platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

feat: update atlantis chart, values and app for spmsa

Browse Source
This commit is contained in:
Jonas Juselius
2024-12-09 10:49:02 +01:00
parent 6ba97b006b
commit ca6b80d13f
30 changed files with 406 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/staging-atlantis.yaml
+31
View File
@@ -0,0 +1,31 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: staging-atlantis
namespace: argocd
spec:
template:
metadata:
name: staging-atlantis
spec:
project: atlantis
destination:
namespace: staging-atlantis
server: https://kubernetes.default.svc
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: nixidy
path: values/atlantis
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: staging
- name: hostname
string: atlantis.beta.oceanbox.io
templatePatch: |
spec:
syncPolicy:
automated:
prune: true
selfHeal: true
values/atlantis/base/deployment_patch.yaml
-13
View File
@@ -7,16 +7,3 @@
- op: add - op: add
path: /spec/template/spec/containers/0/envFrom path: /spec/template/spec/containers/0/envFrom
value: [] value: []
- op: add
path: /spec/template/spec/containers/0/volumeMounts/-
value:
name: acl
mountPath: /app/acl.json
subPath: acl.json
readOnly: true
- op: add
path: /spec/template/spec/volumes/-
value:
name: acl
configMap:
name: petimeter-acl
values/atlantis/base/kustomization.yaml
-7
View File
@@ -1,12 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1 apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
namespace: atlantis
generatorOptions:
disableNameSuffixHash: true
configmapGenerator:
- name: petimeter-acl
files:
- acl.json
patches: patches:
- target: - target:
version: v1 version: v1
values/atlantis/base/service_patch.yaml
+7
View File
@@ -0,0 +1,7 @@
- op: add
path: /spec/ports/-
value:
name: intra
port: 8000
protocol: TCP
targetPort: 8000
values/atlantis/prod/appsettings.json
+33 -16
View File
@@ -15,24 +15,45 @@
"profile" "profile"
] ]
}, },
"redis": "prod-redis-master.redis.svc,user=default,password=secret",
"sso": { "sso": {
"cookieDomain": ".oceanbox.io", "cookieDomain": ".oceanbox.io",
"cookieName": ".obx.prod",
"signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html", "signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html",
"appDomain": "atlantis", "realm": "atlantis",
"dataProtectionKeys": "DataProtection-Keys" "environment": "prod",
"keyStore": "azure",
"certStore": "https://atlantis.blob.core.windows.net",
"dataProtectionKeys": "https://atlantisvault.vault.azure.net/keys/dataprotection"
}, },
"archmeister" : "https://archmeister.srv.oceanbox.io", "fga": {
"sorcerer" : "https://sorcerer.data.oceanbox.io", "apiUrl": "https://openfga.dev.oceanbox.io",
"apiKey": "",
"storeId": "01J6C1NBX36E1B928HFSB123XQ",
"modelId": "01JEK1NC93GXA8TKGK6FB5CG3X"
},
"plainAuthUsers": [
{
"username": "admin",
"password": "en-to-tre-fire",
"groups": [ "/oceanbox" ],
"roles": [ "admin" ]
}
],
"redis": "prod-redis-master:6379",
"objectStore": "https://atlantis.blob.core.windows.net",
"connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;",
"sorcerer" : "https://sorcerer.ekman.oceanbox.io",
"allowedOrigins": [ "allowedOrigins": [
"http://maps.oceanbox.io",
"https://maps.oceanbox.io", "https://maps.oceanbox.io",
"http://atlantis.srv.oceanbox.io",
"https://atlantis.srv.oceanbox.io" "https://atlantis.srv.oceanbox.io"
], ],
"otelCollector": "http://opentelemetry-collector.opentelemetry.svc:4317", "appName": "atlantis",
"deployEnv": "prod", "appEnv": "prod",
"deployName": "atlantis", "appNamespace": "atlantis",
"appVersion": "2.90.0",
"otelCollector": "http://opentelemetry-collector.otel.svc:4317",
"pubsubName": "pubsub",
"pubsubTopic": "hipster-atlantis",
"slurm": { "slurm": {
