - value: false - - name: deliveryMode - value: 1 - - name: requeueInFailure - value: false - - name: prefetchCount - value: 0 - - name: reconnectWait - value: 0 - - name: concurrencyMode - value: parallel - - name: publisherConfirm - value: false - - name: backOffPolicy - value: exponential - - name: backOffInitialInterval - value: 100 - - name: backOffMaxRetries - value: 16 - - name: enableDeadLetter # Optional enable dead Letter or not - value: true - - name: maxLen # Optional max message count in a queue - value: 3000 - - name: maxLenBytes # Optional maximum length in bytes of a queue. - value: 10485760 - - name: exchangeKind - value: fanout - - name: clientName - value: "{appID}" diff --git a/values/atlantis/prod/rbac.yaml b/values/atlantis/prod/rbac.yaml deleted file mode 100644 index 772c7a95..00000000 --- a/values/atlantis/prod/rbac.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: prod-atlantis - namespace: prod-atlantis -rules: -- apiGroups: - - "" - resourceNames: - - prod-atlantis-appsettings - resources: - - configmaps - verbs: - - get - - watch -- apiGroups: - - "" - resourceNames: - - azure-keyvault - - prod-atlantis-redis - resources: - - secrets - verbs: - - get - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: prod-atlantis - namespace: prod-atlantis -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prod-atlantis -subjects: -- kind: ServiceAccount - name: prod-atlantis - namespace: prod-atlantis diff --git a/values/atlantis/prod/redis.yaml b/values/atlantis/prod/redis.yaml deleted file mode 100644 index f9ca65a9..00000000 --- a/values/atlantis/prod/redis.yaml +++ /dev/null @@ -1,23 +0,0 @@ -architecture: replication - -replica: - replicaCount: 2 - -auth: - enabled: true - sentinel: true - password: "" - usePasswordFiles: false - existingSecretPasswordKey: "" - existingSecret: prod-atlantis-redis - -master: - resources: - limits: - ephemeral-storage: 1024Mi - memory: 192Mi - requests: - cpu: 150m - ephemeral-storage: 50Mi - memory: 128Mi - diff --git a/values/atlantis/prod/secrets.yaml b/values/atlantis/prod/secrets.yaml deleted file mode 100644 index a956c207..00000000 --- a/values/atlantis/prod/secrets.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - annotations: - kyverno/clone: "true" - kyverno/env: "prod" - name: prod-atlantis-rabbitmq -type: Opaque -data: diff --git a/values/atlantis/prod/secretstore.yaml b/values/atlantis/prod/secretstore.yaml deleted file mode 100644 index afa9a4cd..00000000 --- a/values/atlantis/prod/secretstore.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: secretstore -spec: - type: secretstores.kubernetes - version: v1 - metadata: - - name: defaultNamespace - value: prod-atlantis \ No newline at end of file diff --git a/values/atlantis/prod/statestore.yaml b/values/atlantis/prod/statestore.yaml deleted file mode 100644 index beb6ee64..00000000 --- a/values/atlantis/prod/statestore.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: statestore -spec: - type: state.redis - version: v1 - metadata: - - name: redisHost - value: prod-atlantis-redis-master:6379 - - name: redisUsername - value: default - - name: redisPassword - secretKeyRef: - name: prod-atlantis-redis - key: redis-password - - name: actorStateStore - value: "true" - - name: redisDB - value: "0" -scopes: - - prod-atlantis diff --git a/values/atlantis/prod/subscriptions.yaml b/values/atlantis/prod/subscriptions.yaml deleted file mode 100644 index d0d0dcce..00000000 --- a/values/atlantis/prod/subscriptions.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: dapr.io/v2alpha1 -kind: Subscription -metadata: - name: hipster-events -spec: - topic: hipster - routes: - default: /events/hipster - pubsubname: pubsub - metadata: - queueType: quorum -scopes: -- prod-atlantis ---- -apiVersion: dapr.io/v2alpha1 -kind: Subscription -metadata: - name: inbox-events -spec: - topic: inbox - routes: - default: /events/inbox - pubsubname: pubsub - metadata: - queueType: quorum -scopes: -- prod-atlantis diff --git a/values/atlantis/prod/tracing.yaml b/values/atlantis/prod/tracing.yaml deleted file mode 100644 index 5d9bffd1..00000000 --- a/values/atlantis/prod/tracing.