platform/manifests
1
1
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: platform/manifests:main
Branches Tags
platform/manifests:main platform/manifests:renovate/kubernetes-ingress-1.x platform/manifests:renovate/jobset-0.x platform/manifests:renovate/registry.k8s.io-kueue-charts-kueue-0.x platform/manifests:renovate/spegel-0.x platform/manifests:renovate/rabbitmq-16.x platform/manifests:renovate/ghcr.io-juanfont-headscale-0.x platform/manifests:mrtz/cilium-hel1-gateway platform/manifests:automated/npins-update-20260130 platform/manifests:vcluster platform/manifests:attic platform/manifests:nexus platform/manifests:diadash platform/manifests:mrtz/beta platform/manifests:simkir/codex platform/manifests:mrtz/nixidy platform/manifests:nixidy platform/manifests:otel-policy platform/manifests:spmsa platform/manifests:priv-redis platform/manifests:wip platform/manifests:dev
..
pull from: platform/manifests:otel-policy
Branches Tags
platform/manifests:main platform/manifests:renovate/kubernetes-ingress-1.x platform/manifests:renovate/jobset-0.x platform/manifests:renovate/registry.k8s.io-kueue-charts-kueue-0.x platform/manifests:renovate/spegel-0.x platform/manifests:renovate/rabbitmq-16.x platform/manifests:renovate/ghcr.io-juanfont-headscale-0.x platform/manifests:mrtz/cilium-hel1-gateway platform/manifests:automated/npins-update-20260130 platform/manifests:vcluster platform/manifests:attic platform/manifests:nexus platform/manifests:diadash platform/manifests:mrtz/beta platform/manifests:simkir/codex platform/manifests:mrtz/nixidy platform/manifests:nixidy platform/manifests:otel-policy platform/manifests:spmsa platform/manifests:priv-redis platform/manifests:wip platform/manifests:dev

1 Commits
main .. otel-policy

Author SHA1 Message Date
hanssenkai f9838604e8 allow otel world 2024-11-20 10:20:04 +01:00
1083 changed files with 4900 additions and 67755 deletions
Expand all files Collapse all files
.envrc
-16
View File
@@ -1,16 +0,0 @@
#!/usr/bin/env bash
# the shebang is ignored, but nice for editors
watch_file npins/sources.json
# Load .env file if it exists
dotenv_if_exists
# Activate development shell
if type lorri &>/dev/null; then
echo "direnv: using lorri from PATH ($(type -p lorri))"
eval "$(lorri direnv)"
else
# fall back to using direnv's builtin nix support
# to prevent bootstrapping problems.
use nix
fi
.gitignore
+2 -7
View File
@@ -1,7 +1,2 @@
*.tgz _manifest.yaml
_*/ _resources.yaml
.direnv/
.env
.pre-commit-config.yaml
_*.yaml
backup/
.gitlab-ci.yml
+46
View File
@@ -0,0 +1,46 @@
image:
name: alpine/helm:latest
entrypoint: [ "/bin/bash", "-c" ]
stages:
- release
release:
stage: release
rules:
- if: '$CI_COMMIT_BRANCH =~ /^main/'
when: always
- when: never
script:
- |
cd $CI_PROJECT_DIR
for i in $(git show --pretty="" --name-only | grep '^charts/.*/Chart.yaml' | cut -d/ -f2); do
pack=$(helm package ./charts/$i | sed 's/Success.*: \(.*\)/\1/')
if [ ! -z $pack ]; then
chart=$(basename $pack)
curl --request POST \
--user gitlab-ci-token:$CI_JOB_TOKEN \
--form "chart=@${chart}" \
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/api/stable/charts"
fi
done
rebuild:
stage: release
rules:
- when: manual
allow_failure: true
script:
- |
cd $CI_PROJECT_DIR
for i in $(find ./charts -maxdepth 2 -name Chart.yaml | cut -d/ -f3); do
pack=$(helm package ./charts/$i | sed 's/Success.*: \(.*\)/\1/')
if [ ! -z $pack ]; then
chart=$(basename $pack)
curl --request POST \
--user gitlab-ci-token:$CI_JOB_TOKEN \
--form "chart=@${chart}" \
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/helm/api/stable/charts"
fi
done
README.md
-33
View File
@@ -1,33 +0,0 @@
# Manifests
> [!note]
> For CI/CD to push updates to this repo add your repo [here](https://gitlab.com/oceanbox/alpine-k8s/-/settings/ci_cd#js-token-access)
Manifest repo managed using [Helmfile](https://github.com/helmfile/helmfile).
Repository structure:
```bash
/
├── helmfile.d/ # Helmfiles, *.yaml.gotmpl
├── charts/ # Our own charts, e.g `Atlantis`
├── values # Values for helmfiles
│ ├── <chart>
│ │ ├── env.yaml.gotmpl # Values to be templated in `values/`
│ │ ├── kustomize # Kustomizations per environment
│ │ ├── manifests # Raw manifests
│ │ │ ├── <chart>.yaml # Argo App for bootstrap
│ │ │ ├── dashboards # Grafana dashboards
│ │ │ │ └── <chart>-metrics.yaml
│ │ │ └── policies # Cilium and Kyverno policies
│ │ │ ├── CiliumNetworkPolicy-allow-api-server.yaml
│ │ │ └── KyvernoPolicy-regred-secret.yaml
│ │ └── values # Values for each environment
│ │ ├── <chart>-staging.yaml.gotmpl # Values for staging environment
│ │ ├── <chart>-prod.yaml.gotmpl # Values for prod environment
│ │ └── <chart>.yaml.gotmpl # Standard values for all environments
│ │
│ ├── env.yaml # Standard values for all cluster
│ ├── env-oceanbox.yaml # Values overrides for oceanbox
│ ├── env-ekman.yaml # Values overrides for ekman
```
acl.json
Symlink
+1
View File
@@ -0,0 +1 @@
kustomizations/petimeter/manifests/acl.json
applications/archmeister.yaml
+47
View File
@@ -0,0 +1,47 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: archmeister
namespace: argocd
spec:
goTemplate: true
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostname: archmeister.srv.oceanbox.io
autoSync: false
prune: true
- cluster: https://staging-vcluster.staging-vcluster
env: staging
hostname: archmeister.beta.oceanbox.io
autoSync: true
prune: true
template:
metadata:
name: "{{ .env }}-archmeister"
spec:
project: atlantis
destination:
namespace: atlantis
server: "{{ .cluster }}"
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/archmeister
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: "{{ .env }}"
- name: hostname
string: "{{ .hostname }}"
templatePatch: |
{{- if .autoSync }}
spec:
syncPolicy:
automated:
prune: {{ .prune }}
selfHeal: false
{{- end }}
applications/atlantis-host-resources.yaml
+36
View File
@@ -0,0 +1,36 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: atlantis-host-cluster-resources
namespace: argocd
# annotations: # close, but no cigar
# argocd.argoproj.io/compare-options: ServerSideDiff=true,IncludeMutationWebhook=true
spec:
project: aux
destination:
server: https://kubernetes.default.svc
syncPolicy:
automated:
prune: false
selfHeal: false
ignoreDifferences:
- kind: Secret
name: prod-rabbitmq
jqPathExpressions:
- '.data'
- '.metadata.annotations.clone'
- '.metadata.labels'
- kind: Secret
name: prod-redis
jqPathExpressions:
- '.data'
- '.metadata.annotations.clone'
- '.metadata.labels'
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: resources/atlantis/host-manifests
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: 'resources/atlantis/manifests/prod'
applications/atlantis-resources.yaml
+41
View File
@@ -0,0 +1,41 @@
# Currently not in use. Configured via the create-vcluster script.
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: atlantis-resources
namespace: argocd
spec:
goTemplate: true
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
autoSync: false
prune: false
# - cluster: https://staging-vcluster.staging-vcluster
# env: staging
# autoSync: false
# prune: false
template:
metadata:
name: "{{ .env }}-atlantis-resources"
spec:
project: aux
syncPolicy:
automated: {}
destination:
server: "{{ .cluster }}"
namespace: atlantis
sources: {}
# - repoURL: https://gitlab.com/oceanbox/manifests.git
# targetRevision: main
# path: 'resources/atlantis/manifests/{{ env }}'
templatePatch: |
{{- if .autoSync }}
spec:
syncPolicy:
automated:
prune: {{ .prune }}
selfHeal: false
{{- end }}
applications/atlantis.yaml
+47
View File
@@ -0,0 +1,47 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: atlantis
namespace: argocd
spec:
goTemplate: true
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostname: atlantis.srv.oceanbox.io
autoSync: false
prune: true
- cluster: https://staging-vcluster.staging-vcluster
env: staging
hostname: atlantis.beta.oceanbox.io
autoSync: true
prune: true
template:
metadata:
name: '{{ .env }}-atlantis'
spec:
project: atlantis
destination:
namespace: atlantis
server: '{{ .cluster }}'
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/atlantis
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: '{{ .env }}'
- name: hostname
string: '{{ .hostname }}'
templatePatch: |
{{- if .autoSync }}
spec:
syncPolicy:
automated:
prune: {{ .prune }}
selfHeal: false
{{- end }}
applications/busynix.yaml
+34
View File
@@ -0,0 +1,34 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: busynix
namespace: argocd
spec:
generators:
- list:
elements:
# - cluster: https://kubernetes.default.svc
# env: prod
# hostname: busynix.srv.oceanbox.io
- cluster: https://staging-vcluster.staging-vcluster
env: staging
hostname: busynix.beta.oceanbox.io
template:
metadata:
name: '{{ env }}-busynix'
spec:
project: aux
destination:
namespace: default
server: '{{ cluster }}'
source:
repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/busynix
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: '{{ env }}'
- name: hostname
string: '{{ hostname }}'
applications/cerbos.yaml
+32
View File
@@ -0,0 +1,32 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: cerbos
namespace: argocd
spec:
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
- cluster: https://staging-vcluster.staging-vcluster
env: staging
template:
metadata:
name: '{{ env }}-cerbos'
spec:
project: aux
destination:
server: https://kubernetes.default.svc
namespace: idp
sources:
- repoURL: https://download.cerbos.dev/helm-charts
targetRevision: 0.33.0
chart: cerbos
helm:
valueFiles:
- $values/kustomizations/cerbos/values.yaml
- $values/kustomizations/cerbos/values-{{ env }}.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
ref: values
applications/dex.yaml
+15
View File
@@ -0,0 +1,15 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: dex
namespace: argocd
spec:
project: aux
destination:
server: https://kubernetes.default.svc
namespace: idp
source:
repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/dex/manifests
applications/geoserver.yaml
+38
View File
@@ -0,0 +1,38 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: geoserver
namespace: argocd
spec:
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostname: geoserver.srv.oceanbox.io
# - cluster: https://kubernetes.default.svc
# env: staging
# hostname: geoserver.beta.oceanbox.io
template:
metadata:
name: '{{ env }}-geoserver'
spec:
project: aux
destination:
server: https://kubernetes.default.svc
namespace: geoserver
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/geoserver
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: '{{ env }}'
- name: hostname
string: geoserver.srv.oceanbox.io
- name: flags
string: "--skip-tests"
- name: chart
string: ncsa/geoserver
applications/hipster.yaml
+47
View File
@@ -0,0 +1,47 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: hipster
namespace: argocd
spec:
goTemplate: true
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostname: hipster.srv.oceanbox.io
autoSync: false
prune: true
- cluster: https://staging-vcluster.staging-vcluster
env: staging
hostname: hipster.beta.oceanbox.io
autoSync: true
prune: true
template:
metadata:
name: '{{ .env }}-hipster'
spec:
project: atlantis
destination:
namespace: atlantis
server: '{{ .cluster }}'
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/hipster
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: '{{ .env }}'
- name: hostname
string: '{{ .hostname }}'
templatePatch: |
{{- if .autoSync }}
spec:
syncPolicy:
automated:
prune: {{ .prune }}
selfHeal: false
{{- end }}
applications/jaeger.yaml
+22
View File
@@ -0,0 +1,22 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: jaeger
namespace: argocd
spec:
project: atlantis
destination:
server: https://kubernetes.default.svc
namespace: jaeger
sources:
- repoURL: https://jaegertracing.github.io/helm-charts
targetRevision: 2.54.0
chart: jaeger-operator
helm:
valueFiles:
- $values/kustomizations/jaeger/values.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
# path: kustomizations/jaeger/manifests
ref: values
applications/keycloak.yaml
+21
View File
@@ -0,0 +1,21 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: keycloak
namespace: argocd
spec:
project: aux
destination:
server: https://kubernetes.default.svc
namespace: idp
sources:
- repoURL: https://charts.bitnami.com/bitnami
targetRevision: 24.0.2
chart: keycloak
helm:
valueFiles:
- $values/kustomizations/keycloak/values.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
ref: values
applications/loki.yaml
+150
View File
@@ -0,0 +1,150 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: loki
namespace: argocd
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: loki
server: 'https://kubernetes.default.svc'
project: aux
ignoreDifferences:
- group: apps
kind: StatefulSet
jsonPointers:
- /spec/persistentVolumeClaimRetentionPolicy
syncPolicy:
managedNamespaceMetadata:
labels:
component: aux
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
automated:
prune: true
selfHeal: true
sources:
- repoURL: https://gitlab.com/serit/k8s/serit-platform-manifests.git
path: network-policies/netpol-loki
targetRevision: HEAD
- repoURL: 'https://grafana.github.io/helm-charts'
targetRevision: 6.12.0
chart: loki
helm:
values: |
loki:
auth_enabled: false
storage:
bucketNames:
chunks: loki-chunks
ruler: loki-chunks
admin: loki-chunks
s3:
endpoint: http://10.255.241.30:30080
region: tos
secretAccessKey: ${S3SECRET}
accessKeyId: ${S3KEY}
s3ForcePathStyle: true
http_config:
insecure_skip_verify: true
schemaConfig:
configs:
- from: "2024-04-01"
index:
period: 24h
prefix: loki_index_
object_store: s3
schema: v13
store: tsdb
compactor:
compaction_interval: 10m
working_directory: /tmp/loki/compactor
retention_enabled: true
retention_delete_delay: 2h
retention_delete_worker_count: 150
delete_request_store: s3
limits_config:
retention_period: 744h
write:
extraArgs:
- -config.expand-env=true
extraEnv:
- name: S3KEY
valueFrom:
secretKeyRef:
name: loki-s3
key: AWS_ACCESS_KEY_ID
- name: S3SECRET
valueFrom:
secretKeyRef:
name: loki-s3
key: AWS_ACCESS_KEY_SECRET
tolerations:
- effect: "NoSchedule"
operator: "Equal"
key: "unschedulable"
value: "true"
read:
extraArgs:
- -config.expand-env=true
extraEnv:
- name: S3KEY
valueFrom:
secretKeyRef:
name: loki-s3
key: AWS_ACCESS_KEY_ID
- name: S3SECRET
valueFrom:
secretKeyRef:
name: loki-s3
key: AWS_ACCESS_KEY_SECRET
tolerations:
- effect: "NoSchedule"
operator: "Equal"
key: "unschedulable"
value: "true"
ingress:
enabled: true
ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/ssl-redirect: "true"
atlantis.oceanbox.io/expose: internal
hosts:
- loki.adm.oceanbox.io
tls:
- hosts:
- loki.adm.oceanbox.io
secretName: loki-distributed-tls
compactor:
extraArgs:
- -config.expand-env=true
extraEnv:
- name: S3KEY
valueFrom:
secretKeyRef:
name: loki-s3
key: AWS_ACCESS_KEY_ID
- name: S3SECRET
valueFrom:
secretKeyRef:
name: loki-s3
key: AWS_ACCESS_KEY_SECRET
backend:
extraArgs:
- -config.expand-env=true
extraEnv:
- name: S3KEY
valueFrom:
secretKeyRef:
name: loki-s3
key: AWS_ACCESS_KEY_ID
- name: S3SECRET
valueFrom:
secretKeyRef:
name: loki-s3
key: AWS_ACCESS_KEY_SECRET
applications/openfga.yaml
+47
View File
@@ -0,0 +1,47 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: openfga
namespace: argocd
spec:
goTemplate: true
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostname: openfga.adm.oceanbox.io
autoSync: false
prune: true
- cluster: https://kubernetes.default.svc
env: staging
hostname: openfga.dev.oceanbox.io
autoSync: true
prune: true
template:
metadata:
name: '{{ .env }}-openfga'
spec:
project: aux
destination:
namespace: idp
server: '{{ .cluster }}'
sources:
- repoURL: https://openfga.github.io/helm-charts
targetRevision: 0.2.12
chart: openfga
helm:
valueFiles:
- $values/kustomizations/openfga/values.yaml
- $values/kustomizations/openfga/values-{{ .env }}.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
ref: values
templatePatch: |
{{- if .autoSync }}
spec:
syncPolicy:
automated:
prune: {{ .prune }}
selfHeal: false
{{- end }}
applications/opentelemetry-collector.yaml
+106
View File
@@ -0,0 +1,106 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: opentelemetry-collector
namespace: argocd
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: otel
server: 'https://kubernetes.default.svc'
project: aux
syncPolicy:
# managedNamespaceMetadata:
# labels:
# component: aux
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
automated:
prune: true
selfHeal: true
sources:
- repoURL: 'https://open-telemetry.github.io/opentelemetry-helm-charts'
targetRevision: 0.107.0
chart: opentelemetry-collector
helm:
values: |
mode: deployment
image:
repository: otel/opentelemetry-collector-k8s
config:
receivers:
prometheus/collector:
config:
scrape_configs:
- job_name: 'opentelemetry-collector'
static_configs:
- targets:
- ${env:MY_POD_IP}:8888
zipkin:
endpoint: ${env:MY_POD_IP}:9411
exporters:
otlp:
endpoint: "tempo.tempo.svc:4317"
tls:
insecure: true
otlphttp/metrics:
endpoint: http://prom-prometheus.prometheus:9090/api/v1/otlp
tls:
insecure: true
otlphttp/logs:
endpoint: http://loki-write-headless.loki:3100/otlp
tls:
insecure: true
debug/metrics:
verbosity: detailed
debug/traces:
verbosity: detailed
debug/logs:
verbosity: detailed
service:
telemetry:
logs:
level: "info"
pipelines:
traces:
receivers: [otlp,zipkin]
processors: [batch]
exporters: [otlp]
# exporters: [otlphttp/traces,debug/traces]
metrics:
receivers: [otlp,prometheus/collector]
processors: [batch]
exporters: [otlphttp/metrics]
# exporters: [otlphttp/metrics,debug/metrics]
logs:
receivers: [otlp]
processors: [batch]
exporters: [otlphttp/logs]
# exporters: [otlphttp/logs,debug/logs]
ports:
metrics:
enabled: true
# presets:
# logsCollection:
# enabled: true
ingress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
nginx.ingress.kubernetes.io/ssl-redirect: "true"
atlantis.oceanbox.io/expose: internal
ingressClassName: nginx
hosts:
- host: opentelemetry-collector.adm.oceanbox.io
paths:
- path: /
pathType: Prefix
port: 4318
tls:
- secretName: collector-tls
hosts:
- opentelemetry-collector.adm.oceanbox.io
applications/osm-tile-server.yaml
+34
View File
@@ -0,0 +1,34 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: osm-tile-server
namespace: argocd
spec:
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostname: osm.srv.oceanbox.io
- cluster: https://staging-vcluster.staging-vcluster
env: staging
hostname: osm.beta.oceanbox.io
template:
metadata:
name: '{{ env }}-osm-tile-server'
spec:
project: aux
destination:
namespace: oceanbox
server: '{{ cluster }}'
source:
repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: HEAD
path: kustomizations/osm-tile-server
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: '{{ env }}'
- name: hostname
string: '{{ hostname }}'
applications/petimeter.yaml
+50
View File
@@ -0,0 +1,50 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: petimeter
namespace: argocd
spec:
goTemplate: true
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostname: petimeter.srv.oceanbox.io
autoSync: false
prune: true
- cluster: https://staging-vcluster.staging-vcluster
env: staging
hostname: petimeter.beta.oceanbox.io
autoSync: true
prune: true
template:
metadata:
name: '{{ .env }}-petimeter'
spec:
project: atlantis
destination:
namespace: atlantis
server: '{{ .cluster }}'
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/petimeter
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: '{{ .env }}'
- name: hostname
string: '{{ .hostname }}'
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/petimeter/manifests
templatePatch: |
{{- if .autoSync }}
spec:
syncPolicy:
automated:
prune: {{ .prune }}
selfHeal: false
{{- end }}
applications/rabbitmq.yaml
+34
View File
@@ -0,0 +1,34 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: rabbitmq
namespace: argocd
spec:
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
hostname: rabbitmq.srv.oceanbox.io
- cluster: https://kubernetes.default.svc
env: staging
hostname: rabbitmq.beta.oceanbox.io
template:
metadata:
name: '{{ env }}-rabbitmq'
spec:
project: aux
destination:
server: https://kubernetes.default.svc
namespace: rabbitmq
sources:
- repoURL: https://charts.bitnami.com/bitnami
targetRevision: 12.9.0
chart: rabbitmq
helm:
valueFiles:
- $values/kustomizations/rabbitmq/values-{{ env }}.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/rabbitmq/{{ env }}
ref: values
applications/redis.yaml
+39
View File
@@ -0,0 +1,39 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: redis
namespace: argocd
spec:
generators:
- list:
elements:
- cluster: https://kubernetes.default.svc
env: prod
- cluster: https://kubernetes.default.svc
env: staging
template:
metadata:
name: '{{ env }}-redis'
spec:
project: aux
destination:
server: https://kubernetes.default.svc
namespace: redis
sources:
- repoURL: https://charts.bitnami.com/bitnami
targetRevision: 19.5.2
chart: redis
helm:
valueFiles:
- $values/kustomizations/redis/values-{{ env }}.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: HEAD
ref: values
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/redis/{{ env }}
ignoreDifferences:
- group: apps
kind: StatefulSet
jqPathExpressions:
- '.spec.template.spec.containers[].resources.limits.cpu'
applications/seq.yaml
+20
View File
@@ -0,0 +1,20 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: seq
namespace: argocd
spec:
project: aux
destination:
server: https://kubernetes.default.svc
namespace: seq
sources:
- repoURL: https://helm.datalust.co
targetRevision: 2024.1.0
chart: seq
helm:
valueFiles:
- $values/kustomizations/seq/values.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
ref: values
applications/sorcerer.yaml
+47
View File
@@ -0,0 +1,47 @@
apiVersion: argoproj.io/v1alpha1
kind: ApplicationSet
metadata:
name: sorcerer
namespace: argocd
spec:
goTemplate: true
generators:
- list:
elements:
- cluster: https://10.255.241.99:4443
env: prod
hostname: sorcerer.data.oceanbox.io
autoSync: false
prune: true
- cluster: https://10.255.241.99:4443
env: staging
hostname: sorcerer.ekman.oceanbox.io
autoSync: true
prune: true
template:
metadata:
name: '{{ .env }}-sorcerer'
spec:
project: atlantis
destination:
namespace: sorcerer
server: '{{ .cluster }}'
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: kustomizations/sorcerer
plugin:
name: kustomize-helm-with-rewrite
parameters:
- name: env
string: '{{ .env }}'
- name: hostname
string: '{{ .hostname }}'
templatePatch: |
{{- if .autoSync }}
spec:
syncPolicy:
automated:
prune: {{ .prune }}
selfHeal: false
{{- end }}
applications/tempo.yaml
+75
View File
@@ -0,0 +1,75 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: tempo
namespace: argocd
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
destination:
namespace: tempo
server: 'https://kubernetes.default.svc'
project: aux
syncPolicy:
# managedNamespaceMetadata:
# labels:
# component: aux
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
automated:
prune: true
selfHeal: true
sources:
- repoURL: 'https://grafana.github.io/helm-charts'
targetRevision: 1.10.3
chart: tempo
helm:
values: |
tempo:
storage:
trace:
backend: s3
s3:
bucket: tempo-traces
endpoint: http://10.255.241.30:30080
access_key: ${S3SECRET}
secret_key: ${S3KEY}
insecure: true
backend: local
local:
path: /var/tempo/traces
wal:
path: /var/tempo/wal
metricsGenerator:
enabled: true
remoteWriteUrl: "http://prom-prometheus.prometheus:9090/api/v1/write"
extraEnv:
- name: S3KEY
valueFrom:
secretKeyRef:
name: tempo-s3
key: AWS_ACCESS_KEY_ID
- name: S3SECRET
valueFrom:
secretKeyRef:
name: tempo-s3
key: AWS_ACCESS_KEY_SECRET
tempoQuery:
ingress:
enabled: true
ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-staging
nginx.ingress.kubernetes.io/ssl-redirect: "true"
atlantis.oceanbox.io/expose: internal
path: /
pathType: Prefix
hosts:
- query.tempo.adm.oceanbox.io
tls:
- secretName: tempo-query-tls
hosts:
- query.tempo.adm.oceanbox.io
applications/wordpress.yaml
+20
View File
@@ -0,0 +1,20 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: www-oceanbox
namespace: argocd
spec:
project: default
destination:
server: https://kubernetes.default.svc
namespace: www-oceanbox
sources:
- repoURL: https://charts.bitnami.com/bitnami
targetRevision: 19.2.2
chart: wordpress
helm:
valueFiles:
- $values/wordpress/values.yaml
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: HEAD
ref: values
applications/yolo-dl.yaml
+14
View File
@@ -0,0 +1,14 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: yolo-dl
namespace: argocd
spec:
project: aux
destination:
server: https://10.255.241.99:4443
namespace: oceanbox
sources:
- repoURL: https://gitlab.com/oceanbox/manifests.git
targetRevision: main
path: charts/yolo-dl
bootstrap/cluster-ekman.yaml → argocd/ekman.yaml
+4 -2
View File
@@ -1,12 +1,14 @@
apiVersion: v1 apiVersion: v1
stringData: stringData:
config: '{"bearerToken":"@token@","tlsClientConfig":{"insecure":true}}' config: |
{"bearerToken":"","tlsClientConfig":{"insecure":true}}
name: ekman name: ekman
server: https://10.255.241.99:4443 server: https://10.255.241.99:4443
kind: Secret kind: Secret
metadata: metadata:
labels: labels:
argocd.argoproj.io/secret-type: cluster argocd.argoproj.io/secret-type: cluster
name: cluster-ekman name: cluster-10.255.241.99-4046803085
namespace: argocd namespace: argocd
type: Opaque type: Opaque
bootstrap/helm-kustomize-cmp/.gitignore → argocd/kustomize-helm-with-rewrite/.gitignore
View File
bootstrap/helm-kustomize-cmp/Dockerfile → argocd/kustomize-helm-with-rewrite/Dockerfile
View File
argocd/kustomize-helm-with-rewrite/deploy.sh
+7
View File
@@ -0,0 +1,7 @@
#!/bin/sh
img=registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite
tag=${1:-latest}
docker build -t $img:$tag .
docker push $img:$tag
argocd/kustomize-helm-with-rewrite/generate.sh
+35
View File
@@ -0,0 +1,35 @@
#!/bin/sh
export HOME=/helm-working-dir
env > /tmp/$ARGOCD_APP_NAME.env
echo "$ARGOCD_APP_PARAMETERS" | jq '.[] | select(.name == "helm-parameters") | .map' | yq -P -oy > parameters.yaml
cp parameters.yaml /tmp/$ARGOCD_APP_NAME-parameters.yaml
if [ -n "$PARAM_CHART" -a "$PARAM_CHART" != "." ]; then
CHART=$PARAM_CHART
elif [ -d chart ]; then
CHART=chart
elif [ -f chart ]; then
CHART=$(cat chart)
else
CHART="."
fi
[ -f chart/values.yaml ] && VALUES="-f chart/values.yaml"
[ -f values-chart.yaml ] && VALUES="$VALUES -f values-chart.yaml"
[ -f values.yaml ] && VALUES="$VALUES -f values.yaml"
[ -f values-$PARAM_ENV.yaml ] && VALUES="$VALUES -f values-$PARAM_ENV.yaml"
VALUES="$VALUES -f parameters.yaml"
mkdir -p base
echo "helm template -n $ARGOCD_APP_NAMESPACE $PARAM_FLAGS $VALUES $ARGOCD_APP_NAME $CHART" > /tmp/$ARGOCD_APP_NAME-helm.sh
helm template -n $ARGOCD_APP_NAMESPACE $PARAM_FLAGS $VALUES $ARGOCD_APP_NAME $CHART > ./base/_manifest.yaml
sed -i "$PARAM_REWRITE" ./base/_manifest.yaml
cp ./base/_manifest.yaml /tmp/$ARGOCD_APP_NAME-manifest.yaml
[ -d "$PARAM_ENV" ] && kubectl kustomize $PARAM_ENV > /tmp/$ARGOCD_APP_NAME-manifest.yaml
cat /tmp/$ARGOCD_APP_NAME-manifest.yaml
bootstrap/helm-kustomize-cmp/get-values.sh → argocd/kustomize-helm-with-rewrite/get-values.sh
+1 -1
View File
@@ -18,7 +18,7 @@ EOF
exit 0 exit 0
fi fi
yq e -o=p "${VALUES}" | jq --slurp --raw-input ' yq e -o=p $VALUES | jq --slurp --raw-input '
[{ [{
name: "helm-parameters", name: "helm-parameters",
title: "Helm Parameters", title: "Helm Parameters",
bootstrap/helm-kustomize-cmp/init-helm-repos.sh → argocd/kustomize-helm-with-rewrite/init-helm-repos.sh
+2 -3
View File
@@ -1,9 +1,8 @@
#!/bin/sh #!/bin/sh
# shellcheck disable=SC2154
export HOME=/plugin export HOME=/helm-working-dir
helm repo add --username argocd-helm --password "${OCEANBOX_HELM_ACCESS_TOKEN}" oceanbox \ helm repo add --username argocd-helm --password "$OCEANBOX_HELM_ACCESS_TOKEN" oceanbox \
https://gitlab.com/api/v4/projects/54396343/packages/helm/stable https://gitlab.com/api/v4/projects/54396343/packages/helm/stable
helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add bitnami https://charts.bitnami.com/bitnami
argocd/kustomize-helm-with-rewrite/init.sh
+12
View File
@@ -0,0 +1,12 @@
#!/bin/sh
export HOME=/helm-working-dir
helm repo update oceanbox
if [ -n "$PARAM_CHART" -a "$PARAM_CHART" != "." ]; then
helm show values $PARAM_CHART > values-chart.yaml
elif [ -f chart ]; then
CHART=$(cat chart)
helm show values $CHART > values-chart.yaml
fi
bootstrap/helm-kustomize-cmp/plugin.yaml → argocd/kustomize-helm-with-rewrite/plugin.yaml
+34 -26
View File
@@ -1,7 +1,7 @@
apiVersion: argoproj.io/v1alpha1 apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin kind: ConfigManagementPlugin
metadata: metadata:
name: helm-kustomize-cmp name: kustomize-helm-with-rewrite
spec: spec:
# version: v1.2 # version: v1.2
# The init command runs in the Application source directory at the beginning of each manifest generation. The init # The init command runs in the Application source directory at the beginning of each manifest generation. The init
@@ -9,7 +9,7 @@ spec:
init: init:
# Init always happens immediately before generate, but its output is not treated as manifests. # Init always happens immediately before generate, but its output is not treated as manifests.