"baseUrl": "https://hipster-slurmrestd.ekman.oceanbox.io/", "baseUrl": "https://hipster-slurmrestd.ekman.oceanbox.io/",
"slurmApi": "slurm/v0.0.38/", "slurmApi": "slurm/v0.0.38/",
@@ -42,11 +63,7 @@
}, },
"amqp": { "amqp": {
"auth": "user:bunny", "auth": "user:bunny",
"host": "10.1.8.60:30673" "host": "10.255.241.201:30673"
}, },
"pubsubName": "pubsub", "fenceRadius": 1250.0
"pubsubTopic": "hipster-atlantis",
"fenceRadius": 1250.0,
"cerbosUrl": "http://prod-cerbos.idp.svc:3593",
"plainAuthUsers": []
} }
values/atlantis/prod/bindings.yaml
+1 -1
View File
@@ -11,7 +11,7 @@ spec:
name: prod-rabbitmq name: prod-rabbitmq
key: connString key: connString
- name: queueName - name: queueName
value: prod-hipster-slurm-job-events value: prod-slurm-job-events
- name: durable - name: durable
value: true value: true
- name: contentType - name: contentType
values/atlantis/prod/configurations.yaml
+20
View File
@@ -0,0 +1,20 @@
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: configstore
spec:
type: configuration.redis
version: v1
metadata:
- name: redisHost
value: prod-redis-master:6379
- name: redisUsername
value: default
- name: redisPassword
secretKeyRef:
name: prod-redis
key: redis-password
- name: redisDB
value: "2"
scopes:
- atlantis
values/atlantis/prod/deployment_patch.yaml
+4 -4
View File
@@ -1,8 +1,8 @@
- op: replace - op: add
path: /spec/template/spec/containers/0/env/0 path: /spec/template/spec/containers/0/envFrom/-
value: value:
name: LOG_LEVEL secretRef:
value: "4" name: azure-keyvault
- op: add - op: add
path: /spec/template/spec/containers/0/envFrom/- path: /spec/template/spec/containers/0/envFrom/-
value: value:
values/atlantis/prod/keyvault.yaml
+22
View File
@@ -0,0 +1,22 @@
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: azure-keyvault
spec:
type: secretstores.azure.keyvault
version: v1
metadata:
- name: vaultName
value: atlantisvault
- name: azureTenantId
secretKeyRef:
name: azure-keyvault
key: AZURE_TENANT_ID
- name: azureClientId
secretKeyRef:
name: azure-keyvault
key: AZURE_CLIENT_ID
- name: azureClientSecret
secretKeyRef:
name: azure-keyvault
key: AZURE_CLIENT_SECRET
values/atlantis/prod/kustomization.yaml
+4 -7
View File
@@ -4,13 +4,6 @@ configMapGenerator:
- name: prod-atlantis-appsettings - name: prod-atlantis-appsettings
files: files:
- appsettings.json - appsettings.json
secretGenerator:
- name: prod-atlantis-env
envs:
- default.env
- name: prod-atlantis-barentswatch
envs:
- barentswatch-api.env
patches: patches:
- target: - target:
group: apps group: apps
@@ -19,9 +12,13 @@ patches:
path: deployment_patch.yaml path: deployment_patch.yaml
resources: resources:
- ../base - ../base
- rbac.yaml
- secrets.yaml - secrets.yaml
- tracing.yaml - tracing.yaml
- bindings.yaml - bindings.yaml
- pubsub.yaml - pubsub.yaml
- statestore.yaml - statestore.yaml
- subscriptions.yaml - subscriptions.yaml
- configurations.yaml
- secretstore.yaml
- keyvault.yaml
values/atlantis/prod/pubsub.yaml
+1 -1
View File
@@ -7,7 +7,7 @@ spec:
type: pubsub.rabbitmq type: pubsub.rabbitmq
metadata: metadata:
- name: hostname - name: hostname
value: prod value: prod-rabbitmq.rabbitmq
- name: username - name: username
value: user value: user
- name: password - name: password
values/atlantis/prod/rbac.yaml
+39
View File
@@ -0,0 +1,39 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: prod-atlantis
namespace: prod
rules:
- apiGroups:
- ""
resourceNames:
- prod-atlantis-appsettings
resources:
- configmaps
verbs:
- get
- watch
- apiGroups:
- ""
resourceNames:
- azure-keyvault
- prod-redis
resources:
- secrets
verbs:
- get
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: prod-atlantis
namespace: prod
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: prod-atlantis
subjects:
- kind: ServiceAccount
name: prod-atlantis
namespace: prod