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: tracing -spec: - tracing: - samplingRate: "1" - otel: - endpointAddress: "opentelemetry-collector.otel.svc.cluster.local:4317" - protocol: grpc - isSecure: false diff --git a/values/atlantis/staging b/values/atlantis/staging new file mode 120000 index 00000000..7f7acb33 --- /dev/null +++ b/values/atlantis/staging @@ -0,0 +1 @@ +kustomize/staging \ No newline at end of file diff --git a/values/atlantis/staging/appsettings.json b/values/atlantis/staging/appsettings.json deleted file mode 100644 index 529a47b9..00000000 --- a/values/atlantis/staging/appsettings.json +++ /dev/null @@ -1,97 +0,0 @@ -{ - "oidc": { - "issuer": "https://auth.oceanbox.io/realms/oceanbox", - "authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth", - "token_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/token", - "jwks_uri": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/certs", - "userinfo_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/userinfo", - "end_session_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/logout", - "device_authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth/device", - "clientId": "atlantis_dev", - "clientSecret": "", - "scopes": [ - "openid", - "email", - "offline_access", - "profile" - ], - "audiences": [ - "atlantis", - "atlantis_dev", - "sorcerer", - "sorcerer_dev" - ] - }, - "sso": { - "cookieDomain": ".oceanbox.io", - "cookieName": ".obx.staging", - "ttl": 12.0, - "signedOutRedirectUri": "https://atlantis.beta.oceanbox.io", - "realm": "atlantis", - "environment": "staging", - "keyStore": { - "kind": "azure", - "uri": "https://atlantis.blob.core.windows.net", - "key": "dataprotection-keys" - }, - "keyVault": { - "kind": "azure", - "uri": "https://atlantisvault.vault.azure.net", - "key": "dataencryption-keys" - } - }, - "fga": { - "apiUrl": "http://staging-openfga.openfga.svc.cluster.local:8080", - "apiKey": "", - "storeId": "01JKTQKHSGJH4RW04WFVCPWNTE", - "modelId": "01JKTQMXBE7219XRYE3NGYNXSR" - }, - "plainAuthUsers": [ - { - "username": "admin", - "password": "en-to-tre-fire", - "groups": [ "/oceanbox" ], - "roles": [ "admin" ] - }, - { - "username": "sorcerer", - "password": "fire tre to en", - "groups": [ "/oceanbox" ], - "roles": [ "admin" ] - }, - { - "username": "archivist", - "password": "en-to-tre-fire", - "groups": [ "/oceanbox" ], - "roles": [ "admin" ] - } - ], - "redis": "staging-atlantis-redis-master:6379", - "objectStore": "https://atlantis.blob.core.windows.net", - "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;", - "sorcerer" : "https://sorcerer.ekman.oceanbox.io", - "allowedOrigins": [ - "https://atlantis.beta.oceanbox.io", - "https://atlantis.dev.oceanbox.io", - "https://atlantis.local.oceanbox.io:8080" - ], - "appName": "atlantis", - "appEnv": "staging", - "appNamespace": "atlantis", - "appVersion": "0.0.0", - "otelCollector": "http://opentelemetry-collector.otel.svc:4317", - "pubsubName": "pubsub", - "pubsubTopic": "hipster-atlantis", - "slurm": { - "baseUrl": "https://hipster-slurmrestd.ekman.oceanbox.io/", - "slurmApi": "slurm/v0.0.39/", - "dbdApi": "slurmdbd/v0.0.39/", - "user": "serf", - "password": "wooqueiLee3ao0ha" - }, - "amqp": { - "auth": "user:hunny-bunny", - "host": "10.255.241.201:31673" - }, - "fenceRadius": 1250.0 -} diff --git a/values/atlantis/staging/auth b/values/atlantis/staging/auth deleted file mode 100644 index c5302c42..00000000 --- a/values/atlantis/staging/auth +++ /dev/null @@ -1 +0,0 @@ -oceanbox:$apr1$4njCUY7A$fmWQSymNJ6abSHvwDpNGU/ diff --git a/values/atlantis/staging/barentswatch-api.env b/values/atlantis/staging/barentswatch-api.env deleted file mode 100644 index fc399a85..00000000 --- a/values/atlantis/staging/barentswatch-api.env +++ /dev/null @@ -1,2 +0,0 @@ -client-id=simen.kirkvik@tromso.serit.no:simkir-tilt-atlantis -secret=d9tInZ1XpeDAxD.DySv'*SB=P \ No newline at end of file diff --git a/values/atlantis/staging/bindings.yaml b/values/atlantis/staging/bindings.yaml deleted file mode 100644 index b8528054..00000000 --- a/values/atlantis/staging/bindings.