diff --git a/apps/staging-atlantis.yaml b/apps/staging-atlantis.yaml new file mode 100644 index 00000000..bc66fdf5 --- /dev/null +++ b/apps/staging-atlantis.yaml @@ -0,0 +1,31 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: staging-atlantis + namespace: argocd +spec: + template: + metadata: + name: staging-atlantis + spec: + project: atlantis + destination: + namespace: staging-atlantis + server: https://kubernetes.default.svc + sources: + - repoURL: https://gitlab.com/oceanbox/manifests.git + targetRevision: nixidy + path: values/atlantis + plugin: + name: kustomize-helm-with-rewrite + parameters: + - name: env + string: staging + - name: hostname + string: atlantis.beta.oceanbox.io + templatePatch: | + spec: + syncPolicy: + automated: + prune: true + selfHeal: true diff --git a/values/atlantis/base/deployment_patch.yaml b/values/atlantis/base/deployment_patch.yaml index a17f569c..44752fa1 100644 --- a/values/atlantis/base/deployment_patch.yaml +++ b/values/atlantis/base/deployment_patch.yaml @@ -6,17 +6,4 @@ value: /healthz - op: add path: /spec/template/spec/containers/0/envFrom - value: [] -- op: add - path: /spec/template/spec/containers/0/volumeMounts/- - value: - name: acl - mountPath: /app/acl.json - subPath: acl.json - readOnly: true -- op: add - path: /spec/template/spec/volumes/- - value: - name: acl - configMap: - name: petimeter-acl + value: [] \ No newline at end of file diff --git a/values/atlantis/base/kustomization.yaml b/values/atlantis/base/kustomization.yaml index 591b8d32..166df33c 100644 --- a/values/atlantis/base/kustomization.yaml +++ b/values/atlantis/base/kustomization.yaml @@ -1,12 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: atlantis -generatorOptions: - disableNameSuffixHash: true -configmapGenerator: -- name: petimeter-acl - files: - - acl.json patches: - target: version: v1 diff --git a/values/atlantis/base/service_patch.yaml b/values/atlantis/base/service_patch.yaml new file mode 100644 index 00000000..ccfa03cc --- /dev/null +++ b/values/atlantis/base/service_patch.yaml @@ -0,0 +1,7 @@ +- op: add + path: /spec/ports/- + value: + name: intra + port: 8000 + protocol: TCP + targetPort: 8000 diff --git a/values/atlantis/prod/appsettings.json b/values/atlantis/prod/appsettings.json index b6673d5a..7532cc02 100644 --- a/values/atlantis/prod/appsettings.json +++ b/values/atlantis/prod/appsettings.json @@ -15,24 +15,45 @@ "profile" ] }, - "redis": "prod-redis-master.redis.svc,user=default,password=secret", "sso": { "cookieDomain": ".oceanbox.io", + "cookieName": ".obx.prod", "signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html", - "appDomain": "atlantis", - "dataProtectionKeys": "DataProtection-Keys" + "realm": "atlantis", + "environment": "prod", + "keyStore": "azure", + "certStore": "https://atlantis.blob.core.windows.net", + "dataProtectionKeys": "https://atlantisvault.vault.azure.net/keys/dataprotection" }, - "archmeister" : "https://archmeister.srv.oceanbox.io", - "sorcerer" : "https://sorcerer.data.oceanbox.io", + "fga": { + "apiUrl": "https://openfga.dev.oceanbox.io", + "apiKey": "", + "storeId": "01J6C1NBX36E1B928HFSB123XQ", + "modelId": "01JEK1NC93GXA8TKGK6FB5CG3X" + }, + "plainAuthUsers": [ + { + "username": "admin", + "password": "en-to-tre-fire", + "groups": [ "/oceanbox" ], + "roles": [ "admin" ] + } + ], + "redis": "prod-redis-master:6379", + "objectStore": "https://atlantis.blob.core.windows.net", + "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;", + "sorcerer" : "https://sorcerer.ekman.oceanbox.io", "allowedOrigins": [ - "http://maps.oceanbox.io", "https://maps.oceanbox.io", - "http://atlantis.srv.oceanbox.io", "https://atlantis.srv.oceanbox.io" ], - "otelCollector": "http://opentelemetry-collector.opentelemetry.svc:4317", - "deployEnv": "prod", - "deployName": "atlantis", + "appName": "atlantis", + "appEnv": "prod", + "appNamespace": "atlantis", + "appVersion": "2.90.0", + "otelCollector": "http://opentelemetry-collector.otel.svc:4317", + "pubsubName": "pubsub", + "pubsubTopic": "hipster-atlantis", "slurm": { "baseUrl": "https://hipster-slurmrestd.ekman.oceanbox.io/", "slurmApi": "slurm/v0.0.38/", @@ -42,11 +63,7 @@ }, "amqp": { "auth": "user:bunny", - "host": "10.1.8.60:30673" + "host": "10.255.241.201:30673" }, - "pubsubName": "pubsub", - "pubsubTopic": "hipster-atlantis", - "fenceRadius": 1250.0, - "cerbosUrl": "http://prod-cerbos.idp.svc:3593", - "plainAuthUsers": [] + "fenceRadius": 1250.0 } diff --git a/values/atlantis/prod/bindings.yaml b/values/atlantis/prod/bindings.yaml index 0c14ca71..dc6de8c4 100644 --- a/values/atlantis/prod/bindings.yaml +++ b/values/atlantis/prod/bindings.yaml @@ -11,7 +11,7 @@ spec: name: prod-rabbitmq key: connString - name: queueName - value: prod-hipster-slurm-job-events + value: prod-slurm-job-events - name: durable value: true - name: contentType @@ -19,4 +19,4 @@ spec: - name: route value: /events/slurm scopes: - - atlantis + - atlantis \ No newline at end of file diff --git a/values/atlantis/prod/configurations.yaml b/values/atlantis/prod/configurations.yaml new file mode 100644 index 00000000..b6294dcd --- /dev/null +++ b/values/atlantis/prod/configurations.yaml @@ -0,0 +1,20 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: configstore +spec: + type: configuration.redis + version: v1 + metadata: + - name: redisHost + value: prod-redis-master:6379 + - name: redisUsername + value: default + - name: redisPassword + secretKeyRef: + name: prod-redis + key: redis-password + - name: redisDB + value: "2" +scopes: + - atlantis \ No newline at end of file diff --git a/values/atlantis/prod/deployment_patch.yaml b/values/atlantis/prod/deployment_patch.yaml index 956f6cab..dd4c92da 100644 --- a/values/atlantis/prod/deployment_patch.yaml +++ b/values/atlantis/prod/deployment_patch.yaml @@ -1,10 +1,10 @@ -- op: replace - path: /spec/template/spec/containers/0/env/0 - value: - name: LOG_LEVEL - value: "4" - op: add path: /spec/template/spec/containers/0/envFrom/- value: secretRef: - name: prod-atlantis-env + name: azure-keyvault +- op: add + path: /spec/template/spec/containers/0/envFrom/- + value: + secretRef: + name: prod-atlantis-env \ No newline at end of file diff --git a/values/atlantis/prod/keyvault.yaml b/values/atlantis/prod/keyvault.yaml new file mode 100644 index 00000000..a8b2ce2a --- /dev/null +++ b/values/atlantis/prod/keyvault.yaml @@ -0,0 +1,22 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: azure-keyvault +spec: + type: secretstores.azure.keyvault + version: v1 + metadata: + - name: vaultName + value: atlantisvault + - name: azureTenantId + secretKeyRef: + name: azure-keyvault + key: AZURE_TENANT_ID + - name: azureClientId + secretKeyRef: + name: azure-keyvault + key: AZURE_CLIENT_ID + - name: azureClientSecret + secretKeyRef: + name: azure-keyvault + key: AZURE_CLIENT_SECRET \ No newline at end of file diff --git a/values/atlantis/prod/kustomization.yaml b/values/atlantis/prod/kustomization.yaml index 4263d2b6..b048cf48 100644 --- a/values/atlantis/prod/kustomization.yaml +++ b/values/atlantis/prod/kustomization.yaml @@ -4,13 +4,6 @@ configMapGenerator: - name: prod-atlantis-appsettings files: - appsettings.json -secretGenerator: -- name: prod-atlantis-env - envs: - - default.env -- name: prod-atlantis-barentswatch - envs: - - barentswatch-api.env patches: - target: group: apps @@ -19,9 +12,13 @@ patches: path: deployment_patch.yaml resources: - ../base + - rbac.yaml - secrets.yaml - tracing.yaml - bindings.yaml - pubsub.yaml - statestore.yaml - subscriptions.yaml + - configurations.yaml + - secretstore.yaml + - keyvault.yaml \ No newline at end of file diff --git a/values/atlantis/prod/pubsub.yaml b/values/atlantis/prod/pubsub.yaml index 97473e01..2b0b4b03 100644 --- a/values/atlantis/prod/pubsub.yaml +++ b/values/atlantis/prod/pubsub.yaml @@ -7,7 +7,7 @@ spec: type: pubsub.rabbitmq metadata: - name: hostname - value: prod + value: prod-rabbitmq.rabbitmq - name: username value: user - name: password @@ -49,4 +49,4 @@ spec: - name: exchangeKind value: fanout - name: clientName - value: "{appID}" + value: "{appID}" \ No newline at end of file diff --git a/values/atlantis/prod/rbac.yaml b/values/atlantis/prod/rbac.yaml new file mode 100644 index 00000000..90516fa7 --- /dev/null +++ b/values/atlantis/prod/rbac.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: prod-atlantis + namespace: prod +rules: +- apiGroups: + - "" + resourceNames: + - prod-atlantis-appsettings + resources: + - configmaps + verbs: + - get + - watch +- apiGroups: + - "" + resourceNames: + - azure-keyvault + - prod-redis + resources: + - secrets + verbs: + - get + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: prod-atlantis + namespace: prod +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: prod-atlantis +subjects: +- kind: ServiceAccount + name: prod-atlantis + namespace: prod \ No newline at end of file diff --git a/values/atlantis/prod/secrets.yaml b/values/atlantis/prod/secrets.yaml index 478632bb..187ac10b 100644 --- a/values/atlantis/prod/secrets.yaml +++ b/values/atlantis/prod/secrets.yaml @@ -3,6 +3,15 @@ kind: Secret metadata: annotations: kyverno/clone: "true" - name: prod-rabbitmq + name: prod-atlantis-env +type: Opaque +data: +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kyverno/clone: "true" + name: azure-keyvault type: Opaque data: \ No newline at end of file diff --git a/values/atlantis/prod/secretstore.yaml b/values/atlantis/prod/secretstore.yaml new file mode 100644 index 00000000..afa9a4cd --- /dev/null +++ b/values/atlantis/prod/secretstore.yaml @@ -0,0 +1,10 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: secretstore +spec: + type: secretstores.kubernetes + version: v1 + metadata: + - name: defaultNamespace + value: prod-atlantis \ No newline at end of file diff --git a/values/atlantis/prod/statestore.yaml b/values/atlantis/prod/statestore.yaml index 5c6bd979..fa865fda 100644 --- a/values/atlantis/prod/statestore.yaml +++ b/values/atlantis/prod/statestore.yaml @@ -7,16 +7,16 @@ spec: version: v1 metadata: - name: redisHost - value: -redis-master:6379 + value: prod-redis-master:6379 - name: redisUsername value: default - name: redisPassword secretKeyRef: - name: -redis + name: prod-redis key: redis-password - name: actorStateStore value: "true" - name: redisDB value: "1" scopes: - - atlantis \ No newline at end of file + - atlantis diff --git a/values/atlantis/prod/tracing.yaml b/values/atlantis/prod/tracing.yaml index 47ea1d3e..5d9bffd1 100644 --- a/values/atlantis/prod/tracing.yaml +++ b/values/atlantis/prod/tracing.yaml @@ -5,5 +5,7 @@ metadata: spec: tracing: samplingRate: "1" - zipkin: - endpointAddress: "http://opentelemetry-collector.otel.svc.cluster.local:9411/api/v2/spans" + otel: + endpointAddress: "opentelemetry-collector.otel.svc.cluster.local:4317" + protocol: grpc + isSecure: false diff --git a/values/atlantis/staging/appsettings.json b/values/atlantis/staging/appsettings.json index 4b2bc13b..5bdc9c1c 100644 --- a/values/atlantis/staging/appsettings.json +++ b/values/atlantis/staging/appsettings.json @@ -15,22 +15,46 @@ "profile" ] }, - "redis": "staging-redis-master.redis.svc,user=default,password=secret", "sso": { "cookieDomain": ".oceanbox.io", + "cookieName": ".obx.staging", "signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html", - "appDomain": "atlantis", - "dataProtectionKeys": "DataProtection-Keys" + "realm": "atlantis", + "environment": "staging", + "keyStore": "azure", + "certStore": "https://atlantis.blob.core.windows.net", + "dataProtectionKeys": "https://atlantisvault.vault.azure.net/keys/dataprotection" }, - "archmeister" : "https://archmeister.beta.oceanbox.io", + "fga": { + "apiUrl": "https://openfga.dev.oceanbox.io", + "apiKey": "", + "storeId": "01J6C1NBX36E1B928HFSB123XQ", + "modelId": "01JEK1NC93GXA8TKGK6FB5CG3X" + }, + "plainAuthUsers": [ + { + "username": "admin", + "password": "en-to-tre-fire", + "groups": [ "/oceanbox" ], + "roles": [ "admin" ] + } + ], + "redis": "staging-redis-master:6379", + "objectStore": "https://atlantis.blob.core.windows.net", + "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;", "sorcerer" : "https://sorcerer.ekman.oceanbox.io", "allowedOrigins": [ - "http://atlantis.beta.oceanbox.io", - "https://atlantis.beta.oceanbox.io" + "https://atlantis.beta.oceanbox.io", + "https://atlantis.dev.oceanbox.io", + "https://atlantis.local.oceanbox.io:8080" ], - "otelCollector": "http://opentelemetry-collector.opentelemetry.svc:4317", - "deployEnv": "staging", - "deployName": "atlantis", + "appName": "atlantis", + "appEnv": "staging", + "appNamespace": "atlantis", + "appVersion": "0.0.0", + "otelCollector": "http://opentelemetry-collector.otel.svc:4317", + "pubsubName": "pubsub", + "pubsubTopic": "hipster-atlantis", "slurm": { "baseUrl": "https://hipster-slurmrestd.ekman.oceanbox.io/", "slurmApi": "slurm/v0.0.38/", @@ -40,11 +64,7 @@ }, "amqp": { "auth": "user:bunny", - "host": "10.1.8.60:30673" + "host": "10.255.241.201:31673" }, - "pubsubName": "pubsub", - "pubsubTopic": "hipster-atlantis", - "fenceRadius": 1250.0, - "cerbosUrl": "http://staging-cerbos.idp.svc:3593", - "plainAuthUsers": [] + "fenceRadius": 1250.0 } diff --git a/values/atlantis/staging/bindings.yaml b/values/atlantis/staging/bindings.yaml index ee251a32..5743e5e6 100644 --- a/values/atlantis/staging/bindings.yaml +++ b/values/atlantis/staging/bindings.yaml @@ -11,7 +11,7 @@ spec: name: staging-rabbitmq key: connString - name: queueName - value: staging-hipster-slurm-job-events + value: staging-slurm-job-events - name: durable value: true - name: contentType diff --git a/values/atlantis/staging/configurations.yaml b/values/atlantis/staging/configurations.yaml new file mode 100644 index 00000000..6aa3d301 --- /dev/null +++ b/values/atlantis/staging/configurations.yaml @@ -0,0 +1,20 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: configstore +spec: + type: configuration.redis + version: v1 + metadata: + - name: redisHost + value: staging-redis-master:6379 + - name: redisUsername + value: default + - name: redisPassword + secretKeyRef: + name: staging-redis + key: redis-password + - name: redisDB + value: "2" +scopes: + - atlantis \ No newline at end of file diff --git a/values/atlantis/staging/deployment_patch.yaml b/values/atlantis/staging/deployment_patch.yaml index 9b61eee2..1dc573da 100644 --- a/values/atlantis/staging/deployment_patch.yaml +++ b/values/atlantis/staging/deployment_patch.yaml @@ -1,10 +1,10 @@ -- op: replace - path: /spec/template/spec/containers/0/env/0 - value: - name: LOG_LEVEL - value: "4" - op: add path: /spec/template/spec/containers/0/envFrom/- value: secretRef: - name: staging-atlantis-env + name: azure-keyvault +- op: add + path: /spec/template/spec/containers/0/envFrom/- + value: + secretRef: + name: staging-atlantis-env \ No newline at end of file diff --git a/values/atlantis/staging/keyvault.yaml b/values/atlantis/staging/keyvault.yaml