values/atlantis/prod/secrets.yaml
+10 -1
View File
@@ -3,6 +3,15 @@ kind: Secret
metadata: metadata:
annotations: annotations:
kyverno/clone: "true" kyverno/clone: "true"
name: prod-rabbitmq name: prod-atlantis-env
type: Opaque
data:
---
apiVersion: v1
kind: Secret
metadata:
annotations:
kyverno/clone: "true"
name: azure-keyvault
type: Opaque type: Opaque
data: data:
values/atlantis/prod/secretstore.yaml
+10
View File
@@ -0,0 +1,10 @@
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: secretstore
spec:
type: secretstores.kubernetes
version: v1
metadata:
- name: defaultNamespace
value: prod-atlantis
values/atlantis/prod/statestore.yaml
+2 -2
View File
@@ -7,12 +7,12 @@ spec:
version: v1 version: v1
metadata: metadata:
- name: redisHost - name: redisHost
value: <x>-redis-master:6379 value: prod-redis-master:6379
- name: redisUsername - name: redisUsername
value: default value: default
- name: redisPassword - name: redisPassword
secretKeyRef: secretKeyRef:
name: <x>-redis name: prod-redis
key: redis-password key: redis-password
- name: actorStateStore - name: actorStateStore
value: "true" value: "true"
values/atlantis/prod/tracing.yaml
+4 -2
View File
@@ -5,5 +5,7 @@ metadata:
spec: spec:
tracing: tracing:
samplingRate: "1" samplingRate: "1"
zipkin: otel:
endpointAddress: "http://opentelemetry-collector.otel.svc.cluster.local:9411/api/v2/spans" endpointAddress: "opentelemetry-collector.otel.svc.cluster.local:4317"
protocol: grpc
isSecure: false
values/atlantis/staging/appsettings.json
+35 -15
View File
@@ -15,22 +15,46 @@
"profile" "profile"
] ]
}, },
"redis": "staging-redis-master.redis.svc,user=default,password=secret",
"sso": { "sso": {
"cookieDomain": ".oceanbox.io", "cookieDomain": ".oceanbox.io",
"cookieName": ".obx.staging",
"signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html", "signedOutRedirectUri": "https://idp.oceanbox.io/dex/static/logout.html",
"appDomain": "atlantis", "realm": "atlantis",
"dataProtectionKeys": "DataProtection-Keys" "environment": "staging",
"keyStore": "azure",
"certStore": "https://atlantis.blob.core.windows.net",
"dataProtectionKeys": "https://atlantisvault.vault.azure.net/keys/dataprotection"
}, },
"archmeister" : "https://archmeister.beta.oceanbox.io", "fga": {
"apiUrl": "https://openfga.dev.oceanbox.io",
"apiKey": "",
"storeId": "01J6C1NBX36E1B928HFSB123XQ",
"modelId": "01JEK1NC93GXA8TKGK6FB5CG3X"
},
"plainAuthUsers": [
{
"username": "admin",
"password": "en-to-tre-fire",
"groups": [ "/oceanbox" ],
"roles": [ "admin" ]
}
],
"redis": "staging-redis-master:6379",
"objectStore": "https://atlantis.blob.core.windows.net",
"connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;",
"sorcerer" : "https://sorcerer.ekman.oceanbox.io", "sorcerer" : "https://sorcerer.ekman.oceanbox.io",
"allowedOrigins": [ "allowedOrigins": [
"http://atlantis.beta.oceanbox.io", "https://atlantis.beta.oceanbox.io",
"https://atlantis.beta.oceanbox.io" "https://atlantis.dev.oceanbox.io",
"https://atlantis.local.oceanbox.io:8080"
], ],
"otelCollector": "http://opentelemetry-collector.opentelemetry.svc:4317", "appName": "atlantis",
"deployEnv": "staging", "appEnv": "staging",
"deployName": "atlantis", "appNamespace": "atlantis",
"appVersion": "0.0.0",
"otelCollector": "http://opentelemetry-collector.otel.svc:4317",
"pubsubName": "pubsub",
"pubsubTopic": "hipster-atlantis",
"slurm": { "slurm": {
"baseUrl": "https://hipster-slurmrestd.ekman.oceanbox.io/", "baseUrl": "https://hipster-slurmrestd.ekman.oceanbox.io/",
"slurmApi": "slurm/v0.0.38/", "slurmApi": "slurm/v0.0.38/",
@@ -40,11 +64,7 @@
}, },
"amqp": { "amqp": {
"auth": "user:bunny", "auth": "user:bunny",
"host": "10.1.8.60:30673" "host": "10.255.241.201:31673"
}, },
"pubsubName": "pubsub", "fenceRadius": 1250.0
