fix(atlantis): Use prod-openfga, prod-rabbitmq, staging-sorcerer and staging-plume

charts/atlantis/Chart.yaml

@@ -8,8 +8,3 @@ version: v1.35.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
 appVersion: v1.35.2
-dependencies:
-  - name: diagrid-dashboard
-    version: "0.1.0"
-    repository: "file://../diagrid-dashboard"
-    condition: diagrid-dashboard.enabled

charts/atlantis/values.yaml

@@ -116,6 +116,3 @@ serviceMonitor:
 nodeSelector: {}
 tolerations: []
 affinity: {}
-
-diagrid-dashboard:
-  enabled: false

charts/diagrid-dashboard/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

charts/diagrid-dashboard/Chart.yaml

@@ -1,24 +0,0 @@
-apiVersion: v2
-name: diagrid-dashboard
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"

charts/diagrid-dashboard/templates/NOTES.txt

@@ -1,35 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.httpRoute.enabled }}
-{{- if .Values.httpRoute.hostnames }}
-    export APP_HOSTNAME={{ .Values.httpRoute.hostnames | first }}
-{{- else }}
-    export APP_HOSTNAME=$(kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o jsonpath="{.spec.listeners[0].hostname}")
-  {{- end }}
-{{- if and .Values.httpRoute.rules (first .Values.httpRoute.rules).matches (first (first .Values.httpRoute.rules).matches).path.value }}
-    echo "Visit http://$APP_HOSTNAME{{ (first (first .Values.httpRoute.rules).matches).path.value }} to use your application"
-
-    NOTE: Your HTTPRoute depends on the listener configuration of your gateway and your HTTPRoute rules.
-    The rules can be set for path, method, header and query parameters.
-    You can check the gateway configuration with 'kubectl get --namespace {{(first .Values.httpRoute.parentRefs).namespace | default .Release.Namespace }} gateway/{{ (first .Values.httpRoute.parentRefs).name }} -o yaml'
-{{- end }}
-{{- else if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
-  {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "diagrid-dashboard.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "diagrid-dashboard.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "diagrid-dashboard.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "diagrid-dashboard.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}

charts/diagrid-dashboard/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "diagrid-dashboard.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "diagrid-dashboard.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "diagrid-dashboard.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "diagrid-dashboard.labels" -}}
-helm.sh/chart: {{ include "diagrid-dashboard.chart" . }}
-{{ include "diagrid-dashboard.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "diagrid-dashboard.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "diagrid-dashboard.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "diagrid-dashboard.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "diagrid-dashboard.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

charts/diagrid-dashboard/templates/deployment.yaml

@@ -1,81 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "diagrid-dashboard.fullname" . }}
-  labels:
-    {{- include "diagrid-dashboard.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.autoscaling.enabled }}
-  replicas: {{ .Values.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "diagrid-dashboard.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "diagrid-dashboard.labels" . | nindent 8 }}
-        {{- with .Values.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "diagrid-dashboard.serviceAccountName" . }}
-      {{- with .Values.podSecurityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: {{ .Chart.Name }}
-          {{- with .Values.securityContext }}
-          securityContext:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          env:
-            - name: COMPONENT_FILE
-              value: /app/components/statestore.yaml
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-          {{- with .Values.livenessProbe }}
-          livenessProbe:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.readinessProbe }}
-          readinessProbe:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.resources }}
-          resources:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.volumeMounts }}
-          volumeMounts:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-      {{- with .Values.volumes }}
-      volumes:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

charts/diagrid-dashboard/templates/hpa.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.autoscaling.enabled }}
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "diagrid-dashboard.fullname" . }}
-  labels:
-    {{- include "diagrid-dashboard.labels" . | nindent 4 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "diagrid-dashboard.fullname" . }}
-  minReplicas: {{ .Values.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
-  metrics:
-    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: cpu
-        target:
-          type: Utilization
-          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
-    {{- end }}
-    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: memory
-        target:
-          type: Utilization
-          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
-    {{- end }}
-{{- end }}

charts/diagrid-dashboard/templates/httproute.yaml

@@ -1,38 +0,0 @@
-{{- if .Values.httpRoute.enabled -}}
-{{- $fullName := include "diagrid-dashboard.fullname" . -}}
-{{- $svcPort := .Values.service.port -}}
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: {{ $fullName }}
-  labels:
-    {{- include "diagrid-dashboard.labels" . | nindent 4 }}
-  {{- with .Values.httpRoute.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  parentRefs:
-    {{- with .Values.httpRoute.parentRefs }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  {{- with .Values.httpRoute.hostnames }}
-  hostnames:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  rules:
-    {{- range .Values.httpRoute.rules }}
-    {{- with .matches }}
-    - matches:
-      {{- toYaml . | nindent 8 }}
-    {{- end }}
-    {{- with .filters }}
-      filters:
-      {{- toYaml . | nindent 8 }}
-    {{- end }}
-      backendRefs:
-        - name: {{ $fullName }}
-          port: {{ $svcPort }}
-          weight: 1
-    {{- end }}
-{{- end }}

charts/diagrid-dashboard/templates/ingress.yaml

@@ -1,43 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ include "diagrid-dashboard.fullname" . }}
-  labels:
-    {{- include "diagrid-dashboard.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- with .Values.ingress.className }}
-  ingressClassName: {{ . }}
-  {{- end }}
-  {{- if .Values.ingress.tls }}
-  tls:
-    {{- range .Values.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-  rules:
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            {{- with .pathType }}
-            pathType: {{ . }}
-            {{- end }}
-            backend:
-              service:
-                name: {{ include "diagrid-dashboard.fullname" $ }}
-                port:
-                  number: {{ $.Values.service.port }}
-          {{- end }}
-    {{- end }}
-{{- end }}

charts/diagrid-dashboard/templates/service.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "diagrid-dashboard.fullname" . }}
-  labels:
-    {{- include "diagrid-dashboard.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "diagrid-dashboard.selectorLabels" . | nindent 4 }}

charts/diagrid-dashboard/templates/serviceaccount.yaml

@@ -1,13 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "diagrid-dashboard.serviceAccountName" . }}
-  labels:
-    {{- include "diagrid-dashboard.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
-{{- end }}

charts/diagrid-dashboard/templates/statestore.yaml

@@ -1,29 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: diadash-statestore
-data:
-  statestore.yaml: |
-    apiVersion: dapr.io/v1alpha1
-    kind: Component
-    metadata:
-      name: statestore
-    scopes:
-      - {{ .Values.statestore.scope }}
-    spec:
-      metadata:
-        - name: redisHost
-          value: {{ .Values.statestore.redis }}:6379
-        - name: redisUsername
-          value: default
-        - name: redisPassword
-          value: mrtz-password
-          # secretKeyRef:
-          #   key: redis-password
-          #   name: {{ .Values.statestore.redis }}
-        - name: actorStateStore
-          value: "true"
-        - name: redisDB
-          value: "1"
-      type: state.redis
-      version: v1

charts/diagrid-dashboard/templates/tests/test-connection.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "diagrid-dashboard.fullname" . }}-test-connection"
-  labels:
-    {{- include "diagrid-dashboard.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "diagrid-dashboard.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never