new file mode 100644 index 00000000..a8b2ce2a --- /dev/null +++ b/values/atlantis/staging/keyvault.yaml @@ -0,0 +1,22 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: azure-keyvault +spec: + type: secretstores.azure.keyvault + version: v1 + metadata: + - name: vaultName + value: atlantisvault + - name: azureTenantId + secretKeyRef: + name: azure-keyvault + key: AZURE_TENANT_ID + - name: azureClientId + secretKeyRef: + name: azure-keyvault + key: AZURE_CLIENT_ID + - name: azureClientSecret + secretKeyRef: + name: azure-keyvault + key: AZURE_CLIENT_SECRET \ No newline at end of file diff --git a/values/atlantis/staging/kustomization.yaml b/values/atlantis/staging/kustomization.yaml index 0b7789e3..081d2a18 100644 --- a/values/atlantis/staging/kustomization.yaml +++ b/values/atlantis/staging/kustomization.yaml @@ -4,13 +4,6 @@ configMapGenerator: - name: staging-atlantis-appsettings files: - appsettings.json -secretGenerator: -- name: staging-atlantis-env - envs: - - default.env -- name: staging-atlantis-barentswatch - envs: - - barentswatch-api.env patches: - target: group: apps @@ -19,10 +12,13 @@ patches: path: deployment_patch.yaml resources: - ../base + - rbac.yaml - secrets.yaml - tracing.yaml - bindings.yaml - pubsub.yaml - statestore.yaml - subscriptions.yaml - - configuration.yaml + - configurations.yaml + - secretstore.yaml + - keyvault.yaml \ No newline at end of file diff --git a/values/atlantis/staging/pubsub.yaml b/values/atlantis/staging/pubsub.yaml index 91cc6edb..9acc6b6b 100644 --- a/values/atlantis/staging/pubsub.yaml +++ b/values/atlantis/staging/pubsub.yaml @@ -7,7 +7,7 @@ spec: type: pubsub.rabbitmq metadata: - name: hostname - value: staging + value: staging-rabbitmq.rabbitmq - name: username value: user - name: password @@ -49,4 +49,4 @@ spec: - name: exchangeKind value: fanout - name: clientName - value: "{appID}" + value: "{appID}" \ No newline at end of file diff --git a/values/atlantis/staging/rbac.yaml b/values/atlantis/staging/rbac.yaml new file mode 100644 index 00000000..691cbfa1 --- /dev/null +++ b/values/atlantis/staging/rbac.yaml @@ -0,0 +1,39 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: staging-atlantis + namespace: staging +rules: +- apiGroups: + - "" + resourceNames: + - staging-atlantis-appsettings + resources: + - configmaps + verbs: + - get + - watch +- apiGroups: + - "" + resourceNames: + - azure-keyvault + - staging-redis + resources: + - secrets + verbs: + - get + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: staging-atlantis + namespace: staging +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: staging-atlantis +subjects: +- kind: ServiceAccount + name: staging-atlantis + namespace: staging \ No newline at end of file diff --git a/values/atlantis/staging/secrets.yaml b/values/atlantis/staging/secrets.yaml index 8066d7f5..4f1a4f6a 100644 --- a/values/atlantis/staging/secrets.yaml +++ b/values/atlantis/staging/secrets.yaml @@ -3,6 +3,15 @@ kind: Secret metadata: annotations: kyverno/clone: "true" - name: staging-rabbitmq + name: staging-atlantis-env +type: Opaque +data: +--- +apiVersion: v1 +kind: Secret +metadata: + annotations: + kyverno/clone: "true" + name: azure-keyvault type: Opaque data: \ No newline at end of file diff --git a/values/atlantis/staging/secretstore.yaml b/values/atlantis/staging/secretstore.yaml new file mode 100644 index 00000000..7eedf1a2 --- /dev/null +++ b/values/atlantis/staging/secretstore.yaml @@ -0,0 +1,10 @@ +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: secretstore +spec: + type: secretstores.kubernetes + version: v1 + metadata: + - name: defaultNamespace + value: staging-atlantis \ No newline at end of file diff --git a/values/atlantis/staging/statestore.yaml