"pubsubTopic": "hipster-atlantis",
"fenceRadius": 1250.0,
"cerbosUrl": "http://staging-cerbos.idp.svc:3593",
"plainAuthUsers": []
} }
values/atlantis/staging/bindings.yaml
+1 -1
View File
@@ -11,7 +11,7 @@ spec:
name: staging-rabbitmq name: staging-rabbitmq
key: connString key: connString
- name: queueName - name: queueName
value: staging-hipster-slurm-job-events value: staging-slurm-job-events
- name: durable - name: durable
value: true value: true
- name: contentType - name: contentType
values/atlantis/staging/configurations.yaml
+20
View File
@@ -0,0 +1,20 @@
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: configstore
spec:
type: configuration.redis
version: v1
metadata:
- name: redisHost
value: staging-redis-master:6379
- name: redisUsername
value: default
- name: redisPassword
secretKeyRef:
name: staging-redis
key: redis-password
- name: redisDB
value: "2"
scopes:
- atlantis
values/atlantis/staging/deployment_patch.yaml
+4 -4
View File
@@ -1,8 +1,8 @@
- op: replace - op: add
path: /spec/template/spec/containers/0/env/0 path: /spec/template/spec/containers/0/envFrom/-
value: value:
name: LOG_LEVEL secretRef:
value: "4" name: azure-keyvault
- op: add - op: add
path: /spec/template/spec/containers/0/envFrom/- path: /spec/template/spec/containers/0/envFrom/-
value: value:
values/atlantis/staging/keyvault.yaml
+22
View File
@@ -0,0 +1,22 @@
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: azure-keyvault
spec:
type: secretstores.azure.keyvault
version: v1
metadata:
- name: vaultName
value: atlantisvault
- name: azureTenantId
secretKeyRef:
name: azure-keyvault
key: AZURE_TENANT_ID
- name: azureClientId
secretKeyRef:
name: azure-keyvault
key: AZURE_CLIENT_ID
- name: azureClientSecret
secretKeyRef:
name: azure-keyvault
key: AZURE_CLIENT_SECRET
values/atlantis/staging/kustomization.yaml
+4 -8
View File
@@ -4,13 +4,6 @@ configMapGenerator:
- name: staging-atlantis-appsettings - name: staging-atlantis-appsettings
files: files:
- appsettings.json - appsettings.json
secretGenerator:
- name: staging-atlantis-env
envs:
- default.env
- name: staging-atlantis-barentswatch
envs:
- barentswatch-api.env
patches: patches:
- target: - target:
group: apps group: apps
@@ -19,10 +12,13 @@ patches:
path: deployment_patch.yaml path: deployment_patch.yaml
resources: resources:
- ../base - ../base
- rbac.yaml
- secrets.yaml - secrets.yaml
- tracing.yaml - tracing.yaml
- bindings.yaml - bindings.yaml
- pubsub.yaml - pubsub.yaml
- statestore.yaml - statestore.yaml
- subscriptions.yaml - subscriptions.yaml
- configuration.yaml - configurations.yaml
- secretstore.yaml
- keyvault.yaml
values/atlantis/staging/pubsub.yaml
+1 -1
View File
@@ -7,7 +7,7 @@ spec:
type: pubsub.rabbitmq type: pubsub.rabbitmq
metadata: metadata:
- name: hostname - name: hostname
value: staging value: staging-rabbitmq.rabbitmq
- name: username - name: username
value: user value: user
- name: password - name: password
values/atlantis/staging/rbac.yaml
+39
View File
@@ -0,0 +1,39 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: staging-atlantis
namespace: staging
rules:
- apiGroups:
- ""
resourceNames:
- staging-atlantis-appsettings
resources:
- configmaps
verbs:
- get
- watch
- apiGroups:
- ""
resourceNames:
- azure-keyvault
- staging-redis
resources:
- secrets
verbs:
- get
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: staging-atlantis
namespace: staging
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: staging-atlantis
subjects:
- kind: ServiceAccount
name: staging-atlantis
namespace: staging
values/atlantis/staging/secrets.yaml
+10 -1
View File
@@ -3,6 +3,15 @@ kind: Secret
metadata: metadata:
annotations: annotations:
kyverno/clone: "true" kyverno/clone: "true"
name: staging-rabbitmq name: staging-atlantis-env