charts/diagrid-dashboard/values.yaml

@@ -1,166 +0,0 @@
-# Default values for diagrid-dashboard.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-statestore:
-  scope: my-scope
-  redis: my-redis
-
-# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
-replicaCount: 1
-
-# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
-image:
-  repository: ghcr.io/diagridio/diagrid-dashboard
-  # This sets the pull policy for images.
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: "latest"
-
-# This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-imagePullSecrets: []
-# This is to override the chart name.
-nameOverride: ""
-fullnameOverride: ""
-
-# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Automatically mount a ServiceAccount's API credentials?
-  automount: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-# This is for setting Kubernetes Annotations to a Pod.
-# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
-podAnnotations: {}
-# This is for setting Kubernetes Labels to a Pod.
-# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
-podLabels: {}
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
-service:
-  # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
-  type: ClusterIP
-  # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
-  port: 8080
-
-# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
-ingress:
-  enabled: true
-  className: "nginx"
-  annotations:
-    cert-manager.io/cluster-issuer: ca-issuer
-    nginx.ingress.kubernetes.io/backend-protocol: HTTP
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    oceanbox.io/expose: internal
-  hosts:
-    - host: diadash.dev.vtn.obx
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls:
-    - secretName: diadash-tls
-      hosts:
-        - diadash.dev.vtn.obx
-
-# -- Expose the service via gateway-api HTTPRoute
-# Requires Gateway API resources and suitable controller installed within the cluster
-# (see: https://gateway-api.sigs.k8s.io/guides/)
-httpRoute:
-  # HTTPRoute enabled.
-  enabled: false
-  # HTTPRoute annotations.
-  annotations: {}
-  # Which Gateways this Route is attached to.
-  parentRefs:
-    - name: gateway
-      sectionName: http
-      # namespace: default
-  # Hostnames matching HTTP header.
-  hostnames:
-    - chart-example.local
-  # List of rules and filters applied.
-  rules:
-    - matches:
-        - path:
-            type: PathPrefix
-            value: /headers
-  #   filters:
-  #   - type: RequestHeaderModifier
-  #     requestHeaderModifier:
-  #       set:
-  #       - name: My-Overwrite-Header
-  #         value: this-is-the-only-value
-  #       remove:
-  #       - User-Agent
-  # - matches:
-  #   - path:
-  #       type: PathPrefix
-  #       value: /echo
-  #     headers:
-  #     - name: version
-  #       value: v2
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
-# livenessProbe:
-#   httpGet:
-#     path: /
-#     port: http
-# readinessProbe:
-#   httpGet:
-#     path: /
-#     port: http
-
-# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-
-# Additional volumes on the output Deployment definition.
-volumes:
-  - name: statestore
-    configMap:
-      name: diadash-statestore
-
-# Additional volumeMounts on the output Deployment definition.
-volumeMounts:
-  - name: statestore
-    mountPath: /app/components/statestore.yaml
-    subPath: statestore.yaml
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}

charts/fornix/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

charts/fornix/Chart.yaml

@@ -1,21 +0,0 @@
-apiVersion: v2
-name: fornix
-description: A Helm chart for Kubernetes
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: v1.2.4
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "v1.2.4"

charts/fornix/templates/NOTES.txt

@@ -1,22 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
-  {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "fornix.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "fornix.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "fornix.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "fornix.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}

charts/fornix/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "fornix.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "fornix.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "fornix.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "fornix.labels" -}}
-helm.sh/chart: {{ include "fornix.chart" . }}
-{{ include "fornix.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "fornix.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "fornix.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "fornix.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "fornix.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

charts/fornix/templates/deployment.yaml

@@ -1,83 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "fornix.fullname" . }}
-  labels:
-    {{- include "fornix.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.autoscaling.enabled }}
-  replicas: {{ .Values.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "fornix.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "fornix.labels" . | nindent 8 }}
-        {{- with .Values.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "fornix.serviceAccountName" . }}
-      {{- with .Values.podSecurityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: {{ .Chart.Name }}
-          {{- with .Values.securityContext }}
-          securityContext:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-          env:
-          - name: DRUPAL_URL
-            value: {{ .Values.drupalUrl }}
-          - name: BASE_URL
-            value: {{ .Values.baseUrl }}
-          {{- with .Values.livenessProbe }}
-          livenessProbe:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.readinessProbe }}
-          readinessProbe:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.resources }}
-          resources:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.volumeMounts }}
-          volumeMounts:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-      {{- with .Values.volumes }}
-      volumes:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

charts/fornix/templates/ingress.yaml

@@ -1,43 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ include "fornix.fullname" . }}
-  labels:
-    {{- include "fornix.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- with .Values.ingress.className }}
-  ingressClassName: {{ . }}
-  {{- end }}
-  {{- if .Values.ingress.tls }}
-  tls:
-    {{- range .Values.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-  rules:
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            {{- with .pathType }}
-            pathType: {{ . }}
-            {{- end }}
-            backend:
-              service:
-                name: {{ include "fornix.fullname" $ }}
-                port:
-                  number: {{ $.Values.service.port }}
-          {{- end }}
-    {{- end }}
-{{- end }}

charts/fornix/templates/service.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "fornix.fullname" . }}
-  labels:
-    {{- include "fornix.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "fornix.selectorLabels" . | nindent 4 }}

charts/fornix/templates/serviceaccount.yaml

@@ -1,13 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "fornix.serviceAccountName" . }}
-  labels:
-    {{- include "fornix.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
-{{- end }}

charts/fornix/templates/tests/test-connection.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "fornix.fullname" . }}-test-connection"
-  labels:
-    {{- include "fornix.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "fornix.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never

charts/fornix/values.yaml

@@ -1,100 +0,0 @@
-# Default values for fornix.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-drupalUrl: http://drupal
-baseUrl: https://oceanbox.io
-# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
-replicaCount: 1
-# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
-image:
-  repository: registry.gitlab.com/oceanbox/fornix
-  # This sets the pull policy for images.
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: v1.2.4
-# This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-imagePullSecrets:
-  - name: gitlab-pull-secret
-# This is to override the chart name.
-nameOverride: ""
-fullnameOverride: ""
-# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Automatically mount a ServiceAccount's API credentials?
-  automount: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-# This is for setting Kubernetes Annotations to a Pod.
-# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
-podAnnotations: {}
-# This is for setting Kubernetes Labels to a Pod.
-# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
-podLabels: {}
-podSecurityContext:
-  fsGroup: 2000
-securityContext:
-  capabilities:
-    drop:
-      - ALL
-  readOnlyRootFilesystem: false
-  runAsNonRoot: true
-  runAsUser: 1000
-# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
-service:
-  # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
-  type: ClusterIP
-  # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
-  port: 8085
-# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
-ingress:
-  enabled: false
-resources: {}
-# We usually recommend not to specify default resources and to leave this as a conscious
-# choice for the user. This also increases chances charts run on environments with little
-# resources, such as Minikube. If you do want to specify resources, uncomment the following
-# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-# limits:
-#   cpu: 100m
-#   memory: 128Mi
-# requests:
-#   cpu: 100m
-#   memory: 128Mi
-
-# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
-livenessProbe:
-  httpGet:
-    path: /
-    port: http
-readinessProbe:
-  httpGet:
-    path: /
-    port: http
-# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-# Additional volumes on the output Deployment definition.
-volumes: []
-# - name: foo
-#   secret:
-#     secretName: mysecret
-#     optional: false
-
-# Additional volumeMounts on the output Deployment definition.
-volumeMounts: []
-# - name: foo
-#   mountPath: "/etc/foo"
-#   readOnly: true
-
-nodeSelector: {}
-tolerations: []
-affinity: {}

charts/plume/templates/redis.yaml

@@ -45,7 +45,6 @@ spec:
     persistentVolumeClaimSpec:
       accessModes:
       - ReadWriteOnce
-      storageClass: {{ .Values.redis.storageClass | default "managed-nfs-storage" }}
       resources:
         requests:
           storage: {{ .Values.redis.size | default "1Gi" }}

charts/plume/values.yaml

@@ -3,7 +3,7 @@
 # Declare variables to be passed into your templates.
 replicaCount: 1
 image:
-  repository: registry.gitlab.com/oceanbox/plume
+  repository: registry.gitlab.com/oceanbox/plume/plume
   tag: v1.6.7
   pullPolicy: IfNotPresent
 init:

charts/sorcerer/Chart.lock

@@ -1,6 +0,0 @@
-dependencies:
-- name: diagrid-dashboard
-  repository: file://../diagrid-dashboard
-  version: 0.1.0
-digest: sha256:4fdb3148a2a6439223d7844a3083da2de324dd47e5cb3ac4a5d9c436e6e2c775
-generated: "2025-12-16T19:38:21.939708629+01:00"

charts/sorcerer/Chart.yaml

@@ -8,8 +8,3 @@ version: v1.35.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
 appVersion: v1.35.2
-dependencies:
-  - name: diagrid-dashboard
-    version: "0.1.0"
-    repository: "file://../diagrid-dashboard"
-    condition: diagrid-dashboard.enabled

charts/sorcerer/values.yaml

@@ -108,9 +108,3 @@ serviceMonitor:
 nodeSelector: {}
 tolerations: []
 affinity: {}
-
-diagrid-dashboard:
-  enabled: false
-  statestore:
-    scope: sorcerer
-    redis: sorcerer-redis

helmfile.d/fornix.yaml.gotmpl

@@ -1,37 +0,0 @@
-bases:
- - ../envs/environments.yaml.gotmpl
-
-commonLabels:
-  tier: oceanbox
-
-releases:
-- name: fornix
-  namespace: fornix
-  chart: ../charts/fornix
-  condition: fornix.enabled
-  values:
-  - ../values/fornix/values/values.yaml
-  postRenderer: ../bin/kustomizer
-  postRendererArgs:
-  - ../values/fornix/kustomize/{{ .Environment.Name }}
-  missingFileHandler: Info
-- name: manifests
-  namespace: fornix
-  chart: manifests
-  condition: fornix.enabled
-  missingFileHandler: Info
-  values:
-  - ../values/env.yaml
-  - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
-  - ../values/fornix/env.yaml.gotmpl
-  - ../values/fornix/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl
-  hooks:
-  - events: [ prepare, cleanup ]
-    showlogs: true
-    command: ../bin/helmify
-    args:
-    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
-    - '{{`{{ .Release.Chart }}`}}'
-    - '{{`{{ .Environment.Name }}`}}'
-    - ../values/fornix/manifests
-    - manifests

helmfile.d/kueue.yaml.gotmpl

@@ -1,40 +0,0 @@
-bases:
- - ../envs/environments.yaml.gotmpl
-
-commonLabels:
-  tier: system
-
-releases:
-- name: kueue
-  namespace: kueue-system
-  chart: oci://registry.k8s.io/kueue/charts/kueue
-  version: 0.15.0
-  condition: kueue.enabled
-  values:
-  - ../values/kueue/values/values.yaml
-  - ../values/kueue/values/values-{{ .Environment.Name }}.yaml
-  - ../values/kueue/values/values-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
-  postRenderer: ../bin/kustomizer
-  postRendererArgs:
-  - ../values/kueue/kustomize/{{ .Environment.Name }}
-  missingFileHandler: Info
-- name: manifests
-  namespace: kueue-system
-  chart: manifests
-  condition: kueue.enabled
-  missingFileHandler: Info
-  values:
-  - ../values/env.yaml
-  - ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
-  - ../values/kueue/env.yaml.gotmpl
-  - ../values/kueue/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl
-  hooks:
-  - events: [ prepare, cleanup ]
-    showlogs: true
-    command: ../bin/helmify
-    args:
-    - '{{`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}`}}'
-    - '{{`{{ .Release.Chart }}`}}'
-    - '{{`{{ .Environment.Name }}`}}'
-    - ../values/kueue/manifests
-    - manifests

values/atlantis/kustomize/beta/appsettings.json

@@ -0,0 +1,96 @@
+{
+    "oidc": {
+        "issuer": "https://auth.oceanbox.io/realms/oceanbox",
+        "authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth",
+        "token_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/token",
+        "jwks_uri": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/certs",
+        "userinfo_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/userinfo",
+        "end_session_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/logout",
+        "device_authorization_endpoint": "https://auth.oceanbox.io/realms/oceanbox/protocol/openid-connect/auth/device",
+        "clientId": "atlantis",
+        "clientSecret": "",
+        "scopes": [
+            "openid",
+            "email",
+            "offline_access",
+            "profile"
+        ],
+        "audiences": [
+            "atlantis",
+            "atlantis_dev",
+            "sorcerer",
+            "sorcerer_dev"
+        ]
+    },
+    "sso": {
+        "cookieDomain": ".oceanbox.io",
+        "cookieName": ".obx.beta",
+        "ttl": 12.0,
+        "signedOutRedirectUri": "https://maps.beta.oceanbox.io",
+        "realm": "atlantis",
+        "environment": "beta",
+        "keyStore": {
+            "kind": "azure",
+            "uri": "https://atlantis.blob.core.windows.net",
+            "key": "dataprotection-keys"
+        },
+        "keyVault": {
+            "kind": "azure",
+            "uri": "https://atlantisvault.vault.azure.net",
+            "key": "dataencryption-keys"
+        }
+    },
+    "fga": {
+      "apiUrl": "http://prod-openfga.openfga.svc.cluster.local:8080",
+      "apiKey": "",
+      "storeId": "01JKTZXMP7ANN4GG2P5W8Y56M6",
+      "modelId": "01JKTZYMCZZBVSBG66W27XMW0A"
+    },
+    "sentryUrl": "https://b6e03cfc8e247297b89217b09341b4cb@o4509530141622272.ingest.de.sentry.io/4509530195492944",
+    "plainAuthUsers": [
+        {
+            "username": "admin",
+            "password": "en-to-tre-fire",
+            "groups": [ "/oceanbox" ],
+            "roles": [ "admin" ]
+        },
+        {
+            "username": "sorcerer",
+            "password": "fire tre to en",
+            "groups": [ "/oceanbox" ],
+            "roles": [ "admin" ]
+        },
+        {
+            "username": "archivist",
+            "password": "en-to-tre-fire",
+            "groups": [ "/oceanbox" ],
+            "roles": [ "admin" ]
+        }
+    ],
+    "plume": "plume.ekman.oceanbox.io",
+    "redis": "prod-atlantis-redis-master:6379",
+    "objectStore": "https://atlantis.blob.core.windows.net",
+    "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;",
+    "sorcerer" : "https://sorcerer.ekman.oceanbox.io",
+    "allowedOrigins": [
+        "https://maps.dev.oceanbox.io",
+    ],
+    "appName": "atlantis",
+    "appEnv": "beta",
+    "appNamespace": "atlantis",
+    "appVersion": "2.95.1",
+    "otelCollector": "http://opentelemetry-collector.otel.svc:4317",
+    "pubsubName": "pubsub",
+    "pubsubTopic": "hipster-atlantis",
+    "slurm": {
+        "baseUrl": "https://slurmrestd.ekman.oceanbox.io/",
+        "slurmApi": "slurm/v0.0.42/",
+        "dbdApi": "slurmdbd/v0.0.42/",
+        "accessToken": ""
+    },
+    "amqp": {
+        "auth": "user:hunny-bunny",
+        "host": "10.255.241.201:30673"
+    },
+    "fenceRadius": 1250.0
+}