b/values/atlantis/staging/statestore.yaml index 5c6bd979..5f1c20cb 100644 --- a/values/atlantis/staging/statestore.yaml +++ b/values/atlantis/staging/statestore.yaml @@ -7,12 +7,12 @@ spec: version: v1 metadata: - name: redisHost - value: -redis-master:6379 + value: staging-redis-master:6379 - name: redisUsername value: default - name: redisPassword secretKeyRef: - name: -redis + name: staging-redis key: redis-password - name: actorStateStore value: "true" diff --git a/values/atlantis/staging/tracing.yaml b/values/atlantis/staging/tracing.yaml index f3b3fdf2..1049510b 100644 --- a/values/atlantis/staging/tracing.yaml +++ b/values/atlantis/staging/tracing.yaml @@ -5,5 +5,7 @@ metadata: spec: tracing: samplingRate: "1" - zipkin: - endpointAddress: "http://opentelemetry-collector.otel:9411/api/v2/spans" + otel: + endpointAddress: "opentelemetry-collector.otel.svc.cluster.local:4317" + protocol: grpc + isSecure: false \ No newline at end of file diff --git a/values/atlantis/values-prod.yaml b/values/atlantis/values-prod.yaml index c4a1e9ad..4080101a 100644 --- a/values/atlantis/values-prod.yaml +++ b/values/atlantis/values-prod.yaml @@ -1,7 +1,33 @@ replicaCount: 2 -podAnnotations: - dapr.io/app-id: "prod-atlantis" +env: + - name: APP_NAMESPACE + value: prod-atlantis + - name: APP_VERSION + value: "2.87.0" + - name: LOG_LEVEL + value: "3" + - name: REDIS_USER + value: default + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: prod-redis + key: redis-password + - name: DB_HOST + value: prod-atlantis-db-rw + - name: DB_PORT + value: "5432" + - name: DB_USER + valueFrom: + secretKeyRef: + name: prod-atlantis-db-superuser + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: prod-atlantis-db-superuser + key: password ingress: annotations: @@ -22,27 +48,6 @@ ingress: - maps.oceanbox.io secretName: atlantis-tls -env: - - name: REDIS_USER - value: default - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: prod-redis - key: redis-password - - name: BARENTSWATCH_CLIENT_ID - valueFrom: - secretKeyRef: - name: prod-atlantis-barentswatch - key: secret - optional: true - - name: BARENTSWATCH_SECRET - valueFrom: - secretKeyRef: - name: prod-atlantis-barentswatch - key: client-id - optional: true - resources: limits: cpu: 250m diff --git a/values/atlantis/values-staging.yaml b/values/atlantis/values-staging.yaml index 48065046..7d29018c 100644 --- a/values/atlantis/values-staging.yaml +++ b/values/atlantis/values-staging.yaml @@ -1,11 +1,37 @@ replicaCount: 2 -podAnnotations: - dapr.io/app-id: "staging-atlantis" - image: tag: 7f3512e0-debug +env: + - name: APP_NAMESPACE + value: staging-atlantis + - name: APP_VERSION + value: "2.87.0" + - name: LOG_LEVEL + value: "3" + - name: REDIS_USER + value: default + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: staging-redis + key: redis-password + - name: DB_HOST + value: staging-atlantis-db-rw + - name: DB_PORT + value: "5432" + - name: DB_USER + valueFrom: + secretKeyRef: + name: staging-atlantis-db-superuser + key: username + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: staging-atlantis-db-superuser + key: password + ingress: annotations: cert-manager.io/cluster-issuer: letsencrypt-production @@ -35,27 +61,6 @@ ingress: - beta.oceanbox.io secretName: staging-atlantis-tls -env: - - name: REDIS_USER - value: default - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: staging-redis - key: redis-password - - name: BARENTSWATCH_CLIENT_ID - valueFrom: - secretKeyRef: - name: staging-atlantis-barentswatch - key: secret - optional: true - - name: BARENTSWATCH_SECRET - valueFrom: - secretKeyRef: - name: staging-atlantis-barentswatch - key: client-id - optional: true - resources: limits: cpu: 250m