Update Helm release rabbitmq to v16

2026-03-14 22:02:07 +00:00
21 changed files with 176 additions and 116 deletions
@@ -8,7 +8,7 @@ releases:
 - name: kueue
  namespace: kueue-system
  chart: oci://registry.k8s.io/kueue/charts/kueue
-  version: 0.16.2
+  version: 0.15.0
  condition: kueue.enabled
  values:
  - ../values/kueue/values/values.yaml
@@ -16,7 +16,7 @@ releases:
  namespace: {{ .Environment.Name }}-openfga
  {{- end }}
  chart: openfga/openfga
-  version: 0.2.56
+  version: 0.2.55
  condition: openfga.enabled
  values:
  - ../values/openfga/values/values.yaml
@@ -15,7 +15,7 @@ releases:
 - name: prometheus
  namespace: prometheus
  chart: prometheus/kube-prometheus-stack
-  version: 82.10.3
+  version: 82.10.1
  condition: prometheus.enabled
  values:
  - ../values/prometheus/values/prometheus.yaml.gotmpl
@@ -14,7 +14,7 @@ releases:
 - name: umami
  namespace: analytics
  chart: umami/umami
-  version: 7.7.3
+  version: 7.7.2
  condition: umami.enabled
  values:
  - ../values/umami/values/values.yaml
@@ -15,7 +15,7 @@ releases:
 - name: velero
  namespace: velero
  chart: velero/velero
-  version: 12.0.0
+  version: 11.4.0
  condition: velero.enabled
  values:
  - ../values/velero/values/velero.yaml.gotmpl
@@ -1,19 +0,0 @@
-{
-  buildGoModule,
-  fetchFromGitHub,
-}:
-buildGoModule rec {
-  pname = "kueuectl";
-  version = "0.16.3";
-
-  src = fetchFromGitHub {
-    owner = "kubernetes-sigs";
-    repo = "kueue";
-    rev = "v${version}";
-    hash = "sha256-JbU+ZoQ+YriaiIbbVCe45OTYycxYRanLhmQAdpE+xQ4=";
-  };
-
-  vendorHash = null;
-
-  subPackages = [ "cmd/kueuectl" ];
-}
@@ -7,7 +7,6 @@ let
    overlays = [ ];
  };
  treefmt = import ./nix/treefmt.nix { };
-  kueuectl = pkgs.callPackage ./nix/kueuectl.nix { };
 in
 pkgs.mkShellNoCC {
  packages = [
@@ -28,7 +27,6 @@ pkgs.mkShellNoCC {
    pkgs.kubectl-rook-ceph

    # other tools activate when needed
-    kueuectl
    # pkgs.step-cli
    # pkgs.linkerd
    # pkgs.cmctl
@@ -42,7 +40,7 @@ pkgs.mkShellNoCC {
  ];

  # Environment variables
-  ARGOCD_ENV_CLUSTER_NAME = "ekman";
+  ARGOCD_ENV_CLUSTER_NAME = "hel1";
  HELM_GIT_ACCESS_TOKEN = "glpat-xxx";
  API_SERVER_IP = "localhost";
  API_SERVER_PORT = "7445";
@@ -1,11 +1,8 @@
 cilium:
  enabled: true
-  clustermesh:
-    enabled: false
-    clusterId: 2
-    # NodePort until L2LB is available (kubeproxyless)
-    apiserverServiceType: NodePort
-  # TODO: WireGuard blocks all traffic on ekman -- disable until root cause is found.
+  # WireGuard cannot be used during migration -- Flannel nodes have no WireGuard
+  # keys so encrypted traffic is unreadable by them.
+  # TODO: re-enable after migration
  encryption:
    enabled: false
  envoy:
@@ -1,8 +1,5 @@
 cilium:
  enabled: true
-  clustermesh:
-    enabled: false
-    clusterId: 1
  nodePort:
    enabled: true
  l2announcement:
@@ -30,8 +30,4 @@ cilium:
  loadbalancerPool:
    enabled: false
    cidr: []
-  clustermesh:
-    enabled: false
-    clusterId: 0
-    apiserverServiceType: LoadBalancer
  cluster: {{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}
@@ -1,16 +1,3 @@
-cluster:
-  name: {{ .Values.cilium.cluster }}
-  id: {{ .Values.cilium.clustermesh.clusterId }}
-{{- if .Values.cilium.clustermesh.enabled }}
-clustermesh:
-  useAPIServer: true
-  apiserver:
-    service:
-      type: {{ .Values.cilium.clustermesh.apiserverServiceType }}
-    tls:
-      auto:
-        method: helm
-{{- end }}
 authentication:
  mutual:
    spire:
@@ -103,7 +90,7 @@ operator:
  prometheus:
    enabled: true
    port: 12301
-    serviceMonitor:
+    serviceMointor:
      enabled: true
      port: 12302
  rollOutPods: true
@@ -1,6 +1,6 @@
 replicaCount: 1
 image:
-  tag: "0d279bb9-debug"
+  tag: "e9fd3fc6-debug"
 env:
  - name: APP_VERSION
    value: "0.0.0"
@@ -38,7 +38,7 @@ spec:
   - group: ""
     kind: Secret
     name: jobset-webhook-server-cert
-     namespace: jobset-system
+     namespace: default
     jsonPointers:
       - /data
 {{- end }}
@@ -0,0 +1,3 @@
+kueue:
+  enabled: true
+  autosync: false
@@ -1,68 +1,51 @@
-apiVersion: kueue.x-k8s.io/v1beta2
+apiVersion: kueue.x-k8s.io/v1beta1
 kind: ResourceFlavor
 metadata:
-  name: compute # Just needs to exist, can be managed with tains/tolerations
-  annotations:
-    argocd.argoproj.io/sync-wave: "2"
-spec:
-  nodeLabels:
-    node-role.kubernetes.io/compute: compute
-    topology.kubernetes.io/group: c1 # Only run on C1 for now
+ name: compute # Just needs to exist, can be managed with tains/tolerations
 ---
-apiVersion: kueue.x-k8s.io/v1beta2
+apiVersion: kueue.x-k8s.io/v1beta1
 kind: ClusterQueue
 metadata:
-   name: cluster-queue
-   annotations:
-     argocd.argoproj.io/sync-wave: "2"
+   name: jobs
 spec:
+  cohort: general
  namespaceSelector: {} # Accept workloads from any namespace
-  queueingStrategy: BestEffortFIFO
-  # preemption:
-    # withinClusterQueue: "LowerPriority" # Allow higher priority to preempt lower
+  preemption:
+    withinClusterQueue: "LowerPriority" # Allow higher priority to preempt lower
  resourceGroups:
   - coveredResources: ["cpu", "memory"] # Cover both memory and cpu resources
     flavors:
       - name: compute
         resources:
           - name: "cpu"
-             nominalQuota: '32'
+             nominalQuota: '4'
           - name: "memory"
-             nominalQuota: 64Gi
-# ---
-# apiVersion: kueue.x-k8s.io/v1beta2
-# kind: LocalQueue
-# metadata:
-#   name: prod-queue
-#   namespace: prod-queue
-# spec:
-#   clusterQueue: cluster-queue
+             nominalQuota: 8Gi
 ---
-apiVersion: v1
-kind: Namespace
+apiVersion: kueue.x-k8s.io/v1beta1
+kind: LocalQueue
 metadata:
-  name: dev-queue
-  annotations:
-    argocd.argoproj.io/sync-wave: "2"
+  name: prod-queue
+  namespace: prod-sorcerer
+spec:
+  clusterQueue: jobs
 ---
-apiVersion: kueue.x-k8s.io/v1beta2
+apiVersion: kueue.x-k8s.io/v1beta1
 kind: LocalQueue
 metadata:
  name: staging-queue
-  namespace: dev-queue
-  annotations:
-    argocd.argoproj.io/sync-wave: "2"
+  namespace: staging-sorcerer
 spec:
-  clusterQueue: cluster-queue
-# ---
-# apiVersion: kueue.x-k8s.io/v1beta2
-# kind: WorkloadPriorityClass
-# metadata:
-#   name: "normal"
-# value: 100
-# ---
-# apiVersion: kueue.x-k8s.io/v1beta2
-# kind: WorkloadPriorityClass
-# metadata:
-#   name: "high"
-# value: 200 # Higher value = higher priority
+  clusterQueue: jobs
+---
+apiVersion: kueue.x-k8s.io/v1beta1
+kind: WorkloadPriorityClass
+metadata:
+  name: "normal"
+value: 100
+---
+apiVersion: kueue.x-k8s.io/v1beta1
+kind: WorkloadPriorityClass
+metadata:
+  name: "high"
+value: 200 # Higher value = higher priority
@@ -0,0 +1,89 @@
+{{- if eq .Values.clusterConfig.cluster "ekman"}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kueueviz-ingress
+  namespace: kueue-system
+  annotations:
+    cert-manager.io/cluster-issuer: ca-issuer
+    nginx.ingress.kubernetes.io/backend-protocol: HTTP
+    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/websocket-services: kueue-kueueviz-backend
+spec:
+  rules:
+    - host: kueue.dev.tos.obx
+      http:
+        paths:
+          - path: /ws
+            pathType: Prefix
+            backend:
+              service:
+                name: kueue-kueueviz-backend
+                port:
+                  number: 8080
+          - path: /api(/|$)(.*)
+            pathType: Prefix
+            backend:
+              service:
+                name: kueue-kueueviz-backend
+                port:
+                  number: 8080
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: kueue-kueueviz-frontend
+                port:
+                  number: 8080
+  tls:
+    - hosts:
+        - kueue.dev.tos.obx
+      secretName: kueueviz-tls
+{{- end}}
+---
+{{- if eq .Values.clusterConfig.cluster "rossby"}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kueueviz-ingress
+  namespace: kueue-system
+  annotations:
+    cert-manager.io/cluster-issuer: ca-issuer
+    nginx.ingress.kubernetes.io/websocket-services: kueue-kueueviz-backend
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+spec:
+  rules:
+    - host: kueue.dev.vtn.obx
+      http:
+        paths:
+          - path: /ws
+            pathType: Prefix
+            backend:
+              service:
+                name: kueue-kueueviz-backend
+                port:
+                  number: 8080
+          - path: /api(/|$)(.*)
+            pathType: Prefix
+            backend:
+              service:
+                name: kueue-kueueviz-backend
+                port:
+                  number: 8080
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: kueue-kueueviz-frontend
+                port:
+                  number: 8080
+  tls:
+    - hosts:
+        - kueue.dev.vtn.obx
+      secretName: kueueviz-tls
+{{- end}}
@@ -5,7 +5,6 @@ metadata:
  name: kueue
  namespace: argocd
  annotations:
-    argocd.argoproj.io/sync-wave: "1"
    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
    argocd.argoproj.io/compare-options: ServerSideDiff=true
  finalizers:
@@ -28,7 +27,7 @@ spec:
        value: {{ .Values.kueue.env }}
      - name: HELMFILE_FILE_PATH
        value: kueue.yaml.gotmpl
-  - repoURL: {{ .Values.clusterConfig.manifests }}
+  - repoURL: https://gitlab.com/oceanbox/manifests.git
    targetRevision: main
    ref: values
  syncPolicy:
@@ -42,3 +41,4 @@ spec:
      selfHeal: false
    {{- end }}
 {{- end }}
+
@@ -0,0 +1,9 @@
+kueueViz:
+  backend:
+    env:
+      - name: KUEUEVIZ_ALLOWED_ORIGINS
+        value: "https://kueue.dev.tos.obx"
+  frontend:
+    env:
+      - name: REACT_APP_WEBSOCKET_URL
+        value: "wss://kueue.dev.tos.obx"
@@ -0,0 +1,9 @@
+kueueViz:
+  backend:
+    env:
+      - name: KUEUEVIZ_ALLOWED_ORIGINS
+        value: "https://kueue.dev.vtn.obx"
+  frontend:
+    env:
+      - name: REACT_APP_WEBSOCKET_URL
+        value: "wss://kueue.dev.vtn.obx"
@@ -1,14 +1,21 @@
-managerConfig:
-  controllerManagerConfigYaml: |
-    apiVersion: config.kueue.x-k8s.io/v1beta2
-    kind: Configuration
-    integrations:
-      frameworks:
-        - batch/job
-        - jobset.x-k8s.io/jobset
-    internalCertManagement:
-      enable: false
-enableCertManager: true
+controllerManager:
+  featureGates:
+    - name: TopologyAwareScheduling
+      enabled: true
+    - name: LocalQueueMetrics
+      enabled: true
+  managerConfig:
+    controllerManagerConfigYaml: |
+      apiVersion: config.kueue.x-k8s.io/v1beta1
+      kind: Configuration
+      integrations:
+        frameworks:
+          - batch/job
+          - jobset.x-k8s.io/jobset
+      internalCertManagement:
+        enable: false
+enableCertManager: false
 enablePrometheus: true
 metrics:
  prometheusNamespace: prometheus
+enableKueueViz: true
@@ -72,3 +72,7 @@ metrics:
       for: 15m
       labels:
         severity: critical
+kubectl:
+  image:
+      repository: docker.io/bitnamilegacy/kubectl
+      tag: 1.33.4