values/atlantis/kustomize/beta/barentswatch-api.env

@@ -0,0 +1,2 @@
+client-id=simen.kirkvik@tromso.serit.no:simkir-tilt-atlantis
+secret=d9tInZ1XpeDAxD.DySv'*SB=P

values/atlantis/kustomize/beta/bindings.yaml

@@ -0,0 +1,22 @@
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: slurm-events
+spec:
+  type: bindings.rabbitmq
+  version: v1
+  metadata:
+  - name: host
+    secretKeyRef:
+      name: prod-atlantis-rabbitmq
+      key:  connString
+  - name: queueName
+    value: prod-slurm-job-events
+  - name: durable
+    value: true
+  - name: contentType
+    value: "application/json"
+  - name: route
+    value: /events/slurm
+scopes:
+  - beta-atlantis

values/atlantis/kustomize/beta/configurations.yaml

@@ -0,0 +1,20 @@
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: configstore
+spec:
+  type: configuration.redis
+  version: v1
+  metadata:
+  - name: redisHost
+    value: beta-atlantis-redis-master:6379
+  - name: redisUsername
+    value: default
+  - name: redisPassword
+    secretKeyRef:
+      name: beta-atlantis-redis
+      key:  redis-password
+  - name: redisDB
+    value: "1"
+scopes:
+  - beta-atlantis

values/atlantis/kustomize/beta/default.env

@@ -0,0 +1 @@
+OIDC_CLIENT_SECRET=KOJ6bDHzE5vdyfSrzgwLjtM5PzA809Zm

values/atlantis/kustomize/beta/deployment_patch.yaml

@@ -0,0 +1,10 @@
+- op: add
+  path: /spec/template/spec/containers/0/envFrom/-
+  value:
+    secretRef:
+      name: azure-keyvault
+- op: add
+  path: /spec/template/spec/containers/0/envFrom/-
+  value:
+    secretRef:
+      name: prod-atlantis-env

values/atlantis/kustomize/beta/keyvault.yaml

@@ -0,0 +1,22 @@
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: azure-keyvault
+spec:
+  type: secretstores.azure.keyvault
+  version: v1
+  metadata:
+  - name: vaultName
+    value: atlantisvault
+  - name: azureTenantId
+    secretKeyRef:
+      name: azure-keyvault
+      key: AZURE_TENANT_ID
+  - name: azureClientId
+    secretKeyRef:
+      name: azure-keyvault
+      key: AZURE_CLIENT_ID
+  - name: azureClientSecret
+    secretKeyRef:
+      name: azure-keyvault
+      key: AZURE_CLIENT_SECRET

values/atlantis/kustomize/beta/kustomization.yaml

@@ -0,0 +1,24 @@
+generatorOptions:
+  disableNameSuffixHash: true
+configMapGenerator:
+- name: beta-atlantis-appsettings
+  files:
+    - appsettings.json
+patches:
+  - target:
+      group: apps
+      version: v1
+      kind: Deployment
+    path: deployment_patch.yaml
+resources:
+  - ../base
+  - secrets.yaml
+  - rbac.yaml
+  - tracing.yaml
+  - bindings.yaml
+  - pubsub.yaml
+  - statestore.yaml
+  - subscriptions.yaml
+  - configurations.yaml
+  - secretstore.yaml
+  - keyvault.yaml

values/atlantis/kustomize/beta/pubsub.yaml

@@ -0,0 +1,52 @@
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: pubsub
+spec:
+  version: v1
+  type: pubsub.rabbitmq
+  metadata:
+  - name: hostname
+    value: prod-rabbitmq.rabbitmq
+  - name: username
+    value: user
+  - name: password
+    secretKeyRef:
+      name: prod-atlantis-rabbitmq
+      key:  rabbitmq-password
+  - name: protocol
+    value: amqp
+  - name: durable
+    value: true
+  - name: deletedWhenUnused
+    value: false
+  - name: autoAck
+    value: false
+  - name: deliveryMode
+    value: 1
+  - name: requeueInFailure
+    value: false
+  - name: prefetchCount
+    value: 0
+  - name: reconnectWait
+    value: 0
+  - name: concurrencyMode
+    value: parallel
+  - name: publisherConfirm
+    value: false
+  - name: backOffPolicy
+    value: exponential
+  - name: backOffInitialInterval
+    value: 100
+  - name: backOffMaxRetries
+    value: 16
+  - name: enableDeadLetter # Optional enable dead Letter or not
+    value: true
+  - name: maxLen # Optional max message count in a queue
+    value: 3000
+  - name: maxLenBytes # Optional maximum length in bytes of a queue.
+    value: 10485760
+  - name: exchangeKind
+    value: fanout
+  - name: clientName
+    value: "{appID}"

values/atlantis/kustomize/beta/rbac.yaml

@@ -0,0 +1,40 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: beta-atlantis
+  namespace: beta-atlantis
+rules:
+- apiGroups:
+  - ""
+  resourceNames:
+  - beta-atlantis-appsettings
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - watch
+- apiGroups:
+  - ""
+  resourceNames:
+  - azure-keyvault
+  - beta-atlantis-redis
+  - slurm-access-token
+  resources:
+  - secrets
+  verbs:
+  - get
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: beta-atlantis
+  namespace: beta-atlantis
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: beta-atlantis
+subjects:
+- kind: ServiceAccount
+  name: beta-atlantis
+  namespace: beta-atlantis

values/atlantis/kustomize/beta/secrets.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  annotations:
+    kyverno/clone: "true"
+    kyverno/env: "prod"
+  name: prod-atlantis-rabbitmq
+type: Opaque
+data:

values/atlantis/kustomize/beta/secretstore.yaml

@@ -0,0 +1,10 @@
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: secretstore
+spec:
+  type: secretstores.kubernetes
+  version: v1
+  metadata:
+   - name: defaultNamespace
+     value: prod-atlantis

values/atlantis/kustomize/beta/statestore.yaml

@@ -0,0 +1,22 @@
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: statestore
+spec:
+  type: state.redis
+  version: v1
+  metadata:
+  - name: redisHost
+    value: beta-atlantis-redis-master:6379
+  - name: redisUsername
+    value: default
+  - name: redisPassword
+    secretKeyRef:
+      name: beta-atlantis-redis
+      key:  redis-password
+  - name: actorStateStore
+    value: "true"
+  - name: redisDB
+    value: "0"
+scopes:
+  - beta-atlantis

values/atlantis/kustomize/beta/subscriptions.yaml

@@ -0,0 +1,27 @@
+apiVersion: dapr.io/v2alpha1
+kind: Subscription
+metadata:
+  name: hipster-events
+spec:
+  topic: hipster
+  routes:
+    default: /events/hipster
+  pubsubname: pubsub
+  metadata:
+    queueType: quorum
+scopes:
+- beta-atlantis
+---
+apiVersion: dapr.io/v2alpha1
+kind: Subscription
+metadata:
+  name: inbox-events
+spec:
+  topic: inbox
+  routes:
+    default: /events/inbox
+  pubsubname: pubsub
+  metadata:
+    queueType: quorum
+scopes:
+- beta-atlantis

values/atlantis/kustomize/beta/tracing.yaml

@@ -0,0 +1,11 @@
+apiVersion: dapr.io/v1alpha1
+kind: Configuration
+metadata:
+  name: tracing
+spec:
+  tracing:
+    samplingRate: "1"
+    otel:
+      endpointAddress: "opentelemetry-collector.otel.svc.cluster.local:4317"
+      protocol: grpc
+      isSecure: false