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: slurm-events -spec: - type: bindings.rabbitmq - version: v1 - metadata: - - name: host - secretKeyRef: - name: staging-atlantis-rabbitmq - key: connString - - name: queueName - value: staging-slurm-job-events - - name: durable - value: true - - name: contentType - value: "application/json" - - name: route - value: /events/slurm -scopes: - - staging-atlantis diff --git a/values/atlantis/staging/configuration.yaml b/values/atlantis/staging/configuration.yaml deleted file mode 100644 index 2c7efc91..00000000 --- a/values/atlantis/staging/configuration.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: configstore -spec: - type: configuration.redis - version: v1 - metadata: - - name: redisHost - value: staging-atlantis-redis-master:6379 - - name: redisUsername - value: default - - name: redisPassword - secretKeyRef: - name: staging-atlantis-redis - key: redis-password - - name: redisDB - value: "1" -scopes: - - staging-atlantis diff --git a/values/atlantis/staging/configurations.yaml b/values/atlantis/staging/configurations.yaml deleted file mode 100644 index 90c68955..00000000 --- a/values/atlantis/staging/configurations.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: configstore -spec: - type: configuration.redis - version: v1 - metadata: - - name: redisHost - value: staging-atlantis-redis-master:6379 - - name: redisUsername - value: default - - name: redisPassword - secretKeyRef: - name: staging-atlantis-redis - key: redis-password - - name: redisDB - value: "2" -scopes: - - staging-atlantis diff --git a/values/atlantis/staging/default.env b/values/atlantis/staging/default.env deleted file mode 100644 index c73591f5..00000000 --- a/values/atlantis/staging/default.env +++ /dev/null @@ -1 +0,0 @@ -OIDC_CLIENT_SECRET=3QjfSPmAemjn34XVA2o1fvoS7I4gKvOR diff --git a/values/atlantis/staging/deployment_patch.yaml b/values/atlantis/staging/deployment_patch.yaml deleted file mode 100644 index 1dc573da..00000000 --- a/values/atlantis/staging/deployment_patch.yaml +++ /dev/null @@ -1,10 +0,0 @@ -- op: add - path: /spec/template/spec/containers/0/envFrom/- - value: - secretRef: - name: azure-keyvault -- op: add - path: /spec/template/spec/containers/0/envFrom/- - value: - secretRef: - name: staging-atlantis-env \ No newline at end of file diff --git a/values/atlantis/staging/keyvault.yaml b/values/atlantis/staging/keyvault.yaml deleted file mode 100644 index a8b2ce2a..00000000 --- a/values/atlantis/staging/keyvault.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: azure-keyvault -spec: - type: secretstores.azure.keyvault - version: v1 - metadata: - - name: vaultName - value: atlantisvault - - name: azureTenantId - secretKeyRef: - name: azure-keyvault - key: AZURE_TENANT_ID - - name: azureClientId - secretKeyRef: - name: azure-keyvault - key: AZURE_CLIENT_ID - - name: azureClientSecret - secretKeyRef: - name: azure-keyvault - key: AZURE_CLIENT_SECRET \ No newline at end of file diff --git a/values/atlantis/staging/kustomization.yaml b/values/atlantis/staging/kustomization.yaml deleted file mode 100644 index 081d2a18..00000000 --- a/values/atlantis/staging/kustomization.yaml +++ /dev/null @@ -1,24 +0,0 @@ -generatorOptions: - disableNameSuffixHash: true -configMapGenerator: -- name: staging-atlantis-appsettings - files: - - appsettings.json -patches: - - target: - group: apps - version: v1 - kind: Deployment - path: deployment_patch.yaml -resources: - - ../base - - rbac.yaml - - secrets.yaml - - tracing.yaml - - bindings.yaml - - pubsub.yaml - - statestore.yaml - - subscriptions.yaml - - configurations.yaml - - secretstore.yaml - - keyvault.yaml \ No newline at end of file diff --git a/values/atlantis/staging/pubsub.yaml b/values/atlantis/staging/pubsub.yaml deleted file mode 100644 index 05a40ff1..00000000 --- a/values/atlantis/staging/pubsub.