# This is a good place to, for example, download chart dependencies. # This is a good place to, for example, download chart dependencies.
command: [/bin/sh] command: [ /bin/sh ]
args: args:
- /plugin/init.sh - /plugin/init.sh
# The generate command runs in the Application source directory each time manifests are generated. Standard output # The generate command runs in the Application source directory each time manifests are generated. Standard output
@@ -17,7 +17,7 @@ spec:
# To write log messages from the command, write them to stderr, it will always be displayed. # To write log messages from the command, write them to stderr, it will always be displayed.
# Error output will be sent to the UI, so avoid printing sensitive information (such as secrets). # Error output will be sent to the UI, so avoid printing sensitive information (such as secrets).
generate: generate:
command: [/bin/sh] command: [ /bin/sh ]
args: args:
- /plugin/generate.sh - /plugin/generate.sh
@@ -27,15 +27,15 @@ spec:
# Only one of fileName, find.glob, or find.command should be specified. If multiple are specified then only the # Only one of fileName, find.glob, or find.command should be specified. If multiple are specified then only the
# first (in that order) is evaluated. # first (in that order) is evaluated.
# discover: # discover:
# fileName is a glob pattern (https://pkg.go.dev/path/filepath#Glob) that is applied to the Application's source # fileName is a glob pattern (https://pkg.go.dev/path/filepath#Glob) that is applied to the Application's source
# directory. If there is a match, this plugin may be used for the Application. # directory. If there is a match, this plugin may be used for the Application.
# fileName: "./subdir/s*.yaml" # fileName: "./subdir/s*.yaml"
# find: # find:
# This does the same thing as fileName, but it supports double-start (nested directory) glob patterns. # This does the same thing as fileName, but it supports double-start (nested directory) glob patterns.
# glob: "**/Chart.yaml" # glob: "**/Chart.yaml"
# The find command runs in the repository's root directory. To match, it must exit with status code 0 _and_ # The find command runs in the repository's root directory. To match, it must exit with status code 0 _and_
# produce non-empty output to standard out. # produce non-empty output to standard out.
# command: [sh, -c, find . -name env.yaml] # command: [sh, -c, find . -name env.yaml]
# The parameters config describes what parameters the UI should display for an Application. It is up to the user to # The parameters config describes what parameters the UI should display for an Application. It is up to the user to
# actually set parameters in the Application manifest (in spec.source.plugin.parameters). The announcements _only_ # actually set parameters in the Application manifest (in spec.source.plugin.parameters). The announcements _only_
# inform the "Parameters" tab in the App Details page of the UI. # inform the "Parameters" tab in the App Details page of the UI.
@@ -52,6 +52,13 @@ spec:
itemType: string itemType: string
collectionType: string collectionType: string
string: "staging" string: "staging"
- name: rewrite
title: Rewrite
tooltip: sed rewrite experssion
required: false
itemType: string
collectionType: string
string: ""
- name: chart - name: chart
title: Chart title: Chart
tooltip: Name or path of helm chart tooltip: Name or path of helm chart
@@ -66,21 +73,22 @@ spec:
itemType: string itemType: string
collectionType: string collectionType: string
string: "" string: ""
# All the fields above besides 'string' apply to both the array and map type parameter announcements. # All the fields above besides "string" apply to both the array and map type parameter announcements.
# - name: array-param # - name: array-param
# # This field communicates the parameter's default value to the UI. Setting this field is optional. # # This field communicates the parameter's default value to the UI. Setting this field is optional.
# array: [default, items] # array: [default, items]
# collectionType: array # collectionType: array
# - name: map-param # - name: map-param
# # This field communicates the parameter's default value to the UI. Setting this field is optional. # # This field communicates the parameter's default value to the UI. Setting this field is optional.
# map: # map:
# some: value # some: value
# collectionType: map # collectionType: map
# dynamic: dynamic:
# The command is run in an Application's source directory. Standard output must be JSON matching the schema of the # The command is run in an Application's source directory. Standard output must be JSON matching the schema of the
# static parameter announcements list. # static parameter announcements list.
# command: [ /bin/sh, /plugin/get-values.sh ] command: [ /bin/sh, /plugin/get-values.sh ]
# If set to `true` then the plugin receives repository files with original file mode. Dangerous since the repository # If set to `true` then the plugin receives repository files with original file mode. Dangerous since the repository
# might have executable files. Set to true only if you trust the CMP plugin authors. # might have executable files. Set to true only if you trust the CMP plugin authors.
preserveFileMode: false preserveFileMode: false
bootstrap/staging-vcluster.yaml → argocd/staging-vcluster.yaml
+1
View File
@@ -13,3 +13,4 @@ stringData:
name: staging-vcluster name: staging-vcluster
server: https://staging-vcluster.staging-vcluster server: https://staging-vcluster.staging-vcluster
type: Opaque type: Opaque
bin/generate.sh
-69
View File
@@ -1,69 +0,0 @@
#!/usr/bin/env bash
# shellcheck disable=SC2034 # Unused variables left for readability
helmfile () {
name=$1
tier=$2
cat <<EOF
bases:
- ../envs/environments.yaml.gotmpl
commonLabels:
tier: ${tier}
releases:
- name: ${name}
namespace: {{ .Environment.Name }}-${name}
chart: ../charts/${name}
condition: ${name}.enabled
values:
- ../values/${name}/values/values.yaml.gotmpl
- ../values/${name}/values/values-{{ .Environment.Name }}.yaml
postRenderer: ../bin/kustomizer
postRendererArgs:
- ../values/${name}/kustomize/{{ .Environment.Name }}
missingFileHandler: Info
- name: manifests
namespace: {{ .Environment.Name }}-${name}
chart: manifests
condition: ${name}.enabled
missingFileHandler: Info
values:
- ../values/env.yaml
- ../values/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml
- ../values/${name}/env.yaml.gotmpl
- ../values/${name}/env-{{ requiredEnv "ARGOCD_ENV_CLUSTER_NAME" }}.yaml.gotmpl
hooks:
- events: [ prepare, cleanup ]
showlogs: true
command: ../bin/helmify
args:
- '{{\`{{ if eq .Event.Name "prepare" }}build{{ else }}clean{{ end }}\`}}'
- '{{\`{{ .Release.Chart }}\`}}'
- '{{\`{{ .Environment.Name }}\`}}'
- ../values/${name}/manifests
- manifests
EOF
}
while true; do
case $* in
--with-env)
ns=true
shift ;;
--*|-*) shift;;
*) break ;;
esac
done
name=$1
tier=$2
if [[ -n "${ns}" ]]; then
namespace="namespace: {{ .Environment.Name }}-${name}"
else
namespace="namespace: ${name}"
fi
helmfile "$1" "$2"
bin/helmify
-41
View File
@@ -1,41 +0,0 @@
#!/usr/bin/env bash
set -o pipefail
cmd=$1
chart=$2
manifests=${4:-manifests}
outdir=${5:-_manifests}
build() {
mkdir -p "${outdir}"/templates
echo "Creating ${outdir}/templates"
echo "generating ${outdir}/Chart.yaml" 1>&2
cat <<EOF > "${outdir}"/Chart.yaml
apiVersion: v1
appVersion: "1.0"
# description: A Helm chart for Kubernetes
name: ${chart}
version: 0.1.0
EOF
if [[ -d "${manifests}" ]]; then
cp -r "${manifests}"/* "${outdir}"/templates
elif [[ -f "${manifests}" ]]; then
cp "${manifests}" "${outdir}"/templates
fi
}
clean() {
echo "cleaning ${outdir}" 1>&2
rm -rf "${outdir}"
}
case "${cmd}" in
"build" ) build ;;
"clean" ) clean ;;
* ) echo "unsupported command: ${cmd}" 1>&2; exit 1 ;;
esac
bin/kustomizer
-13
View File
@@ -1,13 +0,0 @@
#!/usr/bin/env bash
[[ $# != 1 ]] && exit 1
dir=$1
base=${dir}/../base
if [[ -f "${base}"/kustomization.yaml ]] && [[ -f "${dir}"/kustomization.yaml ]]; then
cat > "${base}"/_manifest.yaml
kubectl kustomize "${dir}"
else
cat
fi
bootstrap/argocd-cluster-admin.yaml
-35
View File
@@ -1,35 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: argocd-cluster-admin
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "*"
- nonResourceURLs:
- "*"
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: argocd-cluster-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: argocd-cluster-admin
subjects:
- kind: ServiceAccount
name: argocd-cluster-admin
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: argocd-cluster-admin
namespace: kube-system
---
bootstrap/cluster-admin-token.yaml
-8
View File
@@ -1,8 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: cluster-admin
name: cluster-admin-token
namespace: kube-system
type: kubernetes.io/service-account-token
bootstrap/deploy.sh
-6
View File
@@ -1,6 +0,0 @@
#!/usr/bin/env bash
helm upgrade --install --create-namespace argocd argo/argo-cd -n argocd --version 7.8.0
helm upgrade --install --create-namespace --values values.yaml argocd-apps argo/argocd-apps -n argocd
#kubectl patch -n argocd deployment argocd-repo-server --type merge --patch-file helmfile-cmp/argo-repo-server-patch.yaml
bootstrap/helm-kustomize-cmp/deploy.sh
-7
View File
@@ -1,7 +0,0 @@
#!/bin/sh
img=registry.gitlab.com/oceanbox/manifests/helm-kustomize-cmp
tag=${1:-latest}
docker build -t "${img}":"${tag}" .
docker push "${img}":"${tag}"
bootstrap/helm-kustomize-cmp/generate.sh
-37
View File
@@ -1,37 +0,0 @@
#!/bin/sh
# shellcheck disable=SC2154
export HOME=/plugin
env > /tmp/"${ARGOCD_APP_NAME}".env
echo "${ARGOCD_APP_PARAMETERS}" | jq '.[] | select(.name == "helm-parameters") | .map' | yq -P -oy > parameters.yaml
cp parameters.yaml /tmp/"${ARGOCD_APP_NAME}"-parameters.yaml
if [ -n "${PARAM_CHART}" ] && [ "${PARAM_CHART}" != "." ]; then
CHART=${PARAM_CHART}
elif [ -d chart ]; then
CHART=chart
elif [ -f chart ]; then
CHART=$(cat chart)
else
CHART="."
