feat: simplify charts, resources, kustomizations and applications for atlantis SPMSA

2024-10-08 16:54:58 +02:00
parent 2e00aceed1
commit eb2eebaa34
37 changed files with 136 additions and 428 deletions
@@ -1,6 +1,6 @@
 dependencies:
- name: redis-stack-server
-  repository: https://redis-stack.github.io/helm-redis-stack/
-  version: 0.4.14
-digest: sha256:ed6bf447567c0d92030bffebc947801c67cb4e9b4dd95680c35a0b5f6b23d71f
-generated: "2024-10-04T11:54:47.575418518+02:00"
+- name: redis
+  repository: https://charts.bitnami.com/bitnami
+  version: 20.1.7
+digest: sha256:9c9be148366bb3d50f7394ba5a33e1a00a087b5ed61d2bcf1faec9b369e76582
+generated: "2024-10-08T13:21:10.374993273+02:00"
@@ -5,8 +5,8 @@ type: application
 version: v2.87.1
 appVersion: v2.87.1
 dependencies:
-  - name: redis-stack-server
-    version: 0.4.14
-    repository: https://redis-stack.github.io/helm-redis-stack/
+  - name: redis
+    version: 20.1.7
+    repository: https://charts.bitnami.com/bitnami
    condition: redis.enabled
    alias: redis
@@ -3,6 +3,7 @@ apiVersion: postgresql.cnpg.io/v1
 kind: Cluster
 metadata:
  name: {{ include "Atlantis.fullname" . }}-db
+  namespace: {{ .Release.Namespace }}
  annotations:
    linkerd.io/inject: disabled
  labels:
@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "Atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "Atlantis.labels" . | nindent 4 }}
 spec:
@@ -3,6 +3,7 @@ apiVersion: autoscaling/v2beta1
 kind: HorizontalPodAutoscaler
 metadata:
  name: {{ include "Atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "Atlantis.labels" . | nindent 4 }}
 spec:
@@ -16,6 +16,7 @@ apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  name: {{ $fullName }}
+  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "Atlantis.labels" . | nindent 4 }}
  {{- with .Values.ingress.annotations }}
@@ -0,0 +1,26 @@
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-atlantis-services
+  namespace: {{ .Release.Namespace }}
+spec:
+  egress:
+  - toEndpoints:
+    - matchLabels:
+        k8s:io.kubernetes.pod.namespace: dapr-system
+  - toEndpoints:
+    - matchLabels:
+        k8s:io.kubernetes.pod.namespace: {{ .Values.rabbitmq.namespace | default "rabbitmq" }}
+  - toEndpoints:
+    - matchLabels:
+        k8s:io.kubernetes.pod.namespace: {{ .Values.tracing.namespace | default "otel" }}
+  - toFQDNs:
+    - matchName: '*.oceanbox.io'
+    - matchName: api.github.com
+    - matchName: dapr.github.io
+    - matchName: gitlab.com
+    - matchPattern: '*.gitlab.com'
+    - matchPattern: "*.k1.itpartner.no"
+    - matchName: analytics.loft.rocks
+  endpointSelector:
+    matchLabels: {}
@@ -0,0 +1,54 @@
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: pubsub
+  namespace: {{ .Release.Namespace }}
+spec:
+  version: v1
+  type: pubsub.rabbitmq
+  metadata:
+  - name: hostname
+    value: {{ .Values.rabbitmq.service }}.{{ .Values.rabbitmq.namespace | default "rabbitmq" }}
+  - name: username
+    value: {{ .Values.rabbitmq.username }}
+  - name: password
+    secretKeyRef:
+      name: {{ .Values.rabbitmq.secretName | default (printf "%s-rabbitmq" .Release.Name) }}
+      key:  rabbitmq-password
+  - name: protocol
+    value: amqp
+  - name: durable
+    value: true
+  - name: deletedWhenUnused
+    value: false
+  - name: autoAck
+    value: false
+  - name: deliveryMode
+    value: 1
+  - name: requeueInFailure
+    value: false
+  - name: prefetchCount
+    value: 0
+  - name: reconnectWait
+    value: 0
+  - name: concurrencyMode
+    value: parallel
+  - name: publisherConfirm
+    value: false
+  - name: backOffPolicy
+    value: exponential
+  - name: backOffInitialInterval
+    value: 100
+  - name: backOffMaxRetries
+    value: 16
+  - name: enableDeadLetter # Optional enable dead Letter or not
+    value: true
+  - name: maxLen # Optional max message count in a queue
+    value: 3000
+  - name: maxLenBytes # Optional maximum length in bytes of a queue.
