From 5427020d42a376218308cc56287187565d1c81a3 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Fri, 31 Oct 2025 12:00:10 +0000 Subject: [PATCH 001/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 4b4fc8c6..71278d44 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "6efcdecb-debug" + tag: "7b857683-debug" env: - name: APP_VERSION value: "0.0.0-staging" From cc2ac7a2ed60aa0fe8a3e3528a1ce3c2ba332642 Mon Sep 17 00:00:00 2001 From: Stig Rune Jensen Date: Fri, 31 Oct 2025 13:50:30 +0000 Subject: [PATCH 002/108] ci: atlantis --- values/atlantis/values/values-staging.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/atlantis/values/values-staging.yaml.gotmpl b/values/atlantis/values/values-staging.yaml.gotmpl index 161cb870..2c8e5c1a 100644 --- a/values/atlantis/values/values-staging.yaml.gotmpl +++ b/values/atlantis/values/values-staging.yaml.gotmpl @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: e9c21c12-debug + tag: 49d50b4b-debug podAnnotations: dapr.io/app-id: "staging-atlantis" env: From aebd203e137170d4e2e24a30c2f32e3df42d9203 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Fri, 31 Oct 2025 13:54:03 +0000 Subject: [PATCH 003/108] ci: atlantis --- charts/atlantis/Chart.yaml | 4 ++-- charts/atlantis/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml index 92e7a1b9..b1ed96d0 100644 --- a/charts/atlantis/Chart.yaml +++ b/charts/atlantis/Chart.yaml @@ -4,7 +4,7 @@ description: Atlantis map and simulation service type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.27.0 +version: v1.27.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.27.0 +appVersion: v1.27.1 diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml index d67fc53d..0b3f125e 100644 --- a/charts/atlantis/values.yaml +++ b/charts/atlantis/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/poseidon/atlantis - tag: v1.27.0 + tag: v1.27.1 pullPolicy: IfNotPresent init: enabled: false From 22113a4e1ed90f8432ed293d9d3422680d1977f6 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Fri, 31 Oct 2025 13:54:10 +0000 Subject: [PATCH 004/108] ci: sorcerer --- charts/sorcerer/Chart.yaml | 4 ++-- charts/sorcerer/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/sorcerer/Chart.yaml b/charts/sorcerer/Chart.yaml index 6cb3b8f0..96bfd350 100644 --- a/charts/sorcerer/Chart.yaml +++ b/charts/sorcerer/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.27.0 +version: v1.27.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.27.0 +appVersion: v1.27.1 diff --git a/charts/sorcerer/values.yaml b/charts/sorcerer/values.yaml index d8a7abda..57e0f11a 100644 --- a/charts/sorcerer/values.yaml +++ b/charts/sorcerer/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/poseidon/sorcerer - tag: v1.27.0 + tag: v1.27.1 pullPolicy: IfNotPresent init: enabled: false From 86aef8dd2eccf126b8479321c6b8d724151b7568 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Fri, 31 Oct 2025 15:27:32 +0100 Subject: [PATCH 005/108] fix(hs): Add new DNSes --- values/headscale/values/values.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/values/headscale/values/values.yaml b/values/headscale/values/values.yaml index f3c2ef49..a6e4128c 100644 --- a/values/headscale/values/values.yaml +++ b/values/headscale/values/values.yaml @@ -307,6 +307,7 @@ configMaps: { "name": "jonas-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" }, { "name": "jonas-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, + { "name": "jonas-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "stig-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" }, { "name": "stig-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "stig-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, @@ -316,8 +317,10 @@ configMaps: { "name": "mrtz-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "mrtz-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "simkir-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" }, + { "name": "simkir-user-portal.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" }, { "name": "simkir-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "simkir-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "ole-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" }, { "name": "ole-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" } + { "name": "ole-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, ] From e3a3093a9f0e58c09b78baf15860dfa2dcd6187f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Fri, 31 Oct 2025 15:33:29 +0100 Subject: [PATCH 006/108] fix(hs): Add comma... --- values/headscale/values/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/headscale/values/values.yaml b/values/headscale/values/values.yaml index a6e4128c..93512988 100644 --- a/values/headscale/values/values.yaml +++ b/values/headscale/values/values.yaml @@ -321,6 +321,6 @@ configMaps: { "name": "simkir-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "simkir-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "ole-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" }, - { "name": "ole-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" } + { "name": "ole-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "ole-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, ] From 0e3b627c4807839c6eae6af29c4ed0bacc6a7eec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Fri, 31 Oct 2025 15:35:19 +0100 Subject: [PATCH 007/108] fix(hs): Remove comma... --- values/headscale/values/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/headscale/values/values.yaml b/values/headscale/values/values.yaml index 93512988..00db1d78 100644 --- a/values/headscale/values/values.yaml +++ b/values/headscale/values/values.yaml @@ -322,5 +322,5 @@ configMaps: { "name": "simkir-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, { "name": "ole-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" }, { "name": "ole-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, - { "name": "ole-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" }, + { "name": "ole-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" } ] From c893082e6f48971608dac22c1a6f475f94b599fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Sat, 1 Nov 2025 14:00:11 +0100 Subject: [PATCH 008/108] fix(cert-manager): Allow webhook -> remote-node --- .../policies/allow-remote-node-webhook.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 values/cert-manager/manifests/policies/allow-remote-node-webhook.yaml diff --git a/values/cert-manager/manifests/policies/allow-remote-node-webhook.yaml b/values/cert-manager/manifests/policies/allow-remote-node-webhook.yaml new file mode 100644 index 00000000..2a8bac65 --- /dev/null +++ b/values/cert-manager/manifests/policies/allow-remote-node-webhook.yaml @@ -0,0 +1,18 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-remote-node-webhooks + namespace: cert-manager +spec: + endpointSelector: + matchLabels: {} + ingress: + - fromEntities: + - kube-apiserver + - remote-node + - toPorts: + - ports: + - port: "8443" + protocol: TCP +{{- end }} From 2f63fec383b22da8feafc5efae9758cb1cc6bf4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Sat, 1 Nov 2025 14:07:01 +0100 Subject: [PATCH 009/108] fix(prom): Allow larger requests before 413 --- values/prometheus/values/prometheus.yaml.gotmpl | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/values/prometheus/values/prometheus.yaml.gotmpl b/values/prometheus/values/prometheus.yaml.gotmpl index 45024145..76c90497 100644 --- a/values/prometheus/values/prometheus.yaml.gotmpl +++ b/values/prometheus/values/prometheus.yaml.gotmpl @@ -173,6 +173,9 @@ grafana: annotations: cert-manager.io/cluster-issuer: {{ .Values.clusterConfig.ingress_clusterissuer }} nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" {{- with .Values.clusterConfig.ingress_whitelist}} nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }} {{- end }} @@ -458,6 +461,9 @@ prometheus: annotations: cert-manager.io/cluster-issuer: {{ .Values.clusterConfig.ingress_clusterissuer }} nginx.ingress.kubernetes.io/ssl-redirect: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "0" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" {{- with .Values.clusterConfig.ingress_whitelist }} nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }} {{- end }} From 1f4d5af455bc982998cb1eecff37a76c1fcb965f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Sun, 2 Nov 2025 16:37:27 +0000 Subject: [PATCH 010/108] ci: plume --- values/plume/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/plume/values/values-staging.yaml b/values/plume/values/values-staging.yaml index 6d9a0bcf..a46522f1 100644 --- a/values/plume/values/values-staging.yaml +++ b/values/plume/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: 544657c0-debug + tag: 121f49c9-debug podAnnotations: dapr.io/enabled: "true" dapr.io/app-id: "staging-plume" From b13c2c74f7b9c79dc0e6848e1bf742cfe76b986d Mon Sep 17 00:00:00 2001 From: Stig Rune Jensen Date: Mon, 3 Nov 2025 11:24:45 +0000 Subject: [PATCH 011/108] ci: atlantis --- values/atlantis/values/values-staging.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/atlantis/values/values-staging.yaml.gotmpl b/values/atlantis/values/values-staging.yaml.gotmpl index 2c8e5c1a..242d415e 100644 --- a/values/atlantis/values/values-staging.yaml.gotmpl +++ b/values/atlantis/values/values-staging.yaml.gotmpl @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: 49d50b4b-debug + tag: dacc30da-debug podAnnotations: dapr.io/app-id: "staging-atlantis" env: From 9bd4ea4d63faa8e4831115c888b6ee2a0e3aa328 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Mon, 3 Nov 2025 11:26:48 +0000 Subject: [PATCH 012/108] ci: atlantis --- charts/atlantis/Chart.yaml | 4 ++-- charts/atlantis/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml index b1ed96d0..ebf2b1dc 100644 --- a/charts/atlantis/Chart.yaml +++ b/charts/atlantis/Chart.yaml @@ -4,7 +4,7 @@ description: Atlantis map and simulation service type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.27.1 +version: v1.27.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.27.1 +appVersion: v1.27.2 diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml index 0b3f125e..8b8fef32 100644 --- a/charts/atlantis/values.yaml +++ b/charts/atlantis/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/poseidon/atlantis - tag: v1.27.1 + tag: v1.27.2 pullPolicy: IfNotPresent init: enabled: false From e6c3a6c77716d9a764ac601a9b6c3c04df40f460 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Mon, 3 Nov 2025 11:26:49 +0000 Subject: [PATCH 013/108] ci: sorcerer --- charts/sorcerer/Chart.yaml | 4 ++-- charts/sorcerer/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/sorcerer/Chart.yaml b/charts/sorcerer/Chart.yaml index 96bfd350..dc293825 100644 --- a/charts/sorcerer/Chart.yaml +++ b/charts/sorcerer/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.27.1 +version: v1.27.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.27.1 +appVersion: v1.27.2 diff --git a/charts/sorcerer/values.yaml b/charts/sorcerer/values.yaml index 57e0f11a..9cb10636 100644 --- a/charts/sorcerer/values.yaml +++ b/charts/sorcerer/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/poseidon/sorcerer - tag: v1.27.1 + tag: v1.27.2 pullPolicy: IfNotPresent init: enabled: false From fc82f19ca9c80eb12ea14def548ee188ffff0319 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Mon, 3 Nov 2025 11:28:07 +0000 Subject: [PATCH 014/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 71278d44..30706e9d 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "7b857683-debug" + tag: "b43ffe62-debug" env: - name: APP_VERSION value: "0.0.0-staging" From e543920d8328081bdd847e5f73b69001a7a64573 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Mon, 3 Nov 2025 13:04:40 +0000 Subject: [PATCH 015/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 30706e9d..f6ba44a5 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "b43ffe62-debug" + tag: "4c91c0a8-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 7b11734163a45cf3601876b952d0aeecec4055aa Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Mon, 3 Nov 2025 13:44:49 +0000 Subject: [PATCH 016/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index f6ba44a5..70cf59c3 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "4c91c0a8-debug" + tag: "ed4e7f46-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 1e45c8d5c02b5754d70e683e8b917840cae36703 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Tue, 4 Nov 2025 08:22:38 +0000 Subject: [PATCH 017/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 70cf59c3..bc0986fc 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "ed4e7f46-debug" + tag: "c5dc4b58-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 9e979f4e76f93ce0276042549d4d2783e66a3a80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 4 Nov 2025 10:43:21 +0100 Subject: [PATCH 018/108] fix(argo): Disable argo workflows --- values/argo/env.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/argo/env.yaml.gotmpl b/values/argo/env.yaml.gotmpl index ce91e055..9e70b222 100644 --- a/values/argo/env.yaml.gotmpl +++ b/values/argo/env.yaml.gotmpl @@ -5,7 +5,7 @@ argo: rollouts: enabled: false workflows: - enabled: true + enabled: false argocd: autosync: true From 0dec78f83c82e604b2400f6fd81a23c2d939e482 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Tue, 4 Nov 2025 14:43:18 +0000 Subject: [PATCH 019/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index bc0986fc..15198753 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "c5dc4b58-debug" + tag: "7f9604dd-debug" env: - name: APP_VERSION value: "0.0.0-staging" From ae16e601a101b835e75562c98c03df9b9cbc1411 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Wed, 5 Nov 2025 08:51:25 +0000 Subject: [PATCH 020/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 15198753..13e1a14f 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "7f9604dd-debug" + tag: "8a554ecf-debug" env: - name: APP_VERSION value: "0.0.0-staging" From efd21618f5ab7bf9dbb85478c6b0c34137d61323 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Wed, 5 Nov 2025 11:32:29 +0000 Subject: [PATCH 021/108] ci: atlantis --- values/atlantis/values/values-staging.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/atlantis/values/values-staging.yaml.gotmpl b/values/atlantis/values/values-staging.yaml.gotmpl index 242d415e..b79d22cf 100644 --- a/values/atlantis/values/values-staging.yaml.gotmpl +++ b/values/atlantis/values/values-staging.yaml.gotmpl @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: dacc30da-debug + tag: b50fe38a-debug podAnnotations: dapr.io/app-id: "staging-atlantis" env: From 8ea98d36cbb6454c5bbe9ac8a11b5b94139af3c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Wed, 5 Nov 2025 11:32:29 +0000 Subject: [PATCH 022/108] ci: sorcerer --- values/sorcerer/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/sorcerer/values/values-staging.yaml b/values/sorcerer/values/values-staging.yaml index 881dfc3a..bcba1974 100644 --- a/values/sorcerer/values/values-staging.yaml +++ b/values/sorcerer/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: e9c21c12-debug + tag: b50fe38a-debug podAnnotations: dapr.io/enabled: "true" dapr.io/app-id: "staging-sorcerer" From a9fa7ac6930301b15bff109873a40b790cb5e9fc Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Wed, 5 Nov 2025 11:35:34 +0000 Subject: [PATCH 023/108] ci: atlantis --- charts/atlantis/Chart.yaml | 4 ++-- charts/atlantis/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml index ebf2b1dc..66133617 100644 --- a/charts/atlantis/Chart.yaml +++ b/charts/atlantis/Chart.yaml @@ -4,7 +4,7 @@ description: Atlantis map and simulation service type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.27.2 +version: v1.28.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.27.2 +appVersion: v1.28.0 diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml index 8b8fef32..da3af981 100644 --- a/charts/atlantis/values.yaml +++ b/charts/atlantis/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/poseidon/atlantis - tag: v1.27.2 + tag: v1.28.0 pullPolicy: IfNotPresent init: enabled: false From 7e49d65cd0d364489570d61e09faaf0ab488a815 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Wed, 5 Nov 2025 11:35:37 +0000 Subject: [PATCH 024/108] ci: sorcerer --- charts/sorcerer/Chart.yaml | 4 ++-- charts/sorcerer/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/sorcerer/Chart.yaml b/charts/sorcerer/Chart.yaml index dc293825..4a5d21ab 100644 --- a/charts/sorcerer/Chart.yaml +++ b/charts/sorcerer/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.27.2 +version: v1.28.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.27.2 +appVersion: v1.28.0 diff --git a/charts/sorcerer/values.yaml b/charts/sorcerer/values.yaml index 9cb10636..c5e6f4b1 100644 --- a/charts/sorcerer/values.yaml +++ b/charts/sorcerer/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/poseidon/sorcerer - tag: v1.27.2 + tag: v1.28.0 pullPolicy: IfNotPresent init: enabled: false From d15a639e38a3ea518375d26036ff9669abfd7c38 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Wed, 5 Nov 2025 13:01:48 +0000 Subject: [PATCH 025/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 13e1a14f..e7e61c32 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "8a554ecf-debug" + tag: "25ad144c-debug" env: - name: APP_VERSION value: "0.0.0-staging" From ddb9e72edc3f28ea35e5acc77851bffe0abb23e7 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Wed, 5 Nov 2025 13:04:23 +0000 Subject: [PATCH 026/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index e7e61c32..652b0567 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "25ad144c-debug" + tag: "904c867b-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 59ea2cf85129ac255349d823869bcdafe1bcc077 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Wed, 5 Nov 2025 13:42:25 +0000 Subject: [PATCH 027/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 652b0567..1af28c8c 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "904c867b-debug" + tag: "415a8bb1-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 31891323d644fd3e49d43a917515fde0dc45d7a2 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Wed, 5 Nov 2025 15:00:02 +0000 Subject: [PATCH 028/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 1af28c8c..22653d45 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "415a8bb1-debug" + tag: "a2fe5fd0-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 6918aefe10e9fa9f6eb2416cfe753f614a506c11 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Thu, 6 Nov 2025 11:54:45 +0000 Subject: [PATCH 029/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 22653d45..df1ac2b5 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "a2fe5fd0-debug" + tag: "71c0ad7f-debug" env: - name: APP_VERSION value: "0.0.0-staging" From b90ca19a92799a5b8b62e6038002046ff0514366 Mon Sep 17 00:00:00 2001 From: Stig Rune Jensen Date: Thu, 6 Nov 2025 14:01:59 +0000 Subject: [PATCH 030/108] ci: sorcerer --- values/sorcerer/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/sorcerer/values/values-staging.yaml b/values/sorcerer/values/values-staging.yaml index bcba1974..78837e77 100644 --- a/values/sorcerer/values/values-staging.yaml +++ b/values/sorcerer/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: b50fe38a-debug + tag: 2bf62810-debug podAnnotations: dapr.io/enabled: "true" dapr.io/app-id: "staging-sorcerer" From 92dd88197976a36d53e871ca6cd08b8566f5ed3e Mon Sep 17 00:00:00 2001 From: Stig Rune Jensen Date: Thu, 6 Nov 2025 14:02:00 +0000 Subject: [PATCH 031/108] ci: atlantis --- values/atlantis/values/values-staging.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/atlantis/values/values-staging.yaml.gotmpl b/values/atlantis/values/values-staging.yaml.gotmpl index b79d22cf..592144d5 100644 --- a/values/atlantis/values/values-staging.yaml.gotmpl +++ b/values/atlantis/values/values-staging.yaml.gotmpl @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: b50fe38a-debug + tag: 2bf62810-debug podAnnotations: dapr.io/app-id: "staging-atlantis" env: From 44e999f521293958f97e122034655f8313c5b433 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Thu, 6 Nov 2025 15:30:43 +0000 Subject: [PATCH 032/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index df1ac2b5..dd6fa078 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "71c0ad7f-debug" + tag: "9919bdea-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 40898d9f7c8bf28bc495d66c8472cb19f8842d75 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Fri, 7 Nov 2025 10:21:03 +0000 Subject: [PATCH 033/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index dd6fa078..b7a67cc7 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "9919bdea-debug" + tag: "f8bb1689-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 3980e72d7a4fba480d61cc9e725304bfce494e08 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Fri, 7 Nov 2025 11:18:16 +0000 Subject: [PATCH 034/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index b7a67cc7..a1f154d1 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "f8bb1689-debug" + tag: "e9a8b33d-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 5cd7dabab1fcb2a6c94b302e8ed1ec8c8a5eb673 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Fri, 7 Nov 2025 11:40:00 +0000 Subject: [PATCH 035/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index a1f154d1..fd8fcce3 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "e9a8b33d-debug" + tag: "d84338f3-debug" env: - name: APP_VERSION value: "0.0.0-staging" From bea369eee25ad048e535b89f7e0ed6d9414a4f1a Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Fri, 7 Nov 2025 14:20:17 +0000 Subject: [PATCH 036/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index fd8fcce3..6b591001 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "d84338f3-debug" + tag: "3a4f18c6-debug" env: - name: APP_VERSION value: "0.0.0-staging" From c477a93111733f6fb1b9043cd0fc56710b18c8d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Sat, 8 Nov 2025 18:40:38 +0100 Subject: [PATCH 037/108] feat(umami): Bump to 3.0 Only works on postgres, so we can remove the specifier. --- values/umami/values/values-prod.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/umami/values/values-prod.yaml b/values/umami/values/values-prod.yaml index d846505a..b1a813fb 100644 --- a/values/umami/values/values-prod.yaml +++ b/values/umami/values/values-prod.yaml @@ -6,7 +6,7 @@ image: # -- image pull policy # pullPolicy: # -- Overrides the image tag - tag: "postgresql-v2.19.0" + tag: "3.0" replicaCount: 1 From c688e50c28d5fd235f0c222d516d75d79f88dee5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Sat, 8 Nov 2025 18:42:27 +0100 Subject: [PATCH 038/108] fix(umami): Lower requests --- values/umami/values/values-prod.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/values/umami/values/values-prod.yaml b/values/umami/values/values-prod.yaml index b1a813fb..b2a7abc5 100644 --- a/values/umami/values/values-prod.yaml +++ b/values/umami/values/values-prod.yaml @@ -17,11 +17,11 @@ resources: limits: # cpu: 100m # ephemeral-storage: 2Gi - memory: 750Mi + memory: 500Mi requests: - cpu: 500m + cpu: 100m # ephemeral-storage: 50Mi - memory: 750Mi + memory: 500Mi securityContext: runAsGroup: 65533 From 1666f89df664eba0c5cb1897bdf58d7b4e615fc7 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Sat, 8 Nov 2025 20:06:45 +0000 Subject: [PATCH 039/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 6b591001..b7e65e1d 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "3a4f18c6-debug" + tag: "27bdfddd-debug" env: - name: APP_VERSION value: "0.0.0-staging" From fd120abbb68f48c9a88458cc413eb4e256ff14a8 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Sat, 8 Nov 2025 20:14:50 +0000 Subject: [PATCH 040/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index b7e65e1d..70a671ef 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "27bdfddd-debug" + tag: "6667012e-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 8ea7c1ad4dde086309888725e71df8ecf9621fcb Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 9 Nov 2025 08:57:24 +0000 Subject: [PATCH 041/108] Update Helm release umami to v6 --- helmfile.d/umami.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helmfile.d/umami.yaml.gotmpl b/helmfile.d/umami.yaml.gotmpl index 56c33bdf..415150a0 100644 --- a/helmfile.d/umami.yaml.gotmpl +++ b/helmfile.d/umami.yaml.gotmpl @@ -14,7 +14,7 @@ releases: - name: umami namespace: analytics chart: umami/umami - version: 5.0.11 + version: 6.0.1 condition: umami.enabled values: - ../values/umami/values/values.yaml From 7b22a8b7b5f647baeb4014e1fafa7c62e6b96e97 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Sun, 9 Nov 2025 13:05:17 +0100 Subject: [PATCH 042/108] feat: split access groups for admins, devs and analytics --- values/argo/values/argocd.yaml.gotmpl | 2 +- values/env-ekman.yaml | 19 +++------ values/env-oceanbox.yaml | 19 +++------ values/env-rossby.yaml | 21 ++++------ values/env.yaml | 41 +++++++++++-------- .../prometheus/values/prometheus.yaml.gotmpl | 2 +- 6 files changed, 46 insertions(+), 58 deletions(-) diff --git a/values/argo/values/argocd.yaml.gotmpl b/values/argo/values/argocd.yaml.gotmpl index 724c0b68..45def3ab 100644 --- a/values/argo/values/argocd.yaml.gotmpl +++ b/values/argo/values/argocd.yaml.gotmpl @@ -43,7 +43,7 @@ configs: connectors: {{- with .Values.clusterConfig.oidc }} {{- range . }} - {{- if eq .provider "azuread" }} + {{- if eq .group "devel" }} - type: oidc id: {{ .name }} name: {{ .name }} diff --git a/values/env-ekman.yaml b/values/env-ekman.yaml index d10da337..da948a87 100644 --- a/values/env-ekman.yaml +++ b/values/env-ekman.yaml @@ -8,22 +8,15 @@ clusterConfig: initca: "/var/lib/kubernetes/secrets" apiserver: "ekman-manage" apiserverip: "10.255.241.99" - etcd_nodes: [ "10.255.241.80, 10.255.241.90, 10.255.241.99" ] - k8s_nodes: [ "10.255.241.80, 10.255.241.90, 10.255.241.99, 10.255.241.100, 10.255.241.101, 10.255.241.102, 10.255.241.103, 10.255.241.104, 10.255.241.105, 10.255.241.106, 10.255.241.107, 10.255.241.108, 10.255.241.109, 10.255.241.110, 10.255.241.111, 10.255.241.112, 10.255.241.113, 10.255.241.114, 10.255.241.116, 10.255.241.121, 10.255.241.122, 10.255.241.123, 10.255.241.124, 10.255.241.125, 10.255.241.126, 10.255.241.127, 10.255.241.128" ] + etcd_nodes: ["10.255.241.80, 10.255.241.90, 10.255.241.99"] + k8s_nodes: + [ + "10.255.241.80, 10.255.241.90, 10.255.241.99, 10.255.241.100, 10.255.241.101, 10.255.241.102, 10.255.241.103, 10.255.241.104, 10.255.241.105, 10.255.241.106, 10.255.241.107, 10.255.241.108, 10.255.241.109, 10.255.241.110, 10.255.241.111, 10.255.241.112, 10.255.241.113, 10.255.241.114, 10.255.241.116, 10.255.241.121, 10.255.241.122, 10.255.241.123, 10.255.241.124, 10.255.241.125, 10.255.241.126, 10.255.241.127, 10.255.241.128", + ] cluster: "ekman" - ingress_nodes: ["ekman , ekman-manage" ] + ingress_nodes: ["ekman , ekman-manage"] ingress_replica_count: 2 fileserver: "10.255.241.100" - acme: - email: "acme@oceanbox.io" - dns01: "namecheap-apikey" - oidc: - - name: oceanbox - provider: azuread - tenant: "3f737008-e9a0-4485-9d27-40329d288089" - secret_ref: - name: oceanbox-oidc - group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479" nodes: - name: ekman-manage taints: [] diff --git a/values/env-oceanbox.yaml b/values/env-oceanbox.yaml index c78b15b6..c914218c 100644 --- a/values/env-oceanbox.yaml +++ b/values/env-oceanbox.yaml @@ -6,22 +6,15 @@ clusterConfig: initca: "" apiserver: "" apiserverip: "" - etcd_nodes: [ "10.255.241.201, 10.255.241.202, 10.255.241.203" ] - k8s_nodes: [ "" ] + etcd_nodes: ["10.255.241.201, 10.255.241.202, 10.255.241.203"] + k8s_nodes: [""] cluster: "oceanbox" - ingress_nodes: ["oceanbox-controlplane-1, oceanbox-controlplane-2, oceanbox-controlplane-3" ] + ingress_nodes: + [ + "oceanbox-controlplane-1, oceanbox-controlplane-2, oceanbox-controlplane-3", + ] ingress_replica_count: 3 fileserver: "10.255.241.210" - acme: - email: "acme@oceanbox.io" - dns01: "namecheap-apikey" - oidc: - - name: oceanbox - provider: azuread - tenant: "3f737008-e9a0-4485-9d27-40329d288089" - secret_ref: - name: oceanbox-oidc - group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479" s3: hosts: [] patterns: [] diff --git a/values/env-rossby.yaml b/values/env-rossby.yaml index 32a3d6e8..4cff020d 100644 --- a/values/env-rossby.yaml +++ b/values/env-rossby.yaml @@ -8,28 +8,21 @@ clusterConfig: initca: "/var/lib/kubernetes/secrets" apiserver: "rossby-manage" apiserverip: "172.16.239.221" - etcd_nodes: [ "172.16.239.221, 172.16.239.222, 172.16.239.210" ] - k8s_nodes: [ "172.16.239.221, 172.16.239.222, 172.16.239.210, 172.16.239.111, 172.16.239.112, 172.16.239.113, 172.16.239.114, 172.16.239.115, 172.16.239.116, 172.16.239.117, 172.16.239.118, 172.16.239.119, 172.16.239.120, 172.16.239.121, 172.16.239.122, 172.16.239.123, 172.16.239.124, 172.16.239.125, 172.16.239.126, 172.16.239.127, 172.16.239.128, 172.16.239.129, 172.16.239.130" ] + etcd_nodes: ["172.16.239.221, 172.16.239.222, 172.16.239.210"] + k8s_nodes: + [ + "172.16.239.221, 172.16.239.222, 172.16.239.210, 172.16.239.111, 172.16.239.112, 172.16.239.113, 172.16.239.114, 172.16.239.115, 172.16.239.116, 172.16.239.117, 172.16.239.118, 172.16.239.119, 172.16.239.120, 172.16.239.121, 172.16.239.122, 172.16.239.123, 172.16.239.124, 172.16.239.125, 172.16.239.126, 172.16.239.127, 172.16.239.128, 172.16.239.129, 172.16.239.130", + ] cluster: "rossby" - ingress_nodes: ["rossby, rossby-manage" ] + ingress_nodes: ["rossby, rossby-manage"] ingress_replica_count: 2 ingress_clusterissuer: ca-issuer ingress_whitelist: - - 0.0.0.0/0 + - 0.0.0.0/0 ingress_hostnetwork: true ingress_hostport: false ingress_nodeport: false fileserver: "172.16.239.222" - acme: - email: "acme@oceanbox.io" - dns01: "namecheap-apikey" - oidc: - - name: oceanbox - provider: azuread - tenant: "3f737008-e9a0-4485-9d27-40329d288089" - secret_ref: - name: oceanbox-oidc - group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479" nodes: - name: rossby-manage taints: [] diff --git a/values/env.yaml b/values/env.yaml index 9024d27f..450980ba 100644 --- a/values/env.yaml +++ b/values/env.yaml @@ -11,9 +11,6 @@ clusterConfig: ingress_nodes: [] ingress_replica_count: 3 fileserver: "" - acme: - email: "acme@oceanbox.io" - dns01: "" nodenames: [] nodes: [] ingress_clusterissuer: "letsencrypt-production" @@ -26,19 +23,31 @@ clusterConfig: ingress_hostnetwork: false ingress_hostport: false ingress_nodeport: true - oidc: [] - #- name: azure - # provider: azuread - # tenant: "https://login.microsoftonline.com//oauth2/v2.0" - # secret_ref: - # name: azure-oidc - # group_id: "" - #- name: github - # provider: github - # secret_ref: - # name: github-oidc - # allowed_organizations: - # allowed_teams: + acme: + email: "acme@oceanbox.io" + dns01: "namecheap-apikey" + oidc: + - group: admin + name: oceanbox + provider: azuread + tenant: "3f737008-e9a0-4485-9d27-40329d288089" + secret_ref: + name: oceanbox-oidc + group_id: "eb17a659-4ce6-41bc-9153-d9b117c44479" + - group: devel + name: oceanbox + provider: azuread + tenant: "3f737008-e9a0-4485-9d27-40329d288089" + secret_ref: + name: oceanbox-oidc + group_id: "" + - group: analytics + name: oceanbox + provider: azuread + tenant: "3f737008-e9a0-4485-9d27-40329d288089" + secret_ref: + name: oceanbox-oidc + group_id: "52bb4c7e-549c-4aed-bd95-9dcedf716f9f" s3: hosts: [] patterns: [] diff --git a/values/prometheus/values/prometheus.yaml.gotmpl b/values/prometheus/values/prometheus.yaml.gotmpl index 76c90497..ca96cc55 100644 --- a/values/prometheus/values/prometheus.yaml.gotmpl +++ b/values/prometheus/values/prometheus.yaml.gotmpl @@ -122,7 +122,7 @@ grafana: users: auto_assign_org_role: "Admin" {{- range .Values.clusterConfig.oidc }} - {{- if eq .provider "azuread" }} + {{- if eq .group "analytics" }} auth.{{ .provider }}: enabled: true name: {{ .name }} From 3d669057a2fd14da5fe17e79b09ad675c40adecb Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Mon, 10 Nov 2025 08:50:18 +0000 Subject: [PATCH 043/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 70a671ef..7294adf3 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "6667012e-debug" + tag: "8b7b62d5-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 2b2d2969931c3b438ddf1cc6858cce1d36cb2504 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Mon, 10 Nov 2025 10:27:53 +0000 Subject: [PATCH 044/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 7294adf3..443945e7 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "8b7b62d5-debug" + tag: "6c692621-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 2dddf31f37850a639435274f25c14484a2cc2cf1 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Mon, 10 Nov 2025 11:09:17 +0000 Subject: [PATCH 045/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 443945e7..3fa98ae7 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "6c692621-debug" + tag: "c0551a1e-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 087d61d71e0e1105ac6b49f2c301b37388497934 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Mon, 10 Nov 2025 11:36:40 +0000 Subject: [PATCH 046/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 3fa98ae7..ac8ee30e 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "c0551a1e-debug" + tag: "e4dcea87-debug" env: - name: APP_VERSION value: "0.0.0-staging" From c2c4e035af8da5f4ff7cef169ecca414ee5cef81 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Mon, 10 Nov 2025 12:39:22 +0000 Subject: [PATCH 047/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index ac8ee30e..57d594dd 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "e4dcea87-debug" + tag: "a0a6b444-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 76dd0f42e31ca7dd6650b1e4c61247afe3f54f36 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Mon, 10 Nov 2025 13:08:28 +0000 Subject: [PATCH 048/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 57d594dd..b96cce8a 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "a0a6b444-debug" + tag: "e6b3658e-debug" env: - name: APP_VERSION value: "0.0.0-staging" From a7edad7ec587ba52be8b189aa587421bfe8d5c52 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Mon, 10 Nov 2025 13:46:16 +0000 Subject: [PATCH 049/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index b96cce8a..4f8db4af 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "e6b3658e-debug" + tag: "c96c3396-debug" env: - name: APP_VERSION value: "0.0.0-staging" From c49d7e0f91b53c04e75d1b744feb68d743d82c21 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Mon, 10 Nov 2025 15:26:16 +0000 Subject: [PATCH 050/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 4f8db4af..5dacf9df 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "c96c3396-debug" + tag: "87379ae0-debug" env: - name: APP_VERSION value: "0.0.0-staging" From cf35b76fa72a80d9e9f76f99a13daa8620727f80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Mon, 10 Nov 2025 17:08:07 +0100 Subject: [PATCH 051/108] feat(spegel): Add to OC --- helmfile.d/spegel.yaml.gotmpl | 44 +++++++++++++++++++ values/argo/manifests/sys-project.yaml | 3 ++ values/spegel/env-oceanbox.yaml.gotmpl | 3 ++ values/spegel/env.yaml.gotmpl | 3 ++ .../CiliumNetworkPolicy-allow-api-server.yaml | 14 ++++++ ...umNetworkPolicy-allow-host-to-mariadb.yaml | 14 ++++++ ...etworkPolicy-allow-prometheus-metrics.yaml | 19 ++++++++ ...workPolicy-allow-remote-node-webhooks.yaml | 20 +++++++++ values/spegel/manifests/slurm-operator.yaml | 38 ++++++++++++++++ values/spegel/values/spegel.yaml.gotmpl | 2 + 10 files changed, 160 insertions(+) create mode 100644 helmfile.d/spegel.yaml.gotmpl create mode 100644 values/spegel/env-oceanbox.yaml.gotmpl create mode 100644 values/spegel/env.yaml.gotmpl create mode 100644 values/spegel/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml create mode 100644 values/spegel/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml create mode 100644 values/spegel/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml create mode 100644 values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml create mode 100644 values/spegel/manifests/slurm-operator.yaml create mode 100644 values/spegel/values/spegel.yaml.gotmpl diff --git a/helmfile.d/spegel.yaml.gotmpl b/helmfile.d/spegel.yaml.gotmpl new file mode 100644 index 00000000..0df71970 --- /dev/null +++ b/helmfile.d/spegel.yaml.gotmpl @@ -0,0 +1,44 @@ +bases: + - ../envs/environments.yaml.gotmpl + +repositories: +- name: spegel + oci: true + url: ghcr.io/spegel-org/helm-charts + +commonLabels: + tier: system + +releases: +- name: spegel + namespace: spegel + chart: spegel/spegel + version: 0.5.1 + condition: spegel.enabled + values: + - ../values/spegel/values/spegel.yaml.gotmpl + - ../values/spegel/values/spegel-{{ .Environment.Name }}.yaml.gotmpl + postRenderer: ../bin/kustomizer + postRendererArgs: + - ../values/spegel/kustomize/{{ .Environment.Name }} + missingFileHandler: Info +- name: manifests + namespace: spegel + chart: manifests + condition: spegel.enabled + missingFileHandler: Info + values: + - ../values/env.yaml + - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml + - ../values/spegel/env.yaml.gotmpl + - ../values/spegel/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl + hooks: + - events: [ prepare, cleanup ] + showlogs: true + command: ../bin/helmify + args: + - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}' + - '{{`{{ .Release.Chart }}`}}' + - '{{`{{ .Environment.Name }}`}}' + - ../values/spegel/manifests + - manifests diff --git a/values/argo/manifests/sys-project.yaml b/values/argo/manifests/sys-project.yaml index b0add1e1..5bc677df 100644 --- a/values/argo/manifests/sys-project.yaml +++ b/values/argo/manifests/sys-project.yaml @@ -80,6 +80,8 @@ spec: server: https://kubernetes.default.svc - namespace: slurm server: https://kubernetes.default.svc + - namespace: spegel + server: https://kubernetes.default.svc sourceRepos: - https://argoproj.github.io/argo-helm - https://kubernetes-sigs.github.io/metrics-server/ @@ -113,6 +115,7 @@ spec: - ghcr.io/slinkyproject/charts - ghcr.io/slinkyproject/charts/slurm-operator - ghcr.io/slinkyproject/charts/slurm-operator-crds + - ghcr.io/spegel-org/helm-charts - https://operator.mariadb.com/mariadb-enterprise-operator - https://operator.mariadb.com - https://ot-container-kit.github.io/helm-charts diff --git a/values/spegel/env-oceanbox.yaml.gotmpl b/values/spegel/env-oceanbox.yaml.gotmpl new file mode 100644 index 00000000..5fd08e5b --- /dev/null +++ b/values/spegel/env-oceanbox.yaml.gotmpl @@ -0,0 +1,3 @@ +spegel: + enabled: true + autosync: false diff --git a/values/spegel/env.yaml.gotmpl b/values/spegel/env.yaml.gotmpl new file mode 100644 index 00000000..42baaa22 --- /dev/null +++ b/values/spegel/env.yaml.gotmpl @@ -0,0 +1,3 @@ +spegel: + enabled: false + autosync: false diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml new file mode 100644 index 00000000..e2c3ec2c --- /dev/null +++ b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml @@ -0,0 +1,14 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-api-server + namespace: slinky +spec: + egress: + - toEntities: + - kube-apiserver + endpointSelector: + matchLabels: + app.kubernetes.io/instance: slurm-operator +{{- end}} diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml new file mode 100644 index 00000000..11af8379 --- /dev/null +++ b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml @@ -0,0 +1,14 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-host-to-slurm-operator + namespace: slinky +spec: + endpointSelector: + matchLabels: + app.kubernetes.io/instance: slurm-operator + ingress: + - fromEntities: + - host +{{- end}} diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml new file mode 100644 index 00000000..2974ce11 --- /dev/null +++ b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml @@ -0,0 +1,19 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-prometheus-metrics + namespace: slinky +spec: + endpointSelector: + matchLabels: + app.kubernetes.io/instance: slurm-operator + ingress: + - fromEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: prometheus + toPorts: + - ports: + - port: "8080" + protocol: TCP +{{- end}} diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml new file mode 100644 index 00000000..f167c211 --- /dev/null +++ b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml @@ -0,0 +1,20 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-remote-node-webhooks + namespace: slinky +spec: + endpointSelector: + matchLabels: {} + ingress: + - fromEntities: + - kube-apiserver + - remote-node + toPorts: + - ports: + - port: "443" + protocol: TCP + - port: "9443" + protocol: TCP +{{- end}} diff --git a/values/spegel/manifests/slurm-operator.yaml b/values/spegel/manifests/slurm-operator.yaml new file mode 100644 index 00000000..c59d91ca --- /dev/null +++ b/values/spegel/manifests/slurm-operator.yaml @@ -0,0 +1,38 @@ +{{- if .Values.clusterConfig.argo.enabled }} +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: spegel + namespace: argocd +spec: + destination: + namespace: spegel + server: 'https://kubernetes.default.svc' + sources: + - repoURL: {{ .Values.clusterConfig.manifests }} + targetRevision: HEAD + path: helmfile.d + plugin: + name: helmfile-cmp + env: + - name: CLUSTER_NAME + value: {{ .Values.clusterConfig.cluster }} + - name: HELMFILE_ENVIRONMENT + value: default + - name: HELMFILE_FILE_PATH + value: spegel.yaml.gotmpl + project: sys + syncPolicy: + managedNamespaceMetadata: + labels: + component: sys + syncOptions: + - CreateNamespace=true + - ApplyOutOfSyncOnly=true + - ServerSideApply=true + {{- if .Values.spegel.autosync }} + automated: + prune: true + # selfHeal: false + {{- end }} +{{- end }} diff --git a/values/spegel/values/spegel.yaml.gotmpl b/values/spegel/values/spegel.yaml.gotmpl new file mode 100644 index 00000000..2e7761ac --- /dev/null +++ b/values/spegel/values/spegel.yaml.gotmpl @@ -0,0 +1,2 @@ +spegel: + containerdRegistryConfigPath: /etc/cri/conf.d/hosts From 991afc4f725251199e151ee71cc47580672b9a51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Mon, 10 Nov 2025 17:09:26 +0100 Subject: [PATCH 052/108] fix(spegel): Correct policies --- .../CiliumNetworkPolicy-allow-api-server.yaml | 4 ++-- ...umNetworkPolicy-allow-host-to-mariadb.yaml | 14 ------------- ...etworkPolicy-allow-prometheus-metrics.yaml | 4 ++-- ...workPolicy-allow-remote-node-webhooks.yaml | 20 ------------------- 4 files changed, 4 insertions(+), 38 deletions(-) delete mode 100644 values/spegel/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml delete mode 100644 values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml index e2c3ec2c..5145c28c 100644 --- a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml +++ b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml @@ -3,12 +3,12 @@ apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: allow-api-server - namespace: slinky + namespace: spegel spec: egress: - toEntities: - kube-apiserver endpointSelector: matchLabels: - app.kubernetes.io/instance: slurm-operator + app.kubernetes.io/instance: spegel {{- end}} diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml deleted file mode 100644 index 11af8379..00000000 --- a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.clusterConfig.cilium.enabled }} -apiVersion: cilium.io/v2 -kind: CiliumNetworkPolicy -metadata: - name: allow-host-to-slurm-operator - namespace: slinky -spec: - endpointSelector: - matchLabels: - app.kubernetes.io/instance: slurm-operator - ingress: - - fromEntities: - - host -{{- end}} diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml index 2974ce11..97f7abca 100644 --- a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml +++ b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml @@ -3,11 +3,11 @@ apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: allow-prometheus-metrics - namespace: slinky + namespace: spegel spec: endpointSelector: matchLabels: - app.kubernetes.io/instance: slurm-operator + app.kubernetes.io/instance: spegel ingress: - fromEndpoints: - matchLabels: diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml deleted file mode 100644 index f167c211..00000000 --- a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.clusterConfig.cilium.enabled }} -apiVersion: cilium.io/v2 -kind: CiliumNetworkPolicy -metadata: - name: allow-remote-node-webhooks - namespace: slinky -spec: - endpointSelector: - matchLabels: {} - ingress: - - fromEntities: - - kube-apiserver - - remote-node - toPorts: - - ports: - - port: "443" - protocol: TCP - - port: "9443" - protocol: TCP -{{- end}} From 5e8800af30e8e77a7b795b19a04236e987842b30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Mon, 10 Nov 2025 17:10:21 +0100 Subject: [PATCH 053/108] fix(spegel): Rename manifest --- values/spegel/manifests/{slurm-operator.yaml => spegel.yaml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename values/spegel/manifests/{slurm-operator.yaml => spegel.yaml} (100%) diff --git a/values/spegel/manifests/slurm-operator.yaml b/values/spegel/manifests/spegel.yaml similarity index 100% rename from values/spegel/manifests/slurm-operator.yaml rename to values/spegel/manifests/spegel.yaml From 91e52832d1dd4b35653a520599ffffab3e03eb68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Mon, 10 Nov 2025 17:25:03 +0100 Subject: [PATCH 054/108] fix(argo): Check oidc group --- values/argo/values/argocd.yaml.gotmpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/values/argo/values/argocd.yaml.gotmpl b/values/argo/values/argocd.yaml.gotmpl index 45def3ab..dd549ce8 100644 --- a/values/argo/values/argocd.yaml.gotmpl +++ b/values/argo/values/argocd.yaml.gotmpl @@ -150,6 +150,7 @@ dex: {{- with .Values.clusterConfig.oidc }} env: {{- range . }} + {{- if eq .group "devel" }} - name: {{ .name | replace "-" "_" }}_client_secret valueFrom: secretKeyRef: @@ -162,6 +163,7 @@ dex: key: client_id {{- end }} {{- end }} + {{- end }} redis: metrics: From 69d2d7f704f2b6d084c60203cfe5cfa4ad60a853 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Mon, 10 Nov 2025 17:38:06 +0100 Subject: [PATCH 055/108] fix(argo): Re-render --- values/argo/values/argocd.yaml.gotmpl | 15 +-------------- 1 file changed, 1 insertion(+), 14 deletions(-) diff --git a/values/argo/values/argocd.yaml.gotmpl b/values/argo/values/argocd.yaml.gotmpl index dd549ce8..0d024567 100644 --- a/values/argo/values/argocd.yaml.gotmpl +++ b/values/argo/values/argocd.yaml.gotmpl @@ -61,20 +61,6 @@ configs: - profile - email - groups - {{- else if eq .provider "github" }} - - type: github - id: {{ .name }} - name: {{ .name }} - config: - clientID: ${{ .name | replace "-" "_" }}_client_id - clientSecret: ${{ .name | replace "-" "_" }}_client_secret - redirectURI: https://argocd.{{ $.Values.clusterConfig.domain }}/api/dex/callback - orgs: - - name: {{ .allowed_organizations }} - loadAllGroups: true - teamNameField: slug - useLoginAsID: false - {{- end }} staticClients: - id: ${{ .name | replace "-" "_" }}_client_id name: Kubernetes @@ -87,6 +73,7 @@ configs: secret: 8d52926efe879ee505391b75f4b046cf {{- end }} {{- end }} + {{- end }} admin.enabled: false rbac: # NOTE(kai): dd2aa2d6 ... is ID for azure kubernetes_operator group From c6c8ae54592a3d216e44abc97c4cad3d929c30a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Mon, 10 Nov 2025 17:45:07 +0100 Subject: [PATCH 056/108] fix(prom): Only use oidc once and delete github auth --- .../prometheus/values/prometheus.yaml.gotmpl | 34 ++++++++++--------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/values/prometheus/values/prometheus.yaml.gotmpl b/values/prometheus/values/prometheus.yaml.gotmpl index ca96cc55..923c395f 100644 --- a/values/prometheus/values/prometheus.yaml.gotmpl +++ b/values/prometheus/values/prometheus.yaml.gotmpl @@ -135,32 +135,34 @@ grafana: allow_sign_up: true role_attribute_strict: false allow_assign_grafana_admin: true - {{- else if eq .provider "github" }} - auth.{{ .provider }}: - name: {{ .name }} - enabled: true - client_id: $__file{/etc/secrets/oauth/{{ .name }}/client_id} - client_secret: $__file{/etc/secrets/oauth/{{ .name }}/client_secret} - allowed_organizations: {{ .allowed_organizations }} - {{- if .allowed_teams }} - allowed_teams: "{{ .allowed_teams }}" - {{- end }} - scopes: user:email,read:org - auth_url: https://github.com/login/oauth/authorize - token_url: https://github.com/login/oauth/access_token - allow_sign_up: true - role_attribute_strict: false - allow_assign_grafana_admin: true + #{{- else if eq .provider "github" }} + #auth.{{ .provider }}: + # name: {{ .name }} + # enabled: true + # client_id: $__file{/etc/secrets/oauth/{{ .name }}/client_id} + # client_secret: $__file{/etc/secrets/oauth/{{ .name }}/client_secret} + # allowed_organizations: {{ .allowed_organizations }} + # {{- if .allowed_teams }} + # allowed_teams: "{{ .allowed_teams }}" + # {{- end }} + # scopes: user:email,read:org + # auth_url: https://github.com/login/oauth/authorize + # token_url: https://github.com/login/oauth/access_token + # allow_sign_up: true + # role_attribute_strict: false + # allow_assign_grafana_admin: true {{- end }} {{- end }} extraSecretMounts: {{- range .Values.clusterConfig.oidc }} + {{- if eq .group "analytics" }} - name: {{ .name }} secretName: {{ .secret_ref.name }} defaultMode: 0440 mountPath: /etc/secrets/oauth/{{ .name }} readOnly: true {{- end }} + {{- end }} {{- if .Values.prometheus.grafana.persistence }} persistence: From 3039f08975a6ddbfff5311a2a9ed30ea17388de0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Mon, 10 Nov 2025 18:12:37 +0100 Subject: [PATCH 057/108] fix(spegel): Add to ekman --- values/spegel/env-ekman.yaml.gotmpl | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 values/spegel/env-ekman.yaml.gotmpl diff --git a/values/spegel/env-ekman.yaml.gotmpl b/values/spegel/env-ekman.yaml.gotmpl new file mode 100644 index 00000000..5fd08e5b --- /dev/null +++ b/values/spegel/env-ekman.yaml.gotmpl @@ -0,0 +1,3 @@ +spegel: + enabled: true + autosync: false From cd1a3b720ab2146feb211a312a5f887a71573e2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Mon, 10 Nov 2025 18:16:35 +0000 Subject: [PATCH 058/108] ci: sorcerer --- values/sorcerer/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/sorcerer/values/values-staging.yaml b/values/sorcerer/values/values-staging.yaml index 78837e77..f868db54 100644 --- a/values/sorcerer/values/values-staging.yaml +++ b/values/sorcerer/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: 2bf62810-debug + tag: 33d94c5d-debug podAnnotations: dapr.io/enabled: "true" dapr.io/app-id: "staging-sorcerer" From f0b77878dc2e7dc0c6646246709bb8e4492fab86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Mon, 10 Nov 2025 18:16:36 +0000 Subject: [PATCH 059/108] ci: atlantis --- values/atlantis/values/values-staging.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/atlantis/values/values-staging.yaml.gotmpl b/values/atlantis/values/values-staging.yaml.gotmpl index 592144d5..37a593e4 100644 --- a/values/atlantis/values/values-staging.yaml.gotmpl +++ b/values/atlantis/values/values-staging.yaml.gotmpl @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: 2bf62810-debug + tag: 33d94c5d-debug podAnnotations: dapr.io/app-id: "staging-atlantis" env: From 999262407402bd88332b02f44ea24d726237db7c Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Mon, 10 Nov 2025 18:20:19 +0000 Subject: [PATCH 060/108] ci: atlantis --- charts/atlantis/Chart.yaml | 4 ++-- charts/atlantis/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml index 66133617..158377ee 100644 --- a/charts/atlantis/Chart.yaml +++ b/charts/atlantis/Chart.yaml @@ -4,7 +4,7 @@ description: Atlantis map and simulation service type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.28.0 +version: v1.30.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.28.0 +appVersion: v1.30.0 diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml index da3af981..9665a0ed 100644 --- a/charts/atlantis/values.yaml +++ b/charts/atlantis/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/poseidon/atlantis - tag: v1.28.0 + tag: v1.30.0 pullPolicy: IfNotPresent init: enabled: false From b813154d9639bf10d2a680dd649c300df0a0d36d Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Mon, 10 Nov 2025 18:20:19 +0000 Subject: [PATCH 061/108] ci: sorcerer --- charts/sorcerer/Chart.yaml | 4 ++-- charts/sorcerer/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/sorcerer/Chart.yaml b/charts/sorcerer/Chart.yaml index 4a5d21ab..e531a5ef 100644 --- a/charts/sorcerer/Chart.yaml +++ b/charts/sorcerer/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.28.0 +version: v1.30.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.28.0 +appVersion: v1.30.0 diff --git a/charts/sorcerer/values.yaml b/charts/sorcerer/values.yaml index c5e6f4b1..b4f8d09c 100644 --- a/charts/sorcerer/values.yaml +++ b/charts/sorcerer/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/poseidon/sorcerer - tag: v1.28.0 + tag: v1.30.0 pullPolicy: IfNotPresent init: enabled: false From 3331c4732b5f7283070d0d54d4919dd72c8b32dd Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Tue, 11 Nov 2025 09:17:31 +0000 Subject: [PATCH 062/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 5dacf9df..5cacf192 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "87379ae0-debug" + tag: "a26f1e40-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 298e59455eb9076af0132f4ead1cb1d76ce02f47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 10:48:16 +0100 Subject: [PATCH 063/108] feat(redis): Migrate Operator away from bitnami --- helmfile.d/dragonfly.yaml.gotmpl | 44 +++++++++++++++++++ helmfile.d/redis-operator.yaml.gotmpl | 43 ------------------ .../env-ekman.yaml.gotmpl | 2 +- .../env-oceanbox.yaml.gotmpl | 2 +- .../env.yaml.gotmpl | 2 +- .../manifests/dragonfly.yaml} | 8 ++-- .../CiliumNetworkPolicy-allow-api-server.yaml | 4 +- ...etworkPolicy-allow-host-to-dragonfly.yaml} | 6 +-- ...etworkPolicy-allow-prometheus-metrics.yaml | 4 +- ...workPolicy-allow-remote-node-webhooks.yaml | 2 +- values/dragonfly/values/dragonfly.yaml.gotmpl | 2 + .../values/redis-operator.yaml.gotmpl | 25 ----------- 12 files changed, 61 insertions(+), 83 deletions(-) create mode 100644 helmfile.d/dragonfly.yaml.gotmpl delete mode 100644 helmfile.d/redis-operator.yaml.gotmpl rename values/{redis-operator => dragonfly}/env-ekman.yaml.gotmpl (68%) rename values/{redis-operator => dragonfly}/env-oceanbox.yaml.gotmpl (68%) rename values/{redis-operator => dragonfly}/env.yaml.gotmpl (68%) rename values/{redis-operator/manifests/redis-operator.yaml => dragonfly/manifests/dragonfly.yaml} (85%) rename values/{redis-operator => dragonfly}/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml (75%) rename values/{redis-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-redis.yaml => dragonfly/manifests/policies/CiliumNetworkPolicy-allow-host-to-dragonfly.yaml} (65%) rename values/{redis-operator => dragonfly}/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml (83%) rename values/{redis-operator => dragonfly}/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml (93%) create mode 100644 values/dragonfly/values/dragonfly.yaml.gotmpl delete mode 100644 values/redis-operator/values/redis-operator.yaml.gotmpl diff --git a/helmfile.d/dragonfly.yaml.gotmpl b/helmfile.d/dragonfly.yaml.gotmpl new file mode 100644 index 00000000..317676de --- /dev/null +++ b/helmfile.d/dragonfly.yaml.gotmpl @@ -0,0 +1,44 @@ +bases: + - ../envs/environments.yaml.gotmpl + +repositories: +- name: dragonfly + oci: true + url: ghcr.io/dragonflydb/dragonfly-operator/helm + +commonLabels: + tier: system + +releases: +- name: dragonfly + namespace: dragonfly + chart: dragonfly/dragonfly-operator + version: v1.3.0 + condition: dragonfly.enabled + values: + - ../values/dragonfly/values/dragonfly.yaml.gotmpl + - ../values/dragonfly/values/dragonfly-{{ .Environment.Name }}.yaml.gotmpl + postRenderer: ../bin/kustomizer + postRendererArgs: + - ../values/dragonfly/kustomize/{{ .Environment.Name }} + missingFileHandler: Info +- name: manifests + namespace: dragonfly + chart: manifests + condition: dragonfly.enabled + missingFileHandler: Info + values: + - ../values/env.yaml + - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml + - ../values/dragonfly/env.yaml.gotmpl + - ../values/dragonfly/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl + hooks: + - events: [ prepare, cleanup ] + showlogs: true + command: ../bin/helmify + args: + - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}' + - '{{`{{ .Release.Chart }}`}}' + - '{{`{{ .Environment.Name }}`}}' + - ../values/dragonfly/manifests + - manifests diff --git a/helmfile.d/redis-operator.yaml.gotmpl b/helmfile.d/redis-operator.yaml.gotmpl deleted file mode 100644 index 9650fba9..00000000 --- a/helmfile.d/redis-operator.yaml.gotmpl +++ /dev/null @@ -1,43 +0,0 @@ -bases: - - ../envs/environments.yaml.gotmpl - -repositories: -- name: redis-operator - url: 'https://ot-container-kit.github.io/helm-charts' - -commonLabels: - tier: system - -releases: -- name: redis-operator - namespace: redis-operator - chart: redis-operator/redis-operator - version: 0.22.1 - condition: redis_operator.enabled - values: - - ../values/redis-operator/values/redis-operator.yaml.gotmpl - - ../values/redis-operator/values/redis-operator-{{ .Environment.Name }}.yaml.gotmpl - postRenderer: ../bin/kustomizer - postRendererArgs: - - ../values/redis-operator/kustomize/{{ .Environment.Name }} - missingFileHandler: Info -- name: manifests - namespace: redis-operator - chart: manifests - condition: redis_operator.enabled - missingFileHandler: Info - values: - - ../values/env.yaml - - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml - - ../values/redis-operator/env.yaml.gotmpl - - ../values/redis-operator/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl - hooks: - - events: [ prepare, cleanup ] - showlogs: true - command: ../bin/helmify - args: - - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}' - - '{{`{{ .Release.Chart }}`}}' - - '{{`{{ .Environment.Name }}`}}' - - ../values/redis-operator/manifests - - manifests diff --git a/values/redis-operator/env-ekman.yaml.gotmpl b/values/dragonfly/env-ekman.yaml.gotmpl similarity index 68% rename from values/redis-operator/env-ekman.yaml.gotmpl rename to values/dragonfly/env-ekman.yaml.gotmpl index f87f0124..c5b125d9 100644 --- a/values/redis-operator/env-ekman.yaml.gotmpl +++ b/values/dragonfly/env-ekman.yaml.gotmpl @@ -1,3 +1,3 @@ -redis_operator: +dragonfly: enabled: true autosync: false diff --git a/values/redis-operator/env-oceanbox.yaml.gotmpl b/values/dragonfly/env-oceanbox.yaml.gotmpl similarity index 68% rename from values/redis-operator/env-oceanbox.yaml.gotmpl rename to values/dragonfly/env-oceanbox.yaml.gotmpl index f87f0124..c5b125d9 100644 --- a/values/redis-operator/env-oceanbox.yaml.gotmpl +++ b/values/dragonfly/env-oceanbox.yaml.gotmpl @@ -1,3 +1,3 @@ -redis_operator: +dragonfly: enabled: true autosync: false diff --git a/values/redis-operator/env.yaml.gotmpl b/values/dragonfly/env.yaml.gotmpl similarity index 68% rename from values/redis-operator/env.yaml.gotmpl rename to values/dragonfly/env.yaml.gotmpl index 5d7833c9..59c1b6ed 100644 --- a/values/redis-operator/env.yaml.gotmpl +++ b/values/dragonfly/env.yaml.gotmpl @@ -1,3 +1,3 @@ -redis_operator: +dragonfly: enabled: false autosync: false diff --git a/values/redis-operator/manifests/redis-operator.yaml b/values/dragonfly/manifests/dragonfly.yaml similarity index 85% rename from values/redis-operator/manifests/redis-operator.yaml rename to values/dragonfly/manifests/dragonfly.yaml index 66126931..262f5c24 100644 --- a/values/redis-operator/manifests/redis-operator.yaml +++ b/values/dragonfly/manifests/dragonfly.yaml @@ -2,11 +2,11 @@ apiVersion: argoproj.io/v1alpha1 kind: Application metadata: - name: redis-operator + name: dragonfly namespace: argocd spec: destination: - namespace: redis-operator + namespace: dragonfly server: 'https://kubernetes.default.svc' sources: - repoURL: {{ .Values.clusterConfig.manifests }} @@ -20,7 +20,7 @@ spec: - name: HELMFILE_ENVIRONMENT value: default - name: HELMFILE_FILE_PATH - value: redis-operator.yaml.gotmpl + value: dragonfly.yaml.gotmpl project: sys syncPolicy: managedNamespaceMetadata: @@ -30,7 +30,7 @@ spec: - CreateNamespace=true - ApplyOutOfSyncOnly=true - ServerSideApply=true - {{- if .Values.redis_operator.autosync }} + {{- if .Values.dragonfly}} automated: prune: true # selfHeal: false diff --git a/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml b/values/dragonfly/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml similarity index 75% rename from values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml rename to values/dragonfly/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml index c2180393..f60658ce 100644 --- a/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml +++ b/values/dragonfly/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml @@ -3,12 +3,12 @@ apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: allow-api-server - namespace: redis-operator + namespace: dragonfly spec: egress: - toEntities: - kube-apiserver endpointSelector: matchLabels: - app.kubernetes.io/instance: redis-operator + app.kubernetes.io/instance: dragonfly-operator {{- end}} diff --git a/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-redis.yaml b/values/dragonfly/manifests/policies/CiliumNetworkPolicy-allow-host-to-dragonfly.yaml similarity index 65% rename from values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-redis.yaml rename to values/dragonfly/manifests/policies/CiliumNetworkPolicy-allow-host-to-dragonfly.yaml index a78637a1..8a75baf0 100644 --- a/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-redis.yaml +++ b/values/dragonfly/manifests/policies/CiliumNetworkPolicy-allow-host-to-dragonfly.yaml @@ -2,12 +2,12 @@ apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: - name: allow-host-to-redis - namespace: redis-operator + name: allow-host-to-dragonfly + namespace: dragonfly spec: endpointSelector: matchLabels: - app.kubernetes.io/instance: redis-operator + app.kubernetes.io/instance: dragonfly-operator ingress: - fromEntities: - host diff --git a/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml b/values/dragonfly/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml similarity index 83% rename from values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml rename to values/dragonfly/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml index 1f83cc1a..6f48b913 100644 --- a/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml +++ b/values/dragonfly/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml @@ -3,11 +3,11 @@ apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: allow-prometheus-metrics - namespace: redis-operator + namespace: dragonfly spec: endpointSelector: matchLabels: - app.kubernetes.io/instance: redis-operator + app.kubernetes.io/instance: dragonfly-operator ingress: - fromEndpoints: - matchLabels: diff --git a/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml b/values/dragonfly/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml similarity index 93% rename from values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml rename to values/dragonfly/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml index 027d06a0..ce87f14c 100644 --- a/values/redis-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml +++ b/values/dragonfly/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml @@ -3,7 +3,7 @@ apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: allow-remote-node-webhooks - namespace: redis-operator + namespace: dragonfly spec: endpointSelector: matchLabels: {} diff --git a/values/dragonfly/values/dragonfly.yaml.gotmpl b/values/dragonfly/values/dragonfly.yaml.gotmpl new file mode 100644 index 00000000..f686c053 --- /dev/null +++ b/values/dragonfly/values/dragonfly.yaml.gotmpl @@ -0,0 +1,2 @@ +serviceMonitor: + enabled: true diff --git a/values/redis-operator/values/redis-operator.yaml.gotmpl b/values/redis-operator/values/redis-operator.yaml.gotmpl deleted file mode 100644 index 63bc90a6..00000000 --- a/values/redis-operator/values/redis-operator.yaml.gotmpl +++ /dev/null @@ -1,25 +0,0 @@ -certmanager: - enabled: true - -redisOperator: - webhook: true - -# issuer: - # create: true - # kind: ClusterIssuer - # name: - -# ha: -# enabled: false -# metrics: -# enabled: true -# serviceMonitor: -# additionalLabels: -# release: prometheus -# enabled: true -# webhook: -# certificate: -# certManager: false -# serviceMonitor: -# additionalLabels: -# release: prometehus From ffe172587c4e54d075245d330e10db555f4869a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 10:49:52 +0100 Subject: [PATCH 064/108] fix(argo): Allow dragonfly repo and ns --- values/argo/manifests/sys-project.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/values/argo/manifests/sys-project.yaml b/values/argo/manifests/sys-project.yaml index 5bc677df..ef9ff0bc 100644 --- a/values/argo/manifests/sys-project.yaml +++ b/values/argo/manifests/sys-project.yaml @@ -52,7 +52,7 @@ spec: server: https://kubernetes.default.svc - namespace: mariadb-operator server: https://kubernetes.default.svc - - namespace: redis-operator + - namespace: dragonfly server: https://kubernetes.default.svc - namespace: cilium-spire server: https://kubernetes.default.svc @@ -116,6 +116,7 @@ spec: - ghcr.io/slinkyproject/charts/slurm-operator - ghcr.io/slinkyproject/charts/slurm-operator-crds - ghcr.io/spegel-org/helm-charts + - ghcr.io/dragonflydb/dragonfly-operator/helm/dragonfly-operator - https://operator.mariadb.com/mariadb-enterprise-operator - https://operator.mariadb.com - https://ot-container-kit.github.io/helm-charts From 1f8f655716893b4ac3f4604f39a1a6c6af5d6c2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 11:01:37 +0100 Subject: [PATCH 065/108] fix(spegel): Filter yolo --- values/spegel/values/spegel.yaml.gotmpl | 1 + 1 file changed, 1 insertion(+) diff --git a/values/spegel/values/spegel.yaml.gotmpl b/values/spegel/values/spegel.yaml.gotmpl index 2e7761ac..bee09ef3 100644 --- a/values/spegel/values/spegel.yaml.gotmpl +++ b/values/spegel/values/spegel.yaml.gotmpl @@ -1,2 +1,3 @@ spegel: containerdRegistryConfigPath: /etc/cri/conf.d/hosts + registryFilters: "yolo-registry.dev.oceanbox.io/*" From 091b8d119c44311f33b0f8685a07c9cafbca1d8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 11:03:08 +0100 Subject: [PATCH 066/108] fix(spegel): Formatting --- values/spegel/values/spegel.yaml.gotmpl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/values/spegel/values/spegel.yaml.gotmpl b/values/spegel/values/spegel.yaml.gotmpl index bee09ef3..5580611e 100644 --- a/values/spegel/values/spegel.yaml.gotmpl +++ b/values/spegel/values/spegel.yaml.gotmpl @@ -1,3 +1,4 @@ spegel: containerdRegistryConfigPath: /etc/cri/conf.d/hosts - registryFilters: "yolo-registry.dev.oceanbox.io/*" + registryFilters: + - "^yolo-registry.dev.oceanbox\\.io/" From 9181781f55dbd3469af5843127a47d3dd838a4b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 11:14:15 +0100 Subject: [PATCH 067/108] fix(spegel): CNP --- .../CiliumNetworkPolicy-allow-remote-node.yaml | 18 ++++++++++++++++++ .../CiliumNetworkPolicy-allow-world.yaml | 17 +++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node.yaml create mode 100644 values/spegel/manifests/policies/CiliumNetworkPolicy-allow-world.yaml diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node.yaml new file mode 100644 index 00000000..7bb26906 --- /dev/null +++ b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node.yaml @@ -0,0 +1,18 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-remote-node + namespace: spegel +spec: + endpointSelector: + matchLabels: {} + ingress: + - fromEntities: + - kube-apiserver + - remote-node + toPorts: + - ports: + - port: "5000" + protocol: TCP +{{- end}} diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-world.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-world.yaml new file mode 100644 index 00000000..2682f0b6 --- /dev/null +++ b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-world.yaml @@ -0,0 +1,17 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-world-dns + namespace: spegel +spec: + description: Allow DNS world + egress: + - toPorts: + - ports: + - port: "5001" + protocol: TCP + endpointSelector: + matchLabels: + app.kubernetes.io/name: spegel +{{- end }} From 6554bdf8d961f6500cb444135b0c639182c8120d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 12:15:59 +0100 Subject: [PATCH 068/108] fix(atlantis): Switch to dragonfly --- .envrc | 9 +---- charts/atlantis/templates/redis.yaml | 55 +++++++++++++--------------- charts/atlantis/values.yaml | 1 - shell.nix | 2 +- 4 files changed, 29 insertions(+), 38 deletions(-) diff --git a/.envrc b/.envrc index fc056953..3e095197 100644 --- a/.envrc +++ b/.envrc @@ -1,14 +1,9 @@ #!/usr/bin/env bash # the shebang is ignored, but nice for editors -watch_file lon.lock +watch_file nix/sources.json # Load .env file if it exists dotenv_if_exists # Activate development shell -if type -P lorri &>/dev/null; then - eval "$(lorri direnv)" -else - echo 'while direnv evaluated .envrc, could not find the command "lorri" [https://github.com/nix-community/lorri]' - use nix -fi +use nix diff --git a/charts/atlantis/templates/redis.yaml b/charts/atlantis/templates/redis.yaml index 4b3e83fa..aaed6a24 100644 --- a/charts/atlantis/templates/redis.yaml +++ b/charts/atlantis/templates/redis.yaml @@ -1,45 +1,42 @@ {{- if .Values.redis.enabled -}} -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: Redis +apiVersion: dragonflydb.io/v1alpha1 +kind: Dragonfly metadata: name: {{ include "Atlantis.fullname" . }}-redis namespace: {{ .Release.Namespace }} annotations: linkerd.io/inject: disabled labels: + app.kubernetes.io/created-by: dragonfly-operator + app.kubernetes.io/instance: dragonfly {{- include "Atlantis.labels" . | nindent 4 }} spec: - kubernetesConfig: - image: quay.io/opstree/redis:v7.2.6 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 101m - memory: 128Mi - limits: - memory: 256Mi - redisSecret: + replicas: {{ .Values.redis.replicas| default "1" }} + resources: + requests: + cpu: 150m + memory: 128Mi + limits: + memory: 256Mi + authentication: + passwordFromSecret: name: {{ .Values.redis.secret.name | quote }} key: {{ .Values.redis.secret.key | quote }} - serviceMonitor: + metrics: enabled: {{ .Values.redis.metrics.enabled | default false }} - redisExporter: - enabled: {{ .Values.redis.exporterEnabled | default false }} - image: quay.io/opstree/redis-exporter:v1.44.0 - imagePullPolicy: Always - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - memory: 256Mi + port: 6379 storage: - volumeClaimTemplate: - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: {{ .Values.cluster.size | default "1Gi" }} + requests: + storage: {{ .Values.cluster.size | default "1Gi" }} + snapshot: + # cron: "0 3 * * *" # Default: every day at 03:00 + # enableOnMasterOnly: false + persistentVolumeClaimSpec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.cluster.size | default "1Gi" }} podSecurityContext: runAsUser: 1000 fsGroup: 1000 diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml index 9665a0ed..7ca06457 100644 --- a/charts/atlantis/values.yaml +++ b/charts/atlantis/values.yaml @@ -79,7 +79,6 @@ redis: metrics: enabled: false size: 1Gi - exporterEnabled: false cluster: enabled: true instances: 1 diff --git a/shell.nix b/shell.nix index 31ab8cc1..3997e065 100644 --- a/shell.nix +++ b/shell.nix @@ -36,6 +36,6 @@ pkgs.mkShellNoCC { dapr-cli ]; - ARGOCD_ENV_CLUSTER_NAME = "oceanbox"; + ARGOCD_ENV_CLUSTER_NAME = "ekman"; HELM_GIT_ACCESS_TOKEN = "glpat-xxx"; } From 9b9d82ca009b3f72eccc223757957c0f624674cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 12:16:46 +0100 Subject: [PATCH 069/108] fix(sorcerer): Switch to dragonfly --- charts/sorcerer/templates/redis.yaml | 59 +++++++++++++--------------- charts/sorcerer/values.yaml | 1 - 2 files changed, 28 insertions(+), 32 deletions(-) diff --git a/charts/sorcerer/templates/redis.yaml b/charts/sorcerer/templates/redis.yaml index 0486ce14..aaed6a24 100644 --- a/charts/sorcerer/templates/redis.yaml +++ b/charts/sorcerer/templates/redis.yaml @@ -1,45 +1,42 @@ {{- if .Values.redis.enabled -}} -apiVersion: redis.redis.opstreelabs.in/v1beta2 -kind: Redis +apiVersion: dragonflydb.io/v1alpha1 +kind: Dragonfly metadata: - name: {{ include "Sorcerer.fullname" . }}-redis + name: {{ include "Atlantis.fullname" . }}-redis namespace: {{ .Release.Namespace }} annotations: linkerd.io/inject: disabled labels: - {{- include "Sorcerer.labels" . | nindent 4 }} + app.kubernetes.io/created-by: dragonfly-operator + app.kubernetes.io/instance: dragonfly + {{- include "Atlantis.labels" . | nindent 4 }} spec: - kubernetesConfig: - image: quay.io/opstree/redis:v7.2.6 - imagePullPolicy: IfNotPresent - resources: - requests: - cpu: 101m - memory: 128Mi - limits: - memory: 256Mi - redisSecret: + replicas: {{ .Values.redis.replicas| default "1" }} + resources: + requests: + cpu: 150m + memory: 128Mi + limits: + memory: 256Mi + authentication: + passwordFromSecret: name: {{ .Values.redis.secret.name | quote }} key: {{ .Values.redis.secret.key | quote }} - serviceMonitor: + metrics: enabled: {{ .Values.redis.metrics.enabled | default false }} - redisExporter: - enabled: {{ .Values.redis.exporterEnabled | default false }} - image: quay.io/opstree/redis-exporter:v1.44.0 - imagePullPolicy: Always - resources: - requests: - cpu: 100m - memory: 128Mi - limits: - memory: 256Mi + port: 6379 storage: - volumeClaimTemplate: - spec: - accessModes: ["ReadWriteOnce"] - resources: - requests: - storage: {{ .Values.cluster.size | default "1Gi" }} + requests: + storage: {{ .Values.cluster.size | default "1Gi" }} + snapshot: + # cron: "0 3 * * *" # Default: every day at 03:00 + # enableOnMasterOnly: false + persistentVolumeClaimSpec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.cluster.size | default "1Gi" }} podSecurityContext: runAsUser: 1000 fsGroup: 1000 diff --git a/charts/sorcerer/values.yaml b/charts/sorcerer/values.yaml index b4f8d09c..7f2e6544 100644 --- a/charts/sorcerer/values.yaml +++ b/charts/sorcerer/values.yaml @@ -76,7 +76,6 @@ redis: enabled: false instances: 1 size: 1Gi - exporterEnabled: false cluster: enabled: false instances: 2 From e10ddd81604e0d182630af43ff43605e7356a150 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 12:32:46 +0100 Subject: [PATCH 070/108] fix(sorcerer): Fix correct label --- charts/sorcerer/templates/redis.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/sorcerer/templates/redis.yaml b/charts/sorcerer/templates/redis.yaml index aaed6a24..57156639 100644 --- a/charts/sorcerer/templates/redis.yaml +++ b/charts/sorcerer/templates/redis.yaml @@ -2,14 +2,14 @@ apiVersion: dragonflydb.io/v1alpha1 kind: Dragonfly metadata: - name: {{ include "Atlantis.fullname" . }}-redis + name: {{ include "Sorcerer.fullname" . }}-redis namespace: {{ .Release.Namespace }} annotations: linkerd.io/inject: disabled labels: app.kubernetes.io/created-by: dragonfly-operator app.kubernetes.io/instance: dragonfly - {{- include "Atlantis.labels" . | nindent 4 }} + {{- include "Sorcerer.labels" . | nindent 4 }} spec: replicas: {{ .Values.redis.replicas| default "1" }} resources: From 86b8da4c7610bb71471f4a0016e366e22fc6d87b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 13:00:35 +0100 Subject: [PATCH 071/108] fix(atlantis): Limit to one thread for now --- charts/atlantis/templates/redis.yaml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/atlantis/templates/redis.yaml b/charts/atlantis/templates/redis.yaml index aaed6a24..cad91ec3 100644 --- a/charts/atlantis/templates/redis.yaml +++ b/charts/atlantis/templates/redis.yaml @@ -11,11 +11,19 @@ metadata: app.kubernetes.io/instance: dragonfly {{- include "Atlantis.labels" . | nindent 4 }} spec: + args: + - --maxmemory=$(MAX_MEMORY)Mi + - --proactor_threads=1 + env: + - name: MAX_MEMORY + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: 1Mi replicas: {{ .Values.redis.replicas| default "1" }} resources: requests: cpu: 150m - memory: 128Mi limits: memory: 256Mi authentication: From 46a888975dce674ef4eec1a5a068ed76c49df3d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 13:14:19 +0100 Subject: [PATCH 072/108] fix(atlantis/sorcerer): Emulated cluster mode in tilt --- charts/atlantis/templates/redis.yaml | 1 + charts/sorcerer/templates/redis.yaml | 11 ++++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/charts/atlantis/templates/redis.yaml b/charts/atlantis/templates/redis.yaml index cad91ec3..e61cb925 100644 --- a/charts/atlantis/templates/redis.yaml +++ b/charts/atlantis/templates/redis.yaml @@ -14,6 +14,7 @@ spec: args: - --maxmemory=$(MAX_MEMORY)Mi - --proactor_threads=1 + - --cluster_mode=emulated env: - name: MAX_MEMORY valueFrom: diff --git a/charts/sorcerer/templates/redis.yaml b/charts/sorcerer/templates/redis.yaml index 57156639..5aa33d45 100644 --- a/charts/sorcerer/templates/redis.yaml +++ b/charts/sorcerer/templates/redis.yaml @@ -11,11 +11,20 @@ metadata: app.kubernetes.io/instance: dragonfly {{- include "Sorcerer.labels" . | nindent 4 }} spec: + args: + - --maxmemory=$(MAX_MEMORY)Mi + - --proactor_threads=1 + - --cluster_mode=emulated + env: + - name: MAX_MEMORY + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: 1Mi replicas: {{ .Values.redis.replicas| default "1" }} resources: requests: cpu: 150m - memory: 128Mi limits: memory: 256Mi authentication: From 78d1fe262cd815d37631331dee58ef9cd4bab353 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Tue, 11 Nov 2025 12:26:51 +0000 Subject: [PATCH 073/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 5cacf192..01569d3e 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "a26f1e40-debug" + tag: "83ddf33a-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 1b05dc172c7f07e0b7d3eecd093c818b900b52d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 13:43:38 +0100 Subject: [PATCH 074/108] fix(atlantis/sorcerer): Set metrics port --- charts/atlantis/templates/redis.yaml | 7 +++++-- charts/sorcerer/templates/redis.yaml | 3 +++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/charts/atlantis/templates/redis.yaml b/charts/atlantis/templates/redis.yaml index e61cb925..dbbf75c7 100644 --- a/charts/atlantis/templates/redis.yaml +++ b/charts/atlantis/templates/redis.yaml @@ -12,8 +12,10 @@ metadata: {{- include "Atlantis.labels" . | nindent 4 }} spec: args: - - --maxmemory=$(MAX_MEMORY)Mi - - --proactor_threads=1 + - --maxmemory=$(MAX_MEMORY)Mi # Graceful memory management (90% of limit) + - --proactor_threads=1 # Auto-detect CPU cores (optimal threading) + - --dir=/data + - --metrics_port=6379 - --cluster_mode=emulated env: - name: MAX_MEMORY @@ -40,6 +42,7 @@ spec: snapshot: # cron: "0 3 * * *" # Default: every day at 03:00 # enableOnMasterOnly: false + dir: /data persistentVolumeClaimSpec: accessModes: - ReadWriteOnce diff --git a/charts/sorcerer/templates/redis.yaml b/charts/sorcerer/templates/redis.yaml index 5aa33d45..a6742d50 100644 --- a/charts/sorcerer/templates/redis.yaml +++ b/charts/sorcerer/templates/redis.yaml @@ -14,6 +14,8 @@ spec: args: - --maxmemory=$(MAX_MEMORY)Mi - --proactor_threads=1 + - --dir=/data + - --metrics_port=6379 - --cluster_mode=emulated env: - name: MAX_MEMORY @@ -40,6 +42,7 @@ spec: snapshot: # cron: "0 3 * * *" # Default: every day at 03:00 # enableOnMasterOnly: false + dir: /data persistentVolumeClaimSpec: accessModes: - ReadWriteOnce From 8ca0e5fb3d02c10344a6a89ee6ca78f476d6191f Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Tue, 11 Nov 2025 12:47:19 +0000 Subject: [PATCH 075/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 01569d3e..548fddcf 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "83ddf33a-debug" + tag: "a5813279-debug" env: - name: APP_VERSION value: "0.0.0-staging" From c695d88ed5e0f51d4f69735db81275369aa8ba07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 13:47:18 +0100 Subject: [PATCH 076/108] fix(atlantis/sorcerer): Arg does not exist --- charts/atlantis/templates/redis.yaml | 1 - charts/sorcerer/templates/redis.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/charts/atlantis/templates/redis.yaml b/charts/atlantis/templates/redis.yaml index dbbf75c7..cd61a9cd 100644 --- a/charts/atlantis/templates/redis.yaml +++ b/charts/atlantis/templates/redis.yaml @@ -15,7 +15,6 @@ spec: - --maxmemory=$(MAX_MEMORY)Mi # Graceful memory management (90% of limit) - --proactor_threads=1 # Auto-detect CPU cores (optimal threading) - --dir=/data - - --metrics_port=6379 - --cluster_mode=emulated env: - name: MAX_MEMORY diff --git a/charts/sorcerer/templates/redis.yaml b/charts/sorcerer/templates/redis.yaml index a6742d50..629df31f 100644 --- a/charts/sorcerer/templates/redis.yaml +++ b/charts/sorcerer/templates/redis.yaml @@ -15,7 +15,6 @@ spec: - --maxmemory=$(MAX_MEMORY)Mi - --proactor_threads=1 - --dir=/data - - --metrics_port=6379 - --cluster_mode=emulated env: - name: MAX_MEMORY From 024cfc280ebcfc68a24b0af9f945ac9f385d9d1b Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Tue, 11 Nov 2025 13:46:09 +0000 Subject: [PATCH 077/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 548fddcf..b00e61ac 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "a5813279-debug" + tag: "0c8f2e2a-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 34b67cf6a0848c52f376c88559383dbb76ec32fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 13:47:18 +0100 Subject: [PATCH 078/108] fix(atlantis/sorcerer): Arg does not exist --- charts/atlantis/templates/redis.yaml | 15 ++++++++------- charts/atlantis/values.yaml | 3 ++- charts/sorcerer/templates/redis.yaml | 15 ++++++++------- charts/sorcerer/values.yaml | 4 +++- 4 files changed, 21 insertions(+), 16 deletions(-) diff --git a/charts/atlantis/templates/redis.yaml b/charts/atlantis/templates/redis.yaml index cd61a9cd..dcff5019 100644 --- a/charts/atlantis/templates/redis.yaml +++ b/charts/atlantis/templates/redis.yaml @@ -14,7 +14,6 @@ spec: args: - --maxmemory=$(MAX_MEMORY)Mi # Graceful memory management (90% of limit) - --proactor_threads=1 # Auto-detect CPU cores (optimal threading) - - --dir=/data - --cluster_mode=emulated env: - name: MAX_MEMORY @@ -22,7 +21,7 @@ spec: resourceFieldRef: resource: limits.memory divisor: 1Mi - replicas: {{ .Values.redis.replicas| default "1" }} + replicas: {{ .Values.redis.replicas | default "1" }} resources: requests: cpu: 150m @@ -37,17 +36,19 @@ spec: port: 6379 storage: requests: - storage: {{ .Values.cluster.size | default "1Gi" }} + storage: {{ .Values.redis.size | default "1Gi" }} + {{- if .Values.redis.backup.enabled }} snapshot: - # cron: "0 3 * * *" # Default: every day at 03:00 - # enableOnMasterOnly: false - dir: /data + dir: /data # Change to s3://redis/prod-atlantis-redis + cron: "0 3 * * *" # Default: every day at 03:00 + enableOnMasterOnly: false persistentVolumeClaimSpec: accessModes: - ReadWriteOnce resources: requests: - storage: {{ .Values.cluster.size | default "1Gi" }} + storage: {{ .Values.redis.size | default "1Gi" }} + {{- end }} podSecurityContext: runAsUser: 1000 fsGroup: 1000 diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml index 7ca06457..9bbc5e02 100644 --- a/charts/atlantis/values.yaml +++ b/charts/atlantis/values.yaml @@ -1,7 +1,6 @@ # Default values for Atlantis. # This is a YAML-formatted file. # Declare variables to be passed into your templates. - replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/poseidon/atlantis @@ -78,6 +77,8 @@ redis: instances: 1 metrics: enabled: false + backup: + enabled: false size: 1Gi cluster: enabled: true diff --git a/charts/sorcerer/templates/redis.yaml b/charts/sorcerer/templates/redis.yaml index 629df31f..f7465d7f 100644 --- a/charts/sorcerer/templates/redis.yaml +++ b/charts/sorcerer/templates/redis.yaml @@ -14,7 +14,6 @@ spec: args: - --maxmemory=$(MAX_MEMORY)Mi - --proactor_threads=1 - - --dir=/data - --cluster_mode=emulated env: - name: MAX_MEMORY @@ -22,7 +21,7 @@ spec: resourceFieldRef: resource: limits.memory divisor: 1Mi - replicas: {{ .Values.redis.replicas| default "1" }} + replicas: {{ .Values.redis.replicas | default "1" }} resources: requests: cpu: 150m @@ -37,17 +36,19 @@ spec: port: 6379 storage: requests: - storage: {{ .Values.cluster.size | default "1Gi" }} + storage: {{ .Values.redis.size | default "1Gi" }} + {{- if .Values.redis.backup.enabled }} snapshot: - # cron: "0 3 * * *" # Default: every day at 03:00 - # enableOnMasterOnly: false - dir: /data + dir: /data # Change to s3://redis/prod-atlantis-redis + cron: "0 3 * * *" # Default: every day at 03:00 + enableOnMasterOnly: false persistentVolumeClaimSpec: accessModes: - ReadWriteOnce resources: requests: - storage: {{ .Values.cluster.size | default "1Gi" }} + storage: {{ .Values.redis.size | default "1Gi" }} + {{- end }} podSecurityContext: runAsUser: 1000 fsGroup: 1000 diff --git a/charts/sorcerer/values.yaml b/charts/sorcerer/values.yaml index 7f2e6544..ccd6a8f0 100644 --- a/charts/sorcerer/values.yaml +++ b/charts/sorcerer/values.yaml @@ -72,9 +72,11 @@ persistence: # accessMode: ReadWriteMany redis: enabled: false + instances: 1 metrics: enabled: false - instances: 1 + backup: + enabled: false size: 1Gi cluster: enabled: false From 37fa2941a96da4712179d56d90c9379cf96cce0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 16:22:01 +0000 Subject: [PATCH 079/108] ci: atlantis --- values/atlantis/values/values-staging.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/atlantis/values/values-staging.yaml.gotmpl b/values/atlantis/values/values-staging.yaml.gotmpl index 37a593e4..4add2012 100644 --- a/values/atlantis/values/values-staging.yaml.gotmpl +++ b/values/atlantis/values/values-staging.yaml.gotmpl @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: 33d94c5d-debug + tag: ddd84b2a-debug podAnnotations: dapr.io/app-id: "staging-atlantis" env: From 9e7ab3c5feee05d42c641afe08ae4ea6758ff871 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 16:22:02 +0000 Subject: [PATCH 080/108] ci: sorcerer --- values/sorcerer/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/sorcerer/values/values-staging.yaml b/values/sorcerer/values/values-staging.yaml index f868db54..edf0a60f 100644 --- a/values/sorcerer/values/values-staging.yaml +++ b/values/sorcerer/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: 33d94c5d-debug + tag: ddd84b2a-debug podAnnotations: dapr.io/enabled: "true" dapr.io/app-id: "staging-sorcerer" From a68d50323222062c051c4ee38703ca89bf3f3b5d Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Tue, 11 Nov 2025 16:24:44 +0000 Subject: [PATCH 081/108] ci: atlantis --- charts/atlantis/Chart.yaml | 4 ++-- charts/atlantis/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/atlantis/Chart.yaml b/charts/atlantis/Chart.yaml index 158377ee..28c68829 100644 --- a/charts/atlantis/Chart.yaml +++ b/charts/atlantis/Chart.yaml @@ -4,7 +4,7 @@ description: Atlantis map and simulation service type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.30.0 +version: v1.30.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.30.0 +appVersion: v1.30.1 diff --git a/charts/atlantis/values.yaml b/charts/atlantis/values.yaml index 9bbc5e02..168c92cc 100644 --- a/charts/atlantis/values.yaml +++ b/charts/atlantis/values.yaml @@ -4,7 +4,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/poseidon/atlantis - tag: v1.30.0 + tag: v1.30.1 pullPolicy: IfNotPresent init: enabled: false From 6e066f8bac58be16a09f4c2ab6d1f2c0ba7ab748 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Tue, 11 Nov 2025 16:24:45 +0000 Subject: [PATCH 082/108] ci: sorcerer --- charts/sorcerer/Chart.yaml | 4 ++-- charts/sorcerer/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/sorcerer/Chart.yaml b/charts/sorcerer/Chart.yaml index e531a5ef..c480534c 100644 --- a/charts/sorcerer/Chart.yaml +++ b/charts/sorcerer/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: v1.30.0 +version: v1.30.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: v1.30.0 +appVersion: v1.30.1 diff --git a/charts/sorcerer/values.yaml b/charts/sorcerer/values.yaml index ccd6a8f0..04b534d5 100644 --- a/charts/sorcerer/values.yaml +++ b/charts/sorcerer/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: repository: registry.gitlab.com/oceanbox/poseidon/sorcerer - tag: v1.30.0 + tag: v1.30.1 pullPolicy: IfNotPresent init: enabled: false From 92219272ac6bfce1cd6cd4b674b3bf6971fec842 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 16:29:10 +0000 Subject: [PATCH 083/108] ci: atlantis --- values/atlantis/values/values-staging.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/atlantis/values/values-staging.yaml.gotmpl b/values/atlantis/values/values-staging.yaml.gotmpl index 4add2012..e6576915 100644 --- a/values/atlantis/values/values-staging.yaml.gotmpl +++ b/values/atlantis/values/values-staging.yaml.gotmpl @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: ddd84b2a-debug + tag: 9566bce0-debug podAnnotations: dapr.io/app-id: "staging-atlantis" env: From 477e291707278d09d0bf880c3e349f736e7c3268 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 16:29:11 +0000 Subject: [PATCH 084/108] ci: sorcerer --- values/sorcerer/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/sorcerer/values/values-staging.yaml b/values/sorcerer/values/values-staging.yaml index edf0a60f..f1485251 100644 --- a/values/sorcerer/values/values-staging.yaml +++ b/values/sorcerer/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: ddd84b2a-debug + tag: 9566bce0-debug podAnnotations: dapr.io/enabled: "true" dapr.io/app-id: "staging-sorcerer" From ae60a6808f5345446c3d8d478bf5f024812a979c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Tue, 11 Nov 2025 16:52:29 +0000 Subject: [PATCH 085/108] ci: atlantis --- values/atlantis/values/values-staging.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/atlantis/values/values-staging.yaml.gotmpl b/values/atlantis/values/values-staging.yaml.gotmpl index e6576915..91ca5c13 100644 --- a/values/atlantis/values/values-staging.yaml.gotmpl +++ b/values/atlantis/values/values-staging.yaml.gotmpl @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: 9566bce0-debug + tag: f8940c92-debug podAnnotations: dapr.io/app-id: "staging-atlantis" env: From 44a668fe7a778c459c98536012310801416d8311 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Tue, 11 Nov 2025 19:40:52 +0000 Subject: [PATCH 086/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index b00e61ac..301256a9 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "0c8f2e2a-debug" + tag: "f0600464-debug" env: - name: APP_VERSION value: "0.0.0-staging" From c204f0c5b18e94a0b4db2c0bf939b5a0de870b8b Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Wed, 12 Nov 2025 07:51:43 +0000 Subject: [PATCH 087/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 301256a9..1d08cc52 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "f0600464-debug" + tag: "5743ce9b-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 53067a5f39bb7b5790fcadbab5b6b7482c945650 Mon Sep 17 00:00:00 2001 From: Simen Kirkvik Date: Wed, 12 Nov 2025 10:47:46 +0100 Subject: [PATCH 088/108] Enable openfga for staging (?) --- values/openfga/env.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/openfga/env.yaml.gotmpl b/values/openfga/env.yaml.gotmpl index 67361e6f..158b7661 100644 --- a/values/openfga/env.yaml.gotmpl +++ b/values/openfga/env.yaml.gotmpl @@ -1,4 +1,4 @@ openfga: enabled: false autosync: false - env: prod + env: {{ .Environment.Name }} From da34dd777564a38c7fe0545b8dd0f11e08759dd2 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Wed, 12 Nov 2025 10:23:37 +0000 Subject: [PATCH 089/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 1d08cc52..4f11c66b 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "5743ce9b-debug" + tag: "f44298ac-debug" env: - name: APP_VERSION value: "0.0.0-staging" From 8f05962cd71fb97795f8be2764a20c7d44db1bda Mon Sep 17 00:00:00 2001 From: Simen Kirkvik Date: Wed, 12 Nov 2025 11:27:40 +0100 Subject: [PATCH 090/108] Enable openfga staging --- values/openfga/env-oceanbox.yaml.gotmpl | 1 - 1 file changed, 1 deletion(-) diff --git a/values/openfga/env-oceanbox.yaml.gotmpl b/values/openfga/env-oceanbox.yaml.gotmpl index 7ac9dc0d..f6d6a9d1 100644 --- a/values/openfga/env-oceanbox.yaml.gotmpl +++ b/values/openfga/env-oceanbox.yaml.gotmpl @@ -1,3 +1,2 @@ openfga: enabled: true - env: prod From 9e5636f872522b09bc2f6128312c447708c9c8c0 Mon Sep 17 00:00:00 2001 From: Simen Kirkvik Date: Wed, 12 Nov 2025 13:37:07 +0100 Subject: [PATCH 091/108] Move staging openfga to ns staging-openfga --- helmfile.d/openfga.yaml.gotmpl | 8 ++++++++ values/argo/manifests/sys-project.yaml | 2 ++ values/openfga/manifests/openfga.yaml | 4 ++++ values/openfga/values/values-staging.yaml | 2 +- 4 files changed, 15 insertions(+), 1 deletion(-) diff --git a/helmfile.d/openfga.yaml.gotmpl b/helmfile.d/openfga.yaml.gotmpl index 1291d3e1..85e7def3 100644 --- a/helmfile.d/openfga.yaml.gotmpl +++ b/helmfile.d/openfga.yaml.gotmpl @@ -10,7 +10,11 @@ commonLabels: releases: - name: {{ .Environment.Name }}-openfga + {{- if eq .Environment.Name "prod" }} namespace: openfga + {{- else }} + namespace: {{ .Environment.Name }}-openfga + {{- end }} chart: openfga/openfga version: 0.2.45 condition: openfga.enabled @@ -22,7 +26,11 @@ releases: - ../values/openfga/kustomize/{{ .Environment.Name }} missingFileHandler: Info - name: manifests + {{- if eq .Environment.Name "prod" }} namespace: openfga + {{- else }} + namespace: {{ .Environment.Name }}-openfga + {{- end }} chart: manifests condition: openfga.enabled missingFileHandler: Info diff --git a/values/argo/manifests/sys-project.yaml b/values/argo/manifests/sys-project.yaml index ef9ff0bc..95108076 100644 --- a/values/argo/manifests/sys-project.yaml +++ b/values/argo/manifests/sys-project.yaml @@ -62,6 +62,8 @@ spec: server: https://kubernetes.default.svc - namespace: openfga server: https://kubernetes.default.svc + - namespace: staging-openfga + server: https://kubernetes.default.svc - namespace: dapr-system server: https://kubernetes.default.svc - namespace: rook-ceph diff --git a/values/openfga/manifests/openfga.yaml b/values/openfga/manifests/openfga.yaml index d3df295c..f64e3afe 100644 --- a/values/openfga/manifests/openfga.yaml +++ b/values/openfga/manifests/openfga.yaml @@ -10,7 +10,11 @@ metadata: - resources-finalizer.argocd.argoproj.io spec: destination: + {{- if eq .Values.openfga.env "prod" }} namespace: openfga + {{- else }} + namespace: {{ .Values.openfga.env }}-openfga + {{- end }} server: https://kubernetes.default.svc project: sys sources: diff --git a/values/openfga/values/values-staging.yaml b/values/openfga/values/values-staging.yaml index f64b98de..d49bb394 100644 --- a/values/openfga/values/values-staging.yaml +++ b/values/openfga/values/values-staging.yaml @@ -27,7 +27,7 @@ extraObjects: kind: Cluster metadata: name: staging-openfga-db - namespace: openfga + namespace: staging-openfga spec: instances: 1 imageName: ghcr.io/cloudnative-pg/postgresql:17-bookworm From 1a9a68af6929961dcee94ce0b349600b86c9facc Mon Sep 17 00:00:00 2001 From: Simen Kirkvik Date: Wed, 12 Nov 2025 13:58:34 +0100 Subject: [PATCH 092/108] Fix staging-openfga db uri secret --- values/openfga/values/values-staging.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/values/openfga/values/values-staging.yaml b/values/openfga/values/values-staging.yaml index d49bb394..ed24463b 100644 --- a/values/openfga/values/values-staging.yaml +++ b/values/openfga/values/values-staging.yaml @@ -2,8 +2,13 @@ replicaCount: 1 datastore: engine: postgres - uriSecret: staging-openfga-db-superuser migrationType: initContainer + envConfig: + - name: OPENFGA_DATASTORE_URI + valueFrom: + secretKeyRef: + key: pgpass + name: staging-openfga-db-superuser ingress: enabled: true From a584f7d01aef6aa3580864822748acd60b944120 Mon Sep 17 00:00:00 2001 From: Simen Kirkvik Date: Wed, 12 Nov 2025 14:03:14 +0100 Subject: [PATCH 093/108] Actually fix staging openfga db key --- values/openfga/values/values-staging.yaml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/values/openfga/values/values-staging.yaml b/values/openfga/values/values-staging.yaml index ed24463b..3275b2e9 100644 --- a/values/openfga/values/values-staging.yaml +++ b/values/openfga/values/values-staging.yaml @@ -3,12 +3,9 @@ replicaCount: 1 datastore: engine: postgres migrationType: initContainer - envConfig: - - name: OPENFGA_DATASTORE_URI - valueFrom: - secretKeyRef: - key: pgpass - name: staging-openfga-db-superuser + existingSecret: staging-openfga-db-superuser + secretKeys: + uriKey: pgpass ingress: enabled: true From e27e51e7d629fda8172f5f877cb49a94f85798d5 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Wed, 12 Nov 2025 13:07:55 +0000 Subject: [PATCH 094/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 4f11c66b..431d1142 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "f44298ac-debug" + tag: "411a71f9-debug" env: - name: APP_VERSION value: "0.0.0-staging" From dfac5ddea8f5d0cac31ff526cc11c6c29603582e Mon Sep 17 00:00:00 2001 From: Simen Kirkvik Date: Wed, 12 Nov 2025 14:08:23 +0100 Subject: [PATCH 095/108] Ups, that's not what an uri is --- values/openfga/values/values-staging.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/values/openfga/values/values-staging.yaml b/values/openfga/values/values-staging.yaml index 3275b2e9..5ed2f366 100644 --- a/values/openfga/values/values-staging.yaml +++ b/values/openfga/values/values-staging.yaml @@ -3,9 +3,11 @@ replicaCount: 1 datastore: engine: postgres migrationType: initContainer + uri: staging-openfga-db-rw.staging-openfga.svc.cluster.local existingSecret: staging-openfga-db-superuser secretKeys: - uriKey: pgpass + usernameKey: username + passwordKey: password ingress: enabled: true From 8354fee2369175b23e4dc539a5fcd9fe8a2205fc Mon Sep 17 00:00:00 2001 From: Simen Kirkvik Date: Wed, 12 Nov 2025 14:16:21 +0100 Subject: [PATCH 096/108] Create uri secret --- values/openfga/postgres-secret.yaml | 5 ++--- values/openfga/values/values-staging.yaml | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/values/openfga/postgres-secret.yaml b/values/openfga/postgres-secret.yaml index 0a0ad2f7..809c0df3 100644 --- a/values/openfga/postgres-secret.yaml +++ b/values/openfga/postgres-secret.yaml @@ -10,10 +10,9 @@ type: Opaque --- apiVersion: v1 stringData: - postgres-password: iAnMHs3eEuQM0D4jeAP1dwEoLWUBSwNXwhBuPDOgmfoeZ58iV0zogQ77U3GNUbwa - uri: postgres://postgres:iAnMHs3eEuQM0D4jeAP1dwEoLWUBSwNXwhBuPDOgmfoeZ58iV0zogQ77U3GNUbwa@staging-openfga-rw.openfga.svc.cluster.local:5432/postgres?sslmode=disable + uri: postgres://staging-openfga-rw.openfga.svc.cluster.local:5432/app?sslmode=disable kind: Secret metadata: name: staging-openfga-postgresql - namespace: openfga + namespace: staging-openfga type: Opaque diff --git a/values/openfga/values/values-staging.yaml b/values/openfga/values/values-staging.yaml index 5ed2f366..7a6536e8 100644 --- a/values/openfga/values/values-staging.yaml +++ b/values/openfga/values/values-staging.yaml @@ -3,7 +3,7 @@ replicaCount: 1 datastore: engine: postgres migrationType: initContainer - uri: staging-openfga-db-rw.staging-openfga.svc.cluster.local + uriSecret: staging-openfga-postgresql existingSecret: staging-openfga-db-superuser secretKeys: usernameKey: username From 2a432525bfef6a240124000efb3db8281a7000ba Mon Sep 17 00:00:00 2001 From: Simen Kirkvik Date: Wed, 12 Nov 2025 14:31:34 +0100 Subject: [PATCH 097/108] Fix staging openfga psql uri secret --- values/openfga/postgres-secret.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/openfga/postgres-secret.yaml b/values/openfga/postgres-secret.yaml index 809c0df3..25812c4c 100644 --- a/values/openfga/postgres-secret.yaml +++ b/values/openfga/postgres-secret.yaml @@ -10,7 +10,7 @@ type: Opaque --- apiVersion: v1 stringData: - uri: postgres://staging-openfga-rw.openfga.svc.cluster.local:5432/app?sslmode=disable + uri: postgres://staging-openfga-db-rw.staging-openfga.svc.cluster.local:5432/app?sslmode=disable kind: Secret metadata: name: staging-openfga-postgresql From 638e91ce78be590720512ff04dde21620e9d9c96 Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Wed, 12 Nov 2025 14:01:55 +0000 Subject: [PATCH 098/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 431d1142..37613151 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "411a71f9-debug" + tag: "83d8d884-debug" env: - name: APP_VERSION value: "0.0.0-staging" From bc7e44bbf38adcc46b60fc7a9a6391bcff3e7420 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Wed, 12 Nov 2025 15:09:20 +0100 Subject: [PATCH 099/108] fix: Add redis to Plume as Dapr Statestore --- charts/plume/templates/redis.yaml | 55 +++++++++++++++++++++++++++++++ charts/plume/values.yaml | 8 +++++ 2 files changed, 63 insertions(+) create mode 100644 charts/plume/templates/redis.yaml diff --git a/charts/plume/templates/redis.yaml b/charts/plume/templates/redis.yaml new file mode 100644 index 00000000..58c2fcf9 --- /dev/null +++ b/charts/plume/templates/redis.yaml @@ -0,0 +1,55 @@ +{{- if .Values.redis.enabled -}} +apiVersion: dragonflydb.io/v1alpha1 +kind: Dragonfly +metadata: + name: {{ include "Plume.fullname" . }}-redis + namespace: {{ .Release.Namespace }} + annotations: + linkerd.io/inject: disabled + labels: + app.kubernetes.io/created-by: dragonfly-operator + app.kubernetes.io/instance: dragonfly + {{- include "Plume.labels" . | nindent 4 }} +spec: + args: + - --maxmemory=$(MAX_MEMORY)Mi # Graceful memory management (90% of limit) + - --proactor_threads=1 # Auto-detect CPU cores (optimal threading) + - --cluster_mode=emulated + env: + - name: MAX_MEMORY + valueFrom: + resourceFieldRef: + resource: limits.memory + divisor: 1Mi + replicas: {{ .Values.redis.replicas | default "1" }} + resources: + requests: + cpu: 150m + limits: + memory: 256Mi + authentication: + passwordFromSecret: + name: {{ .Values.redis.secret.name | quote }} + key: {{ .Values.redis.secret.key | quote }} + metrics: + enabled: {{ .Values.redis.metrics.enabled | default false }} + port: 6379 + storage: + requests: + storage: {{ .Values.redis.size | default "1Gi" }} + {{- if .Values.redis.backup.enabled }} + snapshot: + dir: /data # Change to s3://redis/prod-atlantis-redis + cron: "0 3 * * *" # Default: every day at 03:00 + enableOnMasterOnly: false + persistentVolumeClaimSpec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.redis.size | default "1Gi" }} + {{- end }} + podSecurityContext: + runAsUser: 1000 + fsGroup: 1000 +{{- end}} diff --git a/charts/plume/values.yaml b/charts/plume/values.yaml index a48c102f..b49e1ac7 100644 --- a/charts/plume/values.yaml +++ b/charts/plume/values.yaml @@ -59,6 +59,14 @@ cluster: backupEnabled: true backupRetention: 60d size: 5Gi +redis: + enabled: false + instances: 1 + metrics: + enabled: false + backup: + enabled: false + size: 1Gi resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little From 2117df91f71f91707bca4c52c992b3d91079f81c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Wed, 12 Nov 2025 17:08:04 +0100 Subject: [PATCH 100/108] feat(sorcerer:) Add Redis Operator for staging --- charts/sorcerer/templates/redis.yaml | 10 ++++++---- charts/sorcerer/values.yaml | 3 +++ values/sorcerer/values/values-staging.yaml | 17 +++++++++++++++++ 3 files changed, 26 insertions(+), 4 deletions(-) diff --git a/charts/sorcerer/templates/redis.yaml b/charts/sorcerer/templates/redis.yaml index f7465d7f..49c6d105 100644 --- a/charts/sorcerer/templates/redis.yaml +++ b/charts/sorcerer/templates/redis.yaml @@ -12,9 +12,10 @@ metadata: {{- include "Sorcerer.labels" . | nindent 4 }} spec: args: - - --maxmemory=$(MAX_MEMORY)Mi - - --proactor_threads=1 + - --maxmemory=$(MAX_MEMORY)Mi # Graceful memory management (90% of limit) + - --proactor_threads=1 # Auto-detect CPU cores (optimal threading) - --cluster_mode=emulated + - --save_schedule= # Disable continuous saves (cron snapshots only) env: - name: MAX_MEMORY valueFrom: @@ -24,9 +25,10 @@ spec: replicas: {{ .Values.redis.replicas | default "1" }} resources: requests: - cpu: 150m + cpu: {{ .Values.redis.resources.cpu | default "150m" }} + memory: {{ .Values.redis.resources.memory | default "256Mi"}} limits: - memory: 256Mi + memory: {{ .Values.redis.resources.memory | default "256Mi"}} authentication: passwordFromSecret: name: {{ .Values.redis.secret.name | quote }} diff --git a/charts/sorcerer/values.yaml b/charts/sorcerer/values.yaml index 04b534d5..c45a46d8 100644 --- a/charts/sorcerer/values.yaml +++ b/charts/sorcerer/values.yaml @@ -64,6 +64,7 @@ ingress: - hosts: - sorcerer.srv.oceanbox.io secretName: sorcerer-tls + persistence: enabled: true existingClaim: oceanbox-archives @@ -78,12 +79,14 @@ redis: backup: enabled: false size: 1Gi + cluster: enabled: false instances: 2 backupEnabled: true backupRetention: 60d size: 5Gi + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little diff --git a/values/sorcerer/values/values-staging.yaml b/values/sorcerer/values/values-staging.yaml index f1485251..ab264841 100644 --- a/values/sorcerer/values/values-staging.yaml +++ b/values/sorcerer/values/values-staging.yaml @@ -1,6 +1,8 @@ replicaCount: 1 + image: tag: 9566bce0-debug + podAnnotations: dapr.io/enabled: "true" dapr.io/app-id: "staging-sorcerer" @@ -13,6 +15,7 @@ podAnnotations: dapr.io/sidecar-memory-request: "50Mi" # dapr.io/sidecar-cpu-limit: "300m" # dapr.io/sidecar-memory-limit: "1000Mi" + env: - name: APP_VERSION value: "0.0.0-staging" @@ -30,6 +33,7 @@ env: secretKeyRef: name: dapr-api-token key: token + ingress: enabled: true annotations: @@ -62,11 +66,24 @@ ingress: - hosts: - sorcerer.ekman.oceanbox.io secretName: staging-sorcerer-tls + persistence: enabled: true existingClaim: staging-sorcerer-ceph-archives # existingClaim: staging-oceanbox-backup-archives # +redis: + enabled: true + size: 2Gi + backup: + enabled: true + secret: + name: "staging-sorcerer-redis" + key: "redis-password" + resources: + cpu: 150m + memory: 256Mi + # nodeSelector: # node-role.kubernetes.io/srv: "" # kubernetes.io/hostname: fs-backup From 95e412c2a41febf9614b03ad60e8e94e169a2924 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Wed, 12 Nov 2025 17:10:18 +0100 Subject: [PATCH 101/108] fix(sorcerer): Remove duplicate label redis --- charts/sorcerer/templates/redis.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/charts/sorcerer/templates/redis.yaml b/charts/sorcerer/templates/redis.yaml index 49c6d105..56f8ee4d 100644 --- a/charts/sorcerer/templates/redis.yaml +++ b/charts/sorcerer/templates/redis.yaml @@ -8,7 +8,6 @@ metadata: linkerd.io/inject: disabled labels: app.kubernetes.io/created-by: dragonfly-operator - app.kubernetes.io/instance: dragonfly {{- include "Sorcerer.labels" . | nindent 4 }} spec: args: From 88c0a27611a67bf91ac889cf595ce42c90d7bc90 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Wed, 12 Nov 2025 17:16:20 +0100 Subject: [PATCH 102/108] fix(sorcerer): Disable metrics/storage --- charts/sorcerer/templates/redis.yaml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/charts/sorcerer/templates/redis.yaml b/charts/sorcerer/templates/redis.yaml index 56f8ee4d..474b5ed2 100644 --- a/charts/sorcerer/templates/redis.yaml +++ b/charts/sorcerer/templates/redis.yaml @@ -11,10 +11,11 @@ metadata: {{- include "Sorcerer.labels" . | nindent 4 }} spec: args: + - --dbfilename=dump # Static filename prevents disk exhaustion - --maxmemory=$(MAX_MEMORY)Mi # Graceful memory management (90% of limit) - - --proactor_threads=1 # Auto-detect CPU cores (optimal threading) + - --proactor_threads=1 # Auto-detect CPU cores (optimal threading) - --cluster_mode=emulated - - --save_schedule= # Disable continuous saves (cron snapshots only) + - --save_schedule= # Disable continuous saves (cron snapshots only) env: - name: MAX_MEMORY valueFrom: @@ -32,12 +33,12 @@ spec: passwordFromSecret: name: {{ .Values.redis.secret.name | quote }} key: {{ .Values.redis.secret.key | quote }} - metrics: - enabled: {{ .Values.redis.metrics.enabled | default false }} - port: 6379 - storage: - requests: - storage: {{ .Values.redis.size | default "1Gi" }} + # metrics: + # enabled: {{ .Values.redis.metrics.enabled | default false }} + # port: 6379 + # storage: + # requests: + # storage: {{ .Values.redis.size | default "1Gi" }} {{- if .Values.redis.backup.enabled }} snapshot: dir: /data # Change to s3://redis/prod-atlantis-redis From 7a744c8b8945a1b7f0b7b80d3c50792e2b0f61d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Wed, 12 Nov 2025 17:43:25 +0100 Subject: [PATCH 103/108] fix(sorcerer): Remove unused fields in redis --- charts/sorcerer/templates/redis.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/charts/sorcerer/templates/redis.yaml b/charts/sorcerer/templates/redis.yaml index 474b5ed2..4b4e48f0 100644 --- a/charts/sorcerer/templates/redis.yaml +++ b/charts/sorcerer/templates/redis.yaml @@ -36,9 +36,6 @@ spec: # metrics: # enabled: {{ .Values.redis.metrics.enabled | default false }} # port: 6379 - # storage: - # requests: - # storage: {{ .Values.redis.size | default "1Gi" }} {{- if .Values.redis.backup.enabled }} snapshot: dir: /data # Change to s3://redis/prod-atlantis-redis @@ -51,7 +48,4 @@ spec: requests: storage: {{ .Values.redis.size | default "1Gi" }} {{- end }} - podSecurityContext: - runAsUser: 1000 - fsGroup: 1000 {{- end}} From 1e534a742c40c15d2fc5ccdca8a67c1a039e47da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Wed, 12 Nov 2025 18:29:07 +0100 Subject: [PATCH 104/108] fix(sorcerer): Log redis to stderr --- charts/sorcerer/templates/redis.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/sorcerer/templates/redis.yaml b/charts/sorcerer/templates/redis.yaml index 4b4e48f0..2aeeed59 100644 --- a/charts/sorcerer/templates/redis.yaml +++ b/charts/sorcerer/templates/redis.yaml @@ -15,6 +15,7 @@ spec: - --maxmemory=$(MAX_MEMORY)Mi # Graceful memory management (90% of limit) - --proactor_threads=1 # Auto-detect CPU cores (optimal threading) - --cluster_mode=emulated + - --logtostderr - --save_schedule= # Disable continuous saves (cron snapshots only) env: - name: MAX_MEMORY From bc0a6c21281f7dd3e414132804a4b12ceb999ac3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Wed, 12 Nov 2025 18:43:33 +0100 Subject: [PATCH 105/108] fix(sorcerer): Staging switch to redis operator --- values/sorcerer/kustomize/staging/configurations.yaml | 2 +- values/sorcerer/kustomize/staging/statestore.yaml | 2 +- values/sorcerer/values/values-staging.yaml | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/values/sorcerer/kustomize/staging/configurations.yaml b/values/sorcerer/kustomize/staging/configurations.yaml index 9ae7b291..c8c1a4b6 100644 --- a/values/sorcerer/kustomize/staging/configurations.yaml +++ b/values/sorcerer/kustomize/staging/configurations.yaml @@ -7,7 +7,7 @@ spec: version: v1 metadata: - name: redisHost - value: staging-sorcerer-redis-master:6379 + value: staging-sorcerer-redis:6379 - name: redisUsername value: default - name: redisPassword diff --git a/values/sorcerer/kustomize/staging/statestore.yaml b/values/sorcerer/kustomize/staging/statestore.yaml index 61079a33..3f1ef29e 100644 --- a/values/sorcerer/kustomize/staging/statestore.yaml +++ b/values/sorcerer/kustomize/staging/statestore.yaml @@ -7,7 +7,7 @@ spec: version: v1 metadata: - name: redisHost - value: staging-sorcerer-redis-master:6379 + value: staging-sorcerer-redis:6379 - name: redisUsername value: default - name: redisPassword diff --git a/values/sorcerer/values/values-staging.yaml b/values/sorcerer/values/values-staging.yaml index ab264841..6a24b9ed 100644 --- a/values/sorcerer/values/values-staging.yaml +++ b/values/sorcerer/values/values-staging.yaml @@ -94,6 +94,7 @@ redis: # operator: Equal # value: compute # effect: NoSchedule + affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: From 213879d889df4a739ec1a0f246456ca47df57bda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Wed, 12 Nov 2025 18:49:54 +0100 Subject: [PATCH 106/108] fix(sorcerer): Update redis for staging --- values/sorcerer/kustomize/staging/appsettings.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/sorcerer/kustomize/staging/appsettings.json b/values/sorcerer/kustomize/staging/appsettings.json index 168e88e1..26c2c244 100644 --- a/values/sorcerer/kustomize/staging/appsettings.json +++ b/values/sorcerer/kustomize/staging/appsettings.json @@ -48,7 +48,7 @@ "modelId": "01JKTZYMCZZBVSBG66W27XMW0A" }, "sentryUrl": "https://5e6e3584098dc006de18038cf85d2cbe@o4509530141622272.ingest.de.sentry.io/4509547350065232", - "redis": "localhost:6379,user=default,password=secret", + "redis": "staging-sorcerer-redis:6379,user=default,password=secret", "allowedOrigins": [ "http://localhost:8085", "http://localhost:8080", From ff2d7060ee2012bd121a1f0ea4766606383c760d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Wed, 12 Nov 2025 18:59:55 +0100 Subject: [PATCH 107/108] fix(sorcerer): Add redis operator to prod --- values/sorcerer/values/redis-prod.yaml | 1 - values/sorcerer/values/values-prod.yaml | 13 +++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/values/sorcerer/values/redis-prod.yaml b/values/sorcerer/values/redis-prod.yaml index f5a82dfe..269f358b 100644 --- a/values/sorcerer/values/redis-prod.yaml +++ b/values/sorcerer/values/redis-prod.yaml @@ -20,4 +20,3 @@ master: cpu: 150m ephemeral-storage: 50Mi memory: 128Mi - diff --git a/values/sorcerer/values/values-prod.yaml b/values/sorcerer/values/values-prod.yaml index 21ce0022..6d82dc19 100644 --- a/values/sorcerer/values/values-prod.yaml +++ b/values/sorcerer/values/values-prod.yaml @@ -78,6 +78,19 @@ persistence: # operator: Equal # value: compute # effect: NoSchedule +redis: + enabled: true + replicas: 3 + size: 2Gi + backup: + enabled: true + secret: + name: "prod-sorcerer-redis" + key: "redis-password" + resources: + cpu: 150m + memory: 256Mi + affinity: nodeAffinity: From ae93d09ecc53cce05515bd9a2594a0e70acf0c4b Mon Sep 17 00:00:00 2001 From: Radovan Bast Date: Thu, 13 Nov 2025 07:51:47 +0000 Subject: [PATCH 108/108] ci: makai --- values/makai/values/values-staging.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values/makai/values/values-staging.yaml b/values/makai/values/values-staging.yaml index 37613151..e5a5753b 100644 --- a/values/makai/values/values-staging.yaml +++ b/values/makai/values/values-staging.yaml @@ -1,6 +1,6 @@ replicaCount: 1 image: - tag: "83d8d884-debug" + tag: "2592c5b2-debug" env: - name: APP_VERSION value: "0.0.0-staging"