values/atlantis/kustomize/staging/appsettings.json

@@ -26,7 +26,7 @@
         "cookieDomain": ".oceanbox.io",
         "cookieName": ".obx.staging",
         "ttl": 12.0,
-        "signedOutRedirectUri": "https://atlantis.beta.oceanbox.io",
+        "signedOutRedirectUri": "https://maps.dev.oceanbox.io",
         "realm": "atlantis",
         "environment": "staging",
         "keyStore": {
@@ -73,7 +73,7 @@
     "connString": "Username=postgres;Password=secret;Host=localhost;Port=5432;Database=app;Pooling=true;",
     "sorcerer" : "https://sorcerer.ekman.oceanbox.io",
     "allowedOrigins": [
-        "https://atlantis.beta.oceanbox.io",
+        "https://maps.dev.oceanbox.io",
         "https://atlantis.dev.oceanbox.io",
         "https://atlantis.local.oceanbox.io:8080",
         "https://maps.dev.oceanbox.io"

values/atlantis/values/values-beta.yaml.gotmpl

@@ -0,0 +1,81 @@
+replicaCount: 1
+
+podAnnotations:
+  dapr.io/app-id: "beta-atlantis"
+
+env:
+  - name: APP_NAMESPACE
+    value: beta-atlantis
+  - name: APP_VERSION
+    value: "2.97.4"
+  - name: LOG_LEVEL
+    value: "2"
+  - name: ANALYTICS_WEB_ID
+    value: "16e7d807-4db5-45fd-92a9-27393445a153"
+  - name: REDIS_USER
+    value: default
+  - name: REDIS_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: beta-atlantis-redis
+        key: redis-password
+  - name: DB_HOST
+    value: beta-atlantis-db-rw
+  - name: DB_PORT
+    value: "5432"
+  - name: DB_USER
+    valueFrom:
+      secretKeyRef:
+        name: beta-atlantis-db-superuser
+        key: username
+  - name: DB_PASSWORD
+    valueFrom:
+      secretKeyRef:
+        name: beta-atlantis-db-superuser
+        key: password
+  - name: DAPR_API_TOKEN
+    valueFrom:
+      secretKeyRef:
+        name: dapr-api-token
+        key: token
+
+ingress:
+  enabled: true
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
+  hosts:
+    - host: maps.beta.oceanbox.io
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+      internal:
+        - path: /internal
+          pathType: ImplementationSpecific
+        - path: /dapr
+          pathType: ImplementationSpecific
+        - path: /actors
+          pathType: ImplementationSpecific
+        - path: /job
+          pathType: ImplementationSpecific
+        - path: /events
+          pathType: ImplementationSpecific
+        - path: /metrics
+          pathType: ImplementationSpecific
+  tls:
+    - hosts:
+       - maps.beta.oceanbox.io
+      secretName: beta-atlantis-tls
+
+cluster:
+  instances: 2
+  bootstrap:
+    enabled: false
+
+resources:
+  limits:
+    cpu: 1
+    memory: 1Gi
+  requests:
+    cpu: 500m
+    memory: 1Gi

values/atlantis/values/values-prod.yaml.gotmpl

@@ -79,9 +79,3 @@ resources:
   requests:
     cpu: 500m
     memory: 1Gi
-
-diagrid-dashboard:
-  enabled: false
-  statestore:
-    scope: prod-atlantis
-    redis: prod-atlantis-redis

values/atlantis/values/values-staging.yaml.gotmpl

@@ -1,6 +1,6 @@
 replicaCount: 1
 image:
-  tag: faa0a853-debug
+  tag: 369127e0-debug
 podAnnotations:
   dapr.io/app-id: "staging-atlantis"
 env:
@@ -49,7 +49,7 @@ ingress:
     # nginx.ingress.kubernetes.io/session-cookie-max-age: "86400"
     # oceanbox.io/expose: internal
   hosts:
-    - host: atlantis.beta.oceanbox.io
+    - host: maps.dev.oceanbox.io
       paths:
         - path: /
           pathType: ImplementationSpecific
@@ -102,7 +102,7 @@ ingress:
           pathType: ImplementationSpecific
   tls:
     - hosts:
-        - atlantis.beta.oceanbox.io
+        - maps.dev.oceanbox.io
         - atlas.oceanbox.io
         - maps.dev.oceanbox.io
       secretName: staging-atlantis-tls
@@ -133,9 +133,3 @@ redis:
   resources:
     cpu: 150m
     memory: 256Mi
-
-diagrid-dashboard:
-  enabled: false
-  statestore:
-    scope: staging-atlantis
-    redis: staging-atlantis-redis

values/atlantis/values/values.yaml.gotmpl

@@ -1,4 +1,3 @@
-
 podAnnotations:
   dapr.io/enabled: "true"
   dapr.io/app-port: "8085"
@@ -10,4 +9,3 @@ podAnnotations:
   dapr.io/sidecar-memory-request: "50Mi"
   # dapr.io/sidecar-cpu-limit: "100m"
   # dapr.io/sidecar-memory-limit: "1000Mi"
-

values/codex/values/values-staging.yaml

@@ -1,6 +1,6 @@
 replicaCount: 1
 image:
-  tag: 70878e14-debug
+  tag: 1b8167c6-debug
 ingress:
   enabled: true
   className: "nginx"

values/drupal/manifests/allow-external-services.yaml

@@ -2,12 +2,12 @@ apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
   name: allow-external-services
-  namespace: fornix
+  namespace: drupal
 spec:
   egress:
     - toFQDNs:
-        - matchPattern: "cache.nixos.org"
-        - matchPattern: "nix-community.cachix.org"
+        - matchPattern: 'cache.nixos.org'
+        - matchPattern: 'nix-community.cachix.org'
   endpointSelector:
     matchLabels:
       app: drupal

values/drupal/manifests/deployment.yaml

@@ -1,75 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: drupal
-  labels:
-    app: drupal
-spec:
-  selector:
-    matchLabels:
-      app: drupal
-  strategy:
-    type: Recreate
-  template:
-    metadata:
-      labels:
-        app: drupal
-    spec:
-      initContainers:
-        - name: init-volumes
-          image: drupal
-          command: ["/bin/bash", "-c"]
-          args:
-            [
-              "mkdir -p /web/{modules/patches,profiles,themes,sites/default}; chown -R www-data:www-data /web/{sites,modules,profiles,themes}; touch /web/modules/composer.json; echo done.",
-            ]
-          volumeMounts:
-            - mountPath: /web
-              name: drupal
-      containers:
-        - name: drupal
-          image: drupal
-          ports:
-            - containerPort: 80
-              name: http
-              protocol: TCP
-          env:
-            - name: DRUPAL_DATABASE_HOST
-              value: drupal-db-rw
-            - name: DRUPAL_DATABASE_PREFIX
-              value: ""
-            - name: DRUPAL_DATABASE_NAME
-              value: app
-            - name: DRUPAL_DATABASE_USERNAME
-              valueFrom:
-                secretKeyRef:
-                  name: drupal-db-app
-                  key: username
-            - name: DRUPAL_DATABASE_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: drupal-db-app
-                  key: password
-          volumeMounts:
-            - mountPath: /opt/drupal/web/modules
-              name: drupal
-              subPath: modules
-            - mountPath: /opt/drupal/web/profiles
-              name: drupal
-              subPath: profiles
-            - mountPath: /opt/drupal/web/themes
-              name: drupal
-              subPath: themes
-            - mountPath: /opt/drupal/web/sites
-              name: drupal
-              subPath: sites
-            - mountPath: /opt/drupal/composer.json
-              name: drupal
-              subPath: modules/composer.json
-            - mountPath: /opt/drupal/patches
-              name: drupal
-              subPath: modules/patches
-      volumes:
-        - name: drupal
-          persistentVolumeClaim:
-            claimName: drupal

values/drupal/manifests/drupal.yaml

@@ -5,13 +5,13 @@ metadata:
   namespace: argocd
 spec:
   destination:
-    namespace: fornix
-    server: "https://kubernetes.default.svc"
+    namespace: drupal
+    server: 'https://kubernetes.default.svc'
   sources:
-    - repoURL: https://gitlab.com/oceanbox/manifests.git
-      targetRevision: HEAD
-      path: values/drupal/manifests
-  project: default
+  - repoURL: https://gitlab.com/oceanbox/manifests.git
+    targetRevision: HEAD
+    path: values/drupal/manifests
+  project: sys
   syncPolicy:
     syncOptions:
       - CreateNamespace=true

values/drupal/manifests/ingress.yaml

@@ -1,32 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-    nginx.ingress.kubernetes.io/backend-protocol: HTTP
-    nginx.ingress.kubernetes.io/proxy-body-size: "0"
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
-    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24,100.64.0.0/12
-  labels:
-    app.kubernetes.io/component: drupal
-  name: drupal
-  namespace: fornix
-spec:
-  ingressClassName: nginx
-  rules:
-    - host: drupal.hel1.oceanbox.io
-      http:
-        paths:
-          - backend:
-              service:
-                name: drupal
-                port:
-                  number: 80
-            path: /
-            pathType: Prefix
-  tls:
-    - hosts:
-        - drupal.hel1.oceanbox.io
-      secretName: drupal-tls

values/drupal/manifests/raw.yaml

@@ -0,0 +1,129 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: drupal
+  labels:
+    app: drupal
+spec:
+  ports:
+    - port: 80
+      name: http
+      targetPort: http
+  selector:
+    app: drupal
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: drupal
+  labels:
+    app: drupal
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: drupal
+  labels:
+    app: drupal
+spec:
+  selector:
+    matchLabels:
+      app: drupal
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: drupal
+    spec:
+      initContainers:
+        - name: init-sites-volume
+          image: drupal
+          command: ["/bin/bash", "-c"]
+          args:
+            [
+              "cp -r /var/www/html/sites/ /data/; chown www-data:www-data /data/ -R",
+            ]
+          volumeMounts:
+            - mountPath: /data
+              name: drupal
+      containers:
+        - image: registry.gitlab.com/oceanbox/fornix/oceanbox:dev
+          name: drupal
+          ports:
+            - containerPort: 80
+              name: http
+              protocol: TCP
+          env:
+          - name: DRUPAL_DATABASE_HOST
+            value: drupal-db-rw
+          - name: DRUPAL_DATABASE_PREFIX
+            value: ""
+          - name: DRUPAL_DATABASE_NAME
+            value: app
+          - name: DRUPAL_DATABASE_USERNAME
+            valueFrom:
+              secretKeyRef:
+                name: drupal-db-app
+                key: username
+          - name: DRUPAL_DATABASE_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: drupal-db-app
+                key: password
+          volumeMounts:
+            - mountPath: /var/www/html/modules
+              name: drupal
+              subPath: modules
+            - mountPath: /var/www/html/profiles
+              name: drupal
+              subPath: profiles
+            - mountPath: /var/www/html/sites
+              name: drupal
+              subPath: sites
+            - mountPath: /var/www/html/themes
+              name: drupal
+              subPath: themes
+      volumes:
+        - name: drupal
+          persistentVolumeClaim:
+            claimName: drupal
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+    nginx.ingress.kubernetes.io/backend-protocol: HTTP
+    nginx.ingress.kubernetes.io/proxy-body-size: "0"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,172.19.255.0/24,100.64.0.0/12
+  labels:
+    app.kubernetes.io/component: drupal
+  name: drupal
+  namespace: drupal
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: drupal.hel1.oceanbox.io
+    http:
+      paths:
+      - backend:
+          service:
+            name: drupal
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - drupal.hel1.oceanbox.io
+    secretName: drupal-tls

values/drupal/manifests/volumes.yaml

@@ -1,26 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: drupal
-  labels:
-    app: drupal
-spec:
-  ports:
-    - port: 80
-      name: http
-      targetPort: http
-  selector:
-    app: drupal
----
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
-  name: drupal
-  labels:
-    app: drupal
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 5Gi

values/fornix/env-hel1.yaml.gotmpl

@@ -1,2 +0,0 @@
-fornix:
-  enabled: true

values/fornix/env.yaml.gotmpl

@@ -1,4 +0,0 @@
-fornix:
-  enabled: false
-  autosync: false
-  env: {{ .Environment.Name }}

values/fornix/kustomize/base/kustomization.yaml

@@ -1,5 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  - _manifest.yaml
-

values/fornix/kustomize/default/appsettings.json

@@ -1,40 +0,0 @@
-{
-  "oidc": {
-    "issuer": "https://idp.app.local/dex",
-    "authorization_endpoint": "https://idp.app.local/dex/auth",
-    "token_endpoint": "https://idp.app.local/dex/token",
-    "jwks_uri": "https://idp.app.local/dex/keys",
-    "userinfo_endpoint": "https://idp.app.local/dex/userinfo",
-    "device_authorization_endpoint": "https://idp.app.local/dex/device/code",
-    "clientId": "app",
-    "clientSecret": "secret",
-    "scopes": [
-      "openid",
-      "email",
-      "offline_access",
-      "profile"
-    ]
-  },
-  "redis": "localhost:6379,user=default,password=secret",
-  "sso": {
-    "cookieDomain": "localhost",
-    "signedOutRedirectUri": "https://idp.app.local/dex/static/logout.html",
-    "appDomain": "app",
-    "dataProtectionKeys": "DataProtection-Keys"
-  },
-  "allowedOrigins": [
-    "https://fornix.hel1.oceanbox.io"
-  ],
-  "plainAuthUsers": [
-    {
-      "username": "",
-      "password": "",
-      "groups": [
-        ""
-      ],
-      "roles": [
-        ""
-      ]
-    }
-  ]
-}

values/fornix/kustomize/default/kustomization.yaml

@@ -1,8 +0,0 @@
-generatorOptions:
-  disableNameSuffixHash: true
-configMapGenerator:
-  - name: fornix-appsettings
-    files:
-      - appsettings.json
-resources:
-  - ../base

values/fornix/manifests/fornix.yaml

@@ -1,43 +0,0 @@
-{{ if .Values.clusterConfig.argo.enabled }}
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: fornix
-  namespace: argocd
-  annotations:
-    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-    argocd.argoproj.io/compare-options: ServerSideDiff=true
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
-  destination:
-    namespace: fornix
-    server: https://kubernetes.default.svc
-  project: default
-  sources:
-  - repoURL: {{ .Values.clusterConfig.manifests }}
-    targetRevision: HEAD
-    path: helmfile.d
-    plugin:
-      name: helmfile-cmp
-      env:
-      - name: CLUSTER_NAME
-        value: {{ .Values.clusterConfig.cluster }}
-      - name: HELMFILE_ENVIRONMENT
-        value: {{ .Values.fornix.env }}
-      - name: HELMFILE_FILE_PATH
-        value: fornix.yaml.gotmpl
-  - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: main
-    ref: values
-  syncPolicy:
-    syncOptions:
-      - CreateNamespace=true
-      - ApplyOutOfSyncOnly=true
-    {{- if .Values.fornix.autosync }}
-    automated:
-      prune: true
-      selfHeal: false
-    {{- end }}
-{{- end }}
-

values/fornix/values/values.yaml

@@ -1,30 +0,0 @@
-baseUrl: https://fornix.hel1.oceanbox.io
-drupalUrl: http://drupal
-
-replicaCount: 1
-ingress:
-  enabled: true
-  className: "nginx"
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-production
-    nginx.ingress.kubernetes.io/backend-protocol: HTTP
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    oceanbox.io/expose: internal
-  hosts:
-    - host: fornix.hel1.oceanbox.io
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls:
-    - hosts:
-        - fornix.hel1.oceanbox.io
-      secretName: fornix-tls
-volumes:
-  - name: appsettings
-    configMap:
-      name: fornix-appsettings
-volumeMounts:
-  - name: appsettings
-    mountPath: "/app/appsettings.json"
-    readOnly: true
-    subPath: appsettings.json

values/headscale/values/values.yaml

@@ -210,7 +210,7 @@ configMaps:
                  "group:marketing",
               ],
               "dst": [
-                 "tag:mumindalen:*",
+                 "tag:mumindalen:0",
                  "tag:hpc:22,80,443",
                  "dc.tos.net:22,80,443",
                  "dc.hel1.net:443",
@@ -282,8 +282,6 @@ configMaps:
            { "name": "plume.data.oceanbox.io", "type": "A", "value": "10.255.241.99" },
            { "name": "slurm-agent.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
 
-           { "name": "kueue.dev.tos.obx", "type": "A", "value": "10.255.241.99" },
-
            { "name": "slurm-agent.rossby.oceanbox.io", "type": "A", "value": "172.16.239.222" },
 
            { "name": "argocd.adm.vtn.obx", "type": "A", "value": "172.16.239.221" },
@@ -292,8 +290,6 @@ configMaps:
            { "name": "alertmanager.adm.vtn.obx", "type": "A", "value": "172.16.239.221" },
            { "name": "slurm-agent.adm.vtn.obx", "type": "A", "value": "172.16.239.221" },
 
-           { "name": "kueue.dev.vtn.obx", "type": "A", "value": "172.16.239.221" },
-
            { "name": "dashboard.ob-ceph.local", "type": "A", "value": "10.255.241.10" },
            { "name": "grafana.ob-ceph.local", "type": "A", "value": "10.255.241.10" },
            { "name": "s3.ob-ceph.local", "type": "A", "value": "10.255.241.10" },
@@ -321,18 +317,18 @@ configMaps:
            { "name": "jonas-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
            { "name": "stig-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" },
            { "name": "stig-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
-           { "name": "stig-sorcerer.dev.vtn.obx", "type": "A", "value": "172.16.239.221" },
+           { "name": "stig-sorcerer.adm.vtn.obx", "type": "A", "value": "172.16.239.221" },
            { "name": "stig-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
            { "name": "radovan-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" },
            { "name": "radovan-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
            { "name": "mrtz-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" },
            { "name": "mrtz-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
-           { "name": "mrtz-sorcerer.dev.vtn.obx", "type": "A", "value": "172.16.239.221" },
+           { "name": "mrtz-sorcerer.adm.vtn.obx", "type": "A", "value": "172.16.239.221" },
            { "name": "mrtz-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
            { "name": "simkir-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" },
            { "name": "simkir-codex.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" },
            { "name": "simkir-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
-           { "name": "simkir-sorcerer.dev.vtn.obx", "type": "A", "value": "172.16.239.221" },
+           { "name": "simkir-sorcerer.adm.vtn.obx", "type": "A", "value": "172.16.239.221" },
            { "name": "simkir-plume.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },
            { "name": "ole-atlantis.dev.oceanbox.io", "type": "A", "value": "10.255.241.11" },
            { "name": "ole-sorcerer.ekman.oceanbox.io", "type": "A", "value": "10.255.241.99" },

values/kueue/env-ekman.yaml.gotmpl

@@ -1,3 +0,0 @@
-kueue:
-  enabled: true
-  autosync: false

values/kueue/env-rossby.yaml.gotmpl

@@ -1,3 +0,0 @@
-kueue:
-  enabled: true
-  autosync: false

values/kueue/env.yaml.gotmpl

@@ -1,4 +0,0 @@
-kueue:
-  enabled: false
-  autosync: false
-  env: {{ .Environment.Name }}

values/kueue/manifests/clusterQueue.yaml

@@ -1,51 +0,0 @@
-apiVersion: kueue.x-k8s.io/v1beta1
-kind: ResourceFlavor
-metadata:
- name: compute # Just needs to exist, can be managed with tains/tolerations
----
-apiVersion: kueue.x-k8s.io/v1beta1
-kind: ClusterQueue
-metadata:
-   name: jobs
-spec:
-  cohort: general
-  namespaceSelector: {} # Accept workloads from any namespace
-  preemption:
-    withinClusterQueue: "LowerPriority" # Allow higher priority to preempt lower
-  resourceGroups:
-   - coveredResources: ["cpu", "memory"] # Cover both memory and cpu resources
-     flavors:
-       - name: compute
-         resources:
-           - name: "cpu"
-             nominalQuota: '4'
-           - name: "memory"
-             nominalQuota: 8Gi
----
-apiVersion: kueue.x-k8s.io/v1beta1
-kind: LocalQueue
-metadata:
-  name: prod-queue
-  namespace: prod-sorcerer
-spec:
-  clusterQueue: jobs
----
-apiVersion: kueue.x-k8s.io/v1beta1
-kind: LocalQueue
-metadata:
-  name: staging-queue
-  namespace: staging-sorcerer
-spec:
-  clusterQueue: jobs
----
-apiVersion: kueue.x-k8s.io/v1beta1
-kind: WorkloadPriorityClass
-metadata:
-  name: "normal"
-value: 100
----
-apiVersion: kueue.x-k8s.io/v1beta1
-kind: WorkloadPriorityClass
-metadata:
-  name: "high"
-value: 200 # Higher value = higher priority

values/kueue/manifests/ing.yaml

@@ -1,89 +0,0 @@
-{{- if eq .Values.clusterConfig.cluster "ekman"}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: kueueviz-ingress
-  namespace: kueue-system
-  annotations:
-    cert-manager.io/cluster-issuer: ca-issuer
-    nginx.ingress.kubernetes.io/backend-protocol: HTTP
-    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
-    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
-    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
-    nginx.ingress.kubernetes.io/ssl-redirect: "true"
-    nginx.ingress.kubernetes.io/websocket-services: kueue-kueueviz-backend
-spec:
-  rules:
-    - host: kueue.dev.tos.obx
-      http:
-        paths:
-          - path: /ws
-            pathType: Prefix
-            backend:
-              service:
-                name: kueue-kueueviz-backend
-                port:
-                  number: 8080
-          - path: /api(/|$)(.*)
-            pathType: Prefix
-            backend:
-              service:
-                name: kueue-kueueviz-backend
-                port:
-                  number: 8080
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: kueue-kueueviz-frontend
-                port:
-                  number: 8080
-  tls:
-    - hosts:
-        - kueue.dev.tos.obx
-      secretName: kueueviz-tls
-{{- end}}
----
-{{- if eq .Values.clusterConfig.cluster "rossby"}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: kueueviz-ingress
-  namespace: kueue-system
-  annotations:
-    cert-manager.io/cluster-issuer: ca-issuer
-    nginx.ingress.kubernetes.io/websocket-services: kueue-kueueviz-backend
-    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
-    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
-spec:
-  rules:
-    - host: kueue.dev.vtn.obx
-      http:
-        paths:
-          - path: /ws
-            pathType: Prefix
-            backend:
-              service:
-                name: kueue-kueueviz-backend
-                port:
-                  number: 8080
-          - path: /api(/|$)(.*)
-            pathType: Prefix
-            backend:
-              service:
-                name: kueue-kueueviz-backend
-                port:
-                  number: 8080
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: kueue-kueueviz-frontend
-                port:
-                  number: 8080
-  tls:
-    - hosts:
-        - kueue.dev.vtn.obx
-      secretName: kueueviz-tls
-{{- end}}