type: Opaque
data:
---
apiVersion: v1
kind: Secret
metadata:
annotations:
kyverno/clone: "true"
name: azure-keyvault
type: Opaque type: Opaque
data: data:
values/atlantis/staging/secretstore.yaml
+10
View File
@@ -0,0 +1,10 @@
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: secretstore
spec:
type: secretstores.kubernetes
version: v1
metadata:
- name: defaultNamespace
value: staging-atlantis
values/atlantis/staging/statestore.yaml
+2 -2
View File
@@ -7,12 +7,12 @@ spec:
version: v1 version: v1
metadata: metadata:
- name: redisHost - name: redisHost
value: <x>-redis-master:6379 value: staging-redis-master:6379
- name: redisUsername - name: redisUsername
value: default value: default
- name: redisPassword - name: redisPassword
secretKeyRef: secretKeyRef:
name: <x>-redis name: staging-redis
key: redis-password key: redis-password
- name: actorStateStore - name: actorStateStore
value: "true" value: "true"
values/atlantis/staging/tracing.yaml
+4 -2
View File
@@ -5,5 +5,7 @@ metadata:
spec: spec:
tracing: tracing:
samplingRate: "1" samplingRate: "1"
zipkin: otel:
endpointAddress: "http://opentelemetry-collector.otel:9411/api/v2/spans" endpointAddress: "opentelemetry-collector.otel.svc.cluster.local:4317"
protocol: grpc
isSecure: false
values/atlantis/values-prod.yaml
+28 -23
View File
@@ -1,7 +1,33 @@
replicaCount: 2 replicaCount: 2
podAnnotations: env:
dapr.io/app-id: "prod-atlantis" - name: APP_NAMESPACE
value: prod-atlantis
- name: APP_VERSION
value: "2.87.0"
- name: LOG_LEVEL
value: "3"
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: prod-redis
key: redis-password
- name: DB_HOST
value: prod-atlantis-db-rw
- name: DB_PORT
value: "5432"
- name: DB_USER
valueFrom:
secretKeyRef:
name: prod-atlantis-db-superuser
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: prod-atlantis-db-superuser
key: password
ingress: ingress:
annotations: annotations:
@@ -22,27 +48,6 @@ ingress:
- maps.oceanbox.io - maps.oceanbox.io
secretName: atlantis-tls secretName: atlantis-tls
env:
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: prod-redis
key: redis-password
- name: BARENTSWATCH_CLIENT_ID
valueFrom:
secretKeyRef:
name: prod-atlantis-barentswatch
key: secret
optional: true
- name: BARENTSWATCH_SECRET
valueFrom:
secretKeyRef:
name: prod-atlantis-barentswatch
key: client-id
optional: true
resources: resources:
limits: limits:
cpu: 250m cpu: 250m
values/atlantis/values-staging.yaml
+29 -24
View File
@@ -1,11 +1,37 @@
replicaCount: 2 replicaCount: 2
podAnnotations:
dapr.io/app-id: "staging-atlantis"
image: image:
tag: 7f3512e0-debug tag: 7f3512e0-debug
env:
- name: APP_NAMESPACE
value: staging-atlantis
- name: APP_VERSION
value: "2.87.0"
- name: LOG_LEVEL
value: "3"
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: staging-redis
key: redis-password
- name: DB_HOST
value: staging-atlantis-db-rw
- name: DB_PORT
value: "5432"
- name: DB_USER
valueFrom:
secretKeyRef:
name: staging-atlantis-db-superuser
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: staging-atlantis-db-superuser
key: password
ingress: ingress:
annotations: annotations:
cert-manager.io/cluster-issuer: letsencrypt-production cert-manager.io/cluster-issuer: letsencrypt-production
@@ -35,27 +61,6 @@ ingress:
- beta.oceanbox.io - beta.oceanbox.io
secretName: staging-atlantis-tls secretName: staging-atlantis-tls
env:
- name: REDIS_USER
value: default
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: staging-redis
key: redis-password
- name: BARENTSWATCH_CLIENT_ID
valueFrom:
secretKeyRef:
name: staging-atlantis-barentswatch
key: secret
optional: true
- name: BARENTSWATCH_SECRET
valueFrom:
secretKeyRef:
name: staging-atlantis-barentswatch
key: client-id
optional: true
resources: resources:
limits: limits:
cpu: 250m cpu: 250m