fi
[ -f chart/values.yaml ] && VALUES="-f chart/values.yaml"
[ -f values-chart.yaml ] && VALUES="${VALUES} -f values-chart.yaml"
[ -f values.yaml ] && VALUES="${VALUES} -f values.yaml"
[ -f values-"${PARAM_ENV}".yaml ] && VALUES="${VALUES} -f values-${PARAM_ENV}.yaml"
VALUES="${VALUES} -f parameters.yaml"
helm dependency update "${CHART}" >/tmp/"${ARGOCD_APP_NAME}"-helm-dependency-build.out
mkdir -p base
echo "helm template -n ${ARGOCD_APP_NAMESPACE} ${PARAM_FLAGS} ${VALUES} ${ARGOCD_APP_NAME} ${CHART}" > /tmp/"${ARGOCD_APP_NAME}"-helm.sh
helm template -n "${ARGOCD_APP_NAMESPACE}" "${PARAM_FLAGS}" "${VALUES}" "${ARGOCD_APP_NAME}" "${CHART}" > ./base/_manifest.yaml
cp ./base/_manifest.yaml /tmp/"${ARGOCD_APP_NAME}"-manifest.yaml
[ -d "${PARAM_ENV}" ] && kubectl kustomize "${PARAM_ENV}" > /tmp/"${ARGOCD_APP_NAME}"-manifest.yaml
cat /tmp/"${ARGOCD_APP_NAME}"-manifest.yaml
bootstrap/helm-kustomize-cmp/init.sh
-12
View File
@@ -1,12 +0,0 @@
#!/bin/sh
export HOME=/plugin
helm repo update oceanbox
if [ -n "${PARAM_CHART}" ] && [ "${PARAM_CHART}" != "." ]; then
helm show values "${PARAM_CHART}" > values-chart.yaml
elif [ -f chart ]; then
CHART=$(cat chart)
helm show values "${CHART}" > values-chart.yaml
fi
bootstrap/helmfile-cmp/Dockerfile
-7
View File
@@ -1,7 +0,0 @@
FROM ghcr.io/helmfile/helmfile:v1.3.1
RUN mkdir -p /home/argocd/cmp-server/config/
COPY plugin.yaml /home/argocd/cmp-server/config/
WORKDIR /plugin
COPY generate.sh ./
bootstrap/helmfile-cmp/argo-repo-server-old.yaml
-476
View File
@@ -1,476 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
argocd.argoproj.io/tracking-id: argocd:apps/Deployment:argocd/argocd-repo-server
deployment.kubernetes.io/revision: "27"
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: v2.12.3
helm.sh/chart: argo-cd-7.5.2
name: argocd-repo-server
namespace: argocd
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app.kubernetes.io/instance: argocd
app.kubernetes.io/name: argocd-repo-server
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
checksum/cm: 67d6152e0e3482f9a74a6b570fd32bbec4e7856bffe49f577a2a0d3aeaed6f48
checksum/cmd-params: 69ed50e8936f4d6429dc331f782ad0a7d22eb12c318d6800403040352214b781
creationTimestamp: null
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: v2.12.3
helm.sh/chart: argo-cd-7.5.2
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
topologyKey: kubernetes.io/hostname
weight: 100
automountServiceAccountToken: true
containers:
- args:
- /usr/local/bin/argocd-repo-server
- --port=8081
- --metrics-port=8084
env:
- name: ARGOCD_REPO_SERVER_NAME
value: argocd-repo-server
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
key: timeout.reconciliation
name: argocd-cm
optional: true
- name: ARGOCD_REPO_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: reposerver.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: reposerver.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
key: reposerver.parallelism.limit
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS
valueFrom:
configMapKeyRef:
key: reposerver.listen.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS
valueFrom:
configMapKeyRef:
key: reposerver.metrics.listen.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_TLS
valueFrom:
configMapKeyRef:
key: reposerver.disable.tls
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_MIN_VERSION
valueFrom:
configMapKeyRef:
key: reposerver.tls.minversion
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_MAX_VERSION
valueFrom:
configMapKeyRef:
key: reposerver.tls.maxversion
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_CIPHERS
valueFrom:
configMapKeyRef:
key: reposerver.tls.ciphers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: reposerver.repo.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
key: redis.server
name: argocd-cmd-params-cm
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
key: redis.compression
name: argocd-cmd-params-cm
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
key: redis.db
name: argocd-cmd-params-cm
optional: true
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
key: redis-username
name: argocd-redis
optional: true
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: auth
name: argocd-redis
- name: REDIS_SENTINEL_USERNAME
valueFrom:
secretKeyRef:
key: redis-sentinel-username
name: argocd-redis
optional: true
- name: REDIS_SENTINEL_PASSWORD
valueFrom:
secretKeyRef:
key: redis-sentinel-password
name: argocd-redis
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: reposerver.default.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_INSECURE
valueFrom:
configMapKeyRef:
key: otlp.insecure
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_HEADERS
valueFrom:
configMapKeyRef:
key: otlp.headers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.max.combined.directory.manifests.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS
valueFrom:
configMapKeyRef:
key: reposerver.plugin.tar.exclusions
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
valueFrom:
configMapKeyRef:
key: reposerver.allow.oob.symlinks
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.tar.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.disable.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
key: reposerver.enable.git.submodule
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
key: reposerver.git.lsremote.parallelism.limit
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_REQUEST_TIMEOUT
valueFrom:
configMapKeyRef:
key: reposerver.git.request.timeout
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REVISION_CACHE_LOCK_TIMEOUT
valueFrom:
configMapKeyRef:
key: reposerver.revision.cache.lock.timeout
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES
valueFrom:
configMapKeyRef:
key: reposerver.include.hidden.directories
name: argocd-cmd-params-cm
optional: true
- name: HELM_CACHE_HOME
value: /helm-working-dir
- name: HELM_CONFIG_HOME
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.12.3
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz?full=true
port: metrics
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: repo-server
ports:
- containerPort: 8081
name: repo-server
protocol: TCP
- containerPort: 8084
name: metrics
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/gpg/source
name: gpg-keys
- mountPath: /app/config/gpg/keys
name: gpg-keyring
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
- mountPath: /helm-working-dir
name: helm-working-dir
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
- mountPath: /tmp
name: tmp
- command:
- /var/run/argocd/argocd-cmp-server
image: registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest
imagePullPolicy: Always
name: kustomize-helm-with-rewrite
securityContext:
runAsNonRoot: true
runAsUser: 999
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
- mountPath: /tmp
name: cmp-tmp
- mountPath: /helm-working-dir
name: helm-working-dir
- command:
- /var/run/argocd/argocd-cmp-server
image: registry.gitlab.com/oceanbox/manifests/helm-kustomize-cmp:latest
imagePullPolicy: Always
name: helm-kustomize-cmp
securityContext:
runAsNonRoot: true
runAsUser: 999
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
- mountPath: /tmp
name: cmp-tmp
- mountPath: /helm-working-dir
name: helm-working-dir
- command:
- /var/run/argocd/argocd-cmp-server
image: registry.gitlab.com/oceanbox/manifests/helmfile-cmp:latest
imagePullPolicy: Always
name: helmfile-cmp
securityContext:
runAsNonRoot: true
runAsUser: 999
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
- mountPath: /tmp
name: cmp-tmp
- mountPath: /helm-working-dir
name: helm-working-dir
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: gitlab-pull-secret
initContainers:
- command:
- /bin/cp
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.12.3
imagePullPolicy: IfNotPresent
name: copyutil
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
- command:
- /bin/sh
- /plugin/init-helm-repos.sh
env:
- name: OCEANBOX_HELM_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: token
name: oceanbox-helm
optional: false
image: registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest
imagePullPolicy: Always
name: init-helm-repos
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 999
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /helm-working-dir
name: helm-working-dir
restartPolicy: Always
schedulerName: default-scheduler
serviceAccount: argocd-repo-server
serviceAccountName: argocd-repo-server
terminationGracePeriodSeconds: 30
volumes:
- name: cmp-tmp
- name: helm-working-dir
- name: plugins
- name: var-files
- name: tmp
- configMap:
defaultMode: 420
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
- configMap:
defaultMode: 420
name: argocd-tls-certs-cm
name: tls-certs
- configMap:
defaultMode: 420
name: argocd-gpg-keys-cm
name: gpg-keys
- name: gpg-keyring
- name: argocd-repo-server-tls
secret:
defaultMode: 420
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
bootstrap/helmfile-cmp/argo-repo-server-patch.yaml
-27
View File
@@ -1,27 +0,0 @@
# Don't apply this patch with kubectl, it overwrites the original repo-server!
# Instead merge by hand in the bootstap process.
spec:
template:
spec:
imagePullSecrets:
- name: gitlab-pull-secret
containers:
- command:
- /var/run/argocd/argocd-cmp-server
image: registry.gitlab.com/oceanbox/manifests/helmfile-cmp:latest
imagePullPolicy: Always
name: helmfile-cmp
securityContext:
runAsNonRoot: true
runAsUser: 999
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
- mountPath: /tmp
name: tmp
- mountPath: /helm-working-dir
name: helm-working-dir
bootstrap/helmfile-cmp/deploy.sh
-7
View File
@@ -1,7 +0,0 @@
#!/bin/sh
img=git.oceanbox.io/platform/manifests/helmfile-cmp
tag=${1:-latest}
docker build -t "${img}":"${tag}" .
docker push "${img}":"${tag}"
bootstrap/helmfile-cmp/generate.sh
-17
View File
@@ -1,17 +0,0 @@
#!/bin/sh
# shellcheck disable=SC2154
# NOTE: Ensure errors are part of exitcode
# set -o pipefail
export HOME=/plugin
export HELM_CACHE_HOME=/tmp/helm/cache
export HELM_CONFIG_HOME=/tmp/helm/config
export HELMFILE_CACHE_HOME=/tmp/helmfile/cache
export HELMFILE_TEMPDIR=/tmp/helmfile/tmp
test -n ARGOCD_ENV_HELMFILE_ENVIRONMENT && export HELMFILE_ENVIRONMENT="${ARGOCD_ENV_HELMFILE_ENVIRONMENT}"
test -n ARGOCD_ENV_HELMFILE_FILE_PATH && export HELMFILE_FILE_PATH="${ARGOCD_ENV_HELMFILE_FILE_PATH}"
helmfile -n "${ARGOCD_APP_NAMESPACE}" "${ARGS}" template -q --include-crds
bootstrap/helmfile-cmp/plugin.yaml
-11
View File
@@ -1,11 +0,0 @@
apiVersion: argoproj.io/v1alpha1
kind: ConfigManagementPlugin
metadata:
name: helmfile-cmp
spec:
generate:
command: ["/bin/sh"]
args:
- /plugin/generate.sh
lockRepo: false
preserveFileMode: true
bootstrap/keycloak-theme/Dockerfile
-3
View File
@@ -1,3 +0,0 @@
FROM busybox
COPY keycloak-themes/oceanbox /theme
bootstrap/keycloak-theme/keycloak-themes/oceanbox/login/resources/css/oceanbox.css
-47
View File
@@ -1,47 +0,0 @@
/* Oceanbox Keycloak Login Theme */
/* Brand colours */
:root {
--pf-v5-global--primary-color--100: #0bb4aa;
--pf-v5-global--primary-color--200: #099e95;
--pf-v5-global--link--Color: #0bb4aa;
--pf-v5-global--link--Color--hover: #031275;
}
/* Background */
.login-pf body {
background: #f9fafd url("../img/oceanbox-bg.png") no-repeat center bottom fixed;
background-size: cover;
}
/* Logo */
div.kc-logo-text {
background-image: url('../img/oceanbox-logo-text.png');
height: 80px;
width: 360px;
background-repeat: no-repeat;
background-size: contain;
background-position: center;
margin: 0 auto;
}
div.kc-logo-text span {
display: none;
}
/* Primary button */
.pf-v5-c-button.pf-m-primary {
--pf-v5-c-button--m-primary--BackgroundColor: #0bb4aa;
--pf-v5-c-button--m-primary--hover--BackgroundColor: #099e95;
--pf-v5-c-button--m-primary--active--BackgroundColor: #37746F;
--pf-v5-c-button--m-primary--focus--BackgroundColor: #099e95;
}
/* Links */
a, .pf-v5-c-button.pf-m-link {
color: #0bb4aa;
}
a:hover, .pf-v5-c-button.pf-m-link:hover {
color: #031275;
}
bootstrap/keycloak-theme/keycloak-themes/oceanbox/login/resources/img/oceanbox-bg.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.4 MiB

bootstrap/keycloak-theme/keycloak-themes/oceanbox/login/resources/img/oceanbox-logo-text.png
BIN
View File
Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 57 KiB

bootstrap/keycloak-theme/keycloak-themes/oceanbox/login/theme.properties
-5
View File
@@ -1,5 +0,0 @@
parent=keycloak.v2
import=common/keycloak
stylesCommon=vendor/patternfly-v5/patternfly.min.css vendor/patternfly-v5/patternfly-addons.css
styles=css/styles.css css/oceanbox.css
bootstrap/kustomize-helm-with-rewrite/argo-repo-server.yaml
-424
View File
@@ -1,424 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
argocd.argoproj.io/tracking-id: argocd:apps/Deployment:argocd/argocd-repo-server
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: v2.10.4
helm.sh/chart: argo-cd-6.7.3
name: argocd-repo-server
namespace: argocd
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 3
selector:
matchLabels:
app.kubernetes.io/instance: argocd
app.kubernetes.io/name: argocd-repo-server
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations:
checksum/cm: 3d88c02b8c8e470b75262aae39da4b4bc6f29a02d2a6c7a9e0d44d2d69aa908b
checksum/cmd-params: d76791b7d65a3839bc44b46b65ecfecb5be7ac834b4915b0dea1577f524ea687
creationTimestamp: null
labels:
app.kubernetes.io/component: repo-server
app.kubernetes.io/instance: argocd
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: argocd-repo-server
app.kubernetes.io/part-of: argocd
app.kubernetes.io/version: v2.10.4
helm.sh/chart: argo-cd-6.7.3
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: argocd-repo-server
topologyKey: kubernetes.io/hostname
weight: 100
containers:
- args:
- /usr/local/bin/argocd-repo-server
- --port=8081
- --metrics-port=8084
env:
- name: ARGOCD_REPO_SERVER_NAME
value: argocd-repo-server
- name: ARGOCD_RECONCILIATION_TIMEOUT
valueFrom:
configMapKeyRef:
key: timeout.reconciliation
name: argocd-cm
optional: true
- name: ARGOCD_REPO_SERVER_LOGFORMAT
valueFrom:
configMapKeyRef:
key: reposerver.log.format
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_LOGLEVEL
valueFrom:
configMapKeyRef:
key: reposerver.log.level
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
key: reposerver.parallelism.limit
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_LISTEN_ADDRESS
valueFrom:
configMapKeyRef:
key: reposerver.listen.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_LISTEN_METRICS_ADDRESS
valueFrom:
configMapKeyRef:
key: reposerver.metrics.listen.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_TLS
valueFrom:
configMapKeyRef:
key: reposerver.disable.tls
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_MIN_VERSION
valueFrom:
configMapKeyRef:
key: reposerver.tls.minversion
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_MAX_VERSION
valueFrom:
configMapKeyRef:
key: reposerver.tls.maxversion
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_TLS_CIPHERS
valueFrom:
configMapKeyRef:
key: reposerver.tls.ciphers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: reposerver.repo.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: REDIS_SERVER
valueFrom:
configMapKeyRef:
key: redis.server
name: argocd-cmd-params-cm
optional: true
- name: REDIS_COMPRESSION
valueFrom:
configMapKeyRef:
key: redis.compression
name: argocd-cmd-params-cm
optional: true
- name: REDISDB
valueFrom:
configMapKeyRef:
key: redis.db
name: argocd-cmd-params-cm
optional: true
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
key: redis-username
name: argocd-redis
optional: true
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
key: redis-password
name: argocd-redis
optional: true
- name: ARGOCD_DEFAULT_CACHE_EXPIRATION
valueFrom:
configMapKeyRef:
key: reposerver.default.cache.expiration
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_ADDRESS
valueFrom:
configMapKeyRef:
key: otlp.address
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_INSECURE
valueFrom:
configMapKeyRef:
key: otlp.insecure
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_OTLP_HEADERS
valueFrom:
configMapKeyRef:
key: otlp.headers
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_MAX_COMBINED_DIRECTORY_MANIFESTS_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.max.combined.directory.manifests.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_PLUGIN_TAR_EXCLUSIONS
valueFrom:
configMapKeyRef:
key: reposerver.plugin.tar.exclusions
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_ALLOW_OUT_OF_BOUNDS_SYMLINKS
valueFrom:
configMapKeyRef:
key: reposerver.allow.oob.symlinks
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_TAR_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.tar.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_STREAMED_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.streamed.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE
valueFrom:
configMapKeyRef:
key: reposerver.disable.helm.manifest.max.extracted.size
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_MODULES_ENABLED
valueFrom:
configMapKeyRef:
key: reposerver.enable.git.submodule
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_LS_REMOTE_PARALLELISM_LIMIT
valueFrom:
configMapKeyRef:
key: reposerver.git.lsremote.parallelism.limit
name: argocd-cmd-params-cm
optional: true
- name: ARGOCD_GIT_REQUEST_TIMEOUT
valueFrom:
configMapKeyRef:
key: reposerver.git.request.timeout
name: argocd-cmd-params-cm
optional: true
- name: HELM_CACHE_HOME
value: /helm-working-dir
- name: HELM_CONFIG_HOME
value: /helm-working-dir
- name: HELM_DATA_HOME
value: /helm-working-dir
image: quay.io/argoproj/argocd:v2.10.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz?full=true
port: metrics
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
name: repo-server
ports:
- containerPort: 8081
name: repo-server
protocol: TCP
- containerPort: 8084
name: metrics
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: metrics
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /app/config/ssh
name: ssh-known-hosts
- mountPath: /app/config/tls
name: tls-certs
- mountPath: /app/config/gpg/source
name: gpg-keys
- mountPath: /app/config/gpg/keys
name: gpg-keyring
- mountPath: /app/config/reposerver/tls
name: argocd-repo-server-tls
- mountPath: /helm-working-dir
name: helm-working-dir
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
- mountPath: /tmp
name: tmp
- command:
- /var/run/argocd/argocd-cmp-server
image: registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest
imagePullPolicy: Always
name: kustomize-helm-with-rewrite
resources: {}
securityContext:
runAsNonRoot: true
runAsUser: 999
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
- mountPath: /home/argocd/cmp-server/plugins
name: plugins
- mountPath: /tmp
name: cmp-tmp
- mountPath: /helm-working-dir
name: helm-working-dir
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: gitlab-pull-secret
initContainers:
- command:
- /bin/cp
- -n
- /usr/local/bin/argocd
- /var/run/argocd/argocd-cmp-server
image: quay.io/argoproj/argocd:v2.10.4
imagePullPolicy: IfNotPresent
name: copyutil
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/argocd
name: var-files
- command:
- /bin/sh
- /plugin/init-helm-repos.sh
image: registry.gitlab.com/oceanbox/manifests/kustomize-helm-with-rewrite:latest
imagePullPolicy: Always
name: init-helm-repos
resources: {}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsUser: 999
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
env:
- name: OCEANBOX_HELM_ACCESS_TOKEN
valueFrom:
secretKeyRef:
key: token
name: oceanbox-helm
optional: false
volumeMounts:
- mountPath: /helm-working-dir
name: helm-working-dir
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: argocd-repo-server
serviceAccountName: argocd-repo-server
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: cmp-tmp
- emptyDir: {}
name: helm-working-dir
- emptyDir: {}
name: plugins
- emptyDir: {}
name: var-files
- emptyDir: {}
name: tmp
- configMap:
defaultMode: 420
name: argocd-ssh-known-hosts-cm
name: ssh-known-hosts
- configMap:
defaultMode: 420
name: argocd-tls-certs-cm
name: tls-certs
- configMap:
defaultMode: 420
name: argocd-gpg-keys-cm
name: gpg-keys
- emptyDir: {}
name: gpg-keyring
- name: argocd-repo-server-tls
secret:
defaultMode: 420
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
- key: ca.crt
path: ca.crt
optional: true
secretName: argocd-repo-server-tls
bootstrap/purge.sh
-5
View File
@@ -1,5 +0,0 @@
#!/usr/bin/env bash
helm uninstall argocd argo/argocd-apps -n argocd
helm uninstall argocd argo/argo-cd -n argocd
bootstrap/reset-ekman-cluster.sh
-21
View File
@@ -1,21 +0,0 @@
#!/bin/sh
echo "reset ekman cluster admin token... "
kubectl --context ekman delete -f cluster-admin-token.yaml
sleep 1
kubectl --context ekman apply -f cluster-admin-token.yaml
# secret=$(kubectl --context ekman get secret -n kube-system | grep cluster-admin-token | cut -d' ' -f1)
# token=$(kubectl --context ekman get secret -n kube-system $secret -o yaml | grep ' token:' | cut -d' ' -f4 | base64 -d)
# sed "s/@token@/$token/" cluster-ekman.yaml > _cluster-ekman.yaml
# echo "configure argocd ekman-cluster..."
# cat _cluster-ekman.yaml
# kubectl --context oceanbox apply -f _cluster-ekman.yaml
token=$(kubectl --context ekman get secret -n kube-system argocd-manager-token -o yaml | grep ' token:' | cut -d' ' -f4 | base64 -d)
sed "s/@token@/${token}/" cluster-ekman.yaml > _cluster-ekman.yaml
echo "configure argocd ekman-cluster..."
cat _cluster-ekman.yaml
kubectl --context oceanbox apply -f _cluster-ekman.yaml
echo "done."
bootstrap/values.yaml
-43
View File
@@ -1,43 +0,0 @@
## !!
# This values files only contains the bare minimum to get argo up and running.
# Only update things like initial argo-cd version here
# Rest of config is located in argocd-apps/sys/argocd.yaml
##
applications:
system:
namespace: argocd
additionalAnnotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
destination:
namespace: argocd
server: https://kubernetes.default.svc
project: sys
sources:
- repoURL: https://gitlab.com/oceanbox//manifests.git
targetRevision: HEAD
path: helmfile.d
plugin:
name: helmfile-cmp
env:
- name: CLUSTER_NAME
value: replaceme
- name: HELMFILE_ENVIRONMENT
value: default
- name: HELMFILE_FILE_PATH
value: system.yaml.gotmpl
projects:
sys:
namespace: argocd
additionalLabels: {}
additionalAnnotations: {}
description: sys components project
sourceRepos:
- "*"
destinations:
- namespace: "*"
server: https://kubernetes.default.svc
clusterResourceWhitelist:
- group: "*"
kind: "*"
orphanedResources:
warn: false
attic/charts/archmeister/.helmignore → charts/archmeister/.helmignore
View File
attic/charts/archmeister/Chart.yaml → charts/archmeister/Chart.yaml
View File
attic/charts/archmeister/templates/NOTES.txt → charts/archmeister/templates/NOTES.txt
View File
attic/charts/archmeister/templates/_helpers.tpl → charts/archmeister/templates/_helpers.tpl
View File
attic/charts/archmeister/templates/cluster.yaml → charts/archmeister/templates/cluster.yaml
View File
attic/charts/archmeister/templates/deployment.yaml → charts/archmeister/templates/deployment.yaml
View File
attic/charts/archmeister/templates/hpa.yaml → charts/archmeister/templates/hpa.yaml
View File
attic/charts/archmeister/templates/ingress.yaml → charts/archmeister/templates/ingress.yaml
View File
attic/charts/archmeister/templates/internal-ingress.yaml → charts/archmeister/templates/internal-ingress.yaml
+1 -1
View File
@@ -20,7 +20,7 @@ metadata:
{{- include "Archmeister.labels" . | nindent 4 }} {{- include "Archmeister.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }} {{- with .Values.ingress.annotations }}
annotations: annotations:
oceanbox.io/expose: internal atlantis.oceanbox.io/expose: internal
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
spec: spec:
attic/charts/archmeister/templates/pvc.yaml → charts/archmeister/templates/pvc.yaml
View File
attic/charts/archmeister/templates/service.yaml → charts/archmeister/templates/service.yaml
View File
attic/charts/archmeister/templates/serviceaccount.yaml → charts/archmeister/templates/serviceaccount.yaml
View File
attic/charts/archmeister/values.yaml → charts/archmeister/values.yaml
View File
charts/atlantis/Chart.yaml
+10 -7
View File
@@ -1,15 +1,18 @@
apiVersion: v2 apiVersion: v2
name: atlantis name: atlantis
description: Atlantis map and simulation service description: Atlantis map and simulation service
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application type: application
# This is the chart version. This version number should be incremented each time you make changes # This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version. # to the chart and its templates, including the app version.
version: v1.42.25 version: v2.87.1
# This is the version number of the application being deployed. This version number should be # This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. # incremented each time you make changes to the application.
appVersion: v1.42.25 appVersion: v2.87.1
dependencies:
- name: diagrid-dashboard
version: "0.1.0"
repository: "file://../diagrid-dashboard"
condition: diagrid-dashboard.enabled
charts/atlantis/templates/cluster.yaml
+8 -89
View File
@@ -2,106 +2,25 @@
apiVersion: postgresql.cnpg.io/v1 apiVersion: postgresql.cnpg.io/v1
kind: Cluster kind: Cluster
metadata: metadata:
name: {{ include "Atlantis.fullname" . }}-db name: {{ include "Atlantis.fullname" . }}
namespace: {{ .Release.Namespace }}
annotations: annotations:
linkerd.io/inject: disabled linkerd.io/inject: disabled
labels: labels:
{{- include "Atlantis.labels" . | nindent 4 }} {{- include "Atlantis.labels" . | nindent 4 }}
spec: spec:
instances: {{ .Values.cluster.instances | default "1" }} instances: {{ .Values.cluster.instances | default "2" }}
imageName: ghcr.io/cloudnative-pg/postgis:15-3.3
# Example of rolling update strategy: # Example of rolling update strategy:
# - unsupervised: automated update of the primary once all # - unsupervised: automated update of the primary once all
# replicas have been upgraded (default) # replicas have been upgraded (default)
# - supervised: requires manual supervision to perform # - supervised: requires manual supervision to perform
# the switchover of the primary # the switchover of the primary
primaryUpdateStrategy: unsupervised primaryUpdateStrategy: unsupervised
{{- if .Values.cluster.backup.enabled }} backup:
plugins: retentionPolicy: {{ .Values.cluster.backupRetention | default "60d" }}
- name: barman-cloud.cloudnative-pg.io
isWALArchiver: true
parameters:
barmanObjectName: tos-store
{{- end}}
storage: storage:
size: {{ .Values.cluster.size | default "5Gi" }} size: {{ .Values.cluster.size | default "5Gi" }}
{{- with .Values.cluster.bootstrap }}
bootstrap:
{{- if .enabled }}
pg_basebackup:
source: archmaester
externalClusters:
- name: archmaester
connectionParameters:
host: {{ .source.db }}-rw.{{ .source.namespace }}
user: streaming_replica
sslmode: verify-full
sslKey:
name: {{ .source.db }}-replication
key: tls.key
sslCert:
name: {{ .source.db }}-replication
key: tls.crt
sslRootCert:
name: {{ .source.db }}-ca
key: ca.crt
{{- else }}
initdb:
postInitTemplateSQL:
- CREATE EXTENSION postgis;
- CREATE EXTENSION postgis_topology;
- CREATE EXTENSION fuzzystrmatch;
- CREATE EXTENSION postgis_tiger_geocoder;
- ALTER USER app WITH SUPERUSER;
{{- end }}
{{- end }}
---
{{- if and .Values.cluster.backup.enabled .Values.cluster.enabled -}}
apiVersion: barmancloud.cnpg.io/v1
kind: ObjectStore
metadata:
name: tos-store
namespace: {{ .Release.Namespace }}
spec:
retentionPolicy: {{ .Values.cluster.backup.backupRetention | default "60d" }}
configuration:
destinationPath: {{ .Values.cluster.destinationPath | default ""}}
endpointURL: http://10.255.241.30:30080
s3Credentials:
accessKeyId:
name: cnpg-s3
key: access_key
secretAccessKey:
name: cnpg-s3
key: access_secret
wal:
compression: snappy
---
apiVersion: postgresql.cnpg.io/v1
kind: ScheduledBackup
metadata:
name: {{ include "Atlantis.fullname" . }}-db
namespace: {{ .Release.Namespace }}
spec:
schedule: "0 0 1 * * *"
backupOwnerReference: self
cluster:
name: '{{ include "Atlantis.fullname" . }}-db'
method: plugin
pluginConfiguration:
name: barman-cloud.cloudnative-pg.io
{{- end }}
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: {{ include "Atlantis.fullname" . }}-db-monitor
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
cnpg.io/cluster: {{ include "Atlantis.fullname" . }}-db
podMetricsEndpoints:
- port: metrics
{{- end }} {{- end }}
charts/atlantis/templates/deployment.yaml
-7
View File
@@ -2,7 +2,6 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: {{ include "Atlantis.fullname" . }} name: {{ include "Atlantis.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "Atlantis.labels" . | nindent 4 }} {{- include "Atlantis.labels" . | nindent 4 }}
spec: spec:
@@ -40,12 +39,6 @@ spec:
protocol: TCP protocol: TCP
env: env:
{{- toYaml .Values.env | nindent 12 }} {{- toYaml .Values.env | nindent 12 }}
startupProbe:
httpGet:
path: /healthz
port: http
initialDelaySeconds: 30
failureThreshold: 10
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /healthz path: /healthz
charts/atlantis/templates/hpa.yaml
-1
View File
@@ -3,7 +3,6 @@ apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler kind: HorizontalPodAutoscaler
metadata: metadata:
name: {{ include "Atlantis.fullname" . }} name: {{ include "Atlantis.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "Atlantis.labels" . | nindent 4 }} {{- include "Atlantis.labels" . | nindent 4 }}
spec: spec:
charts/atlantis/templates/ingress.yaml
+2 -3
View File
@@ -16,7 +16,6 @@ apiVersion: extensions/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: {{ $fullName }} name: {{ $fullName }}
namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "Atlantis.labels" . | nindent 4 }} {{- include "Atlantis.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }} {{- with .Values.ingress.annotations }}
@@ -54,8 +53,8 @@ spec:
port: port:
number: {{ $svcPort }} number: {{ $svcPort }}
{{- else }} {{- else }}
serviceName: {{ .serviceName | default $fullName }} serviceName: {{ $fullName }}
servicePort: {{ .servicePort | default $svcPort }} servicePort: {{ $svcPort }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
charts/atlantis/templates/internal-ingress.yaml
-62
View File
@@ -1,62 +0,0 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "Atlantis.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}-internal
labels:
{{- include "Atlantis.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
oceanbox.io/expose: internal
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .internal }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
charts/atlantis/templates/pvc.yaml
-1
View File
@@ -3,7 +3,6 @@ kind: PersistentVolumeClaim
apiVersion: v1 apiVersion: v1
metadata: metadata:
name: {{ template "Atlantis.fullname" . }} name: {{ template "Atlantis.fullname" . }}
namespace: {{ .Release.Namespace }}
{{- with .Values.persistence.annotations }} {{- with .Values.persistence.annotations }}
annotations: annotations:
{{ toYaml . | indent 4 }} {{ toYaml . | indent 4 }}
charts/atlantis/templates/redis.yaml
-62
View File
@@ -1,62 +0,0 @@
{{- if .Values.redis.enabled -}}
apiVersion: dragonflydb.io/v1alpha1
kind: Dragonfly
metadata:
name: {{ include "Atlantis.fullname" . }}-redis
namespace: {{ .Release.Namespace }}
annotations:
linkerd.io/inject: disabled
labels:
app.kubernetes.io/created-by: dragonfly-operator
{{- include "Atlantis.labels" . | nindent 4 }}
spec:
args:
- --dbfilename=dump # Static filename prevents disk exhaustion
- --maxmemory=$(MAX_MEMORY)Mi # Graceful memory management (90% of limit)
- --proactor_threads=1 # Auto-detect CPU cores (optimal threading)
- --cluster_mode=emulated
- --logtostderr
- --save_schedule= # Disable continuous saves (cron snapshots only)
- --s3_endpoint=hel1.your-objectstorage.com # Hertzner S3
env:
- name: MAX_MEMORY
valueFrom:
resourceFieldRef:
resource: limits.memory
divisor: 1Mi
{{- if .Values.redis.backup.enabled }}
- name: AWS_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
key: access_key
name: redis-s3
- name: AWS_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
key: access_secret
name: redis-s3
{{- end}}
replicas: {{ .Values.redis.replicas | default "1" }}
resources:
requests:
cpu: {{ .Values.redis.resources.cpu | default "150m" }}
memory: {{ .Values.redis.resources.memory | default "256Mi"}}
limits:
memory: {{ .Values.redis.resources.memory | default "256Mi"}}
authentication:
passwordFromSecret:
name: {{ .Values.redis.secret.name | quote }}
key: {{ .Values.redis.secret.key | quote }}
{{- if .Values.redis.backup.enabled }}
snapshot:
dir: "s3://obx-redis/hel1/{{ include "Atlantis.fullname" . }}-redis"
cron: "0 3 * * *" # Default: every day at 03:00
enableOnMasterOnly: false
persistentVolumeClaimSpec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: {{ .Values.redis.size | default "1Gi" }}
{{- end }}
{{- end}}
charts/atlantis/templates/secrets.yaml
-38
View File
@@ -1,38 +0,0 @@
{{- if not .Values.cluster.enabled }}
apiVersion: v1
kind: Secret
metadata:
annotations:
kyverno/clone: "true"
name: {{ include "Atlantis.fullname" . }}-db-superuser
namespace: {{ .Release.Namespace }}
type: kubernetes.io/basic-auth
data:
username:
password:
{{- else }}
{{- if .Values.cluster.bootstrap.enabled }}
apiVersion: v1
kind: Secret
metadata:
annotations:
kyverno/clone: "true"
name: {{ .Values.cluster.bootstrap.source.db }}-replication
type: kubernetes.io/tls
data:
tls.crt: ""
tls.key: ""
---
apiVersion: v1
kind: Secret
type: Opaque
metadata:
annotations:
kyverno/clone: "true"
name: {{ .Values.cluster.bootstrap.source.db }}-ca
namespace: {{ .Release.Namespace }}
data:
ca.crt: ""
ca.key: ""
{{- end }}
{{- end }}
charts/atlantis/templates/service.yaml
-1
View File
@@ -2,7 +2,6 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: {{ include "Atlantis.fullname" . }} name: {{ include "Atlantis.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "Atlantis.labels" . | nindent 4 }} {{- include "Atlantis.labels" . | nindent 4 }}
spec: spec:
charts/atlantis/templates/serviceaccount.yaml
-1
View File
@@ -3,7 +3,6 @@ apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: {{ include "Atlantis.serviceAccountName" . }} name: {{ include "Atlantis.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "Atlantis.labels" . | nindent 4 }} {{- include "Atlantis.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }} {{- with .Values.serviceAccount.annotations }}
charts/atlantis/templates/servicemonitor.yaml
-20
View File
@@ -1,20 +0,0 @@
{{- if .Values.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "Atlantis.fullname" . }}
namespace: {{ .Release.Namespace }}
spec:
endpoints:
- honorLabels: false
path: /metrics
port: http
jobLabel: {{ .Values.serviceMonitor.label | default (include "Atlantis.fullname" .) }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/instance: {{ include "Atlantis.fullname" . }}
app.kubernetes.io/name: atlantis
{{- end }}
charts/atlantis/values.yaml
+9 -34
View File
@@ -1,10 +1,11 @@
# Default values for Atlantis. # Default values for Atlantis.
# This is a YAML-formatted file. # This is a YAML-formatted file.
# Declare variables to be passed into your templates. # Declare variables to be passed into your templates.
replicaCount: 1 replicaCount: 1
image: image:
repository: git.oceanbox.io/oceanbox/poseidon/atlantis repository: registry.gitlab.com/oceanbox/atlantis
tag: v1.42.25 tag: v2.87.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
init: init:
enabled: false enabled: false
@@ -12,7 +13,7 @@ init:
command: ["/bin/sh", "-c", "true"] command: ["/bin/sh", "-c", "true"]
env: env:
- name: LOG_LEVEL - name: LOG_LEVEL
value: "2" value: "3"
- name: APP_NAME - name: APP_NAME
valueFrom: valueFrom:
fieldRef: fieldRef:
@@ -46,7 +47,7 @@ service:
type: ClusterIP type: ClusterIP
port: 8085 port: 8085
ingress: ingress:
enabled: false enabled: true
className: "nginx" className: "nginx"
annotations: annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true"
@@ -56,13 +57,6 @@ ingress:
paths: paths:
- path: / - path: /
pathType: ImplementationSpecific pathType: ImplementationSpecific
- path: /events
pathType: ImplementationSpecific
serviceName: main-ingress-nginx-defaultbackend.ingress-nginx
servicePort: 80
internal:
- path: /internal
pathType: ImplementationSpecific
tls: tls:
- hosts: - hosts:
- atlantis.srv.oceanbox.io - atlantis.srv.oceanbox.io
@@ -72,27 +66,12 @@ persistence:
size: 1G size: 1G
storageClass: "" storageClass: ""
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
redis:
enabled: false
instances: 1
# metrics:
# enabled: false
backup:
enabled: false
size: 5Gi
cluster: cluster:
enabled: true enabled: false
instances: 1 instances: 2
destinationPath: "s3://cnpg/prod-atlantis-db" backupEnabled: true
backup: backupRetention: 60d
enabled: true
backupRetention: 60d
size: 5Gi size: 5Gi
bootstrap:
enabled: true
source:
db: prod-atlantis-db
namespace: prod-atlantis
resources: {} resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious # We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little # choice for the user. This also increases chances charts run on environments with little
@@ -111,10 +90,6 @@ autoscaling:
maxReplicas: 100 maxReplicas: 100
targetCPUUtilizationPercentage: 80 targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80 # targetMemoryUtilizationPercentage: 80
serviceMonitor:
enabled: true
nodeSelector: {} nodeSelector: {}
tolerations: [] tolerations: []
affinity: {} affinity: {}
diagrid-dashboard:
enabled: false
charts/codex/.helmignore
-23
View File
@@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
charts/codex/Chart.yaml
-21
View File
@@ -1,21 +0,0 @@
apiVersion: v2
name: codex
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: v2.9.4
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "v2.9.4"
charts/codex/templates/NOTES.txt
-22
View File
@@ -1,22 +0,0 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "codex.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "codex.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "codex.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "codex.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}
charts/codex/templates/_helpers.tpl
-62
View File
@@ -1,62 +0,0 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "codex.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "codex.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "codex.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "codex.labels" -}}
helm.sh/chart: {{ include "codex.chart" . }}
{{ include "codex.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "codex.selectorLabels" -}}
app.kubernetes.io/name: {{ include "codex.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "codex.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "codex.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
charts/codex/templates/deployment.yaml
-78
View File
@@ -1,78 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "codex.fullname" . }}
labels:
{{- include "codex.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "codex.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "codex.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "codex.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
{{- with .Values.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
charts/codex/templates/ingress.yaml
-43
View File
@@ -1,43 +0,0 @@
{{- if .Values.ingress.enabled -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "codex.fullname" . }}
labels:
{{- include "codex.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with .Values.ingress.className }}
ingressClassName: {{ . }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- with .pathType }}
pathType: {{ . }}
{{- end }}
backend:
service:
name: {{ include "codex.fullname" $ }}
port:
number: {{ $.Values.service.port }}
{{- end }}
{{- end }}
{{- end }}
charts/codex/templates/service.yaml
-15
View File
@@ -1,15 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "codex.fullname" . }}
labels:
{{- include "codex.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "codex.selectorLabels" . | nindent 4 }}
charts/codex/templates/serviceaccount.yaml
-13
View File
@@ -1,13 +0,0 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "codex.serviceAccountName" . }}
labels:
{{- include "codex.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
{{- end }}
charts/codex/templates/tests/test-connection.yaml
-15
View File
@@ -1,15 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "codex.fullname" . }}-test-connection"
labels:
{{- include "codex.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "codex.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never
charts/codex/values.yaml
-98
View File
@@ -1,98 +0,0 @@
# Default values for codex.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
replicaCount: 1
# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
image:
repository: git.oceanbox.io/oceanbox/poseidon/codex
# This sets the pull policy for images.
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: v2.9.4
# This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imagePullSecrets:
- name: gitlab-pull-secret
# This is to override the chart name.
nameOverride: ""
fullnameOverride: ""
# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
serviceAccount:
# Specifies whether a service account should be created
create: true
# Automatically mount a ServiceAccount's API credentials?
automount: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# This is for setting Kubernetes Annotations to a Pod.
# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
podAnnotations: {}
# This is for setting Kubernetes Labels to a Pod.
# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
podLabels: {}
podSecurityContext:
fsGroup: 2000
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 1000
# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
service:
# This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
type: ClusterIP
# This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
port: 8085
# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
ingress:
enabled: false
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
livenessProbe:
httpGet:
path: /
port: http
readinessProbe:
httpGet:
path: /
port: http
# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# Additional volumes on the output Deployment definition.
volumes: []
# - name: foo
# secret:
# secretName: mysecret
# optional: false
# Additional volumeMounts on the output Deployment definition.
volumeMounts: []
# - name: foo
# mountPath: "/etc/foo"
# readOnly: true
nodeSelector: {}
tolerations: []
affinity: {}
charts/diagrid-dashboard/.helmignore
-23
View File
@@ -1,23 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
charts/diagrid-dashboard/Chart.yaml
-24
View File
@@ -1,24 +0,0 @@
apiVersion: v2
name: diagrid-dashboard
description: A Helm chart for Kubernetes
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

Some files were not shown because too many files have changed in this diff Show More