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: pubsub -spec: - version: v1 - type: pubsub.rabbitmq - metadata: - - name: hostname - value: staging-rabbitmq.rabbitmq - - name: username - value: user - - name: password - secretKeyRef: - name: staging-atlantis-rabbitmq - key: rabbitmq-password - - name: protocol - value: amqp - - name: durable - value: true - - name: deletedWhenUnused - value: false - - name: autoAck - value: false - - name: deliveryMode - value: 1 - - name: requeueInFailure - value: false - - name: prefetchCount - value: 0 - - name: reconnectWait - value: 0 - - name: concurrencyMode - value: parallel - - name: publisherConfirm - value: false - - name: backOffPolicy - value: exponential - - name: backOffInitialInterval - value: 100 - - name: backOffMaxRetries - value: 16 - - name: enableDeadLetter # Optional enable dead Letter or not - value: true - - name: maxLen # Optional max message count in a queue - value: 3000 - - name: maxLenBytes # Optional maximum length in bytes of a queue. - value: 10485760 - - name: exchangeKind - value: fanout - - name: clientName - value: "{appID}" diff --git a/values/atlantis/staging/rbac.yaml b/values/atlantis/staging/rbac.yaml deleted file mode 100644 index 665b0a7e..00000000 --- a/values/atlantis/staging/rbac.yaml +++ /dev/null @@ -1,40 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: staging-atlantis - namespace: staging-atlantis -rules: -- apiGroups: - - "" - resourceNames: - - staging-atlantis-appsettings - resources: - - configmaps - verbs: - - get - - watch -- apiGroups: - - "" - resourceNames: - - azure-keyvault - - staging-atlantis-redis - resources: - - secrets - verbs: - - get - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: staging-atlantis - namespace: staging-atlantis -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: staging-atlantis -subjects: -- kind: ServiceAccount - name: staging-atlantis - namespace: staging-atlantis - diff --git a/values/atlantis/staging/redis.yaml b/values/atlantis/staging/redis.yaml deleted file mode 100644 index c81761f8..00000000 --- a/values/atlantis/staging/redis.yaml +++ /dev/null @@ -1,23 +0,0 @@ -architecture: standalone - -replica: - replicaCount: 1 - -auth: - enabled: true - sentinel: true - password: "" - usePasswordFiles: false - existingSecretPasswordKey: "" - existingSecret: staging-atlantis-redis - -master: - resources: - limits: - ephemeral-storage: 1024Mi - memory: 192Mi - requests: - cpu: 150m - ephemeral-storage: 50Mi - memory: 128Mi - diff --git a/values/atlantis/staging/secrets.yaml b/values/atlantis/staging/secrets.yaml deleted file mode 100644 index 1c27062b..00000000 --- a/values/atlantis/staging/secrets.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: staging-atlantis-env -type: Opaque -data: ---- -apiVersion: v1 -kind: Secret -metadata: - annotations: - kyverno/clone: "true" - name: azure-keyvault -type: Opaque -data: ---- -apiVersion: v1 -kind: Secret -metadata: - annotations: - kyverno/clone: "true" - name: dapr-api-token -type: Opaque -data: ---- -apiVersion: v1 -kind: Secret -metadata: - annotations: - kyverno/clone: "true" - kyverno/env: "staging" - name: staging-atlantis-rabbitmq -type: Opaque -data: - - diff --git a/values/atlantis/staging/secretstore.yaml b/values/atlantis/staging/secretstore.yaml deleted file mode 100644 index 7eedf1a2..00000000 --- a/values/atlantis/staging/secretstore.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: secretstore -spec: - type: secretstores.kubernetes - version: v1 - metadata: - - name: defaultNamespace - value: staging-atlantis \ No newline at end of file diff --git a/values/atlantis/staging/statestore.yaml b/values/atlantis/staging/statestore.yaml deleted file mode 100644 index 1ecaf35b..00000000 --- a/values/atlantis/staging/statestore.