+    value: 10485760
+  - name: exchangeKind
+    value: fanout
+  - name: clientName
+    value: "{appID}"
+
@@ -3,6 +3,7 @@ kind: PersistentVolumeClaim
 apiVersion: v1
 metadata:
  name: {{ template "Atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
 {{- with .Values.persistence.annotations  }}
  annotations:
 {{ toYaml . | indent 4 }}
@@ -4,6 +4,7 @@ metadata:
  annotations:
    kyverno/clone: "true"
  name: {{ .Release.Name }}-rabbitmq
+  namespace: {{ .Release.Namespace }}
 type: Opaque
 data:
 ---
@@ -25,6 +26,7 @@ metadata:
  annotations:
    kyverno/clone: "true"
  name: {{ include "Atlantis.fullname" . }}-db-superuser
+  namespace: {{ .Release.Namespace }}
 type: kubernetes.io/basic-auth
 data:
  username:
@@ -48,6 +50,7 @@ metadata:
  annotations:
    kyverno/clone: "true"
  name: {{ .Values.cluster.bootstrap.source.db }}-ca
+  namespace: {{ .Release.Namespace }}
 data:
  ca.crt: ""
  ca.key: ""
@@ -2,6 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "Atlantis.fullname" . }}
+  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "Atlantis.labels" . | nindent 4 }}
 spec:
@@ -3,6 +3,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: {{ include "Atlantis.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "Atlantis.labels" . | nindent 4 }}
  {{- with .Values.serviceAccount.annotations }}
@@ -0,0 +1,22 @@
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: statestore
+  namespace: {{ .Release.Namespace }}
+spec:
+  type: state.redis
+  version: v1
+  metadata:
+  - name: redisHost
+    value: {{ .Release.Name }}-redis-master:6379
+  - name: redisUsername
+    value: default
+  - name: redisPassword
+    secretKeyRef:
+      name: {{ .Release.Name }}-redis
+      key:  redis-password
+  - name: actorStateStore
+    value: "true"
+scopes:
+  - atlantis
+  - {{ .Release.Name }}-atlantis
@@ -0,0 +1,31 @@
+apiVersion: dapr.io/v2alpha1
+kind: Subscription
+metadata:
+  name: hipster-events
+  namespace: {{ .Release.Namespace }}
+spec:
+  topic: hipster
+  routes:
+    default: /hipster-events
+  pubsubname: pubsub
+  metadata:
+    queueType: quorum
+scopes:
+- atlantis
+- {{ .Release.Name}}-atlantis
+---
+apiVersion: dapr.io/v2alpha1
+kind: Subscription
+metadata:
+  name: inbox-events
+  namespace: {{ .Release.Namespace }}
+spec:
+  topic: inbox
+  routes:
+    default: /inbox-events
+  pubsubname: pubsub
+  metadata:
+    queueType: quorum
+scopes:
+- atlantis
+- {{ .Release.Name}}-atlantis
@@ -0,0 +1,11 @@
+apiVersion: dapr.io/v1alpha1
+kind: Configuration
+metadata:
+  name: tracing
+  namespace: {{ .Release.Namespace }}
+spec:
+  tracing:
+    samplingRate: "1"
+    zipkin:
+      endpointAddress: {{ .Values.tracing.endpoint }}
+
@@ -3,21 +3,28 @@
 # Declare variables to be passed into your templates.

 replicaCount: 1
+
 image:
  repository: registry.gitlab.com/oceanbox/atlantis
  tag: v2.87.1
  pullPolicy: IfNotPresent
+
 init:
  enabled: false
  image: ubuntu:rolling
  command: ["/bin/sh", "-c", "true"]
+
 env:
  - name: LOG_LEVEL
    value: "3"
+
 imagePullSecrets:
  - name: gitlab-pull-secret
+
 nameOverride: ""
+
 fullnameOverride: ""
+
 serviceAccount:
  create: true
  # Annotations to add to the service account
@@ -25,9 +32,12 @@ serviceAccount:
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name: ""
+
 podAnnotations: {}
+
 podSecurityContext:
  fsGroup: 2000
+
 securityContext:
  capabilities:
    drop:
@@ -35,9 +45,11 @@ securityContext:
  readOnlyRootFilesystem: false
  runAsNonRoot: true
  runAsUser: 1000
+
 service:
  type: ClusterIP
  port: 8085
+
 ingress:
  enabled: false
  className: "nginx"
@@ -53,11 +65,13 @@ ingress:
    - hosts:
        - atlantis.srv.oceanbox.io
      secretName: atlantis-tls
+
 persistence:
  enabled: false
  size: 1G
  storageClass: ""
  accessMode: ReadWriteOnce
+
 cluster:
  enabled: true
  instances: 1
@@ -69,15 +83,53 @@ cluster:
    source:
      db: prod-archmeister
      namespace: atlantis
+
 redis:
  enabled: true
-  name: redis-stack
-  redis_stack_server:
-    image: "redis/redis-stack-server"
-    tag: "7.4.0-v1"
-    replicas: 1
-    storage_class: ceph-rbd
-    storage: 1Gi
+  image:
+    repository: redis/redis-stack-server
+    tag: 7.2.0-v10
+  architecture: standalone
+  replica:
+    replicaCount: 1
+    command:
+      - "/opt/redis-stack/bin/redis-server"
+      - "--loadmodule"
+      - "/opt/redis-stack/lib/redisearch.so"
+      - "MAXSEARCHRESULTS"
+      - "10000"
+      - "MAXAGGREGATERESULTS"
+      - "10000"
+      - "--loadmodule"
+      - "/opt/redis-stack/lib/rejson.so"
+  auth:
+    enabled: true
+    sentinel: true
+    password: ""
+    usePasswordFiles: false
+    existingSecretPasswordKey: ""
+    # existingSecret: staging-redis
+  master:
+    resources:
+      limits:
+        cpu: null
+        ephemeral-storage: 1024Mi
+        memory: 192Mi
+      requests:
+        cpu: 150m
+        ephemeral-storage: 50Mi
+        memory: 128Mi
+
+tracing:
+  namespace: otel
+  endpoint: "http://opentelemetry-collector.otel:9411/api/v2/spans"
+
+rabbitmq:
+  namespace: rabbitmq
+  service: staging-rabbitmq
+  username: user
+  # secretName: staging-rabbitmq
+
 resources: {}
 # We usually recommend not to specify default resources and to leave this as a conscious
 # choice for the user. This also increases chances charts run on environments with little
@@ -96,6 +148,7 @@ autoscaling:
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
  # targetMemoryUtilizationPercentage: 80
+
 nodeSelector: {}
 tolerations: []
 affinity: {}