values/kueue/manifests/kueue.yaml

@@ -1,44 +0,0 @@
-{{ if .Values.clusterConfig.argo.enabled }}
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: kueue
-  namespace: argocd
-  annotations:
-    argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
-    argocd.argoproj.io/compare-options: ServerSideDiff=true
-  finalizers:
-  - resources-finalizer.argocd.argoproj.io
-spec:
-  destination:
-    namespace: kueue-system
-    server: https://kubernetes.default.svc
-  project: default
-  sources:
-  - repoURL: {{ .Values.clusterConfig.manifests }}
-    targetRevision: HEAD
-    path: helmfile.d
-    plugin:
-      name: helmfile-cmp
-      env:
-      - name: CLUSTER_NAME
-        value: {{ .Values.clusterConfig.cluster }}
-      - name: HELMFILE_ENVIRONMENT
-        value: {{ .Values.kueue.env }}
-      - name: HELMFILE_FILE_PATH
-        value: kueue.yaml.gotmpl
-  - repoURL: https://gitlab.com/oceanbox/manifests.git
-    targetRevision: main
-    ref: values
-  syncPolicy:
-    syncOptions:
-      - CreateNamespace=true
-      - ApplyOutOfSyncOnly=true
-      - ServerSideApply=true
-    {{- if .Values.kueue.autosync }}
-    automated:
-      prune: true
-      selfHeal: false
-    {{- end }}
-{{- end }}
-

values/kueue/values/values-ekman.yaml

@@ -1,9 +0,0 @@
-kueueViz:
-  backend:
-    env:
-      - name: KUEUEVIZ_ALLOWED_ORIGINS
-        value: "https://kueue.dev.tos.obx"
-  frontend:
-    env:
-      - name: REACT_APP_WEBSOCKET_URL
-        value: "wss://kueue.dev.tos.obx"

values/kueue/values/values-rossby.yaml

@@ -1,9 +0,0 @@
-kueueViz:
-  backend:
-    env:
-      - name: KUEUEVIZ_ALLOWED_ORIGINS
-        value: "https://kueue.dev.vtn.obx"
-  frontend:
-    env:
-      - name: REACT_APP_WEBSOCKET_URL
-        value: "wss://kueue.dev.vtn.obx"

values/kueue/values/values.yaml

@@ -1,21 +0,0 @@
-controllerManager:
-  featureGates:
-    - name: TopologyAwareScheduling
-      enabled: true
-    - name: LocalQueueMetrics
-      enabled: true
-  managerConfig:
-    controllerManagerConfigYaml: |
-      apiVersion: config.kueue.x-k8s.io/v1beta1
-      kind: Configuration
-      integrations:
-        frameworks:
-          - batch/job
-          - jobset.x-k8s.io/jobset
-      internalCertManagement:
-        enable: true
-enableCertManager: false
-enablePrometheus: true
-metrics:
-  prometheusNamespace: prometheus
-enableKueueViz: true

values/makai/values/values-staging.yaml

@@ -1,6 +1,6 @@
 replicaCount: 1
 image:
-  tag: "01ac1d47-debug"
+  tag: "aa4f7d23-debug"
 env:
   - name: APP_VERSION
     value: "0.0.0-staging"

values/mariadb-operator/env-hel1.yaml.gotmpl

@@ -1,3 +0,0 @@
-mariadb_operator:
-  enabled: false
-  autosync: false

values/plume/kustomize/prod/appsettings.json

@@ -4,7 +4,7 @@
     "appEnv": "prod",
     "appNamespace": "prod-plume",
     "appVersion": "1.0.0",
-    "cacheDir": "/data/archives/cache/prod",
+    "cacheDir": "/data/archives/cache",
     "otelCollector": "http://10.255.241.12:4317",
     "sentryUrl": "https://2b68ecf0c4d02e6cc9433c371321ac9d@o4509530141622272.ingest.de.sentry.io/4509910315237456",
 }

values/plume/kustomize/staging/appsettings.json

@@ -4,7 +4,7 @@
     "appEnv": "staging",
     "appNamespace": "staging-plume",
     "appVersion": "0.0.0",
-    "cacheDir": "/data/archives/cache/staging",
+    "cacheDir": "/data/archives/cache",
     "otelCollector": "http://10.255.241.12:4317",
     "sentryUrl": "https://2b68ecf0c4d02e6cc9433c371321ac9d@o4509530141622272.ingest.de.sentry.io/4509910315237456"
 }

values/plume/values/values-staging.yaml

@@ -1,6 +1,6 @@
 replicaCount: 1
 image:
-  tag: e5015d5d-debug
+  tag: 121f49c9-debug
 podAnnotations:
   dapr.io/enabled: "true"
   dapr.io/app-id: "staging-plume"

values/sorcerer/kustomize/prod-ekman/appsettings.json

@@ -72,5 +72,5 @@
     "otelCollector": "http://10.255.241.12:4317",
     "archiveSvc": "https://maps.oceanbox.io",
     "dataDir": "/data/archives",
-    "cacheDir": "/data/archives/cache/prod"
+    "cacheDir": "/data/archives/cache"
 }

values/sorcerer/kustomize/staging-ekman/appsettings.json

@@ -26,7 +26,7 @@
         "cookieDomain": ".oceanbox.io",
         "cookieName": ".obx.staging",
         "ttl": 12.0,
-        "signedOutRedirectUri": "https://atlantis.beta.oceanbox.io",
+        "signedOutRedirectUri": "https://maps.dev.oceanbox.io",
         "realm": "atlantis",
         "environment": "staging",
         "keyStore": {
@@ -72,7 +72,7 @@
     "appNamespace": "staging-sorcerer",
     "appVersion": "0.0.0",
     "otelCollector": "http://10.255.241.12:4317",
-    "archiveSvc": "https://atlantis.beta.oceanbox.io",
+    "archiveSvc": "https://maps.dev.oceanbox.io",
     "dataDir": "/data/archives",
-    "cacheDir": "/data/archives/cache/staging"
+    "cacheDir": "/data/archives/cache"
 }

values/sorcerer/values/values-prod.yaml

@@ -114,9 +114,3 @@ affinity:
           values:
           - prod-sorcerer
       topologyKey: "kubernetes.io/hostname"
-
-diagrid-dashboard:
-  enabled: false
-  statestore:
-    scope: prod-sorcerer
-    redis: prod-sorcerer-redis

values/sorcerer/values/values-staging.yaml

@@ -1,6 +1,6 @@
 replicaCount: 1
 image:
-  tag: faa0a853-debug
+  tag: 1b8167c6-debug
 podAnnotations:
   dapr.io/enabled: "true"
   dapr.io/app-id: "staging-sorcerer"
@@ -111,9 +111,3 @@ affinity:
               values:
                 - staging-sorcerer
         topologyKey: "kubernetes.io/hostname"
-
-diagrid-dashboard:
-  enabled: false
-  statestore:
-    scope: staging-sorcerer
-    redis: staging-sorcerer-redis

values/umami/values/values-prod.yaml

@@ -6,7 +6,7 @@ image:
   # -- image pull policy
   # pullPolicy:
   # -- Overrides the image tag
-  tag: "3.0.3"
+  tag: "3.0.1"
 
 replicaCount: 1