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Component -metadata: - name: statestore -spec: - type: state.redis - version: v1 - metadata: - - name: redisHost - value: staging-atlantis-redis-master:6379 - - name: redisUsername - value: default - - name: redisPassword - secretKeyRef: - name: staging-atlantis-redis - key: redis-password - - name: actorStateStore - value: "true" - - name: redisDB - value: "0" -scopes: - - staging-atlantis diff --git a/values/atlantis/staging/subscriptions.yaml b/values/atlantis/staging/subscriptions.yaml deleted file mode 100644 index 91b3117a..00000000 --- a/values/atlantis/staging/subscriptions.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: dapr.io/v2alpha1 -kind: Subscription -metadata: - name: hipster-events -spec: - topic: hipster - routes: - default: /events/hipster - pubsubname: pubsub - metadata: - queueType: quorum -scopes: -- staging-atlantis ---- -apiVersion: dapr.io/v2alpha1 -kind: Subscription -metadata: - name: inbox-events -spec: - topic: inbox - routes: - default: /events/inbox - pubsubname: pubsub - metadata: - queueType: quorum -scopes: -- staging-atlantis diff --git a/values/atlantis/staging/tracing.yaml b/values/atlantis/staging/tracing.yaml deleted file mode 100644 index 5d9bffd1..00000000 --- a/values/atlantis/staging/tracing.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: dapr.io/v1alpha1 -kind: Configuration -metadata: - name: tracing -spec: - tracing: - samplingRate: "1" - otel: - endpointAddress: "opentelemetry-collector.otel.svc.cluster.local:4317" - protocol: grpc - isSecure: false diff --git a/values/atlantis/values-prod.yaml b/values/atlantis/values-prod.yaml deleted file mode 100644 index f435a167..00000000 --- a/values/atlantis/values-prod.yaml +++ /dev/null @@ -1,79 +0,0 @@ -replicaCount: 1 - -podAnnotations: - dapr.io/app-id: "prod-atlantis" - -env: - - name: APP_NAMESPACE - value: prod-atlantis - - name: APP_VERSION - value: "2.97.4" - - name: LOG_LEVEL - value: "2" - - name: REDIS_USER - value: default - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: prod-atlantis-redis - key: redis-password - - name: DB_HOST - value: prod-atlantis-db-rw - - name: DB_PORT - value: "5432" - - name: DB_USER - valueFrom: - secretKeyRef: - name: prod-atlantis-db-superuser - key: username - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: prod-atlantis-db-superuser - key: password - - name: DAPR_API_TOKEN - valueFrom: - secretKeyRef: - name: dapr-api-token - key: token - -ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - hosts: - - host: maps.oceanbox.io - paths: - - path: / - pathType: ImplementationSpecific - internal: - - path: /internal - pathType: ImplementationSpecific - - path: /dapr - pathType: ImplementationSpecific - - path: /actors - pathType: ImplementationSpecific - - path: /job - pathType: ImplementationSpecific - - path: /events - pathType: ImplementationSpecific - - path: /metrics - pathType: ImplementationSpecific - tls: - - hosts: - - maps.oceanbox.io - secretName: prod-atlantis-tls - -cluster: - instances: 2 - bootstrap: - enabled: false - -resources: - limits: - cpu: 250m - memory: 1Gi - requests: - cpu: 250m - memory: 1Gi diff --git a/values/atlantis/values-prod.yaml b/values/atlantis/values-prod.yaml new file mode 120000 index 00000000..7631798a --- /dev/null +++ b/values/atlantis/values-prod.yaml @@ -0,0 +1 @@ +values/values-prod.yaml.gotmpl \ No newline at end of file diff --git a/values/atlantis/values-staging.yaml b/values/atlantis/values-staging.yaml deleted file mode 100644 index aae48db5..00000000 --- a/values/atlantis/values-staging.yaml +++ /dev/null @@ -1,102 +0,0 @@ -replicaCount: 1 -image: - tag: 9dfa1968-debug -podAnnotations: - dapr.io/app-id: "staging-atlantis" -env: - - name: APP_NAMESPACE - value: staging-atlantis - - name: APP_VERSION - value: "2.95.1" - - name: LOG_LEVEL - value: "1" - - name: REDIS_USER - value: default - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: staging-atlantis-redis - key: redis-password - - name: DB_HOST - value: staging-atlantis-db-rw - - name: DB_PORT - value: "5432" - - name: DB_USER - valueFrom: - secretKeyRef: - name: staging-atlantis-db-superuser - key: username - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: staging-atlantis-db-superuser - key: password - - name: DAPR_API_TOKEN - valueFrom: - secretKeyRef: - name: dapr-api-token - key: token -ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-production - nginx.ingress.kubernetes.io/proxy-buffer-size: 128k - # nginx.ingress.kubernetes.io/affinity: "cookie" - # nginx.ingress.kubernetes.io/session-cookie-name: "http-affinity" - # nginx.ingress.kubernetes.io/session-cookie-expires: "86400" - # nginx.ingress.kubernetes.io/session-cookie-max-age: "86400" - # atlantis.oceanbox.io/expose: internal - hosts: - - host: atlantis.beta.oceanbox.io - paths: - - path: / - pathType: ImplementationSpecific - internal: - - path: /internal - pathType: ImplementationSpecific - - path: /dapr - pathType: ImplementationSpecific - - path: /actors - pathType: ImplementationSpecific - - path: /job - pathType: ImplementationSpecific - - path: /events - pathType: ImplementationSpecific - - path: /metrics - pathType: ImplementationSpecific - - host: atlas.oceanbox.io - paths: - - path: / - pathType: ImplementationSpecific - internal: - - path: /internal - pathType: ImplementationSpecific - - path: /dapr - pathType: ImplementationSpecific - - path: /actors - pathType: ImplementationSpecific - - path: /job - pathType: ImplementationSpecific - - path: /events - pathType: ImplementationSpecific - - path: /metrics - pathType: ImplementationSpecific - tls: - - hosts: - - atlantis.beta.oceanbox.io - - atlas.oceanbox.io - secretName: staging-atlantis-tls -cluster: - instances: 1 - bootstrap: - enabled: true - source: - db: prod-atlantis-db - namespace: prod-atlantis -resources: - limits: - cpu: 250m - memory: 1Gi - requests: - cpu: 250m - memory: 1Gi diff --git a/values/atlantis/values-staging.yaml b/values/atlantis/values-staging.yaml new file mode 120000 index 00000000..425b92d8 --- /dev/null +++ b/values/atlantis/values-staging.yaml @@ -0,0 +1 @@ +values/values-staging.yaml.gotmpl \ No newline at end of file diff --git a/values/atlantis/values.yaml b/values/atlantis/values.yaml deleted file mode 100644 index d13d6170..00000000 --- a/values/atlantis/values.yaml +++ /dev/null @@ -1,12 +0,0 @@ - -podAnnotations: - dapr.io/enabled: "true" - dapr.io/app-port: "8085" - dapr.io/api-token-secret: "dapr-api-token" - dapr.io/config: "tracing" - dapr.io/app-protocol: "http" - dapr.io/log-as-json: "true" - dapr.io/sidecar-cpu-request: "10m" - dapr.io/sidecar-memory-request: "50Mi" - # dapr.io/sidecar-cpu-limit: "100m" - # dapr.io/sidecar-memory-limit: "1000Mi" diff --git a/values/atlantis/values.yaml b/values/atlantis/values.yaml new file mode 120000 index 00000000..012c24b2 --- /dev/null +++ b/values/atlantis/values.yaml @@ -0,0 +1 @@ +values/values.yaml.gotmpl \ No newline at end of file diff --git a/values/atlantis/values/values-prod.yaml.gotmpl b/values/atlantis/values/values-prod.yaml.gotmpl index 52fd3e65..f435a167 100644 --- a/values/atlantis/values/values-prod.yaml.gotmpl +++ b/values/atlantis/values/values-prod.yaml.gotmpl @@ -1,4 +1,4 @@ -replicaCount: 2 +replicaCount: 1 podAnnotations: dapr.io/app-id: "prod-atlantis" diff --git a/values/atlantis/values/values-staging.yaml.gotmpl b/values/atlantis/values/values-staging.yaml.gotmpl index f1135680..aae48db5 100644 --- a/values/atlantis/values/values-staging.yaml.gotmpl +++ b/values/atlantis/values/values-staging.yaml.gotmpl @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: 77d6efd6-debug + tag: 9dfa1968-debug podAnnotations: dapr.io/app-id: "staging-atlantis" env: