From fe1a432a35c3dce95565210f9a020e13468a3ffd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20J=C3=B6rg?= <moritz.jorg@oceanbox.io>
Date: Fri, 20 Jun 2025 10:31:52 +0200
Subject: [PATCH 1/6] fix(plume): Move ingress to staging

---
 charts/plume/templates/NOTES.txt              |  8 ++++----
 charts/plume/values.yaml                      | 20 +------------------
 values/plume/values/plume-staging.yaml.gotmpl | 19 ++++++++++++++++++
 3 files changed, 24 insertions(+), 23 deletions(-)
 create mode 100644 values/plume/values/plume-staging.yaml.gotmpl

diff --git a/charts/plume/templates/NOTES.txt b/charts/plume/templates/NOTES.txt
index c8b089ca..80e43f5e 100644
--- a/charts/plume/templates/NOTES.txt
+++ b/charts/plume/templates/NOTES.txt
@@ -6,16 +6,16 @@
   {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "Sorcerer.fullname" . }})
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "Plume.fullname" . }})
   export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
   echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
      NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "Sorcerer.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "Sorcerer.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "Plume.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "Plume.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
   echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "Sorcerer.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "Plume.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
   export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
   echo "Visit http://127.0.0.1:8080 to use your application"
   kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
diff --git a/charts/plume/values.yaml b/charts/plume/values.yaml
index 1fa05ca2..0e358cc2 100644
--- a/charts/plume/values.yaml
+++ b/charts/plume/values.yaml
@@ -46,25 +46,7 @@ service:
   type: ClusterIP
   port: 8085
 ingress:
-  enabled: true
-  className: "nginx"
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging
-    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
-    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-  hosts:
-    - host: plume.srv.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-      internal:
-        - path: /internal
-          pathType: ImplementationSpecific
-  tls:
-    - hosts:
-        - plume.srv.oceanbox.io
-      secretName: plume-tls
+  enabled: false
 persistence:
   enabled: false
   existingClaim: oceanbox-archives
diff --git a/values/plume/values/plume-staging.yaml.gotmpl b/values/plume/values/plume-staging.yaml.gotmpl
new file mode 100644
index 00000000..ae5734a9
--- /dev/null
+++ b/values/plume/values/plume-staging.yaml.gotmpl
@@ -0,0 +1,19 @@
+ingress:
+  enabled: true
+  className: "nginx"
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-staging
+    nginx.ingress.kubernetes.io/backend-protocol: HTTP
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+  hosts:
+    - host: plume.ekman.oceanbox.io
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+      internal:
+        - path: /internal
+          pathType: ImplementationSpecific
+  tls:
+    - hosts:
+        - plume.ekman.oceanbox.io
+      secretName: plume-tls

From 67b7d0b60f70f82d7189aae5b48cc73a24fae300 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20J=C3=B6rg?= <moritz.jorg@oceanbox.io>
Date: Fri, 20 Jun 2025 10:52:58 +0200
Subject: [PATCH 2/6] chore(prometheus): Add oncall

---
 values/prometheus/env-oceanbox.yaml.gotmpl | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/values/prometheus/env-oceanbox.yaml.gotmpl b/values/prometheus/env-oceanbox.yaml.gotmpl
index 0eede571..51190b11 100644
--- a/values/prometheus/env-oceanbox.yaml.gotmpl
+++ b/values/prometheus/env-oceanbox.yaml.gotmpl
@@ -5,10 +5,12 @@ prometheus:
   certRenewCronEnabled: false
   fullname: prom
   enableFeatures:
-    - otlp-write-reciever
-    - remote-write-reciever
+  - otlp-write-reciever
+  - remote-write-reciever
   grafana:
     persistence: true
+    plugins:
+    - grafana-oncall
   thanos:
     enabled: true
   coredns:

From 93c491f00fa2d78ceb1489c58c5ae0c2e7e75e4e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20J=C3=B6rg?= <moritz.jorg@oceanbox.io>
Date: Fri, 20 Jun 2025 10:54:32 +0200
Subject: [PATCH 3/6] fix: Add plugins and whitelist

---
 values/plume/values/plume-staging.yaml.gotmpl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/values/plume/values/plume-staging.yaml.gotmpl b/values/plume/values/plume-staging.yaml.gotmpl
index ae5734a9..8712f588 100644
--- a/values/plume/values/plume-staging.yaml.gotmpl
+++ b/values/plume/values/plume-staging.yaml.gotmpl
@@ -5,6 +5,7 @@ ingress:
     cert-manager.io/cluster-issuer: letsencrypt-staging
     nginx.ingress.kubernetes.io/backend-protocol: HTTP
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
   hosts:
     - host: plume.ekman.oceanbox.io
       paths:

From 607a002061b26ae2725c5b3e0e2dd55028bcbeb6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20J=C3=B6rg?= <moritz.jorg@oceanbox.io>
Date: Fri, 20 Jun 2025 10:59:56 +0200
Subject: [PATCH 4/6] chore: Expose plume ingress and dns

---
 values/headscale/values.yaml                  | 1 +
 values/plume/values/plume-staging.yaml.gotmpl | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/values/headscale/values.yaml b/values/headscale/values.yaml
index 85bb47ed..febb24dc 100644
--- a/values/headscale/values.yaml
+++ b/values/headscale/values.yaml
@@ -237,6 +237,7 @@ configMaps:
            { "name": "grafana.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
            { "name": "slurmrestd.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
            { "name": "sorcrerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
+           { "name": "plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
 
            { "name": "dashboard.ob-ceph.local", "type": "A", "value": "10.255.241.10" },
            { "name": "grafana.ob-ceph.local", "type": "A", "value": "10.255.241.10" },
diff --git a/values/plume/values/plume-staging.yaml.gotmpl b/values/plume/values/plume-staging.yaml.gotmpl
index 8712f588..a84b2c07 100644
--- a/values/plume/values/plume-staging.yaml.gotmpl
+++ b/values/plume/values/plume-staging.yaml.gotmpl
@@ -5,7 +5,7 @@ ingress:
     cert-manager.io/cluster-issuer: letsencrypt-staging
     nginx.ingress.kubernetes.io/backend-protocol: HTTP
     nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24
   hosts:
     - host: plume.ekman.oceanbox.io
       paths:

From 881d2e7e33ccc25697668a0e6fc1cff281a9d65f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20J=C3=B6rg?= <moritz.jorg@oceanbox.io>
Date: Fri, 20 Jun 2025 11:03:23 +0200
Subject: [PATCH 5/6] fix: Typo add -app

---
 values/prometheus/env-oceanbox.yaml.gotmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/values/prometheus/env-oceanbox.yaml.gotmpl b/values/prometheus/env-oceanbox.yaml.gotmpl
index 51190b11..62e97680 100644
--- a/values/prometheus/env-oceanbox.yaml.gotmpl
+++ b/values/prometheus/env-oceanbox.yaml.gotmpl
@@ -10,7 +10,7 @@ prometheus:
   grafana:
     persistence: true
     plugins:
-    - grafana-oncall
+    - grafana-oncall-app
   thanos:
     enabled: true
   coredns:

From 0d4fa7e6b9e9206225a287154bc8defe832b5d63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20J=C3=B6rg?= <moritz.jorg@oceanbox.io>
Date: Fri, 20 Jun 2025 11:09:48 +0200
Subject: [PATCH 6/6] fix: Disable plugin

---
 values/prometheus/env-oceanbox.yaml.gotmpl | 2 --
 1 file changed, 2 deletions(-)

diff --git a/values/prometheus/env-oceanbox.yaml.gotmpl b/values/prometheus/env-oceanbox.yaml.gotmpl
index 62e97680..a43691e6 100644
--- a/values/prometheus/env-oceanbox.yaml.gotmpl
+++ b/values/prometheus/env-oceanbox.yaml.gotmpl
@@ -9,8 +9,6 @@ prometheus:
   - remote-write-reciever
   grafana:
     persistence: true
-    plugins:
-    - grafana-oncall-app
   thanos:
     enabled: true
   coredns: